Weekly Vulnerabilities Reports > August 13 to 19, 2007

Overview

147 new vulnerabilities reported during this period, including 22 critical vulnerabilities and 21 high severity vulnerabilities. This weekly summary report vulnerabilities in 130 products from 90 vendors including Microsoft, IBM, Universal Ircd, Mapos Scripts, and Linux. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Code Injection", "Information Exposure", and "Cross-site Scripting".

  • 123 reported vulnerabilities are remotely exploitables.
  • 14 reported vulnerabilities have public exploit available.
  • 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 133 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 18 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 10 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

22 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-08-18 CVE-2007-4416 Jemjabella Unspecified vulnerability in Jemjabella Bellabook

** DISPUTED ** captcha.php in BellaBook (aka BellaBuffs) allows remote attackers to obtain administrative privileges by sending the admin's username (admin_name) in a pheap_login cookie.

10.0
2007-08-17 CVE-2007-4388 2Wire Remote Security vulnerability in 1701Hg Router

2wire 1701HG and 2071 Gateway routers, with 5.29.51 and possibly 3.17.5 software, have a blank password by default.

10.0
2007-08-16 CVE-2007-4372 Microsoft
Netwin
Remote Security vulnerability in Netwin Surgemail 38K

Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors.

10.0
2007-08-15 CVE-2007-4361 Netgear Remote SSH Backdoor vulnerability in Netgear Readynas Raidiator 3.01C1P1/3.01C1P6

NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access.

10.0
2007-08-14 CVE-2007-4338 Haudenschilt Permissions, Privileges, and Access Controls vulnerability in Haudenschilt Family Connections CMS

index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie.

10.0
2007-08-18 CVE-2007-4422 Symantec Unspecified vulnerability in Symantec Enterprise Firewall 6

The login interface in Symantec Enterprise Firewall 6.x, when a VPN with pre-shared key (PSK) authentication is enabled, generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.

9.3
2007-08-18 CVE-2007-4421 Olate SQL Injection vulnerability in Olate Olatedownload 3.4.1

SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie.

9.3
2007-08-18 CVE-2007-4420 Edraw Path Traversal vulnerability in Edraw Office Viewer Component 5.1

Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability than CVE-2007-3168 and CVE-2007-3169.

9.3
2007-08-18 CVE-2007-4419 Olate Improper Authentication vulnerability in Olate Olatedownload 3.4.1

Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area.

9.3
2007-08-18 CVE-2007-4396 Irssi Unspecified vulnerability in Irssi

Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi before 0.8.11 allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

9.3
2007-08-17 CVE-2007-4391 Yahoo Improper Input Validation vulnerability in Yahoo Messenger 8.1.0.413

Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then injecting a DLL into the attacker's peer Yahoo! Messenger application when this request is accepted.

9.3
2007-08-17 CVE-2007-4381 SUN Remote Privilege Escalation vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.

9.3
2007-08-15 CVE-2007-4367 Opera Software Remote Code Execution vulnerability in Opera Web Browser Invalid Pointer

Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer."

9.3
2007-08-15 CVE-2007-4356 Microsoft Security Bypass vulnerability in Microsoft IE 6/7

Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) .html, or (3) .mht file.

9.3
2007-08-14 CVE-2007-1749 Microsoft Remote Buffer Overflow vulnerability in Microsoft IE 5.01/6/7

Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow.

9.3
2007-08-14 CVE-2007-0948 Microsoft Heap Overflow vulnerability in Microsoft Virtual PC and Virtual Server

Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."

9.3
2007-08-14 CVE-2007-3890 Microsoft Remote Code Execution vulnerability in Microsoft Excel and Office

Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.

9.3
2007-08-14 CVE-2007-3041 Microsoft Remote Code Execution vulnerability in Microsoft IE 5.01/6/7

Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Object Memory Corruption Vulnerability."

9.3
2007-08-14 CVE-2007-3034 Microsoft Numeric Errors vulnerability in Microsoft products

Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.

9.3
2007-08-14 CVE-2007-2224 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Office and Visual Basic

Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.

9.3
2007-08-14 CVE-2007-2223 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft XML Core Services

Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.

9.3
2007-08-14 CVE-2007-2216 Microsoft Configuration vulnerability in Microsoft IE 5.01/6/7

The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll property to call the DLLGetDocumentation function in another DLL file, aka "ActiveX Object Vulnerability."

