Weekly Vulnerabilities Reports > September 3 to 9, 2007

Overview

77 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 27 high severity vulnerabilities. This weekly summary report vulnerabilities in 60 products from 51 vendors including PHP, Firebirdsql, Debian, Hitachi, and Claroline. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Permissions, Privileges, and Access Controls", "Path Traversal", and "SQL Injection".

  • 72 reported vulnerabilities are remotely exploitables.
  • 16 reported vulnerabilities have public exploit available.
  • 21 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 72 reported vulnerabilities are exploitable by an anonymous user.
  • PHP has the most reported vulnerabilities, with 12 reported vulnerabilities.
  • Cisco has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

12 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-09-08 CVE-2007-4758 Hitachi Buffer Errors vulnerability in Hitachi products

Multiple buffer overflows in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors.

10.0
2007-09-06 CVE-2007-4747 Cisco Improper Authentication vulnerability in Cisco products

The telnet service in Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier does not require authentication, which allows remote attackers to perform administrative actions, aka CSCsj31729.

10.0
2007-09-06 CVE-2007-4743 MIT Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in MIT Kerberos 5

The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.

10.0
2007-09-05 CVE-2007-3999 MIT Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in MIT Kerberos 5

Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.

10.0
2007-09-06 CVE-2007-4472 Broderbund Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Broderbund Expressit 3Dgreetings Player

Multiple buffer overflows in the Broderbund Expressit 3DGreetings Player ActiveX control could allow remote attackers to execute arbitrary code via unspecified vectors.

9.3
2007-09-06 CVE-2007-3752 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes

Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file.

9.3
2007-09-06 CVE-2007-4740 Telecom Italy Permissions, Privileges, and Access Controls vulnerability in Telecom Italy Alice Messenger 1.1

The HPRevolutionRegistryManager ActiveX control in Hp.Revolution.RegistryManager.dll 1 in Telecom Italy Alice Messenger allows remote attackers to create registry keys and values via the arguments to the WriteRegistry method.

9.3
2007-09-06 CVE-2007-4735 Next Generation Software Buffer Errors vulnerability in Next Generation Software Virtual DJ (Vdj) 5.0

Buffer overflow in Next Generation Software Virtual DJ (VDJ) 5.0 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file.

9.3
2007-09-06 CVE-2007-4733 Aztech Permissions, Privileges, and Access Controls vulnerability in Aztech DSL 600Eu Router

The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077.

9.3
2007-09-05 CVE-2007-4471 Intuit Path Traversal vulnerability in Intuit Quickbooks

Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods.

9.3
2007-09-05 CVE-2007-0322 Intuit Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Intuit Quickbooks

Multiple stack-based buffer overflows in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to execute arbitrary code via unspecified vectors.

9.3
2007-09-06 CVE-2007-4746 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco products

The Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier have default passwords for the sypixx and root user accounts, which allows remote attackers to perform administrative actions, aka CSCsj34681.

9.0

27 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-09-05 CVE-2007-4000 MIT Permissions, Privileges, and Access Controls vulnerability in MIT Kerberos 5

The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.

8.5
2007-09-08 CVE-2007-4763 TIM Jackson Code Injection vulnerability in TIM Jackson PHPof

PHP remote file inclusion vulnerability in dbmodules/DB_adodb.class.php in PHP Object Framework (PHPOF) 20040226 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHPOF_INCLUDE_PATH parameter.

7.5
2007-09-08 CVE-2007-4762 E Smart Cart SQL Injection vulnerability in E-Smart Cart E-Smart Cart 1.0

Multiple SQL injection vulnerabilities in embadmin/login.asp in E-SMARTCART 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass fields, different vectors than CVE-2007-0092.

7.5
2007-09-08 CVE-2007-4761 Matteo Improper Input Validation vulnerability in Matteo Barbo91 1.1

Unrestricted file upload vulnerability in upload.php in Barbo91 1.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors.

7.5
2007-09-08 CVE-2007-4757 Phpmytourney Improper Input Validation vulnerability in PHPmytourney

PHP remote file inclusion vulnerability in menu.php in phpMytourney allows remote attackers to execute arbitrary PHP code via a URL in the functions_file parameter.

