Weekly Vulnerabilities Reports > October 29 to November 4, 2007
Overview
105 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 29 high severity vulnerabilities. This weekly summary report vulnerabilities in 108 products from 84 vendors including IBM, Debian, Realnetworks, SUN, and Flatnuke3. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", "Cross-site Scripting", "Path Traversal", and "Improper Input Validation".
- 95 reported vulnerabilities are remotely exploitables.
- 21 reported vulnerabilities have public exploit available.
- 31 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 96 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 8 reported vulnerabilities.
- Realnetworks has the most reported critical vulnerabilities, with 5 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
16 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-11-02 | CVE-2007-5767 | Novell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Bordermanager Heap-based buffer overflow in the Client Trust application (clntrust.exe) in Novell BorderManager 3.8 before Update 1.5 allows remote attackers to execute arbitrary code via a validation request in which the Novell tree name is not properly delimited with a wide-character backslash or NULL character. | 10.0 |
2007-10-31 | CVE-2007-4351 | Cups | Numeric Errors vulnerability in Cups Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow. | 10.0 |
2007-10-30 | CVE-2007-5717 | SUN | Remote Arbitrary Command Execution vulnerability in Sun Fire X2100 M2 And X2200 M2 ELOM Unspecified vulnerability in Sun Fire X2100 M2 and X2200 M2 Embedded Lights Out Manager (ELOM) on x86 before firmware 2.70 allows remote attackers to execute arbitrary commands as root on the Service Processor (SP) via unspecified vectors, a different vulnerability than CVE-2007-5170. | 10.0 |
2007-10-29 | CVE-2007-5689 | SUN | Remote Privilege Escalation vulnerability in SUN Jdk, JRE and SDK The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves. | 10.0 |
2007-11-02 | CVE-2007-5660 | Macrovision | Remote Code Execution vulnerability in Macrovision InstallShield Update Service Isusweb.DLL Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow. | 9.3 |
2007-11-01 | CVE-2007-5775 | Bitdefender | Buffer Overflow vulnerability in BitDefender Online Scanner OScan.OCX ActiveX Control Heap Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. | 9.3 |
2007-10-31 | CVE-2007-2957 | Mcafee | Numeric Errors vulnerability in Mcafee E-Business Server Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, and before 8.1.2 for Linux, HP-UX, and AIX, allows remote attackers to execute arbitrary code via a large length value in an authentication packet, which results in a heap-based buffer overflow. | 9.3 |
2007-10-31 | CVE-2007-5081 | Realnetworks | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realone Player, Realplayer and Realplayer Enterprise Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a crafted RM file. | 9.3 |
2007-10-31 | CVE-2007-5080 | Realnetworks | Numeric Errors vulnerability in Realnetworks Realone Player, Realplayer and Realplayer Enterprise Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow. | 9.3 |
2007-10-31 | CVE-2007-4599 | Realnetworks | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realone Player and Realplayer Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file. | 9.3 |
2007-10-31 | CVE-2007-2264 | Realnetworks | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realone Player, Realplayer and Realplayer Enterprise Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header. | 9.3 |
2007-10-31 | CVE-2007-2263 | Realnetworks | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realone Player, Realplayer and Realplayer Enterprise Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers. | 9.3 |
2007-10-30 | CVE-2007-5709 | Sony | Buffer Errors vulnerability in Sony Sonicstage Connect Player 4.3 Stack-based buffer overflow in Sony SonicStage CONNECT Player (CP) 4.3 allows remote attackers to execute arbitrary code via a long file name in an M3U file. | 9.3 |
