Weekly Vulnerabilities Reports > November 26 to December 2, 2007

Overview

80 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 28 high severity vulnerabilities. This weekly summary report vulnerabilities in 67 products from 59 vendors including Redhat, Apple, Project Alumni, VU, and Tilde. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Improper Input Validation", "Path Traversal", and "Information Exposure".

  • 74 reported vulnerabilities are remotely exploitables.
  • 25 reported vulnerabilities have public exploit available.
  • 40 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 75 reported vulnerabilities are exploitable by an anonymous user.
  • Redhat has the most reported vulnerabilities, with 4 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

11 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-12-01 CVE-2007-6200 Slackware
Rsync
Permissions, Privileges, and Access Controls vulnerability in Rsync

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.

10.0
2007-11-30 CVE-2007-6186 Phpdevshell Unspecified vulnerability in PHPdevshell

Unspecified vulnerability in PHPDevShell before 0.7.0 has unknown impact and attack vectors, involving a "minor security bug in repair & optimize database."

10.0
2007-11-30 CVE-2007-6176 Amensa Soft Improper Input Validation vulnerability in Amensa-Soft K+B-Bestellsystem 2.3.3

kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action.

10.0
2007-11-30 CVE-2007-6172 Wire Plastic Design SQL Injection vulnerability in Wire Plastic Design Wpquiz 2.7

Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewimage.php and (2) comments.php.

10.0
2007-11-26 CVE-2007-6123 IRC Services Remote Denial Of Service vulnerability in IRC Services IRC Services 5.1.8

Unspecified vulnerability in IRC Services 5.1.8 has unknown impact and attack vectors.

10.0
2007-12-01 CVE-2007-6199 Slackware
Rsync
Configuration vulnerability in Rsync

rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.

9.3
2007-11-30 CVE-2007-6189 Bitdefender Buffer Errors vulnerability in Bitdefender Online Anti-Virus Scanner 8.0

A certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in BitDefender Online Anti-Virus Scanner 8.0 allows remote attackers to execute arbitrary code via a long argument to the InitX method that begins with a "%%" sequence, which is misinterpreted as a Unicode string and decoded twice, leading to improper memory allocation and a heap-based buffer overflow.

9.3
2007-11-29 CVE-2007-6166 Apple
Microsoft
Buffer Errors vulnerability in Apple Quicktime and Safari

Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.

9.3
2007-11-29 CVE-2007-6165 Apple Improper Input Validation vulnerability in Apple mac OS X 10.5

Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed.

9.3
2007-11-26 CVE-2007-5959 Mozilla Remote Unspecified Memory Corruption vulnerability in Mozilla Firefox

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corruption.

9.3
2007-12-01 CVE-2007-5742 Wesnoth Path Traversal vulnerability in Wesnoth

Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown vectors.

9.0

28 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-11-30 CVE-2007-6181 Redhat Buffer Errors vulnerability in Redhat Cygwin 1.5.19/1.5.7/1.5.71

Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote authenticated user who uses the SCP protocol to send a file to the Cygwin machine, and thereby causes scp.exe on this machine to execute, and then overwrite heap memory with characters from the filename.

8.5
2007-11-30 CVE-2007-6174 Phpdevshell Permissions, Privileges, and Access Controls vulnerability in PHPdevshell

PHPDevShell before 0.7.0 allows remote authenticated users to gain privileges via a crafted request to update a user profile.

8.5
2007-11-29 CVE-2007-4347 Symantec Numeric Errors vulnerability in Symantec Backupexec System Recovery 11.0.6235/11.0.7170

Multiple integer overflows in the Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of service (CPU and memory consumption) via a crafted packet to port 5633/tcp, which triggers an infinite loop.

7.8
2007-11-30 CVE-2007-6180 SUN Race Condition vulnerability in SUN Solaris 10.0/8.0/9.0

Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors.

7.6
2007-12-01 CVE-2007-6201 Wesnoth Remote Denial of Service vulnerability in Battle for Wesnoth turn_cmd

Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows attackers to cause a denial of service (hang) via a "faulty add-on" and possibly execute other commands via unknown vectors related to the turn_cmd option.

7.5
2007-11-30 CVE-2007-6188 Tumusika Evolution Path Traversal vulnerability in Tumusika Evolution Tumusika Evolution 1.7R5

Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a ..

