Weekly Vulnerabilities Reports > November 12 to 18, 2007

Overview

111 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 31 high severity vulnerabilities. This weekly summary report vulnerabilities in 77 products from 59 vendors including Apple, IBM, TUG, Softbizscripts, and Acdsee. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", and "Resource Management Errors".

  • 91 reported vulnerabilities are remotely exploitables.
  • 10 reported vulnerabilities have public exploit available.
  • 47 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 103 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 31 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 7 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

16 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-11-16 CVE-2007-6011 BUG Software Improper Authentication vulnerability in BUG Software Bughotel Reservation System

Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors.

10.0
2007-11-15 CVE-2007-6006 Testlink Improper Authentication vulnerability in Testlink

TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.

10.0
2007-11-15 CVE-2007-4704 Apple Unspecified vulnerability in Apple mac OS X 10.5

The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted, which might allow attackers to bypass intended access restrictions.

10.0
2007-11-15 CVE-2007-4703 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended access restrictions.

10.0
2007-11-15 CVE-2007-4691 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs.

10.0
2007-11-15 CVE-2007-4689 Apple Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server

Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets.

10.0
2007-11-14 CVE-2007-5941 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player

Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in Adobe Shockwave allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument to the ShockwaveVersion method.

10.0
2007-11-16 CVE-2007-5398 Samba Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba

Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request.

9.3
2007-11-16 CVE-2007-4572 Samba Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba

Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests.

9.3
2007-11-15 CVE-2007-6009 Acdsee Buffer Errors vulnerability in Acdsee Photo Editor, Photo Manager and PRO Photo Manager

Multiple buffer overflows in ACD products allow user-assisted remote attackers to execute arbitrary code via a long section string in a (1) XBM or (2) XPM file to (a) ID_X.apl or (b) IDE_ACDStd.apl.

9.3
2007-11-15 CVE-2007-6008 Autonomy Buffer Errors vulnerability in Autonomy products

Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK allows remote attackers to execute arbitrary code via a long Content-Type header line in an EML file.

9.3
2007-11-15 CVE-2007-4344 Acdsee Improper Input Validation vulnerability in Acdsee Photo Editor, Photo Manager and PRO Photo Manager

Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allow user-assisted remote attackers to execute arbitrary code via a long section string in (1) a PSP image to the ID_PSP.apl plug-in or (2) an LHA archive to the AM_LHA.apl plug-in, resulting in a heap-based buffer overflow.

9.3
2007-11-15 CVE-2007-4702 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.

9.3
2007-11-15 CVE-2007-4687 Apple Configuration vulnerability in Apple mac OS X and mac OS X Server

The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files.

9.3
2007-11-14 CVE-2007-5755 AOL Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in AOL Radio

Multiple stack-based buffer overflows in the AOL AmpX ActiveX control in AmpX.dll 2.6.1.11 in AOL Radio allow remote attackers to execute arbitrary code via long arguments to unspecified methods.

9.3
2007-11-15 CVE-2007-4690 Apple Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server

Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet.

9.0

31 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-11-15 CVE-2007-6010 Pioneers Improper Input Validation vulnerability in Pioneers 0.11.3

Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors that trigger an assert error.

7.8
2007-11-15 CVE-2007-5501 Linux Resource Management Errors vulnerability in Linux Kernel

The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference.

7.8
2007-11-15 CVE-2007-5984 Justin Hagstrom Improper Input Validation vulnerability in Justin Hagstrom Autoindex PHP Script

classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via a %00 sequence in the dir parameter to index.php, which triggers an erroneous "recursive calculation."

7.8
2007-11-15 CVE-2006-7229 Ubuntu Resource Management Errors vulnerability in Ubuntu Linux Kernel 2.6.15

The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spin_lock and spin_unlock functions, which allows remote attackers to cause a denial of service (machine crash) via a flood of network traffic.

7.8
2007-11-13 CVE-2007-5933 Pioneers Improper Input Validation vulnerability in Pioneers

Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to cause a denial of service (crash) by triggering a delete operation while the Session object is still being used, as demonstrated by causing a "Broken pipe" error.

