Weekly Vulnerabilities Reports > November 19 to 25, 2007

Overview

87 new vulnerabilities reported during this period, including 20 critical vulnerabilities and 27 high severity vulnerabilities. This weekly summary report vulnerabilities in 65 products from 54 vendors including IBM, Linux, Wireshark, Microsoft, and Unix. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "SQL Injection", "Cross-site Scripting", and "Improper Input Validation".

  • 80 reported vulnerabilities are remotely exploitables.
  • 18 reported vulnerabilities have public exploit available.
  • 21 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 84 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 11 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

20 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-11-23 CVE-2007-6115 Wireshark Buffer Errors vulnerability in Wireshark 0.99.5/0.99.6

Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors.

10.0
2007-11-23 CVE-2007-6114 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser.

10.0
2007-11-23 CVE-2007-6112 Wireshark Buffer Errors vulnerability in Wireshark 0.99.6

Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

10.0
2007-11-22 CVE-2007-6099 Ingate Denial-Of-Service vulnerability in Ingate Siparator

Unspecified vulnerability in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 might leave "media pinholes" open upon a restart of the SIP module, which might make it easier for remote attackers to conduct unauthorized activities.

10.0
2007-11-22 CVE-2007-6097 Ingate Multiple vulnerability in Ingate Firewall And SIParator

Unspecified vulnerability in the ICMP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and remote attack vectors, related to ICMP packets that are "incorrectly accepted."

10.0
2007-11-22 CVE-2007-6092 Ingate Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ingate Firewall and Ingate Siparator

Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and attack vectors.

10.0
2007-11-20 CVE-2007-6051 Linux
Microsoft
Unix
IBM
Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database

IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has unknown impact.

10.0
2007-11-20 CVE-2007-6048 Linux
Microsoft
Unix
IBM
Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database

IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for DB2NODES.CFG, which has unknown impact and attack vectors.

10.0
2007-11-20 CVE-2007-6047 Linux
Microsoft
Unix
IBM
Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database

Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 before Fixpak 4 allows attackers to execute arbitrary commands as the DB2 instance owner, related to invocation of TPUT by DB2DART.

10.0
2007-11-20 CVE-2007-6045 Linux
Microsoft
Unix
IBM
Privilege Escalation vulnerability in IBM DB2

Unspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors.

10.0
2007-11-20 CVE-2007-6044 IBM Resource Management Errors vulnerability in IBM Websphere MQ 6.0

Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unknown impact and remote attack vectors involving "memory corruption." NOTE: as of 20071116, the only disclosure is a vague pre-advisory with no actionable information.

10.0
2007-11-20 CVE-2007-6030 Weird Solutions Remote vulnerability in Weird Solutions Bootpturbo 1.2

Unspecified vulnerability in Weird Solutions BOOTPTurbo 1.2 has unknown impact and remote attack vectors.

10.0
2007-11-22 CVE-2007-6089 Mebiblio Code Injection vulnerability in Mebiblio 0.4.5

PHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.

9.3
2007-11-22 CVE-2007-6088 Phpbbviet Code Injection vulnerability in PHPbbviet

PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBBViet 02.03.07 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

9.3
2007-11-22 CVE-2007-6086 Vigilecms Path Traversal vulnerability in Vigilecms 1.4

Directory traversal vulnerability in index.php in VigileCMS 1.4 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the module parameter.

9.3
2007-11-22 CVE-2007-6082 Sciurus Code Injection vulnerability in Sciurus Hosting Panel 2.0.3

Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php.

9.3
2007-11-20 CVE-2007-6060 Ahnlab Improper Input Validation vulnerability in Ahnlab V3 Internet Security 2008

AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a filename string at a location indicated by the "Filename length" field in a ZIP header, which allows remote attackers to cause a denial of service (machine crash) and possibly execute arbitrary code via a ZIP file in which this field's value is larger than the actual number of bytes in the filename.