9.3

21 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-08-15 CVE-2007-4364 Fedoraproject Improper Authentication vulnerability in Fedoraproject Commons

Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain "unexpected / strange response" from an LDAP server, and (2) a reauthentication attempt that throws an exception, which allows remote attackers to trigger use of a cached authentication decision.

8.5
2007-08-18 CVE-2007-4405 Universal Ircd Remote vulnerability in Universal Ircd Server

ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by creating a large number of unused channels (zannels).

7.8
2007-08-18 CVE-2007-4404 Universal Ircd Remote vulnerability in Universal Ircd Ircu 2.10.12.01

ircu 2.10.12.01 allows remote attackers to (1) cause a denial of service (flood wallops) by joining two channels with certain long names that differ in the final character, which triggers a protocol violation and (2) cause a denial of service (daemon crash) via a "J 0:#channel" message on a channel without an apass; and (3) allows remote authenticated operators to cause a denial of service (daemon crash) via a remote "names -D" command.

7.8
2007-08-17 CVE-2007-4389 2Wire Cross-Site Request Forgery vulnerability in 2Wire Routers

Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG, 1800HW, and 2071 Gateway routers, with 3.17.5, 3.7.1, and 5.29.51 software, allows remote attackers to create DNS mappings as administrators, and conduct DNS poisoning attacks, via the NAME and ADDR parameters.

7.8
2007-08-17 CVE-2007-4395 SUN Remote Privilege Escalation vulnerability in SUN Sunos 5.8

Multiple unspecified vulnerabilities in the Role Based Access Control (RBAC) functionality in Sun Solaris 8 allow remote attackers who know the password for a role to gain privileges via that role.

7.6
2007-08-14 CVE-2007-3035 Microsoft Remote Skin Header Code Execution vulnerability in Microsoft Windows Media Player

Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins."

7.6
2007-08-18 CVE-2007-4406 Universal Ircd Remote vulnerability in Universal Ircd Server

ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after a join from a server with an older timestamp (TS), which allows remote attackers to gain control of a channel during a split.

7.5
2007-08-15 CVE-2007-4370 Racer Remote Buffer Overflow vulnerability in Racer 0.5.3

Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbitrary code via a long string to UDP port 26000.

7.5
2007-08-15 CVE-2007-4368 IBM SQL Injection vulnerability in IBM Rational Clearquest 7.0.0.0/7.0.0.1

SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command.

7.5
2007-08-15 CVE-2007-4278 Esri Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Esri Arcgis

Stack-based buffer overflow in the giomgr process in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number that requires more than 8 bytes to represent in ASCII, which triggers the overflow in an sprintf function call.

7.5
2007-08-14 CVE-2007-4342 Phpcentral Code Injection vulnerability in PHPcentral Login 1.0

PHP remote file inclusion vulnerability in include.php in PHPCentral Login 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter.

7.5
2007-08-14 CVE-2007-4341 Omnistar Remote File Include vulnerability in Omnistar Lib2 PHP Library 0.2

PHP remote file inclusion vulnerability in adm/my_statistics.php in Omnistar Lib2 PHP 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.

7.5
2007-08-14 CVE-2007-4340 Phpdvd Remote Security vulnerability in PHPdvd 1.0.4

PHP remote file inclusion vulnerability in index.php in phpDVD 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the dvd_config_file parameter.

7.5
2007-08-14 CVE-2007-4339 Phpcentral Code Injection vulnerability in PHPcentral Poll Script 1.0

Multiple PHP remote file inclusion vulnerabilities in PHPCentral Poll Script 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter in (1) poll.php and (2) pollarchive.php.

7.5
2007-08-14 CVE-2007-4332 Article Dashboard Input Validation vulnerability in Article Dashboard

SQL injection vulnerability in article.php in Article Dashboard, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action.

7.5
2007-08-14 CVE-2007-4320 Ncaster Remote File Include vulnerability in Ncaster 1.7.2

PHP remote file inclusion vulnerability in admin/addons/archive/archive.php in Ncaster 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter.

7.5
2007-08-13 CVE-2007-4312 PHP Blue Dragon SQL-Injection vulnerability in PHP Blue Dragon PHP Blue Dragon CMS 3.0

SQL injection vulnerability in index.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a "print articles" action.

