Weekly Vulnerabilities Reports > July 23 to 29, 2007
Overview
97 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 25 high severity vulnerabilities. This weekly summary report vulnerabilities in 134 products from 66 vendors including Microsoft, Mozilla, Citrix, Lighttpd, and IBM. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Path Traversal", "Permissions, Privileges, and Access Controls", and "Improper Authentication".
- 90 reported vulnerabilities are remotely exploitables.
- 22 reported vulnerabilities have public exploit available.
- 10 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 94 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 6 reported vulnerabilities.
- Broadcom has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
11 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-07-25 | CVE-2007-3993 | Kerio | Unspecified vulnerability in Kerio MailServer Attachment Filter Unspecified vulnerability in the attachment filter in Kerio MailServer before 6.4.1 has unknown impact and remote attack vectors. | 10.0 |
2007-07-25 | CVE-2007-3980 | Rcms PRO | Remote File Include vulnerability in Rcms PRO Rgamescript PRO 0 PHP remote file inclusion vulnerability in page.php in RCMS Pro RGameScript Pro allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. | 10.0 |
2007-07-27 | CVE-2007-4034 | Yahoo | Buffer Errors vulnerability in Yahoo Widgets 4.0.5 Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! Installer Plugin for Widgets) ActiveX control before 2007.7.13.3 (20070620) in YDPCTL.dll in Yahoo! Widgets before 4.0.5 allows remote attackers to execute arbitrary code via a long argument to the GetComponentVersion method. | 9.3 |
2007-07-26 | CVE-2007-4013 | Citrix Mozilla | Remote vulnerability in Citrix Access Gateway Standard and Advanced Edition Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows. | 9.3 |
2007-07-26 | CVE-2007-4007 | Article Directory | Remote File Include vulnerability in Article Directory PHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | 9.3 |
2007-07-26 | CVE-2007-3302 | Broadcom CA | The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA (formerly Computer Associates) eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified "scriptable functions." | 9.3 |
2007-07-26 | CVE-2007-0060 | Broadcom CA | Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104. | 9.3 |
2007-07-25 | CVE-2007-3963 | Usebb | Cross-Site Scripting vulnerability in UseBB PHP_SELF Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, and possibly other 1.0.x versions, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) upgrade-0-2-3.php, (2) upgrade-0-3.php, or (3) upgrade-0-4.php in install/, a different vulnerability than CVE-2005-4193. | 9.3 |
2007-07-25 | CVE-2007-3026 | Panda | Remote Integer Overflow vulnerability in Panda Adminsecure 2006 Integer overflow in Panda Software AdminSecure allows remote attackers to execute arbitrary code via crafted packets with modified length values to TCP ports 19226 or 19227, resulting in a heap-based buffer overflow. | 9.3 |
2007-07-24 | CVE-2007-3960 | IBM | Remote Security vulnerability in Websphere Application Server Multiple unspecified vulnerabilities in IBM WebSphere Application Server (WAS) before Fix Pack 21 (6.0.2.21) have unknown impact and attack vectors, aka (1) PK33799, or (2) a "Potential security exposure" in the Samples component (PK40213). | 9.3 |
2007-07-23 | CVE-2007-3944 | Apple | Buffer Errors vulnerability in Apple Iphone OS, Safari and Webkit Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. | 9.3 |
25 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-07-24 | CVE-2007-3949 | Lighttpd | Unspecified vulnerability in Lighttpd mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings. | 8.3 |
2007-07-27 | CVE-2007-4031 | Nessus | Path Traversal vulnerability in Nessus vulnerability Scanner 3.0.6 Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via a .. | 7.8 |
