Weekly Vulnerabilities Reports > September 3 to 9, 2007
Overview
75 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 26 high severity vulnerabilities. This weekly summary report vulnerabilities in 60 products from 52 vendors including PHP, Firebirdsql, Hitachi, Claroline, and Cisco. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Path Traversal", "Permissions, Privileges, and Access Controls", and "SQL Injection".
- 70 reported vulnerabilities are remotely exploitables.
- 16 reported vulnerabilities have public exploit available.
- 21 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 71 reported vulnerabilities are exploitable by an anonymous user.
- PHP has the most reported vulnerabilities, with 12 reported vulnerabilities.
- Cisco has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
12 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-09-08 | CVE-2007-4758 | Hitachi | Buffer Errors vulnerability in Hitachi products Multiple buffer overflows in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors. | 10.0 |
2007-09-06 | CVE-2007-4747 | Cisco | Improper Authentication vulnerability in Cisco products The telnet service in Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier does not require authentication, which allows remote attackers to perform administrative actions, aka CSCsj31729. | 10.0 |
2007-09-06 | CVE-2007-4743 | MIT | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in MIT Kerberos 5 The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack. | 10.0 |
2007-09-05 | CVE-2007-3999 | MIT | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in MIT Kerberos 5 Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message. | 10.0 |
2007-09-06 | CVE-2007-4472 | Broderbund | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Broderbund Expressit 3Dgreetings Player Multiple buffer overflows in the Broderbund Expressit 3DGreetings Player ActiveX control could allow remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
2007-09-06 | CVE-2007-3752 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file. | 9.3 |
2007-09-06 | CVE-2007-4740 | Telecom Italy | Permissions, Privileges, and Access Controls vulnerability in Telecom Italy Alice Messenger 1.1 The HPRevolutionRegistryManager ActiveX control in Hp.Revolution.RegistryManager.dll 1 in Telecom Italy Alice Messenger allows remote attackers to create registry keys and values via the arguments to the WriteRegistry method. | 9.3 |
2007-09-06 | CVE-2007-4735 | Next Generation Software | Buffer Errors vulnerability in Next Generation Software Virtual DJ (Vdj) 5.0 Buffer overflow in Next Generation Software Virtual DJ (VDJ) 5.0 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file. | 9.3 |
2007-09-06 | CVE-2007-4733 | Aztech | Permissions, Privileges, and Access Controls vulnerability in Aztech DSL 600Eu Router The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077. | 9.3 |
2007-09-05 | CVE-2007-4471 | Intuit | Path Traversal vulnerability in Intuit Quickbooks Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. | 9.3 |
2007-09-05 | CVE-2007-0322 | Intuit | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Intuit Quickbooks Multiple stack-based buffer overflows in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
2007-09-06 | CVE-2007-4746 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco products The Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier have default passwords for the sypixx and root user accounts, which allows remote attackers to perform administrative actions, aka CSCsj34681. | 9.0 |
26 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-09-08 | CVE-2007-4763 | TIM Jackson | Code Injection vulnerability in TIM Jackson PHPof PHP remote file inclusion vulnerability in dbmodules/DB_adodb.class.php in PHP Object Framework (PHPOF) 20040226 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHPOF_INCLUDE_PATH parameter. | 7.5 |
2007-09-08 | CVE-2007-4762 | E Smart Cart | SQL Injection vulnerability in E-Smart Cart E-Smart Cart 1.0 Multiple SQL injection vulnerabilities in embadmin/login.asp in E-SMARTCART 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass fields, different vectors than CVE-2007-0092. | 7.5 |
2007-09-08 | CVE-2007-4761 | Matteo | Improper Input Validation vulnerability in Matteo Barbo91 1.1 Unrestricted file upload vulnerability in upload.php in Barbo91 1.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors. | 7.5 |
