Weekly Vulnerabilities Reports > October 15 to 21, 2007

Overview

132 new vulnerabilities reported during this period, including 23 critical vulnerabilities and 44 high severity vulnerabilities. This weekly summary report vulnerabilities in 113 products from 73 vendors including Oracle, Cisco, Microsoft, Mozilla, and Drupal. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Improper Input Validation", "Code Injection", and "Information Exposure".

  • 122 reported vulnerabilities are remotely exploitables.
  • 18 reported vulnerabilities have public exploit available.
  • 25 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 117 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 34 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

23 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-10-21 CVE-2007-5617 Vmware Remote Security vulnerability in VMWare Player and Workstation

Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1, prevents it from launching, which has unspecified impact, related to untrusted virtual machine images.

10.0
2007-10-18 CVE-2007-5561 Oracle USE of Externally-Controlled Format String vulnerability in Oracle Enterprise Grid Console Server and Opmn Daemon

Format string vulnerability in the logging function in the Oracle OPMN daemon, as used on Oracle Enterprise Grid Console server 10.2.0.1, allows remote attackers to execute arbitrary code via format string specifiers in the URI in an HTTP request to port 6003, aka Oracle reference number 6296175.

10.0
2007-10-18 CVE-2007-5560 Juniper Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Juniper Http Service

Heap-based buffer overflow in the Juniper HTTP Service allows remote attackers to execute arbitrary code via a crafted HTTP packet.

10.0
2007-10-18 CVE-2007-5559 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Thinkvantage TPM

Heap-based buffer overflow in the IBM ThinkVantage TPM Service allows remote attackers to execute arbitrary code via a crafted HTTP packet.

10.0
2007-10-18 CVE-2007-5538 Cisco Buffer Errors vulnerability in Cisco products

Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712.

10.0
2007-10-18 CVE-2007-5535 Runcms Security vulnerability in Runcms 1.5.2

Unspecified vulnerability in newbb_plus in RunCms 1.5.2 has unknown impact and attack vectors.

10.0
2007-10-18 CVE-2007-5476 Apple
Adobe
Opera
Unspecified vulnerability in Adobe Flash Player On Opera Browser For Mac OSX

Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors.

10.0
2007-10-17 CVE-2007-5531 Oracle Unspecified vulnerability in Oracle products

Unspecified vulnerability in Oracle Help for Web, as used in Oracle Application Server, Oracle Database 10.2.0.3, and Enterprise Manager 10.1.0.6, has unknown impact and remote attack vectors, aka EM02.

10.0
2007-10-17 CVE-2007-5530 Oracle Unspecified vulnerability in Oracle Database Server 10.1.0.5/10.2.0.3

Unspecified vulnerability in the Database Control component in Oracle Database 10.1.0.5 and 10.2.0.3, and Enterprise Manager, has unknown impact and remote attack vectors, aka EM01.

10.0
2007-10-17 CVE-2007-5528 Oracle Unspecified vulnerability in Oracle E-Business Suite 12.0.2

Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.2 have unknown impact and attack vectors related to (1) Public Sector Human Resources (APP03) and (2) Quoting component (APP06).

10.0
2007-10-17 CVE-2007-5526 Oracle Unspecified vulnerability in Oracle Application Server and Collaboration Suite

Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.0.2, 10.1.2.2, and 10.1.4.1, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS11.

10.0
2007-10-16 CVE-2007-5483 IBM Unspecified vulnerability in IBM WebSphere Application Server Administrative Scripting Tools

Unspecified vulnerability in the Administrative Scripting Tools (such as wsadmin or ANT) in IBM WebSphere Application Server 5.x and 6.0.x has unknown impact and attack vectors.

10.0
2007-10-15 CVE-2007-5467 Extremail Numeric Errors vulnerability in Extremail

Integer overflow in eXtremail 2.1.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long USER command containing "%s" sequences to the pop3 port (110/tcp), which are expanded to "%%s" before being used in the memmove function, possibly due to an incomplete fix for CVE-2001-1078.

