Weekly Vulnerabilities Reports > November 5 to 11, 2007

Overview

117 new vulnerabilities reported during this period, including 24 critical vulnerabilities and 31 high severity vulnerabilities. This weekly summary report vulnerabilities in 118 products from 77 vendors including IBM, Apple, Microsoft, Pcre, and Redhat. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Path Traversal", "Cross-site Scripting", "Improper Input Validation", and "Code Injection".

  • 98 reported vulnerabilities are remotely exploitables.
  • 22 reported vulnerabilities have public exploit available.
  • 33 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 107 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 11 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

24 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-11-08 CVE-2007-4223 Microsoft Local Privilege Escalation vulnerability in Microsoft Sysinternals Debugview 4.71

Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors.

10.0
2007-11-08 CVE-2007-5892 Ssreader Buffer Errors vulnerability in Ssreader Ultra Star Reader 4.0

Stack-based buffer overflow in the pdg2.dll ActiveX control in SSReader 4.0 and earlier allow remote attackers to execute arbitrary code via a long argument to the Register method.

10.0
2007-11-08 CVE-2007-5890 Easygb Local File Include vulnerability in Easygb 2.1.1

Directory traversal vulnerability in index.php in easyGB 2.1.1 allows remote attackers to include arbitrary files via the DatabaseType parameter.

10.0
2007-11-08 CVE-2007-5889 Idmos Unspecified vulnerability in Idmos 1.0Alpha

Multiple PHP remote file inclusion vulnerabilities in IDMOS 1.0 Alpha (aka Phoenix) allow remote attackers to execute arbitrary PHP code via a URL in the site_absolute_path parameter to (1) admin.php, (2) menu_add.php, and (3) menu_operation.php in administrator/, different vectors than CVE-2007-5294.

10.0
2007-11-08 CVE-2007-5395 Link Grammar
Abiword
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in the separate_word function in tokenize.c in Link Grammar 4.1b and possibly other versions, as used in AbiWord Link Grammar 4.2.4, allows remote attackers to execute arbitrary code via a long word, as reachable through the separate_sentence function.

10.0
2007-11-05 CVE-2007-5815 Sonicwall Path Traversal vulnerability in Sonicwall SSL Vpn2000/4000 and SSL VPN 200

Absolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 before 2.1, and SSL-VPN 2000/4000 before 2.5, allows remote attackers to delete arbitrary files via a full pathname in the argument to the FileDelete method.

10.0
2007-11-10 CVE-2007-5910 Activepdf
Autonomy
IBM
Symantec
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, wp6sr.dll in IBM Lotus Notes 8.0 and before 7.0.3, Symantec Mail Security, and other products, allows remote attackers to execute arbitrary code via a crafted WordPerfect (WPD) file.

9.3
2007-11-10 CVE-2007-5909 Activepdf
Autonomy
IBM
Symantec
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary code via a crafted (1) AG file to kpagrdr.dll, (2) AW file to awsr.dll, (3) DLL or (4) EXE file to exesr.dll, (5) DOC file to mwsr.dll, (6) MIF file to mifsr.dll, (7) SAM file to lasr.dll, or (8) RTF file to rtfsr.dll.

9.3
2007-11-08 CVE-2007-5393 Xpdf Buffer Errors vulnerability in Xpdf 3.02P11

Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.

9.3
2007-11-08 CVE-2007-5392 Xpdf Buffer Errors vulnerability in Xpdf 3.0.1Pl1

Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.

9.3
2007-11-07 CVE-2007-4677 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values.

9.3
2007-11-07 CVE-2007-4676 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.

9.3
2007-11-07 CVE-2007-4675 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom.

9.3
2007-11-07 CVE-2007-3751 Apple
Microsoft
Remote Privilege Escalation vulnerability in Apple QuickTime for Java

Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors.

9.3
2007-11-07 CVE-2007-3750 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via crafted Sample Table Sample Descriptor (STSD) atoms in a movie file.