9.3
2007-11-20 CVE-2007-6053 Linux
Microsoft
Unix
IBM
Resource Management Errors vulnerability in IBM DB2 Universal Database

IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large numbers of file descriptors, which might allow attackers to have an unknown impact involving "memory corruption." NOTE: the vendor description of this issue is too vague to be certain that it is security-related.

9.3
2007-11-20 CVE-2007-6026 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count.

9.3
2007-11-20 CVE-2007-6033 Wonderware Permissions, Privileges, and Access Controls vulnerability in Wonderware Intouch 8.0

Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs.

9.0

27 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-11-20 CVE-2007-5361 Alcatel Lucent Information Disclosure And Denial Of Service vulnerability in OmniPCX Enterprise Audio Rerouting

The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename.

8.5
2007-11-23 CVE-2007-6119 Wireshark Remote vulnerability in Wireshark 0.99.6

The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.

7.8
2007-11-23 CVE-2007-6118 Ethereal Group
Wireshark
Remote vulnerability in Wireshark 0.99.6

The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.

7.8
2007-11-21 CVE-2007-5612 IBM Resource Management Errors vulnerability in IBM Director

CIM Server in IBM Director 5.20.1 and earlier allows remote attackers to cause a denial of service (CPU consumption, connection slot exhaustion, and daemon crash) via a large number of idle connections.

7.8
2007-11-20 CVE-2007-6052 Linux
Microsoft
Unix
IBM
Privilege Escalation vulnerability in IBM DB2

IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service (divide-by-zero error and DBMS crash), related to an "overflow." NOTE: the vendor description of this issue is too vague to be certain that it is security-related.

7.8
2007-11-20 CVE-2007-6031 VAN Dyke Technologies Denial Of Service vulnerability in VAN Dyke Technologies Vshell 3.0.1

Unspecified vulnerability in VanDyke VShell 3.0.1 allows remote attackers to cause a denial of service via unspecified vectors.

7.8
2007-11-23 CVE-2007-6106 Alstrasoft SQL Injection vulnerability in Alstrasoft E-Friends

SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action.

7.5
2007-11-22 CVE-2007-6098 Ingate Multiple vulnerability in Ingate Firewall And SIParator

Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log truncated (1) ICMP, (2) UDP, and (3) TCP packets, which has unknown impact and remote attack vectors; and do not log (4) serial-console login attempts with nonexistent usernames, which might make it easier for attackers with physical access to guess valid login credentials while avoiding detection.

7.5
2007-11-22 CVE-2007-6091 Jiro SQL Injection vulnerability in Jiro Banner System 2.0

Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System (JBS) 2.0, and possibly JiRo's Upload Manager (aka JiRo's Upload System or JUS), allow remote attackers to execute arbitrary SQL commands via the (1) Username (aka Login or Email) or (2) Password field.

7.5
2007-11-22 CVE-2007-6084 Hotscripts SQL Injection vulnerability in Hotscripts Clone Script

SQL injection vulnerability in software-description.php in HotScripts Clone Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-11-22 CVE-2007-6083 Icebb SQL Injection vulnerability in Icebb 1.0Rc6

SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.

7.5
2007-11-21 CVE-2007-6081 Adventnet Permissions, Privileges, and Access Controls vulnerability in Adventnet Eventlog Analyzer Build4030

AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs.

7.5
2007-11-21 CVE-2007-6080 Bcoos SQL Injection vulnerability in Bcoos 1.0.10

SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter.

7.5
2007-11-21 CVE-2007-6078 Skyportal SQL Injection vulnerability in Skyportal RC6

Multiple SQL injection vulnerabilities in SkyPortal RC6 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) nc_top.asp; (2) inc_bookmarks.asp, possibly involving a parameter passed from cp_main.asp; (3) inc_profile_functions.asp; or (4) inc_SUBSCRIPTIONS.asp; or the (5) Avatar_URL, (6) LINK1, or (7) LINK2 parameter to cp_main.asp in an EditIt action.

