Weekly Vulnerabilities Reports > September 10 to 16, 2007
Overview
109 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 39 high severity vulnerabilities. This weekly summary report vulnerabilities in 86 products from 65 vendors including IBM, Microsoft, PHP, Joomla, and Cisco. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "SQL Injection", "Improper Input Validation", and "Code Injection".
- 93 reported vulnerabilities are remotely exploitables.
- 29 reported vulnerabilities have public exploit available.
- 37 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 103 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 11 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
8 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-09-12 | CVE-2007-4731 | Trend Micro | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Serverprotect Stack-based buffer overflow in the TMregChange function in TMReg.dll in Trend Micro ServerProtect before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 5005. | 10.0 |
2007-09-14 | CVE-2007-1688 | Callisto | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Callisto Photoparade Player Buffer overflow in the PhPInfo ActiveX control in PhPCtrl.dll in Callisto PhotoParade Player allows remote attackers to execute arbitrary code via the FileVersionof property. | 9.3 |
2007-09-12 | CVE-2007-4842 | Enriva Development | Path Traversal vulnerability in Enriva Development Magellan Explorer Directory traversal vulnerability in Enriva Development Magellan Explorer 3.32 build 2305 and earlier allows remote FTP servers to create or overwrite arbitrary files via a .. | 9.3 |
2007-09-12 | CVE-2007-4841 | Mozilla | Improper Input Validation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845. | 9.3 |
2007-09-12 | CVE-2007-3040 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows 2000 Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205. | 9.3 |
2007-09-11 | CVE-2007-4821 | Edraw | Buffer Errors vulnerability in Edraw Office Viewer Component 5.2 Buffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.218.1 in EDraw Office Viewer Component 5.2 allows remote attackers to execute arbitrary code via a long first argument to the HttpDownloadFileToTempDir method, a different vulnerability than CVE-2007-3169. | 9.3 |
2007-09-10 | CVE-2007-4776 | Microsoft | Buffer Errors vulnerability in Microsoft Visual Basic 6.0 Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a Visual Basic project (vbp) file containing a long Reference line, related to VBP_Open and OLE. | 9.3 |
2007-09-10 | CVE-2007-4470 | ER Mapper | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in ER Mapper Image web Server ECW Jpeg 2000 Plug-In Multiple stack-based buffer overflows in the Earth Resource Mapping NCSView ActiveX control before 3.4.0.242 in NCSView.dll, as distributed in ER Mapper ECW JPEG 2000 Plug-in before 8.1, allow remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
39 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-09-10 | CVE-2007-4789 | Cisco | Configuration vulnerability in Cisco products Cisco Content Switching Modules (CSM) 4.2 before 4.2.7, and Cisco Content Switching Module with SSL (CSM-S) 2.1 before 2.1.6, when service termination is enabled, allow remote attackers to cause a denial of service (reboot) via unspecified vectors related to high network utilization, aka CSCsh57876. | 7.8 |
2007-09-10 | CVE-2007-4788 | Cisco | Remote Denial of Service vulnerability in Cisco products Cisco Content Switching Modules (CSM) 4.2 before 4.2.3a, and Cisco Content Switching Module with SSL (CSM-S) 2.1 before 2.1.2a, allow remote attackers to cause a denial of service (CPU consumption or reboot) via sets of out-of-order TCP packets with unspecified characteristics, aka CSCsd27478. | 7.8 |
2007-09-14 | CVE-2007-4894 | Wordpress | SQL Injection vulnerability in Wordpress Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters." | 7.5 |
