Weekly Vulnerabilities Reports > August 13 to 19, 2007
Overview
139 new vulnerabilities reported during this period, including 21 critical vulnerabilities and 20 high severity vulnerabilities. This weekly summary report vulnerabilities in 127 products from 86 vendors including Microsoft, IBM, Universal Ircd, Mapos Scripts, and Zyxel. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Code Injection", "Cross-site Scripting", and "Path Traversal".
- 116 reported vulnerabilities are remotely exploitables.
- 14 reported vulnerabilities have public exploit available.
- 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 125 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 18 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 10 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
21 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-08-17 | CVE-2007-4388 | 2Wire | Remote Security vulnerability in 1701Hg Router 2wire 1701HG and 2071 Gateway routers, with 5.29.51 and possibly 3.17.5 software, have a blank password by default. | 10.0 |
2007-08-16 | CVE-2007-4372 | Microsoft Netwin | Remote Security vulnerability in Netwin Surgemail 38K Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. | 10.0 |
2007-08-15 | CVE-2007-4361 | Netgear | Remote SSH Backdoor vulnerability in Netgear Readynas Raidiator 3.01C1P1/3.01C1P6 NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access. | 10.0 |
2007-08-14 | CVE-2007-4338 | Haudenschilt | Permissions, Privileges, and Access Controls vulnerability in Haudenschilt Family Connections CMS index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. | 10.0 |
2007-08-18 | CVE-2007-4422 | Symantec | Unspecified vulnerability in Symantec Enterprise Firewall 6 The login interface in Symantec Enterprise Firewall 6.x, when a VPN with pre-shared key (PSK) authentication is enabled, generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames. | 9.3 |
2007-08-18 | CVE-2007-4421 | Olate | SQL Injection vulnerability in Olate Olatedownload 3.4.1 SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie. | 9.3 |
2007-08-18 | CVE-2007-4420 | Edraw | Path Traversal vulnerability in Edraw Office Viewer Component 5.1 Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability than CVE-2007-3168 and CVE-2007-3169. | 9.3 |
2007-08-18 | CVE-2007-4419 | Olate | Improper Authentication vulnerability in Olate Olatedownload 3.4.1 Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area. | 9.3 |
2007-08-18 | CVE-2007-4396 | Irssi | Unspecified vulnerability in Irssi Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi before 0.8.11 allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. | 9.3 |
2007-08-17 | CVE-2007-4391 | Yahoo | Improper Input Validation vulnerability in Yahoo Messenger 8.1.0.413 Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then injecting a DLL into the attacker's peer Yahoo! Messenger application when this request is accepted. | 9.3 |
2007-08-17 | CVE-2007-4381 | SUN | Remote Privilege Escalation vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. | 9.3 |
2007-08-15 | CVE-2007-4367 | Opera | Release of Invalid Pointer or Reference vulnerability in Opera Browser Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer." | 9.3 |
2007-08-15 | CVE-2007-4356 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 6/7 Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) .html, or (3) .mht file. | 9.3 |
2007-08-14 | CVE-2007-1749 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5.01/6/7 Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow. | 9.3 |
2007-08-14 | CVE-2007-0948 | Microsoft | Heap Overflow vulnerability in Microsoft Virtual PC and Virtual Server Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components." | 9.3 |
2007-08-14 | CVE-2007-3890 | Microsoft | Remote Code Execution vulnerability in Microsoft Excel and Office Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption. | 9.3 |
2007-08-14 | CVE-2007-3041 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5.01/6/7 Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Object Memory Corruption Vulnerability." | 9.3 |
2007-08-14 | CVE-2007-3034 | Microsoft | Numeric Errors vulnerability in Microsoft products Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow. | 9.3 |
2007-08-14 | CVE-2007-2224 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Office and Visual Basic Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow. | 9.3 |