7.5
2007-11-20 CVE-2007-6058 Profilecms SQL Injection vulnerability in Profilecms

Multiple SQL injection vulnerabilities in index.php in ProfileCMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) codes action in the profile-codes module, (2) videos action in the video-codes module, or (3) games action in the arcade-games module.

7.5
2007-11-20 CVE-2007-6041 Rigs OF Rogs Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rigs of Rogs Rigs of Rogs

Buffer overflow in the Sequencer::queueMessage function in sequencer.cpp in the server in Rigs of Rods (RoR) before 0.33d SP1 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code by sending a nickname, then a vehicle name in a MSG2_USE_VEHICLE message, in which the combined length triggers the overflow.

7.5
2007-11-20 CVE-2007-6035 Cacti SQL Injection vulnerability in Cacti

SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter.

7.5
2007-11-20 CVE-2007-6032 Aleris SQL Injection vulnerability in Aleris web Publishing Server 3.0

SQL injection vulnerability in calendar/page.asp in Aleris Web Publishing Server 3.0 allows remote attackers to execute arbitrary SQL commands via the mode parameter.

7.5
2007-11-20 CVE-2007-6029 Clam Anti Virus Code Injection vulnerability in Clam Anti-Virus Clamav 0.91.1/0.91.2

Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message.

7.5
2007-11-20 CVE-2007-6050 Linux
Microsoft
Unix
IBM
Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database

Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory."

7.2
2007-11-20 CVE-2007-6049 Linux
Unix
IBM
Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database

Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving a call to dlopen when the effective uid is root.

7.2
2007-11-20 CVE-2007-6046 Linux
Microsoft
Unix
IBM
Privilege Escalation vulnerability in IBM DB2

Unspecified vulnerability in unspecified setuid programs in IBM DB2 UDB 9.1 before Fixpak 4 allows local users to have an unknown impact.

7.2
2007-11-23 CVE-2007-6111 Ethereal Group
Wireshark
Remote vulnerability in Wireshark 0.99.6

Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector.

7.1
2007-11-22 CVE-2007-6093 Ingate Improper Input Validation vulnerability in Ingate Firewall and Ingate Siparator

The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (kernel crash) via an RTCP index that is "much more than expected."

7.1
2007-11-20 CVE-2007-6043 Microsoft Information Exposure vulnerability in Microsoft Windows 2000

The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.

7.1
2007-11-20 CVE-2007-6036 Live555 Improper Input Validation vulnerability in Live555 Media Server

The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation.

7.1
2007-11-19 CVE-2007-6025 WPA Supplicant Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in WPA Supplicant WPA Supplicant

Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 and earlier allows remote attackers to cause a denial of service (crash) via crafted TSF data.

7.1

38 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-11-21 CVE-2007-6063 Linux Buffer Errors vulnerability in Linux Kernel 2.6.23

Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function.

6.9
2007-11-20 CVE-2007-5900 PHP Permissions, Privileges, and Access Controls vulnerability in PHP

PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.

6.9
2007-11-23 CVE-2007-6105 Talkback Code Injection vulnerability in Talkback 2.2.7

Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php and (b) addons/separate-comments-mod/my-comments-display-tpl.php and the (2) config[comments_form_tpl] parameter to comments-display-tpl.php.

6.8
2007-11-22 CVE-2007-6087 Vigilecms Cross-Site Request Forgery (CSRF) vulnerability in Vigilecms 1.4

Cross-site request forgery (CSRF) vulnerability in index.php in VigileCMS 1.4 allows remote attackers to change the admin password via certain parameters to the changepass module.

6.8
2007-11-21 CVE-2007-6079 Bcoos Path Traversal vulnerability in Bcoos 1.0.10

Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a ..

