Weekly Vulnerabilities Reports > October 1 to 7, 2007
Overview
112 new vulnerabilities reported during this period, including 20 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 124 products from 93 vendors including SUN, Broadcom, Microsoft, CA, and Axis. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", and "SQL Injection".
- 104 reported vulnerabilities are remotely exploitables.
- 25 reported vulnerabilities have public exploit available.
- 33 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 109 reported vulnerabilities are exploitable by an anonymous user.
- SUN has the most reported vulnerabilities, with 10 reported vulnerabilities.
- Broadcom has the most reported critical vulnerabilities, with 6 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
20 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-10-06 | CVE-2007-5257 | Edraw | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Edraw Office Viewer Component Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control in officeviewer.ocx in EDraw Office Viewer Component 5.3.220.1 and earlier allows remote attackers to execute arbitrary code via long strings in the first and second arguments to the FtpDownloadFile method, a different vector than CVE-2007-4821 and CVE-2007-3169. | 10.0 |
2007-10-06 | CVE-2007-5252 | Netsupport | Buffer Errors vulnerability in Netsupport products Buffer overflow in NetSupport Manager (NSM) Client 10.00 and 10.20, and NetSupport School Student (NSS) 9.00, allows remote NSM servers to cause a denial of service or possibly execute arbitrary code via crafted data in the configuration exchange phase of an initial connection setup. | 10.0 |
2007-10-06 | CVE-2007-5246 | Firebirdsql | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Firebirdsql Firebird 2.0.0.12748/2.0.1.12855 Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and 2.0.1.12855, and WI 2.0.0.12748 and 2.0.1.12855, allow remote attackers to execute arbitrary code via (1) a long attach request on TCP port 3050 to the isc_attach_database function or (2) a long create request on TCP port 3050 to the isc_create_database function. | 10.0 |
2007-10-06 | CVE-2007-5245 | Firebirdsql | Buffer Errors vulnerability in Firebirdsql Firebird 1.5.3.4870/1.5.4.4910 Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and 1.5.4.4910, and WI 1.5.3.4870 and 1.5.4.4910, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the SVC_attach function or (2) unspecified vectors involving the INET_connect function. | 10.0 |
2007-10-01 | CVE-2007-5083 | Broadcom | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Broadcom Brightstor Hierarchical Storage Manager 11.5 Multiple integer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands that trigger a heap-based buffer overflow. | 10.0 |
2007-10-01 | CVE-2007-5082 | Broadcom | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Broadcom Brightstor Hierarchical Storage Manager 11.5 Multiple stack-based buffer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands with certain opcodes, related to missing validation of a length parameter. | 10.0 |
2007-10-01 | CVE-2007-5006 | Broadcom CA | Improper Authentication vulnerability in multiple products Multiple command handlers in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 do not verify if a peer is authenticated, which allows remote attackers to add and delete users, and start client restores. | 10.0 |
2007-10-01 | CVE-2007-5005 | Broadcom CA | Path Traversal vulnerability in multiple products Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbitrary files via a ..\ (dot dot backslash) sequence in the destination filename argument to sub-function 8 in the rxrReceiveFileFromServer command. | 10.0 |
2007-10-01 | CVE-2007-5003 | Broadcom CA | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function. | 10.0 |
2007-10-06 | CVE-2007-5248 | ID Software Take2Games | USE of Externally-Controlled Format String vulnerability in multiple products Multiple format string vulnerabilities in the ID Software Doom 3 engine, as used by Doom 3 1.3.1 and earlier, Quake 4 1.4.2 and earlier, and Prey 1.3 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server or (2) a PB_U packet to UCON. | 9.3 |
2007-10-06 | CVE-2007-5247 | Monolith Productions | USE of Externally-Controlled Format String vulnerability in Monolith Productions First Encounter Assault Recon Multiple format string vulnerabilities in the Monolith Lithtech engine, as used by First Encounter Assault Recon (F.E.A.R.) 1.08 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server on UDP port 27888 or (2) a PB_U packet to UCON on UDP port 27888, different vectors than CVE-2004-1500. | 9.3 |