7.5
2007-11-30 CVE-2007-6171 Digium SQL Injection vulnerability in Digium Asterisk

SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2007-11-30 CVE-2007-6185 Eurologon Path Traversal vulnerability in Eurologon CMS

Directory traversal vulnerability in users/files.php in Eurologon CMS allows remote attackers to read arbitrary files via a ..

7.5
2007-11-30 CVE-2007-6184 Project Alumni Path Traversal vulnerability in Project Alumni Project Alumni 1.0.9

Directory traversal vulnerability in index.php in Project Alumni 1.0.9 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-11-30 CVE-2007-6179 Kinson Chan Charray Improper Input Validation vulnerability in Kinson Chan Charray CMS 0.9.3

Multiple PHP remote file inclusion vulnerabilities in Charray's CMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the ccms_library_path parameter to (1) markdown.php and (2) gallery.php in decoder/.

7.5
2007-11-30 CVE-2007-6178 Easy Hosting Control Panel Improper Input Validation vulnerability in Easy Hosting Control Panel Easy Hosting Control Panel 0.22.8

Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir parameter to (1) dbutil.bck.php and (2) dbutil.php in config/.

7.5
2007-11-30 CVE-2007-6177 PHP CON Code Injection vulnerability in PHP CON PHP CON 1.3

PHP remote file inclusion vulnerability in Exchange/include.php in PHP_CON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfg[APPPATH] parameter.

7.5
2007-11-29 CVE-2007-6169 Gouae SQL Injection vulnerability in Gouae DWD Realty

SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the uname parameter, a different vector than CVE-2007-6163.

7.5
2007-11-29 CVE-2007-6168 VU SQL Injection vulnerability in VU Case Manager

SQL injection vulnerability in default.asp in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the username parameter, a different vector than CVE-2007-6143.

7.5
2007-11-29 CVE-2007-6164 Eurologon SQL Injection vulnerability in Eurologon CMS

Multiple SQL injection vulnerabilities in Eurologon CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) reviews.php, (2) links.php and (3) articles.php.

7.5
2007-11-29 CVE-2007-6163 Gouae SQL Injection vulnerability in Gouae DWD Realty 0

SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the pword (aka Password) parameter.

7.5
2007-11-29 CVE-2007-6159 Tilde SQL Injection vulnerability in Tilde CMS 4.0

SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500.

7.5
2007-11-29 CVE-2007-6158 Proverbs SQL Injection vulnerability in Proverbs web Calendar 1.1

Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs Web Calendar 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) loginname (aka Username) and (2) loginpass (aka Password) parameters to caladmin.php.

7.5
2007-11-27 CVE-2007-6143 VU SQL Injection vulnerability in VU Case Manager

SQL injection vulnerability in default.asp (aka the Login Page) in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the password parameter.

7.5
2007-11-27 CVE-2007-6140 Dora Emlak SQL Injection vulnerability in Dora Emlak Dora Emlak 2.0

Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) emlak_detay.asp and (b) haber_detay.asp, the (2) kategori parameter to (c) kategorisirala.asp, and the (3) tip parameter to (d) tipsirala.asp.

7.5
2007-11-27 CVE-2007-6138 VU SQL Injection vulnerability in VU Mass Mailer

SQL injection vulnerability in redir.asp in VU Mass Mailer allows remote attackers to execute arbitrary SQL commands via the password parameter to Default.asp (aka the Login Page).

7.5
2007-11-27 CVE-2007-6137 P3Mbo SQL Injection vulnerability in P3Mbo Content Injector 1.52

SQL injection vulnerability in news.php in Content Injector 1.52 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php.

7.5
2007-11-27 CVE-2007-6134 Phpkit SQL Injection vulnerability in PHPkit 1.6.4Pl1

SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6.4pl1 allows remote attackers to execute arbitrary SQL commands via the contentid parameter in an article action to include.php, a different vector than CVE-2006-1773.

7.5
2007-11-26 CVE-2007-6128 Flor DE Utopia SQL Injection vulnerability in Flor DE Utopia Workingonweb 2.0.1400

SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 allows remote attackers to execute arbitrary SQL commands via the idevent parameter.

7.5
2007-11-26 CVE-2007-6127 Project Alumni SQL Injection vulnerability in Project Alumni Project Alumni

Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php; or (2) the year parameter to news.page.inc.php, which is reachable through a news action to index.php.