2007-10-29 | CVE-2007-5706 | Jeeblestechnology | Path Traversal vulnerability in Jeeblestechnology Jeebles Directory 2.9.60 Absolute path traversal vulnerability in download.php in Jeebles Directory 2.9.60 allows remote attackers to read arbitrary files via a full pathname in the query string. | 9.3 |
2007-10-29 | CVE-2007-4222 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Lotus Notes Buffer overflow in the TagAttributeListCopy function in nnotes.dll in IBM Lotus Notes before 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML email, related to duplicate RTF conversion when the recipient operates on this email. | 9.3 |
2007-10-29 | CVE-2007-3510 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Lotus Domino Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.3, allows remote authenticated users to execute arbitrary code via a long mailbox name. | 9.0 |
29 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-10-30 | CVE-2007-5716 | SUN | Local Denial Of Service vulnerability in SUN Solaris 10.0 Unspecified vulnerability in the Internet Protocol (IP) functionality in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors, probably related to a UDP packet. | 7.8 |
2007-10-29 | CVE-2007-5413 | HP | Information Exposure vulnerability in HP products httpd.tkd in Radia Integration Server in Hewlett-Packard (HP) OpenView Configuration Management (CM) Infrastructure 4.0 through 4.2i and Client Configuration Manager (CCM) 2.0 allows remote attackers to read arbitrary files via URLs containing tilde (~) references to home directories, as demonstrated by ~root. | 7.8 |
2007-10-29 | CVE-2007-5544 | IBM | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Lotus Notes IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session. | 7.8 |
2007-11-03 | CVE-2007-5802 | Firewolf Technologies | Path Traversal vulnerability in Firewolf Technologies Synergiser Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2007-11-03 | CVE-2007-5801 | Work System E Commerce | Ajax Pages Security vulnerability in Work System e-commerce Unspecified vulnerability in WORK system e-commerce before 4.0.2 has unknown impact and attack vectors related to "Ajax pages." | 7.5 |
2007-11-03 | CVE-2007-5797 | Apache | Improper Authentication vulnerability in Apache Geronimo SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database. | 7.5 |
2007-11-02 | CVE-2007-5197 | Suse Debian Opensuse Mono | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mono Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods. | 7.5 |
2007-11-01 | CVE-2007-5786 | A Enterprise | Code Injection vulnerability in A-Enterprise Gosamba 1.0.1 Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) HTML_oben.php, (2) inc_freigabe.php, (3) inc_freigabe1.php, or (4) inc_freigabe3.php in include/; (5) inc_group.php; (6) inc_manager.php; (7) inc_newgroup.php; (8) inc_smb_conf.php; (9) inc_user.php; or (10) main.php. | 7.5 |
2007-11-01 | CVE-2007-5785 | Jobsiteprofessional | Code Injection vulnerability in Jobsiteprofessional Jobsite Professional 2.0 SQL injection vulnerability in file.php in JobSite Professional 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-11-01 | CVE-2007-5783 | Emagic CMS | Code Injection vulnerability in Emagic-Cms Emagic Cms.Net 4.0 SQL injection vulnerability in emc.asp in emagiC CMS.Net 4.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter. | 7.5 |
2007-11-01 | CVE-2007-5779 | GOM Player | Buffer Errors vulnerability in GOM Player GOM Player 2.1.6.3499 Buffer overflow in the GomManager (GomWeb Control) ActiveX control in GomWeb3.dll 1.0.0.12 in Gretech Online Movie Player (GOM Player) 2.1.6.3499 allows remote attackers to execute arbitrary code via a long argument to the OpenUrl method. | 7.5 |
2007-11-01 | CVE-2007-5778 | Flexispy | Cleartext Storage of Sensitive Information vulnerability in Flexispy Mobile SPY Mobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network. | 7.5 |
2007-11-01 | CVE-2007-5771 | Flatnuke3 | Permissions, Privileges, and Access Controls vulnerability in Flatnuke3 Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie. | 7.5 |