2007-10-06 | CVE-2007-5244 | Borland Software | Buffer Errors vulnerability in Borland Software Interbase Li8.0.0.253/Li8.0.0.53/Li8.0.0.54 Stack-based buffer overflow in Borland InterBase LI 8.0.0.53 through 8.1.0.253 on Linux, and possibly unspecified versions on Solaris, allows remote attackers to execute arbitrary code via a long attach request on TCP port 3050 to the open_marker_file function. | 9.3 |
2007-10-06 | CVE-2007-5243 | Borland Software | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Borland Software Interbase Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 through 8.1.0.253, and WI 5.1.1.680 through 8.1.0.257, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the (a) SVC_attach or (b) INET_connect function, (2) a long create request on TCP port 3050 to the (c) isc_create_database or (d) jrd8_create_database function, (3) a long attach request on TCP port 3050 to the (e) isc_attach_database or (f) PWD_db_aliased function, or unspecified vectors involving the (4) jrd8_attach_database or (5) expand_filename2 function. | 9.3 |
2007-10-05 | CVE-2007-3699 | Symantec | Remote vulnerability in Symantec AntiVirus Malformed CAB and RAR Compression The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header. | 9.3 |
2007-10-05 | CVE-2007-0447 | Symantec | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec products Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives. | 9.3 |
2007-10-04 | CVE-2007-5213 | Axis | Cross-Site Request Forgery (CSRF) vulnerability in Axis 2100 Network Camera and 2100 Network Camera Firmware Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page. | 9.3 |
2007-10-04 | CVE-2007-5209 | Centertools | Buffer Errors vulnerability in Centertools Drivelock 5.0 Stack-based buffer overflow in DriveLock.exe in CenterTools DriveLock 5.0 allows remote attackers to execute arbitrary code via a long HTTP request to TCP port 6061. | 9.3 |
2007-10-04 | CVE-2007-4673 | Apple | OS Command Injection vulnerability in Apple Quicktime 7.2 Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. | 9.3 |
2007-10-01 | CVE-2007-5004 | Broadcom CA | Numeric Errors vulnerability in multiple products Integer overflow in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to execute arbitrary code via a long username and a certain "useless" password. | 9.3 |
2007-10-01 | CVE-2007-5155 | Iceows | Improper Input Validation vulnerability in Iceows 4.20B IceGUI.DLL in ICEOWS 4.20b invokes a function with incorrect arguments, which allows user-assisted remote attackers to execute arbitrary code via a long filename in the header of an ACE archive, which triggers a stack-based buffer overflow. | 9.3 |
18 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-10-06 | CVE-2007-5256 | Mcdu | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mcdu FSD 2.052D9/3.000D9 Multiple stack-based buffer overflows in FSD 2.052 d9 and earlier, and FSFDT FSD 3.000 d9 and earlier, allow (1) remote attackers to execute arbitrary code via a long HELP command on TCP port 3010 to the sysuser::exechelp function in sysuser.cc and (2) remote authenticated users to execute arbitrary code via long commands on TCP port 6809 to the servinterface::sendmulticast function in servinterface.cc, as demonstrated by a PIcallsign command. | 7.5 |
2007-10-05 | CVE-2007-5233 | Deonixscripts | SQL Injection vulnerability in Deonixscripts web Template Management System 1.3 SQL injection vulnerability in index.php in Web Template Management System 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a readmore action. | 7.5 |
2007-10-05 | CVE-2007-5230 | Zomplog | Permissions, Privileges, and Access Controls vulnerability in Zomplog admin/upload_files.php in Zomplog 3.8.1 and earlier does not check for administrative credentials, which allows remote attackers to perform administrative actions via a direct request. | 7.5 |
2007-10-05 | CVE-2007-4990 | X ORG | Numeric Errors vulnerability in X.Org X Font Server The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. | 7.5 |
2007-10-05 | CVE-2007-5220 | ASP Product Catalog | SQL Injection vulnerability in ASP Product Catalog ASP Product Catalog 1.0 SQL injection vulnerability in catalog.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter and possibly other parameters. | 7.5 |
