Weekly Vulnerabilities Reports > August 6 to 12, 2007

Overview

118 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 32 high severity vulnerabilities. This weekly summary report vulnerabilities in 104 products from 78 vendors including Cisco, Joomla, Microsoft, Brian Carrier, and IBM. Vulnerabilities are notably categorized as "Code Injection", "SQL Injection", "Cross-site Scripting", "Improper Authentication", and "Permissions, Privileges, and Access Controls".

  • 109 reported vulnerabilities are remotely exploitables.
  • 14 reported vulnerabilities have public exploit available.
  • 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 110 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • Cisco has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

9 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-08-08 CVE-2007-4241 HP
Cisco
Remote Buffer Overflow vulnerability in HP Hp-Ux 11.11I

Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller for Cisco Local Director on HP-UX 11.11i allows remote attackers to execute arbitrary code via a long string to TCP port 17781.

10.0
2007-08-07 CVE-2007-4170 AL Athkar Remote Security vulnerability in Al-Athkar 2.0

Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) include parameter to (a) Main.php and (b) get.php and the (2) exec parameter to (c) count.php.

10.0
2007-08-09 CVE-2007-4292 Cisco Voice vulnerability in Cisco IOS and Unified Communications Manager

Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of service (device crash) via a malformed SIP packet, aka (1) CSCsf11855, (2) CSCeb21064, (3) CSCse40276, (4) CSCse68355, (5) CSCsf30058, (6) CSCsb24007, and (7) CSCsc60249.

9.3
2007-08-09 CVE-2007-4286 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS

Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (restart) and execute arbitrary code via a crafted NHRP packet.

9.3
2007-08-08 CVE-2007-4235 Vietphp Remote File Include vulnerability in VietPHP

Multiple PHP remote file inclusion vulnerabilities in VietPHP allow remote attackers to execute arbitrary PHP code via a URL in (1) the dirpath parameter to (a) _functions.php, or (2) the language parameter to (b) admin/index.php or (c) index.php.

9.3
2007-08-08 CVE-2007-4203 Mambo Improper Authentication vulnerability in Mambo Open Source 4.6.2

Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter.

9.3
2007-08-08 CVE-2007-4188 Joomla Improper Authentication vulnerability in Joomla

Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to hijack administrative web sessions via unspecified vectors.

9.3
2007-08-08 CVE-2007-3845 Microsoft
Mozilla
Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041.

9.3
2007-08-09 CVE-2007-4285 Cisco Denial-Of-Service vulnerability in IOS

Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information (partial packet contents) or cause a denial of service (router or component crash) via crafted IPv6 packets with a Type 0 routing header.

9.0

32 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-08-08 CVE-2007-4263 Cisco Unspecified vulnerability in Cisco IOS 12.2

Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors.

8.5
2007-08-08 CVE-2007-4262 EZ Photo Sales Input Validation vulnerability in EZPhotoSales

Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP code under OnlineViewing/galleries/.

8.5
2007-08-08 CVE-2007-4243 Astaro Denial-Of-Service vulnerability in Security Gateway

Unspecified vulnerability in pfilter-reporter.pl in Astaro Security Gateway (ASG) 7 allows remote attackers to cause a denial of service (CPU consumption) via certain network traffic, as demonstrated by P2P and iTunes applications that download large amounts of data.

7.8
2007-08-10 CVE-2007-4296 Anti Spam Smtp Proxy Unspecified vulnerability in Anti-Spam Smtp Proxy Server 1.3.3

Unspecified vulnerability in assp.pl in Anti-Spam SMTP Proxy Server (ASSP) 1.3.3 has unknown impact and attack vectors.

7.5
2007-08-09 CVE-2007-4290 Stadtaus Code Injection vulnerability in Stadtaus Guestbook Script 1.9

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the script_root parameter to (1) delete.php, (2) edit.php, or (3) inc/common.inc.php; or (4) database.php, (5) entries.php, (6) index.php, (7) logout.php, or (8) settings.php in admin/.