9.3
2007-11-07 CVE-2007-2395 Apple Remote Memory Corruption vulnerability in Apple QuickTime Image Description Atom

Unspecified vulnerability in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a crafted image description atom in a movie file, related to "memory corruption."

9.3
2007-11-05 CVE-2007-5826 Edraw Path Traversal vulnerability in Edraw Flowchart Activex

Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a full pathname in the second argument to the HttpDownloadFile method, a different product than CVE-2007-4420.

9.3
2007-11-05 CVE-2007-5820 AX Developer CMS Path Traversal vulnerability in AX Developer CMS AX Developer CMS 0.1.1

Directory traversal vulnerability in index.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to include and execute arbitrary local files via a ..

9.3
2007-11-05 CVE-2007-5814 Sonicwall Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sonicwall SSL VPN

Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName, or (7) dnsSuffix Unicode property value.

9.3
2007-11-05 CVE-2007-5603 Sonicwall Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sonicwall SSL VPN

Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method.

9.3
2007-11-10 CVE-2007-5929 Openbase International LTD Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openbase International LTD Openbase

Buffer overflow in OpenBase 10.0.5 and earlier might allow remote authenticated users to execute arbitrary code or cause a denial of service (daemon crash) by creating a stored procedure with a long name and invoking this procedure, which triggers heap corruption.

9.0
2007-11-10 CVE-2007-5928 Openbase International LTD Improper Input Validation vulnerability in Openbase International LTD Openbase

OpenBase 10.0.5 and earlier allows remote authenticated users to trigger a free of an arbitrary memory location via long strings in a SELECT statement.

9.0
2007-11-10 CVE-2007-5927 Openbase International LTD Path Traversal vulnerability in Openbase International LTD Openbase

Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a ..

9.0
2007-11-10 CVE-2007-5926 Openbase International LTD Improper Input Validation vulnerability in Openbase International LTD Openbase

OpenBase 10.0.5 and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to the (1) AsciiBackup, (2) OEMLicenseInstall, and possibly other stored procedures.

9.0

31 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-11-08 CVE-2007-5897 Oracle Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle Database Server

Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via the TRANSFORM function.

8.5
2007-11-06 CVE-2007-5846 NET Snmp Resource Management Errors vulnerability in Net-Snmp

The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.

7.8
2007-11-06 CVE-2007-3874 Altiris Path Traversal vulnerability in Altiris Deployment Solution 6.0/6.8

Directory traversal vulnerability in the tftp/mftp daemon in the PXE server component (pxemtftp.exe) in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows remote attackers to read arbitrary files via unspecified vectors.

7.8
2007-11-05 CVE-2007-5830 Avaya Improper Input Validation vulnerability in Avaya Message Networking and Messaging Storage Server

Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3.1 before SP1, and Message Networking (MN) 3.1, allows remote attackers to cause a denial of service via unspecified vectors related to "input validation."

7.8
2007-11-08 CVE-2007-4352 Xpdf Remote Stream.CC vulnerability in Xpdf 3.0.1Pl1

Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.

7.6
2007-11-07 CVE-2007-4672 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Stack-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid UncompressedQuickTimeData opcode length in a PICT image.

7.6
2007-11-05 CVE-2007-5818 Sblog Cross-Site Request Forgery (CSRF) vulnerability in Sblog 0.7.3Beta

Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php in sBlog 0.7.3 Beta allows remote attackers to change arbitrary blocks as administrators.

7.6
2007-11-10 CVE-2007-5916 Phphelpdesk SQL Injection vulnerability in PHPhelpdesk 0.6.16

SQL injection vulnerability in the login page in phphelpdesk 0.6.16 allows remote attackers to execute arbitrary SQL commands via unspecified parameters related to the "login procedures."

7.5
2007-11-10 CVE-2007-5912 Jportal SQL Injection vulnerability in Jportal web Portal 2

SQL injection vulnerability in mailer.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the to parameter.

