Weekly Vulnerabilities Reports > October 8 to 14, 2007

Overview

158 new vulnerabilities reported during this period, including 27 critical vulnerabilities and 27 high severity vulnerabilities. This weekly summary report vulnerabilities in 163 products from 115 vendors including Broadcom, Microsoft, Joomla, SUN, and Mozilla. Vulnerabilities are notably categorized as "Code Injection", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", and "SQL Injection".

  • 150 reported vulnerabilities are remotely exploitables.
  • 43 reported vulnerabilities have public exploit available.
  • 51 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 153 reported vulnerabilities are exploitable by an anonymous user.
  • Broadcom has the most reported vulnerabilities, with 11 reported vulnerabilities.
  • Broadcom has the most reported critical vulnerabilities, with 8 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

27 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-10-14 CVE-2007-5452 PHP Stats SQL Injection vulnerability in PHP-Stats 0.1.9.2

Multiple SQL injection vulnerabilities in php-stats.recjs.php in Php-Stats 0.1.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) ip or (2) t parameter.

10.0
2007-10-13 CVE-2007-5332 Broadcom Resource Management Errors vulnerability in Broadcom products

Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, have unknown impact and attack vectors related to memory corruption.

10.0
2007-10-13 CVE-2007-5331 Broadcom
CA
Code Injection vulnerability in multiple products

Queue.dll for the message queuing service (LQserver.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a malformed ONRPC protocol request for operation 0x76, which causes ARCserve Backup to dereference arbitrary pointers.

10.0
2007-10-13 CVE-2007-5330 Broadcom Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Broadcom products

The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to (1) execute arbitrary code via stack-based buffer overflows in unspecified RPC procedures, and (2) trigger memory corruption related to the use of "handle" RPC arguments as pointers.

10.0
2007-10-13 CVE-2007-5329 Broadcom
CA
Resource Management Errors vulnerability in multiple products

Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, has unknown impact and attack vectors related to memory corruption.

10.0
2007-10-13 CVE-2007-5328 Broadcom Permissions, Privileges, and Access Controls vulnerability in Broadcom products

The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain "insecure method calls" to modify the file system and registry, aka "Privileged function exposure."

10.0
2007-10-13 CVE-2007-5327 Broadcom Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Broadcom products

Stack-based buffer overflow in the RPC interface for the Message Engine (mediasvr.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a long argument in the 0x10d opnum.

10.0
2007-10-13 CVE-2007-5326 Broadcom
CA
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.

10.0
2007-10-13 CVE-2007-5325 Broadcom Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Broadcom products

Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.

10.0
2007-10-12 CVE-2007-5419 3Com Configuration vulnerability in 3Com 3Crwe554G72T 3Crwer10075

The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the user selects other options, which might expose the router to unintended incoming traffic from remote attackers, as demonstrated by setting up a virtual server on port 80, which allows remote attackers to access the web management interface.

10.0
2007-10-12 CVE-2007-5391 HP Improper Authentication vulnerability in HP Select Identity

Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 and 4.10 through 4.13.001 allows remote attackers to obtain unspecified access via unknown vectors.

10.0
2007-10-12 CVE-2007-5383 Alcatel
BT
Improper Authentication vulnerability in multiple products

The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a '/' (slash) character at the end of the PATH_INFO to cgi/b, aka "double-slash auth bypass." NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability.

10.0
2007-10-12 CVE-2007-5382 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco products

The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges.

10.0
2007-10-11 CVE-2007-5372 DWS Systems INC
Ledgersmb
SQL Injection vulnerability in multiple products

Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.

10.0
2007-10-11 CVE-2007-5323 EMC Buffer Errors vulnerability in EMC Replistor 6.1.3

The RepliStor Server Service in EMC Replistor 6.1.3 allows remote attackers to execute arbitrary code via a size value that causes RepliStor to create a smaller buffer than expected, which triggers a buffer overflow when that buffer is used in a recv function call.

10.0
2007-10-11 CVE-2007-4992 Firebirdsql Buffer Errors vulnerability in Firebirdsql Firebird 2.0.2

Stack-based buffer overflow in the process_packet function in fbserver.exe in Firebird SQL 2.0.2 allows remote attackers to execute arbitrary code via a long request to TCP port 3050.

10.0
2007-10-14 CVE-2007-5450 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Safari

Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file.

9.3
2007-10-13 CVE-2007-4995 Openssl Numeric Errors vulnerability in Openssl

Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.

9.3
2007-10-12 CVE-2007-4619 Flac
Nullsoft
Numeric Errors vulnerability in multiple products

Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.

9.3
2007-10-12 CVE-2007-3675 Kaspersky LAB USE of Externally-Controlled Format String vulnerability in Kaspersky LAB Online Scanner

Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Scanner before 5.0.98 allow remote attackers to execute arbitrary code via format string specifiers in "various string formatting functions," which trigger heap-based buffer overflows.

9.3
2007-10-12 CVE-2007-5381 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS

Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 allow remote attackers to execute arbitrary code by setting a long hostname on the target system, then causing an error message to be printed, as demonstrated by a telnet session to the LPD from a source port other than 515.