2007-08-14 | CVE-2007-2223 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft XML Core Services Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow. | 9.3 |
2007-08-14 | CVE-2007-2216 | Microsoft | Configuration vulnerability in Microsoft Internet Explorer 5.01/6/7 The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll property to call the DLLGetDocumentation function in another DLL file, aka "ActiveX Object Vulnerability." | 9.3 |
20 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-08-15 | CVE-2007-4364 | Fedoraproject | Improper Authentication vulnerability in Fedoraproject Commons Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain "unexpected / strange response" from an LDAP server, and (2) a reauthentication attempt that throws an exception, which allows remote attackers to trigger use of a cached authentication decision. | 8.5 |
2007-08-18 | CVE-2007-4405 | Universal Ircd | Remote vulnerability in Universal Ircd Server ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by creating a large number of unused channels (zannels). | 7.8 |
2007-08-18 | CVE-2007-4404 | Universal Ircd | Remote vulnerability in Universal Ircd Ircu 2.10.12.01 ircu 2.10.12.01 allows remote attackers to (1) cause a denial of service (flood wallops) by joining two channels with certain long names that differ in the final character, which triggers a protocol violation and (2) cause a denial of service (daemon crash) via a "J 0:#channel" message on a channel without an apass; and (3) allows remote authenticated operators to cause a denial of service (daemon crash) via a remote "names -D" command. | 7.8 |
2007-08-17 | CVE-2007-4389 | 2Wire | Cross-Site Request Forgery vulnerability in 2Wire Routers Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG, 1800HW, and 2071 Gateway routers, with 3.17.5, 3.7.1, and 5.29.51 software, allows remote attackers to create DNS mappings as administrators, and conduct DNS poisoning attacks, via the NAME and ADDR parameters. | 7.8 |
2007-08-17 | CVE-2007-4395 | SUN | Remote Privilege Escalation vulnerability in SUN Sunos 5.8 Multiple unspecified vulnerabilities in the Role Based Access Control (RBAC) functionality in Sun Solaris 8 allow remote attackers who know the password for a role to gain privileges via that role. | 7.6 |
2007-08-14 | CVE-2007-3035 | Microsoft | Remote Skin Header Code Execution vulnerability in Microsoft Windows Media Player Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins." | 7.6 |
2007-08-18 | CVE-2007-4406 | Universal Ircd | Remote vulnerability in Universal Ircd Server ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after a join from a server with an older timestamp (TS), which allows remote attackers to gain control of a channel during a split. | 7.5 |
2007-08-15 | CVE-2007-4370 | Racer | Remote Buffer Overflow vulnerability in Racer 0.5.3 Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbitrary code via a long string to UDP port 26000. | 7.5 |
2007-08-15 | CVE-2007-4368 | IBM | SQL Injection vulnerability in IBM Rational Clearquest 7.0.0.0/7.0.0.1 SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command. | 7.5 |
2007-08-14 | CVE-2007-4342 | Phpcentral | Code Injection vulnerability in PHPcentral Login 1.0 PHP remote file inclusion vulnerability in include.php in PHPCentral Login 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. | 7.5 |
2007-08-14 | CVE-2007-4341 | Omnistar | Remote File Include vulnerability in Omnistar Lib2 PHP Library 0.2 PHP remote file inclusion vulnerability in adm/my_statistics.php in Omnistar Lib2 PHP 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. | 7.5 |
2007-08-14 | CVE-2007-4340 | Phpdvd | Remote Security vulnerability in PHPdvd 1.0.4 PHP remote file inclusion vulnerability in index.php in phpDVD 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the dvd_config_file parameter. | 7.5 |
2007-08-14 | CVE-2007-4339 | Phpcentral | Code Injection vulnerability in PHPcentral Poll Script 1.0 Multiple PHP remote file inclusion vulnerabilities in PHPCentral Poll Script 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter in (1) poll.php and (2) pollarchive.php. | 7.5 |
2007-08-14 | CVE-2007-4332 | Article Dashboard | Input Validation vulnerability in Article Dashboard SQL injection vulnerability in article.php in Article Dashboard, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action. | 7.5 |
2007-08-14 | CVE-2007-4320 | Ncaster | Remote File Include vulnerability in Ncaster 1.7.2 PHP remote file inclusion vulnerability in admin/addons/archive/archive.php in Ncaster 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter. | 7.5 |