10.0
2007-10-15 CVE-2007-5466 Extremail Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Extremail

Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to (1) have an unknown impact by sending multiple long strings to the IMAP port (143/tcp); (2) execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the ifParseAuthPlain function; (3) execute arbitrary code via a long LOGIN command to the admin interface port (4501/tcp); or (4) execute arbitrary code via a long string in an IMAP AUTHENTICATE LOGIN (aka CRAM-MD5 authentication) action, involving the ifProcImapAuth1 function.

10.0
2007-10-21 CVE-2007-5338 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed.

9.3
2007-10-20 CVE-2007-5601 Realnetworks Buffer Errors vulnerability in Realnetworks Realplayer 10.0/10.5/11Beta

Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll.

9.3
2007-10-18 CVE-2007-5552 Cisco Numeric Errors vulnerability in Cisco IOS

Integer overflow in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors.

9.3
2007-10-18 CVE-2007-5546 Tibco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tibco Smart PGM FX

Multiple stack-based buffer overflows in TIBCO SmartPGM FX allow remote attackers to execute arbitrary code or cause a denial of service (service stop and file-transfer outage) via unspecified vectors.

9.3
2007-10-18 CVE-2007-5541 Opera Improper Input Validation vulnerability in Opera Browser

Unspecified vulnerability in Opera before 9.24, when using an "external" newsgroup or e-mail client, allows remote attackers to execute arbitrary commands via unknown vectors.

9.3
2007-10-16 CVE-2007-5487 Cowon America Buffer Errors vulnerability in Cowon America Jetaudio 7.0.3Basic

Stack-based buffer overflow in COWON America jetAudio Basic 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a long URL in an EXTM3U section of a .m3u file.

9.3
2007-10-18 CVE-2007-5539 Cisco Unspecified vulnerability in Cisco products

Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686.

9.0
2007-10-17 CVE-2007-5534 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise 8.8/8.9/9.0

Unspecified vulnerability in the HCM component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 Bundle 13 9.0 Bundle 3 has unknown impact and remote attack vectors, aka PSE_HCM01.

9.0
2007-10-17 CVE-2007-5491 Sitebar Path Traversal vulnerability in Sitebar 3.3.8

Directory traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter.

9.0

44 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-10-19 CVE-2007-5591 Nortel Remote Denial of Service vulnerability in Nortel CS1000 ELAN

The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Chassis/Cabinet, Enterprise VoIP-Core-CS 1000E and 1000S, Meridian-Core-Option 11C Chassis and Cabinet, and Meridian-Core-Option 51C, 61C, and 81C allows remote attackers to cause a denial of service (telephony application outage) via a flood of packets to Embedded LAN (ELAN) ports.

7.8
2007-10-18 CVE-2007-5570 Cisco Improper Input Validation vulnerability in Cisco Firewall Services Module

Cisco Firewall Services Module (FWSM) 3.2(1), and 3.1(5) and earlier, allows remote attackers to cause a denial of service (device reload) via a crafted HTTPS request, aka CSCsi77844.

7.8
2007-10-18 CVE-2007-5558 LG Electronics Numeric Errors vulnerability in LG Electronics LG Mobile Handset

Integer overflow in the LG Mobile handset allows remote attackers to cause a denial of service (reboot) via a crafted HTTP packet.

7.8
2007-10-18 CVE-2007-5557 NEC Improper Input Validation vulnerability in NEC Mobile Handset

Unspecified vulnerability in the NEC mobile handset allows remote attackers to cause a denial of service (reboot) via crafted packets.

7.8
2007-10-18 CVE-2007-5556 Avaya Improper Input Validation vulnerability in Avaya Voip Handset

Unspecified vulnerability in the Avaya VoIP Handset allows remote attackers to cause a denial of service (reboot) via crafted packets.

7.8
2007-10-18 CVE-2007-5537 Cisco Resource Management Errors vulnerability in Cisco products

Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822.

7.8
2007-10-17 CVE-2007-5506 Oracle Resource Management Errors vulnerability in Oracle Database Server

The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (CPU consumption) via a crafted type 6 Data packet, aka DB20.