2007-09-08 | CVE-2007-4757 | Phpmytourney | Improper Input Validation vulnerability in PHPmytourney PHP remote file inclusion vulnerability in menu.php in phpMytourney allows remote attackers to execute arbitrary PHP code via a URL in the functions_file parameter. | 7.5 |
2007-09-08 | CVE-2007-4754 | COR Entertainment | USE of Externally-Controlled Format String vulnerability in COR Entertainment Alien Arena 2007 Format string vulnerability in the safe_bprintf function in acesrc/acebot_cmds.c in Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in a nickname. | 7.5 |
2007-09-06 | CVE-2007-3913 | Gforge | Improper Input Validation vulnerability in Gforge SQL injection vulnerability in Gforge before 3.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2007-09-06 | CVE-2007-4738 | Speedtech | Improper Input Validation vulnerability in Speedtech Stphplibrary 0.8.0 Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php, a different set of vectors than CVE-2007-4737. | 7.5 |
2007-09-06 | CVE-2007-4737 | Speedtech | Code Injection vulnerability in Speedtech Stphplibrary 0.8.0 Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php. | 7.5 |
2007-09-06 | CVE-2007-4736 | Cartkeeper | SQL Injection vulnerability in Cartkeeper Ckgold Shopping Cart 2.0 SQL injection vulnerability in category.php in CartKeeper CKGold Shopping Cart 2.0 allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | 7.5 |
2007-09-05 | CVE-2007-4723 | Ragnarok Online Control Panel Project | Path Traversal vulnerability in Ragnarok Online Control Panel Project Ragnarok Online Control Panel 4.3.4A Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page. | 7.5 |
2007-09-05 | CVE-2007-4719 | 212Cafe | SQL Injection vulnerability in 212Cafe 212Cafeboard 6.30Beta SQL injection vulnerability in read.php in 212cafeBoard 6.30 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-09-05 | CVE-2007-4716 | PHD | SQL Injection vulnerability in PHD Help Desk Multiple SQL injection vulnerabilities in PHD Help Desk before 1.31 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2007-09-05 | CVE-2007-4715 | Weblogicnet | Code Injection vulnerability in Weblogicnet Multiple PHP remote file inclusion vulnerabilities in Weblogicnet allow remote attackers to execute arbitrary PHP code via a URL in the files_dir parameter in (1) es_desp.php, (2) es_custom_menu.php, and (3) es_offer.php. | 7.5 |
2007-09-05 | CVE-2007-4714 | Yvora | SQL Injection vulnerability in Yvora 1.0 SQL injection vulnerability in error_view.php in Yvora 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
2007-09-05 | CVE-2007-4712 | Enetman | Code Injection vulnerability in Enetman 1 PHP remote file inclusion vulnerability in index.php in eNetman 1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | 7.5 |
2007-09-05 | CVE-2007-4476 | GNU Debian Canonical | Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." | 7.5 |
2007-09-04 | CVE-2007-4664 | Firebirdsql | Improper Input Validation vulnerability in Firebirdsql Firebird Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405. | 7.5 |
2007-09-04 | CVE-2007-4663 | PHP | Path Traversal vulnerability in PHP Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function. | 7.5 |
2007-09-04 | CVE-2007-4662 | PHP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors. | 7.5 |
2007-09-04 | CVE-2007-4661 | PHP | Buffer Errors vulnerability in PHP 5.2.3 The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. | 7.5 |
2007-09-04 | CVE-2007-4660 | PHP | Resource Management Errors vulnerability in PHP Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation. | 7.5 |
2007-09-04 | CVE-2007-4659 | PHP | Unspecified vulnerability in PHP The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors. | 7.5 |
2007-09-04 | CVE-2007-4658 | PHP | Unspecified vulnerability in PHP The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability. | 7.5 |
2007-09-04 | CVE-2007-4657 | PHP Debian Canonical | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. | 7.5 |
2007-09-04 | CVE-2007-4653 | Phpbb | SQL Injection vulnerability in PHPbb SQL injection vulnerability in links.php in the Links MOD 1.2.2 and earlier for phpBB 2.0.22 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter in a search action. | 7.5 |
2007-09-04 | CVE-2007-3997 | PHP | Permissions, Privileges, and Access Controls vulnerability in PHP The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE. | 7.5 |
33 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-09-08 | CVE-2007-4756 | Ghisler | Path Traversal vulnerability in Ghisler Total Commander Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. | 6.8 |
