Weekly Vulnerabilities Reports > July 23 to 29, 2007

Overview

109 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 25 high severity vulnerabilities. This weekly summary report vulnerabilities in 143 products from 71 vendors including Microsoft, Mozilla, Citrix, Lighttpd, and IBM. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Path Traversal", "Resource Management Errors", and "Permissions, Privileges, and Access Controls".

  • 101 reported vulnerabilities are remotely exploitables.
  • 23 reported vulnerabilities have public exploit available.
  • 10 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 106 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • CA has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

13 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-07-25 CVE-2007-3993 Kerio Unspecified vulnerability in Kerio MailServer Attachment Filter

Unspecified vulnerability in the attachment filter in Kerio MailServer before 6.4.1 has unknown impact and remote attack vectors.

10.0
2007-07-25 CVE-2007-3980 Rcms PRO Remote File Include vulnerability in Rcms PRO Rgamescript PRO 0

PHP remote file inclusion vulnerability in page.php in RCMS Pro RGameScript Pro allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.

10.0
2007-07-27 CVE-2007-4034 Yahoo Buffer Errors vulnerability in Yahoo Widgets 4.0.5

Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! Installer Plugin for Widgets) ActiveX control before 2007.7.13.3 (20070620) in YDPCTL.dll in Yahoo! Widgets before 4.0.5 allows remote attackers to execute arbitrary code via a long argument to the GetComponentVersion method.

9.3
2007-07-26 CVE-2007-4013 Citrix
Mozilla
Remote vulnerability in Citrix Access Gateway Standard and Advanced Edition

Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows.

9.3
2007-07-26 CVE-2007-4009 Parallels Code Injection vulnerability in Parallels Confixx 2.0.12/3.3.1

PHP remote file inclusion vulnerability in admin/business_inc/saveserver.php in SWSoft Confixx Pro 2.0.12 through 3.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the thisdir parameter.

9.3
2007-07-26 CVE-2007-4007 Article Directory Remote File Include vulnerability in Article Directory

PHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

9.3
2007-07-26 CVE-2007-3302 CA Remote Code Execution vulnerability in Computer Associates ETrust Intrusion Detection Caller.DLL

The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA (formerly Computer Associates) eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified "scriptable functions."

9.3
2007-07-26 CVE-2007-0060 CA Products Message Queuing Remote Stack Buffer Overflow vulnerability in Computer Associates

Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.

9.3
2007-07-25 CVE-2007-3969 Panda Remote Code Execution vulnerability in Panda Antivirus EXE File

Buffer overflow in Panda Antivirus before 20070720 allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an "Integer Cast Around."

9.3
2007-07-25 CVE-2007-3963 Usebb Cross-Site Scripting vulnerability in UseBB PHP_SELF

Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, and possibly other 1.0.x versions, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) upgrade-0-2-3.php, (2) upgrade-0-3.php, or (3) upgrade-0-4.php in install/, a different vulnerability than CVE-2005-4193.

9.3
2007-07-25 CVE-2007-3026 Panda Remote Integer Overflow vulnerability in Panda Adminsecure 2006

Integer overflow in Panda Software AdminSecure allows remote attackers to execute arbitrary code via crafted packets with modified length values to TCP ports 19226 or 19227, resulting in a heap-based buffer overflow.

9.3
2007-07-24 CVE-2007-3960 IBM Remote Security vulnerability in Websphere Application Server

Multiple unspecified vulnerabilities in IBM WebSphere Application Server (WAS) before Fix Pack 21 (6.0.2.21) have unknown impact and attack vectors, aka (1) PK33799, or (2) a "Potential security exposure" in the Samples component (PK40213).

9.3
2007-07-23 CVE-2007-3944 Apple Buffer Errors vulnerability in Apple Iphone OS, Safari and Webkit

Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions.

9.3

25 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-07-24 CVE-2007-3949 Lighttpd Unspecified vulnerability in Lighttpd

mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings.

8.3
2007-07-27 CVE-2007-4031 Nessus Path Traversal vulnerability in Nessus vulnerability Scanner 3.0.6

Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via a ..

7.8
2007-07-24 CVE-2007-3956 Microsoft
Teamspeak
Remote Denial Of Service vulnerability in Teamspeak web Server 2.0

TeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which allows remote attackers to cause a denial of service (CPU and memory consumption) via long username and password parameters in a request to login.tscmd on TCP port 14534.