9.3
2007-10-11 CVE-2007-5169 Adobe Buffer Errors vulnerability in Adobe Pagemaker 7.0.1/7.0.2

Stack-based buffer overflow in MAIPM6.dll in Adobe PageMaker 7.0.1 and 7.0.2 on Windows allows user-assisted remote attackers to execute arbitrary code via a long font name in a .PMD file.

9.3
2007-10-11 CVE-2007-3896 Microsoft Improper Input Validation vulnerability in Microsoft Internet Explorer 7.0

The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications.

9.3
2007-10-09 CVE-2007-3899 Microsoft Code Injection vulnerability in Microsoft Office and Word

Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."

9.3
2007-10-09 CVE-2007-3897 Microsoft Buffer Errors vulnerability in Microsoft Outlook Express and Windows Mail

Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.

9.3
2007-10-09 CVE-2007-2217 Microsoft
Kodak
Code Injection vulnerability in Kodak Image Viewer

Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.

9.3
2007-10-09 CVE-2007-5279 Conexware Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Conexware Powerarchiver

Heap-based buffer overflow in ConeXware PowerArchiver before 10.20.21 might allow remote attackers to execute arbitrary code via a long filename in a BlackHole archive.

9.3

27 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-10-14 CVE-2007-5453 PHP Stats Code Injection vulnerability in PHP-Stats 0.1.9.2

Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the _options table, which is used in an eval function call by (1) admin.php, (2) click.php, (3) download.php, and unspecified other files, as demonstrated by modifying _options through a backup restore action in admin.php.

8.5
2007-10-12 CVE-2007-5431 Javaatwork
Scottmanktelow
Information Exposure vulnerability in multiple products

include/imageupload.js in the MyFTPUploader module in Stride 1.0 contains sensitive information including FTP login credentials, which might allow remote attackers to gain unauthorized access to the FTP server being used by the module by viewing the source code.

7.8
2007-10-11 CVE-2007-3917 Wesnoth USE of Externally-Controlled Format String vulnerability in Wesnoth

The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the truncate_message function in server/server.cpp.

7.8
2007-10-09 CVE-2007-2228 Microsoft Remote Denial Of Service vulnerability in Microsoft Windows RPC NTLMSSP

rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference.

7.8
2007-10-13 CVE-2007-5436 Gdata Buffer Errors vulnerability in Gdata Antivirus 2007

Buffer overflow in a certain ActiveX control in ScanObjectBrowser.DLL in G DATA Antivirus 2007 might allow remote attackers to execute arbitrary code via unspecified parameters to the SelectPath function.

7.6
2007-10-13 CVE-2007-5208 HP Improper Input Validation vulnerability in HP Linux Imaging and Printing Project 1.0/2.0/2.7.10

hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail.

7.6
2007-10-14 CVE-2007-5456 Microsoft Code Injection vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt, (2) .cda, (3) .log, (4) .dif, (5) .sol, (6) .htt, (7) .itpc, (8) .itms, (9) .dvr-ms, (10) .dib, (11) .asf, (12) .tif, and unspecified other extensions, a different issue than CVE-2004-1331.

7.5
2007-10-14 CVE-2007-5454 PHP File Sharing System Path Traversal vulnerability in PHP File Sharing System PHP File Sharing System 1.5.1

Directory traversal vulnerability in index.php in PHP File Sharing System 1.5.1 allows remote attackers to list or create arbitrary directories, or delete arbitrary files, as demonstrated by listing directories via a ..

7.5
2007-10-14 CVE-2007-5449 Softbiz SQL Injection vulnerability in Softbiz Recipes Portal Script

SQL injection vulnerability in searchresult.php in Softbiz Recipes Portal Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter.

7.5
2007-10-14 CVE-2007-5196 Suse Information Exposure vulnerability in Suse Linux 10

Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5195.

7.5
2007-10-12 CVE-2007-5432 Scottmanktelow Information Exposure vulnerability in Scottmanktelow Stride CMS 1.0

Stride 1.0 has a default administrator username of "scott" with the password "running", which allows remote attackers to obtain administrative access through login.php.

7.5
2007-10-12 CVE-2007-5430 Scottmanktelow SQL Injection vulnerability in Scottmanktelow Stride CMS 1.0

Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the p parameter to main.php in the Content Management System, (2) the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the (3) course or (4) provider parameter to detail.php in the Courses subsystem.

7.5
2007-10-12 CVE-2007-5424 PHP Security Bypass vulnerability in PHP 4.0/5.0.0

The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled.

7.5
2007-10-12 CVE-2007-5423 Tiki Code Injection vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.8

tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.

7.5
2007-10-12 CVE-2007-5418 Care2X Code Injection vulnerability in Care2X 2G 2.2

Multiple PHP remote file inclusion vulnerabilities in CARE2X 2G 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) en_copyrite.php, (2) vi_copyrite.php, and (3) ar_copyrite.php in language/ directories; (4) class_access.php, (5) class_department.php, (6) class_config.php, (7) class_image.php, (8) class_ward.php, and (9) class_product.php in include/care_api_classes/; (10) gui/smarty_template/smarty_care.class.php; and possibly other components, different vectors than CVE-2007-1458.