2007-09-06 | CVE-2007-4748 | Ppstream | Buffer Errors vulnerability in Ppstream 2.0.1.3829 Buffer overflow in the PowerPlayer.dll ActiveX control in PPStream 2.0.1.3829 allows remote attackers to execute arbitrary code via a long Logo parameter. | 6.8 |
2007-09-06 | CVE-2007-4744 | Anyinventory | Improper Input Validation vulnerability in Anyinventory 1.9.1/2.0 PHP remote file inclusion vulnerability in environment.php in AnyInventory 1.9.1 and 2.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PREFIX parameter. | 6.8 |
2007-09-05 | CVE-2007-4725 | Igor Pavlov | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Igor Pavlov 7-Zip Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before 4.42.00.04, as derived from Igor Pavlov 7-Zip before 4.53 beta, allows user-assisted remote attackers to execute arbitrary code via a long filename in an archive, leading to a heap-based buffer overflow. | 6.8 |
2007-09-05 | CVE-2007-4722 | Move Networks INC | Buffer Errors vulnerability in Move Networks INC Move Media Player 1.0.1 Multiple stack-based buffer overflows in the Quantum Streaming Internet Explorer Player ActiveX control in qsp2ie07051001.dll 1.0.0.1 in Move Media Player allow remote attackers to execute arbitrary code via a long string to the (1) Play and (2) Buzzer methods. | 6.8 |
2007-09-05 | CVE-2007-4720 | Hitachi | Code Injection vulnerability in Hitachi JP1 CM2 Network Node Manager Unspecified vulnerability in the Shared Trace Service in Hitachi JP1/Cm2/Network Node Manager (NNM) 07-10 through 07-10-05, and NNM Starter Edition Enterprise and 250 08-00 through 08-10, allows remote attackers to execute arbitrary code via unspecified vectors. | 6.8 |
2007-09-04 | CVE-2007-3996 | PHP | Numeric Errors vulnerability in PHP Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function. | 6.8 |
2007-09-04 | CVE-2007-4650 | Bharat Mediratta | Permissions, Privileges, and Access Controls vulnerability in Bharat Mediratta Gallery Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in WebDAV and (b) Reupload modules. | 6.4 |
2007-09-05 | CVE-2007-4135 | Nfsv4 | Local Privilege Escalation vulnerability in NFSv4 ID Mapper nfsidmap Username Lookup The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by "root" instead of "nobody" if the file exists on the server but not on the client. | 6.2 |
2007-09-05 | CVE-2007-4718 | Claroline | Path Traversal vulnerability in Claroline Directory traversal vulnerability in inc/lib/language.lib.php in Claroline before 1.8.6 allows remote attackers to include and execute arbitrary local files via a .. | 5.1 |
2007-09-08 | CVE-2007-4764 | Pawfaliki | Path Traversal vulnerability in Pawfaliki 0.5.1 Directory traversal vulnerability in pawfaliki.php in Pawfaliki 0.5.1 allows remote attackers to list arbitrary files via a .. | 5.0 |
2007-09-08 | CVE-2007-4759 | Hitachi | Buffer Errors vulnerability in Hitachi products Multiple unspecified vulnerabilities in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service via unspecified vectors. | 5.0 |
2007-09-08 | CVE-2007-4755 | COR Entertainment | Improper Input Validation vulnerability in COR Entertainment Alien Arena 2007 Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (client disconnect) by sending a client_connect command in a forged packet from the server to a client. | 5.0 |
2007-09-08 | CVE-2007-4753 | Thomson | Denial-Of-Service vulnerability in Thomson ST 2030 SIP Phone 1.52.1 The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via (1) an empty SIP message or (2) a SIP INVITE message with a malformed To header, different vectors than CVE-2007-4553. | 5.0 |
2007-09-05 | CVE-2007-4726 | Weboddity | Path Traversal vulnerability in Weboddity 0.09B Directory traversal vulnerability in Web Oddity 0.09b allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-09-05 | CVE-2007-4670 | PHP | Unspecified vulnerability in PHP Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285. | 5.0 |
2007-09-04 | CVE-2007-4668 | Firebirdsql | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Firebirdsql Firebird Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, aka CORE-1312. | 5.0 |
2007-09-04 | CVE-2007-4667 | Firebirdsql | Multiple vulnerability in Firebird Unspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149. | 5.0 |
2007-09-04 | CVE-2007-4666 | Firebirdsql | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Firebirdsql Firebird Unspecified vulnerability in the server in Firebird before 2.0.2, when a Superserver/TCP/IP environment is configured, allows remote attackers to cause a denial of service (CPU and memory consumption) via "large network packets with garbage", aka CORE-1397. | 5.0 |