7.5
2007-08-09 CVE-2007-4287 Fishcart Remote Security vulnerability in Fishcart

PHP remote file inclusion vulnerability in fc_functions/fc_example.php in FishCart 3.2 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the docroot parameter.

7.5
2007-08-09 CVE-2007-4283 Coppermine Remote File Include vulnerability in Coppermine Photo Gallery 1.3.1

PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.

7.5
2007-08-09 CVE-2007-4279 Frontaccounting Remote File Include vulnerability in Frontaccounting 1.12Build31

PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter.

7.5
2007-08-08 CVE-2007-4261 EZ Photo Sales Credentials Management vulnerability in EZ Photo Sales EZ Photo Sales 1.9.3

EZPhotoSales 1.9.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) a file containing cleartext passwords via a direct request for OnlineViewing/data/galleries.txt, or (2) a file containing username hashes and password hashes via a direct request for OnlineViewing/configuration/config.dat/.

7.5
2007-08-08 CVE-2007-4258 Prozilla SQL Injection vulnerability in Prozilla PUB Site Directory

SQL injection vulnerability in directory.php in Prozilla Pub Site Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2007-08-08 CVE-2007-4255 PHP Buffer Overflow vulnerability in PHP 5.2.3

Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function.

7.5
2007-08-08 CVE-2007-4253 Envolution SQL Injection vulnerability in Envolution News Module Topic Parameter

SQL injection vulnerability in the News module in modules.php in Envolution 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2005-4263.

7.5
2007-08-08 CVE-2007-4244 Joomla Code Injection vulnerability in Joomla J Reactions

PHP remote file inclusion vulnerability in langset.php in J! Reactions (com_jreactions) 1.8.1 and earlier, a Joomla! component, allows remote attackers to execute arbitrary PHP code via a URL in the comPath parameter.

7.5
2007-08-08 CVE-2007-4240 Help Center Live Security Bypass vulnerability in Help Center Live Help Center Live 2.1.3A

The check_logout function in class/auth.php in Help Center Live (hcl) 2.1.3a sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to delete administrative users and have other unspecified impact via certain requests to (1) admin/departments.php, (2) admin/operators.php, and other unspecified scripts.

7.5
2007-08-08 CVE-2007-4230 Jems Scripts Authentication Bypass vulnerability in RETIRED: BellaBiblio

** DISPUTED ** BellaBiblio allows remote attackers to gain administrative privileges via a bellabiblio cookie with the value "administrator." NOTE: this issue is disputed by CVE and multiple third parties because the cookie value must be an MD5 hash.

7.5
2007-08-08 CVE-2007-4210 Redline Software SQL Injection vulnerability in Redline Software Lanai CMS 1.2.14

Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.

7.5
2007-08-08 CVE-2007-4209 Aceboard SQL Injection vulnerability in Aceboard Forum 5.3

SQL injection vulnerability in Recherche.php in Aceboard forum allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2007-08-08 CVE-2007-4208 Morgan IDS SQL Injection vulnerability in Next Gen Portfolio Manager Default.ASP

SQL injection vulnerability in default.asp in Next Gen Portfolio Manager allows remote attackers to execute arbitrary SQL commands via the (1) Users_Email or (2) Users_Password parameter in an ExecuteTheLogin action.

7.5
2007-08-08 CVE-2007-4207 Kerberosdev SQL Injection vulnerability in Kerberosdev Gallery in A BOX

SQL injection vulnerability in admin_console/index.asp in Gallery In A Box allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field.

7.5
2007-08-08 CVE-2007-4187 Joomla Code Injection vulnerability in Joomla 1.5.0Beta

Multiple eval injection vulnerabilities in the com_search component in Joomla! 1.5 beta before RC1 (aka Mapya) allow remote attackers to execute arbitrary PHP code via PHP sequences in the searchword parameter, related to default_results.php in (1) components/com_search/views/search/tmpl/ and (2) templates/beez/html/com_search/search/.