7.8
2007-11-16 CVE-2007-6012 Gatesoft SQL Injection vulnerability in Gatesoft Docusafe 4.1.0/4.1.2

SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the artnr parameter (aka the search section).

7.5
2007-11-15 CVE-2007-6004 Toko SQL Injection vulnerability in Toko Instan 7.6

Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an artikel action or (2) the katid parameter in a produk action.

7.5
2007-11-15 CVE-2007-5999 Softbizscripts SQL Injection vulnerability in Softbizscripts Softbiz Auctions Script

SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-11-15 CVE-2007-5996 Softbizscripts SQL Injection vulnerability in Softbizscripts Link Directory Script 1.0

SQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449.

7.5
2007-11-15 CVE-2007-5992 Datecomm SQL Injection vulnerability in Datecomm Social Networking Script

SQL injection vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewcat s action on the forums page.

7.5
2007-11-15 CVE-2007-5991 EXO SQL Injection vulnerability in EXO Exophpdesk 1.2.1

SQL injection vulnerability in index.php in ExoPHPdesk allows remote attackers to execute arbitrary SQL commands via the user parameter in a profile fn action.

7.5
2007-11-15 CVE-2007-4700 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors.

7.5
2007-11-15 CVE-2007-4699 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Safari

The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions.

7.5
2007-11-15 CVE-2007-5988 BTI Tracker Permissions, Privileges, and Access Controls vulnerability in Bti-Tracker

blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field.

7.5
2007-11-15 CVE-2007-5986 Btiteam SQL Injection vulnerability in Btiteam Btitracker

SQL injection vulnerability in include/functions.php in BtiTracker before 1.4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2007-11-15 CVE-2007-5978 Xoops SQL Injection vulnerability in Xoops Mylinks Module 2.0.17.1

SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.

7.5
2007-11-15 CVE-2007-5974 Jportal SQL Injection vulnerability in Jportal web Portal 2

SQL injection vulnerability in mailer.php in JPortal 2 allows remote attackers to execute arbitrary SQL commands via the to parameter.

7.5
2007-11-15 CVE-2007-5973 Jportal SQL Injection vulnerability in Jportal web Portal

SQL injection vulnerability in articles.php in JPortal 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter.

7.5
2007-11-14 CVE-2007-5951 E Vendejo SQL Injection vulnerability in E-Vendejo 0.2

SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-11-15 CVE-2007-4693 Apple Improper Authentication vulnerability in Apple mac OS X and mac OS X Server

The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields."

7.2
2007-11-15 CVE-2007-4686 Apple Numeric Errors vulnerability in Apple mac OS X and mac OS X Server

Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request.

7.2
2007-11-15 CVE-2007-4685 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state."

7.2
2007-11-15 CVE-2007-4269 Apple Numeric Errors vulnerability in Apple mac OS X and mac OS X Server

Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow.

7.2
2007-11-15 CVE-2007-4268 Apple Numeric Errors vulnerability in Apple mac OS X

Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as an unsigned value, which triggers a heap-based buffer overflow.

7.2
2007-11-15 CVE-2007-4267 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted IOCTL request that adds an AppleTalk zone to a routing table.

7.2
2007-11-15 CVE-2007-3749 Apple Multiple Security vulnerability in Apple Mac OS X v10.4.11 2007-008

The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of the setuid process.

7.2
2007-11-14 CVE-2007-5956 IBM Path Traversal vulnerability in IBM Informix Dynamic Server

Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable.

7.2
2007-11-14 CVE-2007-5946 HP Local Unauthorized Access vulnerability in HP-UX Aries PA-RISC Emulator

Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11.23 and B.11.31 on the IA-64 platform allows local users to obtain unspecified access.

7.2
2007-11-14 CVE-2007-5667 Novell Improper Input Validation vulnerability in Novell Client 4.91

NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations.

7.2
2007-11-14 CVE-2007-3880 SUN USE of Externally-Controlled Format String vulnerability in SUN NET Connect Software 3.2.3/3.2.4

Format string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog.

