Weekly Vulnerabilities Reports > October 29 to November 4, 2007

Overview

105 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 29 high severity vulnerabilities. This weekly summary report vulnerabilities in 108 products from 84 vendors including IBM, Debian, Realnetworks, SUN, and Flatnuke3. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", "Cross-site Scripting", "Path Traversal", and "Improper Input Validation".

  • 95 reported vulnerabilities are remotely exploitables.
  • 21 reported vulnerabilities have public exploit available.
  • 31 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 96 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • Realnetworks has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

16 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-11-02 CVE-2007-5767 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Bordermanager

Heap-based buffer overflow in the Client Trust application (clntrust.exe) in Novell BorderManager 3.8 before Update 1.5 allows remote attackers to execute arbitrary code via a validation request in which the Novell tree name is not properly delimited with a wide-character backslash or NULL character.

10.0
2007-10-31 CVE-2007-4351 Cups Numeric Errors vulnerability in Cups

Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow.

10.0
2007-10-30 CVE-2007-5717 SUN Remote Arbitrary Command Execution vulnerability in Sun Fire X2100 M2 And X2200 M2 ELOM

Unspecified vulnerability in Sun Fire X2100 M2 and X2200 M2 Embedded Lights Out Manager (ELOM) on x86 before firmware 2.70 allows remote attackers to execute arbitrary commands as root on the Service Processor (SP) via unspecified vectors, a different vulnerability than CVE-2007-5170.

10.0
2007-10-29 CVE-2007-5689 SUN Remote Privilege Escalation vulnerability in SUN Jdk, JRE and SDK

The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves.

10.0
2007-11-02 CVE-2007-5660 Macrovision Remote Code Execution vulnerability in Macrovision InstallShield Update Service Isusweb.DLL

Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow.

9.3
2007-11-01 CVE-2007-5775 Bitdefender Buffer Overflow vulnerability in BitDefender Online Scanner OScan.OCX ActiveX Control Heap

Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024.

9.3
2007-10-31 CVE-2007-2957 Mcafee Numeric Errors vulnerability in Mcafee E-Business Server

Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, and before 8.1.2 for Linux, HP-UX, and AIX, allows remote attackers to execute arbitrary code via a large length value in an authentication packet, which results in a heap-based buffer overflow.

9.3
2007-10-31 CVE-2007-5081 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realone Player, Realplayer and Realplayer Enterprise

Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a crafted RM file.

9.3
2007-10-31 CVE-2007-5080 Realnetworks Numeric Errors vulnerability in Realnetworks Realone Player, Realplayer and Realplayer Enterprise

Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow.

9.3
2007-10-31 CVE-2007-4599 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realone Player and Realplayer

Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file.

9.3
2007-10-31 CVE-2007-2264 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realone Player, Realplayer and Realplayer Enterprise

Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header.

9.3
2007-10-31 CVE-2007-2263 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realone Player, Realplayer and Realplayer Enterprise

Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers.

9.3
2007-10-30 CVE-2007-5709 Sony Buffer Errors vulnerability in Sony Sonicstage Connect Player 4.3

Stack-based buffer overflow in Sony SonicStage CONNECT Player (CP) 4.3 allows remote attackers to execute arbitrary code via a long file name in an M3U file.

9.3
2007-10-29 CVE-2007-5706 Jeeblestechnology Path Traversal vulnerability in Jeeblestechnology Jeebles Directory 2.9.60

Absolute path traversal vulnerability in download.php in Jeebles Directory 2.9.60 allows remote attackers to read arbitrary files via a full pathname in the query string.

9.3
2007-10-29 CVE-2007-4222 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Lotus Notes

Buffer overflow in the TagAttributeListCopy function in nnotes.dll in IBM Lotus Notes before 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML email, related to duplicate RTF conversion when the recipient operates on this email.