7.8
2007-07-26 CVE-2007-4017 Citrix Remote vulnerability in Citrix Access Gateway 4.5

Cross-site request forgery (CSRF) vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators.

7.6
2007-07-27 CVE-2007-4046 Joomla SQL Injection vulnerability in Joomla Pony Gallery Component

SQL injection vulnerability in index.php in the Pony Gallery (com_ponygallery) 1.5 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2007-07-27 CVE-2007-4042 Microsoft
Netscape
Remote Security vulnerability in Navigator

Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.

7.5
2007-07-27 CVE-2007-4033 PHP
T1Lib
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter.

7.5
2007-07-26 CVE-2007-4028 Webspell Local File Include vulnerability in Webspell 4.01.02

Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to include and execute arbitrary local files via a full pathname in the site parameter.

7.5
2007-07-26 CVE-2007-3566 Borland Software Remote Stack Based Buffer Overflow vulnerability in Borland Software Interbase 2007

Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 before SP2 allows remote attackers to execute arbitrary code via a long size value in a create request to port 3050/tcp.

7.5
2007-07-26 CVE-2007-4008 Entertainment CMS Path Traversal vulnerability in Entertainment CMS Entertainment CMS

Directory traversal vulnerability in custom.php in Entertainment Media Sharing CMS allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-07-25 CVE-2007-3992 Iexpress SQL-Injection vulnerability in Property Pro

SQL injection vulnerability in vir_login.asp in iExpress Property Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter.

7.5
2007-07-25 CVE-2007-3990 ASP Indir SQL-Injection vulnerability in ASP Indir Dora Emlak 1.0

SQL injection vulnerability in default.asp in Dora Emlak 1.0, when the goster parameter is set to emlakdetay, allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-07-25 CVE-2007-3987 Junction Quest SQL Injection vulnerability in Junction Quest Image Racer 1.0

SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, when WordSearchCrit is enabled, allows remote attackers to execute arbitrary SQL commands via the SearchWord parameter.

7.5
2007-07-25 CVE-2007-3984 Zenturi Buffer Overflow vulnerability in Zenturi Programchecker 1.5.0.531

Buffer overflow in a certain ActiveX control in the NixonMyPrograms class in sasatl.dll 1.5.0.531 in Zenturi ProgramChecker allows remote attackers to execute arbitrary code via a long argument to the Scan method.

7.5
2007-07-25 CVE-2007-3981 WSN Links SQL Injection vulnerability in WSN Links Basic Edition CatID Parameter

SQL injection vulnerability in index.php in WSN Links Basic Edition allows remote attackers to execute arbitrary SQL commands via the catid parameter in a displaycat action.

7.5
2007-07-25 CVE-2007-3976 Bwired SQL-Injection vulnerability in Bwired

SQL injection vulnerability in index.php in bwired allows remote attackers to execute arbitrary SQL commands via the newsID parameter.

7.5
2007-07-25 CVE-2007-3974 Jblog Input Validation vulnerability in Jblog 1.0

admin/ajoutaut.php in JBlog 1.0 does not require authentication, which allows remote attackers to create arbitrary accounts via modified mot and droit parameters.

7.5
2007-07-25 CVE-2007-3962 FSP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in FSP C Library

Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 might allow remote attackers to execute arbitrary code via (1) a long filename that is not properly handled by the fsp_readdir_native function when MAXNAMLEN is greater than 255, or (2) a long d_name directory (dirent) field in the fsp_readdir function.

7.5
2007-07-24 CVE-2007-3952 Norman Unspecified vulnerability in Norman Normon Antivirus

The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to bypass the malware detection via a crafted DOC file, resulting from an "integer cast around".

7.5
2007-07-24 CVE-2007-3951 Norman Buffer-Overflow vulnerability in Multiple Norman Virus Control Products LZH

Multiple buffer overflows in Norman Antivirus 5.90 allow remote attackers to execute arbitrary code via a crafted (1) ACE or (2) LZH file, resulting from an "integer cast around."

7.5
2007-07-27 CVE-2007-3532 Gentoo
Nvidia
Permissions, Privileges, and Access Controls vulnerability in Nvidia Video Driver

NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14.11, as used in Gentoo Linux and possibly other distributions, creates /dev/nvidia* device files with insecure permissions, which allows local users to modify video card settings, cause a denial of service (crash or physical video card damage), and obtain sensitive information.