7.5
2007-08-17 CVE-2007-4390 Bluecat Networks Permissions, Privileges, and Access Controls vulnerability in Bluecat Networks Adonis 5.0.2.8

The Command Line Interface (CLI), aka Adonis Administration Console, on the BlueCat Networks Adonis DNS/DHCP appliance 5.0.2.8 allows local admin users to gain root privileges on the underlying operating system via shell metacharacters in a command.

7.2
2007-08-16 CVE-2007-4380 Symantec Local Privilege Escalation vulnerability in Symantec Altiris Deployment Solution

Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8.378) allows local users to gain local System privileges via the Log File Viewer.

7.2
2007-08-15 CVE-2007-4355 IBM Local Buffer Overflow vulnerability in IBM AIX 5.3

Buffer overflow in the at program on IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.

7.2
2007-08-15 CVE-2007-4354 IBM Buffer Overflow vulnerability in IBM AIX Fileplace Command

Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.

7.2

96 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-08-18 CVE-2007-4276 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Universal Database

Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows attackers to execute arbitrary code via a long DASPROF and possibly other environment variables, which are copied into the buildDasPaths buffer.

6.9
2007-08-18 CVE-2007-4275 IBM Multiple Unspecified vulnerability in IBM DB2 Universal Database

Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain privileges via certain vectors related to (1) DB2 instance or FMP startup on Linux and Solaris; (2) exec of executables while running as root on non-Windows systems, as demonstrated by AIX; and unspecified vectors involving (3) db2licm and (4) db2pd.

6.9
2007-08-18 CVE-2007-4270 IBM Multiple Unspecified vulnerability in IBM DB2 Universal Database

Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files.

6.9
2007-08-15 CVE-2007-4353 IBM Buffer Overflow vulnerability in IBM AIX Configuration Commands

Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in the system group to gain root privileges via unspecified vectors involving the (1) chpath, (2) rmpath, and (3) devinstall programs in bos.rte.methods.

6.9
2007-08-13 CVE-2007-4315 AMD
ATI
Microsoft
Permissions, Privileges, and Access Controls vulnerability in multiple products

The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows local users to bypass the driver signing policy, write to arbitrary kernel memory locations, and thereby gain privileges via unspecified vectors, as demonstrated by "Purple Pill".

6.9
2007-08-18 CVE-2007-4415 Cisco Local Privilege Escalation vulnerability in Cisco VPN Client 5.0.01.0600

Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe.

6.8
2007-08-18 CVE-2007-4414 Cisco Local Privilege Escalation vulnerability in Cisco VPN Client for Windows

Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box.

6.8
2007-08-18 CVE-2007-4403 Mirc Permissions, Privileges, and Access Controls vulnerability in Mirc Plug-In for Winamp

The mIRC Control Plug-in for Winamp allows user-assisted remote attackers to execute arbitrary code via the '|' (pipe) shell metacharacter in the name of the song in a .mp3 file.

6.8
2007-08-18 CVE-2007-4402 Mirc Remote Security vulnerability in Mirc 2.49

Multiple unspecified scripts in mIRC allow user-assisted remote attackers to execute arbitrary code via the '|' (pipe) shell metacharacter in the name of the song in a .mp3 file.

6.8
2007-08-18 CVE-2007-4401 Mirc Unspecified vulnerability in Mirc Advanced Integration Plugin

Multiple CRLF injection vulnerabilities in the Advanced mIRC Integration Plugin and possibly other unspecified scripts in mIRC allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

6.8
2007-08-18 CVE-2007-4400 Konversation Unspecified vulnerability in Konversation

CRLF injection vulnerability in the included media script in Konversation allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

6.8
2007-08-18 CVE-2007-4399 Irssi Unspecified vulnerability in Irssi 0.8.10Rc5

CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

6.8
2007-08-18 CVE-2007-4398 Irssi Unspecified vulnerability in Irssi

Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.

6.8
2007-08-18 CVE-2007-4397 Irssi
Kristof Korwisi
Mikachu
Ricardo Mesquita
Simon
Tuomas Jormola
Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
6.8
2007-08-17 CVE-2007-4385 Owasp Unspecified vulnerability in Owasp Stinger

OWASP Stinger before 2.5 allows remote attackers to bypass input validation routines by using multipart encoded requests instead of form-urlencoded requests.

6.8
2007-08-17 CVE-2007-4384 Stephane Pineau Remote File Include vulnerability in Stephane Pineau Vote 1C

Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in Stephane Pineau VOTE 1c allow remote attackers to execute arbitrary PHP code via a URL in the (1) NomVote and (2) FilePalHex parameters.