2007-07-24 | CVE-2007-3956 | Microsoft Teamspeak | Remote Denial Of Service vulnerability in Teamspeak web Server 2.0 TeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which allows remote attackers to cause a denial of service (CPU and memory consumption) via long username and password parameters in a request to login.tscmd on TCP port 14534. | 7.8 |
2007-07-26 | CVE-2007-4017 | Citrix | Remote vulnerability in Citrix Access Gateway 4.5 Cross-site request forgery (CSRF) vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators. | 7.6 |
2007-07-27 | CVE-2007-4046 | Joomla | SQL Injection vulnerability in Joomla Pony Gallery Component SQL injection vulnerability in index.php in the Pony Gallery (com_ponygallery) 1.5 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
2007-07-27 | CVE-2007-4042 | Microsoft Netscape | Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. | 7.5 |
2007-07-27 | CVE-2007-4033 | PHP T1Lib | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. | 7.5 |
2007-07-26 | CVE-2007-4028 | Webspell | Local File Include vulnerability in Webspell 4.01.02 Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. | 7.5 |
2007-07-26 | CVE-2007-3566 | Borland Software | Remote Stack Based Buffer Overflow vulnerability in Borland Software Interbase 2007 Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 before SP2 allows remote attackers to execute arbitrary code via a long size value in a create request to port 3050/tcp. | 7.5 |
2007-07-26 | CVE-2007-4008 | Entertainment CMS | Path Traversal vulnerability in Entertainment CMS Entertainment CMS Directory traversal vulnerability in custom.php in Entertainment Media Sharing CMS allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2007-07-25 | CVE-2007-3992 | Iexpress | SQL-Injection vulnerability in Property Pro SQL injection vulnerability in vir_login.asp in iExpress Property Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. | 7.5 |
2007-07-25 | CVE-2007-3990 | ASP Indir | SQL-Injection vulnerability in ASP Indir Dora Emlak 1.0 SQL injection vulnerability in default.asp in Dora Emlak 1.0, when the goster parameter is set to emlakdetay, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-07-25 | CVE-2007-3987 | Junction Quest | SQL Injection vulnerability in Junction Quest Image Racer 1.0 SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, when WordSearchCrit is enabled, allows remote attackers to execute arbitrary SQL commands via the SearchWord parameter. | 7.5 |
2007-07-25 | CVE-2007-3984 | Zenturi | Buffer Overflow vulnerability in Zenturi Programchecker 1.5.0.531 Buffer overflow in a certain ActiveX control in the NixonMyPrograms class in sasatl.dll 1.5.0.531 in Zenturi ProgramChecker allows remote attackers to execute arbitrary code via a long argument to the Scan method. | 7.5 |
2007-07-25 | CVE-2007-3981 | WSN Links | SQL Injection vulnerability in WSN Links Basic Edition CatID Parameter SQL injection vulnerability in index.php in WSN Links Basic Edition allows remote attackers to execute arbitrary SQL commands via the catid parameter in a displaycat action. | 7.5 |
2007-07-25 | CVE-2007-3976 | Bwired | SQL-Injection vulnerability in Bwired SQL injection vulnerability in index.php in bwired allows remote attackers to execute arbitrary SQL commands via the newsID parameter. | 7.5 |
2007-07-25 | CVE-2007-3974 | Jblog | Input Validation vulnerability in Jblog 1.0 admin/ajoutaut.php in JBlog 1.0 does not require authentication, which allows remote attackers to create arbitrary accounts via modified mot and droit parameters. | 7.5 |
2007-07-25 | CVE-2007-3962 | FSP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in FSP C Library Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 might allow remote attackers to execute arbitrary code via (1) a long filename that is not properly handled by the fsp_readdir_native function when MAXNAMLEN is greater than 255, or (2) a long d_name directory (dirent) field in the fsp_readdir function. | 7.5 |
2007-07-24 | CVE-2007-3952 | Norman | Unspecified vulnerability in Norman Normon Antivirus The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to bypass the malware detection via a crafted DOC file, resulting from an "integer cast around". | 7.5 |