7.2
2007-07-23 CVE-2007-2950 Centennial
Numara
Symantec
Local Privilege Escalation vulnerability in Discovery and Asset Manager

Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges.

7.2
2007-07-26 CVE-2007-4012 Cisco Denial Of Service vulnerability in Cisco Wireless LAN Control ARP Storm

Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (ARP storm) via a broadcast ARP packet that "targets the IP address of a known client context", aka CSCsj50374.

7.1
2007-07-26 CVE-2007-4011 Cisco Denial Of Service vulnerability in Cisco Wireless LAN Control ARP Storm

Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or ARP storm) via a crafted unicast ARP request that (1) has a destination MAC address unknown to the Layer-2 infrastructure, aka CSCsj69233; or (2) occurs during Layer-3 roaming across IP subnets, aka CSCsj70841.

7.1
2007-07-24 CVE-2007-3958 Microsoft Denial of Service vulnerability in Microsoft Windows Explorer GIF File

Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif.

7.1

71 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-07-26 CVE-2007-4004 IBM Buffer Errors vulnerability in IBM AIX 5.2.0/5.3

Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows local users to execute arbitrary code via unspecified vectors that trigger the overflow in a gets function call.

6.9
2007-07-26 CVE-2007-4003 IBM Unspecified vulnerability in IBM AIX 5.3

pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code by specifying a malicious library with the -R (ParseRoutine) command line argument.

6.9
2007-07-26 CVE-2007-3333 IBM Buffer Errors vulnerability in IBM AIX 5.2.0/5.3

Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 allows remote attackers to execute arbitrary code via a large number of terminal control sequences.

6.9
2007-07-27 CVE-2007-4041 Microsoft
Mozilla
OS Command Injection vulnerability in multiple products

Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.

6.8
2007-07-27 CVE-2007-4032 Crystal Reality LLC Buffer Overflow vulnerability in Crystal Reality LLC Crystalplayer PRO 1.98

Buffer overflow in CrystalPlayer Pro 1.98 allows user-assisted remote attackers to execute arbitrary code via a long string in a .mls Playlist file.

6.8
2007-07-26 CVE-2007-4029 Rpath
Libvorbis
Denial Of Service And Memory Corruption vulnerability in Libvorbis 1.1.2

libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.

6.8
2007-07-26 CVE-2007-3106 Rpath
Libvorbis
Resource Management Errors vulnerability in Libvorbis 1.1.2

lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid (1) blocksize_0 and (2) blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c.

6.8
2007-07-26 CVE-2007-4026 Telaxus LLC Remote Security vulnerability in Epesi

epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature.

6.8
2007-07-26 CVE-2007-4018 Citrix Remote vulnerability in Citrix Access Gateway 4.5

Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors.

6.8
2007-07-26 CVE-2007-4016 Citrix Remote vulnerability in Citrix Access Gateway 4.0/4.2/4.5

Unspecified vulnerability in the client components in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows attackers to execute arbitrary code via unspecified vectors.

6.8
2007-07-26 CVE-2007-4010 PHP Unspecified vulnerability in PHP 5.2.3

The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function.

6.8
2007-07-26 CVE-2007-4006 Mike Dubman Remote Security vulnerability in Mike Dubman Windows RSH Daemon 1.7

Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unknown impact and remote attack vectors, aka ZD-00000034.

6.8
2007-07-25 CVE-2007-3988 Virtual Hosting Control System Improper Authentication vulnerability in Virtual Hosting Control System Virtual Hosting Control System

Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

6.8
2007-07-25 CVE-2007-3979 Netart Media SQL Injection vulnerability in BlogSite Professional

SQL injection vulnerability in index.php in BlogSite Professional (aka Blog System) 1.x allows remote attackers to execute arbitrary SQL commands via the news_id parameter.

6.8
2007-07-25 CVE-2007-3973 Jblog Input Validation vulnerability in Jblog 1.0

Multiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, or the (2) search parameter or (3) theme cookie to (b) recherche.php.

6.8
2007-07-25 CVE-2007-3965 Ufmod Unspecified vulnerability in uFMOD

Unspecified vulnerability in uFMOD before 1.2.5 has unknown impact and attack vectors, possibly related to malformed files, and possibly an integer signedness error for relative note instruments.

