Weekly Vulnerabilities Reports > November 5 to 11, 2007
Overview
112 new vulnerabilities reported during this period, including 23 critical vulnerabilities and 30 high severity vulnerabilities. This weekly summary report vulnerabilities in 115 products from 74 vendors including IBM, Apple, Microsoft, Pcre, and Redhat. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Path Traversal", "Cross-site Scripting", "Improper Input Validation", and "Code Injection".
- 94 reported vulnerabilities are remotely exploitables.
- 21 reported vulnerabilities have public exploit available.
- 32 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 102 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 11 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 6 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
23 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-11-08 | CVE-2007-4223 | Microsoft | Local Privilege Escalation vulnerability in Microsoft Sysinternals Debugview 4.71 Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors. | 10.0 |
2007-11-08 | CVE-2007-5890 | Easygb | Local File Include vulnerability in Easygb 2.1.1 Directory traversal vulnerability in index.php in easyGB 2.1.1 allows remote attackers to include arbitrary files via the DatabaseType parameter. | 10.0 |
2007-11-08 | CVE-2007-5889 | Idmos | Unspecified vulnerability in Idmos 1.0Alpha Multiple PHP remote file inclusion vulnerabilities in IDMOS 1.0 Alpha (aka Phoenix) allow remote attackers to execute arbitrary PHP code via a URL in the site_absolute_path parameter to (1) admin.php, (2) menu_add.php, and (3) menu_operation.php in administrator/, different vectors than CVE-2007-5294. | 10.0 |
2007-11-08 | CVE-2007-5395 | Link Grammar Abiword | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the separate_word function in tokenize.c in Link Grammar 4.1b and possibly other versions, as used in AbiWord Link Grammar 4.2.4, allows remote attackers to execute arbitrary code via a long word, as reachable through the separate_sentence function. | 10.0 |
2007-11-05 | CVE-2007-5815 | Sonicwall | Path Traversal vulnerability in Sonicwall SSL Vpn2000/4000 and SSL VPN 200 Absolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 before 2.1, and SSL-VPN 2000/4000 before 2.5, allows remote attackers to delete arbitrary files via a full pathname in the argument to the FileDelete method. | 10.0 |
2007-11-10 | CVE-2007-5910 | Activepdf Autonomy IBM Symantec | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, wp6sr.dll in IBM Lotus Notes 8.0 and before 7.0.3, Symantec Mail Security, and other products, allows remote attackers to execute arbitrary code via a crafted WordPerfect (WPD) file. | 9.3 |
2007-11-10 | CVE-2007-5909 | Activepdf Autonomy IBM Symantec | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary code via a crafted (1) AG file to kpagrdr.dll, (2) AW file to awsr.dll, (3) DLL or (4) EXE file to exesr.dll, (5) DOC file to mwsr.dll, (6) MIF file to mifsr.dll, (7) SAM file to lasr.dll, or (8) RTF file to rtfsr.dll. | 9.3 |
2007-11-08 | CVE-2007-5393 | Xpdf | Buffer Errors vulnerability in Xpdf 3.02P11 Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter. | 9.3 |
2007-11-08 | CVE-2007-5392 | Xpdf | Buffer Errors vulnerability in Xpdf 3.0.1Pl1 Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow. | 9.3 |
2007-11-07 | CVE-2007-4677 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values. | 9.3 |
2007-11-07 | CVE-2007-4676 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image. | 9.3 |
2007-11-07 | CVE-2007-4675 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom. | 9.3 |
2007-11-07 | CVE-2007-3751 | Apple Microsoft | Remote Privilege Escalation vulnerability in Apple QuickTime for Java Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors. | 9.3 |
2007-11-07 | CVE-2007-3750 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via crafted Sample Table Sample Descriptor (STSD) atoms in a movie file. | 9.3 |
2007-11-07 | CVE-2007-2395 | Apple | Remote Memory Corruption vulnerability in Apple QuickTime Image Description Atom Unspecified vulnerability in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a crafted image description atom in a movie file, related to "memory corruption." | 9.3 |