2007-09-14 | CVE-2007-4892 | Swsoft | SQL Injection vulnerability in Swsoft Plesk Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Windows allow remote attackers to execute arbitrary SQL commands via a PLESKSESSID cookie to (1) login.php3 or (2) auth.php3. | 7.5 |
2007-09-14 | CVE-2007-4881 | PSI Labs | SQL Injection vulnerability in Psi-Labs Social Networking Script Psisns 1.0 SQL injection vulnerability in profile/myprofile.php in psi-labs.com social networking script (psisns), probably 1.0, allows remote attackers to execute arbitrary SQL commands via the u parameter. | 7.5 |
2007-09-12 | CVE-2007-4846 | Webace | SQL Injection vulnerability in Webace Webace-Linkscript 1.3 SQL injection vulnerability in start.php in Webace-Linkscript (wls) 1.3 Special Edition (SE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik go action. | 7.5 |
2007-09-12 | CVE-2007-4845 | Rwscripts COM | SQL Injection vulnerability in Rwscripts.Com RW Download Lite 2.0.3 Multiple SQL injection vulnerabilities in UPLOAD/index.php in RW::Download 2.0.3 lite allow remote attackers to execute arbitrary SQL commands via the (1) dlid or (2) cid parameter. | 7.5 |
2007-09-12 | CVE-2007-4839 | IBM | Remote Security vulnerability in IBM Websphere Application Server 6.1.0.9 Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK33803. | 7.5 |
2007-09-12 | CVE-2007-4838 | Immersion Games | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Immersion Games Cellfactor Revolution Multiple buffer overflows in CellFactor Revolution 1.03 and earlier allow remote attackers to execute arbitrary code via a long string in a (1) 0x21, (2) 0x22, or (3) 0x23 packet. | 7.5 |
2007-09-12 | CVE-2007-4837 | Proxy Anket | SQL Injection vulnerability in Proxy Anket Proxy Anket 3.0.1 SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-09-12 | CVE-2007-4835 | Phpmyquote | SQL Injection vulnerability in PHPmyquote 0.20 SQL injection vulnerability in index.php in phpMyQuote 0.20 allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action. | 7.5 |
2007-09-12 | CVE-2007-4834 | Phprealty | Code Injection vulnerability in PHPrealty 0.02 Multiple PHP remote file inclusion vulnerabilities in phpRealty 0.02 allow remote attackers to execute arbitrary PHP code via a URL in the MGR parameter to (1) index.php, (2) p_ins.php, and (3) u_ins.php in manager/admin/. | 7.5 |
2007-09-12 | CVE-2007-4832 | Immersion Games | USE of Externally-Controlled Format String vulnerability in Immersion Games Cellfactor Revolution Format string vulnerability in CellFactor Revolution 1.03 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a malformed nickname. | 7.5 |
2007-09-12 | CVE-2007-4825 | PHP | Path Traversal vulnerability in PHP Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. | 7.5 |
2007-09-12 | CVE-2007-4752 | Openbsd | Improper Input Validation vulnerability in Openbsd Openssh ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted. | 7.5 |
2007-09-11 | CVE-2007-4823 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Picasa Multiple buffer overflows in Google Picasa have unspecified attack vectors and impact. | 7.5 | |
2007-09-11 | CVE-2007-4820 | Sisfo Kampus | Path Traversal vulnerability in Sisfo Kampus Sisfo Kampus 2006 Absolute path traversal vulnerability in blanko.preview.php in Sisfo Kampus 2006 allows remote attackers to read arbitrary local files, and possibly execute local PHP scripts, via the nmf parameter. | 7.5 |
2007-09-11 | CVE-2007-4818 | TXX CMS | Code Injection vulnerability in TXX CMS TXX CMS 0.2 Multiple PHP remote file inclusion vulnerabilities in Txx CMS 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) addons/plugin.php, (2) addons/sidebar.php, (3) mail/index.php, or (4) mail/mailbox.php in modules/. | 7.5 |
2007-09-11 | CVE-2007-4817 | Detodas | Code Injection vulnerability in Detodas Restaurante Component FOR Joomla Unrestricted file upload vulnerability in the Restaurante (com_restaurante) component for Joomla! allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .php.jpg, which creates an accessible file under img_original/. | 7.5 |