9.3
2007-10-29 CVE-2007-3510 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Lotus Domino

Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.3, allows remote authenticated users to execute arbitrary code via a long mailbox name.

9.0

29 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-10-30 CVE-2007-5716 SUN Local Denial Of Service vulnerability in SUN Solaris 10.0

Unspecified vulnerability in the Internet Protocol (IP) functionality in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors, probably related to a UDP packet.

7.8
2007-10-29 CVE-2007-5413 HP Information Exposure vulnerability in HP products

httpd.tkd in Radia Integration Server in Hewlett-Packard (HP) OpenView Configuration Management (CM) Infrastructure 4.0 through 4.2i and Client Configuration Manager (CCM) 2.0 allows remote attackers to read arbitrary files via URLs containing tilde (~) references to home directories, as demonstrated by ~root.

7.8
2007-10-29 CVE-2007-5544 IBM Incorrect Permission Assignment for Critical Resource vulnerability in IBM Lotus Notes

IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session.

7.8
2007-11-03 CVE-2007-5802 Firewolf Technologies Path Traversal vulnerability in Firewolf Technologies Synergiser

Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-11-03 CVE-2007-5801 Work System E Commerce Ajax Pages Security vulnerability in Work System e-commerce

Unspecified vulnerability in WORK system e-commerce before 4.0.2 has unknown impact and attack vectors related to "Ajax pages."

7.5
2007-11-03 CVE-2007-5797 Apache Improper Authentication vulnerability in Apache Geronimo

SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.

7.5
2007-11-02 CVE-2007-5197 Suse
Debian
Opensuse
Mono
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mono

Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods.

7.5
2007-11-01 CVE-2007-5786 A Enterprise Code Injection vulnerability in A-Enterprise Gosamba 1.0.1

Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) HTML_oben.php, (2) inc_freigabe.php, (3) inc_freigabe1.php, or (4) inc_freigabe3.php in include/; (5) inc_group.php; (6) inc_manager.php; (7) inc_newgroup.php; (8) inc_smb_conf.php; (9) inc_user.php; or (10) main.php.

7.5
2007-11-01 CVE-2007-5785 Jobsiteprofessional Code Injection vulnerability in Jobsiteprofessional Jobsite Professional 2.0

SQL injection vulnerability in file.php in JobSite Professional 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-11-01 CVE-2007-5783 Emagic CMS Code Injection vulnerability in Emagic-Cms Emagic Cms.Net 4.0

SQL injection vulnerability in emc.asp in emagiC CMS.Net 4.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter.

7.5
2007-11-01 CVE-2007-5779 GOM Player Buffer Errors vulnerability in GOM Player GOM Player 2.1.6.3499

Buffer overflow in the GomManager (GomWeb Control) ActiveX control in GomWeb3.dll 1.0.0.12 in Gretech Online Movie Player (GOM Player) 2.1.6.3499 allows remote attackers to execute arbitrary code via a long argument to the OpenUrl method.

7.5
2007-11-01 CVE-2007-5778 Flexispy Cleartext Storage of Sensitive Information vulnerability in Flexispy Mobile SPY

Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network.

7.5
2007-11-01 CVE-2007-5771 Flatnuke3 Permissions, Privileges, and Access Controls vulnerability in Flatnuke3

Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie.

7.5
2007-10-31 CVE-2007-5753 Light Fman PHP Security vulnerability in Light FMan PHP

Unspecified vulnerability in Light FMan PHP (lfman or lightfman) before 2.0rc1 has unknown impact and attack vectors related to "actions."

7.5
2007-10-31 CVE-2007-5752 Agtc Websolutions Improper Authentication vulnerability in Agtc Websolutions PHP-Agtc Membership System 1.1A

adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges.

7.5
2007-10-31 CVE-2007-4345 Ipswitch Buffer Errors vulnerability in Ipswitch Imail Client and Imail Server

Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail Server 2006.22, allows remote attackers to execute arbitrary code via a long boundary parameter in a multipart MIME e-mail message.

