Weekly Vulnerabilities Reports > September 17 to 23, 2007

Overview

123 new vulnerabilities reported during this period, including 23 critical vulnerabilities and 30 high severity vulnerabilities. This weekly summary report vulnerabilities in 128 products from 97 vendors including Vmware, Canonical, Axis, HP, and Dibbler. Vulnerabilities are notably categorized as "Code Injection", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", and "SQL Injection".

  • 104 reported vulnerabilities are remotely exploitables.
  • 37 reported vulnerabilities have public exploit available.
  • 35 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 113 reported vulnerabilities are exploitable by an anonymous user.
  • Vmware has the most reported vulnerabilities, with 7 reported vulnerabilities.
  • Vmware has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

23 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-09-21 CVE-2007-0063 Vmware
Canonical
Integer Underflow (Wrap OR Wraparound) vulnerability in multiple products

Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow.

10.0
2007-09-21 CVE-2007-0062 Vmware Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare products

Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients.

10.0
2007-09-21 CVE-2007-0061 Vmware
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory."

10.0
2007-09-20 CVE-2007-5019 SUN Buffer Errors vulnerability in SUN Java web Start, JRE and SDK

Buffer overflow in the Sun Java Web Start ActiveX control in Java Runtime Environment (JRE) 1.6.0_X allows remote attackers to have an unknown impact via a long argument to the dnsResolve (isInstalled.dnsResolve) method.

10.0
2007-09-19 CVE-2007-4983 Cowon America Path Traversal vulnerability in Cowon America Jetaudio 7.0.3.3016/7.0.3Basic

Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a ..\ (dot dot backslash) in the second argument to the DownloadFromMusicStore method.

10.0
2007-09-19 CVE-2007-4982 MW6 Technologies Path Traversal vulnerability in MW6 Technologies Qrcode Activex

Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll in MW6 Technologies QRCode ActiveX 3.0.0.1 and earlier allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveAsBMP or (2) SaveAsWMF method.

10.0
2007-09-17 CVE-2007-4916 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP All-In-On Printer and Photo and Imaging Gallery

Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.

10.0
2007-09-17 CVE-2007-4915 BOA Improper Input Validation vulnerability in BOA Webserver 0.93.15

The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long username in an HTTP Basic Authentication request.

10.0
2007-09-17 CVE-2007-4910 Netinvoicing Security vulnerability in Netinvoicing 2.7/2.7.1/2.7.2

Unspecified vulnerability in netInvoicing before 2.7.3 has unknown impact and attack vectors, related to "security check soap".

10.0
2007-09-18 CVE-2007-3010 AL Enterprise Unspecified vulnerability in Al-Enterprise Omnipcx Enterprise Communication Server

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.

9.8
2007-09-21 CVE-2007-5025 Vmware Remote Security vulnerability in VMWare ACE 1.0.3Build54075

Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 allows attackers to have an unknown impact via an unspecified manipulation of "images stored in virtual machines downloaded by the user."

9.3
2007-09-21 CVE-2007-5020 Adobe Code Injection vulnerability in Adobe Acrobat and Acrobat Reader

Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP.

9.3
2007-09-18 CVE-2007-4963 Winimage Directory Traversal vulnerability in Winimage 8.0/8.10

Visual truncation vulnerability in WinImage 8.10 and earlier allows remote attackers to spoof a destination filename via a long sequence of space characters in a filename within a (1) .IMG or (2) .ISO file.

9.3
2007-09-18 CVE-2007-4962 Winimage Path Traversal vulnerability in Winimage 8.0/8.10

Directory traversal vulnerability in WinImage 8.10 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a ..

9.3
2007-09-18 CVE-2007-4750 Data Vision Cryptographic Issues vulnerability in Data-Vision Remotedocs R-Viewer

Unspecified vulnerability in RemoteDocs R-Viewer before 1.6.3768 allows user-assisted remote attackers to execute arbitrary code via a crafted RDZ archive in which the first file has an executable extension.

9.3
2007-09-18 CVE-2007-2834 Apache
SUN
Debian
Canonical
Integer Overflow or Wraparound vulnerability in multiple products

Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.

9.3
2007-09-18 CVE-2007-0326 Photochannel Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Photochannel PNI Digital Media Upload Plugin Activex Control

Multiple stack-based buffer overflows in the PhotoChannel Networks PNI Digital Media Photo Upload Plugin ActiveX control before 2.0.0.10, as used by multiple retailers, allow remote attackers to execute arbitrary code via unspecified vectors.