7.5
2007-11-08 CVE-2007-5766 Oracle SQL Injection vulnerability in Oracle E-Business Suite 11I/12

SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 11 and 12 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2007-11-07 CVE-2007-5116 Debian
Mandrakesoft
Redhat
Rpath
Larry Wall
Openpkg
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

7.5
2007-11-07 CVE-2007-4766 Pcre Numeric Errors vulnerability in Pcre

Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences.

7.5
2007-11-07 CVE-2007-5887 Infuseum SQL Injection vulnerability in Infuseum ASP Message Board 2.2.1C

SQL injection vulnerability in boards/printer.asp in ASP Message Board 2.2.1c allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-11-07 CVE-2007-5741 Plone Code Injection vulnerability in Plone

Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.

7.5
2007-11-06 CVE-2007-5845 Guppy Code Injection vulnerability in Guppy 4.6.3

Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-11-06 CVE-2007-5844 Guppy Path Traversal vulnerability in Guppy 4.6.3

Directory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-11-06 CVE-2007-4994 Redhat Credentials Management vulnerability in Redhat Certificate Server 7.2

Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL.

7.5
2007-11-05 CVE-2007-5836 Afcommerce SQL Injection vulnerability in Afcommerce

SQL injection vulnerability in Amazing Flash AFCommerce allows remote attackers to execute arbitrary SQL commands via the firstname parameter to an unspecified component, a different issue than CVE-2006-3794.

7.5
2007-11-05 CVE-2007-5832 SSL Explorer Improper Input Validation vulnerability in Ssl-Explorer

Unspecified vulnerability in selectLanguage.do in SSL-Explorer before 0.2.15 allows remote attackers to inject (1) headers or (2) body data in an HTTP transaction, a different vulnerability than CVE-2007-2907.

7.5
2007-11-05 CVE-2007-5825 Firefly USE of Externally-Controlled Format String vulnerability in Firefly Media Server 0.2.4

Format string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1) username or (2) password portion of base64-encoded data on the "Authorization: Basic" HTTP header line.

7.5
2007-11-05 CVE-2007-5823 Scribe Path Traversal vulnerability in Scribe 0.2

Directory traversal vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to create or overwrite arbitrary files via a ..

7.5
2007-11-05 CVE-2007-5822 Scribe Code Injection vulnerability in Scribe 0.2

Direct static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action, possibly related to the register function in forumfunctions.php.

7.5
2007-11-06 CVE-2007-5838 Symantec Configuration vulnerability in Symantec Altiris Deployment Solution 6/6.8

Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows local users to gain local System privileges via the "Enable key-based authentication to Deployment server" browser option, a different issue than CVE-2007-4380.

7.2
2007-11-05 CVE-2007-4623 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX 5.2/5.3

Stack-based buffer overflow in the sendrmt function in bellmail in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via a long parameter to the m command.

7.2
2007-11-05 CVE-2007-4622 IBM Numeric Errors vulnerability in IBM AIX 5.2

Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted "-y" (TSIG key) command line argument to dig.

7.2
2007-11-05 CVE-2007-4621 IBM Buffer Errors vulnerability in IBM AIX 5.2

Buffer overflow in crontab in IBM AIX 5.2 allows local users to gain privileges via long command line arguments.

7.2
2007-11-05 CVE-2007-4513 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX 5.2/5.3

Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via a long argument to the (1) "-p" option to lqueryvg or (2) the "-V" option to lquerypv.

7.2
2007-11-05 CVE-2007-4217 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX 5.2/5.3

Stack-based buffer overflow in the domacro function in ftp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long parameter to a macro, as demonstrated by executing a macro via the '$' command.

7.2
2007-11-08 CVE-2007-5896 Mozilla Resource Management Errors vulnerability in Mozilla Firefox 2.0.0.9

Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service (CPU consumption and crash) via an iframe with Javascript that sets the document.location to contain a leading NULL byte (\x00) and a (1) res://, (2) about:config, or (3) file:/// URI.