7.5
2007-10-31 CVE-2007-5740 Vergenet USE of Externally-Controlled Format String vulnerability in Vergenet Perdition Mail Retrieval Proxy

The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.

7.5
2007-10-30 CVE-2007-5737 Ghlab Improper Input Validation vulnerability in Ghlab Korean Ghboard

Unrestricted file upload vulnerability in component/upload.jsp in Korean GHBoard allows remote attackers to upload arbitrary files via unspecified vectors, probably involving a direct request.

7.5
2007-10-30 CVE-2007-5733 Japanese PHP Gallery Hosting Improper Input Validation vulnerability in Japanese PHP Gallery Hosting Japanese PHP Gallery Hosting

Unrestricted file upload vulnerability in upload/upload.php in Japanese PHP Gallery Hosting, when Open directory mode is enabled, allows remote attackers to upload and execute arbitrary PHP code via a ServerPath parameter specifying a filename with a double extension.

7.5
2007-10-30 CVE-2007-5722 Ourgame COM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ourgame.Com Globallink

Stack-based buffer overflow in a certain ActiveX control in GLChat.ocx 2.5.1.32 in GlobalLink 2.7.0.8, as used in Ourgame GLWorld and possibly other products, allows remote attackers to execute arbitrary code via a long first argument to the ConnectAndEnterRoom method, possibly involving the GLCHAT.GLChatCtrl.1 control, as originally exploited in the wild in October 2007.

7.5
2007-10-30 CVE-2007-5719 Minibb SQL Injection vulnerability in Minibb 2.1

SQL injection vulnerability in bb_func_search.php in miniBB 2.1 allows remote attackers to execute arbitrary SQL commands via the table parameter to index.php.

7.5
2007-10-30 CVE-2007-5713 Amxmodx
Valve Software
Numeric Errors vulnerability in multiple products

Off-by-one error in the GeoIP module in the AMX Mod X 1.76d plugin for Half-Life Server might allow attackers to execute arbitrary code or cause a denial of service via unspecified input related to geolocation, which triggers an error message from the (1) geoip_code2 or (2) geoip_code3 function, leading to a buffer overflow.

7.5
2007-10-29 CVE-2007-5704 Codewidgets SQL Injection vulnerability in Codewidgets Online Event Registration Template

Multiple SQL injection vulnerabilities in CodeWidgets.com Online Event Registration Template allow remote attackers to execute arbitrary SQL commands via the (1) Email Address and (2) Password fields in (a) login.asp and (b) admin_login.asp.

7.5
2007-10-29 CVE-2007-5688 Invision Power Services
Phpbb
Sebflipper
SQL Injection vulnerability in multiple products

Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters.

7.5
2007-10-30 CVE-2007-5730 Qemu
Debian
Out-Of-Bounds Write vulnerability in multiple products

Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow.

7.2
2007-10-30 CVE-2007-5729 Qemu
Debian
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow.

7.2
2007-10-30 CVE-2007-1321 Qemu
Fedoraproject
Debian
Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error.
7.2
2007-11-01 CVE-2007-5793 Stonesoft Unspecified vulnerability in Stonesoft Stonegate IPS

Stonesoft StoneGate IPS before 4.0 does not properly decode Fullwidth/Halfwidth Unicode encoded data, which makes it easier for remote attackers to scan or penetrate systems and avoid detection.

7.1
2007-10-30 CVE-2007-5708 Openldap Resource Management Errors vulnerability in Openldap

slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers to cause a denial of service (segmentation fault) via unknown vectors that prevent the array from being null terminated.

7.1

55 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-11-03 CVE-2007-5800 TOM Willmot
Wordpress
Code Injection vulnerability in TOM Willmot Backupwordpress Plugin

Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow remote attackers to execute arbitrary PHP code via a URL in the bkpwp_plugin_path parameter to (1) plugins/BackUp/Archive.php; and (2) Predicate.php, (3) Writer.php, (4) Reader.php, and other unspecified scripts under plugins/BackUp/Archive/.