6.8
2007-07-24 CVE-2007-3955 Linkedin Buffer Overflow vulnerability in Linkedin Toolbar 3.0.2.1098

Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in LinkedInIEToolbar.dll in the LinkedIn Toolbar 3.0.2.1098 allows remote attackers to execute arbitrary code via a long second argument (varBrowser argument) to the search method.

6.8
2007-07-26 CVE-2007-4027 Areca Local Security vulnerability in Cli

Buffer overflow in cli32 in Areca CLI 1.72.250 and earlier might allow local users to gain privileges via a long argument.

6.6
2007-07-25 CVE-2007-3531 Gentoo Local Privilege Escalation vulnerability in Gentoo Nvclock 0.7

The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file.

6.6
2007-07-27 CVE-2007-4047 Geoblog Security Bypass vulnerability in Geoblog 1

geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter.

6.4
2007-07-24 CVE-2007-3946 Lighttpd Unspecified vulnerability in Lighttpd

mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header.

6.4
2007-07-23 CVE-2007-3945 Linux
Rsbac
Authentication Bypass vulnerability in Rsbac Rule SET Based Access Control 1.3.3/1.3.4

Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked function return codes.

6.4
2007-07-27 CVE-2007-1354 Jboss Remote Security vulnerability in Jboss Application Server

The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode.

6.0
2007-07-27 CVE-2007-2874 Redhat Remote Security vulnerability in Fedora Core

Buffer overflow in the wpa_printf function in the debugging code in wpa_supplicant in the Fedora NetworkManager package before 0.6.5-3.fc7 allows user-assisted remote attackers to execute arbitrary code via malformed frames on a WPA2 network.

5.8
2007-07-24 CVE-2007-2925 ISC Unspecified vulnerability in ISC Bind 9.4.0/9.4.1/9.5.0

The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.

5.8
2007-07-24 CVE-2007-3947 Lighttpd Unspecified vulnerability in Lighttpd

request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault.

5.8
2007-07-27 CVE-2007-4045 Apple
Fedoraproject
The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation.
5.0
2007-07-27 CVE-2007-4043 Securecomputing Improper Authentication vulnerability in Securecomputing Securityreporter 4.2.30/4.6.3

file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence.

5.0
2007-07-27 CVE-2007-4035 Guidance Software Denial Of Service vulnerability in Guidance Software EnCase Forensic

** DISPUTED ** Guidance Software EnCase does not properly handle (1) certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; (2) NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain directory contents; and (3) certain other malformed NTFS filesystems, which allows remote attackers to prevent examination of corrupted records.

5.0
2007-07-26 CVE-2007-4005 Mike Dubman Buffer Errors vulnerability in Mike Dubman Windows RSH Daemon 1.7

Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 allows remote attackers to execute arbitrary code via a long string to the shell port (514/tcp).

5.0
2007-07-25 CVE-2007-3986 Securecomputing Directory Traversal Vulnerability And Authentication Bypass vulnerability in Securecomputing Securityreporter 4.6.3

file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to bypass authentication via a name parameter that specifies the eventcache directory and a non-GIF file, which causes the $dontvalidate variable to be set to true.

5.0
2007-07-25 CVE-2007-3985 Securecomputing Directory Traversal Vulnerability And Authentication Bypass vulnerability in Securecomputing Securityreporter 4.6.3

Directory traversal vulnerability in file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to download arbitrary files via a ..

5.0
2007-07-25 CVE-2007-3983 Datadynamics Directory Traversal vulnerability in Datadynamics Activereports 2.0

Absolute path traversal vulnerability in the Data Dynamics DDActiveReports2.ActiveReport.2 (ActiveReports) ActiveX control in arpro2.dll in ActiveReports 2.0 Professional Edition 2.5.0.1308 (SP5 RC) allows remote attackers to create or overwrite arbitrary files via a full pathname in an argument to the SaveLayout method.

5.0
2007-07-25 CVE-2007-3982 Datadynamics Unspecified vulnerability in Datadynamics Activereports 2.0/2.5

Absolute path traversal vulnerability in the Data Dynamics ActiveReport (ActiveReports) ActiveX control in actrpt2.dll 2.5 and earlier allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveLayout method.

5.0
2007-07-25 CVE-2007-3972 Eset Software Remote vulnerability in ESET NOD32 Antivirus

ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a denial of service via a crafted (1) ASPACK or (2) FSG packed file, which triggers a divide-by-zero error.

