Weekly Vulnerabilities Reports > September 17 to 23, 2007
Overview
123 new vulnerabilities reported during this period, including 23 critical vulnerabilities and 30 high severity vulnerabilities. This weekly summary report vulnerabilities in 128 products from 97 vendors including Vmware, Canonical, Axis, HP, and Dibbler. Vulnerabilities are notably categorized as "Code Injection", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", and "SQL Injection".
- 104 reported vulnerabilities are remotely exploitables.
- 37 reported vulnerabilities have public exploit available.
- 35 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 113 reported vulnerabilities are exploitable by an anonymous user.
- Vmware has the most reported vulnerabilities, with 7 reported vulnerabilities.
- Vmware has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
23 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-09-21 | CVE-2007-0063 | Vmware Canonical | Integer Underflow (Wrap OR Wraparound) vulnerability in multiple products Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow. | 10.0 |
2007-09-21 | CVE-2007-0062 | Vmware | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare products Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients. | 10.0 |
2007-09-21 | CVE-2007-0061 | Vmware Canonical | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory." | 10.0 |
2007-09-20 | CVE-2007-5019 | SUN | Buffer Errors vulnerability in SUN Java web Start, JRE and SDK Buffer overflow in the Sun Java Web Start ActiveX control in Java Runtime Environment (JRE) 1.6.0_X allows remote attackers to have an unknown impact via a long argument to the dnsResolve (isInstalled.dnsResolve) method. | 10.0 |
2007-09-19 | CVE-2007-4983 | Cowon America | Path Traversal vulnerability in Cowon America Jetaudio 7.0.3.3016/7.0.3Basic Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a ..\ (dot dot backslash) in the second argument to the DownloadFromMusicStore method. | 10.0 |
2007-09-19 | CVE-2007-4982 | MW6 Technologies | Path Traversal vulnerability in MW6 Technologies Qrcode Activex Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll in MW6 Technologies QRCode ActiveX 3.0.0.1 and earlier allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveAsBMP or (2) SaveAsWMF method. | 10.0 |
2007-09-17 | CVE-2007-4916 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP All-In-On Printer and Photo and Imaging Gallery Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument. | 10.0 |
2007-09-17 | CVE-2007-4915 | BOA | Improper Input Validation vulnerability in BOA Webserver 0.93.15 The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long username in an HTTP Basic Authentication request. | 10.0 |
2007-09-17 | CVE-2007-4910 | Netinvoicing | Security vulnerability in Netinvoicing 2.7/2.7.1/2.7.2 Unspecified vulnerability in netInvoicing before 2.7.3 has unknown impact and attack vectors, related to "security check soap". | 10.0 |
2007-09-18 | CVE-2007-3010 | AL Enterprise | Unspecified vulnerability in Al-Enterprise Omnipcx Enterprise Communication Server masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action. | 9.8 |
2007-09-21 | CVE-2007-5025 | Vmware | Remote Security vulnerability in VMWare ACE 1.0.3Build54075 Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 allows attackers to have an unknown impact via an unspecified manipulation of "images stored in virtual machines downloaded by the user." | 9.3 |
2007-09-21 | CVE-2007-5020 | Adobe | Code Injection vulnerability in Adobe Acrobat and Acrobat Reader Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. | 9.3 |
2007-09-18 | CVE-2007-4963 | Winimage | Directory Traversal vulnerability in Winimage 8.0/8.10 Visual truncation vulnerability in WinImage 8.10 and earlier allows remote attackers to spoof a destination filename via a long sequence of space characters in a filename within a (1) .IMG or (2) .ISO file. | 9.3 |
2007-09-18 | CVE-2007-4962 | Winimage | Path Traversal vulnerability in Winimage 8.0/8.10 Directory traversal vulnerability in WinImage 8.10 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a .. | 9.3 |
2007-09-18 | CVE-2007-4750 | Data Vision | Cryptographic Issues vulnerability in Data-Vision Remotedocs R-Viewer Unspecified vulnerability in RemoteDocs R-Viewer before 1.6.3768 allows user-assisted remote attackers to execute arbitrary code via a crafted RDZ archive in which the first file has an executable extension. | 9.3 |
2007-09-18 | CVE-2007-2834 | Apache SUN Debian Canonical | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow. | 9.3 |