7.5
2007-10-09 CVE-2007-5322 Microsoft OS Command Injection vulnerability in Microsoft Visual Foxpro 6.0

Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual FoxPro 6.0 allows remote attackers to execute arbitrary programs by specifying them as an argument to the FoxDoCmd function.

7.5
2007-10-09 CVE-2007-3892 Microsoft Code Injection vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826.

7.5
2007-10-09 CVE-2007-5313 Script Solution DE Code Injection vulnerability in Script-Solution.De Picturesolution

PHP remote file inclusion vulnerability in install/config.php in Picturesolution 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

7.5
2007-10-09 CVE-2007-5311 Torrenttrader Path Traversal vulnerability in Torrenttrader 1.07

Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic Edition 1.07 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-10-09 CVE-2007-5307 Yannick Tanguy Code Injection vulnerability in Yannick Tanguy Else IF CMS 0.6Beta

ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php.

7.5
2007-10-09 CVE-2007-5305 Yannick Tanguy Code Injection vulnerability in Yannick Tanguy Else IF CMS 0.6Beta

Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) contenus parameter to (a) contenus.php; the (2) tpelseifportalrepertoire parameter to (b) votes.php, (c) espaceperso.php, (d) enregistrement.php, (e) commentaire.php, and (f) coeurusr.php in utilisateurs/, and (g) articles/fonctions.php and (h) depot/fonctions.php in moduleajouter/; the (3) corpsdesign parameter to (i) articles/usrarticles.php and (j) depot/usrdepot.php in moduleajouter/; and possibly other files.

7.5
2007-10-08 CVE-2007-5272 Furkan Tastan Blog SQL Injection vulnerability in Furkan Tastan Blog Furkan Tastan Blog

SQL injection vulnerability in kategori.asp in Furkan Tastan Blog allows remote attackers to execute arbitrary SQL commands via the id parameter in a goster kat action.

7.5
2007-10-08 CVE-2007-5270 Bendiken Unspecified vulnerability in Bendiken Boost Module FOR Drupal

Unspecified vulnerability in the Boost module before 4.7.x-1.0, and 5.x before 5.x-1.0, for Drupal allows remote attackers to create or overwrite arbitrary files, and conduct cross-site scripting attacks (XSS) via unspecified vectors.

7.5
2007-10-08 CVE-2007-5265 Dawnoftime USE of Externally-Controlled Format String vulnerability in Dawnoftime Dawn of Time

Multiple format string vulnerabilities in websrv.cpp in Dawn of Time 1.69s beta4 and earlier allow remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) password fields when accessing certain "restricted zones", which are not properly handled by the (a) processWebHeader and (b) filterWebRequest functions.

7.5
2007-10-08 CVE-2007-5263 Battlefront Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Battlefront Dropteam

Multiple buffer overflows in Battlefront Dropteam 1.3.3 and earlier allow remote attackers to execute arbitrary code via (1) a crafted "0x5c" packet or (2) many 32-bit numbers in a "0x18" packet, or cause a denial of service (crash) via (3) a large "0x4b" packet.

7.5
2007-10-08 CVE-2007-5262 Battlefront USE of Externally-Controlled Format String vulnerability in Battlefront Dropteam

Multiple format string vulnerabilities in Battlefront Dropteam 1.3.3 and earlier allow remote attackers to execute arbitrary code via format string specifiers in the (1) username, (2) password, and (3) nickname fields in a "0x01" packet.

7.5
2007-10-11 CVE-2007-5365 Debian
Openbsd
Redhat
SUN
Ubuntu
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.

7.2

93 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-10-12 CVE-2007-5377 GNU Link Following vulnerability in GNU Tramp 2.1.10

The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

6.9
2007-10-14 CVE-2007-5458 Alorys Hebergement SQL Injection vulnerability in Alorys-Hebergement Kwsphp and Newsletter Module

SQL injection vulnerability in index.php in the newsletter module 1.0 for KwsPHP, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsletter parameter.

6.8
2007-10-14 CVE-2007-5457 Joomla
Michael Dempfle
Code Injection vulnerability in multiple products

Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader.php and (2) uninstall.joomla_flash_uploader.php.

6.8
2007-10-14 CVE-2007-5451 COM Colorlab
Joomla
Code Injection vulnerability in multiple products

PHP remote file inclusion vulnerability in admin.color.php in the com_colorlab (aka com_color) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

6.8
2007-10-14 CVE-2007-5445 DB Software Laboratory Buffer Errors vulnerability in DB Software Laboratory Vimpx 4.7.3.0

Buffer overflow in the DB Software Laboratory VImpX (VImpAX1) ActiveX control in VImpX.ocx 4.7.3.0 allows remote attackers to execute arbitrary code via a long RejectedRecordsFile parameter, a different vector than CVE-2007-2667.