7.8
2007-10-16 CVE-2007-5471 Suse Denial Of Service vulnerability in Suse Linux 10

libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request.

7.8
2007-10-15 CVE-2007-5462 SUN Improper Input Validation vulnerability in SUN Solaris 10.0/8.0/9.0

Unspecified vulnerability in the Sun Solaris RPC services library (librpcsvc) on Solaris 8 through 10 allows remote attackers to cause a denial of service (mountd crash) via unspecified packets to a server that exports many filesystems, and allows local users to cause a denial of service (automountd crash) via unspecified requests to mount filesystems from a server that exports many filesystems.

7.8
2007-10-18 CVE-2007-5579 Pligg Credentials Management vulnerability in Pligg CMS 9.5

login.php in Pligg CMS 9.5 uses a guessable confirmation code when resetting a forgotten password, which allows remote attackers with knowledge of a username to reset that user's password by calculating the confirmationcode parameter.

7.5
2007-10-18 CVE-2007-5578 Secureideas Improper Authentication vulnerability in Secureideas Basic Analysis and Security Engine 1.3.6

Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via (1) base_main.php, (2) base_qry_alert.php, and possibly other vectors.

7.5
2007-10-18 CVE-2007-5567 Galmeta Code Injection vulnerability in Galmeta Post 0.11

PHP remote file inclusion vulnerability in _lib/fckeditor/upload_config.php in Galmeta Post 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the DDS parameter.

7.5
2007-10-18 CVE-2007-5566 Phpblog Code Injection vulnerability in PHPblog 0.1

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in PHPBlog 0.1 Alpha allow remote attackers to execute arbitrary PHP code via a URL in the blog_localpath parameter to (1) includes/functions.php or (2) includes/email.php.

7.5
2007-10-18 CVE-2007-5565 Phpscms Code Injection vulnerability in PHPscms 0.0.1

** DISPUTED ** PHP remote file inclusion vulnerability in includes/functions.php in phpSCMS 0.0.1-Alpha1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter.

7.5
2007-10-18 CVE-2007-5563 Virtuemart Improper Input Validation vulnerability in Virtuemart

Unspecified vulnerability in VirtueMart before 1.0.13 allows remote attackers to execute arbitrary PHP code via unspecified vectors.

7.5
2007-10-18 CVE-2007-5545 Tibco USE of Externally-Controlled Format String vulnerability in Tibco Smart PGM FX

Format string vulnerability in TIBCO SmartPGM FX allows remote attackers to execute arbitrary code via format string specifiers in unspecified vectors.

7.5
2007-10-18 CVE-2007-5540 Opera Improper Input Validation vulnerability in Opera Browser

Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors.

7.5
2007-10-17 CVE-2007-5532 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise

Unspecified vulnerability in the People Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.17, 8.47.14, 8.48.13, 8.49.05 has unknown impact and remote attack vectors, aka PSE01.

7.5
2007-10-17 CVE-2007-5529 Oracle Unspecified vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle Self-Service Web Applications component in client-only installations of Oracle E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka APP08.

7.5
2007-10-17 CVE-2007-5527 Oracle Unspecified vulnerability in Oracle E-Business Suite 11.5.10.2

Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and remote attack vectors, related to (1) Application Object Library component (APP01), (2) Contracts Integration (APP02), (3) Applications Manager (APP04), (4) Marketing component (APP05), and (5) Exchange component (APP07).

7.5
2007-10-17 CVE-2007-5525 Oracle Unspecified vulnerability in Oracle Application Server and Collaboration Suite

Unspecified vulnerability in the Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.4.0.1; Collaboration Suite 10.1.2; and Enterprise Manager 10.1.2 has unknown impact and remote attack vectors, aka AS10.

7.5
2007-10-17 CVE-2007-5524 Oracle Unspecified vulnerability in Oracle Application Server and Collaboration Suite

Unspecified vulnerability in the Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS09 or AS9.