2007-11-05 | CVE-2007-5826 | Edraw | Path Traversal vulnerability in Edraw Flowchart Activex Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a full pathname in the second argument to the HttpDownloadFile method, a different product than CVE-2007-4420. | 9.3 |
2007-11-05 | CVE-2007-5820 | AX Developer CMS | Path Traversal vulnerability in AX Developer CMS AX Developer CMS 0.1.1 Directory traversal vulnerability in index.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to include and execute arbitrary local files via a .. | 9.3 |
2007-11-05 | CVE-2007-5814 | Sonicwall | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sonicwall SSL VPN Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName, or (7) dnsSuffix Unicode property value. | 9.3 |
2007-11-05 | CVE-2007-5603 | Sonicwall | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sonicwall SSL VPN Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method. | 9.3 |
2007-11-10 | CVE-2007-5929 | Openbase International LTD | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openbase International LTD Openbase Buffer overflow in OpenBase 10.0.5 and earlier might allow remote authenticated users to execute arbitrary code or cause a denial of service (daemon crash) by creating a stored procedure with a long name and invoking this procedure, which triggers heap corruption. | 9.0 |
2007-11-10 | CVE-2007-5928 | Openbase International LTD | Improper Input Validation vulnerability in Openbase International LTD Openbase OpenBase 10.0.5 and earlier allows remote authenticated users to trigger a free of an arbitrary memory location via long strings in a SELECT statement. | 9.0 |
2007-11-10 | CVE-2007-5927 | Openbase International LTD | Path Traversal vulnerability in Openbase International LTD Openbase Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. | 9.0 |
2007-11-10 | CVE-2007-5926 | Openbase International LTD | Improper Input Validation vulnerability in Openbase International LTD Openbase OpenBase 10.0.5 and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to the (1) AsciiBackup, (2) OEMLicenseInstall, and possibly other stored procedures. | 9.0 |
30 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-11-08 | CVE-2007-5897 | Oracle | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle Database Server Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via the TRANSFORM function. | 8.5 |
2007-11-06 | CVE-2007-5846 | NET Snmp | Resource Management Errors vulnerability in Net-Snmp The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value. | 7.8 |
2007-11-06 | CVE-2007-3874 | Altiris | Path Traversal vulnerability in Altiris Deployment Solution 6.0/6.8 Directory traversal vulnerability in the tftp/mftp daemon in the PXE server component (pxemtftp.exe) in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows remote attackers to read arbitrary files via unspecified vectors. | 7.8 |
2007-11-05 | CVE-2007-5830 | Avaya | Improper Input Validation vulnerability in Avaya Message Networking and Messaging Storage Server Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3.1 before SP1, and Message Networking (MN) 3.1, allows remote attackers to cause a denial of service via unspecified vectors related to "input validation." | 7.8 |
2007-11-08 | CVE-2007-4352 | Xpdf | Remote Stream.CC vulnerability in Xpdf 3.0.1Pl1 Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file. | 7.6 |
2007-11-07 | CVE-2007-4672 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Stack-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid UncompressedQuickTimeData opcode length in a PICT image. | 7.6 |
2007-11-05 | CVE-2007-5818 | Sblog | Cross-Site Request Forgery (CSRF) vulnerability in Sblog 0.7.3Beta Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php in sBlog 0.7.3 Beta allows remote attackers to change arbitrary blocks as administrators. | 7.6 |
2007-11-10 | CVE-2007-5916 | Phphelpdesk | SQL Injection vulnerability in PHPhelpdesk 0.6.16 SQL injection vulnerability in the login page in phphelpdesk 0.6.16 allows remote attackers to execute arbitrary SQL commands via unspecified parameters related to the "login procedures." | 7.5 |