2007-10-03 | CVE-2007-5189 | X Script | SQL Injection vulnerability in X-Script Guestbook 1.3A Multiple SQL injection vulnerabilities in mes_add.php in x-script GuestBook 1.3a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) icq, and (4) website parameters. | 7.5 |
2007-10-03 | CVE-2007-5188 | Xoops | Unspecified vulnerability in Xoops Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17.1-RC1 and earlier allows remote attackers to upload arbitrary files via unspecified vectors related to improper upload configuration settings in class/uploader.php and class/mimetypes.inc.php, possibly an incomplete blacklist that omits the .php4 extension. | 7.5 |
2007-10-03 | CVE-2007-5187 | PHP Fusion | SQL Injection vulnerability in PHP-Fusion Expanded Calendar Module and PHP-Fusion SQL injection vulnerability in infusions/calendar_events_panel/show_single.php in the Expanded Calendar 2.x module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the sel parameter. | 7.5 |
2007-10-03 | CVE-2007-5184 | Smbftpd | USE of Externally-Controlled Format String vulnerability in Smbftpd 0.96 Format string vulnerability in the SMBDirList function in dirlist.c in SmbFTPD 0.96 allows remote attackers to execute arbitrary code via format string specifiers in a directory name. | 7.5 |
2007-10-03 | CVE-2007-5181 | Netkamp | SQL Injection vulnerability in Netkamp Emlak Scripti SQL injection vulnerability in detay.asp in Netkamp Emlak Scripti allows remote attackers to execute arbitrary SQL commands via the ilan_id parameter. | 7.5 |
2007-10-03 | CVE-2007-5180 | Ohesa Emlak Portali | SQL Injection vulnerability in Ohesa Emlak Portali Ohesa Emlak Portali Multiple SQL injection vulnerabilities in Ohesa Emlak Portali allow remote attackers to execute arbitrary SQL commands via the (1) Kategori parameter in satilik.asp and the (2) Emlak parameter in detay.asp. | 7.5 |
2007-10-03 | CVE-2007-5177 | Mambads Mambo | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter. | 7.5 |
2007-10-03 | CVE-2007-5174 | Actsite | Path Traversal vulnerability in Actsite 1.56 Directory traversal vulnerability in phpinc/news.php in actSite 1.56 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2007-10-01 | CVE-2007-5152 | SUN | Improper Authentication vulnerability in SUN products Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks. | 7.5 |
2007-10-01 | CVE-2007-5151 | Nukescripts | SQL Injection vulnerability in Nukescripts Nukesentinel 2.5.12 SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel 2.5.12 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie. | 7.5 |
2007-10-01 | CVE-2007-5150 | Nukescripts | SQL Injection vulnerability in Nukescripts Nukesentinel 2.5.11 SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125. | 7.5 |
2007-10-06 | CVE-2007-5254 | Virusblokada | Permissions, Privileges, and Access Controls vulnerability in Virusblokada Vba32 Antivirus 3.12.2 VirusBlokAda Vba32 AntiVirus 3.12.2 uses weak permissions (Everyone:Write) for its installation directory, which allows local users to gain privileges by replacing application programs, as demonstrated by replacing vba32ldr.exe. | 7.2 |
2007-10-06 | CVE-2007-5237 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulnerabilities." | 7.1 |
70 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-10-04 | CVE-2007-5194 | Rpath | Permissions, Privileges, and Access Controls vulnerability in Rpath Rmake 1.0.11 The Chroot server in rMake 1.0.11 creates a /dev/zero device file with read/write permissions for the rMake user and the same minor device number as /dev/port, which might allow local users to gain root privileges. | 6.9 |
2007-10-05 | CVE-2007-5224 | Jimmac | Code Injection vulnerability in Jimmac Original Photo Gallery inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows remote attackers to execute arbitrary programs via the exif_prog parameter, which is specified in an exec function call. | 6.8 |
2007-10-05 | CVE-2007-5223 | Alstrasoft | Permissions, Privileges, and Access Controls vulnerability in Alstrasoft Affiliate Network PRO 8.0 Multiple unspecified vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to include local files and have other unspecified impact, related to incorrect input validation or other defects involving (1) admin/backupstart.php, (2) a .sql filename under admin/admin/dump/, (3) a .sql filename in the fl parameter to admin/downloadbackup.php, and (4) a .. | 6.8 |