2007-08-13 | CVE-2007-4312 | PHP Blue Dragon | SQL-Injection vulnerability in PHP Blue Dragon PHP Blue Dragon CMS 3.0 SQL injection vulnerability in index.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a "print articles" action. | 7.5 |
2007-08-17 | CVE-2007-4390 | Bluecat Networks | Permissions, Privileges, and Access Controls vulnerability in Bluecat Networks Adonis 5.0.2.8 The Command Line Interface (CLI), aka Adonis Administration Console, on the BlueCat Networks Adonis DNS/DHCP appliance 5.0.2.8 allows local admin users to gain root privileges on the underlying operating system via shell metacharacters in a command. | 7.2 |
2007-08-16 | CVE-2007-4380 | Symantec | Local Privilege Escalation vulnerability in Symantec Altiris Deployment Solution Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8.378) allows local users to gain local System privileges via the Log File Viewer. | 7.2 |
2007-08-15 | CVE-2007-4355 | IBM | Local Buffer Overflow vulnerability in IBM AIX 5.3 Buffer overflow in the at program on IBM AIX 5.3 allows local users to gain privileges via unspecified vectors. | 7.2 |
2007-08-15 | CVE-2007-4354 | IBM | Buffer Overflow vulnerability in IBM AIX Fileplace Command Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. | 7.2 |
90 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-08-18 | CVE-2007-4276 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Universal Database Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows attackers to execute arbitrary code via a long DASPROF and possibly other environment variables, which are copied into the buildDasPaths buffer. | 6.9 |
2007-08-18 | CVE-2007-4275 | IBM | Multiple Unspecified vulnerability in IBM DB2 Universal Database Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain privileges via certain vectors related to (1) DB2 instance or FMP startup on Linux and Solaris; (2) exec of executables while running as root on non-Windows systems, as demonstrated by AIX; and unspecified vectors involving (3) db2licm and (4) db2pd. | 6.9 |
2007-08-18 | CVE-2007-4270 | IBM | Multiple Unspecified vulnerability in IBM DB2 Universal Database Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files. | 6.9 |
2007-08-15 | CVE-2007-4353 | IBM | Buffer Overflow vulnerability in IBM AIX Configuration Commands Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in the system group to gain root privileges via unspecified vectors involving the (1) chpath, (2) rmpath, and (3) devinstall programs in bos.rte.methods. | 6.9 |
2007-08-13 | CVE-2007-4315 | AMD ATI Microsoft | Permissions, Privileges, and Access Controls vulnerability in multiple products The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows local users to bypass the driver signing policy, write to arbitrary kernel memory locations, and thereby gain privileges via unspecified vectors, as demonstrated by "Purple Pill". | 6.9 |
2007-08-18 | CVE-2007-4415 | Cisco | Local Privilege Escalation vulnerability in Cisco VPN Client 5.0.01.0600 Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe. | 6.8 |
2007-08-18 | CVE-2007-4414 | Cisco | Local Privilege Escalation vulnerability in Cisco VPN Client for Windows Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box. | 6.8 |
2007-08-18 | CVE-2007-4403 | Mirc | Permissions, Privileges, and Access Controls vulnerability in Mirc Plug-In for Winamp The mIRC Control Plug-in for Winamp allows user-assisted remote attackers to execute arbitrary code via the '|' (pipe) shell metacharacter in the name of the song in a .mp3 file. | 6.8 |
2007-08-18 | CVE-2007-4402 | Mirc | Remote Security vulnerability in Mirc 2.49 Multiple unspecified scripts in mIRC allow user-assisted remote attackers to execute arbitrary code via the '|' (pipe) shell metacharacter in the name of the song in a .mp3 file. | 6.8 |
2007-08-18 | CVE-2007-4401 | Mirc | Unspecified vulnerability in Mirc Advanced Integration Plugin Multiple CRLF injection vulnerabilities in the Advanced mIRC Integration Plugin and possibly other unspecified scripts in mIRC allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. | 6.8 |
2007-08-18 | CVE-2007-4400 | Konversation | Unspecified vulnerability in Konversation CRLF injection vulnerability in the included media script in Konversation allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. | 6.8 |
2007-08-18 | CVE-2007-4399 | Irssi | Unspecified vulnerability in Irssi 0.8.10Rc5 CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. | 6.8 |