9.3
2007-09-18 CVE-2007-4943 Baofeng Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Baofeng Storm

Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allow remote attackers to execute arbitrary code via malformed input in an unknown set of arguments or property values, a different DLL than CVE-2007-4816.

9.3
2007-09-18 CVE-2007-4940 Guliverkli
Mympc
Verycd
Numeric Errors vulnerability in multiple products

Multiple integer overflows in Media Player Classic (MPC) 6.4.9.0 and earlier, as used standalone and in mympc (aka CD-Storm) 1.0.0.1, StormPlayer 1.0.4, and possibly other products, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values.

9.3
2007-09-18 CVE-2007-4939 Guliverkli
Mympc
Verycd
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in mplayerc.exe in Media Player Classic (MPC) 6.4.9.0 and earlier, as used standalone and in mympc (aka CD-Storm) 1.0.0.1, StormPlayer 1.0.4, and possibly other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with an "indx truck size" of 0xffffffff, and certain wLongsPerEntry and nEntriesInuse values.

9.3
2007-09-18 CVE-2007-4926 Axis Cryptographic Issues vulnerability in Axis 207W Camera

The AXIS 207W camera uses a base64-encoded cleartext username and password for authentication, which allows remote attackers to obtain sensitive information by sniffing the wireless network or by leveraging unspecified other vectors.

9.3
2007-09-17 CVE-2007-4909 Winscp Permissions, Privileges, and Access Controls vulnerability in Winscp

Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP.

9.3
2007-09-20 CVE-2007-5008 HP Improper Authentication vulnerability in HP Hp-Ux 11.11/11.23/11.31

The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not correctly report password status, which allows remote attackers to obtain privileges when certain "password issues" are not detected.

9.0

30 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-09-18 CVE-2007-4938 Apple
HP
IBM
Linux
Mandrakesoft
Microsoft
Santa Cruz Operation
SUN
Windriver
Mplayer
SGI
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.

7.6
2007-09-21 CVE-2007-5028 Dibbler Information Exposure vulnerability in Dibbler 0.6.0

Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspecified files in /var/lib/dibbler, which has unknown impact and local attack vectors.

7.5
2007-09-20 CVE-2007-5016 Insane Visions SQL Injection vulnerability in Insane Visions Onecms 2.4

SQL injection vulnerability in userreviews.php in OneCMS 2.4 allows remote attackers to execute arbitrary SQL commands via the abc parameter.

7.5
2007-09-20 CVE-2007-5014 Derek Leung Code Injection vulnerability in Derek Leung Pslash 0.70

Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 allow remote attackers to execute arbitrary PHP code via a URL in (1) the lvc_admin_dir parameter to modules/visitors2/admin/view-archiver.inc.php or (2) the lvc_include_dir parameter to modules/visitors2/include/menus.inc.php.

7.5
2007-09-19 CVE-2007-4984 Ktauber
Phpbb
SQL Injection vulnerability in Ktauber Stylesdemo 0.9.9

SQL injection vulnerability in index.php in the Ktauber.com StylesDemo mod for phpBB 2.0.xx allows remote attackers to execute arbitrary SQL commands via the s parameter.

7.5
2007-09-19 CVE-2007-4979 Kwsphp SQL Injection vulnerability in Kwsphp 1.0

SQL injection vulnerability in index.php in the sondages module in KwsPHP 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a results action, a different module than CVE-2007-4956.2.

7.5
2007-09-19 CVE-2007-4978 Phpsyncml Code Injection vulnerability in PHPsyncml

Multiple PHP remote file inclusion vulnerabilities in phpSyncML 0.1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) Decoder.php and (2) Encoder.php in WBXML/.

7.5
2007-09-19 CVE-2007-4827 Automated Solutions Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Automated Solutions Modbus Slave Activex Control

Unspecified vulnerability in the Modbus/TCP Diagnostic function in MiniHMI.exe for the Automated Solutions Modbus Slave ActiveX Control before 1.5 allows remote attackers to corrupt the heap and possibly execute arbitrary code via malformed Modbus requests to TCP port 502.

7.5
2007-09-19 CVE-2007-4974 Mega Nerd Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mega-Nerd Libsndfile

Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.