7.1
2007-11-06 CVE-2007-4997 Linux Numeric Errors vulnerability in Linux Kernel

Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an "off-by-two error."

7.1
2007-11-05 CVE-2007-5824 Firefly Improper Input Validation vulnerability in Firefly Media Server

webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function.

7.1

56 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-11-05 CVE-2007-5805 IBM Link Following vulnerability in IBM AIX 5.2/5.3

cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument.

6.9
2007-11-05 CVE-2007-5804 IBM Unspecified vulnerability in IBM AIX 5.2/5.3

cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument.

6.9
2007-11-10 CVE-2007-5920 Picoflat CMS Path Traversal vulnerability in Picoflat CMS Picoflat CMS

index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote attackers to include certain files via unspecified vectors, possibly due to a directory traversal vulnerability.

6.8
2007-11-10 CVE-2007-5917 Skalinks Cross-Site Request Forgery (CSRF) vulnerability in Skalinks 1.5

Cross-site request forgery (CSRF) vulnerability in admin/admin_account.php in Skalinks 1.5 and earlier allows remote attackers to add arbitrary privileged accounts as administrators via the admin_name, admin_password, admin_type, and Add_admin parameters.

6.8
2007-11-10 CVE-2007-5915 Phphelpdesk Path Traversal vulnerability in PHPhelpdesk 0.6.16

Directory traversal vulnerability in index.php in phphelpdesk 0.6.16 allows remote attackers to include and execute arbitrary local files via a ..

6.8
2007-11-10 CVE-2007-5914 Jean Charles Code Injection vulnerability in Jean Charles JBC Explorer

Direct static code injection vulnerability in dirsys/modules/config/post.php in JBC Explorer 7.20 RC1 and earlier allows remote authenticated administrators to inject arbitrary PHP code via the DEBUG parameter, which can be executed by accessing config.inc.php.

6.8
2007-11-10 CVE-2007-5913 Jean Charles Improper Authentication vulnerability in Jean Charles JBC Explorer

dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not require authentication, which allows remote attackers to (1) delete auth.inc.php via the suppr parameter, and (2) re-create the auth.inc.php file with contents that specify a new account name and password for JBC Explorer via the login and password parameters.

6.8
2007-11-10 CVE-2007-5911 Viewpoint Buffer Errors vulnerability in Viewpoint Media Player 3.2

Multiple stack-based buffer overflows in the AxMetaStream ActiveX control in AxMetaStream.dll 3.3.2.26 in Viewpoint Media Player 3.2 allow remote attackers to execute arbitrary code via a long string argument to the (1) BroadcastKey, (2) BroadcastKeyFileURL, (3) Component, (4) ComponentClassID, (5) ComponentFileName, (6) ExtraProperty, (7) Properties, (8) RequiredVersions, (9) Source, or (10) XMLText method.

6.8
2007-11-10 CVE-2007-5396 Miranda IM USE of Externally-Controlled Format String vulnerability in Miranda-Im Miranda IM 0.7.1

Format string vulnerability in the ext_yahoo_contact_added function in yahoo.c in Miranda IM 0.7.1 allows remote attackers to execute arbitrary code via a Y7 Buddy Authorization packet with format string specifiers in the contact Yahoo! handle (who).

6.8
2007-11-09 CVE-2007-5904 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function.

6.8
2007-11-07 CVE-2007-4768 Pcre Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre

Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.

6.8
2007-11-07 CVE-2007-1660 Pcre Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre

Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.

6.8
2007-11-07 CVE-2007-1659 Pcre Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre

Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.

6.8
2007-11-06 CVE-2007-5843 Scwiki Code Injection vulnerability in Scwiki 1.0Beta2

PHP remote file inclusion vulnerability in includes/common.php in scWiki 1.0 Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the pathdot parameter.

6.8
2007-11-06 CVE-2007-5842 Vortex Portal Code Injection vulnerability in Vortex Portal Vortex Portal 1.0.42

Multiple PHP remote file inclusion vulnerabilities in Vortex Portal 1.0.42 allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter to (1) admincp/auth/secure.php or (2) admincp/auth/checklogin.php.