5.0
2007-07-25 CVE-2007-3971 Eset Software Remote vulnerability in ESET NOD32 Antivirus

Integer overflow in ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted ASPACK packed file, which triggers an infinite loop.

5.0
2007-07-25 CVE-2007-3970 Eset Software Remote vulnerability in ESET NOD32 Antivirus

Race condition in ESET NOD32 Antivirus before 2.2289 allows remote attackers to execute arbitrary code via a crafted CAB file, which triggers heap corruption.

5.0
2007-07-25 CVE-2007-3968 Dirlist Permissions, Privileges, and Access Controls vulnerability in Dirlist PHP 0.1.1

index.php in dirLIST before 0.1.1 allows remote attackers to list the contents of an excluded folder via a modified URL containing the folder name.

5.0
2007-07-25 CVE-2007-3967 Dirlist Path Traversal vulnerability in Dirlist PHP 0.1.1

Directory traversal vulnerability in index.php in PHP Directory Lister (dirLIST) before 0.1.1 allows remote attackers to list the contents of a parent directory via a ..

5.0
2007-07-25 CVE-2007-3966 Iexpress SQL Injection vulnerability in iExpress Munch Pro Login

SQL injection vulnerability in Munch Pro allows remote attackers to execute arbitrary SQL commands via the login field to /admin, a different vulnerability than CVE-2006-5880.

5.0
2007-07-25 CVE-2007-3964 Itaka Unspecified vulnerability in Itaka

Itaka before 0.2.1, when using Authentication mode, allows remote attackers to bypass authentication and obtain sensitive information by downloading screenshots via a direct request for /screenshot.

5.0
2007-07-25 CVE-2007-3961 FSP Unspecified vulnerability in FSP C Library

Off-by-one error in the fsp_readdir_r function in fsplib.c in fsplib before 0.9 allows remote attackers to cause a denial of service via a directory entry whose length is exactly MAXNAMELEN, which prevents a terminating null byte from being added.

5.0
2007-07-25 CVE-2006-7221 FSP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in FSP C Library

Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow attackers to cause a denial of service via unspecified vectors involving the (1) name and (2) d_name entry attributes.

5.0
2007-07-24 CVE-2007-3959 Ipswitch Remote Denial of Service vulnerability in Ipswitch Imserver and Ipswitch Collaboration Suite

The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (daemon crash) via certain data to TCP port 5179 that overwrites a destructor, as reachable by the (1) DoAttachVideoSender, (2) DoAttachVideoReceiver, (3) DoAttachAudioSender, and (4) DoAttachAudioReceiver functions.

5.0
2007-07-24 CVE-2007-3957 Nipun Jain Buffer Overflow vulnerability in Nipun Jain Xserver 0.1Alpha

Buffer overflow in Nipun Jain xserver 0.1 alpha allows remote attackers to cause a denial of service via a POST request with a long URI.

5.0
2007-07-27 CVE-2007-3105 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving "bound check ordering".

4.6
2007-07-27 CVE-2007-4040 Microsoft Cross-Site Scripting vulnerability in Microsoft Outlook and Outlook Express

Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.

4.3
2007-07-27 CVE-2007-4039 Mozilla Cross-Site Scripting vulnerability in Mozilla

Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.

4.3
2007-07-27 CVE-2007-4038 Mozilla Code Injection vulnerability in Mozilla Firefox and Thunderbird

Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670.

4.3
2007-07-27 CVE-2007-4037 Guidance Software Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Guidance Software Encase

** DISPUTED ** Guidance Software EnCase allows user-assisted attackers to trigger a buffer over-read and application crash via a malformed NTFS filesystem containing a modified FILE record with a certain large offset.

4.3
2007-07-27 CVE-2007-4036 Guidance Software Resource Management Errors vulnerability in Guidance Software Encase

** DISPUTED ** Guidance Software EnCase allows user-assisted remote attackers to cause a denial of service via (1) a corrupted Microsoft Exchange database, which triggers an application crash when many options are selected; (2) a corrupted NTFS filesystem, which causes the application to report "memory allocation errors;" or (3) deeply nested directories, which trigger an application crash during an Expand All action.

4.3
2007-07-26 CVE-2007-4025 SUN Unspecified vulnerability in SUN Java System Application Server 8.1/8.2/9.0

Unspecified vulnerability in Sun Java System (SJS) Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors.