7.5
2007-09-18 CVE-2007-4961 Lindenlab Missing Encryption of Sensitive Data vulnerability in Lindenlab Second Life

The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending this hash to a Second Life authentication server.

7.5
2007-09-18 CVE-2007-4957 Chupix Path Traversal vulnerability in Chupix CMS 0.2.3

Multiple directory traversal vulnerabilities in download.php in Chupix CMS 0.2.3 allow remote attackers to read or overwrite arbitrary files via a ..

7.5
2007-09-18 CVE-2007-4956 Kwsphp SQL Injection vulnerability in Kwsphp 1.0

Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module.

7.5
2007-09-18 CVE-2007-4953 Simpcms SQL Injection vulnerability in Simpcms

SQL injection vulnerability in index.php in SimpCMS allows remote attackers to execute arbitrary SQL commands via the keyword parameter in a search site action.

7.5
2007-09-18 CVE-2007-4952 Omnistar Interactive SQL Injection vulnerability in Omnistar Interactive Omnistar Article Manager

SQL injection vulnerability in article.php in OmniStar Article Manager allows remote attackers to execute arbitrary SQL commands via the page_id parameter in a favorite op action, a different vector than CVE-2006-5917.

7.5
2007-09-18 CVE-2007-4947 Myphppagetool Code Injection vulnerability in Myphppagetool 0.4.3

Multiple PHP remote file inclusion vulnerabilities in myphpPagetool 0.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the ptinclude parameter to (1) help1.php, (2) help2.php, (3) help3.php, (4) help4.php, (5) help5.php, (6) help6.php, (7) help7.php, (7) help8.php, (8) help9.php, or (10) index.php in doc/admin/.

7.5
2007-09-18 CVE-2007-4942 Focus SIS Code Injection vulnerability in Focus-Sis Focus SIS 1.0

PHP remote file inclusion vulnerability in modules/Discipline/StudentFieldBreakdown.php in Focus/SIS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the FocusPath parameter, a different vector than CVE-2007-4806.

7.5
2007-09-18 CVE-2007-4936 Office Efficiencies Security vulnerability in Office Efficiencies Safesquid 4.1/4.1.1/4.1.2

Unspecified vulnerability in Office Efficiencies SafeSquid 4.1.x has unknown impact and attack vectors, related to a "serious security flaw," possibly specific to Linux.

7.5
2007-09-18 CVE-2007-4933 Shop Script Code Injection vulnerability in Shop-Script 2.0

Direct static code injection vulnerability in includes/admin/sub/conf_appearence.php in Shop-Script FREE 2.0 and earlier allows remote attackers to inject arbitrary PHP code into cfg/appearence.inc.php via a save_appearence action in admin.php, as demonstrated with the (1) productscount, (2) colscount, and (3) darkcolor parameters.

7.5
2007-09-18 CVE-2007-4932 Shop Script Improper Input Validation vulnerability in Shop-Script

admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to access the admin panel.

7.5
2007-09-18 CVE-2007-4925 Ewire Improper Input Validation vulnerability in Ewire Payment Client 1.60/1.70

The ewirePC_Decrypt function in ewirepcfunctions.php in eWire Payment Client (ePC) 1.60 and 1.70 allows remote attackers to execute arbitrary commands via shell metacharacters in the paymentinfo parameter to simplePHPLinux/3payment_receive.php.

7.5
2007-09-17 CVE-2007-4921 Ajax Code Injection vulnerability in Ajax File Browser 3Beta

PHP remote file inclusion vulnerability in _includes/settings.inc.php in Ajax File Browser 3 Beta allows remote attackers to execute arbitrary PHP code via a URL in the approot parameter.

7.5
2007-09-17 CVE-2007-4920 PHP Webquest SQL Injection vulnerability in PHP Webquest PHP Webquest

SQL injection vulnerability in soporte_derecha_w.php in PHP Webquest 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter.

7.5
2007-09-17 CVE-2007-4919 Jblog SQL Injection vulnerability in Jblog 1.0

Multiple SQL injection vulnerabilities in JBlog 1.0 allow (1) remote attackers to execute arbitrary SQL commands via the id parameter to index.php, and allow (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter to admin/modifpost.php.