6.8
2007-10-14 CVE-2007-5195 Suse Information Exposure vulnerability in Suse Linux 10

Unspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5196.

6.8
2007-10-12 CVE-2007-5358 Digium Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Digium Asterisk

Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields.

6.8
2007-10-12 CVE-2007-5416 Drupal Numeric Errors vulnerability in Drupal

Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupal_eval function through a callback parameter to the default URI, as demonstrated by the _menu[callbacks][1][callback] parameter.

6.8
2007-10-12 CVE-2007-5412 Quoc HUY Code Injection vulnerability in Quoc-Huy MP3 Allopass 1.0

Multiple PHP remote file inclusion vulnerabilities in the Quoc-Huy MP3 Allopass (com_mp3_allopass) 1.0 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter to (1) allopass.php and (2) allopass-error.php.

6.8
2007-10-12 CVE-2007-5410 Joomla
Webmaster Tips
Code Injection vulnerability in multiple products

PHP remote file inclusion vulnerability in admin.wmtrssreader.php in the webmaster-tips.net Flash RSS Reader (com_wmtrssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

6.8
2007-10-12 CVE-2007-5409 Nuhit Code Injection vulnerability in Nuhit Nuseo PHP Enterprise 1.6

PHP remote file inclusion vulnerability in admin/nuseo_admin_d.php in NuSEO PHP Enterprise 1.6 (NuSEO.PHP), when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the nuseo_dir parameter.

6.8
2007-10-12 CVE-2007-5408 Cplinks SQL Injection vulnerability in Cplinks Cpdynalinks 1.02

SQL injection vulnerability in category.php in cpDynaLinks 1.02 allows remote attackers to execute arbitrary SQL commands via the category parameter.

6.8
2007-10-12 CVE-2007-5407 Joomlaequipment Code Injection vulnerability in Joomlaequipment Jcontentsubscription 1.5.8

Multiple PHP remote file inclusion vulnerabilities in the JContentSubscription (com_jcs) 1.5.8 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) jcs.function.php; (2) add.php, (3) history.php, and (4) register.php, in view/; and (5) list.sub.html.php, (6) list.user.sub.html.php, and (7) reports.html.php in views/.

6.8
2007-10-12 CVE-2007-5390 Picoflat CMS Code Injection vulnerability in Picoflat CMS Picoflat CMS

PHP remote file inclusion vulnerability in index.php in PicoFlat CMS 0.4.14 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pagina parameter.

6.8
2007-10-12 CVE-2007-5388 Webdesktop Code Injection vulnerability in Webdesktop 0.1

Multiple PHP remote file inclusion vulnerabilities in WebDesktop 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) app parameter to apps/apps.php and the (2) wsk parameter to wsk/wsk.php.

6.8
2007-10-12 CVE-2007-5387 Pindorama Code Injection vulnerability in Pindorama 0.1

PHP remote file inclusion vulnerability in active/components/xmlrpc/client.php in Pindorama 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the c[components] parameter.

6.8
2007-10-11 CVE-2007-5371 Modxcms SQL Injection vulnerability in Modxcms 0.9.6

Multiple SQL injection vulnerabilities in mutate_content.dynamic.php in MODx 0.9.6 allow remote attackers to execute arbitrary SQL commands via the (1) documentDirty or (2) modVariables parameter.

6.8
2007-10-11 CVE-2007-5363 Joomla
Webmaster Tips
Code Injection vulnerability in multiple products

PHP remote file inclusion vulnerability in admin.panoramic.php in the Panoramic Picture Viewer (com_panoramic) mambot (plugin) 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

6.8
2007-10-11 CVE-2007-5362 AG Solutions
Joomla
Mambo
Code Injection vulnerability in multiple products

Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/.

6.8
2007-10-09 CVE-2007-5321 Verlihub Project Path Traversal vulnerability in Verlihub-Project Verlihub Control Panel 1.7

Directory traversal vulnerability in index.php in Verlihub Control Panel (VHCP) 1.7 and earlier allows remote attackers to include arbitrary files via a ..

6.8
2007-10-09 CVE-2007-4466 Electronic Arts Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Electronic Arts Snoopyctrl

Multiple stack-based buffer overflows in Electronic Arts (EA) SnoopyCtrl ActiveX control (NPSnpy.dll) allow remote attackers to execute arbitrary code via unspecified methods and parameters.

6.8
2007-10-09 CVE-2007-3893 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer

Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error.

6.8
2007-10-09 CVE-2007-5315 Softpedia Code Injection vulnerability in Softpedia Livealbum 0.9.0

PHP remote file inclusion vulnerability in common.php in LiveAlbum 0.9.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the livealbum_dir parameter.

6.8
2007-10-09 CVE-2007-5314 Xkiosk Code Injection vulnerability in Xkiosk web 3.0.1I

PHP remote file inclusion vulnerability in system/funcs/xkurl.php in xKiosk WEB 3.0.1i, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PEARPATH parameter.