2007-07-24 | CVE-2007-3951 | Norman | Buffer-Overflow vulnerability in Multiple Norman Virus Control Products LZH Multiple buffer overflows in Norman Antivirus 5.90 allow remote attackers to execute arbitrary code via a crafted (1) ACE or (2) LZH file, resulting from an "integer cast around." | 7.5 |
2007-07-27 | CVE-2007-3532 | Gentoo Nvidia | Permissions, Privileges, and Access Controls vulnerability in Nvidia Video Driver NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14.11, as used in Gentoo Linux and possibly other distributions, creates /dev/nvidia* device files with insecure permissions, which allows local users to modify video card settings, cause a denial of service (crash or physical video card damage), and obtain sensitive information. | 7.2 |
2007-07-23 | CVE-2007-2950 | Centennial Numara Symantec | Local Privilege Escalation vulnerability in Discovery and Asset Manager Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges. | 7.2 |
2007-07-26 | CVE-2007-4012 | Cisco | Denial Of Service vulnerability in Cisco Wireless LAN Control ARP Storm Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (ARP storm) via a broadcast ARP packet that "targets the IP address of a known client context", aka CSCsj50374. | 7.1 |
2007-07-26 | CVE-2007-4011 | Cisco | Denial Of Service vulnerability in Cisco Wireless LAN Control ARP Storm Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or ARP storm) via a crafted unicast ARP request that (1) has a destination MAC address unknown to the Layer-2 infrastructure, aka CSCsj69233; or (2) occurs during Layer-3 roaming across IP subnets, aka CSCsj70841. | 7.1 |
2007-07-24 | CVE-2007-3958 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif. | 7.1 |
61 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-07-26 | CVE-2007-4004 | IBM | Buffer Errors vulnerability in IBM AIX 5.2.0/5.3 Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows local users to execute arbitrary code via unspecified vectors that trigger the overflow in a gets function call. | 6.9 |
2007-07-26 | CVE-2007-4003 | IBM | Unspecified vulnerability in IBM AIX 5.3 pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code by specifying a malicious library with the -R (ParseRoutine) command line argument. | 6.9 |
2007-07-26 | CVE-2007-3333 | IBM | Buffer Errors vulnerability in IBM AIX 5.2.0/5.3 Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 allows remote attackers to execute arbitrary code via a large number of terminal control sequences. | 6.9 |
2007-07-27 | CVE-2007-4041 | Microsoft Mozilla | OS Command Injection vulnerability in multiple products Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. | 6.8 |
2007-07-27 | CVE-2007-4032 | Crystal Reality LLC | Buffer Overflow vulnerability in Crystal Reality LLC Crystalplayer PRO 1.98 Buffer overflow in CrystalPlayer Pro 1.98 allows user-assisted remote attackers to execute arbitrary code via a long string in a .mls Playlist file. | 6.8 |
2007-07-26 | CVE-2007-4029 | Rpath Libvorbis | Denial Of Service And Memory Corruption vulnerability in Libvorbis 1.1.2 libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c. | 6.8 |
2007-07-26 | CVE-2007-4026 | Telaxus LLC | Remote Security vulnerability in Epesi epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. | 6.8 |
2007-07-26 | CVE-2007-4018 | Citrix | Remote vulnerability in Citrix Access Gateway 4.5 Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors. | 6.8 |
2007-07-26 | CVE-2007-4016 | Citrix | Remote vulnerability in Citrix Access Gateway 4.0/4.2/4.5 Unspecified vulnerability in the client components in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows attackers to execute arbitrary code via unspecified vectors. | 6.8 |
2007-07-26 | CVE-2007-4010 | PHP | Unspecified vulnerability in PHP 5.2.3 The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function. | 6.8 |
2007-07-26 | CVE-2007-4006 | Mike Dubman | Remote Security vulnerability in Mike Dubman Windows RSH Daemon 1.7 Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unknown impact and remote attack vectors, aka ZD-00000034. | 6.8 |