7.5
2007-09-17 CVE-2007-4918 Gelatocms SQL Injection vulnerability in Gelatocms 0.90/0.95/Nil

SQL injection vulnerability in classes/gelato.class.php in Gelato allows remote attackers to execute arbitrary SQL commands via the post parameter to index.php.

7.5
2007-09-17 CVE-2007-4913 Invision Power Services Code Injection vulnerability in Invision Power Services Invision Power Board

ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable.

7.5
2007-09-17 CVE-2007-4908 Auracms Path Traversal vulnerability in Auracms

Directory traversal vulnerability in index.php in AuraCMS 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-09-17 CVE-2007-4907 Qualiteam Code Injection vulnerability in Qualiteam X-Cart 3.5.0

Multiple PHP remote file inclusion vulnerabilities in X-Cart allow remote attackers to execute arbitrary PHP code via a URL in the xcart_dir parameter to (1) config.php, (2) prepare.php, (3) smarty.php, (4) customer/product.php, (5) provider/auth.php, and (6) admin/auth.php.

7.5
2007-09-17 CVE-2007-4905 Auracms Improper Input Validation vulnerability in Auracms 2.1

Unrestricted file upload vulnerability in mod/contak.php in AuraCMS 2.1 allows remote attackers to upload and execute arbitrary PHP files via the image parameter, which places a file under files/.

7.5
2007-09-17 CVE-2007-4903 Ultra Shareware Buffer Errors vulnerability in Ultra Shareware Ultra Crypto Component 2.0.2007.801

Multiple buffer overflows in a certain ActiveX control in CryptoX.dll 2.0 and earlier in the Ultra Crypto Component allow remote attackers to execute arbitrary code via (1) a long string in the first argument to the AcquireContext method or (2) an unspecified vector to the DeleteContext method.

7.5
2007-09-18 CVE-2007-4941 KDE Resource Management Errors vulnerability in KDE Kmplayer

KMPlayer 2.9.3.1210 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a .avi file with certain large "indx truck size" and nEntriesInuse values.

7.1

61 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-09-21 CVE-2007-5023 Vmware
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious "program.exe" file in the C: folder.

6.9
2007-09-18 CVE-2007-0997 Linux Race Condition vulnerability in Linux Kernel

Race condition in the tee (sys_tee) system call in the Linux kernel 2.6.17 through 2.6.17.6 might allow local users to cause a denial of service (system crash), obtain sensitive information (kernel memory contents), or gain privileges via unspecified vectors related to a potentially dropped ipipe lock during a race between two pipe readers.

6.9
2007-09-21 CVE-2007-4569 KDE Permissions, Privileges, and Access Controls vulnerability in KDE

backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors.

6.8
2007-09-20 CVE-2007-5015 Streamline Code Injection vulnerability in Streamline 1.0Beta4

Multiple PHP remote file inclusion vulnerabilities in Streamline PHP Media Server 1.0-beta4 allow remote attackers to execute arbitrary PHP code via a URL in the sl_theme_unix_path parameter to (1) admin_footer.php, (2) info_footer.php, (3) theme_footer.php, (4) browse_footer.php, (5) account_footer.php, or (6) search_footer.php in core/theme/includes/.

6.8
2007-09-20 CVE-2007-5009 Phpbb2 Code Injection vulnerability in PHPbb2 Plus 1.53/1.53A

PHP remote file inclusion vulnerability in language/lang_german/lang_main_album.php in phpBB Plus 1.53, and 1.53a before 20070922, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

6.8
2007-09-19 CVE-2007-3286 Avaya Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Avaya IP Soft Phone 5.2/6.0

Multiple buffer overflows in unspecified ActiveX controls in COM objects in Avaya IP Softphone R5.2 before SP3, and R6.0, allow remote attackers to execute arbitrary code via unspecified vectors.

6.8
2007-09-18 CVE-2007-4966 Gforge SQL Injection vulnerability in Gforge

SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter.

6.8
2007-09-18 CVE-2007-4955 Joomla Code Injection vulnerability in Joomla Flash FUN Component 1.0

PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in the Flash Fun! (com_joomlaflashfun) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

6.8
2007-09-18 CVE-2007-4954 Joomla Code Injection vulnerability in Joomla Joom12Pic Component 1.0

PHP remote file inclusion vulnerability in admin.joom12pic.php in the joom12Pic (com_joom12pic) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

6.8
2007-09-18 CVE-2007-4935 Phpffl Code Injection vulnerability in PHPffl 1.24

Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) admin.php, (2) custom_pages.php, (3) draft.php, (4) faq.php, (5) leagues.php, (6) livedraft.php, (7) login.php, (8) my_team.php, (9) profile.php, (10) signup.php, (11) statistics.php, (12) transactions.php, (13) program_files/admin/custom_pages.php, or (14) program_files/common.php.