2007-10-31 | CVE-2007-5753 | Light Fman PHP | Security vulnerability in Light FMan PHP Unspecified vulnerability in Light FMan PHP (lfman or lightfman) before 2.0rc1 has unknown impact and attack vectors related to "actions." | 7.5 |
2007-10-31 | CVE-2007-5752 | Agtc Websolutions | Improper Authentication vulnerability in Agtc Websolutions PHP-Agtc Membership System 1.1A adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges. | 7.5 |
2007-10-31 | CVE-2007-4345 | Ipswitch | Buffer Errors vulnerability in Ipswitch Imail Client and Imail Server Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail Server 2006.22, allows remote attackers to execute arbitrary code via a long boundary parameter in a multipart MIME e-mail message. | 7.5 |
2007-10-31 | CVE-2007-5740 | Vergenet | USE of Externally-Controlled Format String vulnerability in Vergenet Perdition Mail Retrieval Proxy The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism. | 7.5 |
2007-10-30 | CVE-2007-5737 | Ghlab | Improper Input Validation vulnerability in Ghlab Korean Ghboard Unrestricted file upload vulnerability in component/upload.jsp in Korean GHBoard allows remote attackers to upload arbitrary files via unspecified vectors, probably involving a direct request. | 7.5 |
2007-10-30 | CVE-2007-5733 | Japanese PHP Gallery Hosting | Improper Input Validation vulnerability in Japanese PHP Gallery Hosting Japanese PHP Gallery Hosting Unrestricted file upload vulnerability in upload/upload.php in Japanese PHP Gallery Hosting, when Open directory mode is enabled, allows remote attackers to upload and execute arbitrary PHP code via a ServerPath parameter specifying a filename with a double extension. | 7.5 |
2007-10-30 | CVE-2007-5722 | Ourgame COM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ourgame.Com Globallink Stack-based buffer overflow in a certain ActiveX control in GLChat.ocx 2.5.1.32 in GlobalLink 2.7.0.8, as used in Ourgame GLWorld and possibly other products, allows remote attackers to execute arbitrary code via a long first argument to the ConnectAndEnterRoom method, possibly involving the GLCHAT.GLChatCtrl.1 control, as originally exploited in the wild in October 2007. | 7.5 |
2007-10-30 | CVE-2007-5719 | Minibb | SQL Injection vulnerability in Minibb 2.1 SQL injection vulnerability in bb_func_search.php in miniBB 2.1 allows remote attackers to execute arbitrary SQL commands via the table parameter to index.php. | 7.5 |
2007-10-30 | CVE-2007-5713 | Amxmodx Valve Software | Numeric Errors vulnerability in multiple products Off-by-one error in the GeoIP module in the AMX Mod X 1.76d plugin for Half-Life Server might allow attackers to execute arbitrary code or cause a denial of service via unspecified input related to geolocation, which triggers an error message from the (1) geoip_code2 or (2) geoip_code3 function, leading to a buffer overflow. | 7.5 |
2007-10-29 | CVE-2007-5704 | Codewidgets | SQL Injection vulnerability in Codewidgets Online Event Registration Template Multiple SQL injection vulnerabilities in CodeWidgets.com Online Event Registration Template allow remote attackers to execute arbitrary SQL commands via the (1) Email Address and (2) Password fields in (a) login.asp and (b) admin_login.asp. | 7.5 |
2007-10-29 | CVE-2007-5688 | Invision Power Services Phpbb Sebflipper | SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters. | 7.5 |
2007-10-30 | CVE-2007-5730 | Qemu Debian | Out-Of-Bounds Write vulnerability in multiple products Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. | 7.2 |
2007-10-30 | CVE-2007-5729 | Qemu Debian Opensuse | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. | 7.2 |
2007-10-30 | CVE-2007-1321 | Qemu Fedoraproject Debian | Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. | 7.2 |
2007-11-01 | CVE-2007-5793 | Stonesoft | Unspecified vulnerability in Stonesoft Stonegate IPS Stonesoft StoneGate IPS before 4.0 does not properly decode Fullwidth/Halfwidth Unicode encoded data, which makes it easier for remote attackers to scan or penetrate systems and avoid detection. | 7.1 |
2007-10-30 | CVE-2007-5708 | Openldap | Resource Management Errors vulnerability in Openldap slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers to cause a denial of service (segmentation fault) via unknown vectors that prevent the array from being null terminated. | 7.1 |