2007-09-11 | CVE-2007-4816 | Baofeng | Buffer Errors vulnerability in Baofeng Storm 2.8/2.9 Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long (1) URL, (2) backImage, or (3) titleImage property value; (4) a long first argument to the advancedOpen method; a long argument to the (5) isDVDPath or (6) rawParse method; or (7) a .smpl file with a long path attribute in an item element in a PlayList. | 7.5 |
2007-09-11 | CVE-2007-4814 | Microsoft | Buffer Errors vulnerability in Microsoft SQL Server 2005 Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method. | 7.5 |
2007-09-11 | CVE-2007-4810 | Netjuke | SQL Injection vulnerability in Netjuke 1.0Rc2 Multiple SQL injection vulnerabilities in Netjuke 1.0-rc2 allow remote attackers to execute arbitrary SQL commands via (1) the ge_id parameter in a list.artists action to explore.php or (2) the id parameter in a show.tracks action to xml.php. | 7.5 |
2007-09-11 | CVE-2007-4809 | Online Fantasy Football League | Code Injection vulnerability in Online Fantasy Football League Offl 0.2.3/0.2.6 Multiple PHP remote file inclusion vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 allow remote attackers to execute arbitrary PHP code via a URL in the DOC_ROOT parameter to (1) lib/functions.php or (2) lib/header.php. | 7.5 |
2007-09-11 | CVE-2007-4808 | TLM CMS | SQL Injection vulnerability in TLM CMS TLM CMS 1.1/3.2 Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php in a lirenews action, (2) the idnews parameter to goodies.php in a lire action, (3) the id parameter to file.php in a voir action, (4) the ID parameter to affichage.php, (5) the id_sal parameter to mod_forum/afficher.php, or (6) the id_sujet parameter to mod_forum/messages.php. | 7.5 |
2007-09-11 | CVE-2007-4807 | Focus SIS | Code Injection vulnerability in Focus SIS Focus SIS 1.0/2.2 Multiple PHP remote file inclusion vulnerabilities in Focus/SIS 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the staticpath parameter to (1) modules/Discipline/CategoryBreakdownTime.php or (2) modules/Discipline/StudentFieldBreakdown.php. | 7.5 |
2007-09-11 | CVE-2007-4806 | Focus SIS | Code Injection vulnerability in Focus SIS Focus SIS 1.0/2.2 PHP remote file inclusion vulnerability in modules/Discipline/CategoryBreakdownTime.php in Focus/SIS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the FocusPath parameter. | 7.5 |
2007-09-11 | CVE-2007-4805 | Fuzzylime | Path Traversal vulnerability in Fuzzylime 3.0 Directory traversal vulnerability in getgalldata.php in fuzzylime (cms) 3.0 and earlier allows remote attackers to include arbitrary local files via a .. | 7.5 |
2007-09-11 | CVE-2007-4804 | Auracms | SQL Injection vulnerability in Auracms 1.5Rc Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php, (2) cetak.php, (3) lihat.php, (4) pesan.php, and (5) teman.php, different vectors than CVE-2007-4171. | 7.5 |
2007-09-10 | CVE-2007-4790 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer and Visual Foxpro Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function. | 7.5 |
2007-09-10 | CVE-2007-4778 | Joomla | SQL Injection vulnerability in Joomla 1.5.0Beta1/1.5.0Beta2/1.5.0Rc1 Multiple SQL injection vulnerabilities in the content component (com_content) in Joomla! 1.5 Beta1, Beta2, and RC1 allow remote attackers to execute arbitrary SQL commands via the filter parameter in an archive action to (1) archive.php, (2) category.php, or (3) section.php in models/. | 7.5 |
2007-09-10 | CVE-2007-4777 | Joomla | SQL Injection vulnerability in Joomla 1.5.0Beta/1.5.0Beta2/1.5.0Rc1 SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. | 7.5 |
2007-09-10 | CVE-2007-4797 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX 5.2/5.3 Multiple buffer overflows in unspecified svprint (System V print) commands in bos.svprint.rte in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors. | 7.2 |