2007-08-18 | CVE-2007-4397 | Irssi Kristof Korwisi Mikachu Ricardo Mesquita Simon Tuomas Jormola | Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. | 6.8 |
2007-08-17 | CVE-2007-4385 | Owasp | Unspecified vulnerability in Owasp Stinger OWASP Stinger before 2.5 allows remote attackers to bypass input validation routines by using multipart encoded requests instead of form-urlencoded requests. | 6.8 |
2007-08-17 | CVE-2007-4384 | Stephane Pineau | Remote File Include vulnerability in Stephane Pineau Vote 1C Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in Stephane Pineau VOTE 1c allow remote attackers to execute arbitrary PHP code via a URL in the (1) NomVote and (2) FilePalHex parameters. | 6.8 |
2007-08-16 | CVE-2007-4378 | Rndlabs | Multiple vulnerability in RndLabs Babo Violent 2 Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and earlier allow remote attackers to execute arbitrary code via format string specifiers in (1) a message or (2) certain data associated with an admin login. | 6.8 |
2007-08-16 | CVE-2007-4376 | Szymon Kosok | Unspecified vulnerability in Szymon Kosok Best TOP List Unrestricted file upload vulnerability in banner-upload.php in Szymon Kosok Best Top List allows remote attackers to upload and execute arbitrary PHP files in banners/. | 6.8 |
2007-08-16 | CVE-2007-4373 | Rndlabs | Security Bypass vulnerability in Babo Violent The server in Babo Violent 2 2.08.00 and earlier does not properly implement password protection, which might allow remote attackers to bypass authentication by reconnecting after a connection closes. | 6.8 |
2007-08-16 | CVE-2007-4091 | Rsync | Buffer Overflow vulnerability in Rsync 2.6.9 Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function. | 6.8 |
2007-08-15 | CVE-2007-4371 | Hotscripts | File-Upload vulnerability in Hotscripts Neuron Blog 1.1 Unrestricted file upload vulnerability in admin/pages/blog-add.php in Neuron Blog 1.1 allows remote attackers to upload and execute arbitrary PHP files in uploads/. | 6.8 |
2007-08-15 | CVE-2007-4362 | Prozilla | SQL Injection vulnerability in Prozilla Webring Website Script Category.PHP SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 6.8 |
2007-08-15 | CVE-2007-4359 | Skilmatch Staffing Systems | SQL Injection vulnerability in SkilMatch Systems JobLister3 Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems JobLister3 allow remote attackers to execute arbitrary SQL commands via (1) the search form or (2) the jobid parameter to index.php in a showbyID action. | 6.8 |
2007-08-15 | CVE-2007-0319 | Motive Incorporated | Remote Code Execution vulnerability in Motive Incorporated Self Service Manager and Service Activation Manager Multiple stack-based buffer overflows in the Motive ActiveEmailTest.EmailData (ActiveUtils EmailData) ActiveX control in ActiveUtils.dll in Motive Service Activation Manager 5.1 and Self Service Manager 5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors. | 6.8 |
2007-08-14 | CVE-2007-3891 | Microsoft | Remote Code Execution vulnerability in Windows Vista Weather Gadget Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes. | 6.8 |
2007-08-14 | CVE-2007-3032 | Microsoft | Remote Code Execution vulnerability in Windows Vista Contacts Gadget Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported. | 6.8 |
2007-08-14 | CVE-2007-0943 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers. | 6.8 |
2007-08-14 | CVE-2007-4330 | Mapos Scripts | Remote File Include vulnerability in Mapos Scripts Shoutbox 1.0 PHP remote file inclusion vulnerability in shoutbox.php in Shoutbox 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | 6.8 |
2007-08-14 | CVE-2007-4329 | Mapos Scripts | Remote File Include vulnerability in Mapos Scripts web News 1.1 Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) news.php, or (3) feed.php. | 6.8 |
2007-08-14 | CVE-2007-4328 | Mapos Scripts | Code Injection vulnerability in Mapos Scripts Bilder Galerie 1.0/1.1 Multiple PHP remote file inclusion vulnerabilities in Mapos Bilder Galerie 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) galerie.php, or (3) anzagien.php. | 6.8 |
2007-08-14 | CVE-2007-4327 | Mapos Scripts | Remote File Include vulnerability in Mapos Scripts File Uploader 1.1 Multiple PHP remote file inclusion vulnerabilities in File Uploader 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php or (2) datei.php. | 6.8 |
2007-08-14 | CVE-2007-4326 | Mapos Scripts | Remote Security vulnerability in Mapos Scripts Bilder Uploader 1.3 Multiple PHP remote file inclusion vulnerabilities in Bilder Uploader 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) gruppen.php, (2) bild.php, (3) feed.php, (4) mitglieder.php, (5) online.php, (6) profil.php, and possibly other unspecified PHP scripts. | 6.8 |
2007-08-14 | CVE-2007-4325 | Mapos Scripts | Remote File Include vulnerability in Mapos Scripts Gaestebuch 1.5 PHP remote file inclusion vulnerability in index.php in Gaestebuch 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter. | 6.8 |
2007-08-14 | CVE-2007-4323 | Denyhosts | Remote Denial of Service vulnerability in Denyhosts 2.6 DenyHosts 2.6 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6301. | 6.8 |
2007-08-14 | CVE-2007-4322 | AC Zoom | Denial-Of-Service vulnerability in AC Zoom Blockhosts 2.0.4 BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) vsftpd log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by connecting through ssh with a client protocol version identification containing an IP address string, or connecting through ftp with a username containing an IP address string, different vectors than CVE-2007-2765. | 6.8 |
2007-08-14 | CVE-2007-4321 | Fail2Ban | Remote Denial of Service vulnerability in Fail2Ban 0.8 fail2ban 0.8 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6302. | 6.8 |
2007-08-13 | CVE-2007-4314 | Pixlie | Denial-Of-Service vulnerability in Pixlie 1.7 pixlie.php in Pixlie 1.7 allows remote attackers to trigger the reading and JPEG image processing of files in a remote directory tree via a URL in the root parameter. | 6.8 |
2007-08-13 | CVE-2007-4313 | PHP Blue Dragon | Input Validation vulnerability in PHP Blue Dragon PHP Blue Dragon CMS 3.0 PHP remote file inclusion vulnerability in public_includes/pub_blocks/activecontent.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter, a different vector than CVE-2006-2392, CVE-2006-3076, and CVE-2006-6958. | 6.8 |
2007-08-13 | CVE-2007-2956 | Pfstools Qtpfsgui | Stack-based buffer overflow in the readRadianceHeader function in (1) src/fileformat/rgbeio.cpp in pfstools 1.6.2 and (2) src/Fileformat/rgbeio.cpp in Qtpfsgui 1.8.11 allows remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file. | 6.8 |
2007-08-18 | CVE-2007-4407 | Universal Ircd | Remote vulnerability in Universal Ircd Server ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops privilege on an unused channel (zannel), which allows remote attackers to (1) set or remove certain channel modes via a "netriding" attack or (2) take over a channel by joining an unlinked server with the A/Upass and then setting a new Apass. | 6.4 |
2007-08-13 | CVE-2007-4305 | Netbsd Openbsd Sysjail Systrace Todd Miller | System Call Wrappers Concurrency vulnerability in Systrace Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing. | 6.2 |
2007-08-13 | CVE-2007-4304 | Freebsd Cerb | Local Security vulnerability in CerbNG CerbNG for FreeBSD 4.8 does not properly implement VM protection when attempting to prevent system call wrapper races, which allows local users to have an unknown impact related to an "incorrect write protection of pages". | 6.2 |
2007-08-13 | CVE-2007-4303 | Freebsd Cerb | System Call Wrappers Concurrency vulnerability in CerbNG Multiple race conditions in (1) certain rules and (2) argument copying during VM protection, in CerbNG for FreeBSD 4.8 allow local users to defeat system call interposition and possibly gain privileges or bypass auditing, as demonstrated by modifying command lines in log-exec.cb. | 6.2 |
2007-08-13 | CVE-2007-4302 | Freshmeat | System Call Wrappers Concurrency vulnerability in Freshmeat Generic Software Wrappers Toolkit 1.6.3 Multiple race conditions in certain system call wrappers in Generic Software Wrappers Toolkit (GSWTK) allow local users to defeat system call interposition and possibly gain privileges or bypass auditing. | 6.2 |
2007-08-18 | CVE-2007-4417 | IBM | Multiple Unspecified vulnerability in IBM DB2 Universal Database IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not properly revoke privileges on methods, which allows remote authenticated users to execute a method after revocation until the routine auth cache is flushed. | 6.0 |
2007-08-18 | CVE-2007-4410 | Universal Ircd | Remote vulnerability in Universal Ircd Server ircu 2.10.12.05 and earlier does not properly synchronize a kick action in certain cross scenarios, which allows remote authenticated operators to prevent later kick or de-op actions from non-local ops. | 6.0 |
2007-08-17 | CVE-2007-4386 | Getmyownarcade | SQL Injection vulnerability in GetMyOwnArcade Search.PHP SQL injection vulnerability in search.php in GetMyOwnArcade allows remote attackers to execute arbitrary SQL commands via the query parameter. | 6.0 |
2007-08-16 | CVE-2007-4377 | Netwin | Remote Buffer Overflow vulnerability in Netwin Surgemail 38K Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. | 6.0 |
2007-08-13 | CVE-2007-3851 | Linux Intel | Resource Management Errors vulnerability in Linux Kernel The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer. | 6.0 |
2007-08-16 | CVE-2007-4375 | Diskeeper | Remote Information Disclosure vulnerability in Diskeeper 2007/9 The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address. | 5.8 |
2007-08-15 | CVE-2007-2929 | Lenovo | Multiple vulnerability in Lenovo Access Support and Automated Solutions The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code. | 5.8 |
2007-08-15 | CVE-2007-2928 | Lenovo | Multiple vulnerability in Lenovo Access Support and Automated Solutions Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data. | 5.8 |
2007-08-15 | CVE-2007-2240 | Lenovo | Multiple vulnerability in Lenovo Access Support and Automated Solutions The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download. | 5.8 |
2007-08-14 | CVE-2007-4337 | Streamripper | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Streamripper Multiple buffer overflows in the httplib_parse_sc_header function in lib/http.c in Streamripper before 1.62.2 allow remote attackers to execute arbitrary code via long (1) Location and (2) Server HTTP headers, a different vulnerability than CVE-2006-3124. | 5.8 |
2007-08-18 | CVE-2007-4418 | IBM | Multiple Unspecified vulnerability in IBM DB2 Universal Database IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, which allows remote authenticated users with a certain SELECT privilege to have an unknown impact via unspecified vectors. | 5.5 |
2007-08-18 | CVE-2007-4409 | Universal Ircd | Remote vulnerability in Universal Ircd Server Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote attackers to set a new Apass during a netburst by arranging for ops privilege to be granted before the mode arrives. | 5.1 |
2007-08-18 | CVE-2007-4423 | IBM | Buffer Errors vulnerability in IBM DB2 Universal Database 8.0/9.0/9.1 Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a denial of service and possibly execute arbitrary code via a long argument. | 5.0 |
2007-08-18 | CVE-2007-4408 | Universal Ircd | Remote vulnerability in Universal Ircd Server ircu 2.10.12.05 and earlier ignores timestamps in bounces, which allows remote attackers to take over a channel during a netjoin by causing a bounce while a server with an older version of the channel is linking. | 5.0 |
2007-08-17 | CVE-2007-4382 | Counterpath | Denial of Service vulnerability in Counterpath X-Lite 3.0 CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header. | 5.0 |
2007-08-15 | CVE-2007-4369 | Sote | Local File Include vulnerability in SOTEeSKLEP _Files Directory traversal vulnerability in go/_files in SOTEeSKLEP before 4.0 allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-08-15 | CVE-2007-4366 | Wengo | Denial of Service vulnerability in Wengo Wengophone 2.1 WengoPhone 2.1 allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header. | 5.0 |
2007-08-15 | CVE-2007-4357 | Mozilla | Remote Security vulnerability in Firefox Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof the contents of the status bar via a link to a data: URI containing an encoded URL. | 5.0 |
2007-08-14 | CVE-2007-4335 | Qbik | Remote Denial Of Service vulnerability in WinGate SMTP Session Invalid State Format string vulnerability in the SMTP server component in Qbik WinGate 5.x and 6.x before 6.2.2 allows remote attackers to cause a denial of service (service crash) via format string specifiers in certain unexpected commands, which trigger a crash during error logging. | 5.0 |
2007-08-14 | CVE-2007-4324 | Adobe | Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. | 5.0 |
2007-08-18 | CVE-2007-4273 | IBM | USE of Externally-Controlled Format String vulnerability in IBM DB2 Universal Database IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the (1) OSSEMEMDBG or (2) TRC_LOG_FILE environment variable in db2licd (db2licm). | 4.6 |
2007-08-17 | CVE-2007-4393 | Suse | Unspecified vulnerability in Suse Linux The installation script for orarun on SUSE Linux before 20070810 places the oracle user into the disk group, which allows the local oracle user to read or write raw disk partitions. | 4.6 |
2007-08-18 | CVE-2007-4424 | Apple | Remote Security vulnerability in Safari For Windows Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. | 4.3 |
2007-08-18 | CVE-2007-4411 | Universal Ircd | Remote vulnerability in Universal Ircd Server ircu 2.10.12.05 and earlier allows remote attackers to discover the hidden IP address of arbitrary +x users via a series of /silence commands with (1) CIDR mask arguments or (2) certain other arguments that represent groups of IP addresses, then monitoring CTCP ping replies. | 4.3 |
2007-08-17 | CVE-2007-4392 | Nullsoft | Denial-Of-Service vulnerability in Nullsoft Winamp 5.35 Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself. | 4.3 |
2007-08-17 | CVE-2007-4387 | 2Wire | Cross-Site Request Forgery vulnerability in 1701Hg Router Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators. | 4.3 |
2007-08-16 | CVE-2007-4379 | Rndlabs | Multiple vulnerability in RndLabs Babo Violent 2 Babo Violent 2 2.08.00 and earlier allows remote attackers to cause a denial of service (application crash) via (1) a value greater than 0x27 for the (a) 0xca, (b) 0xcb, (c) 0xcc, (d) 0xce, (e) 0xcf, or (f) 0xd0 data ID; (2) a nonexistent map name; or (3) a UDP packet that specifies a large data size. | 4.3 |
2007-08-15 | CVE-2007-4365 | Exv2 | Cross-Site Scripting vulnerability in Content Management System Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a set_lang cookie to an unspecified component. | 4.3 |
2007-08-15 | CVE-2007-4363 | Drupal | HTML-injection vulnerability in Drupal Content Construction KIT 4.7/5.2 Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module. | 4.3 |
2007-08-15 | CVE-2007-4360 | Dell | Remote Access Card 4/P SSH Remote Denial Of Service vulnerability in Dell Remote Access Card 4 Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with firmware 1.50 Build 02.16 allows remote attackers to cause a denial of service (SSH daemon crash) via certain network traffic, as demonstrated by an "nmap -O" scan with nmap 4.03, possibly related to a Mocana (Mocanada) SSH vulnerability. | 4.3 |
2007-08-15 | CVE-2007-4358 | Zoidcom | Denial of Service vulnerability in Zoidcom 0.6.5/0.6.7 Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of service (application crash) via a JOIN packet (aka connection packet) containing 0x69 in the ninth byte, which triggers a "double-delete" of trace data, a different vulnerability than CVE-2005-1643. | 4.3 |
2007-08-14 | CVE-2007-3386 | Apache | Cross-Site Scripting vulnerability in Apache Tomcat Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action. | 4.3 |
2007-08-14 | CVE-2007-3033 | Microsoft | Cross-Site Scripting vulnerability in Microsoft Windows Vista Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone. | 4.3 |
2007-08-14 | CVE-2007-4336 | Microsoft | Buffer Overflow vulnerability in Microsoft Directx Media 6.0 Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value. | 4.3 |
2007-08-14 | CVE-2007-4334 | PHP Stats | Cross-Site Scripting vulnerability in PHP-Stats 0.1.9.2 Cross-site scripting (XSS) vulnerability in whois.php in Php-stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the IP parameter. | 4.3 |
2007-08-14 | CVE-2007-4333 | Article Dashboard | Cross-Site Scripting vulnerability in Article Dashboard Multiple cross-site scripting (XSS) vulnerabilities in signup.php in Article Dashboard allow remote attackers to inject arbitrary web script or HTML via the (1) f_emailaddress, (2) f_reemailaddress, and other unspecified parameters. | 4.3 |
2007-08-14 | CVE-2007-4331 | CTW Design | Cross-Site Scripting vulnerability in Findnix PHP remote file inclusion vulnerability in index.php in FindNix allows remote attackers to include the contents of arbitrary URLs and conduct cross-site scripting (XSS) attacks via a URL in the page parameter. | 4.3 |
2007-08-13 | CVE-2007-4318 | Zyxel | Cross-Site Scripting vulnerability in Zyxel Zynos and Zywall 2 Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter. | 4.3 |
2007-08-13 | CVE-2007-4317 | Zyxel | Remote vulnerability in Zyxel Zynos and Zywall 2 Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allow remote attackers to perform certain actions as administrators, as demonstrated by a request to Forms/General_1 with the (1) sysSystemName and (2) sysDomainName parameters. | 4.3 |
2007-08-13 | CVE-2007-4316 | Zyxel | Remote Security vulnerability in Zyxel Zynos and Zywall 2 The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device has a certain default password, which allows remote attackers to perform administrative actions. | 4.3 |