6.8
2007-08-17 CVE-2007-4383 Trackeur Unspecified vulnerability in Trackeur 1

** DISPUTED ** PHP remote file inclusion vulnerability in tracking.php in Trackeur 1 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter.

6.8
2007-08-16 CVE-2007-4378 Rndlabs Multiple vulnerability in RndLabs Babo Violent 2

Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and earlier allow remote attackers to execute arbitrary code via format string specifiers in (1) a message or (2) certain data associated with an admin login.

6.8
2007-08-16 CVE-2007-4376 Szymon Kosok Unspecified vulnerability in Szymon Kosok Best TOP List

Unrestricted file upload vulnerability in banner-upload.php in Szymon Kosok Best Top List allows remote attackers to upload and execute arbitrary PHP files in banners/.

6.8
2007-08-16 CVE-2007-4373 Rndlabs Security Bypass vulnerability in Babo Violent

The server in Babo Violent 2 2.08.00 and earlier does not properly implement password protection, which might allow remote attackers to bypass authentication by reconnecting after a connection closes.

6.8
2007-08-16 CVE-2007-4091 Rsync Buffer Overflow vulnerability in Rsync 2.6.9

Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.

6.8
2007-08-15 CVE-2007-4371 Hotscripts File-Upload vulnerability in Hotscripts Neuron Blog 1.1

Unrestricted file upload vulnerability in admin/pages/blog-add.php in Neuron Blog 1.1 allows remote attackers to upload and execute arbitrary PHP files in uploads/.

6.8
2007-08-15 CVE-2007-4362 Prozilla SQL Injection vulnerability in Prozilla Webring Website Script Category.PHP

SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter.

6.8
2007-08-15 CVE-2007-4359 Skilmatch Staffing Systems SQL Injection vulnerability in SkilMatch Systems JobLister3

Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems JobLister3 allow remote attackers to execute arbitrary SQL commands via (1) the search form or (2) the jobid parameter to index.php in a showbyID action.

6.8
2007-08-15 CVE-2007-0319 Motive Incorporated Remote Code Execution vulnerability in Motive Incorporated Self Service Manager and Service Activation Manager

Multiple stack-based buffer overflows in the Motive ActiveEmailTest.EmailData (ActiveUtils EmailData) ActiveX control in ActiveUtils.dll in Motive Service Activation Manager 5.1 and Self Service Manager 5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors.

6.8
2007-08-14 CVE-2007-3891 Microsoft Remote Code Execution vulnerability in Windows Vista Weather Gadget

Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes.

6.8
2007-08-14 CVE-2007-3032 Microsoft Remote Code Execution vulnerability in Windows Vista Contacts Gadget

Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported.

6.8
2007-08-14 CVE-2007-0943 Microsoft Unspecified vulnerability in Microsoft IE 5.01/6.0

Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers.

6.8
2007-08-14 CVE-2007-4330 Mapos Scripts Remote File Include vulnerability in Mapos Scripts Shoutbox 1.0

PHP remote file inclusion vulnerability in shoutbox.php in Shoutbox 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.

6.8
2007-08-14 CVE-2007-4329 Mapos Scripts Remote File Include vulnerability in Mapos Scripts web News 1.1

Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) news.php, or (3) feed.php.

6.8
2007-08-14 CVE-2007-4328 Mapos Scripts Code Injection vulnerability in Mapos Scripts Bilder Galerie 1.0/1.1

Multiple PHP remote file inclusion vulnerabilities in Mapos Bilder Galerie 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) galerie.php, or (3) anzagien.php.

6.8
2007-08-14 CVE-2007-4327 Mapos Scripts Remote File Include vulnerability in Mapos Scripts File Uploader 1.1

Multiple PHP remote file inclusion vulnerabilities in File Uploader 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php or (2) datei.php.

6.8
2007-08-14 CVE-2007-4326 Mapos Scripts Remote Security vulnerability in Mapos Scripts Bilder Uploader 1.3

Multiple PHP remote file inclusion vulnerabilities in Bilder Uploader 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) gruppen.php, (2) bild.php, (3) feed.php, (4) mitglieder.php, (5) online.php, (6) profil.php, and possibly other unspecified PHP scripts.

6.8
2007-08-14 CVE-2007-4325 Mapos Scripts Remote File Include vulnerability in Mapos Scripts Gaestebuch 1.5

PHP remote file inclusion vulnerability in index.php in Gaestebuch 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter.