6.8
2007-11-06 CVE-2007-5841 Nuboard Code Injection vulnerability in Nuboard 0.5

PHP remote file inclusion vulnerability in admin/index.php in nuBoard 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.

6.8
2007-11-06 CVE-2007-5840 Syndeocms Code Injection vulnerability in Syndeocms 2.5.1

PHP remote file inclusion vulnerability in starnet/themes/c-sky/main.inc.php in Fred Stuurman SyndeoCMS 2.5.01 allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter, a different vector than CVE-2006-4920.2.

6.8
2007-11-05 CVE-2007-5837 Yarssr Code Injection vulnerability in Yarssr 0.2.2

GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, allows remote attackers to execute arbitrary commands via shell metacharacters in a link element in a feed.

6.8
2007-11-05 CVE-2007-5828 Django Project Cross-Site Request Forgery (CSRF) vulnerability in Django Project Django 0.96

** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/.

6.8
2007-11-05 CVE-2007-5821 DM Guestbook Path Traversal vulnerability in DM Guestbook DM Guestbook

Multiple directory traversal vulnerabilities in DM Guestbook 0.4.1 and earlier allow remote attackers to include and execute arbitrary local files via a ..

6.8
2007-11-05 CVE-2007-5807 Ssreader Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ssreader Ultra Star Reader

Buffer overflow in the register function in Ultra Star Reader ActiveX control in SSReader allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild.

6.8
2007-11-07 CVE-2007-1661 Pcre
Apple
Multiple Security vulnerability in PCRE Regular Expression Library

Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.

6.4
2007-11-10 CVE-2007-5918 MS Topsites Cross-Site Request Forgery (CSRF) vulnerability in MS Topsites MS Topsites

Cross-site request forgery (CSRF) vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an arbitrary user via a modified uname value in an edit action to modules.php.

6.0
2007-11-08 CVE-2007-4517 Oracle Buffer Errors vulnerability in Oracle Database Server Release2

Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle 10g R2 allows remote authenticated users to execute arbitrary code via a long (1) OWNER or (2) NAME argument.

6.0
2007-11-05 CVE-2007-5829 Symantec Permissions, Privileges, and Access Controls vulnerability in Symantec Norton Antivirus and Norton Internet Security

The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions (group writable), which allows local admin users to gain root privileges by replacing unspecified files, which are executed when a user with physical access inserts a disk and the "Show Progress During Mount Scans" option is enabled.

6.0
2007-11-10 CVE-2007-5931 Orangehrm Permissions, Privileges, and Access Controls vulnerability in Orangehrm

The reDirect function in lib/controllers/RepViewController.php in OrangeHRM before 2.2.2 does not verify the privileges of a user, which allows remote attackers to obtain access to data via unspecified vectors.

5.0
2007-11-10 CVE-2007-5922 Bitchx
Cypress
Information Exposure vulnerability in multiple products

The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed address.

5.0
2007-11-10 CVE-2007-5919 Mywebftp Permissions, Privileges, and Access Controls vulnerability in Mywebftp

MyWebFTP, possibly 5.3.2, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain an MD5 password hash via a direct request for pass/pass.txt.

5.0
2007-11-08 CVE-2007-5893 Alhem Improper Input Validation vulnerability in Alhem C++ Sockets Library 2.2.4

HTTPSocket.cpp in the C++ Sockets Library before 2.2.5 allows remote attackers to cause a denial of service (crash) via an HTTP request with a missing protocol version number, which triggers an exception.

5.0
2007-11-07 CVE-2007-4767 Pcre Multiple Security vulnerability in PCRE Regular Expression Library

Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code.

5.0
2007-11-07 CVE-2007-1662 Pcre Multiple Security vulnerability in PCRE Regular Expression Library

Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references.

