Weekly Vulnerabilities Reports > November 12 to 18, 2007
Overview
106 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 30 high severity vulnerabilities. This weekly summary report vulnerabilities in 75 products from 57 vendors including Apple, IBM, TUG, Softbizscripts, and Acdsee. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", and "Improper Input Validation".
- 87 reported vulnerabilities are remotely exploitables.
- 10 reported vulnerabilities have public exploit available.
- 47 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 96 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 30 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 7 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
16 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-11-16 | CVE-2007-6011 | BUG Software | Improper Authentication vulnerability in BUG Software Bughotel Reservation System Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. | 10.0 |
2007-11-15 | CVE-2007-6006 | Testlink | Improper Authentication vulnerability in Testlink TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors. | 10.0 |
2007-11-15 | CVE-2007-4704 | Apple | Unspecified vulnerability in Apple mac OS X 10.5 The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted, which might allow attackers to bypass intended access restrictions. | 10.0 |
2007-11-15 | CVE-2007-4703 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended access restrictions. | 10.0 |
2007-11-15 | CVE-2007-4691 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs. | 10.0 |
2007-11-15 | CVE-2007-4689 | Apple | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets. | 10.0 |
2007-11-14 | CVE-2007-5941 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in Adobe Shockwave allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument to the ShockwaveVersion method. | 10.0 |
2007-11-16 | CVE-2007-5398 | Samba | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request. | 9.3 |
2007-11-16 | CVE-2007-4572 | Samba | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests. | 9.3 |
2007-11-15 | CVE-2007-6009 | Acdsee | Buffer Errors vulnerability in Acdsee Photo Editor, Photo Manager and PRO Photo Manager Multiple buffer overflows in ACD products allow user-assisted remote attackers to execute arbitrary code via a long section string in a (1) XBM or (2) XPM file to (a) ID_X.apl or (b) IDE_ACDStd.apl. | 9.3 |
2007-11-15 | CVE-2007-6008 | Autonomy | Buffer Errors vulnerability in Autonomy products Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK allows remote attackers to execute arbitrary code via a long Content-Type header line in an EML file. | 9.3 |
2007-11-15 | CVE-2007-4344 | Acdsee | Improper Input Validation vulnerability in Acdsee Photo Editor, Photo Manager and PRO Photo Manager Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allow user-assisted remote attackers to execute arbitrary code via a long section string in (1) a PSP image to the ID_PSP.apl plug-in or (2) an LHA archive to the AM_LHA.apl plug-in, resulting in a heap-based buffer overflow. | 9.3 |
2007-11-15 | CVE-2007-4702 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions. | 9.3 |
2007-11-15 | CVE-2007-4687 | Apple | Configuration vulnerability in Apple mac OS X and mac OS X Server The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files. | 9.3 |
2007-11-14 | CVE-2007-5755 | AOL | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in AOL Radio Multiple stack-based buffer overflows in the AOL AmpX ActiveX control in AmpX.dll 2.6.1.11 in AOL Radio allow remote attackers to execute arbitrary code via long arguments to unspecified methods. | 9.3 |
2007-11-15 | CVE-2007-4690 | Apple | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet. | 9.0 |
30 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-11-15 | CVE-2007-6010 | Pioneers | Improper Input Validation vulnerability in Pioneers 0.11.3 Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors that trigger an assert error. | 7.8 |
2007-11-15 | CVE-2007-4268 | Apple | Incorrect Conversion between Numeric Types vulnerability in Apple mac OS X Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as an unsigned value, which triggers a heap-based buffer overflow. | 7.8 |
2007-11-15 | CVE-2007-3749 | Apple | Improper Initialization vulnerability in Apple mac OS X The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of the setuid process. | 7.8 |