2007-09-18 | CVE-2007-0326 | Photochannel | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Photochannel PNI Digital Media Upload Plugin Activex Control Multiple stack-based buffer overflows in the PhotoChannel Networks PNI Digital Media Photo Upload Plugin ActiveX control before 2.0.0.10, as used by multiple retailers, allow remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
2007-09-18 | CVE-2007-4943 | Baofeng | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Baofeng Storm Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allow remote attackers to execute arbitrary code via malformed input in an unknown set of arguments or property values, a different DLL than CVE-2007-4816. | 9.3 |
2007-09-18 | CVE-2007-4940 | Guliverkli Mympc Verycd | Numeric Errors vulnerability in multiple products Multiple integer overflows in Media Player Classic (MPC) 6.4.9.0 and earlier, as used standalone and in mympc (aka CD-Storm) 1.0.0.1, StormPlayer 1.0.4, and possibly other products, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values. | 9.3 |
2007-09-18 | CVE-2007-4939 | Guliverkli Mympc Verycd | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in mplayerc.exe in Media Player Classic (MPC) 6.4.9.0 and earlier, as used standalone and in mympc (aka CD-Storm) 1.0.0.1, StormPlayer 1.0.4, and possibly other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with an "indx truck size" of 0xffffffff, and certain wLongsPerEntry and nEntriesInuse values. | 9.3 |
2007-09-18 | CVE-2007-4926 | Axis | Cryptographic Issues vulnerability in Axis 207W Camera The AXIS 207W camera uses a base64-encoded cleartext username and password for authentication, which allows remote attackers to obtain sensitive information by sniffing the wireless network or by leveraging unspecified other vectors. | 9.3 |
2007-09-17 | CVE-2007-4909 | Winscp | Permissions, Privileges, and Access Controls vulnerability in Winscp Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. | 9.3 |
2007-09-20 | CVE-2007-5008 | HP | Improper Authentication vulnerability in HP Hp-Ux 11.11/11.23/11.31 The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not correctly report password status, which allows remote attackers to obtain privileges when certain "password issues" are not detected. | 9.0 |
30 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-09-18 | CVE-2007-4938 | Apple HP IBM Linux Mandrakesoft Microsoft Santa Cruz Operation SUN Windriver Mplayer SGI | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value. | 7.6 |
2007-09-21 | CVE-2007-5028 | Dibbler | Information Exposure vulnerability in Dibbler 0.6.0 Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspecified files in /var/lib/dibbler, which has unknown impact and local attack vectors. | 7.5 |
2007-09-20 | CVE-2007-5016 | Insane Visions | SQL Injection vulnerability in Insane Visions Onecms 2.4 SQL injection vulnerability in userreviews.php in OneCMS 2.4 allows remote attackers to execute arbitrary SQL commands via the abc parameter. | 7.5 |
2007-09-20 | CVE-2007-5014 | Derek Leung | Code Injection vulnerability in Derek Leung Pslash 0.70 Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 allow remote attackers to execute arbitrary PHP code via a URL in (1) the lvc_admin_dir parameter to modules/visitors2/admin/view-archiver.inc.php or (2) the lvc_include_dir parameter to modules/visitors2/include/menus.inc.php. | 7.5 |
2007-09-19 | CVE-2007-4984 | Ktauber Phpbb | SQL Injection vulnerability in Ktauber Stylesdemo 0.9.9 SQL injection vulnerability in index.php in the Ktauber.com StylesDemo mod for phpBB 2.0.xx allows remote attackers to execute arbitrary SQL commands via the s parameter. | 7.5 |
2007-09-19 | CVE-2007-4979 | Kwsphp | SQL Injection vulnerability in Kwsphp 1.0 SQL injection vulnerability in index.php in the sondages module in KwsPHP 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a results action, a different module than CVE-2007-4956.2. | 7.5 |
2007-09-19 | CVE-2007-4978 | Phpsyncml | Code Injection vulnerability in PHPsyncml Multiple PHP remote file inclusion vulnerabilities in phpSyncML 0.1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) Decoder.php and (2) Encoder.php in WBXML/. | 7.5 |
2007-09-19 | CVE-2007-4827 | Automated Solutions | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Automated Solutions Modbus Slave Activex Control Unspecified vulnerability in the Modbus/TCP Diagnostic function in MiniHMI.exe for the Automated Solutions Modbus Slave ActiveX Control before 1.5 allows remote attackers to corrupt the heap and possibly execute arbitrary code via malformed Modbus requests to TCP port 502. | 7.5 |