2007-11-10 | CVE-2007-5912 | Jportal | SQL Injection vulnerability in Jportal web Portal 2 SQL injection vulnerability in mailer.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the to parameter. | 7.5 |
2007-11-08 | CVE-2007-5766 | Oracle | SQL Injection vulnerability in Oracle E-Business Suite 11I/12 SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 11 and 12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
2007-11-07 | CVE-2007-5116 | Debian Mandrakesoft Redhat Rpath Larry Wall Openpkg | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. | 7.5 |
2007-11-07 | CVE-2007-4766 | Pcre | Numeric Errors vulnerability in Pcre Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences. | 7.5 |
2007-11-07 | CVE-2007-5887 | Infuseum | SQL Injection vulnerability in Infuseum ASP Message Board 2.2.1C SQL injection vulnerability in boards/printer.asp in ASP Message Board 2.2.1c allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-11-07 | CVE-2007-5741 | Plone | Code Injection vulnerability in Plone Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes. | 7.5 |
2007-11-06 | CVE-2007-5845 | Guppy | Code Injection vulnerability in Guppy 4.6.3 Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2007-11-06 | CVE-2007-5844 | Guppy | Path Traversal vulnerability in Guppy 4.6.3 Directory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2007-11-06 | CVE-2007-4994 | Redhat | Credentials Management vulnerability in Redhat Certificate Server 7.2 Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL. | 7.5 |
2007-11-05 | CVE-2007-5836 | Afcommerce | SQL Injection vulnerability in Afcommerce SQL injection vulnerability in Amazing Flash AFCommerce allows remote attackers to execute arbitrary SQL commands via the firstname parameter to an unspecified component, a different issue than CVE-2006-3794. | 7.5 |
2007-11-05 | CVE-2007-5832 | SSL Explorer | Improper Input Validation vulnerability in Ssl-Explorer Unspecified vulnerability in selectLanguage.do in SSL-Explorer before 0.2.15 allows remote attackers to inject (1) headers or (2) body data in an HTTP transaction, a different vulnerability than CVE-2007-2907. | 7.5 |
2007-11-05 | CVE-2007-5825 | Firefly | USE of Externally-Controlled Format String vulnerability in Firefly Media Server 0.2.4 Format string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1) username or (2) password portion of base64-encoded data on the "Authorization: Basic" HTTP header line. | 7.5 |
2007-11-05 | CVE-2007-5823 | Scribe | Path Traversal vulnerability in Scribe 0.2 Directory traversal vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to create or overwrite arbitrary files via a .. | 7.5 |
2007-11-05 | CVE-2007-5822 | Scribe | Code Injection vulnerability in Scribe 0.2 Direct static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action, possibly related to the register function in forumfunctions.php. | 7.5 |
2007-11-06 | CVE-2007-5838 | Symantec | Configuration vulnerability in Symantec Altiris Deployment Solution 6/6.8 Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows local users to gain local System privileges via the "Enable key-based authentication to Deployment server" browser option, a different issue than CVE-2007-4380. | 7.2 |
2007-11-05 | CVE-2007-4623 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX 5.2/5.3 Stack-based buffer overflow in the sendrmt function in bellmail in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via a long parameter to the m command. | 7.2 |
2007-11-05 | CVE-2007-4622 | IBM | Numeric Errors vulnerability in IBM AIX 5.2 Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted "-y" (TSIG key) command line argument to dig. | 7.2 |
2007-11-05 | CVE-2007-4621 | IBM | Buffer Errors vulnerability in IBM AIX 5.2 Buffer overflow in crontab in IBM AIX 5.2 allows local users to gain privileges via long command line arguments. | 7.2 |
2007-11-05 | CVE-2007-4513 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX 5.2/5.3 Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via a long argument to the (1) "-p" option to lqueryvg or (2) the "-V" option to lquerypv. | 7.2 |