7.2
2007-11-15 CVE-2007-4678 Apple Multiple Security vulnerability in Apple Mac OS X v10.4.11 2007-008

AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted.

7.1

58 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-11-15 CVE-2007-4684 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a large num_sels argument to the i386_set_ldt system call.

6.9
2007-11-15 CVE-2007-4681 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted directory hierarchy.

6.9
2007-11-14 CVE-2007-5756 Winpcap Buffer Errors vulnerability in Winpcap 4.0.1

Multiple array index errors in the bpf_filter_init function in NPF.SYS in WinPcap before 4.0.2, when run in monitor mode (aka Table Management Extensions or TME), and as used in Wireshark and possibly other products, allow local users to gain privileges via crafted IOCTL requests.

6.9
2007-11-15 CVE-2007-6007 Acdsee Buffer Errors vulnerability in Acdsee Photo Editor, Photo Manager and PRO Photo Manager

Integer overflow in the ID_PSP.apl plug-in for ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted PSP image that triggers a heap-based buffer overflow.

6.8
2007-11-15 CVE-2007-5995 PHP Tools Code Injection vulnerability in PHP-Tools Patbbcode 1.0

PHP remote file inclusion vulnerability in examples/patExampleGen/bbcodeSource.php in patBBcode 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the example parameter.

6.8
2007-11-15 CVE-2007-5994 Yappa NG Code Injection vulnerability in Yappa-Ng 2.3.2

PHP remote file inclusion vulnerability in check_noimage.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the config[path_src_include] parameter.

6.8
2007-11-15 CVE-2007-5905 Adobe Credentials Management vulnerability in Adobe Coldfusion 7.0/8.0

Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability.

6.8
2007-11-15 CVE-2007-4697 Apple Multiple Security vulnerability in Apple Mac OS X v10.4.11 2007-008

Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption.

6.8
2007-11-15 CVE-2007-4682 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer.

6.8
2007-11-15 CVE-2007-4680 Apple Improper Authentication vulnerability in Apple mac OS X

CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack.

6.8
2007-11-15 CVE-2007-5987 BTI Tracker Permissions, Privileges, and Access Controls vulnerability in Bti-Tracker

details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest.

6.8
2007-11-14 CVE-2006-7228 Pcre Numeric Errors vulnerability in Pcre

Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227.

6.8
2007-11-14 CVE-2006-7227 Pcre Numeric Errors vulnerability in Pcre

Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow.

6.8
2007-11-13 CVE-2007-5937 Tetex
TUG
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file.

6.8
2007-11-13 CVE-2007-5935 Tetex
TUG
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag.

6.8
2007-11-15 CVE-2007-5998 Softbizscripts SQL Injection vulnerability in Softbizscripts AD Management Plus Script 1.0

SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter.

6.5
2007-11-15 CVE-2007-5997 Softbizscripts SQL Injection vulnerability in Softbizscripts Banner Exchange Network Script 1.0

SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.

6.5
2007-11-15 CVE-2007-5976 Phpmyadmin SQL Injection vulnerability in PHPmyadmin

SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter.

6.5
2007-11-15 CVE-2007-5975 Torrentstrike SQL Injection vulnerability in Torrentstrike 0.4

SQL injection vulnerability in index.php in TBSource, as used in (1) TBDev and (2) TorrentStrike 0.4, allows remote authenticated users to execute arbitrary SQL commands via the choice parameter.

6.5
2007-11-14 CVE-2007-3898 Microsoft Configuration vulnerability in Microsoft products

The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.

6.4
2007-11-15 CVE-2007-6000 KDE Resource Management Errors vulnerability in KDE Konqueror

KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters.

5.0
2007-11-15 CVE-2007-4688 Apple Information Exposure vulnerability in Apple mac OS X and mac OS X Server

The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query.