2007-11-15 | CVE-2007-5984 | Justin Hagstrom | Improper Input Validation vulnerability in Justin Hagstrom Autoindex PHP Script classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via a %00 sequence in the dir parameter to index.php, which triggers an erroneous "recursive calculation." | 7.8 |
2007-11-15 | CVE-2006-7229 | Ubuntu | Resource Management Errors vulnerability in Ubuntu Linux Kernel 2.6.15 The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spin_lock and spin_unlock functions, which allows remote attackers to cause a denial of service (machine crash) via a flood of network traffic. | 7.8 |
2007-11-13 | CVE-2007-5933 | Pioneers | Improper Input Validation vulnerability in Pioneers Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to cause a denial of service (crash) by triggering a delete operation while the Session object is still being used, as demonstrated by causing a "Broken pipe" error. | 7.8 |
2007-11-16 | CVE-2007-6012 | Gatesoft | SQL Injection vulnerability in Gatesoft Docusafe 4.1.0/4.1.2 SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the artnr parameter (aka the search section). | 7.5 |
2007-11-15 | CVE-2007-6004 | Toko | SQL Injection vulnerability in Toko Instan 7.6 Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an artikel action or (2) the katid parameter in a produk action. | 7.5 |
2007-11-15 | CVE-2007-5999 | Softbizscripts | SQL Injection vulnerability in Softbizscripts Softbiz Auctions Script SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-11-15 | CVE-2007-5996 | Softbizscripts | SQL Injection vulnerability in Softbizscripts Link Directory Script 1.0 SQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449. | 7.5 |
2007-11-15 | CVE-2007-5992 | Datecomm | SQL Injection vulnerability in Datecomm Social Networking Script SQL injection vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewcat s action on the forums page. | 7.5 |
2007-11-15 | CVE-2007-5991 | EXO | SQL Injection vulnerability in EXO Exophpdesk 1.2.1 SQL injection vulnerability in index.php in ExoPHPdesk allows remote attackers to execute arbitrary SQL commands via the user parameter in a profile fn action. | 7.5 |
2007-11-15 | CVE-2007-4700 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors. | 7.5 |
2007-11-15 | CVE-2007-4699 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Safari The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions. | 7.5 |
2007-11-15 | CVE-2007-5988 | BTI Tracker | Permissions, Privileges, and Access Controls vulnerability in Bti-Tracker blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field. | 7.5 |
2007-11-15 | CVE-2007-5986 | Btiteam | SQL Injection vulnerability in Btiteam Btitracker SQL injection vulnerability in include/functions.php in BtiTracker before 1.4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2007-11-15 | CVE-2007-5978 | Xoops | SQL Injection vulnerability in Xoops Mylinks Module 2.0.17.1 SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. | 7.5 |
2007-11-15 | CVE-2007-5974 | Jportal | SQL Injection vulnerability in Jportal web Portal 2 SQL injection vulnerability in mailer.php in JPortal 2 allows remote attackers to execute arbitrary SQL commands via the to parameter. | 7.5 |
2007-11-15 | CVE-2007-5973 | Jportal | SQL Injection vulnerability in Jportal web Portal SQL injection vulnerability in articles.php in JPortal 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter. | 7.5 |
2007-11-14 | CVE-2007-5951 | E Vendejo | SQL Injection vulnerability in E-Vendejo 0.2 SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-11-15 | CVE-2007-4693 | Apple | Improper Authentication vulnerability in Apple mac OS X and mac OS X Server The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields." | 7.2 |
2007-11-15 | CVE-2007-4686 | Apple | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request. | 7.2 |
2007-11-15 | CVE-2007-4685 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state." | 7.2 |
2007-11-15 | CVE-2007-4269 | Apple | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow. | 7.2 |
2007-11-15 | CVE-2007-4267 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted IOCTL request that adds an AppleTalk zone to a routing table. | 7.2 |
2007-11-14 | CVE-2007-5956 | IBM | Path Traversal vulnerability in IBM Informix Dynamic Server Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable. | 7.2 |