7.5
2007-10-17 CVE-2007-5523 Oracle Unspecified vulnerability in Oracle Application Server and Collaboration Suite

Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.4.0, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS08.

7.5
2007-10-17 CVE-2007-5522 Oracle Unspecified vulnerability in Oracle Application Server 10.1.4.1

Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.4.1 has unknown impact and remote attack vectors, aka AS07.

7.5
2007-10-17 CVE-2007-5521 Oracle Unspecified vulnerability in Oracle Application Server and Collaboration Suite

Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.3.3, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS06.

7.5
2007-10-17 CVE-2007-5520 Oracle Unspecified vulnerability in Oracle Application Server and Database Server

Unspecified vulnerability in the Oracle Internet Directory component in Oracle Database 9.2.0.8 and 9.2.0.8DV, and Oracle Application Server 9.0.4.3, 10.1.3.0.0 up to 10.1.3.3.0, and 10.1.2.0.1 up to 10.1.2.2.0, has unknown impact and remote attack vectors, aka AS05.

7.5
2007-10-17 CVE-2007-5519 Oracle Unspecified vulnerability in Oracle Application Server and Collaboration Suite

Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS04.

7.5
2007-10-17 CVE-2007-5518 Oracle Unspecified vulnerability in Oracle Application Server 10.1.3.2.0

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Application Server 10.1.3.2 has unknown impact and remote attack vectors, aka AS03.

7.5
2007-10-17 CVE-2007-5517 Oracle Unspecified vulnerability in Oracle Application Server and Collaboration Suite

Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.0.2 and 10.1.4.1, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS02.

7.5
2007-10-17 CVE-2007-5516 Oracle Unspecified vulnerability in Oracle Application Server 10.1.3.3

Unspecified vulnerability in the Oracle Process Mgmt & Notification component in Oracle Application Server 10.1.3.3 has unknown impact and remote attack vectors, aka AS01.

7.5
2007-10-17 CVE-2007-5512 Oracle Unspecified vulnerability in Oracle Database Server 10.2.0.3/9.2.0.8Dv

Unspecified vulnerability in the Oracle Database Vault component in Oracle Database 9.2.0.8DV and 10.2.0.3 has unknown impact and remote attack vectors, aka DB21.

7.5
2007-10-17 CVE-2007-5505 Oracle Unspecified vulnerability in Oracle Database Server

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to (1) the Export component (DB02), (2) Oracle Text (DB04), (3) Oracle Text (DB05), (4) Spatial component (DB07), and (5) Advanced Security Option (DB19).

7.5
2007-10-17 CVE-2007-5488 Asterisk SQL Injection vulnerability in Asterisk Asterisk-Addons

Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record.

7.5
2007-10-17 CVE-2007-5490 Okulumunsitesi SQL Injection vulnerability in Okulumunsitesi Portal 2.0

SQL injection vulnerability in default.asp in Okul Otomasyon Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-10-17 CVE-2007-5489 Artmedic Webdesign Path Traversal vulnerability in Artmedic Webdesign Artmedic CMS 3.4

Directory traversal vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-10-16 CVE-2007-5485 Kwsphp SQL Injection vulnerability in Kwsphp 1.0

SQL injection vulnerability in index.php in the mg2 1.0 module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the album parameter.

7.5
2007-10-15 CVE-2007-5465 Mydoop Path Traversal vulnerability in Mydoop Doop CMS

Directory traversal vulnerability in doop CMS 1.3.7 and earlier allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-10-21 CVE-2007-5619 Vmware Local Security vulnerability in Server

Unspecified vulnerability in VMware Server before 1.0.4 causes user passwords to be recorded in cleartext in server logs, which might allow local users to gain privileges.

7.2
2007-10-21 CVE-2007-5618 Vmware Multiple vulnerability in VMWare Player, Server and Workstation

Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs.

7.2
2007-10-18 CVE-2007-5569 Cisco Improper Input Validation vulnerability in Cisco products

Cisco PIX and ASA appliances with 7.1 and 7.2 software, when configured for TLS sessions to the device, allow remote attackers to cause a denial of service (device reload) via a crafted TLS packet, aka CSCsg43276 and CSCsh97120.