7.5
2007-08-08 CVE-2007-4184 Joomla SQL-Injection vulnerability in Joomla 1.0.12

SQL injection vulnerability in administrator/popups/pollwindow.php in Joomla! 1.0.12 allows remote attackers to execute arbitrary SQL commands via the pollid parameter.

7.5
2007-08-08 CVE-2007-4183 PHP Arena SQL Injection vulnerability in PHP Arena paBugs

SQL injection vulnerability in main.php in paBugs 2.0 Beta 3 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.

7.5
2007-08-08 CVE-2007-4182 Wikiwebweaver Unspecified vulnerability in Wikiwebweaver

Unrestricted file upload vulnerability in index.php in WikiWebWeaver 1.1 and earlier allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .gif.php, which is accessible from data/documents/.

7.5
2007-08-07 CVE-2007-4173 Hunkaray Okul SQL Injection vulnerability in Hunkaray Okul Portaly 1.1

SQL injection vulnerability in duyuruoku.asp in Hunkaray Okul Portali 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-3080.

7.5
2007-08-07 CVE-2007-4171 Auracms SQL Injection vulnerability in auraCMS Forum Module Pilih.ASP

SQL injection vulnerability in komentar.php in the Forum Module for auraCMS (Modul Forum Sederhana) allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI.

7.5
2007-08-07 CVE-2007-4169 Vgallite Code Injection vulnerability in Vgallite

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in vgallite allow remote attackers to execute arbitrary PHP code via a URL in the (1) dirpath parameter to _functions.php or the (2) lang parameter to index.php.

7.5
2007-08-07 CVE-2007-4167 AL Caricatier Remote Security vulnerability in Al-Caricatier 2.5

PHP remote file inclusion vulnerability in cat_viewed.php in AL-Caricatier 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the CatName parameter.

7.5
2007-08-07 CVE-2007-4164 SUN HTTP Redirect vulnerability in Sun Java System Web Server 6.1/7.0

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.

7.5
2007-08-09 CVE-2007-4293 Cisco Voice vulnerability in Cisco IOS and Unified Communications Manager

Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device crash) via (1) "abnormal" MGCP messages, aka CSCsd81407; and (2) a large facsimile packet, aka CSCej20505.

7.1
2007-08-09 CVE-2007-4291 Cisco Voice vulnerability in Cisco IOS and Unified Communications Manager

Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a device crash, as identified by (2) CSCsi60004 with Proxy Unregistration and (3) CSCsg70474; and a malformed Real-time Transport Protocol (RTP) packet, which causes a device crash, as identified by (4) CSCse68138, related to VOIP RTP Lib, and (5) CSCse05642, related to I/O memory corruption.

7.1
2007-08-08 CVE-2007-4226 Bluecat Networks Remote Privilege Escalation vulnerability in Bluecat Networks Adonis 5.0.2.8

Directory traversal vulnerability in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 (Adonis DNS/DHCP appliance 5.0.2.8) allows remote authenticated administrators, with certain TFTP privileges, to create and overwrite arbitrary files via a ..

7.1
2007-08-08 CVE-2007-4205 Bluecat Networks
Linux HA
Denial-Of-Service vulnerability in Heartbeat 0.4.9/1.2.4

XHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance 5.0.2.8 allows remote attackers to cause a denial of service (heartbeat control process crash) via a UDP packet to port 694.

7.1

72 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-08-08 CVE-2007-4238 IBM Local Security vulnerability in AIX 5.2/5.3

AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, which allows local users with bin or possibly printq privileges to gain root privileges by modifying pioinit.

6.9
2007-08-08 CVE-2007-4237 IBM Local Security vulnerability in AIX 5.2/5.3

Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte in AIX 5.2 and 5.3 allows local users to gain root privileges.

6.9
2007-08-08 CVE-2007-4236 IBM Local Security vulnerability in AIX 5.2/5.3

Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows local users with printq group privileges to gain root privileges.