2007-09-19 | CVE-2007-4974 | Mega Nerd | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mega-Nerd Libsndfile Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size. | 7.5 |
2007-09-18 | CVE-2007-4961 | Lindenlab | Missing Encryption of Sensitive Data vulnerability in Lindenlab Second Life The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending this hash to a Second Life authentication server. | 7.5 |
2007-09-18 | CVE-2007-4957 | Chupix | Path Traversal vulnerability in Chupix CMS 0.2.3 Multiple directory traversal vulnerabilities in download.php in Chupix CMS 0.2.3 allow remote attackers to read or overwrite arbitrary files via a .. | 7.5 |
2007-09-18 | CVE-2007-4956 | Kwsphp | SQL Injection vulnerability in Kwsphp 1.0 Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module. | 7.5 |
2007-09-18 | CVE-2007-4953 | Simpcms | SQL Injection vulnerability in Simpcms SQL injection vulnerability in index.php in SimpCMS allows remote attackers to execute arbitrary SQL commands via the keyword parameter in a search site action. | 7.5 |
2007-09-18 | CVE-2007-4952 | Omnistar Interactive | SQL Injection vulnerability in Omnistar Interactive Omnistar Article Manager SQL injection vulnerability in article.php in OmniStar Article Manager allows remote attackers to execute arbitrary SQL commands via the page_id parameter in a favorite op action, a different vector than CVE-2006-5917. | 7.5 |
2007-09-18 | CVE-2007-4947 | Myphppagetool | Code Injection vulnerability in Myphppagetool 0.4.3 Multiple PHP remote file inclusion vulnerabilities in myphpPagetool 0.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the ptinclude parameter to (1) help1.php, (2) help2.php, (3) help3.php, (4) help4.php, (5) help5.php, (6) help6.php, (7) help7.php, (7) help8.php, (8) help9.php, or (10) index.php in doc/admin/. | 7.5 |
2007-09-18 | CVE-2007-4942 | Focus SIS | Code Injection vulnerability in Focus-Sis Focus SIS 1.0 PHP remote file inclusion vulnerability in modules/Discipline/StudentFieldBreakdown.php in Focus/SIS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the FocusPath parameter, a different vector than CVE-2007-4806. | 7.5 |
2007-09-18 | CVE-2007-4936 | Office Efficiencies | Security vulnerability in Office Efficiencies Safesquid 4.1/4.1.1/4.1.2 Unspecified vulnerability in Office Efficiencies SafeSquid 4.1.x has unknown impact and attack vectors, related to a "serious security flaw," possibly specific to Linux. | 7.5 |
2007-09-18 | CVE-2007-4933 | Shop Script | Code Injection vulnerability in Shop-Script 2.0 Direct static code injection vulnerability in includes/admin/sub/conf_appearence.php in Shop-Script FREE 2.0 and earlier allows remote attackers to inject arbitrary PHP code into cfg/appearence.inc.php via a save_appearence action in admin.php, as demonstrated with the (1) productscount, (2) colscount, and (3) darkcolor parameters. | 7.5 |
2007-09-18 | CVE-2007-4932 | Shop Script | Improper Input Validation vulnerability in Shop-Script admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to access the admin panel. | 7.5 |
2007-09-18 | CVE-2007-4925 | Ewire | Improper Input Validation vulnerability in Ewire Payment Client 1.60/1.70 The ewirePC_Decrypt function in ewirepcfunctions.php in eWire Payment Client (ePC) 1.60 and 1.70 allows remote attackers to execute arbitrary commands via shell metacharacters in the paymentinfo parameter to simplePHPLinux/3payment_receive.php. | 7.5 |
2007-09-17 | CVE-2007-4921 | Ajax | Code Injection vulnerability in Ajax File Browser 3Beta PHP remote file inclusion vulnerability in _includes/settings.inc.php in Ajax File Browser 3 Beta allows remote attackers to execute arbitrary PHP code via a URL in the approot parameter. | 7.5 |
2007-09-17 | CVE-2007-4920 | PHP Webquest | SQL Injection vulnerability in PHP Webquest PHP Webquest SQL injection vulnerability in soporte_derecha_w.php in PHP Webquest 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter. | 7.5 |
2007-09-17 | CVE-2007-4919 | Jblog | SQL Injection vulnerability in Jblog 1.0 Multiple SQL injection vulnerabilities in JBlog 1.0 allow (1) remote attackers to execute arbitrary SQL commands via the id parameter to index.php, and allow (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter to admin/modifpost.php. | 7.5 |
2007-09-17 | CVE-2007-4918 | Gelatocms | SQL Injection vulnerability in Gelatocms 0.90/0.95/Nil SQL injection vulnerability in classes/gelato.class.php in Gelato allows remote attackers to execute arbitrary SQL commands via the post parameter to index.php. | 7.5 |