7.1
2007-10-18 CVE-2007-5568 Cisco Improper Input Validation vulnerability in Cisco products

Cisco PIX and ASA appliances with 7.0 through 8.0 software, and Cisco Firewall Services Module (FWSM) 3.1(5) and earlier, allow remote attackers to cause a denial of service (device reload) via a crafted MGCP packet, aka CSCsi90468 (appliance) and CSCsi00694 (FWSM).

7.1
2007-10-18 CVE-2007-5554 Oracle Information Exposure vulnerability in Oracle Database Server

Oracle allows remote attackers to obtain server memory contents via crafted packets, aka Oracle reference number 7892711.

7.1
2007-10-18 CVE-2007-5551 Cisco Remote Security vulnerability in IOS

Off-by-one error in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow.

7.1
2007-10-15 CVE-2007-5460 Microsoft Cryptographic Issues vulnerability in Microsoft Activesync 4.1

Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might make it easier for attackers to decode a PIN/Password obtained by (1) sniffing or (2) spoofing the docking process.

7.1

61 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-10-19 CVE-2007-5587 Microsoft
Macrovision
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Macrovision Safedisc

Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.

6.9
2007-10-18 CVE-2007-5555 Symantec Information Exposure vulnerability in Symantec Altiris Deployment Solution 6

Unspecified vulnerability in Symantec Altiris Deployment Solution allows attackers to obtain authentication credentials via unknown vectors, aka "Authentication Credentials Information Leakage in Altiris Deployment Solution." NOTE: this description is based on a vague pre-advisory with no actionable information.

6.9
2007-10-18 CVE-2007-5548 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS

Multiple stack-based buffer overflows in Command EXEC in Cisco IOS allow local users to gain privileges via unspecified vectors, aka (1) PSIRT-0474975756 and (2) PSIRT-0388256465.

6.9
2007-10-19 CVE-2007-5600 Artmedic Webdesign Code Injection vulnerability in Artmedic Webdesign Artmedic CMS

Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftps, (3) ssh2.sftp, or (4) ssh2.scp URL, in the page parameter, for which PHP remote file inclusion is blocked only for http, https, and ftp URLs.

6.8
2007-10-19 CVE-2007-5599 Awrate Code Injection vulnerability in Awrate 1.0

Multiple PHP remote file inclusion vulnerabilities in awrate 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) 404.php or (2) topbar.php, different vectors than CVE-2006-6368.

6.8
2007-10-19 CVE-2007-5593 Drupal
Fedoraproject
Code Injection vulnerability in multiple products

install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.

6.8
2007-10-19 CVE-2007-5592 Awzmb Code Injection vulnerability in Awzmb 4.2Beta1

Multiple PHP remote file inclusion vulnerabilities in awzMB 4.2 beta 1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Setting[OPT_includepath] parameter to (1) adminhelp.php; and (2) admin.incl.php, (3) reg.incl.php, (4) help.incl.php, (5) gbook.incl.php, and (6) core/core.incl.php in modules/.

6.8
2007-10-19 CVE-2007-5590 Miranda IM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Miranda-Im Miranda

Multiple buffer overflows in Miranda before 0.7.1 allow remote attackers to execute arbitrary code via unspecified vectors involving (1) IRC options, (2) Jabber forms, and unspecified aspects of the (3) ICQ and (4) Yahoo! instant messaging functionality.

6.8
2007-10-19 CVE-2007-5380 David Hansson Multiple vulnerability in Ruby on Rails

Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."

6.8
2007-10-18 CVE-2007-5576 BEA
Oracle
Information Exposure vulnerability in multiple products

BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.

6.8
2007-10-18 CVE-2007-5574 Phpdj Code Injection vulnerability in PHPdj 0.5

PHP remote file inclusion vulnerability in djpage.php in PHPDJ 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

6.8
2007-10-18 CVE-2007-5573 Limesurvey Code Injection vulnerability in Limesurvey 1.01

PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.