6.9
2007-08-08 CVE-2007-4191 Panda Local Privilege Escalation vulnerability in Panda Antivirus 2008

Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657.

6.9
2007-08-09 CVE-2007-4295 Cisco Voice vulnerability in Cisco IOS and Unified Communications Manager

Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80749.

6.8
2007-08-09 CVE-2007-4294 Cisco Voice vulnerability in Cisco Unified Communications Manager 5.0/5.1/6.0

Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102.

6.8
2007-08-09 CVE-2007-4289 SUN Remote Security vulnerability in SUN Java System Portal Server 7.0

Sun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715.

6.8
2007-08-09 CVE-2007-2955 Symantec Remote Code Execution vulnerability in Symantec products

Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA.

6.8
2007-08-09 CVE-2007-3872 HP Remote Buffer Overflow vulnerability in HP Openview Operations and Shared Trace Service

Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arbitrary code via certain crafted requests.

6.8
2007-08-08 CVE-2007-4257 LFS Buffer Overflow vulnerability in LFS Live for Speed Sp1/Sp2

Multiple buffer overflows in Live for Speed (LFS) S1 and S2 allow user-assisted remote attackers to execute arbitrary code via (1) a .spr file (single player replay file) containing a long user name or (2) a .ply file containing a long number plate string, different vectors than CVE-2007-4140.

6.8
2007-08-08 CVE-2007-4254 Microsoft Remote Security vulnerability in Microsoft products

Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method.

6.8
2007-08-08 CVE-2007-4246 Justsystem Code Execution vulnerability in Justsystem Ichitaro 2007

Unspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a modified document, as actively exploited in August 2007 by malware such as Tarodrop.D (Tarodrop.Q), a different vulnerability than CVE-2006-4326, CVE-2006-5424, CVE-2006-6400, and CVE-2007-1938.

6.8
2007-08-08 CVE-2007-4232 Andreas Robertz Remote File Include vulnerability in Andreas Robertz PHPnews 0.93

PHP remote file inclusion vulnerability in admin/inc/change_action.php in Andreas Robertz PHPNews 0.93 allows remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter.

6.8
2007-08-08 CVE-2007-4231 Idevspot Remote File Include vulnerability in Idevspot PHPhostbot 1.06

PHP remote file inclusion vulnerability in order/login.php in IDevSpot PhpHostBot 1.06 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the svr_rootscript parameter, a different vector than CVE-2007-4094 and CVE-2006-3776.

6.8
2007-08-08 CVE-2007-4225 KDE Remote Security vulnerability in KDE Konqueror 3.5.7

Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion.

6.8
2007-08-08 CVE-2007-4186 Joomla Remote File Include vulnerability in Joomla Tour DE France Pool 1.0.1

PHP remote file inclusion vulnerability in admin.tour_toto.php in the Tour de France Pool (com_tour_toto) 1.0.1 module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2007-08-08 CVE-2007-4181 Pluck Unspecified vulnerability in Pluck 4.3

** DISPUTED ** PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter.

6.8
2007-08-08 CVE-2007-4176 Eqdkp Unspecified vulnerability in Eqdkp Plus

Multiple unspecified vulnerabilities in EQDKP Plus before 0.4.4.5 have unknown impact and attack vectors.

6.8
2007-08-08 CVE-2007-4211 Dovecot Unspecified vulnerability in Dovecot

The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.

6.0
2007-08-07 CVE-2007-4174 TOR Permissions, Privileges, and Access Controls vulnerability in TOR

Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node.

5.8
2007-08-09 CVE-2007-4282 Serendipity Unspecified vulnerability in Serendipity 1.1.3

The "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "deliver custom entryproperties settings to the Serendipity Frontend" via a certain request that modifies the password being checked.

5.0
2007-08-08 CVE-2007-4260 EZ Photo Sales Remote Security vulnerability in Ez Photo Sales

EZPhotoSales 1.9.3 and earlier has a default "admin" account for galleries, which allows remote attackers to access arbitrary galleries by specifying this username.