5.0
2007-11-14 CVE-2007-5953 Really Simple Caldav Store Information Disclosure vulnerability in DAViCal Really Simple CalDAV Store

Unspecified vulnerability in Really Simple CalDAV Store (RSCDS) before 0.9.0 allows attackers to obtain sensitive information via unspecified vectors.

5.0
2007-11-14 CVE-2007-5945 Usvn Permissions, Privileges, and Access Controls vulnerability in Usvn User-Friendly SVN

USVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors.

5.0
2007-11-14 CVE-2007-5943 Simple Machines Configuration vulnerability in Simple Machines Simple Machines Forum 1.1.4

Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the "show results as messages" option, then searching for possible keywords contained in that message.

5.0
2007-11-14 CVE-2007-5770 Ruby Lang Improper Authentication vulnerability in Ruby-Lang Ruby 1.8.5/1.8.6

The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.

5.0
2007-11-14 CVE-2007-4136 Redhat Remote Denial Of Service vulnerability in Redhat Conga 0.10.0

The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to cause a denial of service (loss of new connections) by repeatedly sending data or attempting connections.

5.0
2007-11-14 CVE-2007-5957 IBM Multiple vulnerability in IBM Informix Dynamic Server

Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests.

4.9
2007-11-15 CVE-2007-4683 Apple Path Traversal vulnerability in Apple mac OS X

Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory.

4.6
2007-11-13 CVE-2007-5940 TUG Link Following vulnerability in TUG Texlive 2007

feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.

4.6
2007-11-15 CVE-2007-6005 Webex Communications Resource Management Errors vulnerability in Webex Communications Webex Gpccontainer Activex Control

Unspecified vulnerability in the GpcContainer.GpcContainer.1 ActiveX control in WebEx allows remote attackers to cause a denial of service (memory access violation and crash) via (1) an invalid argument to the InitParam method or (2) an unspecified vector involving the SetParam method.

4.3
2007-11-15 CVE-2007-6003 Thomson Cross-Site Scripting vulnerability in Thomson Speedtouch 716

Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

4.3
2007-11-15 CVE-2007-6002 Fenrir Cross-Site Scripting vulnerability in Fenrir Grani and Sleipnir

Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir 2.5.17 R2 and earlier and (2) Grani 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field in a search for additions to the Favorites section.

4.3
2007-11-15 CVE-2007-6001 Bandersnatch Cross-Site Scripting vulnerability in Bandersnatch 0.4

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Bandersnatch 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) func or (2) date parameter, or the jid parameter in a (3) log or (4) user action, a different vulnerability than CVE-2007-3910.

4.3
2007-11-15 CVE-2007-5993 Vtls Cross-Site Scripting vulnerability in Vtls Vtls.Web.Gateway

Cross-site scripting (XSS) vulnerability in Visionary Technology in Library Solutions (VTLS) vtls.web.gateway before 48.1.1 allows remote attackers to inject arbitrary web script or HTML via the searchtype parameter.

4.3
2007-11-15 CVE-2007-5990 EXO Cross-Site Scripting vulnerability in EXO Exophpdesk 1.2.1

Cross-site scripting (XSS) vulnerability in ExoPHPdesk allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a user profile, possibly the (1) name and (2) website parameters to register.php.

4.3
2007-11-15 CVE-2006-7230 Pcre Numeric Errors vulnerability in Pcre

Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions.

4.3
2007-11-15 CVE-2007-4696 Apple Race Condition vulnerability in Apple mac OS X and mac OS X Server

Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari.

4.3
2007-11-15 CVE-2007-4695 Apple Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server

Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads.

4.3
2007-11-15 CVE-2007-4694 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs.

4.3
2007-11-15 CVE-2007-5985 BTI Tracker Cross-Site Scripting vulnerability in Bti-Tracker

Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles.php, or (3) recover.php; or (4) the "to" parameter to usercp.php.

4.3
2007-11-15 CVE-2007-5983 Justin Hagstrom Cross-Site Scripting vulnerability in Justin Hagstrom Autoindex PHP Script

Cross-site scripting (XSS) vulnerability in index.php in Justin Hagstrom AutoIndex PHP Script before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).