7.5
2007-09-08 CVE-2007-4754 COR Entertainment USE of Externally-Controlled Format String vulnerability in COR Entertainment Alien Arena 2007

Format string vulnerability in the safe_bprintf function in acesrc/acebot_cmds.c in Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in a nickname.

7.5
2007-09-06 CVE-2007-3913 Gforge Improper Input Validation vulnerability in Gforge

SQL injection vulnerability in Gforge before 3.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2007-09-06 CVE-2007-4738 Speedtech Improper Input Validation vulnerability in Speedtech Stphplibrary 0.8.0

Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php, a different set of vectors than CVE-2007-4737.

7.5
2007-09-06 CVE-2007-4737 Speedtech Code Injection vulnerability in Speedtech Stphplibrary 0.8.0

Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php.

7.5
2007-09-06 CVE-2007-4736 Cartkeeper SQL Injection vulnerability in Cartkeeper Ckgold Shopping Cart 2.0

SQL injection vulnerability in category.php in CartKeeper CKGold Shopping Cart 2.0 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

7.5
2007-09-05 CVE-2007-4723 Ragnarok Online Control Panel Project Path Traversal vulnerability in Ragnarok Online Control Panel Project Ragnarok Online Control Panel 4.3.4A

Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.

7.5
2007-09-05 CVE-2007-4719 212Cafe SQL Injection vulnerability in 212Cafe 212Cafeboard 6.30Beta

SQL injection vulnerability in read.php in 212cafeBoard 6.30 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-09-05 CVE-2007-4716 PHD SQL Injection vulnerability in PHD Help Desk

Multiple SQL injection vulnerabilities in PHD Help Desk before 1.31 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2007-09-05 CVE-2007-4715 Weblogicnet Code Injection vulnerability in Weblogicnet

Multiple PHP remote file inclusion vulnerabilities in Weblogicnet allow remote attackers to execute arbitrary PHP code via a URL in the files_dir parameter in (1) es_desp.php, (2) es_custom_menu.php, and (3) es_offer.php.

7.5
2007-09-05 CVE-2007-4714 Yvora SQL Injection vulnerability in Yvora 1.0

SQL injection vulnerability in error_view.php in Yvora 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2007-09-05 CVE-2007-4712 Enetman Code Injection vulnerability in Enetman 1

PHP remote file inclusion vulnerability in index.php in eNetman 1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

7.5
2007-09-05 CVE-2007-4476 Debian
Canonical
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
7.5
2007-09-04 CVE-2007-4664 Firebirdsql Improper Input Validation vulnerability in Firebirdsql Firebird

Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405.

7.5
2007-09-04 CVE-2007-4663 PHP Path Traversal vulnerability in PHP

Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.

7.5
2007-09-04 CVE-2007-4662 PHP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP

Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.

7.5
2007-09-04 CVE-2007-4661 PHP Buffer Errors vulnerability in PHP 5.2.3

The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow.

7.5
2007-09-04 CVE-2007-4660 PHP Resource Management Errors vulnerability in PHP

Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation.

7.5
2007-09-04 CVE-2007-4659 PHP Unspecified vulnerability in PHP

The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.

7.5
2007-09-04 CVE-2007-4658 PHP Unspecified vulnerability in PHP

The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.

7.5
2007-09-04 CVE-2007-4657 PHP
Debian
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read.

7.5
2007-09-04 CVE-2007-4653 Phpbb SQL Injection vulnerability in PHPbb

SQL injection vulnerability in links.php in the Links MOD 1.2.2 and earlier for phpBB 2.0.22 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter in a search action.

7.5
2007-09-04 CVE-2007-3997 PHP Permissions, Privileges, and Access Controls vulnerability in PHP

The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.

7.5

34 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-09-08 CVE-2007-4756 Ghisler Path Traversal vulnerability in Ghisler Total Commander

Directory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename.

6.8
2007-09-06 CVE-2007-4748 Ppstream Buffer Errors vulnerability in Ppstream 2.0.1.3829

Buffer overflow in the PowerPlayer.dll ActiveX control in PPStream 2.0.1.3829 allows remote attackers to execute arbitrary code via a long Logo parameter.