6.8
2007-10-09 CVE-2007-5310 Joomla
Webmaster Tips NET
Code Injection vulnerability in multiple products

PHP remote file inclusion vulnerability in admin.wmtportfolio.php in the webmaster-tips.net wmtportfolio 1.0 (com_wmtportfolio) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2007-10-09 CVE-2007-5309 Joomla
Webmaster Tips NET
Code Injection vulnerability in multiple products

PHP remote file inclusion vulnerability in admin.wmtgallery.php in the webmaster-tips.net Flash Image Gallery (com_wmtgallery) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

6.8
2007-10-09 CVE-2007-5308 PHP Homepage M SQL Injection vulnerability in PHP Homepage M PHP Homepage M 1.0

SQL injection vulnerability in galerie.php in PHP Homepage M (phpHPm) 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.

6.8
2007-10-09 CVE-2007-5301 Alsaplayer Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Alsaplayer

Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine.c (aka the vorbis input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code via a .OGG file with long comments.

6.8
2007-10-09 CVE-2007-5294 Idmos Code Injection vulnerability in Idmos 1.0Beta

PHP remote file inclusion vulnerability in core/aural.php in IDMOS 1.0-beta (aka Phoenix) allows remote attackers to execute arbitrary PHP code via a URL in the site_absolute_path parameter.

6.8
2007-10-08 CVE-2007-5271 Trionic Code Injection vulnerability in Trionic Cite CMS 1.2Rev9

Multiple PHP remote file inclusion vulnerabilities in Trionic Cite CMS 1.2 rev9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the bField[bf_data] parameter to (1) interface/editors/-custom.php or (2) interface/editors/custom.php.

6.8
2007-10-14 CVE-2007-5441 Cmsmadesimple Permissions, Privileges, and Access Controls vulnerability in Cmsmadesimple CMS Made Simple 1.1.3.1

CMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) adding a user via a direct request to admin/adduser.php and (2) reading the admin log via an "admin/adminlog.php?page=1" request.

6.5
2007-10-11 CVE-2007-5374 Lightblog Improper Authentication vulnerability in Lightblog 8.4.1.1

cp_memberedit.php in LightBlog 8.4.1.1 does not check for administrative credentials when processing an admin action, which allows remote authenticated users to increase the privileges of any account.

6.5
2007-10-14 CVE-2007-5446 Perfection Bytes Path Traversal vulnerability in Perfection Bytes Pbemail 7.0

Absolute path traversal vulnerability in a certain ActiveX control in PBEmail7Ax.dll in PBEmail 7 ActiveX Edition allows remote attackers to create or overwrite arbitrary files via a full pathname in the XmlFilePath argument to the SaveSenderToXml method.

6.4
2007-10-12 CVE-2007-5425 Interspire Code Injection vulnerability in Interspire Activekb 1.5

SQL injection vulnerability in admin/index.php in Interspire ActiveKB 1.5 allows remote attackers to execute arbitrary SQL commands via the questId parameter in a hideQuestion ToDo action.

6.4
2007-10-09 CVE-2007-5298 Creamotion Code Injection vulnerability in Creamotion .

Multiple PHP remote file inclusion vulnerabilities in CMS Creamotion allow remote attackers to execute arbitrary PHP code via a URL in the cfg[document_uri] parameter to (1) _administration/securite.php and (2) _administration/gestion_configurations/save_config.php.

6.4
2007-10-13 CVE-2007-5437 Broadcom Link Following vulnerability in Broadcom Etrust Integrated Threat Management 8.1

The web console in CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 allows remote attackers to redirect users to arbitrary web sites via a crafted HTTP URL on port 6689.

5.8
2007-10-14 CVE-2007-5444 Cmsmadesimple Information Exposure vulnerability in Cmsmadesimple CMS Made Simple 1.1.3.1

CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for unspecified files.

5.0
2007-10-13 CVE-2007-5439 Broadcom Permissions, Privileges, and Access Controls vulnerability in Broadcom Etrust Integrated Threat Management 8.1

CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 stores sensitive user information in log files with predictable names, which allows remote attackers to obtain this information via unspecified vectors.

5.0
2007-10-12 CVE-2007-5417 Boastmachine Path Traversal vulnerability in Boastmachine 2.8

Directory traversal vulnerability in index.php in boastMachine (aka bMachine) 2.8 allows remote attackers to read arbitrary files via a ..

5.0
2007-10-11 CVE-2007-5369 Massive Entertainment Numeric Errors vulnerability in Massive Entertainment World in Conflict 1.000

The GetMagicNumberString function in Massive Entertainment World in Conflict 1.000 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a string to the VoIP port (52999/tcp) with an invalid value in the third byte.

5.0
2007-10-11 CVE-2007-5366 Fujitsu Path Traversal vulnerability in Fujitsu products

The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option.

5.0
2007-10-09 CVE-2007-5318 Typolight Improper Input Validation vulnerability in Typolight Webcms 2.4.6

Unspecified vulnerability in preview.php in TYPOlight webCMS 2.4.6 allows remote attackers to download arbitrary files via the src parameter.