2007-11-14 | CVE-2007-5946 | HP | Local Unauthorized Access vulnerability in HP-UX Aries PA-RISC Emulator Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11.23 and B.11.31 on the IA-64 platform allows local users to obtain unspecified access. | 7.2 |
2007-11-14 | CVE-2007-5667 | Novell | Improper Input Validation vulnerability in Novell Client 4.91 NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations. | 7.2 |
2007-11-14 | CVE-2007-3880 | SUN | USE of Externally-Controlled Format String vulnerability in SUN NET Connect Software 3.2.3/3.2.4 Format string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog. | 7.2 |
2007-11-15 | CVE-2007-4678 | Apple | Multiple Security vulnerability in Apple Mac OS X v10.4.11 2007-008 AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted. | 7.1 |
54 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-11-15 | CVE-2007-4684 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a large num_sels argument to the i386_set_ldt system call. | 6.9 |
2007-11-15 | CVE-2007-4681 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted directory hierarchy. | 6.9 |
2007-11-15 | CVE-2007-6007 | Acdsee | Buffer Errors vulnerability in Acdsee Photo Editor, Photo Manager and PRO Photo Manager Integer overflow in the ID_PSP.apl plug-in for ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted PSP image that triggers a heap-based buffer overflow. | 6.8 |
2007-11-15 | CVE-2007-5995 | PHP Tools | Code Injection vulnerability in PHP-Tools Patbbcode 1.0 PHP remote file inclusion vulnerability in examples/patExampleGen/bbcodeSource.php in patBBcode 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the example parameter. | 6.8 |
2007-11-15 | CVE-2007-5994 | Yappa NG | Code Injection vulnerability in Yappa-Ng 2.3.2 PHP remote file inclusion vulnerability in check_noimage.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the config[path_src_include] parameter. | 6.8 |
2007-11-15 | CVE-2007-5905 | Adobe | Credentials Management vulnerability in Adobe Coldfusion 7.0/8.0 Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability. | 6.8 |
2007-11-15 | CVE-2007-4697 | Apple | Multiple Security vulnerability in Apple Mac OS X v10.4.11 2007-008 Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption. | 6.8 |
2007-11-15 | CVE-2007-4680 | Apple | Improper Authentication vulnerability in Apple mac OS X CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack. | 6.8 |
2007-11-15 | CVE-2007-5987 | BTI Tracker | Permissions, Privileges, and Access Controls vulnerability in Bti-Tracker details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest. | 6.8 |
2007-11-13 | CVE-2007-5937 | Tetex TUG | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file. | 6.8 |
2007-11-13 | CVE-2007-5935 | Tetex TUG | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag. | 6.8 |
2007-11-15 | CVE-2007-5998 | Softbizscripts | SQL Injection vulnerability in Softbizscripts AD Management Plus Script 1.0 SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter. | 6.5 |
2007-11-15 | CVE-2007-5997 | Softbizscripts | SQL Injection vulnerability in Softbizscripts Banner Exchange Network Script 1.0 SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | 6.5 |
2007-11-15 | CVE-2007-5976 | Phpmyadmin | SQL Injection vulnerability in PHPmyadmin SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter. | 6.5 |
2007-11-15 | CVE-2007-5975 | Torrentstrike | SQL Injection vulnerability in Torrentstrike 0.4 SQL injection vulnerability in index.php in TBSource, as used in (1) TBDev and (2) TorrentStrike 0.4, allows remote authenticated users to execute arbitrary SQL commands via the choice parameter. | 6.5 |
2007-11-14 | CVE-2007-3898 | Microsoft | Configuration vulnerability in Microsoft products The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors. | 6.4 |
2007-11-15 | CVE-2007-6000 | KDE | Resource Management Errors vulnerability in KDE Konqueror KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters. | 5.0 |
2007-11-15 | CVE-2007-4688 | Apple | Information Exposure vulnerability in Apple mac OS X and mac OS X Server The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query. | 5.0 |
2007-11-14 | CVE-2007-5953 | Really Simple Caldav Store | Information Disclosure vulnerability in DAViCal Really Simple CalDAV Store Unspecified vulnerability in Really Simple CalDAV Store (RSCDS) before 0.9.0 allows attackers to obtain sensitive information via unspecified vectors. | 5.0 |