6.8
2007-11-02 CVE-2007-4829 Archive
Canonical
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.

6.8
2007-11-01 CVE-2007-5784 Caupo NET Code Injection vulnerability in Caupo.Net Cauposhop PRO

PHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.

6.8
2007-11-01 CVE-2007-5781 Sige Code Injection vulnerability in Sige 0.1

PHP remote file inclusion vulnerability in inc/sige_init.php in Sige 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the SYS_PATH parameter.

6.8
2007-11-01 CVE-2007-5780 Telematic LAB Code Injection vulnerability in Telematic LAB Teatro

PHP remote file inclusion vulnerability in pub/pub08_comments.php in teatro 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.

6.8
2007-10-31 CVE-2007-5754 Phpfaber Code Injection vulnerability in PHPfaber Urlinn 2.0.5

PHP remote file inclusion vulnerability in urlinn_includes/config.php in phpFaber URLInn 2.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the dir_ws parameter.

6.8
2007-10-30 CVE-2007-5738 Ghlab Improper Input Validation vulnerability in Ghlab Korean Ghboard

The FlashUpload component in Korean GHBoard uses a client-side protection mechanism to prevent uploading of dangerous file extensions, which allows remote attackers to bypass restrictions and upload arbitrary files via a modified copy of component/flashupload/upload.html.

6.8
2007-10-30 CVE-2007-5726 SUN Remote Denial of Service vulnerability in SUN Solaris 10.0

Unspecified vulnerability in the Stream Control Transmission Protocol (sctp) functionality in Sun Solaris 10, when at least one SCTP socket is in the LISTEN state, allows remote attackers to cause a denial of service (panic) via unspecified vectors related to "INIT processing."

6.8
2007-10-30 CVE-2007-5721 Myspacepros Code Injection vulnerability in Myspacepros Myspace Resource Script 1.21

PHP remote file inclusion vulnerability in _theme/breadcrumb.php in MySpacePros MySpace Resource Script (MSRS) 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the rootBase parameter.

6.8
2007-10-30 CVE-2007-5720 Profilecms Code Injection vulnerability in Profilecms 1.0

Unrestricted file upload vulnerability in the profiles script in ProfileCMS 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving creation of a profile.

6.8
2007-10-30 CVE-2007-4863 Quirm SQL Injection vulnerability in Quirm Saxon 5.4

SQL injection vulnerability in example.php in SAXON 5.4 allows remote attackers to execute arbitrary SQL commands via the template parameter.

6.8
2007-10-30 CVE-2007-5714 Gentoo Improper Authentication vulnerability in Gentoo Mldonkey Ebuild 2.9.0

The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code.

6.8
2007-10-29 CVE-2007-5699 Eiqnetworks Buffer Errors vulnerability in Eiqnetworks Enterprise Security Analyzer 2.5

Stack-based buffer overflow in eIQNetworks Enterprise Security Analyzer (ESA) 2.5 allows remote attackers to execute arbitrary code via certain data on TCP port 10616 that results in a long argument to the SEARCHREPORT command, a different vector than CVE-2007-2059.

6.8
2007-10-29 CVE-2007-5697 Phpimage Code Injection vulnerability in PHPimage PHP Image 1.2

Multiple PHP remote file inclusion vulnerabilities in PHP Image 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the xarg parameter to (1) xarg_corner.php, (2) xarg_corner_bottom.php, and (3) xarg_corner_top.php.

6.8
2007-10-29 CVE-2007-5696 Phpbasic Code Injection vulnerability in PHPbasic

PHP remote file inclusion vulnerability in includes.php in phpBasic allows remote attackers to execute arbitrary PHP code via a URL in the root parameter, possibly related to the Music module.