2007-11-05 | CVE-2007-4217 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX 5.2/5.3 Stack-based buffer overflow in the domacro function in ftp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long parameter to a macro, as demonstrated by executing a macro via the '$' command. | 7.2 |
2007-11-08 | CVE-2007-5896 | Mozilla | Resource Management Errors vulnerability in Mozilla Firefox 2.0.0.9 Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service (CPU consumption and crash) via an iframe with Javascript that sets the document.location to contain a leading NULL byte (\x00) and a (1) res://, (2) about:config, or (3) file:/// URI. | 7.1 |
2007-11-05 | CVE-2007-5824 | Firefly | Improper Input Validation vulnerability in Firefly Media Server webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function. | 7.1 |
53 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-11-05 | CVE-2007-5805 | IBM | Link Following vulnerability in IBM AIX 5.2/5.3 cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. | 6.9 |
2007-11-05 | CVE-2007-5804 | IBM | Unspecified vulnerability in IBM AIX 5.2/5.3 cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument. | 6.9 |
2007-11-10 | CVE-2007-5920 | Picoflat CMS | Path Traversal vulnerability in Picoflat CMS Picoflat CMS index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote attackers to include certain files via unspecified vectors, possibly due to a directory traversal vulnerability. | 6.8 |
2007-11-10 | CVE-2007-5917 | Skalinks | Cross-Site Request Forgery (CSRF) vulnerability in Skalinks 1.5 Cross-site request forgery (CSRF) vulnerability in admin/admin_account.php in Skalinks 1.5 and earlier allows remote attackers to add arbitrary privileged accounts as administrators via the admin_name, admin_password, admin_type, and Add_admin parameters. | 6.8 |
2007-11-10 | CVE-2007-5915 | Phphelpdesk | Path Traversal vulnerability in PHPhelpdesk 0.6.16 Directory traversal vulnerability in index.php in phphelpdesk 0.6.16 allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2007-11-10 | CVE-2007-5914 | Jean Charles | Code Injection vulnerability in Jean Charles JBC Explorer Direct static code injection vulnerability in dirsys/modules/config/post.php in JBC Explorer 7.20 RC1 and earlier allows remote authenticated administrators to inject arbitrary PHP code via the DEBUG parameter, which can be executed by accessing config.inc.php. | 6.8 |
2007-11-10 | CVE-2007-5913 | Jean Charles | Improper Authentication vulnerability in Jean Charles JBC Explorer dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not require authentication, which allows remote attackers to (1) delete auth.inc.php via the suppr parameter, and (2) re-create the auth.inc.php file with contents that specify a new account name and password for JBC Explorer via the login and password parameters. | 6.8 |
2007-11-10 | CVE-2007-5911 | Viewpoint | Buffer Errors vulnerability in Viewpoint Media Player 3.2 Multiple stack-based buffer overflows in the AxMetaStream ActiveX control in AxMetaStream.dll 3.3.2.26 in Viewpoint Media Player 3.2 allow remote attackers to execute arbitrary code via a long string argument to the (1) BroadcastKey, (2) BroadcastKeyFileURL, (3) Component, (4) ComponentClassID, (5) ComponentFileName, (6) ExtraProperty, (7) Properties, (8) RequiredVersions, (9) Source, or (10) XMLText method. | 6.8 |
2007-11-10 | CVE-2007-5396 | Miranda IM | USE of Externally-Controlled Format String vulnerability in Miranda-Im Miranda IM 0.7.1 Format string vulnerability in the ext_yahoo_contact_added function in yahoo.c in Miranda IM 0.7.1 allows remote attackers to execute arbitrary code via a Y7 Buddy Authorization packet with format string specifiers in the contact Yahoo! handle (who). | 6.8 |
2007-11-07 | CVE-2007-4768 | Pcre | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized. | 6.8 |
2007-11-07 | CVE-2007-1660 | Pcre | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code. | 6.8 |
2007-11-07 | CVE-2007-1659 | Pcre | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pcre Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes. | 6.8 |