6.8
2007-11-21 CVE-2007-6077 Rubyonrails Race Condition vulnerability in Rubyonrails Rails 1.2.4

The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks.

6.8
2007-11-20 CVE-2007-6057 Datecomm Code Injection vulnerability in Datecomm Social Networking Script

PHP remote file inclusion vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter.

6.8
2007-11-20 CVE-2007-6042 Swsoft Code Injection vulnerability in Swsoft Confixx Professional 3.2.1

PHP remote file inclusion vulnerability in fehler.inc.php in SWSoft Confixx Professional 3.2.1 allows remote attackers to execute arbitrary PHP code via a URL in an unspecified parameter.

6.8
2007-11-20 CVE-2007-6038 Joomlaequipment Code Injection vulnerability in Joomlaequipment Juser 1.0.14

PHP remote file inclusion vulnerability in xajax_functions.php in the JUser (com_juser) 1.0.14 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2007-11-20 CVE-2007-6028 Componentone Buffer Errors vulnerability in Componentone Flexgrid 7.1Light

Multiple stack-based buffer overflows in the VSFlexGrid.VSFlexGridL ActiveX control in ComponentOne FlexGrid 7.1 Light allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long string in the (1) Text, (2) EditSelText, (3) EditText, and (4) CellFontName property values.

6.8
2007-11-20 CVE-2007-6027 Justjoomla Code Injection vulnerability in Justjoomla Carousel Flash Image Gallery

PHP remote file inclusion vulnerability in admin.jjgallery.php in the Carousel Flash Image Gallery (com_jjgallery) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2007-11-19 CVE-2007-6013 Wordpress Improper Authentication vulnerability in Wordpress

Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.

6.8
2007-11-20 CVE-2007-5898 PHP Unspecified vulnerability in PHP

The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.

6.4
2007-11-23 CVE-2007-6121 Ethereal Group
Wireshark
Improper Input Validation vulnerability in multiple products

Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet.

5.0
2007-11-23 CVE-2007-6120 Wireshark
Ethereal Group
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.

5.0
2007-11-23 CVE-2007-6117 Wireshark Remote vulnerability in Wireshark 0.99.6

Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted chunked messages.

5.0
2007-11-23 CVE-2007-6116 Wireshark Remote vulnerability in Wireshark 0.99.6

The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors.

5.0
2007-11-23 CVE-2007-6103 IHU Improper Input Validation vulnerability in IHU I Hear U

I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) a denial of service (infinite loop) via a packet that contains zero in the size field in its header, which is improperly handled by the Receiver::processPacket function; and (2) a denial of service (daemon crash) via an (a) IHU_INFO_INIT or a (b) IHU_INFO_RING packet that does not specify the mode, which is improperly handled by the Player::ring function in Player.cpp.

5.0
2007-11-22 CVE-2007-6096 Ingate Credentials Management vulnerability in Ingate Firewall and Ingate Siparator

Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "administrators with less privileges," which might allow attackers to read these passwords via unknown vectors.

5.0
2007-11-20 CVE-2007-6062 Ngircd Improper Input Validation vulnerability in Ngircd

irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause a denial of service (crash) via a JOIN command without a channel argument.

5.0
2007-11-20 CVE-2007-6061 Audacity Unspecified vulnerability in Audacity 1.3.2

Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run.

5.0
2007-11-20 CVE-2007-6059 SUN Resource Management Errors vulnerability in SUN Javamail

** DISPUTED ** Javamail does not properly handle a series of invalid login attempts in which the same e-mail address is entered as username and password, and the domain portion of this address yields a Java UnknownHostException error, which allows remote attackers to cause a denial of service (connection pool exhaustion) via a large number of requests, resulting in a SQLNestedException.

5.0
2007-11-20 CVE-2007-6056 Aida Orga Permissions, Privileges, and Access Controls vulnerability in Aida-Orga Aida-Web

frame.html in Aida-Web (Aida Web) allows remote attackers to bypass a protection mechanism and obtain comment and task details via modified values to the (1) Mehr and (2) SUPER parameters.