2007-08-13 | CVE-2007-4310 | SUN | Remote Security vulnerability in SUN Sunos 5.7/5.8/5.9 The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows remote attackers to list all accounts that have certain nonstandard GECOS fields via a request composed of a single digit, as demonstrated by a "finger 9@host" command, a different vulnerability than CVE-2001-1503. | 4.3 |
2007-08-13 | CVE-2007-4307 | Storesprite | Cross-Site Scripting vulnerability in Storesprite 7 Multiple cross-site scripting (XSS) vulnerabilities in Storesprite 7 and earlier allow remote attackers to inject arbitrary web script or HTML via the next parameter to (1) addaddress.php, (2) editshipdetails.php, (3) register.php, or (4) login.php in secure/. | 4.3 |
2007-08-13 | CVE-2007-4306 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPmyadmin 2.10.3 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the (1) unlim_num_rows, (2) sql_query, or (3) pos parameter to (a) tbl_export.php; the (4) session_max_rows or (5) pos parameter to (b) sql.php; the (6) username parameter to (c) server_privileges.php; or the (7) sql_query parameter to (d) main.php. | 4.3 |
2007-08-13 | CVE-2007-4301 | Webcart | Cross-Site Scripting vulnerability in Webcart 2.20/2.25 Multiple cross-site scripting (XSS) vulnerabilities in the management interface in WebCart 2.20 through 2.25 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-08-16 | CVE-2007-4374 | Rndlabs | Remote Security vulnerability in Babo Violent Babo Violent 2 2.08.00 does not validate the sender field of a chat message composed by a client, which allows remote authenticated users to spoof messages. | 4.0 |
2007-08-14 | CVE-2007-3037 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows Media Player Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins." | 4.0 |
2007-08-13 | CVE-2007-4319 | Zyxel | Remote vulnerability in Zyxel Zynos and Zywall 2 The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to cause a denial of service (infinite reboot loop) via invalid configuration data. | 4.0 |
8 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-08-18 | CVE-2007-4413 | Headstart Solutions | Remote Security vulnerability in Headstart Solutions Deskpro 3.0.2 Direct static code injection vulnerability in admincp/user_help.php in Headstart Solutions DeskPRO 3.0.2 allows remote authenticated users to inject arbitrary PHP code into an unspecified file via a new_entry value in the do parameter. | 3.5 |
2007-08-18 | CVE-2007-4412 | Headstart Solutions | HTML Injection vulnerability in Headstart Solutions Deskpro 3.0.2 Multiple cross-site scripting (XSS) vulnerabilities in Headstart Solutions DeskPRO 3.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (1) techs.php, (2) ticket_category.php, (3) ticket_priority.php, (4) ticket_workflow.php, (5) ticket_escalate.php, (6) fields_ticket.php, (7) ticket_rules_web.php, (8) ticket_displayfields.php, (9) ticket_rules_mail.php, (10) fields_user.php, (11) fields_faq.php, and (12) user_help.php, in (a) admincp/ and (b) possibly a directory on the "User side." | 3.5 |
2007-08-13 | CVE-2007-4309 | IBM | Remote Security vulnerability in Lotus Notes IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by setting the notes.ini (1) KFM_ShowEntropy and (2) Debug_Outfile debug variables, a different vulnerability than CVE-2005-2696. | 3.5 |
2007-08-18 | CVE-2007-4271 | IBM | Path Traversal vulnerability in IBM DB2 Universal Database Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. | 2.1 |
2007-08-17 | CVE-2007-4394 | Novell Suse | Local Security vulnerability in Linux Desktop Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors. | 2.1 |
2007-08-18 | CVE-2007-4272 | IBM | Multiple Unspecified vulnerability in IBM DB2 Universal Database Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to create arbitrary files via (1) unspecified vectors where an attacker's umask is honored, (2) /etc/ld.so.preload, (3) certain "cron data file locations", and other unspecified vectors possibly involving the (4) OSSEMEMDBG or (5) TRC_LOG_FILE environment variable in db2licd (db2licm). | 1.9 |
2007-08-14 | CVE-2007-3848 | Linux | Unspecified vulnerability in Linux Kernel Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG). | 1.9 |
2007-08-13 | CVE-2007-4308 | Linux Adaptec | Local Security Bypass vulnerability in Linux Kernel AACRAID Driver The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges. | 1.9 |