6.8
2007-08-14 CVE-2007-4323 Denyhosts Remote Denial of Service vulnerability in Denyhosts 2.6

DenyHosts 2.6 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6301.

6.8
2007-08-14 CVE-2007-4322 AC Zoom Denial-Of-Service vulnerability in AC Zoom Blockhosts 2.0.4

BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) vsftpd log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by connecting through ssh with a client protocol version identification containing an IP address string, or connecting through ftp with a username containing an IP address string, different vectors than CVE-2007-2765.

6.8
2007-08-14 CVE-2007-4321 Fail2Ban Remote Denial of Service vulnerability in Fail2Ban 0.8

fail2ban 0.8 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6302.

6.8
2007-08-13 CVE-2007-4314 Pixlie Denial-Of-Service vulnerability in Pixlie 1.7

pixlie.php in Pixlie 1.7 allows remote attackers to trigger the reading and JPEG image processing of files in a remote directory tree via a URL in the root parameter.

6.8
2007-08-13 CVE-2007-4313 PHP Blue Dragon Input Validation vulnerability in PHP Blue Dragon PHP Blue Dragon CMS 3.0

PHP remote file inclusion vulnerability in public_includes/pub_blocks/activecontent.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter, a different vector than CVE-2006-2392, CVE-2006-3076, and CVE-2006-6958.

6.8
2007-08-13 CVE-2007-4311 Linux Cryptographic Issues vulnerability in Linux Kernel

The xfer_secondary_pool function in drivers/char/random.c in the Linux kernel 2.4 before 2.4.35 performs reseed operations on only the first few bytes of a buffer, which might make it easier for attackers to predict the output of the random number generator, related to incorrect use of the sizeof operator.

6.8
2007-08-13 CVE-2007-2956 Pfstools
Qtpfsgui
Stack-based buffer overflow in the readRadianceHeader function in (1) src/fileformat/rgbeio.cpp in pfstools 1.6.2 and (2) src/Fileformat/rgbeio.cpp in Qtpfsgui 1.8.11 allows remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file.
6.8
2007-08-18 CVE-2007-4407 Universal Ircd Remote vulnerability in Universal Ircd Server

ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops privilege on an unused channel (zannel), which allows remote attackers to (1) set or remove certain channel modes via a "netriding" attack or (2) take over a channel by joining an unlinked server with the A/Upass and then setting a new Apass.

6.4
2007-08-13 CVE-2007-4305 Netbsd
Openbsd
Sysjail
Systrace
Todd Miller
System Call Wrappers Concurrency vulnerability in Systrace

Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.

6.2
2007-08-13 CVE-2007-4304 Freebsd
Cerb
Local Security vulnerability in CerbNG

CerbNG for FreeBSD 4.8 does not properly implement VM protection when attempting to prevent system call wrapper races, which allows local users to have an unknown impact related to an "incorrect write protection of pages".

6.2
2007-08-13 CVE-2007-4303 Freebsd
Cerb
System Call Wrappers Concurrency vulnerability in CerbNG

Multiple race conditions in (1) certain rules and (2) argument copying during VM protection, in CerbNG for FreeBSD 4.8 allow local users to defeat system call interposition and possibly gain privileges or bypass auditing, as demonstrated by modifying command lines in log-exec.cb.

6.2
2007-08-13 CVE-2007-4302 Freshmeat System Call Wrappers Concurrency vulnerability in Freshmeat Generic Software Wrappers Toolkit 1.6.3

Multiple race conditions in certain system call wrappers in Generic Software Wrappers Toolkit (GSWTK) allow local users to defeat system call interposition and possibly gain privileges or bypass auditing.

6.2
2007-08-18 CVE-2007-4417 IBM Multiple Unspecified vulnerability in IBM DB2 Universal Database

IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not properly revoke privileges on methods, which allows remote authenticated users to execute a method after revocation until the routine auth cache is flushed.

6.0
2007-08-18 CVE-2007-4410 Universal Ircd Remote vulnerability in Universal Ircd Server

ircu 2.10.12.05 and earlier does not properly synchronize a kick action in certain cross scenarios, which allows remote authenticated operators to prevent later kick or de-op actions from non-local ops.

6.0
2007-08-17 CVE-2007-4386 Getmyownarcade SQL Injection vulnerability in GetMyOwnArcade Search.PHP

SQL injection vulnerability in search.php in GetMyOwnArcade allows remote attackers to execute arbitrary SQL commands via the query parameter.