2007-11-06 | CVE-2007-5843 | Scwiki | Code Injection vulnerability in Scwiki 1.0Beta2 PHP remote file inclusion vulnerability in includes/common.php in scWiki 1.0 Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the pathdot parameter. | 6.8 |
2007-11-06 | CVE-2007-5842 | Vortex Portal | Code Injection vulnerability in Vortex Portal Vortex Portal 1.0.42 Multiple PHP remote file inclusion vulnerabilities in Vortex Portal 1.0.42 allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter to (1) admincp/auth/secure.php or (2) admincp/auth/checklogin.php. | 6.8 |
2007-11-06 | CVE-2007-5841 | Nuboard | Code Injection vulnerability in Nuboard 0.5 PHP remote file inclusion vulnerability in admin/index.php in nuBoard 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter. | 6.8 |
2007-11-06 | CVE-2007-5840 | Syndeocms | Code Injection vulnerability in Syndeocms 2.5.1 PHP remote file inclusion vulnerability in starnet/themes/c-sky/main.inc.php in Fred Stuurman SyndeoCMS 2.5.01 allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter, a different vector than CVE-2006-4920.2. | 6.8 |
2007-11-05 | CVE-2007-5837 | Yarssr | Code Injection vulnerability in Yarssr 0.2.2 GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, allows remote attackers to execute arbitrary commands via shell metacharacters in a link element in a feed. | 6.8 |
2007-11-05 | CVE-2007-5821 | DM Guestbook | Path Traversal vulnerability in DM Guestbook DM Guestbook Multiple directory traversal vulnerabilities in DM Guestbook 0.4.1 and earlier allow remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2007-11-05 | CVE-2007-5807 | Ssreader | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ssreader Ultra Star Reader Buffer overflow in the register function in Ultra Star Reader ActiveX control in SSReader allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild. | 6.8 |
2007-11-07 | CVE-2007-1661 | Pcre Apple | Multiple Security vulnerability in PCRE Regular Expression Library Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns. | 6.4 |
2007-11-10 | CVE-2007-5918 | MS Topsites | Cross-Site Request Forgery (CSRF) vulnerability in MS Topsites MS Topsites Cross-site request forgery (CSRF) vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an arbitrary user via a modified uname value in an edit action to modules.php. | 6.0 |
2007-11-08 | CVE-2007-4517 | Oracle | Buffer Errors vulnerability in Oracle Database Server Release2 Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle 10g R2 allows remote authenticated users to execute arbitrary code via a long (1) OWNER or (2) NAME argument. | 6.0 |
2007-11-05 | CVE-2007-5829 | Symantec | Permissions, Privileges, and Access Controls vulnerability in Symantec Norton Antivirus and Norton Internet Security The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions (group writable), which allows local admin users to gain root privileges by replacing unspecified files, which are executed when a user with physical access inserts a disk and the "Show Progress During Mount Scans" option is enabled. | 6.0 |
2007-11-10 | CVE-2007-5931 | Orangehrm | Permissions, Privileges, and Access Controls vulnerability in Orangehrm The reDirect function in lib/controllers/RepViewController.php in OrangeHRM before 2.2.2 does not verify the privileges of a user, which allows remote attackers to obtain access to data via unspecified vectors. | 5.0 |
2007-11-10 | CVE-2007-5922 | Bitchx Cypress | Information Exposure vulnerability in multiple products The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information (hostnames, usernames, and shell history) to a fixed address. | 5.0 |
2007-11-10 | CVE-2007-5919 | Mywebftp | Permissions, Privileges, and Access Controls vulnerability in Mywebftp MyWebFTP, possibly 5.3.2, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain an MD5 password hash via a direct request for pass/pass.txt. | 5.0 |
2007-11-08 | CVE-2007-5893 | Alhem | Improper Input Validation vulnerability in Alhem C++ Sockets Library 2.2.4 HTTPSocket.cpp in the C++ Sockets Library before 2.2.5 allows remote attackers to cause a denial of service (crash) via an HTTP request with a missing protocol version number, which triggers an exception. | 5.0 |