6.8
2007-09-17 CVE-2007-4923 Joomla Code Injection vulnerability in Joomla Radio 5

PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in the Joomla Radio 5 (com_joomlaradiov5) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

6.8
2007-09-17 CVE-2007-4906 Nuclearbb Code Injection vulnerability in Nuclearbb Alpha2

PHP remote file inclusion vulnerability in tasks/send_queued_emails.php in NuclearBB Alpha 2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.

6.8
2007-09-21 CVE-2007-4496 Vmware
Canonical
Resource Management Errors vulnerability in multiple products

Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows authenticated users with administrative privileges on a guest operating system to corrupt memory and possibly execute arbitrary code on the host operating system via unspecified vectors.

6.5
2007-09-19 CVE-2007-4976 Coppermine Path Traversal vulnerability in Coppermine Photo Gallery

Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a ..

6.5
2007-09-17 CVE-2007-4922 Jeuxflash
Kwsphp
SQL Injection vulnerability in multiple products

SQL injection vulnerability in play.php in the jeuxflash 1.0 module for KwsPHP allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a play ac action to index.php.

6.5
2007-09-17 CVE-2007-4902 Ultra Shareware Path Traversal vulnerability in Ultra Shareware Ultra Crypto Component 2.0.2007.801

Absolute path traversal vulnerability in a certain ActiveX control in CryptoX.dll 2.0 and earlier in the Ultra Crypto Component allows remote attackers to write to arbitrary files via a full pathname in the argument to the SaveToFile method.

6.4
2007-09-20 CVE-2007-5018 David Harris Buffer Errors vulnerability in David Harris Mercury 32 4.5.2

Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command.

6.0
2007-09-17 CVE-2007-4914 Invision Power Services Improper Input Validation vulnerability in Invision Power Services Invision Power Board

Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/.

6.0
2007-09-21 CVE-2007-4497 Vmware
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors.

5.5
2007-09-21 CVE-2007-5032 Francisco Burzi Cross-Site Request Forgery (CSRF) vulnerability in Francisco Burzi PHP-Nuke

Cross-site request forgery (CSRF) vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote attackers to add administrative accounts via an AddAuthor action with modified add_name and add_radminsuper parameters.

5.1
2007-09-18 CVE-2007-4948 Webmedia Explorer Code Injection vulnerability in Webmedia Explorer Webmedia Explorer 3.2.2

Multiple PHP remote file inclusion vulnerabilities in Webmedia Explorer (webmex) 3.2.2 allow remote attackers to execute arbitrary PHP code via (1) a URL in the path_include parameter to includes/rss.class.php, (2) a URL in the path_template parameter to (a) templates/main.tpl.php or (b) templates/folder_messages_link_message_name.tpl.php, or (4) a URL in the path_templates parameter to templates/sidebar.tpl.php.

5.1
2007-09-21 CVE-2007-5031 Dibbler Improper Input Validation vulnerability in Dibbler 0.6.0

The TSrvOptIA_NA::rebind method in SrvOptions/SrvOptIA_NA.cpp in Dibbler 0.6.0 allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via an invalid IA_NA option in a REBIND message.

5.0
2007-09-21 CVE-2007-5030 Dibbler Numeric Errors vulnerability in Dibbler 0.6.0

Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to cause a denial of service (daemon crash) via packets containing options with large lengths, which trigger attempts at excessive memory allocation, as demonstrated by (1) the TSrvMsg constructor in SrvMessages/SrvMsg.cpp; the (2) TClntMsg, (3) TClntOptIAAddress, (4) TClntOptIAPrefix, (5) TOptVendorSpecInfo, and (6) TOptOptionRequest constructors; and the (7) TRelIfaceMgr::decodeRelayRepl, (8) TRelMsg::decodeOpts, and (9) TSrvIfaceMgr::decodeRelayForw methods.