6.0
2007-08-16 CVE-2007-4377 Netwin Remote Buffer Overflow vulnerability in Netwin Surgemail 38K

Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command.

6.0
2007-08-13 CVE-2007-3851 Linux
Intel
Resource Management Errors vulnerability in Linux Kernel

The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer.

6.0
2007-08-16 CVE-2007-4375 Diskeeper Remote Information Disclosure vulnerability in Diskeeper 2007/9

The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address.

5.8
2007-08-15 CVE-2007-2929 Lenovo Multiple vulnerability in Lenovo Access Support and Automated Solutions

The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code.

5.8
2007-08-15 CVE-2007-2928 Lenovo Multiple vulnerability in Lenovo Access Support and Automated Solutions

Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data.

5.8
2007-08-15 CVE-2007-2240 Lenovo Multiple vulnerability in Lenovo Access Support and Automated Solutions

The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download.

5.8
2007-08-14 CVE-2007-4337 Streamripper Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Streamripper

Multiple buffer overflows in the httplib_parse_sc_header function in lib/http.c in Streamripper before 1.62.2 allow remote attackers to execute arbitrary code via long (1) Location and (2) Server HTTP headers, a different vulnerability than CVE-2006-3124.

5.8
2007-08-18 CVE-2007-4418 IBM Multiple Unspecified vulnerability in IBM DB2 Universal Database

IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, which allows remote authenticated users with a certain SELECT privilege to have an unknown impact via unspecified vectors.

5.5
2007-08-18 CVE-2007-4409 Universal Ircd Remote vulnerability in Universal Ircd Server

Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote attackers to set a new Apass during a netburst by arranging for ops privilege to be granted before the mode arrives.

5.1
2007-08-18 CVE-2007-4423 IBM Buffer Errors vulnerability in IBM DB2 Universal Database 8.0/9.0/9.1

Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a denial of service and possibly execute arbitrary code via a long argument.

5.0
2007-08-18 CVE-2007-4408 Universal Ircd Remote vulnerability in Universal Ircd Server

ircu 2.10.12.05 and earlier ignores timestamps in bounces, which allows remote attackers to take over a channel during a netjoin by causing a bounce while a server with an older version of the channel is linking.

5.0
2007-08-17 CVE-2007-4382 Counterpath Denial of Service vulnerability in Counterpath X-Lite 3.0

CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header.

5.0
2007-08-15 CVE-2007-4369 Sote Local File Include vulnerability in SOTEeSKLEP _Files

Directory traversal vulnerability in go/_files in SOTEeSKLEP before 4.0 allows remote attackers to read arbitrary files via a ..

5.0
2007-08-15 CVE-2007-4366 Wengo Denial of Service vulnerability in Wengo Wengophone 2.1

WengoPhone 2.1 allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header.

5.0
2007-08-15 CVE-2007-4357 Mozilla Remote Security vulnerability in Firefox

Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof the contents of the status bar via a link to a data: URI containing an encoded URL.

5.0
2007-08-14 CVE-2007-4335 Qbik Remote Denial Of Service vulnerability in WinGate SMTP Session Invalid State

Format string vulnerability in the SMTP server component in Qbik WinGate 5.x and 6.x before 6.2.2 allows remote attackers to cause a denial of service (service crash) via format string specifiers in certain unexpected commands, which trigger a crash during error logging.

5.0
2007-08-14 CVE-2007-4324 Adobe Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player

ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not.

5.0
2007-08-18 CVE-2007-4273 IBM USE of Externally-Controlled Format String vulnerability in IBM DB2 Universal Database

IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the (1) OSSEMEMDBG or (2) TRC_LOG_FILE environment variable in db2licd (db2licm).

4.6
2007-08-17 CVE-2007-4393 Suse Unspecified vulnerability in Suse Linux

The installation script for orarun on SUSE Linux before 20070810 places the oracle user into the disk group, which allows the local oracle user to read or write raw disk partitions.

4.6
2007-08-14 CVE-2007-3852 Sysstat Permissions, Privileges, and Access Controls vulnerability in Sysstat

The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.

4.4
2007-08-18 CVE-2007-4424 Apple Remote Security vulnerability in Safari For Windows

Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element.

4.3
2007-08-18 CVE-2007-4411 Universal Ircd Remote vulnerability in Universal Ircd Server

ircu 2.10.12.05 and earlier allows remote attackers to discover the hidden IP address of arbitrary +x users via a series of /silence commands with (1) CIDR mask arguments or (2) certain other arguments that represent groups of IP addresses, then monitoring CTCP ping replies.