2007-09-17 | CVE-2007-4913 | Invision Power Services | Code Injection vulnerability in Invision Power Services Invision Power Board ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. | 7.5 |
2007-09-17 | CVE-2007-4908 | Auracms | Path Traversal vulnerability in Auracms Directory traversal vulnerability in index.php in AuraCMS 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2007-09-17 | CVE-2007-4907 | Qualiteam | Code Injection vulnerability in Qualiteam X-Cart 3.5.0 Multiple PHP remote file inclusion vulnerabilities in X-Cart allow remote attackers to execute arbitrary PHP code via a URL in the xcart_dir parameter to (1) config.php, (2) prepare.php, (3) smarty.php, (4) customer/product.php, (5) provider/auth.php, and (6) admin/auth.php. | 7.5 |
2007-09-17 | CVE-2007-4905 | Auracms | Improper Input Validation vulnerability in Auracms 2.1 Unrestricted file upload vulnerability in mod/contak.php in AuraCMS 2.1 allows remote attackers to upload and execute arbitrary PHP files via the image parameter, which places a file under files/. | 7.5 |
2007-09-17 | CVE-2007-4903 | Ultra Shareware | Buffer Errors vulnerability in Ultra Shareware Ultra Crypto Component 2.0.2007.801 Multiple buffer overflows in a certain ActiveX control in CryptoX.dll 2.0 and earlier in the Ultra Crypto Component allow remote attackers to execute arbitrary code via (1) a long string in the first argument to the AcquireContext method or (2) an unspecified vector to the DeleteContext method. | 7.5 |
2007-09-18 | CVE-2007-4941 | KDE | Resource Management Errors vulnerability in KDE Kmplayer KMPlayer 2.9.3.1210 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a .avi file with certain large "indx truck size" and nEntriesInuse values. | 7.1 |
61 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-09-21 | CVE-2007-5023 | Vmware Canonical | Permissions, Privileges, and Access Controls vulnerability in multiple products Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious "program.exe" file in the C: folder. | 6.9 |
2007-09-18 | CVE-2007-0997 | Linux | Race Condition vulnerability in Linux Kernel Race condition in the tee (sys_tee) system call in the Linux kernel 2.6.17 through 2.6.17.6 might allow local users to cause a denial of service (system crash), obtain sensitive information (kernel memory contents), or gain privileges via unspecified vectors related to a potentially dropped ipipe lock during a race between two pipe readers. | 6.9 |
2007-09-21 | CVE-2007-4569 | KDE | Permissions, Privileges, and Access Controls vulnerability in KDE backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors. | 6.8 |
2007-09-20 | CVE-2007-5015 | Streamline | Code Injection vulnerability in Streamline 1.0Beta4 Multiple PHP remote file inclusion vulnerabilities in Streamline PHP Media Server 1.0-beta4 allow remote attackers to execute arbitrary PHP code via a URL in the sl_theme_unix_path parameter to (1) admin_footer.php, (2) info_footer.php, (3) theme_footer.php, (4) browse_footer.php, (5) account_footer.php, or (6) search_footer.php in core/theme/includes/. | 6.8 |
2007-09-20 | CVE-2007-5009 | Phpbb2 | Code Injection vulnerability in PHPbb2 Plus 1.53/1.53A PHP remote file inclusion vulnerability in language/lang_german/lang_main_album.php in phpBB Plus 1.53, and 1.53a before 20070922, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 6.8 |
2007-09-19 | CVE-2007-3286 | Avaya | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Avaya IP Soft Phone 5.2/6.0 Multiple buffer overflows in unspecified ActiveX controls in COM objects in Avaya IP Softphone R5.2 before SP3, and R6.0, allow remote attackers to execute arbitrary code via unspecified vectors. | 6.8 |
2007-09-18 | CVE-2007-4966 | Gforge | SQL Injection vulnerability in Gforge SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter. | 6.8 |
2007-09-18 | CVE-2007-4955 | Joomla | Code Injection vulnerability in Joomla Flash FUN Component 1.0 PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in the Flash Fun! (com_joomlaflashfun) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | 6.8 |
2007-09-18 | CVE-2007-4954 | Joomla | Code Injection vulnerability in Joomla Joom12Pic Component 1.0 PHP remote file inclusion vulnerability in admin.joom12pic.php in the joom12Pic (com_joom12pic) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | 6.8 |