6.8
2007-10-29 CVE-2007-5694 Sitebar Path Traversal vulnerability in Sitebar 3.3.8

Absolute path traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter, a different vulnerability than CVE-2007-5491.

6.8
2007-10-30 CVE-2007-4277 Trend Micro Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Pc-Cillin Internet Security 2007 and Scan Engine

The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \\.\Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality.

6.6
2007-10-30 CVE-2007-5736 Seeblick Improper Input Validation vulnerability in Seeblick 1.0

Unrestricted file upload vulnerability in upload.php in SeeBlick 1.0 Beta allows remote attackers to upload arbitrary files via unspecified vectors.

6.4
2007-10-30 CVE-2007-5734 Efileman Improper Input Validation vulnerability in Efileman 7.1.0.8788

Unrestricted file upload vulnerability in eFileMan 7.1.0.87-88 allows remote attackers to upload arbitrary files, with "uploads/upload_file." destination filenames, via unspecified vectors to upload.cgi, accessed from upload.html.

6.4
2007-10-29 CVE-2007-5695 Sitebar Link Following vulnerability in Sitebar 3.3.8

Open redirect vulnerability in command.php in SiteBar 3.3.8 allows remote attackers to redirect users to arbitrary web sites via a URL in the forward parameter in a Log In action.

6.4
2007-11-02 CVE-2007-5795 Debian
GNU
Local Variable Handling Code Execution vulnerability in GNU Emacs

The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.

6.3
2007-10-29 CVE-2007-5700 IBM Information Disclosure vulnerability and Buffer Overflow vulnerability in IBM Lotus Domino

The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information.

6.3
2007-10-29 CVE-2007-3920 Ubuntu
Compiz
Gnome
GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.
6.2
2007-11-01 CVE-2007-5772 Flatnuke3 Code Injection vulnerability in Flatnuke3

Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1.

6.0
2007-10-29 CVE-2007-5705 Jeeblestechnology Code Injection vulnerability in Jeeblestechnology Jeebles Directory 2.9.60

Unspecified vulnerability in the Settings component in the administration system in Jeebles Directory 2.9.60 allows remote authenticated administrators to execute arbitrary PHP code via unspecified vectors related to settings.inc.php.

6.0
2007-10-29 CVE-2007-5693 Sitebar Code Injection vulnerability in Sitebar 3.3.8

Eval injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492.

6.0
2007-11-01 CVE-2007-5787 Phptoys Permissions, Privileges, and Access Controls vulnerability in PHPtoys Micro Login System 1.0

Micro Login System 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a password via a direct request for userpwd.txt.

5.0
2007-11-01 CVE-2007-5782 Fireconfig Path Traversal vulnerability in Fireconfig 0.5

Directory traversal vulnerability in dl.php in FireConfig 0.5 allows remote attackers to read arbitrary files via a ..

5.0
2007-11-01 CVE-2007-5777 Blue Collar Productions Permissions, Privileges, and Access Controls vulnerability in Blue-Collar Productions I-Gallery 3.4

Blue-Collar Productions i-Gallery 3.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a base64-encoded password via a direct request for igallery.mdb.

5.0
2007-11-01 CVE-2007-5776 Blue Collar Productions Path Traversal vulnerability in Blue-Collar Productions I-Gallery 3.4

Directory traversal vulnerability in igallery.asp in Blue-Collar Productions i-Gallery 3.4 allows remote attackers to read arbitrary files via encoded backslash sequences in the d parameter, as demonstrated by a "%5c../../%5c" sequence.

5.0
2007-11-01 CVE-2007-5774 Flatnuke3 Information Exposure vulnerability in Flatnuke3

index.php in the File Manager module in Flatnuke 3 allows remote attackers to obtain sensitive information via an invalid argumentname parameter in a disc op action, which reveals the path in an error message.