2007-11-14 | CVE-2007-5945 | Usvn | Permissions, Privileges, and Access Controls vulnerability in Usvn User-Friendly SVN USVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors. | 5.0 |
2007-11-14 | CVE-2007-5943 | Simple Machines | Configuration vulnerability in Simple Machines Simple Machines Forum 1.1.4 Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the "show results as messages" option, then searching for possible keywords contained in that message. | 5.0 |
2007-11-14 | CVE-2007-5770 | Ruby Lang | Improper Authentication vulnerability in Ruby-Lang Ruby 1.8.5/1.8.6 The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162. | 5.0 |
2007-11-14 | CVE-2007-4136 | Redhat | Remote Denial Of Service vulnerability in Redhat Conga 0.10.0 The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to cause a denial of service (loss of new connections) by repeatedly sending data or attempting connections. | 5.0 |
2007-11-14 | CVE-2007-5957 | IBM | Multiple vulnerability in IBM Informix Dynamic Server Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests. | 4.9 |
2007-11-15 | CVE-2007-4683 | Apple | Path Traversal vulnerability in Apple mac OS X Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory. | 4.6 |
2007-11-13 | CVE-2007-5940 | TUG | Link Following vulnerability in TUG Texlive 2007 feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file. | 4.6 |
2007-11-15 | CVE-2007-6005 | Webex Communications | Resource Management Errors vulnerability in Webex Communications Webex Gpccontainer Activex Control Unspecified vulnerability in the GpcContainer.GpcContainer.1 ActiveX control in WebEx allows remote attackers to cause a denial of service (memory access violation and crash) via (1) an invalid argument to the InitParam method or (2) an unspecified vector involving the SetParam method. | 4.3 |
2007-11-15 | CVE-2007-6003 | Thomson | Cross-Site Scripting vulnerability in Thomson Speedtouch 716 Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 4.3 |
2007-11-15 | CVE-2007-6002 | Fenrir | Cross-Site Scripting vulnerability in Fenrir Grani and Sleipnir Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir 2.5.17 R2 and earlier and (2) Grani 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field in a search for additions to the Favorites section. | 4.3 |
2007-11-15 | CVE-2007-6001 | Bandersnatch | Cross-Site Scripting vulnerability in Bandersnatch 0.4 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Bandersnatch 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) func or (2) date parameter, or the jid parameter in a (3) log or (4) user action, a different vulnerability than CVE-2007-3910. | 4.3 |
2007-11-15 | CVE-2007-5993 | Vtls | Cross-Site Scripting vulnerability in Vtls Vtls.Web.Gateway Cross-site scripting (XSS) vulnerability in Visionary Technology in Library Solutions (VTLS) vtls.web.gateway before 48.1.1 allows remote attackers to inject arbitrary web script or HTML via the searchtype parameter. | 4.3 |
2007-11-15 | CVE-2007-5990 | EXO | Cross-Site Scripting vulnerability in EXO Exophpdesk 1.2.1 Cross-site scripting (XSS) vulnerability in ExoPHPdesk allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a user profile, possibly the (1) name and (2) website parameters to register.php. | 4.3 |
2007-11-15 | CVE-2006-7230 | Pcre | Numeric Errors vulnerability in Pcre Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions. | 4.3 |
2007-11-15 | CVE-2007-4696 | Apple | Race Condition vulnerability in Apple mac OS X and mac OS X Server Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari. | 4.3 |
2007-11-15 | CVE-2007-4695 | Apple | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads. | 4.3 |
2007-11-15 | CVE-2007-4694 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs. | 4.3 |
2007-11-15 | CVE-2007-5985 | BTI Tracker | Cross-Site Scripting vulnerability in Bti-Tracker Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles.php, or (3) recover.php; or (4) the "to" parameter to usercp.php. | 4.3 |
2007-11-15 | CVE-2007-5983 | Justin Hagstrom | Cross-Site Scripting vulnerability in Justin Hagstrom Autoindex PHP Script Cross-site scripting (XSS) vulnerability in index.php in Justin Hagstrom AutoIndex PHP Script before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | 4.3 |
2007-11-15 | CVE-2007-5982 | X7 Group | Cross-Site Scripting vulnerability in X7 Group X7 Chat 2.0.4/2.0.5 Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php. | 4.3 |