55 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-11-03 | CVE-2007-5800 | TOM Willmot Wordpress | Code Injection vulnerability in TOM Willmot Backupwordpress Plugin Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow remote attackers to execute arbitrary PHP code via a URL in the bkpwp_plugin_path parameter to (1) plugins/BackUp/Archive.php; and (2) Predicate.php, (3) Writer.php, (4) Reader.php, and other unspecified scripts under plugins/BackUp/Archive/. | 6.8 |
2007-11-02 | CVE-2007-4829 | Archive Canonical | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences. | 6.8 |
2007-11-01 | CVE-2007-5784 | Caupo NET | Code Injection vulnerability in Caupo.Net Cauposhop PRO PHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. | 6.8 |
2007-11-01 | CVE-2007-5781 | Sige | Code Injection vulnerability in Sige 0.1 PHP remote file inclusion vulnerability in inc/sige_init.php in Sige 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the SYS_PATH parameter. | 6.8 |
2007-11-01 | CVE-2007-5780 | Telematic LAB | Code Injection vulnerability in Telematic LAB Teatro PHP remote file inclusion vulnerability in pub/pub08_comments.php in teatro 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. | 6.8 |
2007-10-31 | CVE-2007-5754 | Phpfaber | Code Injection vulnerability in PHPfaber Urlinn 2.0.5 PHP remote file inclusion vulnerability in urlinn_includes/config.php in phpFaber URLInn 2.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the dir_ws parameter. | 6.8 |
2007-10-30 | CVE-2007-5738 | Ghlab | Improper Input Validation vulnerability in Ghlab Korean Ghboard The FlashUpload component in Korean GHBoard uses a client-side protection mechanism to prevent uploading of dangerous file extensions, which allows remote attackers to bypass restrictions and upload arbitrary files via a modified copy of component/flashupload/upload.html. | 6.8 |
2007-10-30 | CVE-2007-5726 | SUN | Remote Denial of Service vulnerability in SUN Solaris 10.0 Unspecified vulnerability in the Stream Control Transmission Protocol (sctp) functionality in Sun Solaris 10, when at least one SCTP socket is in the LISTEN state, allows remote attackers to cause a denial of service (panic) via unspecified vectors related to "INIT processing." | 6.8 |
2007-10-30 | CVE-2007-5721 | Myspacepros | Code Injection vulnerability in Myspacepros Myspace Resource Script 1.21 PHP remote file inclusion vulnerability in _theme/breadcrumb.php in MySpacePros MySpace Resource Script (MSRS) 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the rootBase parameter. | 6.8 |
2007-10-30 | CVE-2007-5720 | Profilecms | Code Injection vulnerability in Profilecms 1.0 Unrestricted file upload vulnerability in the profiles script in ProfileCMS 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving creation of a profile. | 6.8 |
2007-10-30 | CVE-2007-4863 | Quirm | SQL Injection vulnerability in Quirm Saxon 5.4 SQL injection vulnerability in example.php in SAXON 5.4 allows remote attackers to execute arbitrary SQL commands via the template parameter. | 6.8 |
2007-10-30 | CVE-2007-5714 | Gentoo | Improper Authentication vulnerability in Gentoo Mldonkey Ebuild 2.9.0 The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code. | 6.8 |
2007-10-29 | CVE-2007-5699 | Eiqnetworks | Buffer Errors vulnerability in Eiqnetworks Enterprise Security Analyzer 2.5 Stack-based buffer overflow in eIQNetworks Enterprise Security Analyzer (ESA) 2.5 allows remote attackers to execute arbitrary code via certain data on TCP port 10616 that results in a long argument to the SEARCHREPORT command, a different vector than CVE-2007-2059. | 6.8 |
2007-10-29 | CVE-2007-5697 | Phpimage | Code Injection vulnerability in PHPimage PHP Image 1.2 Multiple PHP remote file inclusion vulnerabilities in PHP Image 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the xarg parameter to (1) xarg_corner.php, (2) xarg_corner_bottom.php, and (3) xarg_corner_top.php. | 6.8 |