6.8
2007-09-06 CVE-2007-4744 Anyinventory Improper Input Validation vulnerability in Anyinventory 1.9.1/2.0

PHP remote file inclusion vulnerability in environment.php in AnyInventory 1.9.1 and 2.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PREFIX parameter.

6.8
2007-09-05 CVE-2007-4725 Igor Pavlov Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Igor Pavlov 7-Zip

Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before 4.42.00.04, as derived from Igor Pavlov 7-Zip before 4.53 beta, allows user-assisted remote attackers to execute arbitrary code via a long filename in an archive, leading to a heap-based buffer overflow.

6.8
2007-09-05 CVE-2007-4722 Move Networks INC Buffer Errors vulnerability in Move Networks INC Move Media Player 1.0.1

Multiple stack-based buffer overflows in the Quantum Streaming Internet Explorer Player ActiveX control in qsp2ie07051001.dll 1.0.0.1 in Move Media Player allow remote attackers to execute arbitrary code via a long string to the (1) Play and (2) Buzzer methods.

6.8
2007-09-05 CVE-2007-4720 Hitachi Code Injection vulnerability in Hitachi JP1 CM2 Network Node Manager

Unspecified vulnerability in the Shared Trace Service in Hitachi JP1/Cm2/Network Node Manager (NNM) 07-10 through 07-10-05, and NNM Starter Edition Enterprise and 250 08-00 through 08-10, allows remote attackers to execute arbitrary code via unspecified vectors.

6.8
2007-09-04 CVE-2007-3996 PHP Numeric Errors vulnerability in PHP

Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.

6.8
2007-09-04 CVE-2007-4650 Bharat Mediratta Permissions, Privileges, and Access Controls vulnerability in Bharat Mediratta Gallery

Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in WebDAV and (b) Reupload modules.

6.4
2007-09-05 CVE-2007-4135 Nfsv4 Local Privilege Escalation vulnerability in NFSv4 ID Mapper nfsidmap Username Lookup

The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by "root" instead of "nobody" if the file exists on the server but not on the client.

6.2
2007-09-05 CVE-2007-4718 Claroline Path Traversal vulnerability in Claroline

Directory traversal vulnerability in inc/lib/language.lib.php in Claroline before 1.8.6 allows remote attackers to include and execute arbitrary local files via a ..

5.1
2007-09-08 CVE-2007-4764 Pawfaliki Path Traversal vulnerability in Pawfaliki 0.5.1

Directory traversal vulnerability in pawfaliki.php in Pawfaliki 0.5.1 allows remote attackers to list arbitrary files via a ..

5.0
2007-09-08 CVE-2007-4759 Hitachi Buffer Errors vulnerability in Hitachi products

Multiple unspecified vulnerabilities in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service via unspecified vectors.

5.0
2007-09-08 CVE-2007-4755 COR Entertainment Improper Input Validation vulnerability in COR Entertainment Alien Arena 2007

Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (client disconnect) by sending a client_connect command in a forged packet from the server to a client.

5.0
2007-09-08 CVE-2007-4753 Thomson Denial-Of-Service vulnerability in Thomson ST 2030 SIP Phone 1.52.1

The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via (1) an empty SIP message or (2) a SIP INVITE message with a malformed To header, different vectors than CVE-2007-4553.

5.0
2007-09-06 CVE-2007-4739 Debian Permissions, Privileges, and Access Controls vulnerability in Debian Reprepro

reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command.

5.0
2007-09-05 CVE-2007-4726 Weboddity Path Traversal vulnerability in Weboddity 0.09B

Directory traversal vulnerability in Web Oddity 0.09b allows remote attackers to read arbitrary files via a ..

5.0
2007-09-05 CVE-2007-4670 PHP Unspecified vulnerability in PHP

Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.

5.0
2007-09-04 CVE-2007-4668 Firebirdsql Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Firebirdsql Firebird

Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, aka CORE-1312.

5.0
2007-09-04 CVE-2007-4667 Firebirdsql Multiple vulnerability in Firebird

Unspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149.