2007-11-15 | CVE-2007-5980 | Eggblog | Cross-Site Scripting vulnerability in Eggblog Cross-site scripting (XSS) vulnerability in home/rss.php in eggblog before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | 4.3 |
2007-11-15 | CVE-2007-5979 | F5 | Cross-Site Scripting vulnerability in F5 Firepass 4100 Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter. | 4.3 |
2007-11-15 | CVE-2007-4698 | Apple | Cross-Site Scripting vulnerability in Apple Safari Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame. | 4.3 |
2007-11-15 | CVE-2007-4692 | Apple Microsoft | Improper Authentication vulnerability in Apple Safari The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. | 4.3 |
2007-11-14 | CVE-2007-3694 | Getmiro | Cross-Site Scripting vulnerability in Getmiro Broadcast Machine 0.9.9.9 Cross-site scripting (XSS) vulnerability in login.php in Miro Project Broadcast Machine 0.9.9.9 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | 4.3 |
2007-11-14 | CVE-2007-5955 | Updir | Cross-Site Scripting vulnerability in Updir Updir.Net 2.03 Cross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET before 2.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-11-14 | CVE-2007-5954 | Jlmforo System | Cross-Site Scripting vulnerability in Jlmforo System Jlmforo System Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo System allows remote attackers to inject arbitrary web script or HTML via the clave parameter. | 4.3 |
2007-11-14 | CVE-2007-5952 | Helioscalendar | Cross-Site Scripting vulnerability in Helioscalendar Helios Calendar 1.2.1Beta Cross-site scripting (XSS) vulnerability in admin/index.php in Helios Calendar 1.2.1 Beta allows remote attackers to inject arbitrary web script or HTML via the username parameter. | 4.3 |
2007-11-14 | CVE-2007-5950 | Netcommons | Cross-Site Scripting vulnerability in Netcommons Cross-site scripting (XSS) vulnerability in NetCommons before 1.0.11, and 1.1.x before 1.1.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-4165. | 4.3 |
2007-11-14 | CVE-2007-5948 | Script FUN | Cross-Site Scripting vulnerability in Script-Fun Sf-Shoutbox 1.2.1/1.4 Multiple cross-site scripting (XSS) vulnerabilities in main.php in SF-Shoutbox 1.2.1 through 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) nick (aka Name) and (2) shout (aka Shout) parameters. | 4.3 |
2007-11-14 | CVE-2007-5947 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Firefox and Seamonkey The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI. | 4.3 |
2007-11-14 | CVE-2007-5944 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. | 4.3 |
2007-11-13 | CVE-2007-5794 | NSS Ldap | Race Condition vulnerability in NSS Ldap NSS Ldap Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. | 4.3 |
2007-11-13 | CVE-2007-5934 | Pear | Information Exposure vulnerability in Pear Structures Datagrid Datasource Mdb2 The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site. | 4.3 |
2007-11-14 | CVE-2007-5942 | Bandersnatch | Information Disclosure vulnerability in Bandersnatch 0.4 Bandersnatch 0.4 allows remote attackers to obtain sensitive information via a malformed request for index.php with (1) a certain func parameter value; or (2) certain func, jid, page, and limit parameter values; which reveals the path in various error messages. | 4.0 |
6 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-11-13 | CVE-2007-5936 | Tetex TUG | Permissions, Privileges, and Access Controls vulnerability in multiple products dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place. | 3.6 |
2007-11-15 | CVE-2007-5977 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942. | 3.5 |
2007-11-14 | CVE-2007-5949 | IBM | Cross-Site Scripting vulnerability in IBM Tivoli Service Desk 6.2 Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6.2 allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action. | 3.5 |
2007-11-15 | CVE-2007-5981 | Lantronix | Remote Denial Of Service vulnerability in Lantronix SCS3200 Lantronix SCS3200 does not properly handle public-key requests, which allows remote attackers to cause a denial of service (unresponsive device) via unspecified keyscan requests. | 3.3 |
2007-11-15 | CVE-2007-4679 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands. | 2.6 |
2007-11-15 | CVE-2007-4701 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file. | 2.1 |