2007-09-10 | CVE-2007-4796 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX 5.2/5.3 Buffer overflow in uucp in bos.net.uucp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. | 7.2 |
2007-09-10 | CVE-2007-4795 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX 5.2/5.3 Buffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long ODM name. | 7.2 |
2007-09-10 | CVE-2007-4794 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX 5.2/5.3 Buffer overflow in fcstat in devices.common.IBM.fc.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long input parameter. | 7.2 |
2007-09-10 | CVE-2007-4793 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX 5.2/5.3 Buffer overflow in xlplm in plm.server.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. | 7.2 |
2007-09-10 | CVE-2007-4792 | IBM | Buffer Errors vulnerability in IBM AIX 5.3 Buffer overflow in ibstat in devices.common.IBM.ib.rte in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors. | 7.2 |
2007-09-10 | CVE-2007-4791 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX 5.2/5.3 Buffer overflow in the swcons command in bos.rte.console in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2005-3504 and CVE-2007-0978. | 7.2 |
2007-09-10 | CVE-2007-3912 | Debian | Improper Input Validation vulnerability in Debian Debian-Goodies 0.27/0.33 checkrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process. | 7.2 |
58 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-09-14 | CVE-2007-4138 | Samba | Permissions, Privileges, and Access Controls vulnerability in Samba The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined. | 6.9 |
2007-09-12 | CVE-2007-3036 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft products Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files." | 6.9 |
2007-09-14 | CVE-2007-4891 | Microsoft | OS Command Injection vulnerability in Microsoft Visual Studio 6.0/6.0.0.9782 A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell. | 6.8 |
2007-09-14 | CVE-2007-4889 | PHP | Security Bypass vulnerability in PHP The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997. | 6.8 |
2007-09-14 | CVE-2007-4886 | Auracms | Code Injection vulnerability in Auracms Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftp, (3) ftps, or (4) ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs. | 6.8 |
2007-09-14 | CVE-2007-4749 | Autodesk | Configuration vulnerability in Autodesk Backburner 3.0.2 The cmdjob utility in Autodesk Backburner 3.0.2 allows remote attackers to execute arbitrary commands on render servers by queueing jobs that contain these commands. | 6.8 |
2007-09-12 | CVE-2007-4727 | Lighttpd | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Lighttpd Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow." | 6.8 |
2007-09-11 | CVE-2007-4824 | Remote Security vulnerability in Picasa Multiple cross-application scripting (XAS) vulnerabilities in Google Picasa have unspecified attack vectors and impact. | 6.8 | |
2007-09-11 | CVE-2007-4815 | Markus Iser | Code Injection vulnerability in Markus Iser ED Engine 0.8999Alpha Multiple PHP remote file inclusion vulnerabilities in WebED in Markus Iser ED Engine 0.8999 alpha allow remote attackers to execute arbitrary PHP code via a URL in the Codebase parameter to (1) channeledit.php, (2) post.php, (3) view.php, or (4) viewitem.php in source/mod/rss/. | 6.8 |
2007-09-11 | CVE-2007-4803 | Atomix Productions | Buffer Errors vulnerability in Atomix Productions Atomixmp3 2.3 Buffer overflow in AtomixMP3 2.3 allows user-assisted remote attackers to execute arbitrary code via long strings in file and title fields in a .pls file, as demonstrated by the (1) File1 and (2) Title1 fields, different vectors than CVE-2006-6287 and CVE-2007-2487. | 6.8 |
2007-09-11 | CVE-2007-4802 | Ourgame COM | Buffer Errors vulnerability in Ourgame.Com Globallink 2.7.0.8 Multiple heap-based buffer overflows in GlobalLink 2.7.0.8 allow remote attackers to execute arbitrary code via (1) a long eighth argument to the SetInfo method in a certain ActiveX control in glItemCom.dll or (2) a long second argument to the SetClientInfo method in a certain ActiveX control in glitemflat.dll. | 6.8 |