5.0
2007-08-08 CVE-2007-4259 EZ Photo Sales Input Validation vulnerability in EZ Photo Sales EZ Photo Sales 1.9.3

EZPhotoSales 1.9.3 and earlier allows remote attackers to download arbitrary image files via (1) a direct request for a URL under OnlineViewing/galleries/ or (2) navigation of the gallery user interface with JavaScript disabled.

5.0
2007-08-08 CVE-2007-4256 YNP Directory Traversal vulnerability in YNP Portal Systems 2.2.0

Directory traversal vulnerability in showpage.cgi in YNP Portal System 2.2.0 allows remote attackers to read arbitrary files via a ..

5.0
2007-08-08 CVE-2007-4250 Advanced Searchbar Denial-Of-Service vulnerability in Advanced Searchbar

The isChecked function in Toolbar.DLL in Advanced Searchbar before 3.33 allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors.

5.0
2007-08-08 CVE-2007-4242 Astaro Security Bypass vulnerability in Astaro Security Gateway 7.0

The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform virus scanning of attachments that exceed the maximum attachment size, and passes these attachments, which allows remote attackers to bypass this scanning via a large attachment.

5.0
2007-08-08 CVE-2007-4234 Camera Life Remote Security vulnerability in Camera Life

Unspecified vulnerability in Camera Life before 2.6 allows remote attackers to download private photos via unspecified vectors associated with the names of the photos.

5.0
2007-08-08 CVE-2007-4201 Guidance Software Unspecified vulnerability in Guidance Software Encase 6.2/6.5

Guidance Software EnCase 6.2 and 6.5 does not properly handle a volume with more than 25 partitions, which might allow remote attackers to prevent examination of certain data, a related issue to CVE-2007-4035.

5.0
2007-08-08 CVE-2007-4185 Joomla Information Disclosure vulnerability in Joomla 1.0.12

Joomla! 1.0.12 allows remote attackers to obtain sensitive information via a direct request for (1) Stat.php (2) OutputFilter.php, (3) OutputCache.php, (4) Modifier.php, (5) Reader.php, and (6) TemplateCache.php in includes/patTemplate/patTemplate/; (7) includes/Cache/Lite/Output.php; and other unspecified components, which reveal the path in various error messages.

5.0
2007-08-08 CVE-2007-4180 Pluck Unspecified vulnerability in Pluck 4.3

** DISPUTED ** Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a ..

5.0
2007-08-08 CVE-2007-2927 Atheros
Microsoft
Denial of Service vulnerability in Atheros Wireless Drivers

Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter drivers before 5.3.0.35, and 6.x before 6.0.3.67, on Windows allows remote attackers to cause a denial of service via a crafted 802.11 management frame.

5.0
2007-08-07 CVE-2007-4166 Wordpress Cross-Site Scripting vulnerability in Wordpress Unamed Theme and Unamed Theme SE

Cross-site scripting (XSS) vulnerability in index.php in the Unnamed theme 1.217, and Special Edition (SE) 1.02, before 20070804 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757, CVE-2007-4014, and CVE-2007-4165.

5.0
2007-08-08 CVE-2007-4228 IBM Local Buffer Overflow vulnerability in IBM AIX 4.3

rmpvc on IBM AIX 4.3 allows local users to cause a denial of service (system crash) via long port logical name (-l) argument.

4.7
2007-08-08 CVE-2007-4206 Kaspersky LAB Unspecified vulnerability in Kaspersky LAB Kaspersky Anti-Spam

Kaspersky Anti-Spam 3.0 MP1 before Critical Fix 2 (3.0.278.4) sets incorrect permissions for application files in certain upgrade scenarios, which might allow local users to gain privileges.