2007-10-05 | CVE-2007-5221 | Poppawid | Code Injection vulnerability in Poppawid 2.7 PHP remote file inclusion vulnerability in mail/childwindow.inc.php in Poppawid 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the form parameter. | 6.8 |
2007-10-05 | CVE-2007-5217 | Altnet Grokster Kazaa | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the ADM4 ActiveX control in adm4.dll in Altnet Download Manager 4.0.0.6, as used in (1) Kazaa 3.2.7 and (2) Grokster, allows remote attackers to execute arbitrary code via a long argument to the Install method. | 6.8 |
2007-10-04 | CVE-2007-5216 | E ARK | Code Injection vulnerability in E-Ark 1.0 Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the cfg_vcard_path parameter to src/vcard_inc.php or (2) the cfg_phpmailer_path parameter to src/email_inc.php. | 6.8 |
2007-10-04 | CVE-2007-5215 | Jacob Hinkle | Code Injection vulnerability in Jacob Hinkle Godsend 0.6 Multiple PHP remote file inclusion vulnerabilities in Jacob Hinkle GodSend 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the SCRIPT_DIR parameter to (1) gtk/main.inc.php or (2) cmdline.inc.php. | 6.8 |
2007-10-04 | CVE-2007-5198 | Nagios | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nagios Plugins Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10, when running with the -f (follow) option, allows remote web servers to execute arbitrary code via Location header responses (redirects) with a large number of leading "L" characters. | 6.8 |
2007-10-03 | CVE-2007-5186 | Segue CMS | Code Injection vulnerability in Segue CMS Segue CMS PHP remote file inclusion vulnerability in index.php in Segue CMS 1.8.4 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter, a different vector than CVE-2006-5497. | 6.8 |
2007-10-03 | CVE-2007-5185 | Phpwcms XT | Code Injection vulnerability in PHPwcms-Xt Multiple PHP remote file inclusion vulnerabilities in phpWCMS XT 0.0.7 BETA and earlier allow remote attackers to execute arbitrary PHP code via a URL in the HTML_MENU_DirPath parameter to (1) config_HTML_MENU.php and (2) config_PHPLM.php in phpwcms_template/inc_script/frontend_render/navigation/. | 6.8 |
2007-10-03 | CVE-2007-5178 | Mxbb | Code Injection vulnerability in Mxbb MX Glance 2.3.3 contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB places a critical security check within a comment because of a missing comment delimiter, which allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via a URL in the mx_root_path parameter. | 6.8 |
2007-10-03 | CVE-2007-5175 | Actsite | Code Injection vulnerability in Actsite 1.991Beta PHP remote file inclusion vulnerability lib/base.php in actSite 1.991 Beta allows remote attackers to execute arbitrary PHP code via a URL in the BaseCfg[BaseDir] parameter. | 6.8 |
2007-10-03 | CVE-2007-5173 | Openid Phpbb | Code Injection vulnerability in multiple products PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path parameter. | 6.8 |
2007-10-01 | CVE-2007-5084 | Broadcom | SQL Injection vulnerability in Broadcom Brightstor Hierarchical Storage Manager 11.5 Multiple SQL injection vulnerabilities in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary SQL commands via CsAgent service commands with opcodes (1) 0x07, (2) 0x08, (3) 0x09, (4) 0x1E, (5) 0x32, (6) 0x36, (7) 0x40, and possibly others. | 6.8 |
2007-10-01 | CVE-2007-5168 | Clanlite | Improper Input Validation vulnerability in Clanlite 1.23.01.2005 Multiple PHP remote file inclusion vulnerabilities in ClanLite 1.23.01.2005 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules/serveur_jeux.php or (2) conf/conf-php.php. | 6.8 |
2007-10-01 | CVE-2007-5167 | Phplister | Code Injection vulnerability in PHPlister 0.5Pre2 PHP remote file inclusion vulnerability in .systeme/fonctions.php in phpLister 0.5-pre2 allows remote attackers to execute arbitrary PHP code via a URL in the nom_rep_systeme parameter. | 6.8 |
2007-10-01 | CVE-2007-5166 | Sitesys | Code Injection vulnerability in Sitesys 1.0A Multiple PHP remote file inclusion vulnerabilities in SiteSys 1.0a allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) inc/pagehead.inc.php or (2) inc/pageinit.inc.php. | 6.8 |
2007-10-01 | CVE-2007-5160 | Restaurant Management System | Code Injection vulnerability in Restaurant Management System Restaurant Management System 0.5 Multiple PHP remote file inclusion vulnerabilities in Thierry Leriche Restaurant Management System (ReMaSys) 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the DIR_ROOT parameter to (a) global.php, or the (2) DIR_PAGE parameter to (b) template/fr/page.php or (c) page/fr/boxConnection.php. | 6.8 |