6.8
2007-10-18 CVE-2007-5571 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Firewall Services Module

Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier, does not properly enforce edited ACLs, which might allow remote attackers to bypass intended restrictions on network traffic, aka CSCsj52536.

6.8
2007-10-17 CVE-2007-5533 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise

Unspecified vulnerability in the People Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.14, 8.48.13, 8.49.05 has unknown impact and remote attack vectors, aka PSE02.

6.5
2007-10-17 CVE-2007-5515 Oracle Unspecified vulnerability in Oracle Database Server

Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.2, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB27.

6.5
2007-10-17 CVE-2007-5514 Oracle Unspecified vulnerability in Oracle Database Server 10.2.0.3

Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and attack vectors related to (1) Database Vault component (DB24) and (2) SQL Execution component (DB26).

6.5
2007-10-17 CVE-2007-5511 Oracle SQL Injection vulnerability in Oracle Database Server

SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package.

6.5
2007-10-17 CVE-2007-5510 Oracle Unspecified vulnerability in Oracle Database Server

Multiple unspecified vulnerabilities in the Workspace Manager component in Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 have unknown impact and remote attack vectors, aka (1) DB08, (2) DB09, (3) DB10, (4) DB11, (5) DB12, (6) DB13, (7) DB14, (8) DB15, (9) DB16, (10) DB17, and (11) DB18.

6.5
2007-10-17 CVE-2007-5509 Oracle Unspecified vulnerability in Oracle Database Server 9.2.0.8/9.2.0.8Dv

Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8 and 9.2.0.8DV has unknown impact and remote attack vectors, aka DB06.

6.5
2007-10-17 CVE-2007-5508 Oracle SQL Injection vulnerability in Oracle Database Server 10.1.0.5/10.2.0.3

Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03.

6.5
2007-10-17 CVE-2007-5504 Oracle Buffer Overflow vulnerability in Oracle Database Server 10.1.0.5/9.0.1.5

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+ and 10.1.0.5 unknown impact and remote attack vectors, related to (1) Import (DB01) and (2) Advanced Queuing (DB25).

6.5
2007-10-15 CVE-2007-5464 LFS Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in LFS Live FOR Speed

Stack-based buffer overflow in Live for Speed 0.5X10 and earlier allows remote authenticated users to cause a denial of service (client crash) and possibly execute arbitrary code via a long skin name.

6.5
2007-10-17 CVE-2007-5507 Oracle Improper Input Validation vulnerability in Oracle Database Server

The GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (crash) or read potentially sensitive memory via a connect GIOP packet with an invalid data size, which triggers a buffer over-read, aka DB22.

6.4
2007-10-16 CVE-2007-5486 Dotproject Permissions, Privileges, and Access Controls vulnerability in Dotproject

dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL.

6.4
2007-10-16 CVE-2007-5482 SUN Denial of Service vulnerability in SUN Storagetek 3510 and Storedge

Unspecified vulnerability in the FTP service in Sun StorEdge/StorageTek 3510 FC Array with firmware before 4.21 allows remote attackers, with access to the Ethernet management interface, to cause a denial of service (I/O request timeout and device hang) via unspecified vectors.

6.4
2007-10-19 CVE-2007-5595 Drupal Http Response Splitting vulnerability in Drupal

CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

5.1
2007-10-16 CVE-2007-4343 Irfanview Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Irfanview 3.99/4.00

Stack-based buffer overflow in IrfanView 3.99 and 4.00 allows user-assisted remote attackers to execute arbitrary code via a crafted palette (.pal) file.

5.1
2007-10-19 CVE-2007-5379 David Hansson Information Exposure vulnerability in David Hansson Ruby ON Rails

Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file.

5.0
2007-10-19 CVE-2007-5585 Xscreensaver Resource Management Errors vulnerability in Xscreensaver 5.03

xscreensaver 5.03 and earlier, when running without xscreensaver-gl-extras (GL extras) installed, crashes when /usr/bin/xscreensaver-gl-helper does not exist and a user attempts to unlock the screen, which allows attackers with physical access to gain access to the locked session.