2007-07-25 | CVE-2007-3988 | Virtual Hosting Control System | Improper Authentication vulnerability in Virtual Hosting Control System Virtual Hosting Control System Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | 6.8 |
2007-07-25 | CVE-2007-3979 | Netart Media | SQL Injection vulnerability in BlogSite Professional SQL injection vulnerability in index.php in BlogSite Professional (aka Blog System) 1.x allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | 6.8 |
2007-07-25 | CVE-2007-3973 | Jblog | Input Validation vulnerability in Jblog 1.0 Multiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, or the (2) search parameter or (3) theme cookie to (b) recherche.php. | 6.8 |
2007-07-25 | CVE-2007-3965 | Ufmod | Unspecified vulnerability in uFMOD Unspecified vulnerability in uFMOD before 1.2.5 has unknown impact and attack vectors, possibly related to malformed files, and possibly an integer signedness error for relative note instruments. | 6.8 |
2007-07-24 | CVE-2007-3955 | Buffer Overflow vulnerability in Linkedin Toolbar 3.0.2.1098 Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in LinkedInIEToolbar.dll in the LinkedIn Toolbar 3.0.2.1098 allows remote attackers to execute arbitrary code via a long second argument (varBrowser argument) to the search method. | 6.8 | |
2007-07-26 | CVE-2007-4027 | Areca | Local Security vulnerability in Cli Buffer overflow in cli32 in Areca CLI 1.72.250 and earlier might allow local users to gain privileges via a long argument. | 6.6 |
2007-07-25 | CVE-2007-3531 | Gentoo | Local Privilege Escalation vulnerability in Gentoo Nvclock 0.7 The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file. | 6.6 |
2007-07-27 | CVE-2007-4047 | Geoblog | Security Bypass vulnerability in Geoblog 1 geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other unspecified impact via a request with a valid id parameter. | 6.4 |
2007-07-24 | CVE-2007-3946 | Lighttpd | Unspecified vulnerability in Lighttpd mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header. | 6.4 |
2007-07-27 | CVE-2007-1354 | Jboss | Remote Security vulnerability in Jboss Application Server The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode. | 6.0 |
2007-07-27 | CVE-2007-2874 | Redhat | Remote Security vulnerability in Fedora Core Buffer overflow in the wpa_printf function in the debugging code in wpa_supplicant in the Fedora NetworkManager package before 0.6.5-3.fc7 allows user-assisted remote attackers to execute arbitrary code via malformed frames on a WPA2 network. | 5.8 |
2007-07-24 | CVE-2007-2925 | ISC | Unspecified vulnerability in ISC Bind 9.4.0/9.4.1/9.5.0 The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache. | 5.8 |
2007-07-24 | CVE-2007-3947 | Lighttpd | Unspecified vulnerability in Lighttpd request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault. | 5.8 |
2007-07-27 | CVE-2007-4045 | Apple Fedoraproject | The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation. | 5.0 |
2007-07-27 | CVE-2007-4043 | Securecomputing | Improper Authentication vulnerability in Securecomputing Securityreporter 4.2.30/4.6.3 file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. | 5.0 |
2007-07-26 | CVE-2007-4005 | Mike Dubman | Buffer Errors vulnerability in Mike Dubman Windows RSH Daemon 1.7 Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 allows remote attackers to execute arbitrary code via a long string to the shell port (514/tcp). | 5.0 |
2007-07-25 | CVE-2007-3986 | Securecomputing | Directory Traversal Vulnerability And Authentication Bypass vulnerability in Securecomputing Securityreporter 4.6.3 file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to bypass authentication via a name parameter that specifies the eventcache directory and a non-GIF file, which causes the $dontvalidate variable to be set to true. | 5.0 |
2007-07-25 | CVE-2007-3985 | Securecomputing | Directory Traversal Vulnerability And Authentication Bypass vulnerability in Securecomputing Securityreporter 4.6.3 Directory traversal vulnerability in file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to download arbitrary files via a .. | 5.0 |