5.0
2007-11-20 CVE-2007-6040 Belkin Resource Management Errors vulnerability in Belkin F5D7230-4

The Belkin F5D7230-4 Wireless G Router allows remote attackers to cause a denial of service (degraded networking and logging) via a flood of TCP SYN packets, a related issue to CVE-1999-0116.

5.0
2007-11-20 CVE-2007-5500 Linux Local Denial of Service vulnerability in Linux Kernel wait_task_stopped

The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors.

4.9
2007-11-23 CVE-2007-6113 Wireshark Numeric Errors vulnerability in Wireshark

Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP3 packet.

4.3
2007-11-23 CVE-2007-6110 Htdig Cross-Site Scripting vulnerability in Htdig 3.2.0B6

Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.

4.3
2007-11-23 CVE-2007-6104 Filemaker Cross-Site Scripting vulnerability in Filemaker and Filemaker Server

Cross-site scripting (XSS) vulnerability in the Instant Web Publishing feature in FileMaker Pro 7 and 8, Server 7 and 8, and Developer 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-11-23 CVE-2007-6102 Feed2Js Cross-Site Scripting vulnerability in Feed2Js 1.91

Cross-site scripting (XSS) vulnerability in Feed to JavaScript (Feed2JS) 1.91 allows remote attackers to inject arbitrary web script or HTML via a URL in a feed.

4.3
2007-11-22 CVE-2007-6094 Ingate Improper Input Validation vulnerability in Ingate Firewall and Ingate Siparator

The IPsec module in the VPN component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (module crash) via an IPsec Phase 2 proposal that lacks Perfect Forward Secrecy (PFS).

4.3
2007-11-22 CVE-2007-6090 Nuked Klan Cross-Site Scripting vulnerability in Nuked-Klan 1.7.5

Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter.

4.3
2007-11-22 CVE-2007-6085 Vigilecms Cross-Site Scripting vulnerability in Vigilecms 1.4

Multiple cross-site scripting (XSS) vulnerabilities in index.php in VigileCMS 1.4 allow remote attackers to inject arbitrary web script or HTML via the message field in the (1) vedipm or (2) live_chat module.

4.3
2007-11-20 CVE-2007-6055 Liferay Cross-Site Scripting vulnerability in Liferay Portal 4.1.0/4.1.1

Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter.

4.3
2007-11-20 CVE-2007-6054 Aruba Networks Cross-Site Scripting vulnerability in Aruba Networks Mc-800

Cross-site scripting (XSS) vulnerability in the login page in the management interface in the Aruba 800 Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /screens URI, related to the url variable.

4.3
2007-11-20 CVE-2007-5899 PHP Information Exposure vulnerability in PHP

The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.

4.3
2007-11-20 CVE-2007-6037 Citrix Cross-Site Scripting vulnerability in Citrix Netscaler 8.0Build47.8

Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in Citrix NetScaler 8.0 build 47.8 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter and other unspecified parameters.

4.3
2007-11-23 CVE-2007-6101 Code Crafters Improper Input Validation vulnerability in Code-Crafters Ability Mail Server

Ability Mail Server before 2.61 allows remote authenticated users to cause a denial of service (daemon crash) via (1) malformed number list ranges in unspecified IMAP commands, and possibly (2) a blank string in unspecified messages.

4.0
2007-11-22 CVE-2007-6095 Ingate Information Exposure vulnerability in Ingate Firewall and Ingate Siparator

The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might allow remote authenticated users to receive messages intended for other users.

4.0

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-11-23 CVE-2007-6100 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992.

2.6
2007-11-20 CVE-2007-6039 PHP Improper Input Validation vulnerability in PHP

PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4) dngettext or (5) ngettext function, or (6) the classname parameter to the stream_wrapper_register function.

2.1