2007-10-01 | CVE-2007-5157 | PHP Fidonet Tosser Phpfidonode | Code Injection vulnerability in multiple products PHP remote file inclusion vulnerability in phfito-post.php in Alex Kocharin PHP Fidonet Tosser (PhFiTo) 1.3.0 in phpFidoNode allows remote attackers to execute arbitrary PHP code via a URL in the SRC_PATH parameter to phfito-post. | 6.8 |
2007-10-01 | CVE-2007-5156 | Apache Fckeditor Sitex | Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529. | 6.8 |
2007-10-01 | CVE-2007-5153 | SUN | Code Injection vulnerability in SUN products Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors. | 6.8 |
2007-10-01 | CVE-2007-5149 | North Country Public Radio | Code Injection vulnerability in North Country Public Radio Public Media Manager 1.3 PHP remote file inclusion vulnerability in NewsCMS/news/newstopic_inc.php in North Country Public Radio Public Media Manager (PMM) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the indir parameter. | 6.8 |
2007-10-01 | CVE-2007-5147 | Puzzle Apps CMS | Code Injection vulnerability in Puzzle Apps CMS Puzzle Apps CMS 2.2.1 Multiple PHP remote file inclusion vulnerabilities in Puzzle Apps CMS 2.2.1 allow remote attackers to execute arbitrary PHP code via a URL in the MODULEDIR parameter to (1) core/modules/my/my.module.php or (2) core/modules/xml/xml.module.php; the COREROOT parameter to (3) config.loader.php, (4) platform.loader.php, (5) core.loader.php, (6) person.loader.php, or (7) module.loader.php in core/ or (8) install/steps/step_3.php; or the THISDIR parameter to (9) people.lib.php, (10) general.lib.php, (11) content.lib.php, or (12) templates.lib.php in core/modules/admin/libs/ or (13) core/modules/webstat/MEC/index.php. | 6.8 |
2007-10-01 | CVE-2007-5146 | DER Dirigent | Code Injection vulnerability in DER Dirigent DER Dirigent 1.0 Multiple PHP remote file inclusion vulnerabilities in dedi-group Der Dirigent 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the dedi_path parameter to (1) inc.generate_code.php, (2) fnc.type_forms.php, or (3) fnc.type.php in backend/inc/, or (4) frontend.php or (5) backend.php in projekt01/cms/inc/; or (6) the this_dir parameter to backend/inc/class.filemanager.php. | 6.8 |
2007-10-06 | CVE-2007-5261 | Iscripts | SQL Injection vulnerability in Iscripts Multicart 1.0 Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to categorydetail.php and the (2) ddlCategory parameter to search.php. | 6.4 |
2007-10-05 | CVE-2007-5229 | Feedburner | Cross-Site Request Forgery (CSRF) vulnerability in Feedburner Feedsmith 2.2 Cross-site request forgery (CSRF) vulnerability in the FeedBurner FeedSmith 2.2 plugin for WordPress allows remote attackers to change settings and hijack blog feeds via a request to wp-admin/options-general.php that submits parameter values to FeedBurner_FeedSmith_Plugin.php, as demonstrated by the (1) feedburner_url and (2) feedburner_comments_url parameters. | 6.4 |
2007-10-05 | CVE-2007-5219 | Cyberlink | Path Traversal vulnerability in Cyberlink Powerdvd 7.0 Directory traversal vulnerability in the CLAVSetting.CLSetting.1 ActiveX control in CLAVSetting.DLL 1.00.1829 in the CLAVSetting module in CyberLink PowerDVD 7.0 allows remote attackers to create or overwrite arbitrary files via a .. | 6.4 |
2007-10-04 | CVE-2007-5210 | Arbor Networks | Permissions, Privileges, and Access Controls vulnerability in Arbor Networks Peakflow SP 3.5.1/3.6.1 Arbor Networks Peakflow SP before 3.5.1 patch 14, and 3.6.x before 3.6.1 patch 5, allows remote authenticated users to bypass access restrictions and read or write unspecified data via unknown vectors. | 6.0 |
2007-10-01 | CVE-2007-5154 | Aimluck | Race Condition vulnerability in Aimluck Aipo and Aipo ASP Session fixation vulnerability in Aipo and Aipo ASP 3.0.1.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | 5.8 |
2007-10-06 | CVE-2007-5236 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Jdk, JRE and SDK Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted application. | 5.4 |
2007-10-06 | CVE-2007-5260 | ASP CMS | Permissions, Privileges, and Access Controls vulnerability in Asp-Cms 1.0 ASP-CMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request for mdb-database/ASP-CMS_v100.mdb. | 5.0 |
2007-10-06 | CVE-2007-5253 | Mcmurtrey Whitaker AND Associates | Improper Input Validation vulnerability in Mcmurtrey Whitaker and Associates Cart32 c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote attackers to read arbitrary files via the ImageName parameter in a GetImage action, by appending a NULL byte (%00) sequence followed by an image file extension, as demonstrated by a request for a ".txt%00.gif" file. | 5.0 |