2007-09-18 | CVE-2007-4935 | Phpffl | Code Injection vulnerability in PHPffl 1.24 Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) admin.php, (2) custom_pages.php, (3) draft.php, (4) faq.php, (5) leagues.php, (6) livedraft.php, (7) login.php, (8) my_team.php, (9) profile.php, (10) signup.php, (11) statistics.php, (12) transactions.php, (13) program_files/admin/custom_pages.php, or (14) program_files/common.php. | 6.8 |
2007-09-17 | CVE-2007-4923 | Joomla | Code Injection vulnerability in Joomla Radio 5 PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in the Joomla Radio 5 (com_joomlaradiov5) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | 6.8 |
2007-09-17 | CVE-2007-4906 | Nuclearbb | Code Injection vulnerability in Nuclearbb Alpha2 PHP remote file inclusion vulnerability in tasks/send_queued_emails.php in NuclearBB Alpha 2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | 6.8 |
2007-09-21 | CVE-2007-4496 | Vmware Canonical | Resource Management Errors vulnerability in multiple products Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows authenticated users with administrative privileges on a guest operating system to corrupt memory and possibly execute arbitrary code on the host operating system via unspecified vectors. | 6.5 |
2007-09-19 | CVE-2007-4976 | Coppermine | Path Traversal vulnerability in Coppermine Photo Gallery Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. | 6.5 |
2007-09-17 | CVE-2007-4922 | Jeuxflash Kwsphp | SQL Injection vulnerability in multiple products SQL injection vulnerability in play.php in the jeuxflash 1.0 module for KwsPHP allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a play ac action to index.php. | 6.5 |
2007-09-17 | CVE-2007-4902 | Ultra Shareware | Path Traversal vulnerability in Ultra Shareware Ultra Crypto Component 2.0.2007.801 Absolute path traversal vulnerability in a certain ActiveX control in CryptoX.dll 2.0 and earlier in the Ultra Crypto Component allows remote attackers to write to arbitrary files via a full pathname in the argument to the SaveToFile method. | 6.4 |
2007-09-20 | CVE-2007-5018 | David Harris | Buffer Errors vulnerability in David Harris Mercury 32 4.5.2 Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. | 6.0 |
2007-09-17 | CVE-2007-4914 | Invision Power Services | Improper Input Validation vulnerability in Invision Power Services Invision Power Board Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/. | 6.0 |
2007-09-21 | CVE-2007-4497 | Vmware Canonical | Permissions, Privileges, and Access Controls vulnerability in multiple products Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors. | 5.5 |
2007-09-21 | CVE-2007-5032 | Francisco Burzi | Cross-Site Request Forgery (CSRF) vulnerability in Francisco Burzi PHP-Nuke Cross-site request forgery (CSRF) vulnerability in admin.php in Francisco Burzi PHP-Nuke allows remote attackers to add administrative accounts via an AddAuthor action with modified add_name and add_radminsuper parameters. | 5.1 |
2007-09-18 | CVE-2007-4948 | Webmedia Explorer | Code Injection vulnerability in Webmedia Explorer Webmedia Explorer 3.2.2 Multiple PHP remote file inclusion vulnerabilities in Webmedia Explorer (webmex) 3.2.2 allow remote attackers to execute arbitrary PHP code via (1) a URL in the path_include parameter to includes/rss.class.php, (2) a URL in the path_template parameter to (a) templates/main.tpl.php or (b) templates/folder_messages_link_message_name.tpl.php, or (4) a URL in the path_templates parameter to templates/sidebar.tpl.php. | 5.1 |
2007-09-21 | CVE-2007-5031 | Dibbler | Improper Input Validation vulnerability in Dibbler 0.6.0 The TSrvOptIA_NA::rebind method in SrvOptions/SrvOptIA_NA.cpp in Dibbler 0.6.0 allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via an invalid IA_NA option in a REBIND message. | 5.0 |
2007-09-21 | CVE-2007-5030 | Dibbler | Numeric Errors vulnerability in Dibbler 0.6.0 Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to cause a denial of service (daemon crash) via packets containing options with large lengths, which trigger attempts at excessive memory allocation, as demonstrated by (1) the TSrvMsg constructor in SrvMessages/SrvMsg.cpp; the (2) TClntMsg, (3) TClntOptIAAddress, (4) TClntOptIAPrefix, (5) TOptVendorSpecInfo, and (6) TOptOptionRequest constructors; and the (7) TRelIfaceMgr::decodeRelayRepl, (8) TRelMsg::decodeOpts, and (9) TSrvIfaceMgr::decodeRelayForw methods. | 5.0 |