5.0
2007-09-21 CVE-2007-5029 Dibbler Improper Input Validation vulnerability in Dibbler 0.6.0

Dibbler 0.6.0 does not verify that certain length parameters are appropriate for buffer sizes, which allows remote attackers to trigger a buffer over-read and cause a denial of service (daemon crash), as demonstrated by incorrect behavior of the TSrvMsg constructor in SrvMessages/SrvMsg.cpp when (1) reading the option code and option length and (2) parsing options.

5.0
2007-09-21 CVE-2007-5026 Dblog Permissions, Privileges, and Access Controls vulnerability in Dblog CMS 2.0

dBlog CMS, probably 2.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for dblog.mdb.

5.0
2007-09-21 CVE-2007-4991 Microsoft Information Exposure vulnerability in Microsoft ISA Server 2004

The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.

5.0
2007-09-21 CVE-2007-5022 IBM Information Exposure vulnerability in IBM Tivoli Storage Manager Client

Unspecified vulnerability in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2, when using "server-initiated prompted scheduling," allows remote attackers to read a client's data, aka IC53616.

5.0
2007-09-20 CVE-2007-5017 Yahoo Path Traversal vulnerability in Yahoo Messenger 8.1.0.421

Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method.

5.0
2007-09-20 CVE-2007-5011 Wilson Windowware Information Exposure vulnerability in Wilson Windowware Webbatch

webbatch.exe in WebBatch allows remote attackers to obtain sensitive information via the dumpinputdata parameter.

5.0
2007-09-18 CVE-2007-4964 Winimage Improper Input Validation vulnerability in Winimage 8.0/8.10

WinImage 8.10 and earlier allows remote attackers to cause a denial of service (infinite loop) via an invalid BPB_BytsPerSec field in the header of a .IMG file.

5.0
2007-09-18 CVE-2007-4960 Linden LAB Cryptographic Issues vulnerability in Linden LAB Second Life 1

Argument injection vulnerability in the Linden Lab Second Life secondlife:// protocol handler, as used in Internet Explorer and possibly Firefox, allows remote attackers to obtain sensitive information via a '" ' (double-quote space) sequence followed by the -autologin and -loginuri arguments, which cause the handler to post login credentials and software installation details to an arbitrary URL.

5.0
2007-09-18 CVE-2007-4946 Jasmine Technologies Information Disclosure vulnerability in Lettergrade

LetterGrade allows remote attackers to obtain sensitive information (installation path or account existence) via unspecified vectors.

5.0
2007-09-18 CVE-2007-4944 Opera Information Disclosure vulnerability in Opera Web Browser

The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not clear memory before using it to process a new pattern, which allows remote attackers to obtain sensitive information (memory contents) via JavaScript.

5.0
2007-09-18 CVE-2007-4937 Comscripts Permissions, Privileges, and Access Controls vulnerability in Comscripts CS Guestbook

CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php.

5.0
2007-09-17 CVE-2007-4911 Cowon America Improper Input Validation vulnerability in Cowon America Jetcast Server 2

JSMP3OGGWt.dll in JetCast Server 2.0.0.4308 allows remote attackers to cause a denial of service (daemon crash) via a long .mp3 URI to TCP port 8000.

5.0
2007-09-18 CVE-2007-4928 Axis Cryptographic Issues vulnerability in Axis 207W Network Camera

The AXIS 207W camera stores a WEP or WPA key in cleartext in the configuration file, which might allow local users to obtain sensitive information.

4.9
2007-09-18 CVE-2007-4934 Phpffl Code Injection vulnerability in PHPffl 1.24

Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) program_files/livedraft/livedraft.php or (2) program_files/livedraft/admin.php.

4.6
2007-09-19 CVE-2007-4971 Isecsoft Improper Input Validation vulnerability in Isecsoft Prosecurity 1.40Beta2

ProSecurity 1.40 Beta 2 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteFile, (3) NtLoadDriver, (4) NtOpenSection, and (5) NtSetSystemTime.

4.4
2007-09-19 CVE-2007-4970 Diamondcs Improper Input Validation vulnerability in Diamondcs Processguard 3.410

ProcessGuard 3.410 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for Windows Native API functions including (1) NtCreateFile, (2) NtCreateKey, (3) NtDeleteValueKey, (4) NtOpenFile, (5) NtOpenKey, and (6) NtSetValueKey.

4.4
2007-09-19 CVE-2007-4969 Sysinternals Improper Input Validation vulnerability in Sysinternals Process Monitor 1.22

Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, and (7) NtUnloadKey.