2007-10-06 | CVE-2007-5241 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openvms Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows local users to cause a denial of service (machine crash) via the "MCR MCL SHOW CSMA-CD Port * All" command, which overwrites a Non-Paged Pool Packet. | 5.0 |
2007-10-06 | CVE-2007-5240 | SUN | Unspecified vulnerability in SUN Jdk, JRE and SDK Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen. | 5.0 |
2007-10-05 | CVE-2007-5226 | Dircproxy | Improper Input Validation vulnerability in Dircproxy irc_server.c in dircproxy 1.2.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via an ACTION command without a parameter, which triggers a NULL pointer dereference, as demonstrated using a blank /me message from irssi. | 5.0 |
2007-10-04 | CVE-2007-5193 | Debian Twiki | Information Disclosure vulnerability in Twiki 4.1.2 The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied. | 5.0 |
2007-10-01 | CVE-2007-5172 | Quicksilver Forums | Information Exposure vulnerability in Quicksilver Forums Quicksilver Forums Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message. | 5.0 |
2007-10-01 | CVE-2007-5171 | Quicksilver Forums | Permissions, Privileges, and Access Controls vulnerability in Quicksilver Forums Quicksilver Forums Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows remote attackers to delete arbitrary PMs via unspecified vectors. | 5.0 |
2007-10-01 | CVE-2007-5170 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Embedded Lights OUT Manager Unspecified vulnerability in the embedded service processor (SP) before 3.09 in Sun Fire X2100 M2 and X2200 M2 Embedded Lights Out Manager (ELOM) allows remote attackers to send arbitrary network traffic and use ELOM as a spam proxy. | 5.0 |
2007-10-05 | CVE-2007-5225 | SUN | Numeric Errors vulnerability in SUN Sunos 5.10/5.8/5.9 Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl. | 4.9 |
2007-10-04 | CVE-2007-4133 | Linux | Local Denial Of Service vulnerability in Linux Kernel HugeTLB The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, which allows local users to cause a denial of service (panic) via unspecified vectors. | 4.7 |
2007-10-05 | CVE-2007-5231 | Zomplog | Improper Input Validation vulnerability in Zomplog Unrestricted file upload vulnerability in admin/upload_files.php in Zomplog 3.8.1 and earlier allows remote authenticated administrators to upload and execute arbitrary .php files by sending a modified MIME type. | 4.6 |
2007-10-04 | CVE-2007-5201 | Duplicity Project | Information Exposure vulnerability in Duplicity Project Duplicity The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments. | 4.6 |
2007-10-01 | CVE-2007-5159 | Redhat Ntfs 3G Ubuntu | Permissions, Privileges, and Access Controls vulnerability in Ntfs-3G The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak. | 4.6 |
2007-10-06 | CVE-2007-5259 | Ilient | Cross-Site Request Forgery (CSRF) vulnerability in Ilient Sysaid 4.5.03/4.5.04 Cross-site request forgery (CSRF) vulnerability in Ilient SysAid 4.5.03 and 4.5.04 allows remote attackers to perform some actions as administrators, as demonstrated by changing the administrator password. | 4.3 |
2007-10-06 | CVE-2007-5255 | Cross-Site Scripting vulnerability in Google Mini Search Appliance 3.4.14 Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance 3.4.14 allows remote attackers to inject arbitrary web script or HTML via the ie parameter to the /search URI. | 4.3 | |
2007-10-06 | CVE-2007-5251 | Webhost Automation | Cross-Site Request Forgery (CSRF) vulnerability in Webhost Automation Helm web Hosting Control Panel 3.2.16 Multiple cross-site scripting (XSS) vulnerabilities in Helm 3.2.16 allow remote attackers to inject arbitrary web script or HTML via (1) the showOption parameter to domain.asp, or the (2) Folder or (3) StartPath parameter to FileManager.asp. | 4.3 |
2007-10-06 | CVE-2007-5250 | Americasarmy | Numeric Errors vulnerability in Americasarmy America'S Army and America'S Army Special Forces The Windows dedicated server for the Unreal engine, as used by America's Army and America's Army Special Forces 2.8.2 and earlier, when Punkbuster (PB) is enabled, allows remote attackers to cause a denial of service (server hang) via packets containing 0x07 characters or other unspecified invalid characters. | 4.3 |