5.0
2007-09-04 CVE-2007-4666 Firebirdsql Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Firebirdsql Firebird

Unspecified vulnerability in the server in Firebird before 2.0.2, when a Superserver/TCP/IP environment is configured, allows remote attackers to cause a denial of service (CPU and memory consumption) via "large network packets with garbage", aka CORE-1397.

5.0
2007-09-04 CVE-2007-4665 Firebirdsql Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Firebirdsql Firebird

Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to cause a denial of service (daemon crash) via an XNET session that makes multiple simultaneous requests to register events, aka CORE-1403.

5.0
2007-09-04 CVE-2007-4655 CGI Rescue Path Traversal vulnerability in Cgi-Rescue Shopping Basket Professional

Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via directory traversal sequences in unspecified parameters to (1) list.cgi or (2) list2.cgi.

5.0
2007-09-04 CVE-2007-4654 Cisco
Openbsd
Teamf1
Resource Management Errors vulnerability in multiple products

Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via a series of large packets designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144), possibly a related issue to CVE-2002-1024.

5.0
2007-09-04 CVE-2007-3998 PHP
Debian
Canonical
Improper Input Validation vulnerability in multiple products

The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.

5.0
2007-09-06 CVE-2007-4732 SUN Improper Input Validation vulnerability in SUN Solaris 10.0/8.0/9.0

Unspecified vulnerability in the strfreectty function in the Special File System (SPECFS) in Sun Solaris 8 through 10 allows local users to cause a denial of service (system panic), related to passing a NULL pointer to the pgsignal function.

4.9
2007-09-04 CVE-2007-4652 PHP Link Following vulnerability in PHP

The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.

4.4
2007-09-08 CVE-2007-4760 Hitachi Cross-Site Scripting vulnerability in Hitachi products

The javadoc tool in Cosminexus Developer's Kit for Java in Cosminexus 7 and 7.5 can generate HTML documents that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-09-06 CVE-2007-4745 Joomla
Mambo
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function.

4.3
2007-09-06 CVE-2007-4742 Claroline Improper Input Validation vulnerability in Claroline

Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by a parameter value containing an XSS sequence.

4.3
2007-09-06 CVE-2007-4734 OTS Labs Buffer Errors vulnerability in OTS Labs Otsturntables 1.00

Buffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file.

4.3
2007-09-05 CVE-2007-4724 Apache Cross-Site Request Forgery (CSRF) vulnerability in Apache Tomcat 4.1.31

Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.

4.3
2007-09-05 CVE-2007-4713 ROI Revolution Cross-Site Scripting vulnerability in ROI Revolution Urchin 5.6.00R2

Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in Urchin 5.6.00r2 allow remote attackers to inject arbitrary web script or HTML via the (1) dtc, (2) vid, (3) n, (4) dt, (5) ed, and (6) bd parameters.

4.3
2007-09-05 CVE-2007-4711 WWW Toms Seiten AT Cross-Site Scripting vulnerability in Www.Toms-Seiten.At Toms Gaestebuch 1.00

Multiple cross-site scripting (XSS) vulnerabilities in Toms Gaestebuch 1.00 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage, (2) mail, and (3) name parameters in a show action to (a) form.php; the (4) language and (5) anzeigebreite parameters to (b) admin/header.php; and the (6) msg parameter to (c) install.php, different vectors than CVE-2006-0706.

4.3
2007-09-04 CVE-2007-4669 Firebirdsql Permissions, Privileges, and Access Controls vulnerability in Firebirdsql Firebird

The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148.

4.0

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-09-06 CVE-2007-4741 Claroline Cross-Site Scripting vulnerability in Claroline

Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter.

3.5
2007-09-05 CVE-2007-4717 Claroline Cross-Site Scripting vulnerability in Claroline

Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advancedUserSearch.php, and the (3) view parameter in admin/campusProblem.php.

3.5
2007-09-04 CVE-2007-4656 Backup Manager Information Exposure vulnerability in Backup Manager Backup Manager

backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766.

2.1
2007-09-05 CVE-2007-3849 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Linux 5.0

Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 with a database that lacks checksum information, which allows context-dependent attackers to bypass file integrity checks and modify certain files.

1.9