4.4
2007-08-10 CVE-2007-4297 Aspindir HTML Injection vulnerability in Dersimiz Haber Ekleme Modulu Yorumkaydet.ASP

Multiple cross-site scripting (XSS) vulnerabilities in yorumkaydet.asp in Dersimiz Haber Ekleme Modulu allow remote attackers to inject arbitrary web script or HTML via the (1) yazan, (2) mail, and (3) yorum parameters.

4.3
2007-08-09 CVE-2007-4288 Microsoft Denial of Service vulnerability in Microsoft Windows Media Player 11

Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au.

4.3
2007-08-09 CVE-2007-4284 Cisco Cross-Site Scripting vulnerability in Cisco Meetingplace web Confrencing 5.3(235)

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified MeetingPlace Web Conferencing (MP) 5.3.235.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) Success Template (STPL) and (2) Failure Template (FTPL) parameters, which are not properly handled in an error message.

4.3
2007-08-09 CVE-2007-4281 Knowledgetree Cross-Site Scripting vulnerability in Knowledgetree Open Source 3.4/3.4.1

Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source 3.4 and 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the login field on the login page, and other unspecified vectors.

4.3
2007-08-09 CVE-2007-3843 Linux Unspecified vulnerability in Linux Kernel

The Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request.

4.3
2007-08-09 CVE-2007-4265 Visionera AB Cross-Site Scripting vulnerability in Visionera AB VisionProject

Multiple cross-site scripting (XSS) vulnerabilities in VisionProject 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) projectIssueId parameter in EditProjectIssue.do, the (2) projectId parameter in ProjectSelected.do, the (3) folderId parameter in ProjectDocuments.do and the (4) sortField parameter in ProjectIssues.do.

4.3
2007-08-09 CVE-2007-4264 KAI Blankenhorn Bitfolge Cross-Site Scripting vulnerability in snif

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) 1.5.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) path and (2) download parameters.

4.3
2007-08-08 CVE-2007-4252 Chilkat Software Unspecified vulnerability in Chilkat Software ASP String 1.1

Absolute path traversal vulnerability in a certain ActiveX control in CkString.dll 1.1 and earlier in CHILKAT ASP String allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveToFile method, a different vulnerability than CVE-2007-3633.

4.3
2007-08-08 CVE-2007-4251 Openoffice Denial-Of-Service vulnerability in Openoffice 2.2

OpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service.

4.3
2007-08-08 CVE-2007-4249 Exportnation Denial-Of-Service vulnerability in Exportnation Toolbar

The isChecked function in Toolbar.DLL in the ExportNation toolbar for Internet Explorer allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors.

4.3
2007-08-08 CVE-2007-4248 Toolbar Gaming Denial-Of-Service vulnerability in Toolbar Gaming

The CallCmd function in toolbar_gaming.dll in the Toolbar Gaming toolbar for Internet Explorer allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors.

4.3
2007-08-08 CVE-2007-4247 Microsoft Denial of Service vulnerability in Microsoft Windows Calendar ICS File

Windows Calendar on Microsoft Windows Vista allows remote attackers to cause a denial of service (NULL dereference and persistent application crash) via a malformed ICS file.

4.3
2007-08-08 CVE-2007-4245 Dimema Cross-Site Scripting vulnerability in Dimema Contentdm

Cross-site scripting (XSS) vulnerability in Search.php in DiMeMa CONTENTdm (CDM) allows remote attackers to inject arbitrary web script or HTML via a search, probably related to the CISOBOX1 parameter to results.php in CDM 4.2.

4.3
2007-08-08 CVE-2007-4239 C SAM Cross-Site Scripting vulnerability in C-Sam Onewallet 210070620071.0

Cross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp in the admin interface in C-SAM oneWallet 210_07062007;1.0 allows remote attackers to inject arbitrary web script or HTML via the loginID parameter.

4.3
2007-08-08 CVE-2007-4233 Camera Life Denial Of Service vulnerability in Camera Life

Multiple unspecified vulnerabilities in Camera Life before 2.6 allow attackers to cause a denial of service via unknown vectors.