2007-09-21 | CVE-2007-5029 | Dibbler | Improper Input Validation vulnerability in Dibbler 0.6.0 Dibbler 0.6.0 does not verify that certain length parameters are appropriate for buffer sizes, which allows remote attackers to trigger a buffer over-read and cause a denial of service (daemon crash), as demonstrated by incorrect behavior of the TSrvMsg constructor in SrvMessages/SrvMsg.cpp when (1) reading the option code and option length and (2) parsing options. | 5.0 |
2007-09-21 | CVE-2007-5026 | Dblog | Permissions, Privileges, and Access Controls vulnerability in Dblog CMS 2.0 dBlog CMS, probably 2.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for dblog.mdb. | 5.0 |
2007-09-21 | CVE-2007-4991 | Microsoft | Information Exposure vulnerability in Microsoft ISA Server 2004 The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet. | 5.0 |
2007-09-21 | CVE-2007-5022 | IBM | Information Exposure vulnerability in IBM Tivoli Storage Manager Client Unspecified vulnerability in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2, when using "server-initiated prompted scheduling," allows remote attackers to read a client's data, aka IC53616. | 5.0 |
2007-09-20 | CVE-2007-5017 | Yahoo | Path Traversal vulnerability in Yahoo Messenger 8.1.0.421 Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method. | 5.0 |
2007-09-20 | CVE-2007-5011 | Wilson Windowware | Information Exposure vulnerability in Wilson Windowware Webbatch webbatch.exe in WebBatch allows remote attackers to obtain sensitive information via the dumpinputdata parameter. | 5.0 |
2007-09-18 | CVE-2007-4964 | Winimage | Improper Input Validation vulnerability in Winimage 8.0/8.10 WinImage 8.10 and earlier allows remote attackers to cause a denial of service (infinite loop) via an invalid BPB_BytsPerSec field in the header of a .IMG file. | 5.0 |
2007-09-18 | CVE-2007-4960 | Linden LAB | Cryptographic Issues vulnerability in Linden LAB Second Life 1 Argument injection vulnerability in the Linden Lab Second Life secondlife:// protocol handler, as used in Internet Explorer and possibly Firefox, allows remote attackers to obtain sensitive information via a '" ' (double-quote space) sequence followed by the -autologin and -loginuri arguments, which cause the handler to post login credentials and software installation details to an arbitrary URL. | 5.0 |
2007-09-18 | CVE-2007-4946 | Jasmine Technologies | Information Disclosure vulnerability in Lettergrade LetterGrade allows remote attackers to obtain sensitive information (installation path or account existence) via unspecified vectors. | 5.0 |
2007-09-18 | CVE-2007-4944 | Opera | Information Disclosure vulnerability in Opera Web Browser The canvas.createPattern function in Opera 9.x before 9.22 for Linux, FreeBSD, and Solaris does not clear memory before using it to process a new pattern, which allows remote attackers to obtain sensitive information (memory contents) via JavaScript. | 5.0 |
2007-09-18 | CVE-2007-4937 | Comscripts | Permissions, Privileges, and Access Controls vulnerability in Comscripts CS Guestbook CS Guestbook stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin name and MD5 password hash via a direct request for base/usr/0.php. | 5.0 |
2007-09-17 | CVE-2007-4911 | Cowon America | Improper Input Validation vulnerability in Cowon America Jetcast Server 2 JSMP3OGGWt.dll in JetCast Server 2.0.0.4308 allows remote attackers to cause a denial of service (daemon crash) via a long .mp3 URI to TCP port 8000. | 5.0 |
2007-09-18 | CVE-2007-4928 | Axis | Cryptographic Issues vulnerability in Axis 207W Network Camera The AXIS 207W camera stores a WEP or WPA key in cleartext in the configuration file, which might allow local users to obtain sensitive information. | 4.9 |
2007-09-18 | CVE-2007-4934 | Phpffl | Code Injection vulnerability in PHPffl 1.24 Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) program_files/livedraft/livedraft.php or (2) program_files/livedraft/admin.php. | 4.6 |
2007-09-19 | CVE-2007-4971 | Isecsoft | Improper Input Validation vulnerability in Isecsoft Prosecurity 1.40Beta2 ProSecurity 1.40 Beta 2 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteFile, (3) NtLoadDriver, (4) NtOpenSection, and (5) NtSetSystemTime. | 4.4 |
2007-09-19 | CVE-2007-4970 | Diamondcs | Improper Input Validation vulnerability in Diamondcs Processguard 3.410 ProcessGuard 3.410 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for Windows Native API functions including (1) NtCreateFile, (2) NtCreateKey, (3) NtDeleteValueKey, (4) NtOpenFile, (5) NtOpenKey, and (6) NtSetValueKey. | 4.4 |
2007-09-19 | CVE-2007-4969 | Sysinternals | Improper Input Validation vulnerability in Sysinternals Process Monitor 1.22 Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtLoadKey, (4) NtOpenKey, (5) NtQueryValueKey, (6) NtSetValueKey, and (7) NtUnloadKey. | 4.4 |