4.3
2007-11-15 CVE-2007-5982 X7 Group Cross-Site Scripting vulnerability in X7 Group X7 Chat 2.0.4/2.0.5

Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php.

4.3
2007-11-15 CVE-2007-5980 Eggblog Cross-Site Scripting vulnerability in Eggblog

Cross-site scripting (XSS) vulnerability in home/rss.php in eggblog before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).

4.3
2007-11-15 CVE-2007-5979 F5 Cross-Site Scripting vulnerability in F5 Firepass 4100

Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter.

4.3
2007-11-15 CVE-2007-4698 Apple Cross-Site Scripting vulnerability in Apple Safari

Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame.

4.3
2007-11-15 CVE-2007-4692 Apple
Microsoft
Improper Authentication vulnerability in Apple Safari

The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab.

4.3
2007-11-14 CVE-2007-3694 Getmiro Cross-Site Scripting vulnerability in Getmiro Broadcast Machine 0.9.9.9

Cross-site scripting (XSS) vulnerability in login.php in Miro Project Broadcast Machine 0.9.9.9 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

4.3
2007-11-14 CVE-2007-5955 Updir Cross-Site Scripting vulnerability in Updir Updir.Net 2.03

Cross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET before 2.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-11-14 CVE-2007-5954 Jlmforo System Cross-Site Scripting vulnerability in Jlmforo System Jlmforo System

Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo System allows remote attackers to inject arbitrary web script or HTML via the clave parameter.

4.3
2007-11-14 CVE-2007-5952 Helioscalendar Cross-Site Scripting vulnerability in Helioscalendar Helios Calendar 1.2.1Beta

Cross-site scripting (XSS) vulnerability in admin/index.php in Helios Calendar 1.2.1 Beta allows remote attackers to inject arbitrary web script or HTML via the username parameter.

4.3
2007-11-14 CVE-2007-5950 Netcommons Cross-Site Scripting vulnerability in Netcommons

Cross-site scripting (XSS) vulnerability in NetCommons before 1.0.11, and 1.1.x before 1.1.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-4165.

4.3
2007-11-14 CVE-2007-5948 Script FUN Cross-Site Scripting vulnerability in Script-Fun Sf-Shoutbox 1.2.1/1.4

Multiple cross-site scripting (XSS) vulnerabilities in main.php in SF-Shoutbox 1.2.1 through 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) nick (aka Name) and (2) shout (aka Shout) parameters.

4.3
2007-11-14 CVE-2007-5947 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox and Seamonkey

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.

4.3
2007-11-14 CVE-2007-5944 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header.

4.3
2007-11-13 CVE-2007-5794 NSS Ldap Race Condition vulnerability in NSS Ldap NSS Ldap

Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection.

4.3
2007-11-13 CVE-2007-5934 Pear Information Exposure vulnerability in Pear Structures Datagrid Datasource Mdb2

The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site.

4.3
2007-11-14 CVE-2007-5942 Bandersnatch Information Disclosure vulnerability in Bandersnatch 0.4

Bandersnatch 0.4 allows remote attackers to obtain sensitive information via a malformed request for index.php with (1) a certain func parameter value; or (2) certain func, jid, page, and limit parameter values; which reveals the path in various error messages.

4.0

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-11-13 CVE-2007-5936 Tetex
TUG
Permissions, Privileges, and Access Controls vulnerability in multiple products

dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.

3.6
2007-11-15 CVE-2007-5977 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942.

3.5
2007-11-14 CVE-2007-5949 IBM Cross-Site Scripting vulnerability in IBM Tivoli Service Desk 6.2

Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6.2 allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action.

3.5
2007-11-15 CVE-2007-5981 Lantronix Remote Denial Of Service vulnerability in Lantronix SCS3200

Lantronix SCS3200 does not properly handle public-key requests, which allows remote attackers to cause a denial of service (unresponsive device) via unspecified keyscan requests.

3.3
2007-11-15 CVE-2007-4679 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands.

2.6
2007-11-15 CVE-2007-4701 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server

WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.

2.1