4.3
2007-08-17 CVE-2007-4392 Nullsoft Denial-Of-Service vulnerability in Nullsoft Winamp 5.35

Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself.

4.3
2007-08-17 CVE-2007-4387 2Wire Cross-Site Request Forgery vulnerability in 1701Hg Router

Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire 1701HG and 2071 Gateway routers, with 3.17.5 and 5.29.51 software, allows remote attackers to perform certain configuration changes as administrators.

4.3
2007-08-16 CVE-2007-4379 Rndlabs Multiple vulnerability in RndLabs Babo Violent 2

Babo Violent 2 2.08.00 and earlier allows remote attackers to cause a denial of service (application crash) via (1) a value greater than 0x27 for the (a) 0xca, (b) 0xcb, (c) 0xcc, (d) 0xce, (e) 0xcf, or (f) 0xd0 data ID; (2) a nonexistent map name; or (3) a UDP packet that specifies a large data size.

4.3
2007-08-15 CVE-2007-4365 Exv2 Cross-Site Scripting vulnerability in Content Management System

Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a set_lang cookie to an unspecified component.

4.3
2007-08-15 CVE-2007-4363 Drupal HTML-injection vulnerability in Drupal Content Construction KIT 4.7/5.2

Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module.

4.3
2007-08-15 CVE-2007-4360 Dell Remote Access Card 4/P SSH Remote Denial Of Service vulnerability in Dell Remote Access Card 4

Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with firmware 1.50 Build 02.16 allows remote attackers to cause a denial of service (SSH daemon crash) via certain network traffic, as demonstrated by an "nmap -O" scan with nmap 4.03, possibly related to a Mocana (Mocanada) SSH vulnerability.

4.3
2007-08-15 CVE-2007-4358 Zoidcom Denial of Service vulnerability in Zoidcom 0.6.5/0.6.7

Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of service (application crash) via a JOIN packet (aka connection packet) containing 0x69 in the ninth byte, which triggers a "double-delete" of trace data, a different vulnerability than CVE-2005-1643.

4.3
2007-08-14 CVE-2007-3386 Apache Cross-Site Scripting vulnerability in Apache Tomcat

Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.

4.3
2007-08-14 CVE-2007-3385 Apache Information Exposure vulnerability in Apache Tomcat

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.

4.3
2007-08-14 CVE-2007-3382 Apache Information Exposure vulnerability in Apache Tomcat

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.

4.3
2007-08-14 CVE-2007-3033 Microsoft Cross-Site Scripting vulnerability in Microsoft Windows Vista

Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone.

4.3
2007-08-14 CVE-2007-4336 Microsoft Buffer Overflow vulnerability in Microsoft Directx Media 6.0

Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value.

4.3
2007-08-14 CVE-2007-4334 PHP Stats Cross-Site Scripting vulnerability in PHP-Stats 0.1.9.2

Cross-site scripting (XSS) vulnerability in whois.php in Php-stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the IP parameter.

4.3
2007-08-14 CVE-2007-4333 Article Dashboard Cross-Site Scripting vulnerability in Article Dashboard

Multiple cross-site scripting (XSS) vulnerabilities in signup.php in Article Dashboard allow remote attackers to inject arbitrary web script or HTML via the (1) f_emailaddress, (2) f_reemailaddress, and other unspecified parameters.

4.3
2007-08-14 CVE-2007-4331 CTW Design Cross-Site Scripting vulnerability in Findnix

PHP remote file inclusion vulnerability in index.php in FindNix allows remote attackers to include the contents of arbitrary URLs and conduct cross-site scripting (XSS) attacks via a URL in the page parameter.

4.3
2007-08-13 CVE-2007-4318 Zyxel Cross-Site Scripting vulnerability in Zyxel Zynos and Zywall 2

Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter.

4.3
2007-08-13 CVE-2007-4317 Zyxel Remote vulnerability in Zyxel Zynos and Zywall 2

Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allow remote attackers to perform certain actions as administrators, as demonstrated by a request to Forms/General_1 with the (1) sysSystemName and (2) sysDomainName parameters.

4.3
2007-08-13 CVE-2007-4316 Zyxel Remote Security vulnerability in Zyxel Zynos and Zywall 2

The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device has a certain default password, which allows remote attackers to perform administrative actions.