2007-09-19 | CVE-2007-4968 | Privacyware | Improper Input Validation vulnerability in Privacyware Privatefirewall 5.0.14.2 Privatefirewall 5.0.14.2 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for (1) NtOpenProcess and (2) NtOpenThread. | 4.4 |
2007-09-19 | CVE-2007-4967 | Online Armor | Improper Input Validation vulnerability in Online Armor Personal Firewall 2.0.1.215 Online Armor Personal Firewall 2.0.1.215 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtAllocateVirtualMemory, (2) NtConnectPort, (3) NtCreateFile, (4) NtCreateKey, (5) NtCreatePort, (6) NtDeleteFile, (7) NtDeleteValueKey, (8) NtLoadKey, (9) NtOpenFile, (10) NtOpenProcess, (11) NtOpenThread, (12) NtResumeThread, (13) NtSetContextThread, (14) NtSetValueKey, (15) NtSuspendProcess, (16) NtSuspendThread, and (17) NtTerminateThread. | 4.4 |
2007-09-21 | CVE-2007-5034 | Elinks | Information Exposure vulnerability in Elinks ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. | 4.3 |
2007-09-21 | CVE-2007-5033 | Phpbb XS | Cross-Site Scripting vulnerability in PHPbb XS PHPbb XS 2 Cross-site scripting (XSS) vulnerability in profile.php in phpBB XS 2 allows remote attackers to inject arbitrary web script or HTML via the selfdes parameter in a profile_info editprofile action. | 4.3 |
2007-09-21 | CVE-2007-5027 | Level ONE | Cross-Site Scripting vulnerability in Level ONE Wbr3404Tx Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/ddns in the web management panel for the WBR3404TX broadband router with firmware R1.94p0vTIG allow remote attackers to inject arbitrary web script or HTML via the (1) DD or (2) DU parameter. | 4.3 |
2007-09-21 | CVE-2007-4066 | Xiph ORG | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xiph.Org Libvorbis Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow context-dependent attackers to cause a denial of service or have other unspecified impact via a crafted OGG file, aka trac Changesets 13162, 13168, 13169, 13170, 13172, 13211, and 13215, as demonstrated by an overflow in oggenc.exe related to the _psy_noiseguards_8 array. | 4.3 |
2007-09-21 | CVE-2007-4065 | Xiph ORG | Unspecified vulnerability in Xiph.Org Libvorbis lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217. | 4.3 |
2007-09-20 | CVE-2007-5013 | Phormer | Cross-Site Scripting vulnerability in Phormer 3.31 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Phormer 3.31 allow remote attackers to inject arbitrary web script or HTML via the (1) u, (2) p, (3) c, and (4) s parameters, and other unspecified vectors. | 4.3 |
2007-09-20 | CVE-2007-5012 | Phpwebgallery | Cross-Site Scripting vulnerability in PHPwebgallery 1.7.0 Cross-site scripting (XSS) vulnerability in picture.php in PhpWebGallery 1.7.0, when Comments for all is enabled, allows remote attackers to inject arbitrary web script or HTML via the author parameter. | 4.3 |
2007-09-20 | CVE-2007-5010 | Wilson Windowware | Cross-Site Scripting vulnerability in Wilson Windowware Webbatch 2007C Cross-site scripting (XSS) vulnerability in WebBatch allows remote attackers to inject arbitrary web script or HTML via the URL to webbatch.exe. | 4.3 |
2007-09-19 | CVE-2007-4981 | Oblius | Cross-Site Scripting vulnerability in Oblius Obedit 3.03 Cross-site scripting (XSS) vulnerability in the save function in Obedit 3.03 allows user-assisted remote attackers to inject arbitrary web script or HTML via unknown vectors, as demonstrated by a SCRIPT element in an unspecified context when saving a document. | 4.3 |
2007-09-19 | CVE-2007-4980 | Gcaldaemon | Numeric Errors vulnerability in Gcaldaemon 1.0Beta13 The readRequest method in org/gcaldaemon/core/http/HTTPListener.java in GCALDaemon 1.0-beta13 allows remote attackers to cause a denial of service via a large integer value in the Content-Length HTTP header, which triggers a fatal Java OutOfMemoryError. | 4.3 |
2007-09-19 | CVE-2007-4975 | B1G | Cross-Site Scripting vulnerability in B1G B1Gmail 6.3.1 Cross-site scripting (XSS) vulnerability in hilfe.php in b1gMail 6.3.1 allows remote attackers to inject arbitrary web script or HTML via the chapter parameter. | 4.3 |
2007-09-18 | CVE-2007-4959 | Jelsoft | Cross-Site Scripting vulnerability in Jelsoft Oscmax 2.0.0Rc301 Cross-site scripting (XSS) vulnerability in catalog_products_with_images.php in osCMax 2.0.0-RC3-0-1 allows remote attackers to inject arbitrary web script or HTML via the URI. | 4.3 |