5.0
2007-10-30 CVE-2007-5739 Ghlab Path Traversal vulnerability in Ghlab Korean Ghboard

Directory traversal vulnerability in component/flashupload/download.jsp in the FlashUpload component in Korean GHBoard allows remote attackers to read arbitrary files via a ..

5.0
2007-10-30 CVE-2007-5735 Efileman Permissions, Privileges, and Access Controls vulnerability in Efileman 7.1.0.8788

eFileMan 7.1.0.87-88 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain unspecified user information via a direct request for cgi-bin/efileman/efileman_config.pm.

5.0
2007-10-30 CVE-2007-5732 Elouai Path Traversal vulnerability in Elouai Force Download

Directory traversal vulnerability in downloadfile.php in eLouai's Force Download of media files script, as available on 20071030 and earlier, allows remote attackers to read arbitrary files via the file parameter.

5.0
2007-10-30 CVE-2007-4861 Quirm Information Exposure vulnerability in Quirm Saxon 5.4

SAXON 5.4, with display_errors enabled, allows remote attackers to obtain sensitive information via (1) a direct request for news.php, (2) an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in (3) admin/, (4) rss/, and (5) the root directory of the installation, which reveal the path in various error messages.

5.0
2007-10-30 CVE-2007-5711 Massive Entertainment Improper Input Validation vulnerability in Massive Entertainment World in Conflict

Massive Entertainment World in Conflict 1.001 and earlier allows remote attackers to cause a denial of service (failed assertion and daemon crash) via a large packet to TCP or UDP port 48000.

5.0
2007-10-29 CVE-2007-5622 3Proxy Resource Management Errors vulnerability in 3Proxy

Double free vulnerability in the ftpprchild function in ftppr in 3proxy 0.5 through 0.5.3i allows remote attackers to cause a denial of service (daemon crash) via multiple OPEN commands to the FTP proxy.

5.0
2007-10-30 CVE-2007-5718 Debian
Vobcopy
Link Following vulnerability in Vobcopy 0.5.14

vobcopy 0.5.14 allows local users to append data to an arbitrary file, or create an arbitrary new file, via a symlink attack on the (1) /tmp/vobcopy.bla or (2) /tmp/vobcopy_0.5.14.log temporary file.

4.9
2007-11-03 CVE-2007-5799 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server

Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters.

4.3
2007-11-03 CVE-2007-5798 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to inject arbitrary web script or HTML via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters.

4.3
2007-11-03 CVE-2007-5796 Symantec Cross-Site Scripting vulnerability in Symantec Proxysg Firmware 5.0.0

Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists.

4.3
2007-11-01 CVE-2007-5773 Flatnuke3 Cross-Site Request Forgery (CSRF) vulnerability in Flatnuke3

Cross-site request forgery (CSRF) vulnerability in index.php in the File Manager module in Flatnuke 3 allows remote attackers to perform certain actions as administrators via requests containing the pathname in the dir parameter and the filename in the ffile parameter.

4.3
2007-10-30 CVE-2007-5728 Phppgadmin Cross-Site Scripting vulnerability in PHPpgadmin

Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.

4.3
2007-10-30 CVE-2007-5727 Oneorzero Cross-Site Scripting vulnerability in Oneorzero Helpdesk 1.6.4.2/1.6.5.4

Incomplete blacklist vulnerability in the stripScripts function in common.php in OneOrZero Helpdesk 1.6.5.4, 1.6.4.2, and possibly other versions, allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary web script or HTML via XSS sequences without SCRIPT tags in the description parameter to (1) tcreate.php or (2) tupdate.php, as demonstrated using an onmouseover event in a b tag.

4.3
2007-10-30 CVE-2007-5725 Smart Shop Cross-Site Scripting vulnerability in Smart-Shop

Multiple cross-site scripting (XSS) vulnerabilities in Smart-Shop allow remote attackers to inject arbitrary web script or HTML via (1) the email parameter to index.php; or the command parameter to index.php in (2) the default action for the home page, (3) a currencies action, or (4) a basket action.