2007-10-29 | CVE-2007-5696 | Phpbasic | Code Injection vulnerability in PHPbasic PHP remote file inclusion vulnerability in includes.php in phpBasic allows remote attackers to execute arbitrary PHP code via a URL in the root parameter, possibly related to the Music module. | 6.8 |
2007-10-29 | CVE-2007-5694 | Sitebar | Path Traversal vulnerability in Sitebar 3.3.8 Absolute path traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter, a different vulnerability than CVE-2007-5491. | 6.8 |
2007-10-30 | CVE-2007-4277 | Trend Micro | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Pc-Cillin Internet Security 2007 and Scan Engine The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \\.\Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality. | 6.6 |
2007-10-30 | CVE-2007-5736 | Seeblick | Improper Input Validation vulnerability in Seeblick 1.0 Unrestricted file upload vulnerability in upload.php in SeeBlick 1.0 Beta allows remote attackers to upload arbitrary files via unspecified vectors. | 6.4 |
2007-10-30 | CVE-2007-5734 | Efileman | Improper Input Validation vulnerability in Efileman 7.1.0.8788 Unrestricted file upload vulnerability in eFileMan 7.1.0.87-88 allows remote attackers to upload arbitrary files, with "uploads/upload_file." destination filenames, via unspecified vectors to upload.cgi, accessed from upload.html. | 6.4 |
2007-10-29 | CVE-2007-5695 | Sitebar | Link Following vulnerability in Sitebar 3.3.8 Open redirect vulnerability in command.php in SiteBar 3.3.8 allows remote attackers to redirect users to arbitrary web sites via a URL in the forward parameter in a Log In action. | 6.4 |
2007-11-02 | CVE-2007-5795 | Debian GNU | Local Variable Handling Code Execution vulnerability in GNU Emacs The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. | 6.3 |
2007-10-29 | CVE-2007-5700 | IBM | Information Disclosure vulnerability and Buffer Overflow vulnerability in IBM Lotus Domino The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information. | 6.3 |
2007-10-29 | CVE-2007-3920 | Ubuntu Compiz Gnome | GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069. | 6.2 |
2007-11-01 | CVE-2007-5772 | Flatnuke3 | Code Injection vulnerability in Flatnuke3 Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. | 6.0 |
2007-10-29 | CVE-2007-5705 | Jeeblestechnology | Code Injection vulnerability in Jeeblestechnology Jeebles Directory 2.9.60 Unspecified vulnerability in the Settings component in the administration system in Jeebles Directory 2.9.60 allows remote authenticated administrators to execute arbitrary PHP code via unspecified vectors related to settings.inc.php. | 6.0 |
2007-10-29 | CVE-2007-5693 | Sitebar | Code Injection vulnerability in Sitebar 3.3.8 Eval injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492. | 6.0 |
2007-11-01 | CVE-2007-5787 | Phptoys | Permissions, Privileges, and Access Controls vulnerability in PHPtoys Micro Login System 1.0 Micro Login System 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a password via a direct request for userpwd.txt. | 5.0 |
2007-11-01 | CVE-2007-5782 | Fireconfig | Path Traversal vulnerability in Fireconfig 0.5 Directory traversal vulnerability in dl.php in FireConfig 0.5 allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-11-01 | CVE-2007-5777 | Blue Collar Productions | Permissions, Privileges, and Access Controls vulnerability in Blue-Collar Productions I-Gallery 3.4 Blue-Collar Productions i-Gallery 3.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a base64-encoded password via a direct request for igallery.mdb. | 5.0 |
2007-11-01 | CVE-2007-5776 | Blue Collar Productions | Path Traversal vulnerability in Blue-Collar Productions I-Gallery 3.4 Directory traversal vulnerability in igallery.asp in Blue-Collar Productions i-Gallery 3.4 allows remote attackers to read arbitrary files via encoded backslash sequences in the d parameter, as demonstrated by a "%5c../../%5c" sequence. | 5.0 |
2007-11-01 | CVE-2007-5774 | Flatnuke3 | Information Exposure vulnerability in Flatnuke3 index.php in the File Manager module in Flatnuke 3 allows remote attackers to obtain sensitive information via an invalid argumentname parameter in a disc op action, which reveals the path in an error message. | 5.0 |