2007-09-04 | CVE-2007-4665 | Firebirdsql | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Firebirdsql Firebird Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to cause a denial of service (daemon crash) via an XNET session that makes multiple simultaneous requests to register events, aka CORE-1403. | 5.0 |
2007-09-04 | CVE-2007-4655 | CGI Rescue | Path Traversal vulnerability in Cgi-Rescue Shopping Basket Professional Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via directory traversal sequences in unspecified parameters to (1) list.cgi or (2) list2.cgi. | 5.0 |
2007-09-04 | CVE-2007-4654 | Cisco Openbsd Teamf1 | Resource Management Errors vulnerability in multiple products Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via a series of large packets designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144), possibly a related issue to CVE-2002-1024. | 5.0 |
2007-09-04 | CVE-2007-3998 | PHP Debian Canonical | Improper Input Validation vulnerability in multiple products The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set. | 5.0 |
2007-09-06 | CVE-2007-4732 | SUN | Improper Input Validation vulnerability in SUN Solaris 10.0/8.0/9.0 Unspecified vulnerability in the strfreectty function in the Special File System (SPECFS) in Sun Solaris 8 through 10 allows local users to cause a denial of service (system panic), related to passing a NULL pointer to the pgsignal function. | 4.9 |
2007-09-04 | CVE-2007-4652 | PHP | Link Following vulnerability in PHP The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink. | 4.4 |
2007-09-08 | CVE-2007-4760 | Hitachi | Cross-Site Scripting vulnerability in Hitachi products The javadoc tool in Cosminexus Developer's Kit for Java in Cosminexus 7 and 7.5 can generate HTML documents that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-09-06 | CVE-2007-4745 | Joomla Mambo | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function. | 4.3 |
2007-09-06 | CVE-2007-4742 | Claroline | Improper Input Validation vulnerability in Claroline Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by a parameter value containing an XSS sequence. | 4.3 |
2007-09-06 | CVE-2007-4734 | OTS Labs | Buffer Errors vulnerability in OTS Labs Otsturntables 1.00 Buffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file. | 4.3 |
2007-09-05 | CVE-2007-4724 | Apache | Cross-Site Request Forgery (CSRF) vulnerability in Apache Tomcat 4.1.31 Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters. | 4.3 |
2007-09-05 | CVE-2007-4713 | ROI Revolution | Cross-Site Scripting vulnerability in ROI Revolution Urchin 5.6.00R2 Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in Urchin 5.6.00r2 allow remote attackers to inject arbitrary web script or HTML via the (1) dtc, (2) vid, (3) n, (4) dt, (5) ed, and (6) bd parameters. | 4.3 |
2007-09-05 | CVE-2007-4711 | WWW Toms Seiten AT | Cross-Site Scripting vulnerability in Www.Toms-Seiten.At Toms Gaestebuch 1.00 Multiple cross-site scripting (XSS) vulnerabilities in Toms Gaestebuch 1.00 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage, (2) mail, and (3) name parameters in a show action to (a) form.php; the (4) language and (5) anzeigebreite parameters to (b) admin/header.php; and the (6) msg parameter to (c) install.php, different vectors than CVE-2006-0706. | 4.3 |
2007-09-04 | CVE-2007-4669 | Firebirdsql | Permissions, Privileges, and Access Controls vulnerability in Firebirdsql Firebird The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148. | 4.0 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-09-06 | CVE-2007-4741 | Claroline | Cross-Site Scripting vulnerability in Claroline Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. | 3.5 |
2007-09-05 | CVE-2007-4717 | Claroline | Cross-Site Scripting vulnerability in Claroline Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advancedUserSearch.php, and the (3) view parameter in admin/campusProblem.php. | 3.5 |
2007-09-04 | CVE-2007-4656 | Backup Manager | Information Exposure vulnerability in Backup Manager Backup Manager backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766. | 2.1 |
2007-09-05 | CVE-2007-3849 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Linux 5.0 Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 with a database that lacks checksum information, which allows context-dependent attackers to bypass file integrity checks and modify certain files. | 1.9 |