4.3
2007-10-30 CVE-2007-5724 Omnistar Interactive Cross-Site Scripting vulnerability in Omnistar Interactive Omnistar Live

Multiple cross-site scripting (XSS) vulnerabilities in Omnistar Live allow remote attackers to inject arbitrary web script or HTML via (1) the category_id parameter to users/kb.php, and possibly (3) the Email Box field in profile.php.

4.3
2007-10-30 CVE-2007-4862 Quirm Cross-Site Scripting vulnerability in Quirm Saxon 5.4

Cross-site scripting (XSS) vulnerability in admin/menu.php in SAXON 5.4 allows remote attackers to inject arbitrary web script or HTML via the config[news_url] parameter.

4.3
2007-10-30 CVE-2007-5715 Denyhosts Configuration vulnerability in Denyhosts 2.6

DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log messages with an incorrect regular expression that does not match an IP address, which might allow remote attackers to avoid detection and blocking when making invalid login attempts with a username not present in AllowUsers, as demonstrated by the root username, a different vulnerability than CVE-2007-4323.

4.3
2007-10-30 CVE-2007-4348 IBM Cross-Site Scripting vulnerability in IBM Tivoli Storage Manager Client

Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface.

4.3
2007-10-29 CVE-2007-5703 RSA Cross-Site Scripting vulnerability in RSA Keon Registration Authority web Interface 1.0

Multiple cross-site scripting (XSS) vulnerabilities in (1) Request-spk.xuda and (2) Add-msie-request.xuda in RSA KEON Registration Authority Web Interface 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-10-29 CVE-2007-5702 Novell Cross-Site Scripting vulnerability in Novell Opensuse Swamp

Cross-site scripting (XSS) vulnerability in swamp/action/LoginActions (aka the login box) in the Novell OpenSUSE SWAMP Workflow Administration and Management Platform 1.x allows remote attackers to inject arbitrary web script or HTML via the username parameter.

4.3
2007-10-29 CVE-2007-4999 Pidgin Improper Input Validation vulnerability in Pidgin 2.1.0/2.2.0/2.2.1

libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996.

4.3
2007-10-29 CVE-2007-5698 Creapark Cross-Site Scripting vulnerability in Creapark Gold KOY Portali

Cross-site scripting (XSS) vulnerability in default.asp in CREApark GOLD KOY PORTALI allows remote attackers to inject arbitrary web script or HTML via the aranan parameter.

4.3
2007-10-29 CVE-2007-5692 Sitebar Cross-Site Scripting vulnerability in Sitebar 3.3.8

Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter to integrator.php; (2) the token parameter in a New Password action, (3) the nid_acl parameter in a Folder Properties action, or (4) the uid parameter in a Modify User action to command.php; or (5) the target parameter to index.php, different vectors than CVE-2006-3320.

4.3
2007-10-29 CVE-2007-5691 Mozilla Improper Input Validation vulnerability in Mozilla Firefox 2.0.0.7

ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers to cause a denial of service (application crash) via a crafted reply to an unspecified listing command, related to "reading from invalid pointer."

4.3

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-10-30 CVE-2007-5731 Apache Path Traversal vulnerability in Apache Jakarta Slide 2.1

Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.

3.5
2007-10-30 CVE-2007-5712 Django Project Resource Management Errors vulnerability in Django Project Django

The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.

2.6
2007-10-30 CVE-2007-5710 Wordpress Cross-Site Scripting vulnerability in Wordpress 2.3

Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the posts_columns array parameter.

2.6
2007-10-31 CVE-2007-5751 Liferea Permissions, Privileges, and Access Controls vulnerability in Liferea

Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials.

2.1
2007-10-29 CVE-2007-5701 IBM Information Exposure vulnerability in IBM Lotus Domino

Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel.

2.1