2007-09-18 | CVE-2007-4958 | Tinywebgallery | Cross-Site Scripting vulnerability in Tinywebgallery 1.6.3.4 Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) 1.6.3.4 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) index.php, (2) i_frames/i_login.php, and (3) i_frames/i_top_tags.php. | 4.3 |
2007-09-18 | CVE-2007-4945 | Jasmine Technologies | Cross-Site Scripting vulnerability in Jasmine Technologies Lettergrade Multiple cross-site scripting (XSS) vulnerabilities in LetterGrade allow remote attackers to inject arbitrary web script or HTML via (1) a student's email address, (2) the year parameter to genbrws/Student/cal_month.php3, and other unspecified vectors related to the calendar. | 4.3 |
2007-09-18 | CVE-2007-4930 | Axis | Cross-Site Request Forgery (CSRF) vulnerability in Axis 207W Network Camera Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 207W camera allow remote attackers to perform certain actions as administrators via (1) axis-cgi/admin/restart.cgi, (2) the user and sgrp parameters to axis-cgi/admin/pwdgrp.cgi in an add action, or (3) the server parameter to admin/restartMessage.shtml. | 4.3 |
2007-09-18 | CVE-2007-4929 | Axis | Cross-Site Scripting vulnerability in Axis 207W Network Camera Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W camera allow remote attackers to inject arbitrary web script or HTML via the camNo parameter to incl/image_incl.shtml, and other unspecified vectors. | 4.3 |
2007-09-17 | CVE-2007-4917 | PHP Stats | Cross-Site Scripting vulnerability in PHP-Stats 0.1.9.2 Cross-site scripting (XSS) vulnerability in tracking.php in PHP-Stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the ip parameter in an online action, a different vector than CVE-2007-4334. | 4.3 |
2007-09-17 | CVE-2007-4912 | Invision Power Services | Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8. | 4.3 |
2007-09-17 | CVE-2007-4904 | Realnetworks | Numeric Errors vulnerability in Realnetworks Helix Player and Realplayer RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. | 4.3 |
9 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-09-19 | CVE-2007-4977 | Coppermine | Cross-Site Scripting vulnerability in Coppermine Photo Gallery Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter. | 3.5 |
2007-09-18 | CVE-2007-4927 | Axis | Improper Input Validation vulnerability in Axis 207W Network Camera axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action. | 3.5 |
2007-09-21 | CVE-2007-5024 | EMC | Cryptographic Issues vulnerability in EMC VMWare Server 1.0.4/1.0.4Build56528 EMC VMware Server before 1.0.4 Build 56528 writes passwords in cleartext to unspecified log files, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2005-3620. | 2.1 |
2007-09-18 | CVE-2007-4931 | HP | Unspecified vulnerability in HP System Management Homepage HP System Management Homepage (SMH) for Windows, when used in conjunction with HP Version Control Agent or Version Control Repository Manager, leaves old OpenSSL software active after an OpenSSL update, which has unknown impact and attack vectors, probably related to previous vulnerabilities for OpenSSL. | 2.1 |
2007-09-17 | CVE-2007-3654 | Netbsd | Improper Input Validation vulnerability in Netbsd The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2, and NetBSD-current before 20070728, allow local users to cause a denial of service (panic) via a (1) negative or (2) large value in an ioctl call, as demonstrated by the vga_allocattr function. | 2.1 |
2007-09-17 | CVE-2007-3379 | Redhat | Denial-Of-Service vulnerability in Enterprise Linux for SAP Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_gate_vma function and the fuser command. | 2.1 |
2007-09-19 | CVE-2007-4972 | Sysinternals | Permissions, Privileges, and Access Controls vulnerability in Sysinternals Regmon 7.04 RegMon 7.04 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks to the (1) NtCreateKey and (2) NtOpenKey Windows Native API functions. | 1.9 |
2007-09-18 | CVE-2007-4751 | Data Vision | Cryptographic Issues vulnerability in Data-Vision Remotedocs R-Viewer RemoteDocs R-Viewer before 1.6.3768 stores encrypted RDZ file data in unencrypted temporary files, which allows local users to obtain sensitive information by reading the temporary files. | 1.9 |
2007-09-18 | CVE-2007-0004 | Redhat | Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Linux 3.0 The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the server would deny, and possibly obtain sensitive information about file permissions on the server, as demonstrated in a root_squash environment. | 1.9 |