5.0
2007-10-18 CVE-2007-5550 Cisco Information Exposure vulnerability in Cisco IOS

Unspecified vulnerability in Cisco IOS allows remote attackers to obtain the IOS version via unspecified vectors involving a "common network service", aka PSIRT-1255024833.

5.0
2007-10-18 CVE-2007-5473 Microsoft
Mono
Information Exposure vulnerability in Mono

StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP.

5.0
2007-10-17 CVE-2007-5513 Oracle Unspecified vulnerability in Oracle Database Server 10.1.0.5/9.2.0.8/9.2.0.8Dv

The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters, or (2) short entries contain any extra characters from usernames in previous entries, aka DB23.

5.0
2007-10-16 CVE-2007-5484 Wwwisis Path Traversal vulnerability in Wwwisis 7.1

Directory traversal vulnerability in wxis.exe in WWWISIS 7.1 allows local users to read arbitrary files via a ..

5.0
2007-10-16 CVE-2007-5481 Distributed Checksum Clearinghouse Denial Of Service vulnerability in Distributed Checksum Clearinghouse DCC 1.3.65

Distributed Checksum Clearinghouse (DCC) 1.3.65 allows remote attackers to cause a denial of service (crash) via a "SOCKS flood."

5.0
2007-10-16 CVE-2007-5469 Openser Permissions, Privileges, and Access Controls vulnerability in Openser 1.2.2

** DISPUTED ** OpenSER 1.2.2 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack").

5.0
2007-10-16 CVE-2007-5468 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Call Manager 5.1.1.3000

Cisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack").

5.0
2007-10-15 CVE-2007-5463 Viart Path Traversal vulnerability in Viart Shop

ideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta and earlier might allow remote attackers to obtain the pathname for certificate and key files via an "iDEAL transaction", possibly involving fopen error messages for nonexistent files, a different issue than CVE-2007-5364.

5.0
2007-10-18 CVE-2007-5536 Openssl
HP
Local Denial Of Service vulnerability in HP Hp-Ux 11.11/11.23/11.31

Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors.

4.9
2007-10-18 CVE-2007-4600 PTC Permissions, Privileges, and Access Controls vulnerability in PTC Mathcad

The "Protect Worksheet" functionality in Mathsoft Mathcad 12 through 13.1, and PTC Mathcad 14, implements file access restrictions via a protection element in a gzipped XML file, which allows attackers to bypass these restrictions by removing this element.

4.6
2007-10-17 CVE-2007-5492 Sitebar Code Injection vulnerability in Sitebar 3.3.8

Static code injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter.

4.6
2007-10-21 CVE-2007-5337 Linux
Gnome
Mozilla
Information Exposure vulnerability in multiple products

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server.

4.3
2007-10-21 CVE-2007-5334 Mozilla Configuration vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute.

4.3
2007-10-21 CVE-2007-5340 Mozilla Improper Input Validation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption.

4.3
2007-10-21 CVE-2007-5339 Mozilla Improper Input Validation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption or assert errors.

4.3
2007-10-19 CVE-2007-5598 WEB Links Project Cross-Site Scripting vulnerability in web Links Project web Links

Cross-site scripting (XSS) vulnerability in Weblinks for Drupal 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-10-19 CVE-2007-5597 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal

The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished comments from some modules, as demonstrated by (1) Organic groups and (2) Subscriptions.

4.3
2007-10-19 CVE-2007-5596 Drupal Cross-Site Scripting vulnerability in Drupal

The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading .html files.

4.3
2007-10-19 CVE-2007-5594 Drupal
Fedoraproject
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.

4.3
2007-10-19 CVE-2007-5589 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php.

4.3
2007-10-19 CVE-2007-5588 Mnogosearch Cross-Site Scripting vulnerability in Mnogosearch

Cross-site scripting (XSS) vulnerability in mnoGoSearch before 3.2.43 allows remote attackers to inject arbitrary web script or HTML via the t parameter in search.cgi, as reachable from search.htm-dist.