4.3
2007-08-08 CVE-2007-4229 KDE Denial of Service vulnerability in KDE Konqueror Assert

Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags.

4.3
2007-08-08 CVE-2007-4227 Microsoft Denial of Service vulnerability in Microsoft IE 6.0/7

Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain JPG file, as demonstrated by something.jpg.

4.3
2007-08-08 CVE-2007-4224 KDE Link Following vulnerability in KDE Konqueror 3.5.7

KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.

4.3
2007-08-08 CVE-2007-4212 Phpnuke Cross-Site Scripting vulnerability in PHP-Nuke Search Module

Multiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "<" instead of a ">" in (1) the onerror attribute of an IMG element, (2) the onload attribute of an IFRAME element, or (3) redirect users to other sites via the META tag.

4.3
2007-08-08 CVE-2007-4202 Guidance Software Unspecified vulnerability in Guidance Software Encase 6.0

Guidance Software EnCase Enterprise Edition (EEE) 6 does not properly verify the identity of the acquisition target during communication with the EnCase Servlet (EEE servlet), which might allow remote attackers to spoof the disk image.

4.3
2007-08-08 CVE-2007-4200 Brian Carrier Denial Of Service And Buffer Overflow vulnerability in The Sleuth Kit

ntfs.c in fsstat in Brian Carrier The Sleuth Kit (TSK) before 2.09 interprets a certain variable as a byte count rather than a count of 32-bit integers, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image.

4.3
2007-08-08 CVE-2007-4199 Brian Carrier Denial Of Service And Buffer Overflow vulnerability in The Sleuth Kit

Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image that triggers (1) dereference of a certain integer value by ntfs_dent.c in fls, or (2) dereference of a certain other integer value by ntfs.c in fsstat.

4.3
2007-08-08 CVE-2007-4198 Brian Carrier Denial Of Service And Buffer Overflow vulnerability in The Sleuth Kit

The fs_data_put_str function in ntfs.c in fls in Brian Carrier The Sleuth Kit (TSK) before 2.09 does not validate a certain length value, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image, which triggers a buffer over-read.

4.3
2007-08-08 CVE-2007-4197 Brian Carrier Denial Of Service And Buffer Overflow vulnerability in The Sleuth Kit

icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 omits NULL pointer checks in certain code paths, which allows user-assisted remote attackers to cause a denial of service (NULL dereference and application crash) and prevent examination of certain NTFS files via a malformed NTFS image.

4.3
2007-08-08 CVE-2007-4196 Brian Carrier Denial Of Service And Buffer Overflow vulnerability in The Sleuth Kit

icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 misinterprets a certain memory location as the holder of a loop iteration count, which allows user-assisted remote attackers to cause a denial of service (long loop) and prevent examination of certain NTFS files via a malformed NTFS image.

4.3
2007-08-08 CVE-2007-4195 THE Sleuth KIT Denial Of Service And Buffer Overflow vulnerability in The Sleuth Kit

Use-after-free vulnerability in ext2fs.c in Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain ext2fs files via a malformed ext2fs image.

4.3
2007-08-08 CVE-2007-4194 Guidance Software Denial-Of-Service vulnerability in Guidance Software Encase 5.0

Guidance Software EnCase 5.0 allows user-assisted remote attackers to cause a denial of service (stack memory consumption) and possibly have other unspecified impact via a malformed file, related to "EnCase's file system parsing." NOTE: this information is based upon a vague pre-advisory.

4.3
2007-08-08 CVE-2007-4193 IDE Group Cross-Site Request Forgery vulnerability in IDE Group DVD Rental System DRS 5.1

Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to perform certain actions as arbitrary users, as demonstrated by (1) modifying data or (2) canceling a subscription.

4.3
2007-08-08 CVE-2007-4192 IDE Group Cross-Site Scripting vulnerability in IDE Group DVD Rental System DRS 5.1

Multiple cross-site scripting (XSS) vulnerabilities in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-08-08 CVE-2007-4190 Joomla Cross-Site Scripting vulnerability in Joomla

CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter.