2007-07-25 | CVE-2007-3983 | Datadynamics | Directory Traversal vulnerability in Datadynamics Activereports 2.0 Absolute path traversal vulnerability in the Data Dynamics DDActiveReports2.ActiveReport.2 (ActiveReports) ActiveX control in arpro2.dll in ActiveReports 2.0 Professional Edition 2.5.0.1308 (SP5 RC) allows remote attackers to create or overwrite arbitrary files via a full pathname in an argument to the SaveLayout method. | 5.0 |
2007-07-25 | CVE-2007-3982 | Datadynamics | Unspecified vulnerability in Datadynamics Activereports 2.0/2.5 Absolute path traversal vulnerability in the Data Dynamics ActiveReport (ActiveReports) ActiveX control in actrpt2.dll 2.5 and earlier allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveLayout method. | 5.0 |
2007-07-25 | CVE-2007-3968 | Dirlist | Permissions, Privileges, and Access Controls vulnerability in Dirlist PHP 0.1.1 index.php in dirLIST before 0.1.1 allows remote attackers to list the contents of an excluded folder via a modified URL containing the folder name. | 5.0 |
2007-07-25 | CVE-2007-3967 | Dirlist | Path Traversal vulnerability in Dirlist PHP 0.1.1 Directory traversal vulnerability in index.php in PHP Directory Lister (dirLIST) before 0.1.1 allows remote attackers to list the contents of a parent directory via a .. | 5.0 |
2007-07-25 | CVE-2007-3966 | Iexpress | SQL Injection vulnerability in iExpress Munch Pro Login SQL injection vulnerability in Munch Pro allows remote attackers to execute arbitrary SQL commands via the login field to /admin, a different vulnerability than CVE-2006-5880. | 5.0 |
2007-07-25 | CVE-2007-3964 | Itaka | Unspecified vulnerability in Itaka Itaka before 0.2.1, when using Authentication mode, allows remote attackers to bypass authentication and obtain sensitive information by downloading screenshots via a direct request for /screenshot. | 5.0 |
2007-07-25 | CVE-2007-3961 | FSP | Unspecified vulnerability in FSP C Library Off-by-one error in the fsp_readdir_r function in fsplib.c in fsplib before 0.9 allows remote attackers to cause a denial of service via a directory entry whose length is exactly MAXNAMELEN, which prevents a terminating null byte from being added. | 5.0 |
2007-07-25 | CVE-2006-7221 | FSP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in FSP C Library Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow attackers to cause a denial of service via unspecified vectors involving the (1) name and (2) d_name entry attributes. | 5.0 |
2007-07-24 | CVE-2007-3959 | Ipswitch | Remote Denial of Service vulnerability in Ipswitch Imserver and Ipswitch Collaboration Suite The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (daemon crash) via certain data to TCP port 5179 that overwrites a destructor, as reachable by the (1) DoAttachVideoSender, (2) DoAttachVideoReceiver, (3) DoAttachAudioSender, and (4) DoAttachAudioReceiver functions. | 5.0 |
2007-07-24 | CVE-2007-3957 | Nipun Jain | Buffer Overflow vulnerability in Nipun Jain Xserver 0.1Alpha Buffer overflow in Nipun Jain xserver 0.1 alpha allows remote attackers to cause a denial of service via a POST request with a long URI. | 5.0 |
2007-07-27 | CVE-2007-4040 | Microsoft | Cross-Site Scripting vulnerability in Microsoft Outlook and Outlook Express Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670. | 4.3 |
2007-07-27 | CVE-2007-4039 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670. | 4.3 |
2007-07-27 | CVE-2007-4038 | Mozilla | Code Injection vulnerability in Mozilla Firefox and Thunderbird Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670. | 4.3 |
2007-07-26 | CVE-2007-4025 | SUN | Unspecified vulnerability in SUN Java System Application Server 8.1/8.2/9.0 Unspecified vulnerability in Sun Java System (SJS) Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors. | 4.3 |
2007-07-26 | CVE-2007-4024 | W1L3D4 | Cross-Site Scripting vulnerability in W1L3D4 Philboard W1L3D4_Aramasonuc.ASP Cross-site scripting (XSS) vulnerability in W1L3D4_aramasonuc.asp in W1L3D4 Philboard 0.3 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. | 4.3 |
2007-07-26 | CVE-2007-4023 | Aruba | Cross-Site Scripting vulnerability in Aruba Mobility Controllers Login Pages Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-07-26 | CVE-2007-4022 | Cpanel | Cross-Site Scripting vulnerability in Cpanel 10.9.1 Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter. | 4.3 |
2007-07-26 | CVE-2007-4021 | Brain Book Software | Cross-Site Scripting vulnerability in FORMfield Secure Login.PHP Multiple cross-site scripting (XSS) vulnerabilities in login.php in Brain Book Software Secure 1.0.20070629 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pwd parameters. | 4.3 |
2007-07-26 | CVE-2007-4020 | Brain Book Software | Cross-Site Scripting vulnerability in FORMfields AdMan Login.PHP Multiple cross-site scripting (XSS) vulnerabilities in login.php in AdMan 1.0.20051202 FF 3 patch and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pwd parameters. | 4.3 |
2007-07-26 | CVE-2007-4014 | Wordpress | Themes S Parameter Cross-Site Scripting vulnerability in Wordpress Blix, Blixed and Blixkrieg Cross-site scripting (XSS) vulnerability in a certain index.php installation script related to the (1) Blix 0.9.1, (2) Blixed 1.0, and (3) BlixKrieg (Blix Krieg) 2.2 themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757. | 4.3 |
2007-07-26 | CVE-2007-3875 | Broadcom CA | arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file. | 4.3 |
2007-07-25 | CVE-2007-3991 | ASP Indir | HTML Injection vulnerability in ASP cvmatik Multiple cross-site scripting (XSS) vulnerabilities in cv.asp in Asp cvmatik 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Adiniz (Ady), (2) Soyadiniz (Soyady), (3) Ehliyet, (4) Askerlik, and (5) GSM parameters; and possibly other unspecified vectors. | 4.3 |
2007-07-25 | CVE-2007-3989 | ASP Indir | Input Validation vulnerability in ASP Indir Dora Emlak 1.0 Multiple cross-site scripting (XSS) vulnerabilities in default.asp in Dora Emlak 1.0, when the goster parameter is set to iletisim, allow remote attackers to inject arbitrary web script or HTML via the (1) Adiniz and (2) Soyadiniz parameters; and possibly other unspecified vectors. | 4.3 |
2007-07-25 | CVE-2007-3978 | Bwired | Credentials Management vulnerability in Bwired Session fixation vulnerability in bwired allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | 4.3 |
2007-07-25 | CVE-2007-3977 | Bwired | Cross-Site Scripting vulnerability in Bwired Cross-site scripting (XSS) vulnerability in bwired allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-07-25 | CVE-2007-3975 | Elite Forum | Cross-Site Scripting vulnerability in Elite Forum Elite Forum 1.0.0.0 Cross-site scripting (XSS) vulnerability in index.php in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter in a ptopic action, a different vulnerability than CVE-2005-3412. | 4.3 |
2007-07-25 | CVE-2007-3679 | Citrix | Unspecified vulnerability in Citrix Access Gateway 4.5 The Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system. | 4.3 |
2007-07-24 | CVE-2007-3954 | Microsoft Mozilla | Cross-Site Scripting vulnerability in multiple products Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670. | 4.3 |
2007-07-24 | CVE-2007-3953 | Norman | Denial Of Service vulnerability in Norman Virus Control DOC OLE File Parsing The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to cause a denial of service via a crafted DOC file that triggers a divide-by-zero error. | 4.3 |
2007-07-24 | CVE-2007-2926 | ISC | Remote Cache Poisoning vulnerability in ISC BIND 9 ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning. | 4.3 |
2007-07-24 | CVE-2007-3950 | Lighttpd | Unspecified vulnerability in Lighttpd lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_webdav modules. | 4.3 |
2007-07-24 | CVE-2007-3948 | Lighttpd | Unspecified vulnerability in Lighttpd connections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service (failed assertion) via a large number of connection attempts. | 4.3 |
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|