2007-10-06 | CVE-2007-5249 | Americasarmy | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Americasarmy America'S Army and America'S Army Special Forces Multiple buffer overflows in the logging function in the Unreal engine, as used by America's Army and America's Army Special Forces 2.8.2 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to cause a denial of service (daemon crash) via a long (1) PB_Y packet to the YPG server on UDP port 1716 or (2) PB_U packet to UCON on UDP port 1716, different vectors than CVE-2007-4442. | 4.3 |
2007-10-06 | CVE-2007-5242 | HP | Denial of Service vulnerability in OpenVMS Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service (machine crash) via an "oversize" packet, which is not properly discarded if "the device has no remaining buffers after receipt of the first buffer segment." | 4.3 |
2007-10-06 | CVE-2007-5235 | Uebimiau | Cross-Site Scripting vulnerability in Uebimiau 2.7.10/2.7.2/2.7.9 Cross-site scripting (XSS) vulnerability in index.php in Uebimiau 2.7.2 through 2.7.10 allows remote attackers to inject arbitrary web script or HTML via the f_email parameter. | 4.3 |
2007-10-05 | CVE-2007-5227 | Blackboard | Cross-Site Scripting vulnerability in Blackboard Learning and Community Post Systems 6.3.1.593 Multiple cross-site scripting (XSS) vulnerabilities in messaging/course/composeMessage.jsp in BlackBoard Learning System 6.3.1.593 and earlier in BlackBoard Academic Suite allow remote attackers to inject arbitrary web script or HTML via the (1) subject_t and (2) body_text parameters. | 4.3 |
2007-10-05 | CVE-2007-3918 | Gforge | Cross-Site Scripting vulnerability in Gforge 4.6B2 Cross-site scripting (XSS) vulnerability in account/verify.php in GForge 4.6b2 allows remote attackers to inject arbitrary web script or HTML via the confirm_hash parameter. | 4.3 |
2007-10-05 | CVE-2007-5218 | DON Barnes | Cross-Site Scripting vulnerability in DON Barnes Drbguestbook 1.1.13 Cross-site scripting (XSS) vulnerability in index.php in Don Barnes DRBGuestbook 1.1.13 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | 4.3 |
2007-10-05 | CVE-2007-5078 | Egov | Cross-Site Scripting vulnerability in Egov Manger Multiple cross-site scripting (XSS) vulnerabilities in eGov Manager allow remote attackers to inject arbitrary web script or HTML via unspecified "user-supplied input" to (1) center.exe or (2) Index.exe. | 4.3 |
2007-10-04 | CVE-2007-5214 | Axis | Cross-Site Scripting vulnerability in Axis 2100 Network Camera Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the root directory and (b) the view/ directory; (2) parameters associated with saved settings, as demonstrated by (c) the conf_Network_HostName parameter on the Network page and (d) the conf_Layout_OwnTitle parameter to ServerManager.srv; and (3) the query string to ServerManager.srv, which is displayed on the logs page. | 4.3 |
2007-10-04 | CVE-2007-5212 | Axis | Cross-Site Scripting vulnerability in Axis 2100 Network Camera and 2100 Network Camera Firmware Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. | 4.3 |
2007-10-04 | CVE-2007-5211 | Arbor Networks | Cross-Site Scripting vulnerability in Arbor Networks Peakflow SP 3.5.1/3.6.1 Multiple cross-site scripting (XSS) vulnerabilities in Arbor Networks Peakflow SP 3.5.1 before patch 14, and 3.6.1 before patch 5, when scope accounts are enabled, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving GET or POST requests. | 4.3 |
2007-10-03 | CVE-2007-5183 | Megasol | Cross-Site Scripting vulnerability in Megasol Odysseysuite Cross-site scripting (XSS) vulnerability in Mailbox.mws in OdysseySuite, possibly 4.0.729, allows remote attackers to inject arbitrary web script or HTML via the idkey parameter. | 4.3 |
2007-10-03 | CVE-2007-5182 | Netkamp | Cross-Site Scripting vulnerability in Netkamp Emlak Scripti Cross-site scripting (XSS) vulnerability in mail.asp in Netkamp Emlak Scripti allows remote attackers to inject arbitrary web script or HTML via the (1) Email parameter, and possibly the (2) Ad, (3) Soyad, (4) Konu, and (5) Mesaj parameters to iletisim.asp. | 4.3 |
2007-10-03 | CVE-2007-5179 | Y K Iletisim Formu | Cross-Site Scripting vulnerability in Y&K Iletisim Formu Y&K Iletisim Formu Multiple cross-site scripting (XSS) vulnerabilities in iletisim.asp in Y&K Iletisim Formu allow remote attackers to inject arbitrary web script or HTML via the (1) ad, (2) sehir, (3) yas, (4) cins, (5) tel, (6) mail, and (7) mesaj parameters. | 4.3 |