4.3
2007-07-26 CVE-2007-4024 W1L3D4 Cross-Site Scripting vulnerability in W1L3D4 Philboard W1L3D4_Aramasonuc.ASP

Cross-site scripting (XSS) vulnerability in W1L3D4_aramasonuc.asp in W1L3D4 Philboard 0.3 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter.

4.3
2007-07-26 CVE-2007-4023 Aruba Cross-Site Scripting vulnerability in Aruba Mobility Controllers Login Pages

Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-07-26 CVE-2007-4022 Cpanel Cross-Site Scripting vulnerability in Cpanel 10.9.1

Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter.

4.3
2007-07-26 CVE-2007-4021 Brain Book Software Cross-Site Scripting vulnerability in FORMfield Secure Login.PHP

Multiple cross-site scripting (XSS) vulnerabilities in login.php in Brain Book Software Secure 1.0.20070629 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pwd parameters.

4.3
2007-07-26 CVE-2007-4020 Brain Book Software Cross-Site Scripting vulnerability in FORMfields AdMan Login.PHP

Multiple cross-site scripting (XSS) vulnerabilities in login.php in AdMan 1.0.20051202 FF 3 patch and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pwd parameters.

4.3
2007-07-26 CVE-2007-4014 Wordpress Themes S Parameter Cross-Site Scripting vulnerability in Wordpress Blix, Blixed and Blixkrieg

Cross-site scripting (XSS) vulnerability in a certain index.php installation script related to the (1) Blix 0.9.1, (2) Blixed 1.0, and (3) BlixKrieg (Blix Krieg) 2.2 themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757.

4.3
2007-07-26 CVE-2007-3875 CA Products Arclib.DLL Malformed CHM File Denial Of Service vulnerability in Computer Associates

arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file.

4.3
2007-07-25 CVE-2007-3991 ASP Indir HTML Injection vulnerability in ASP cvmatik

Multiple cross-site scripting (XSS) vulnerabilities in cv.asp in Asp cvmatik 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Adiniz (Ady), (2) Soyadiniz (Soyady), (3) Ehliyet, (4) Askerlik, and (5) GSM parameters; and possibly other unspecified vectors.

4.3
2007-07-25 CVE-2007-3989 ASP Indir Input Validation vulnerability in ASP Indir Dora Emlak 1.0

Multiple cross-site scripting (XSS) vulnerabilities in default.asp in Dora Emlak 1.0, when the goster parameter is set to iletisim, allow remote attackers to inject arbitrary web script or HTML via the (1) Adiniz and (2) Soyadiniz parameters; and possibly other unspecified vectors.

4.3
2007-07-25 CVE-2007-3978 Bwired Credentials Management vulnerability in Bwired

Session fixation vulnerability in bwired allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

4.3
2007-07-25 CVE-2007-3977 Bwired Cross-Site Scripting vulnerability in Bwired

Cross-site scripting (XSS) vulnerability in bwired allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-07-25 CVE-2007-3975 Elite Forum Cross-Site Scripting vulnerability in Elite Forum Elite Forum 1.0.0.0

Cross-site scripting (XSS) vulnerability in index.php in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter in a ptopic action, a different vulnerability than CVE-2005-3412.

4.3
2007-07-25 CVE-2007-3679 Citrix Unspecified vulnerability in Citrix Access Gateway 4.5

The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system.

4.3
2007-07-25 CVE-2007-3383 Apache Cross-Site Scripting vulnerability in Apache Tomcat SendMailServlet

Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.

4.3
2007-07-24 CVE-2007-3954 Microsoft
Mozilla
Cross-Site Scripting vulnerability in multiple products

Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670.

4.3
2007-07-24 CVE-2007-3953 Norman Denial Of Service vulnerability in Norman Virus Control DOC OLE File Parsing

The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to cause a denial of service via a crafted DOC file that triggers a divide-by-zero error.

4.3
2007-07-24 CVE-2007-2926 ISC Remote Cache Poisoning vulnerability in ISC BIND 9

ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.

4.3
2007-07-24 CVE-2007-3950 Lighttpd Unspecified vulnerability in Lighttpd

lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_webdav modules.

4.3
2007-07-24 CVE-2007-3948 Lighttpd Unspecified vulnerability in Lighttpd

connections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service (failed assertion) via a large number of connection attempts.

4.3

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS