Weekly Vulnerabilities Reports > November 26 to December 2, 2007
Overview
78 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 28 high severity vulnerabilities. This weekly summary report vulnerabilities in 66 products from 59 vendors including Apple, Redhat, Project Alumni, VU, and Tilde. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Improper Input Validation", "Information Exposure", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 72 reported vulnerabilities are remotely exploitables.
- 25 reported vulnerabilities have public exploit available.
- 39 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 73 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 3 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
11 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-12-01 | CVE-2007-6200 | Slackware Rsync | Permissions, Privileges, and Access Controls vulnerability in Rsync Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options. | 10.0 |
2007-11-30 | CVE-2007-6186 | Phpdevshell | Unspecified vulnerability in PHPdevshell Unspecified vulnerability in PHPDevShell before 0.7.0 has unknown impact and attack vectors, involving a "minor security bug in repair & optimize database." | 10.0 |
2007-11-30 | CVE-2007-6176 | Amensa Soft | Improper Input Validation vulnerability in Amensa-Soft K+B-Bestellsystem 2.3.3 kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action. | 10.0 |
2007-11-30 | CVE-2007-6172 | Wire Plastic Design | SQL Injection vulnerability in Wire Plastic Design Wpquiz 2.7 Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewimage.php and (2) comments.php. | 10.0 |
2007-11-26 | CVE-2007-6123 | IRC Services | Remote Denial Of Service vulnerability in IRC Services IRC Services 5.1.8 Unspecified vulnerability in IRC Services 5.1.8 has unknown impact and attack vectors. | 10.0 |
2007-12-01 | CVE-2007-6199 | Slackware Rsync | Configuration vulnerability in Rsync rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. | 9.3 |
2007-11-30 | CVE-2007-6189 | Bitdefender | Buffer Errors vulnerability in Bitdefender Online Anti-Virus Scanner 8.0 A certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in BitDefender Online Anti-Virus Scanner 8.0 allows remote attackers to execute arbitrary code via a long argument to the InitX method that begins with a "%%" sequence, which is misinterpreted as a Unicode string and decoded twice, leading to improper memory allocation and a heap-based buffer overflow. | 9.3 |
2007-11-29 | CVE-2007-6166 | Apple Microsoft | Buffer Errors vulnerability in Apple Quicktime and Safari Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header. | 9.3 |
2007-11-29 | CVE-2007-6165 | Apple | Improper Input Validation vulnerability in Apple mac OS X 10.5 Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. | 9.3 |
2007-11-26 | CVE-2007-5959 | Mozilla | Remote Unspecified Memory Corruption vulnerability in Mozilla Firefox Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corruption. | 9.3 |
2007-12-01 | CVE-2007-5742 | Wesnoth | Path Traversal vulnerability in Wesnoth Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown vectors. | 9.0 |
28 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-11-30 | CVE-2007-6181 | Redhat | Buffer Errors vulnerability in Redhat Cygwin 1.5.19/1.5.7/1.5.71 Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote authenticated user who uses the SCP protocol to send a file to the Cygwin machine, and thereby causes scp.exe on this machine to execute, and then overwrite heap memory with characters from the filename. | 8.5 |
2007-11-30 | CVE-2007-6174 | Phpdevshell | Permissions, Privileges, and Access Controls vulnerability in PHPdevshell PHPDevShell before 0.7.0 allows remote authenticated users to gain privileges via a crafted request to update a user profile. | 8.5 |
2007-11-29 | CVE-2007-4347 | Symantec | Numeric Errors vulnerability in Symantec Backupexec System Recovery 11.0.6235/11.0.7170 Multiple integer overflows in the Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of service (CPU and memory consumption) via a crafted packet to port 5633/tcp, which triggers an infinite loop. | 7.8 |
2007-11-30 | CVE-2007-6180 | SUN | Race Condition vulnerability in SUN Solaris 10.0/8.0/9.0 Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors. | 7.6 |
2007-12-01 | CVE-2007-6201 | Wesnoth | Remote Denial of Service vulnerability in Battle for Wesnoth turn_cmd Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows attackers to cause a denial of service (hang) via a "faulty add-on" and possibly execute other commands via unknown vectors related to the turn_cmd option. | 7.5 |
2007-11-30 | CVE-2007-6188 | Tumusika Evolution | Path Traversal vulnerability in Tumusika Evolution Tumusika Evolution 1.7R5 Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2007-11-30 | CVE-2007-6171 | Digium | SQL Injection vulnerability in Digium Asterisk SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
2007-11-30 | CVE-2007-6185 | Eurologon | Path Traversal vulnerability in Eurologon CMS Directory traversal vulnerability in users/files.php in Eurologon CMS allows remote attackers to read arbitrary files via a .. | 7.5 |
2007-11-30 | CVE-2007-6184 | Project Alumni | Path Traversal vulnerability in Project Alumni Project Alumni 1.0.9 Directory traversal vulnerability in index.php in Project Alumni 1.0.9 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2007-11-30 | CVE-2007-6179 | Kinson Chan Charray | Improper Input Validation vulnerability in Kinson Chan Charray CMS 0.9.3 Multiple PHP remote file inclusion vulnerabilities in Charray's CMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the ccms_library_path parameter to (1) markdown.php and (2) gallery.php in decoder/. | 7.5 |
2007-11-30 | CVE-2007-6178 | Easy Hosting Control Panel | Improper Input Validation vulnerability in Easy Hosting Control Panel Easy Hosting Control Panel 0.22.8 Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir parameter to (1) dbutil.bck.php and (2) dbutil.php in config/. | 7.5 |
2007-11-30 | CVE-2007-6177 | PHP CON | Code Injection vulnerability in PHP CON PHP CON 1.3 PHP remote file inclusion vulnerability in Exchange/include.php in PHP_CON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfg[APPPATH] parameter. | 7.5 |
2007-11-29 | CVE-2007-6169 | Gouae | SQL Injection vulnerability in Gouae DWD Realty SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the uname parameter, a different vector than CVE-2007-6163. | 7.5 |
2007-11-29 | CVE-2007-6168 | VU | SQL Injection vulnerability in VU Case Manager SQL injection vulnerability in default.asp in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the username parameter, a different vector than CVE-2007-6143. | 7.5 |
2007-11-29 | CVE-2007-6164 | Eurologon | SQL Injection vulnerability in Eurologon CMS Multiple SQL injection vulnerabilities in Eurologon CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) reviews.php, (2) links.php and (3) articles.php. | 7.5 |
2007-11-29 | CVE-2007-6163 | Gouae | SQL Injection vulnerability in Gouae DWD Realty 0 SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the pword (aka Password) parameter. | 7.5 |
2007-11-29 | CVE-2007-6159 | Tilde | SQL Injection vulnerability in Tilde CMS 4.0 SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500. | 7.5 |
2007-11-29 | CVE-2007-6158 | Proverbs | SQL Injection vulnerability in Proverbs web Calendar 1.1 Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs Web Calendar 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) loginname (aka Username) and (2) loginpass (aka Password) parameters to caladmin.php. | 7.5 |
2007-11-27 | CVE-2007-6143 | VU | SQL Injection vulnerability in VU Case Manager SQL injection vulnerability in default.asp (aka the Login Page) in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the password parameter. | 7.5 |
2007-11-27 | CVE-2007-6140 | Dora Emlak | SQL Injection vulnerability in Dora Emlak Dora Emlak 2.0 Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) emlak_detay.asp and (b) haber_detay.asp, the (2) kategori parameter to (c) kategorisirala.asp, and the (3) tip parameter to (d) tipsirala.asp. | 7.5 |
2007-11-27 | CVE-2007-6138 | VU | SQL Injection vulnerability in VU Mass Mailer SQL injection vulnerability in redir.asp in VU Mass Mailer allows remote attackers to execute arbitrary SQL commands via the password parameter to Default.asp (aka the Login Page). | 7.5 |
2007-11-27 | CVE-2007-6137 | P3Mbo | SQL Injection vulnerability in P3Mbo Content Injector 1.52 SQL injection vulnerability in news.php in Content Injector 1.52 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. | 7.5 |
2007-11-27 | CVE-2007-6134 | Phpkit | SQL Injection vulnerability in PHPkit 1.6.4Pl1 SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6.4pl1 allows remote attackers to execute arbitrary SQL commands via the contentid parameter in an article action to include.php, a different vector than CVE-2006-1773. | 7.5 |
2007-11-26 | CVE-2007-6128 | Flor DE Utopia | SQL Injection vulnerability in Flor DE Utopia Workingonweb 2.0.1400 SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 allows remote attackers to execute arbitrary SQL commands via the idevent parameter. | 7.5 |
2007-11-26 | CVE-2007-6127 | Project Alumni | SQL Injection vulnerability in Project Alumni Project Alumni Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php; or (2) the year parameter to news.page.inc.php, which is reachable through a news action to index.php. | 7.5 |
2007-11-26 | CVE-2007-6125 | Softbiz | SQL Injection vulnerability in Softbiz Freelancers Script 1.0 SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter. | 7.5 |
2007-11-30 | CVE-2007-6182 | Growth | Permissions, Privileges, and Access Controls vulnerability in Growth Ispmanager The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 allows local users to gain privileges via shell metacharacters in command line arguments. | 7.2 |
2007-11-29 | CVE-2007-6167 | Suse | Permissions, Privileges, and Access Controls vulnerability in Suse Linux Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory. | 7.2 |
36 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-12-01 | CVE-2007-6202 | Neocrome | SQL Injection vulnerability in Neocrome Seditio SQL injection vulnerability in plugins/search/search.php in Neocrome Seditio CMS 121 and earlier allows remote attackers to execute arbitrary SQL commands via the pag_sub[] parameter to plug.php. | 6.8 |
2007-11-30 | CVE-2007-6191 | Pmapper | Code Injection vulnerability in Pmapper P.Mapper 3.2.0Beta3 Multiple PHP remote file inclusion vulnerabilities in Armin Burger p.mapper 3.2.0 beta3 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PM_INCPHP] parameter to (1) incphp/globals.php or (2) plugins/export/mc_table.php. | 6.8 |
2007-11-30 | CVE-2007-6183 | Ruby Gnome2 | USE of Externally-Controlled Format String vulnerability in Ruby Gnome2 Ruby Gnome2 0.16.0 Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter. | 6.8 |
2007-11-27 | CVE-2007-4674 | Apple | Numeric Errors vulnerability in Apple Quicktime 7.2 An "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow. | 6.8 |
2007-11-27 | CVE-2007-6147 | Iaprcommence | Code Injection vulnerability in Iaprcommence Iapr Commence 1.3 Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (a) php_root_path and sometimes the (b) privilege_root_path parameter to various PHP scripts under (1) admin/includes/, (2) admin/phase/, (3) includes/, (4) includes/page_includes/, (5) reviewer/includes/, (6) reviewer/phase/, and (7) user/phase/. | 6.8 |
2007-11-27 | CVE-2007-6139 | MP3 | Code Injection vulnerability in MP3 Toolbox 1.0Beta5 PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1.0 beta 5 allows remote attackers to execute arbitrary PHP code via a URL in the skin_file parameter. | 6.8 |
2007-11-30 | CVE-2007-6175 | Lhaplus | Buffer Errors vulnerability in Lhaplus 1.55 Buffer overflow in Lhaplus 1.55 and earlier allows remote attackers to execute arbitrary code via a crafted LZH archive, a different vector than CVE-2007-5048. | 6.6 |
2007-11-30 | CVE-2007-6170 | Digium Debian | SQL Injection vulnerability in multiple products SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments. | 6.5 |
2007-12-01 | CVE-2007-5502 | Openssl | Cryptographic Issues vulnerability in Openssl Fips Object Module 1.1.1 The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness. | 6.4 |
2007-11-27 | CVE-2007-6144 | Xunlei | Buffer Errors vulnerability in Xunlei web Thunder 5.7.4 Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control in pplayer.dll_1_work in Xunlei Thunder 5.7.4.401 allows remote attackers to execute arbitrary code via a long string in a FlvPlayerUrl property value. | 6.0 |
2007-11-27 | CVE-2007-6133 | Devmass | Improper Input Validation vulnerability in Devmass Cart 1.0 PHP remote file inclusion vulnerability in admin/kfm/initialise.php in DevMass Shopping Cart 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the kfm_base_path parameter. | 5.8 |
2007-11-26 | CVE-2007-6129 | Amber Script | Improper Input Validation vulnerability in Amber Script Amber Script 1.0 Directory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. | 5.8 |
2007-12-01 | CVE-2007-6198 | BEA | Information Disclosure vulnerability in BEA AquaLogic Interaction Plumtree Portal portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter. | 5.0 |
2007-12-01 | CVE-2007-6197 | BEA | Information Exposure vulnerability in BEA Aqualogic Interaction The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page. | 5.0 |
2007-11-30 | CVE-2007-6193 | Citrix | Information Exposure vulnerability in Citrix Netscaler 8.0 The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface. | 5.0 |
2007-11-30 | CVE-2007-6187 | Noah | Path Traversal vulnerability in Noah Multiple directory traversal vulnerabilities in PHP Content Architect (aka NoAh) 0.9 pre 1.2 and earlier allow remote attackers to read arbitrary files via a .. | 5.0 |
2007-11-29 | CVE-2007-4346 | Symantec | Resource Management Errors vulnerability in Symantec Backupexec System Recovery 11.0.6235/11.0.7170 The Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allows remote attackers to cause a denial of service (NULL dereference and service crash) via a crafted packet to port 5633/tcp. | 5.0 |
2007-11-29 | CVE-2007-6161 | Tilde | Information Exposure vulnerability in Tilde CMS index.php in Tilde CMS 4.x and earlier allows remote attackers to obtain sensitive information via a certain search parameter value in a search action, which reveals the path. | 5.0 |
2007-11-27 | CVE-2007-6146 | Hitachi | Improper Input Validation vulnerability in Hitachi JP1 File Transmission Server 0700 Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Windows might allow remote attackers to cause a denial of service (service stop) via a "specific file" argument to an FTP command. | 5.0 |
2007-11-27 | CVE-2007-6145 | Hitachi | Improper Authentication vulnerability in Hitachi JP1 File Transmission Server Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-01 allows remote attackers to bypass authentication and "view files" via unspecified vectors. | 5.0 |
2007-11-26 | CVE-2007-6130 | GNU | Improper Authentication vulnerability in GNU Gnump3D 2.9 gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions. | 5.0 |
2007-11-26 | CVE-2007-6122 | IRC Services | Improper Input Validation vulnerability in IRC Services IRC Services The default_encrypt function in encrypt.c in IRC Services before 5.0.63, and 5.1.x before 5.1.7, allows remote attackers to cause a denial of service (daemon crash) via a long password. | 5.0 |
2007-11-30 | CVE-2007-5494 | Redhat | Resource Management Errors vulnerability in Redhat Enterprise Linux 4.0/5.0 Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux (RHEL) 4 and 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP. | 4.9 |
2007-12-01 | CVE-2007-6196 | Calacode | Cross-Site Scripting vulnerability in Calacode Atmail Webmail System Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail before 5.2 allows remote attackers to inject arbitrary web script or HTML via the func parameter. | 4.3 |
2007-11-30 | CVE-2007-6192 | Citrix | Cryptographic Issues vulnerability in Citrix Netscaler 8.0 The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack. | 4.3 |
2007-11-30 | CVE-2007-6173 | Liferay | Cross-Site Scripting vulnerability in Liferay Enterprise Portal 4.3.1 Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 4.3.1 allows remote attackers to inject arbitrary web script or HTML via the emailAddress parameter in a Send New Password action, a different vector than CVE-2007-6055. | 4.3 |
2007-11-29 | CVE-2007-6162 | Wsdeluxe | Cross-Site Scripting vulnerability in Wsdeluxe Fmdeluxe 2.1 Cross-site scripting (XSS) vulnerability in index.php in FMDeluxe 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a category action. | 4.3 |
2007-11-29 | CVE-2007-6160 | Tilde | Cross-Site Scripting vulnerability in Tilde CMS 4.0 Cross-site scripting (XSS) vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via the aarstal parameter in a yeardetail action. | 4.3 |
2007-11-29 | CVE-2007-6157 | Simplegallery | Cross-Site Scripting vulnerability in Simplegallery 0.1.3 Cross-site scripting (XSS) vulnerability in index.php in SimpleGallery 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the album parameter. | 4.3 |
2007-11-29 | CVE-2007-6156 | Secureideas | Cross-Site Scripting vulnerability in Secureideas Basic Analysis and Security Engine Multiple cross-site scripting (XSS) vulnerabilities in base_qry_main.php in Base Analysis and Security Engine (BASE) before 1.3.9 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[0] and (2) sig[1] parameters. | 4.3 |
2007-11-27 | CVE-2007-6142 | Salims Softhouse | Cross-Site Scripting vulnerability in Salims Softhouse JAF CMS 4.0Rc2 Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) show parameter to index.php and the (2) print parameter to print.php. | 4.3 |
2007-11-27 | CVE-2007-6141 | Vbtube | Cross-Site Scripting vulnerability in Vbtube 1.1Beta Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 Beta allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
2007-11-27 | CVE-2007-6136 | M2Scripts | Cross-Site Scripting vulnerability in M2Scripts MY Space Scripts Poll Creator 0 Multiple cross-site scripting (XSS) vulnerabilities in index.php in M2Scripts MySpace Scripts Poll Creator allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) intro, and (3) question parameters, and (4) unspecified answer parameters, in a create_new action. | 4.3 |
2007-11-27 | CVE-2007-6135 | Phpslideshow | Cross-Site Scripting vulnerability in PHPslideshow 0.9.9.2 Cross-site scripting (XSS) vulnerability in phpslideshow.php in PHPSlideShow 0.9.9.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the directory parameter. | 4.3 |
2007-11-26 | CVE-2007-6126 | Project Alumni | Cross-Site Scripting vulnerability in Project Alumni Project Alumni 1.0.8 Multiple cross-site scripting (XSS) vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to (1) xml/index.php; or (2) the year parameter to view.page.inc.php, which is reachable through a view action to the top-level index.php. | 4.3 |
2007-11-26 | CVE-2007-6124 | Softbiz | Cross-Site Scripting vulnerability in Softbiz Freelancers Script 1.0 Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Freelancers Script 1 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. | 4.3 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-11-30 | CVE-2007-6190 | Cisco | Information Exposure vulnerability in Cisco Unified IP Phone The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream. | 3.5 |
2007-11-30 | CVE-2007-6150 | Freebsd | Information Exposure vulnerability in Freebsd The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values. | 2.1 |
2007-11-26 | CVE-2007-6131 | Redhat | Configuration vulnerability in Redhat Fedora Core F7 buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files. | 2.1 |