4.3
2007-08-13 CVE-2007-4310 SUN Remote Security vulnerability in SUN Sunos 5.7/5.8/5.9

The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows remote attackers to list all accounts that have certain nonstandard GECOS fields via a request composed of a single digit, as demonstrated by a "finger 9@host" command, a different vulnerability than CVE-2001-1503.

4.3
2007-08-13 CVE-2007-4307 Storesprite Cross-Site Scripting vulnerability in Storesprite 7

Multiple cross-site scripting (XSS) vulnerabilities in Storesprite 7 and earlier allow remote attackers to inject arbitrary web script or HTML via the next parameter to (1) addaddress.php, (2) editshipdetails.php, (3) register.php, or (4) login.php in secure/.

4.3
2007-08-13 CVE-2007-4306 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin 2.10.3

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the (1) unlim_num_rows, (2) sql_query, or (3) pos parameter to (a) tbl_export.php; the (4) session_max_rows or (5) pos parameter to (b) sql.php; the (6) username parameter to (c) server_privileges.php; or the (7) sql_query parameter to (d) main.php.

4.3
2007-08-13 CVE-2007-4301 Webcart Cross-Site Scripting vulnerability in Webcart 2.20/2.25

Multiple cross-site scripting (XSS) vulnerabilities in the management interface in WebCart 2.20 through 2.25 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-08-16 CVE-2007-4374 Rndlabs Remote Security vulnerability in Babo Violent

Babo Violent 2 2.08.00 does not validate the sender field of a chat message composed by a client, which allows remote authenticated users to spoof messages.

4.0
2007-08-14 CVE-2007-3037 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows Media Player

Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins."

4.0
2007-08-13 CVE-2007-4319 Zyxel Remote vulnerability in Zyxel Zynos and Zywall 2

The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to cause a denial of service (infinite reboot loop) via invalid configuration data.

4.0

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-08-18 CVE-2007-4413 Headstart Solutions Remote Security vulnerability in Headstart Solutions Deskpro 3.0.2

Direct static code injection vulnerability in admincp/user_help.php in Headstart Solutions DeskPRO 3.0.2 allows remote authenticated users to inject arbitrary PHP code into an unspecified file via a new_entry value in the do parameter.

3.5
2007-08-18 CVE-2007-4412 Headstart Solutions HTML Injection vulnerability in Headstart Solutions Deskpro 3.0.2

Multiple cross-site scripting (XSS) vulnerabilities in Headstart Solutions DeskPRO 3.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (1) techs.php, (2) ticket_category.php, (3) ticket_priority.php, (4) ticket_workflow.php, (5) ticket_escalate.php, (6) fields_ticket.php, (7) ticket_rules_web.php, (8) ticket_displayfields.php, (9) ticket_rules_mail.php, (10) fields_user.php, (11) fields_faq.php, and (12) user_help.php, in (a) admincp/ and (b) possibly a directory on the "User side."

3.5
2007-08-13 CVE-2007-4309 IBM Remote Security vulnerability in Lotus Notes

IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by setting the notes.ini (1) KFM_ShowEntropy and (2) Debug_Outfile debug variables, a different vulnerability than CVE-2005-2696.

3.5
2007-08-18 CVE-2007-4271 IBM Path Traversal vulnerability in IBM DB2 Universal Database

Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a ..

2.1
2007-08-17 CVE-2007-4394 Novell
Suse
Local Security vulnerability in Linux Desktop

Unspecified vulnerability in a "core clean" cron job created by the findutils-locate package on SUSE Linux 10.0 and 10.1 and Enterprise Server 9 and 10 before 20070810 allows local users to delete of arbitrary files via unknown vectors.

2.1
2007-08-18 CVE-2007-4272 IBM Multiple Unspecified vulnerability in IBM DB2 Universal Database

Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to create arbitrary files via (1) unspecified vectors where an attacker's umask is honored, (2) /etc/ld.so.preload, (3) certain "cron data file locations", and other unspecified vectors possibly involving the (4) OSSEMEMDBG or (5) TRC_LOG_FILE environment variable in db2licd (db2licm).

1.9
2007-08-14 CVE-2007-3848 Linux Unspecified vulnerability in Linux Kernel

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG).

1.9
2007-08-13 CVE-2007-4308 Linux
Adaptec
Local Security Bypass vulnerability in Linux Kernel AACRAID Driver

The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges.

1.9