5.0
2007-11-05 CVE-2007-5835 Bosdev Permissions, Privileges, and Access Controls vulnerability in Bosdev Bosnews 4/5

Install.php in BosDev BosNews 4 and 5 does not require authentication for replacing an existing product installation or creating a new admin account, which allows remote attackers to cause a denial of service (overwritten files) and possibly obtain administrative access.

5.0
2007-11-05 CVE-2007-5831 SSL Explorer Path Traversal vulnerability in Ssl-Explorer

Directory traversal vulnerability in fileSystem.do in SSL-Explorer before 0.2.14 allows remote attackers to access arbitrary files via directory traversal sequences in the path parameter.

5.0
2007-11-05 CVE-2007-5816 Contentcustomizer Information Exposure vulnerability in Contentcustomizer 3.1Mp

dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to obtain sensitive author credentials by making a request with an editauthor action, then reading the value of the newlocalpassword password input field in the HTML source of the resulting page.

5.0
2007-11-05 CVE-2007-5813 Ispworker Path Traversal vulnerability in Ispworker 1.21

Multiple directory traversal vulnerabilities in download.php in ISPworker 1.21 allow remote attackers to read arbitrary files via a ..

5.0
2007-11-05 CVE-2007-5812 Modulebuilder Path Traversal vulnerability in Modulebuilder 1.0

Directory traversal vulnerability in modules/Builder/DownloadModule.php in ModuleBuilder 1.0 allows remote attackers to read arbitrary files via a ..

5.0
2007-11-05 CVE-2007-5811 Phpmyconferences Path Traversal vulnerability in PHPmyconferences

** DISPUTED ** Directory traversal vulnerability in PageTraiteDownload.php in phpMyConferences 8.0.2 and earlier allows remote attackers to read arbitrary files via a ..

5.0
2007-11-05 CVE-2007-5810 Hitachi Improper Input Validation vulnerability in Hitachi products

Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a client certificate with a forged signature.

5.0
2007-11-05 CVE-2007-5808 Hitachi Information Disclosure vulnerability in Hitachi products

Unspecified vulnerability in the Groupmax Collaboration - Schedule component in Hitachi Groupmax Collaboration Portal 07-30 through 07-30-/F and 07-32 through 07-32-/C, uCosminexus Collaboration Portal 06-30 through 06-30-/F and 06-32 through 06-32-/C, and Groupmax Collaboration Web Client - Mail/Schedule 07-30 through 07-30-/F and 07-32 through 07-32-/B might allow remote attackers to obtain sensitive information via unspecified vectors related to schedule portlets.

5.0
2007-11-05 CVE-2007-0011 Citrix Information Exposure vulnerability in Citrix Access Gateway 4.0/4.2/4.5

The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache.

5.0
2007-11-10 CVE-2007-5921 SUN Local Denial of Service vulnerability in Sun Solaris Volume Manager

Unspecified vulnerability in the ioctl interface in the Solaris Volume Manager (SVM) in Sun Solaris 9 and 10 allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than CVE-2004-1346.

4.7
2007-11-09 CVE-2007-5907 Xensource INC Permissions, Privileges, and Access Controls vulnerability in Xensource INC XEN 3.1.1

Xen 3.1.1 does not prevent modification of the CR4 TSC from applications, which allows pv guests to cause a denial of service (crash).

4.7
2007-11-09 CVE-2007-5906 Xensource INC Local Denial of Service vulnerability in Xensource INC XEN 3.1.1

Xen 3.1.1 allows virtual guest system users to cause a denial of service (hypervisor crash) by using a debug register (DR7) to set certain breakpoints.

4.7
2007-11-06 CVE-2007-5839 Bitchx Link Following vulnerability in Bitchx 1.1A

The e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command.

4.6
2007-11-10 CVE-2007-5932 Fatwire Cross-Site Scripting vulnerability in Fatwire Content Server 6.3.0

Multiple cross-site scripting (XSS) vulnerabilities in Fatwire Content Server (CS) CMS 6.3.0 allow remote attackers to inject arbitrary web script or HTML via unspecified form fields related to the (1) search function, (2) advanced search function, and possibly other components.