2007-10-30 | CVE-2007-5739 | Ghlab | Path Traversal vulnerability in Ghlab Korean Ghboard Directory traversal vulnerability in component/flashupload/download.jsp in the FlashUpload component in Korean GHBoard allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-10-30 | CVE-2007-5735 | Efileman | Permissions, Privileges, and Access Controls vulnerability in Efileman 7.1.0.8788 eFileMan 7.1.0.87-88 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain unspecified user information via a direct request for cgi-bin/efileman/efileman_config.pm. | 5.0 |
2007-10-30 | CVE-2007-5732 | Elouai | Path Traversal vulnerability in Elouai Force Download Directory traversal vulnerability in downloadfile.php in eLouai's Force Download of media files script, as available on 20071030 and earlier, allows remote attackers to read arbitrary files via the file parameter. | 5.0 |
2007-10-30 | CVE-2007-4861 | Quirm | Information Exposure vulnerability in Quirm Saxon 5.4 SAXON 5.4, with display_errors enabled, allows remote attackers to obtain sensitive information via (1) a direct request for news.php, (2) an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in (3) admin/, (4) rss/, and (5) the root directory of the installation, which reveal the path in various error messages. | 5.0 |
2007-10-30 | CVE-2007-5711 | Massive Entertainment | Improper Input Validation vulnerability in Massive Entertainment World in Conflict Massive Entertainment World in Conflict 1.001 and earlier allows remote attackers to cause a denial of service (failed assertion and daemon crash) via a large packet to TCP or UDP port 48000. | 5.0 |
2007-10-29 | CVE-2007-5622 | 3Proxy | Resource Management Errors vulnerability in 3Proxy Double free vulnerability in the ftpprchild function in ftppr in 3proxy 0.5 through 0.5.3i allows remote attackers to cause a denial of service (daemon crash) via multiple OPEN commands to the FTP proxy. | 5.0 |
2007-10-30 | CVE-2007-5718 | Debian Vobcopy | Link Following vulnerability in Vobcopy 0.5.14 vobcopy 0.5.14 allows local users to append data to an arbitrary file, or create an arbitrary new file, via a symlink attack on the (1) /tmp/vobcopy.bla or (2) /tmp/vobcopy_0.5.14.log temporary file. | 4.9 |
2007-11-03 | CVE-2007-5799 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters. | 4.3 |
2007-11-03 | CVE-2007-5798 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Application Server Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to inject arbitrary web script or HTML via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters. | 4.3 |
2007-11-03 | CVE-2007-5796 | Symantec | Cross-Site Scripting vulnerability in Symantec Proxysg Firmware 5.0.0 Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists. | 4.3 |
2007-11-01 | CVE-2007-5773 | Flatnuke3 | Cross-Site Request Forgery (CSRF) vulnerability in Flatnuke3 Cross-site request forgery (CSRF) vulnerability in index.php in the File Manager module in Flatnuke 3 allows remote attackers to perform certain actions as administrators via requests containing the pathname in the dir parameter and the filename in the ffile parameter. | 4.3 |
2007-10-30 | CVE-2007-5728 | Phppgadmin | Cross-Site Scripting vulnerability in PHPpgadmin Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865. | 4.3 |
2007-10-30 | CVE-2007-5727 | Oneorzero | Cross-Site Scripting vulnerability in Oneorzero Helpdesk 1.6.4.2/1.6.5.4 Incomplete blacklist vulnerability in the stripScripts function in common.php in OneOrZero Helpdesk 1.6.5.4, 1.6.4.2, and possibly other versions, allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary web script or HTML via XSS sequences without SCRIPT tags in the description parameter to (1) tcreate.php or (2) tupdate.php, as demonstrated using an onmouseover event in a b tag. | 4.3 |
2007-10-30 | CVE-2007-5725 | Smart Shop | Cross-Site Scripting vulnerability in Smart-Shop Multiple cross-site scripting (XSS) vulnerabilities in Smart-Shop allow remote attackers to inject arbitrary web script or HTML via (1) the email parameter to index.php; or the command parameter to index.php in (2) the default action for the home page, (3) a currencies action, or (4) a basket action. | 4.3 |