2007-09-10 | CVE-2007-4785 | Sony | Security Bypass vulnerability in Micro Vault Fingerprint Access Software Sony Micro Vault Fingerprint Access Software, as distributed with Sony Micro Vault USM-F USB flash drives, installs a driver that hides a directory under %WINDIR%, which might allow remote attackers to bypass malware detection by placing files in this directory. | 6.8 |
2007-09-10 | CVE-2007-4780 | Joomla | Improper Input Validation vulnerability in Joomla 1.5.0Beta/1.5.0Beta2/1.5.0Rc1 Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories. | 6.8 |
2007-09-10 | CVE-2007-4798 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.2/5.3 Unspecified vulnerability in invscout in Inventory Scout in invscout.rte in IBM AIX 5.2 and 5.3 allows local users to delete system files that have names matching the final substring of a hostname alias, as demonstrated by hostnames ending in "unix". | 6.6 |
2007-09-10 | CVE-2007-4781 | Joomla | Improper Input Validation vulnerability in Joomla 1.5.0Beta1/1.5.0Beta2/1.5.0Rc1 administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value of the option parameter. | 6.6 |
2007-09-14 | CVE-2006-7223 | Xwiki | Permissions, Privileges, and Access Controls vulnerability in Xwiki PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document. | 6.5 |
2007-09-14 | CVE-2007-4901 | AOL | Remote Script Code Execution vulnerability in AOL AIM Lite, AIM PRO and Instant Messenger The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected contexts or execute arbitrary code, as demonstrated by writing arbitrary HTML to a notification window, and writing contents of arbitrary local image files to this window via IMG SRC. | 5.8 |
2007-09-14 | CVE-2007-4890 | Microsoft | Path Traversal vulnerability in Microsoft Visual Studio 6.0 Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method. | 5.8 |
2007-09-12 | CVE-2007-4843 | X Diesel | Path Traversal vulnerability in X-Diesel Unreal Commander 0.92Build565/0.92Build573 Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 build 565 and 573 allows remote FTP servers to create or overwrite arbitrary files via a .. | 5.8 |
2007-09-10 | CVE-2007-4786 | Cisco | Cleartext Transmission of Sensitive Information vulnerability in Cisco Adaptive Security Appliance Software Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information. | 5.3 |
2007-09-14 | CVE-2007-4897 | Ekiga | Resource Management Errors vulnerability in Ekiga 2.0.5 pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash) via a long argument to the PString::vsprintf function, related to a "memory management flaw". | 5.0 |
2007-09-14 | CVE-2007-4895 | Sisfo Kampus | Path Traversal vulnerability in Sisfo Kampus Sisfo Kampus 2006 Directory traversal vulnerability in dwoprn.php in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to read arbitrary files via the f parameter. | 5.0 |
2007-09-13 | CVE-2007-4879 | Mozilla | Remote vulnerability in Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.12 Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains. | 5.0 |
2007-09-12 | CVE-2007-4847 | Remote Security vulnerability in Picasa Google Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI. | 5.0 | |
2007-09-12 | CVE-2007-4840 | PHP | Improper Input Validation vulnerability in PHP PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. | 5.0 |
2007-09-12 | CVE-2007-4833 | IBM | Unspecified vulnerability in IBM WebSphere Application Server Edge Component Unspecified vulnerability in the Edge Component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK44789. | 5.0 |
2007-09-12 | CVE-2007-3871 | Deutsche Post | Denial-Of-Service vulnerability in Deutsche Post Stampit web 1.0 Stampit Web uses guessable id values for online stamp purchases, which allows remote attackers to cause a denial of service (stamp invalidation) via a SOAP request with an id value for a stamp that has not yet been printed. | 5.0 |