2007-11-07 | CVE-2007-4767 | Pcre | Multiple Security vulnerability in PCRE Regular Expression Library Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code. | 5.0 |
2007-11-07 | CVE-2007-1662 | Pcre | Multiple Security vulnerability in PCRE Regular Expression Library Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references. | 5.0 |
2007-11-05 | CVE-2007-5835 | Bosdev | Permissions, Privileges, and Access Controls vulnerability in Bosdev Bosnews 4/5 Install.php in BosDev BosNews 4 and 5 does not require authentication for replacing an existing product installation or creating a new admin account, which allows remote attackers to cause a denial of service (overwritten files) and possibly obtain administrative access. | 5.0 |
2007-11-05 | CVE-2007-5831 | SSL Explorer | Path Traversal vulnerability in Ssl-Explorer Directory traversal vulnerability in fileSystem.do in SSL-Explorer before 0.2.14 allows remote attackers to access arbitrary files via directory traversal sequences in the path parameter. | 5.0 |
2007-11-05 | CVE-2007-5816 | Contentcustomizer | Information Exposure vulnerability in Contentcustomizer 3.1Mp dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to obtain sensitive author credentials by making a request with an editauthor action, then reading the value of the newlocalpassword password input field in the HTML source of the resulting page. | 5.0 |
2007-11-05 | CVE-2007-5813 | Ispworker | Path Traversal vulnerability in Ispworker 1.21 Multiple directory traversal vulnerabilities in download.php in ISPworker 1.21 allow remote attackers to read arbitrary files via a .. | 5.0 |
2007-11-05 | CVE-2007-5812 | Modulebuilder | Path Traversal vulnerability in Modulebuilder 1.0 Directory traversal vulnerability in modules/Builder/DownloadModule.php in ModuleBuilder 1.0 allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-11-05 | CVE-2007-5810 | Hitachi | Improper Input Validation vulnerability in Hitachi products Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a client certificate with a forged signature. | 5.0 |
2007-11-05 | CVE-2007-5808 | Hitachi | Information Disclosure vulnerability in Hitachi products Unspecified vulnerability in the Groupmax Collaboration - Schedule component in Hitachi Groupmax Collaboration Portal 07-30 through 07-30-/F and 07-32 through 07-32-/C, uCosminexus Collaboration Portal 06-30 through 06-30-/F and 06-32 through 06-32-/C, and Groupmax Collaboration Web Client - Mail/Schedule 07-30 through 07-30-/F and 07-32 through 07-32-/B might allow remote attackers to obtain sensitive information via unspecified vectors related to schedule portlets. | 5.0 |
2007-11-05 | CVE-2007-0011 | Citrix | Information Exposure vulnerability in Citrix Access Gateway 4.0/4.2/4.5 The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache. | 5.0 |
2007-11-10 | CVE-2007-5921 | SUN | Local Denial of Service vulnerability in Sun Solaris Volume Manager Unspecified vulnerability in the ioctl interface in the Solaris Volume Manager (SVM) in Sun Solaris 9 and 10 allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than CVE-2004-1346. | 4.7 |
2007-11-09 | CVE-2007-5907 | Xensource INC | Permissions, Privileges, and Access Controls vulnerability in Xensource INC XEN 3.1.1 Xen 3.1.1 does not prevent modification of the CR4 TSC from applications, which allows pv guests to cause a denial of service (crash). | 4.7 |
2007-11-09 | CVE-2007-5906 | Xensource INC | Local Denial of Service vulnerability in Xensource INC XEN 3.1.1 Xen 3.1.1 allows virtual guest system users to cause a denial of service (hypervisor crash) by using a debug register (DR7) to set certain breakpoints. | 4.7 |
2007-11-06 | CVE-2007-5839 | Bitchx | Link Following vulnerability in Bitchx 1.1A The e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command. | 4.6 |
2007-11-10 | CVE-2007-5932 | Fatwire | Cross-Site Scripting vulnerability in Fatwire Content Server 6.3.0 Multiple cross-site scripting (XSS) vulnerabilities in Fatwire Content Server (CS) CMS 6.3.0 allow remote attackers to inject arbitrary web script or HTML via unspecified form fields related to the (1) search function, (2) advanced search function, and possibly other components. | 4.3 |