4.3
2007-11-10 CVE-2007-5930 Cerberus Cross-Site Scripting vulnerability in Cerberus FTP Server

Cross-site scripting (XSS) vulnerability in the web interface in Cerberus FTP Server before 2.46 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-11-10 CVE-2007-5924 IBM Cross-Site Scripting vulnerability in IBM Lotus Domino 7.0/7.0.2

Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-11-10 CVE-2007-5923 Broadcom Cross-Site Scripting vulnerability in Broadcom Etrust Siteminder

Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in CA (formerly Computer Associates) eTrust SiteMinder Agent allows remote attackers to inject arbitrary web script or HTML via the SMAUTHREASON parameter, a different vector than CVE-2005-2204.

4.3
2007-11-08 CVE-2007-5891 Manageengine Cross-Site Scripting vulnerability in Manageengine Opmanager and Opmanager MSP

Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters.

4.3
2007-11-08 CVE-2007-5581 Cisco Cross-Site Scripting vulnerability in Cisco Unified Meetingplace

Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters.

4.3
2007-11-07 CVE-2007-5888 Coppermine Cross-Site Scripting vulnerability in Coppermine Photo Gallery

Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter.

4.3
2007-11-05 CVE-2007-5834 Bosdev Cross-Site Scripting vulnerability in Bosdev Bosnews 4

Cross-site scripting (XSS) vulnerability in BosDev BosNews 4 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in a news post.

4.3
2007-11-05 CVE-2007-5817 Contentcustomizer Cross-Site Scripting vulnerability in Contentcustomizer

dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to perform certain privileged actions via a (1) del, (2) delbackup, (3) res, or (4) ren action.

4.3
2007-11-05 CVE-2007-5809 Hitachi Cross-Site Scripting vulnerability in Hitachi products

Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-status page.

4.3
2007-11-05 CVE-2007-5806 Ilias Cross-Site Scripting vulnerability in Ilias

Cross-site scripting (XSS) vulnerability in Services/Utilities/classes/class.ilUtil.php in ILIAS 3.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via attributes inside a domain-name string in the (1) mailing or (2) forum component, as demonstrated using the style and onmouseover HTML attributes.

4.3
2007-11-10 CVE-2007-5925 Mysql Improper Input Validation vulnerability in Mysql

The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.

4.0

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-11-05 CVE-2007-5833 Bosdev Cross-Site Scripting vulnerability in Bosdev Bosmarket Business Directory System

Multiple cross-site scripting (XSS) vulnerabilities in BosDev BosMarket Business Directory System allow remote authenticated users to inject arbitrary web script or HTML via (1) user info (account details) or (2) a post.

3.5
2007-11-08 CVE-2007-4129 Redhat
Fedoraproject
Link Following vulnerability in Fedoraproject Coolkey 1.1.0

CoolKey 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files in the /tmp/.pk11ipc1/ directory.

3.3
2007-11-08 CVE-2007-3921 Gforge Link Following vulnerability in Gforge 3.1/4.5.14

gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files via a symlink attack on temporary files.

3.3
2007-11-05 CVE-2007-5827 Debian
Iscsitarget
Permissions, Privileges, and Access Controls vulnerability in Iscsitarget 0.4.15

iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords.

2.1
2007-11-05 CVE-2007-5819 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Continuous Data Protection for Files 3.1.0

IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak permissions (unrestricted write) for the Central Admin Global download directory, which allows local users to place arbitrary files into a location used for updating CDP clients.

2.1
2007-11-10 CVE-2007-4570 Redhat Improper Input Validation vulnerability in Redhat Mcstrans 0.2.3

Algorithmic complexity vulnerability in the MCS translation daemon in mcstrans 0.2.3 allows local users to cause a denial of service (temporary daemon outage) via a large range of compartments in sensitivity labels.

1.9