5.0
2007-10-09 CVE-2007-5316 Softbizscripts SQL Injection vulnerability in Softbizscripts Softbiz Jobs and Recruitment Script

SQL injection vulnerability in browsecats.php in Softbiz Jobs and Recruitment Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.

5.0
2007-10-09 CVE-2007-5306 Yannick Tanguy Path Traversal vulnerability in Yannick Tanguy Else IF CMS 0.6Beta

ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive information (full path) via unspecified vectors to utilisateurs/votesresultats.php.

5.0
2007-10-09 CVE-2007-5300 Wzdftpd Buffer Errors vulnerability in Wzdftpd 0.8.0/0.8.2

Off-by-one error in the do_login_loop function in libwzd-core/wzd_login.c in wzdftpd 0.8.0, 0.8.2, and possibly other versions allows remote attackers to cause a denial of service (daemon crash) via a long USER command that triggers a stack-based buffer overflow.

5.0
2007-10-09 CVE-2007-5299 Skadate Path Traversal vulnerability in Skadate Online Dating Software 5.0/6.0/6.482

Multiple directory traversal vulnerabilities in SkaDate 5.0 and 6.0, and possibly later versions such as 6.482, allow remote attackers to read arbitrary files via a ..

5.0
2007-10-09 CVE-2007-5283 Hitachi Improper Input Validation vulnerability in Hitachi Tpbroker Object Transaction Monitor 0100/0300

The TSC Domain Manager in Hitachi TPBroker Object Transaction Monitor and Cosminexus TPBroker Object Transaction Monitor 01-00 through 03-00 might allow attackers to cause a denial of service (crash) via invalid messages.

5.0
2007-10-09 CVE-2007-5281 Hitachi Improper Input Validation vulnerability in Hitachi products

The Java Secure Socket Extension (JSSE) in the Hitachi Cosminexus Developer's Kit for Java in various Hitachi Cosminexus 7.5 products before 07-50-01, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service via certain SSL/TLS handshake requests.

5.0
2007-10-08 CVE-2007-5275 Adobe Improper Input Validation vulnerability in Adobe Shockwave Player 9

The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324.

5.0
2007-10-08 CVE-2007-5269 Libpng Improper Input Validation vulnerability in Libpng

Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations.

5.0
2007-10-08 CVE-2007-5264 Battlefront Information Exposure vulnerability in Battlefront Dropteam

Battlefront Dropteam 1.3.3 and earlier sends the client's online account name and password to the game server, which allows malicious game servers to steal account information.

5.0
2007-10-08 CVE-2007-4924 Ekiga
Openh323 Project
Improper Input Validation vulnerability in multiple products

The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address."

5.0
2007-10-12 CVE-2007-5422 SUN Configuration vulnerability in SUN Sunos 5.10

Unspecified vulnerability in "Solaris Auditing" in the Basic Security Module (BSM) in Sun Solaris 10, when configured for auditing of networking (nt) events, allows local users to cause a denial of service (panic) via unspecified vectors.

4.9
2007-10-11 CVE-2007-5368 SUN Local Denial of Service vulnerability in SUN Solaris 10.0

Multiple unspecified vulnerabilities in labeld in Trusted Extensions in Sun Solaris 10 allow local users to cause a denial of service (multiple application hang) via unspecified vectors.

4.9
2007-10-11 CVE-2007-5367 SUN Resource Management Errors vulnerability in SUN Solaris 10.0

Unspecified vulnerability in the Virtual File System (VFS) in Sun Solaris 10 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors.

4.9
2007-10-14 CVE-2007-5459 Itirou Maruta
Mozilla
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the sidebar HTML page in the MouseoverDictionary before 0.6.2 extension for Mozilla Firefox allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-10-14 CVE-2007-5455 Wwwisis Cross-Site Scripting vulnerability in Wwwisis 5.0

Cross-site scripting (XSS) vulnerability in wxis.exe in WWWISIS 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a call to the iah/iah.xis IsisScript code, possibly involving the lang or exprSearch parameter.

4.3
2007-10-14 CVE-2007-5448 Madwifi Improper Input Validation vulnerability in Madwifi

Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial of service (panic) via a beacon frame with a large length value in the extended supported rates (xrates) element, which triggers an assertion error, related to net80211/ieee80211_scan_ap.c and net80211/ieee80211_scan_sta.c.

4.3
2007-10-14 CVE-2007-5447 Ioncube
PHP
Permissions, Privileges, and Access Controls vulnerability in multiple products

ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function.

4.3
2007-10-14 CVE-2007-5443 Cmsmadesimple Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple 1.1.3.1

Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.1.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) the anchor tag and (2) listtags.

4.3
2007-10-13 CVE-2007-5435 Broadcom Resource Management Errors vulnerability in Broadcom Erwin Process Modeler 7.2

Unspecified vulnerability in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.2 might allow user-assisted remote attackers to cause a denial of service via a crafted Data Standards File (Datatype Standards File).

4.3
2007-10-12 CVE-2007-5434 PRO Setun Cross-Site Scripting vulnerability in Pro.Setun Pro-Search

Cross-site scripting (XSS) vulnerability in PRO-search 0.17.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter to the default URI.