2007-11-10 | CVE-2007-5930 | Cerberus | Cross-Site Scripting vulnerability in Cerberus FTP Server Cross-site scripting (XSS) vulnerability in the web interface in Cerberus FTP Server before 2.46 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-11-10 | CVE-2007-5924 | IBM | Cross-Site Scripting vulnerability in IBM Lotus Domino 7.0/7.0.2 Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-11-10 | CVE-2007-5923 | Broadcom | Cross-Site Scripting vulnerability in Broadcom Etrust Siteminder Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in CA (formerly Computer Associates) eTrust SiteMinder Agent allows remote attackers to inject arbitrary web script or HTML via the SMAUTHREASON parameter, a different vector than CVE-2005-2204. | 4.3 |
2007-11-08 | CVE-2007-5891 | Manageengine | Cross-Site Scripting vulnerability in Manageengine Opmanager and Opmanager MSP Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. | 4.3 |
2007-11-08 | CVE-2007-5581 | Cisco | Cross-Site Scripting vulnerability in Cisco Unified Meetingplace Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters. | 4.3 |
2007-11-07 | CVE-2007-5888 | Coppermine | Cross-Site Scripting vulnerability in Coppermine Photo Gallery Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter. | 4.3 |
2007-11-05 | CVE-2007-5834 | Bosdev | Cross-Site Scripting vulnerability in Bosdev Bosnews 4 Cross-site scripting (XSS) vulnerability in BosDev BosNews 4 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in a news post. | 4.3 |
2007-11-05 | CVE-2007-5817 | Contentcustomizer | Cross-Site Scripting vulnerability in Contentcustomizer dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to perform certain privileged actions via a (1) del, (2) delbackup, (3) res, or (4) ren action. | 4.3 |
2007-11-05 | CVE-2007-5809 | Hitachi | Cross-Site Scripting vulnerability in Hitachi products Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-status page. | 4.3 |
2007-11-05 | CVE-2007-5806 | Ilias | Cross-Site Scripting vulnerability in Ilias Cross-site scripting (XSS) vulnerability in Services/Utilities/classes/class.ilUtil.php in ILIAS 3.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via attributes inside a domain-name string in the (1) mailing or (2) forum component, as demonstrated using the style and onmouseover HTML attributes. | 4.3 |
2007-11-10 | CVE-2007-5925 | Mysql | Improper Input Validation vulnerability in Mysql The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error. | 4.0 |
6 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-11-05 | CVE-2007-5833 | Bosdev | Cross-Site Scripting vulnerability in Bosdev Bosmarket Business Directory System Multiple cross-site scripting (XSS) vulnerabilities in BosDev BosMarket Business Directory System allow remote authenticated users to inject arbitrary web script or HTML via (1) user info (account details) or (2) a post. | 3.5 |
2007-11-08 | CVE-2007-4129 | Redhat Fedoraproject | Link Following vulnerability in Fedoraproject Coolkey 1.1.0 CoolKey 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files in the /tmp/.pk11ipc1/ directory. | 3.3 |
2007-11-08 | CVE-2007-3921 | Gforge | Link Following vulnerability in Gforge 3.1/4.5.14 gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files via a symlink attack on temporary files. | 3.3 |
2007-11-05 | CVE-2007-5827 | Debian Iscsitarget | Permissions, Privileges, and Access Controls vulnerability in Iscsitarget 0.4.15 iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords. | 2.1 |
2007-11-05 | CVE-2007-5819 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Continuous Data Protection for Files 3.1.0 IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak permissions (unrestricted write) for the Central Admin Global download directory, which allows local users to place arbitrary files into a location used for updating CDP clients. | 2.1 |
2007-11-10 | CVE-2007-4570 | Redhat | Improper Input Validation vulnerability in Redhat Mcstrans 0.2.3 Algorithmic complexity vulnerability in the MCS translation daemon in mcstrans 0.2.3 allows local users to cause a denial of service (temporary daemon outage) via a large range of compartments in sensitivity labels. | 1.9 |