4.4
2007-09-19 CVE-2007-4968 Privacyware Improper Input Validation vulnerability in Privacyware Privatefirewall 5.0.14.2

Privatefirewall 5.0.14.2 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for (1) NtOpenProcess and (2) NtOpenThread.

4.4
2007-09-19 CVE-2007-4967 Online Armor Improper Input Validation vulnerability in Online Armor Personal Firewall 2.0.1.215

Online Armor Personal Firewall 2.0.1.215 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtAllocateVirtualMemory, (2) NtConnectPort, (3) NtCreateFile, (4) NtCreateKey, (5) NtCreatePort, (6) NtDeleteFile, (7) NtDeleteValueKey, (8) NtLoadKey, (9) NtOpenFile, (10) NtOpenProcess, (11) NtOpenThread, (12) NtResumeThread, (13) NtSetContextThread, (14) NtSetValueKey, (15) NtSuspendProcess, (16) NtSuspendThread, and (17) NtTerminateThread.

4.4
2007-09-21 CVE-2007-5034 Elinks Information Exposure vulnerability in Elinks

ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS.

4.3
2007-09-21 CVE-2007-5033 Phpbb XS Cross-Site Scripting vulnerability in PHPbb XS PHPbb XS 2

Cross-site scripting (XSS) vulnerability in profile.php in phpBB XS 2 allows remote attackers to inject arbitrary web script or HTML via the selfdes parameter in a profile_info editprofile action.

4.3
2007-09-21 CVE-2007-5027 Level ONE Cross-Site Scripting vulnerability in Level ONE Wbr3404Tx

Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/ddns in the web management panel for the WBR3404TX broadband router with firmware R1.94p0vTIG allow remote attackers to inject arbitrary web script or HTML via the (1) DD or (2) DU parameter.

4.3
2007-09-21 CVE-2007-4066 Xiph ORG Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xiph.Org Libvorbis

Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array.

4.3
2007-09-21 CVE-2007-4065 Xiph ORG Unspecified vulnerability in Xiph.Org Libvorbis

lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217.

4.3
2007-09-20 CVE-2007-5013 Phormer Cross-Site Scripting vulnerability in Phormer 3.31

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Phormer 3.31 allow remote attackers to inject arbitrary web script or HTML via the (1) u, (2) p, (3) c, and (4) s parameters, and other unspecified vectors.

4.3
2007-09-20 CVE-2007-5012 Phpwebgallery Cross-Site Scripting vulnerability in PHPwebgallery 1.7.0

Cross-site scripting (XSS) vulnerability in picture.php in PhpWebGallery 1.7.0, when Comments for all is enabled, allows remote attackers to inject arbitrary web script or HTML via the author parameter.

4.3
2007-09-20 CVE-2007-5010 Wilson Windowware Cross-Site Scripting vulnerability in Wilson Windowware Webbatch 2007C

Cross-site scripting (XSS) vulnerability in WebBatch allows remote attackers to inject arbitrary web script or HTML via the URL to webbatch.exe.

4.3
2007-09-19 CVE-2007-4981 Oblius Cross-Site Scripting vulnerability in Oblius Obedit 3.03

Cross-site scripting (XSS) vulnerability in the save function in Obedit 3.03 allows user-assisted remote attackers to inject arbitrary web script or HTML via unknown vectors, as demonstrated by a SCRIPT element in an unspecified context when saving a document.

4.3
2007-09-19 CVE-2007-4980 Gcaldaemon Numeric Errors vulnerability in Gcaldaemon 1.0Beta13

The readRequest method in org/gcaldaemon/core/http/HTTPListener.java in GCALDaemon 1.0-beta13 allows remote attackers to cause a denial of service via a large integer value in the Content-Length HTTP header, which triggers a fatal Java OutOfMemoryError.

4.3
2007-09-19 CVE-2007-4975 B1G Cross-Site Scripting vulnerability in B1G B1Gmail 6.3.1

Cross-site scripting (XSS) vulnerability in hilfe.php in b1gMail 6.3.1 allows remote attackers to inject arbitrary web script or HTML via the chapter parameter.

4.3
2007-09-18 CVE-2007-4959 Jelsoft Cross-Site Scripting vulnerability in Jelsoft Oscmax 2.0.0Rc301

Cross-site scripting (XSS) vulnerability in catalog_products_with_images.php in osCMax 2.0.0-RC3-0-1 allows remote attackers to inject arbitrary web script or HTML via the URI.