2007-10-03 | CVE-2007-5176 | Grouplink | Cross-Site Scripting vulnerability in Grouplink Ehelpdesk 6.2.2 Multiple cross-site scripting (XSS) vulnerabilities in GroupLink eHelpDesk 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) NA_DISPLAYNAME parameter in helpdesk/user/rf_create.jsp and the (2) username and (3) LDAPError parameters in index2.jsp. | 4.3 |
2007-10-01 | CVE-2007-4996 | Pidgin | Remote Denial Of Service vulnerability in Pidgin 2.2.0 libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location." | 4.3 |
2007-10-01 | CVE-2007-5162 | Ruby Lang | Improper Authentication vulnerability in Ruby-Lang Ruby 1.8.5/1.8.6 The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. | 4.3 |
2007-10-01 | CVE-2007-5161 | I Systems INC | Cross-Site Scripting vulnerability in I-Systems Inc. Feedreader 3.10 Cross-zone scripting vulnerability in the internal browser in i-Systems Feedreader 3.10 allows remote attackers to inject arbitrary web script or HTML via an item in a feed, as demonstrated by a WordPress blog update. | 4.3 |
2007-10-01 | CVE-2007-5158 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 6.0 The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attackers to change field focus and copy keystrokes via a certain use of a JavaScript htmlFor attribute, as demonstrated by changing focus from a textarea to a file upload field, a related issue to CVE-2007-3511. | 4.3 |
2007-10-01 | CVE-2007-5145 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows XP Multiple buffer overflows in system DLL files in Microsoft Windows XP, as used by Microsoft Windows Explorer (explorer.exe) 6.00.2900.2180, Don Ho Notepad++, unspecified Adobe Macromedia applications, and other programs, allow user-assisted remote attackers to cause a denial of service (application crash) via long strings in the (1) author, (2) title, (3) subject, and (4) comment Properties fields of a file, possibly involving improper handling of extended file attributes by the (a) NtQueryInformationFile, (b) NtQueryDirectoryFile, (c) NtSetInformationFile, (d) FileAllInformation, (e) FileNameInformation, and other FILE_INFORMATION_CLASS functions in ntdll.dll and the (f) GetFileAttributesExW and (g) GetFileAttributesW functions in kernel32.dll, a related issue to CVE-2007-1347. | 4.3 |
2007-10-01 | CVE-2007-5144 | Microsoft | Buffer Errors vulnerability in Microsoft Windows Live Messenger 8.1 Buffer overflow in the GDI engine in Windows Live Messenger, as used for Windows MSN Live 8.1, allows user-assisted remote attackers to cause a denial of service (application crash or system crash) and possibly execute arbitrary code by placing a malformed file in a new folder under the Sharing Folders path, and triggering a synchronize operation through the Windows MSN Live online service, possibly related to extended file attributes and possibly related to an incomplete fix for MS07-046, as demonstrated by a (1) .jpg, (2) .gif, (3) .wmf, (4) .doc, or (5) .ico file. | 4.3 |
2007-10-06 | CVE-2007-5239 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Jdk, JRE and SDK Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications. | 4.0 |
2007-10-05 | CVE-2007-5232 | SUN | Unspecified vulnerability in SUN Jdk, JRE and SDK Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack. | 4.0 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-10-05 | CVE-2007-5228 | Drupal | Cross-Site Scripting vulnerability in Drupal Project Issue Tracking Cross-site scripting (XSS) vulnerability in the subscription functionality in the Project issue tracking module before 4.7.x-1.5, 4.7.x-2.x before 4.7.x-2.5, and 5.x-1.x before 5.x-1.1 for Drupal allows remote authenticated users with project create or edit permissions to inject arbitrary web script or HTML via unspecified vectors involving a (1) individual or (2) overview form. | 3.5 |
2007-10-04 | CVE-2007-5207 | Debian | Link Following vulnerability in Debian Guilt 0.27 guilt 0.27 allows local users to overwrite arbitrary files via a symlink attack on a guilt.log.[PID] temporary file. | 3.3 |
2007-10-06 | CVE-2007-5238 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Jdk, JRE and SDK Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities." | 2.6 |
2007-10-01 | CVE-2007-5143 | Microsoft F Secure | Unspecified vulnerability in F-Secure Anti-Virus 7.00 F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows local users to bypass virus scanning by using the system32 directory to store a crafted (1) archive or (2) packed executable. | 1.9 |