2007-10-30 | CVE-2007-5724 | Omnistar Interactive | Cross-Site Scripting vulnerability in Omnistar Interactive Omnistar Live Multiple cross-site scripting (XSS) vulnerabilities in Omnistar Live allow remote attackers to inject arbitrary web script or HTML via (1) the category_id parameter to users/kb.php, and possibly (3) the Email Box field in profile.php. | 4.3 |
2007-10-30 | CVE-2007-4862 | Quirm | Cross-Site Scripting vulnerability in Quirm Saxon 5.4 Cross-site scripting (XSS) vulnerability in admin/menu.php in SAXON 5.4 allows remote attackers to inject arbitrary web script or HTML via the config[news_url] parameter. | 4.3 |
2007-10-30 | CVE-2007-5715 | Denyhosts | Configuration vulnerability in Denyhosts 2.6 DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log messages with an incorrect regular expression that does not match an IP address, which might allow remote attackers to avoid detection and blocking when making invalid login attempts with a username not present in AllowUsers, as demonstrated by the root username, a different vulnerability than CVE-2007-4323. | 4.3 |
2007-10-30 | CVE-2007-4348 | IBM | Cross-Site Scripting vulnerability in IBM Tivoli Storage Manager Client Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface. | 4.3 |
2007-10-29 | CVE-2007-5703 | RSA | Cross-Site Scripting vulnerability in RSA Keon Registration Authority web Interface 1.0 Multiple cross-site scripting (XSS) vulnerabilities in (1) Request-spk.xuda and (2) Add-msie-request.xuda in RSA KEON Registration Authority Web Interface 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-10-29 | CVE-2007-5702 | Novell | Cross-Site Scripting vulnerability in Novell Opensuse Swamp Cross-site scripting (XSS) vulnerability in swamp/action/LoginActions (aka the login box) in the Novell OpenSUSE SWAMP Workflow Administration and Management Platform 1.x allows remote attackers to inject arbitrary web script or HTML via the username parameter. | 4.3 |
2007-10-29 | CVE-2007-4999 | Pidgin | Improper Input Validation vulnerability in Pidgin 2.1.0/2.2.0/2.2.1 libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996. | 4.3 |
2007-10-29 | CVE-2007-5698 | Creapark | Cross-Site Scripting vulnerability in Creapark Gold KOY Portali Cross-site scripting (XSS) vulnerability in default.asp in CREApark GOLD KOY PORTALI allows remote attackers to inject arbitrary web script or HTML via the aranan parameter. | 4.3 |
2007-10-29 | CVE-2007-5692 | Sitebar | Cross-Site Scripting vulnerability in Sitebar 3.3.8 Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter to integrator.php; (2) the token parameter in a New Password action, (3) the nid_acl parameter in a Folder Properties action, or (4) the uid parameter in a Modify User action to command.php; or (5) the target parameter to index.php, different vectors than CVE-2006-3320. | 4.3 |
2007-10-29 | CVE-2007-5691 | Mozilla | Improper Input Validation vulnerability in Mozilla Firefox 2.0.0.7 ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers to cause a denial of service (application crash) via a crafted reply to an unspecified listing command, related to "reading from invalid pointer." | 4.3 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-10-30 | CVE-2007-5731 | Apache | Path Traversal vulnerability in Apache Jakarta Slide 2.1 Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461. | 3.5 |
2007-10-30 | CVE-2007-5712 | Django Project | Resource Management Errors vulnerability in Django Project Django The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers. | 2.6 |
2007-10-30 | CVE-2007-5710 | Wordpress | Cross-Site Scripting vulnerability in Wordpress 2.3 Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the posts_columns array parameter. | 2.6 |
2007-10-31 | CVE-2007-5751 | Liferea | Permissions, Privileges, and Access Controls vulnerability in Liferea Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials. | 2.1 |
2007-10-29 | CVE-2007-5701 | IBM | Information Exposure vulnerability in IBM Lotus Domino Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel. | 2.1 |