2007-09-12 | CVE-2007-4651 | Adobe | Permissions, Privileges, and Access Controls vulnerability in Adobe Connect Enterprise Server 6 Unspecified vulnerability in Adobe Connect Enterprise Server 6 allows remote attackers to read certain pages that are restricted to the administrator via unknown vectors. | 5.0 |
2007-09-11 | CVE-2007-4812 | Apple | Buffer Errors vulnerability in Apple Safari 3.0.3 Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string. | 5.0 |
2007-09-10 | CVE-2007-4787 | Sophos | Improper Input Validation vulnerability in Sophos Scanning Engine and Sophos Anti-Virus The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection. | 5.0 |
2007-09-10 | CVE-2007-4784 | PHP | Improper Input Validation vulnerability in PHP The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. | 5.0 |
2007-09-10 | CVE-2007-4783 | PHP | Improper Input Validation vulnerability in PHP The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. | 5.0 |
2007-09-10 | CVE-2007-4782 | PHP | Code Injection vulnerability in PHP PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. | 5.0 |
2007-09-10 | CVE-2007-4799 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.3 The perfstat kernel extension in bos.perf.perfstat in AIX 5.3 does not verify privileges when processing a SET call, which allows local users to cause a denial of service (system hang or crash) via unspecified SET operations. | 4.9 |
2007-09-14 | CVE-2007-3739 | Redhat Apple | Buffer Errors vulnerability in Redhat Enterprise Linux 5.0 mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service (OOPS) via unspecified vectors. | 4.7 |
2007-09-14 | CVE-2007-3740 | Linux | Permissions, Privileges, and Access Controls vulnerability in Linux Kernel The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges. | 4.4 |
2007-09-14 | CVE-2007-4900 | RSA | Cross-Site Scripting vulnerability in RSA Envision 3.3.6Build0115 Cross-site scripting (XSS) vulnerability in the logon page in RSA EnVision 3.3.6 Build 0115 allows remote attackers to inject arbitrary web script or HTML via the username field. | 4.3 |
2007-09-14 | CVE-2007-4899 | Berkeley | Cross-Site Scripting vulnerability in Berkeley Boinc Forum Multiple cross-site scripting (XSS) vulnerabilities in Boinc Forum 5.10.20 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to forum_forum.php, or the search_string parameter to forum_text_search_action.php in a (2) titles or (3) bodies search. | 4.3 |
2007-09-14 | CVE-2007-4896 | Toms Seiten AT | Cross-Site Scripting vulnerability in Toms-Seiten.At Toms Gastenbuch 1.00/1.01 Multiple cross-site scripting (XSS) vulnerabilities in admin/header.php in Toms Gaestebuch 1.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang[adminseite], (2) lang[ueberschrift], or (3) einst[metachar] parameter, different vectors than CVE-2007-4711. | 4.3 |
2007-09-14 | CVE-2007-4893 | Wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field. | 4.3 |
2007-09-14 | CVE-2007-4887 | PHP | Improper Input Validation vulnerability in PHP The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. | 4.3 |
2007-09-14 | CVE-2007-4885 | Avnex | Denial-Of-Service vulnerability in Av Mp3 Player Avnex AV MP3 Player allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. | 4.3 |
2007-09-14 | CVE-2007-4884 | Media Player Classic | Denial-Of-Service vulnerability in Media Player Classic Media Player Classic (MPC) allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. | 4.3 |
2007-09-14 | CVE-2007-4883 | Mediawiki | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in the BotQuery extension in MediaWiki 1.7.x and earlier before SVN 20070910 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a similar issue to CVE-2007-4828. | 4.3 |
2007-09-14 | CVE-2007-4882 | Techexcel INC | Cross-Site Scripting vulnerability in Techexcel Inc. Customerwise Multiple cross-site scripting (XSS) vulnerabilities in TechExcel CustomerWise (formerly TechExcel CRM) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-09-12 | CVE-2007-4848 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file. | 4.3 |