4.3
2007-10-18 CVE-2007-5577 Joomla Cross-Site Scripting vulnerability in Joomla

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or (3) multiple unspecified fields in New Menu Item.

4.3
2007-10-18 CVE-2007-5575 Treble Designs Cross-Site Request Forgery (CSRF) vulnerability in Treble Designs 1024 CMS 1.2.5

Cross-site request forgery (CSRF) vulnerability in 1024 CMS 1.2.5 allows remote attackers to perform some actions as administrators, as demonstrated by (1) an unspecified action that creates a file containing PHP code and (2) unspecified use of the forum component.

4.3
2007-10-18 CVE-2007-5572 Sphpblog Cross-Site Request Forgery (CSRF) vulnerability in Sphpblog 0.4.9

Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Blog (SPHPBlog) 0.4.9 allow remote attackers to perform delete actions as administrators via (1) the block_id parameter to add_block.php or (2) the link_id parameter to add_link.php.

4.3
2007-10-18 CVE-2007-5562 Netgear Cross-Site Scripting vulnerability in Netgear Ssl312

Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the login page) in Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 allows remote attackers to inject arbitrary web script or HTML via the err parameter in the context of an error page.

4.3
2007-10-18 CVE-2007-5547 Cisco Cross-Site Scripting vulnerability in Cisco IOS

Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote attackers to inject arbitrary web script or HTML, and execute IOS commands, via unspecified vectors, aka PSIRT-2022590358.

4.3
2007-10-18 CVE-2007-3102 Fedora Project
Openbsd
Remote Log Injection vulnerability in Openbsd Openssh 4.3P2

Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username.

4.3
2007-10-18 CVE-2007-5493 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows Mobile 2005

The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded.

4.3
2007-10-16 CVE-2007-5480 Innovaage Cross-Site Scripting vulnerability in Innovaage Innovashop

Multiple cross-site scripting (XSS) vulnerabilities in InnovaAge InnovaShop allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to msg.jsp, and the (2) contentid parameter to tc/contents/home001.jsp.

4.3
2007-10-16 CVE-2007-5479 Xcomputer Cross-Site Scripting vulnerability in Xcomputer

Cross-site scripting (XSS) vulnerability in Search.asp in Xcomputer allows remote attackers to inject arbitrary web script or HTML via the EXPS parameter.

4.3
2007-10-16 CVE-2007-5478 Nabh Information Systems Cross-Site Scripting vulnerability in Nabh Information Systems Stringbeans Portal 3.2

Cross-site scripting (XSS) vulnerability in projects in Nabh Stringbeans Portal (sbportal) 3.2 allows remote attackers to inject arbitrary web script or HTML via the project_name parameter.

4.3
2007-10-16 CVE-2007-5477 Valve Software Cross-Site Scripting vulnerability in Valve Software Half-Life Dedicated Server and Webmod Plugin

Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net WebMod 0.48 Half-Life Dedicated Server plugin allows remote attackers to inject arbitrary web script or HTML via the redir parameter.

4.3

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-10-15 CVE-2007-5461 Apache Path Traversal vulnerability in Apache Tomcat

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

3.5
2007-10-18 CVE-2007-5564 Simple PHP Forum Cross-Site Scripting vulnerability in Simple PHP Forum Simple PHP Forum 0.6.1

Multiple cross-site scripting (XSS) vulnerabilities in NSSboard (formerly Simple PHP Forum) 6.1 allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags when BBcode is disabled; or the (2) user, (3) email, or (4) Real Name fields in a profile.

2.6
2007-10-18 CVE-2007-5549 Cisco Information Exposure vulnerability in Cisco IOS

Unspecified vulnerability in Command EXEC in Cisco IOS allows local users to bypass command restrictions and obtain sensitive information via an unspecified "variation of an IOS command" involving "two different methods", aka CSCsk16129.

2.1
2007-10-16 CVE-2007-5470 Microsoft Information Exposure vulnerability in Microsoft Expression Media

Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file.

2.1