4.3
2007-08-08 CVE-2007-4189 Joomla Cross-Site Scripting vulnerability in Joomla

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components.

4.3
2007-08-08 CVE-2007-4178 AMG Soft Cross-Site Scripting vulnerability in WebDirector

Cross-site scripting (XSS) vulnerability in index.php in WebDirector 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the deslocal parameter.

4.3
2007-08-08 CVE-2007-4177 Interact Cross-Site Scripting vulnerability in Interact Online Learning Environment

Multiple cross-site scripting (XSS) vulnerabilities in Interact before 2.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-08-08 CVE-2007-4175 Openrat Cross-Site Scripting vulnerability in OpenRat

Multiple cross-site scripting (XSS) vulnerabilities in index.php in OpenRat CMS 0.8-beta1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subaction and (2) action parameters.

4.3
2007-08-08 CVE-2007-3844 Mozilla Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.

4.3
2007-08-08 CVE-2007-3384 Apache Cross-Site Scripting vulnerability in Apache Tomcat Error Message Reporting

Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.

4.3
2007-08-07 CVE-2007-4172 Open Webmail Cross-Site Scripting vulnerability in Open Webmail Open Webmail

Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail (OWM) 2.52 20060831 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchtype, (2) longpage, and (3) page parameters to (a) openwebmail-main.pl; the (4) prefs_caller, (5) userfirsttime, (6) page, (7) sort, (8) folder, and (9) message_id parameters to (b) openwebmail-prefs.pl; the (10) compose_caller, (11) msgdatetype, (12) keyword, (13) searchtype, (14) folder, (15) page, and (16) sort parameters to (c) openwebmail-send.pl; the (17) folder, (18) page, and (19) sort parameters to (d) openwebmail-folder.pl; the (20) searchtype, (21) page, (22) filesort, (23) singlepage, (24) showhidden, (25) showthumbnail, and (26) message_id parameters to (e) openwebmail-webdisk.pl; the (27) folder parameter to (f) openwebmail-advsearch.pl; and the (28) abookcollapse, (29) abooksearchtype, (30) abooksort, (31) abooklongpage, (32) abookpage, (33) message_id, (34) searchtype, (35) msgdatetype, (36) sort, (37) page, (38) rootxowmuid, and (39) listviewmode parameters to (g) openwebmail-abook.pl, different vectors than CVE-2005-2863, CVE-2006-2190, CVE-2006-3229, and CVE-2006-3233.

4.3
2007-08-07 CVE-2007-4165 Wordpress
XU Yiyang
Themes S Parameter Cross-Site Scripting vulnerability in Xu Yiyang WordPress

Cross-site scripting (XSS) vulnerability in index.php in the Blue Memories theme 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757 and CVE-2007-4014.

4.3

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-08-09 CVE-2007-4280 Asterisk Remote Denial of Service vulnerability in Asterisk Skinny Channel Driver

The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.

3.5
2007-08-08 CVE-2007-4204 Hitachi Information Disclosure vulnerability in Hitachi products

Hitachi Groupmax Collaboration - Schedule, as used in Groupmax Collaboration Portal 07-32 through 07-32-/B, uCosminexus Collaboration Portal 06-32 through 06-32-/B, and Groupmax Collaboration Web Client - Mail/Schedule 07-32 through 07-32-/A, can assign schedule data to the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information.

3.5
2007-08-08 CVE-2007-4179 HP Local Denial Of Service vulnerability in HP-UX ARPA Transport

Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.

1.5
2007-08-07 CVE-2007-3381 Gnome Improper Input Validation vulnerability in Gnome GDM

The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.

1.5
2007-08-08 CVE-2007-3108 Openssl Local Information Disclosure vulnerability in OpenSSL Montgomery Exponentiation Side-Channel

The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.

1.2