2007-09-12 | CVE-2007-4844 | X Diesel | Improper Input Validation vulnerability in X-Diesel Unreal Commander 0.92Build565/0.92Build573 X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly react to an FTP server's behavior after sending a "CWD /" command, which allows remote FTP servers to cause a denial of service (infinite loop) by (1) repeatedly sending a 550 error response, or (2) sending a 550 error response and then disconnecting. | 4.3 |
2007-09-12 | CVE-2007-4836 | Phpmyquote | Cross-Site Scripting vulnerability in PHPmyquote 0.20 Cross-site scripting (XSS) vulnerability in index.php in phpMyQuote 0.20 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action. | 4.3 |
2007-09-12 | CVE-2007-4830 | Directadmin | Cross-Site Scripting vulnerability in Directadmin Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in DirectAdmin 1.30.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter. | 4.3 |
2007-09-12 | CVE-2007-4828 | Mediawiki | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-09-12 | CVE-2007-2930 | ISC | Remote Cache Poisoning vulnerability in ISC BIND 8 The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. | 4.3 |
2007-09-11 | CVE-2007-4822 | Buffalotech Oracle | Cross-Site Request Forgery (CSRF) vulnerability in Buffalotech Airstation Whr-G54S 1.20 Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html. | 4.3 |
2007-09-11 | CVE-2007-4819 | TXX CMS | Cross-Site Scripting vulnerability in TXX CMS TXX CMS 0.2 Multiple cross-site scripting (XSS) vulnerabilities in Txx CMS 0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-09-11 | CVE-2007-4730 | X ORG | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in X.Org Xorg-Server Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap. | 4.3 |
2007-09-11 | CVE-2007-4813 | Domino Blogsphere | Cross-Site Scripting vulnerability in Domino Blogsphere Domino Blogsphere 3.01Beta7 Cross-site scripting (XSS) vulnerability in Domino Blogsphere 3.01 Beta 7 allows remote attackers to inject arbitrary web script or HTML via the name field. | 4.3 |
2007-09-11 | CVE-2007-4811 | Netjuke | Cross-Site Scripting vulnerability in Netjuke 1.0Rc2 Multiple cross-site scripting (XSS) vulnerabilities in Netjuke 1.0-rc2 allow remote attackers to inject arbitrary web script or HTML via (1) the val parameter to alphabet.php in an alpha.albums action, or the PATH_INFO to (2) random.php or (3) admin/hidden.php. | 4.3 |
2007-09-10 | CVE-2007-4779 | Joomla | Cross-Site Scripting vulnerability in Joomla 1.5.0Beta/1.5.0Beta2/1.5.0Rc1 Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section. | 4.3 |
2007-09-10 | CVE-2007-4512 | Sophos | Cross-Site Scripting vulnerability in Sophos Anti-Virus Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not properly handled by the print function in SavMain.exe. | 4.3 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-09-14 | CVE-2007-4888 | Xwiki | Remote Security vulnerability in Xwiki 1.0B1/1.0B2 The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a custom skin that prints the content attribute of the doc variable. | 3.5 |
2007-09-12 | CVE-2007-4826 | Quagga | Denial Of Service vulnerability in Quagga Routing Suite bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. | 3.5 |
2007-09-12 | CVE-2007-4831 | Torrenttrader | Cross-Site Scripting vulnerability in Torrenttrader 1.07 Multiple cross-site scripting (XSS) vulnerabilities in account_settings.php in TorrentTrader 1.07 allow remote attackers to inject arbitrary web script or HTML via the (1) avatar and (2) title parameters. | 2.6 |
2007-09-14 | CVE-2007-4898 | Xwiki | Information Disclosure vulnerability in XWiki Multiwiki Setup Unspecified vulnerability in the Multiwiki plugin in XWiki before 1.1 Enterprise RC2 allows remote authenticated users, with administrative access to one wiki in a multiwiki environment, to obtain sensitive information via unknown attack vectors. | 2.1 |