4.3
2007-10-12 CVE-2007-5433 Siteup Cross-Site Scripting vulnerability in Siteup 2.64

Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Site-Up 2.64 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search or (2) search mask field.

4.3
2007-10-12 CVE-2007-5429 Nucleus CMS Cross-Site Scripting vulnerability in Nucleus CMS Nucleus CMS 3.01

Cross-site scripting (XSS) vulnerability in index.php in Nucleus 3.01 allows remote attackers to inject arbitrary web script or HTML via the archive parameter.

4.3
2007-10-12 CVE-2007-5428 UMI CMS Cross-Site Scripting vulnerability in Umi-Cms UMI CMS

Cross-site scripting (XSS) vulnerability in UMI CMS allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to the default URI in search_do/.

4.3
2007-10-12 CVE-2007-5427 Joomla Cross-Site Scripting vulnerability in Joomla COM Search Component and Joomla

Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1.0.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchword parameter.

4.3
2007-10-12 CVE-2007-5426 Interspire Cross-Site Scripting vulnerability in Interspire Activekb NX 2.5.4

Multiple cross-site scripting (XSS) vulnerabilities in ActiveKB NX 2.5.4 allow remote attackers to inject arbitrary web script or HTML via the page parameter to the default URI for some directories, as demonstrated by (1) ActiveKB/ and (2) default/categories/ActiveKB/.

4.3
2007-10-12 CVE-2007-5415 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox 2.0

Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses '/' (slash) characters to delimit a literal string within an XSS sequence, a related issue to CVE-2007-5414.

4.3
2007-10-12 CVE-2007-5411 Linksys Cross-Site Scripting vulnerability in Linksys Spa941

Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Phone with firmware 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the From header in a SIP message.

4.3
2007-10-12 CVE-2007-5386 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin 2.11.1

Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.

4.3
2007-10-12 CVE-2007-5385 Alcatel
BT
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-10-12 CVE-2007-5384 Alcatel
BT
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Multiple cross-site request forgery (CSRF) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to perform actions as administrators via unspecified POST requests, as demonstrated by enabling an inbound remote-assistance HTTPS session on TCP port 51003.

4.3
2007-10-12 CVE-2007-5378 TCL TK Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in TCL TK Toolkit

Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is smaller than a subsequent subimage, which triggers the overflow in the ReadImage function, a different vulnerability than CVE-2007-5137.

4.3
2007-10-11 CVE-2007-5370 Netwin Cross-Site Scripting vulnerability in Netwin Dnewsweb 57E1

Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/dnewsweb.exe in NetWin DNewsWeb (DNews News Server) 57e1 allow remote attackers to inject arbitrary web script or HTML via the (1) group or (2) utag parameter.

4.3
2007-10-09 CVE-2007-5312 Torrenttrader Cross-Site Scripting vulnerability in Torrenttrader 1.07

Cross-site scripting (XSS) vulnerability in TorrentTrader Classic 1.07 allows remote attackers to inject arbitrary web script or HTML via the (1) color parameter to pjirc/css.php and the (2) cat parameter to browse.php.

4.3
2007-10-09 CVE-2007-5304 Yannick Tanguy Cross-Site Scripting vulnerability in Yannick Tanguy Else IF CMS 0.6Beta

Multiple cross-site scripting (XSS) vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) repertimage parameter to utilisateurs/vousetesbannis.php, the (2) elseifvotetxtresultatduvote parameter to utilisateurs/votesresultats.php, and the (3) elseifforumtxtmenugeneraleduforum parameter to moduleajouter/depot/adminforum.php.

4.3
2007-10-09 CVE-2007-5303 Snewscms Cross-Site Scripting vulnerability in Snewscms RUS 2.1

Cross-site scripting (XSS) vulnerability in news_page.php in SnewsCMS Rus 2.1 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter.

4.3
2007-10-09 CVE-2007-5302 HP Cross-Site Scripting vulnerability in HP Hp-Ux 11.11/11.23/11.31

Multiple cross-site scripting (XSS) vulnerabilities in HP System Management Homepage (SMH) in HP-UX B.11.11, B.11.23, and B.11.31, and SMH before 2.1.10 for Linux and Windows, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-10-09 CVE-2007-5297 Minki Cross-Site Scripting vulnerability in Minki 1.30

Cross-site scripting (XSS) vulnerability in index.php in Minki 1.30 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3
2007-10-09 CVE-2007-5296 Livio Siri Cross-Site Scripting vulnerability in Livio Siri Dblist 8.1

Multiple cross-site scripting (XSS) vulnerabilities in dblisttest.asp in dbList 8.1 allow remote attackers to inject arbitrary web script or HTML via the (1) db, (2) pagesize, (3) sort, (4) strKeyWords, and (5) table parameters.

4.3
2007-10-09 CVE-2007-5295 Wikepage Code Injection vulnerability in Wikepage Opus 132007.2

Multiple cross-site scripting (XSS) vulnerabilities in index.php in (a) Wikepage Opus 13 2007.2 and (b) TipiWiki 2 allow remote attackers to inject arbitrary web script or HTML via the (1) PageContent and (2) PageName parameters.