4.3
2007-09-18 CVE-2007-4958 Tinywebgallery Cross-Site Scripting vulnerability in Tinywebgallery 1.6.3.4

Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) 1.6.3.4 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) index.php, (2) i_frames/i_login.php, and (3) i_frames/i_top_tags.php.

4.3
2007-09-18 CVE-2007-4945 Jasmine Technologies Cross-Site Scripting vulnerability in Jasmine Technologies Lettergrade

Multiple cross-site scripting (XSS) vulnerabilities in LetterGrade allow remote attackers to inject arbitrary web script or HTML via (1) a student's email address, (2) the year parameter to genbrws/Student/cal_month.php3, and other unspecified vectors related to the calendar.

4.3
2007-09-18 CVE-2007-4930 Axis Cross-Site Request Forgery (CSRF) vulnerability in Axis 207W Network Camera

Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 207W camera allow remote attackers to perform certain actions as administrators via (1) axis-cgi/admin/restart.cgi, (2) the user and sgrp parameters to axis-cgi/admin/pwdgrp.cgi in an add action, or (3) the server parameter to admin/restartMessage.shtml.

4.3
2007-09-18 CVE-2007-4929 Axis Cross-Site Scripting vulnerability in Axis 207W Network Camera

Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W camera allow remote attackers to inject arbitrary web script or HTML via the camNo parameter to incl/image_incl.shtml, and other unspecified vectors.

4.3
2007-09-17 CVE-2007-4917 PHP Stats Cross-Site Scripting vulnerability in PHP-Stats 0.1.9.2

Cross-site scripting (XSS) vulnerability in tracking.php in PHP-Stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the ip parameter in an online action, a different vector than CVE-2007-4334.

4.3
2007-09-17 CVE-2007-4912 Invision Power Services Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board

Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8.

4.3
2007-09-17 CVE-2007-4904 Realnetworks Numeric Errors vulnerability in Realnetworks Helix Player and Realplayer

RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error.

4.3

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-09-19 CVE-2007-4977 Coppermine Cross-Site Scripting vulnerability in Coppermine Photo Gallery

Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter.

3.5
2007-09-18 CVE-2007-4927 Axis Improper Input Validation vulnerability in Axis 207W Network Camera

axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action.

3.5
2007-09-21 CVE-2007-5024 EMC Cryptographic Issues vulnerability in EMC VMWare Server 1.0.4/1.0.4Build56528

EMC VMware Server before 1.0.4 Build 56528 writes passwords in cleartext to unspecified log files, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2005-3620.

2.1
2007-09-18 CVE-2007-4931 HP Unspecified vulnerability in HP System Management Homepage

HP System Management Homepage (SMH) for Windows, when used in conjunction with HP Version Control Agent or Version Control Repository Manager, leaves old OpenSSL software active after an OpenSSL update, which has unknown impact and attack vectors, probably related to previous vulnerabilities for OpenSSL.

2.1
2007-09-17 CVE-2007-3654 Netbsd Improper Input Validation vulnerability in Netbsd

The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2, and NetBSD-current before 20070728, allow local users to cause a denial of service (panic) via a (1) negative or (2) large value in an ioctl call, as demonstrated by the vga_allocattr function.

2.1
2007-09-17 CVE-2007-3379 Redhat Denial-Of-Service vulnerability in Enterprise Linux for SAP

Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_gate_vma function and the fuser command.

2.1
2007-09-19 CVE-2007-4972 Sysinternals Permissions, Privileges, and Access Controls vulnerability in Sysinternals Regmon 7.04

RegMon 7.04 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks to the (1) NtCreateKey and (2) NtOpenKey Windows Native API functions.

1.9
2007-09-18 CVE-2007-4751 Data Vision Cryptographic Issues vulnerability in Data-Vision Remotedocs R-Viewer

RemoteDocs R-Viewer before 1.6.3768 stores encrypted RDZ file data in unencrypted temporary files, which allows local users to obtain sensitive information by reading the temporary files.

1.9
2007-09-18 CVE-2007-0004 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Linux 3.0

The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the server would deny, and possibly obtain sensitive information about file permissions on the server, as demonstrated in a root_squash environment.

1.9