4.3
2007-10-09 CVE-2007-5292 Splitside Cross-Site Scripting vulnerability in Splitside Directory Image Gallery 1.1

Cross-site scripting (XSS) vulnerability in photos.cfm in Directory Image Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the backwardDirectory parameter.

4.3
2007-10-09 CVE-2007-5291 Daniel Broadbent Cross-Site Scripting vulnerability in Daniel Broadbent DB Manager 2.0

Cross-site scripting (XSS) vulnerability in Edit.asp in DB Manager 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2007-10-09 CVE-2007-5290 Afterlogic Cross-Site Scripting vulnerability in Afterlogic Mailbee Webmail

Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and earlier; and possibly MailBee WebMail Pro ASP before 3.4.64, WebMail Lite ASP before 4.0.11, and WebMail Lite PHP before 4.0.22; allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to login.php and the (2) mode2 parameter to default.asp in an advanced_login mode.

4.3
2007-10-09 CVE-2007-5282 Hitachi Improper Input Validation vulnerability in Hitachi products

Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus Library Standard and Web Edition 04-00 and 04-01, might allow remote attackers to cause a denial of service (agent process crash) via invalid data from clients other than Cosminexus Manager.

4.3
2007-10-09 CVE-2007-5280 Appfuse Cross-Site Scripting vulnerability in Appfuse 2.0Rc1

Multiple cross-site scripting (XSS) vulnerabilities in messages.jsp in AppFuse before 2.0 Final allow remote attackers to inject arbitrary web script or HTML via unspecified input that is recorded in (1) success or (2) error messages.

4.3
2007-10-08 CVE-2007-5278 Zomplog Permissions, Privileges, and Access Controls vulnerability in Zomplog 3.8.1

Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving individual files.

4.3
2007-10-08 CVE-2007-5277 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 6.0

Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80, a different issue than CVE-2006-4560.

4.3
2007-10-08 CVE-2007-5276 Opera Unspecified vulnerability in Opera Browser 9.0

Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80.

4.3
2007-10-08 CVE-2007-5268 Libpng
Canonical
Remote Denial of Service vulnerability in Libpng Library

pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image.

4.3
2007-10-08 CVE-2007-5267 Libpng Numeric Errors vulnerability in Libpng

Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266.

4.3
2007-10-08 CVE-2007-5266 Libpng Numeric Errors vulnerability in Libpng

Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated.

4.3
2007-10-09 CVE-2007-5320 Pegasus Imaging Path Traversal vulnerability in Pegasus Imaging Imagxpress 8.0

Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll).

4.0

11 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-10-14 CVE-2007-5442 Cmsmadesimple Permissions, Privileges, and Access Controls vulnerability in Cmsmadesimple CMS Made Simple 1.1.3.1

CMS Made Simple 1.1.3.1 does not check the permissions assigned to users who attempt uploads, which allows remote authenticated users to upload unspecified files via unknown vectors.

3.5
2007-10-09 CVE-2007-5319 SUN Local Denial of Service vulnerability in SUN Solaris 10.0/8.0/9.0

Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local users with console (/dev/console) access to cause a denial of service ("unusable" system console) via unspecified vectors.

3.5
2007-10-14 CVE-2007-5200 Opensuse Link Following vulnerability in Opensuse 10.2/10.3

hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file.

3.3
2007-10-12 CVE-2007-5420 3Com Information Exposure vulnerability in 3Com 3Crwe554G72T 3Crwer10075

The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote management is disabled but a web server has been configured, serves a web page to external clients, which might allow remote attackers to obtain information about the router's existence and product details.

2.6
2007-10-12 CVE-2007-5414 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses single quote characters to delimit a literal string within an XSS sequence, a related issue to CVE-2007-5415.

2.6
2007-10-11 CVE-2007-5375 SUN Improper Input Validation vulnerability in SUN Java Virtual Machine

Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet through a local relative URI, which may be associated with different IP addresses by the browser and the JVM.

2.6
2007-10-09 CVE-2007-5293 Idmos Cross-Site Scripting vulnerability in Idmos 1.0Beta

Multiple cross-site scripting (XSS) vulnerabilities in IDMOS 1.0-beta (aka Phoenix) allow remote attackers to inject arbitrary web script or HTML via the (1) err_msg parameter to error.php and the (2) content parameter to templates/simple/ia.php.

2.6
2007-10-08 CVE-2007-5274 Mozilla
Opera
SUN
Unspecified vulnerability in SUN Jdk, JRE and SDK

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273.

2.6
2007-10-08 CVE-2007-5273 SUN Unspecified vulnerability in SUN Jdk, JRE and SDK

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274.

2.6
2007-10-11 CVE-2007-5373 Ldapscripts Cryptographic Issues vulnerability in Ldapscripts 1.4/1.7

ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the _changepassword function.

2.1
2007-10-13 CVE-2007-5438 Vmware Improper Input Validation vulnerability in VMWare products

Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function.

1.9