7.5
2007-11-26 CVE-2007-6125 Softbiz SQL Injection vulnerability in Softbiz Freelancers Script 1.0

SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.

7.5
2007-11-30 CVE-2007-6182 Growth Permissions, Privileges, and Access Controls vulnerability in Growth Ispmanager

The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 allows local users to gain privileges via shell metacharacters in command line arguments.

7.2
2007-11-29 CVE-2007-6167 Suse Permissions, Privileges, and Access Controls vulnerability in Suse Linux

Untrusted search path vulnerability in yast2-core in SUSE Linux might allow local users to execute arbitrary code by creating a malicious yast2 module in the current working directory.

7.2

38 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-12-01 CVE-2007-6202 Neocrome SQL Injection vulnerability in Neocrome Seditio

SQL injection vulnerability in plugins/search/search.php in Neocrome Seditio CMS 121 and earlier allows remote attackers to execute arbitrary SQL commands via the pag_sub[] parameter to plug.php.

6.8
2007-11-30 CVE-2007-6191 Pmapper Code Injection vulnerability in Pmapper P.Mapper 3.2.0Beta3

Multiple PHP remote file inclusion vulnerabilities in Armin Burger p.mapper 3.2.0 beta3 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PM_INCPHP] parameter to (1) incphp/globals.php or (2) plugins/export/mc_table.php.

6.8
2007-11-30 CVE-2007-5503 Redhat Numeric Errors vulnerability in Redhat Cairo

Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function.

6.8
2007-11-30 CVE-2007-6183 Ruby Gnome2 USE of Externally-Controlled Format String vulnerability in Ruby Gnome2 Ruby Gnome2 0.16.0

Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.

6.8
2007-11-27 CVE-2007-4674 Apple Numeric Errors vulnerability in Apple Quicktime 7.2

An "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow.

6.8
2007-11-27 CVE-2007-6147 Iaprcommence Code Injection vulnerability in Iaprcommence Iapr Commence 1.3

Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (a) php_root_path and sometimes the (b) privilege_root_path parameter to various PHP scripts under (1) admin/includes/, (2) admin/phase/, (3) includes/, (4) includes/page_includes/, (5) reviewer/includes/, (6) reviewer/phase/, and (7) user/phase/.

6.8
2007-11-27 CVE-2007-6139 MP3 Code Injection vulnerability in MP3 Toolbox 1.0Beta5

PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1.0 beta 5 allows remote attackers to execute arbitrary PHP code via a URL in the skin_file parameter.

6.8
2007-11-30 CVE-2007-6175 Lhaplus Buffer Errors vulnerability in Lhaplus 1.55

Buffer overflow in Lhaplus 1.55 and earlier allows remote attackers to execute arbitrary code via a crafted LZH archive, a different vector than CVE-2007-5048.

6.6
2007-11-30 CVE-2007-6170 Digium
Debian
SQL Injection vulnerability in multiple products

SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.

6.5
2007-12-01 CVE-2007-5502 Openssl Cryptographic Issues vulnerability in Openssl Fips Object Module 1.1.1

The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness.

6.4
2007-11-27 CVE-2007-6144 Xunlei Buffer Errors vulnerability in Xunlei web Thunder 5.7.4

Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control in pplayer.dll_1_work in Xunlei Thunder 5.7.4.401 allows remote attackers to execute arbitrary code via a long string in a FlvPlayerUrl property value.

6.0
2007-11-27 CVE-2007-6133 Devmass Improper Input Validation vulnerability in Devmass Cart 1.0

PHP remote file inclusion vulnerability in admin/kfm/initialise.php in DevMass Shopping Cart 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the kfm_base_path parameter.

5.8
2007-11-26 CVE-2007-6129 Amber Script Improper Input Validation vulnerability in Amber Script Amber Script 1.0

Directory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a ..

5.8
2007-12-01 CVE-2007-6198 BEA Information Disclosure vulnerability in BEA AquaLogic Interaction Plumtree Portal

portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter.

5.0
2007-12-01 CVE-2007-6197 BEA Information Exposure vulnerability in BEA Aqualogic Interaction

The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page.

5.0
2007-11-30 CVE-2007-6193 Citrix Information Exposure vulnerability in Citrix Netscaler 8.0

The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface.

5.0
2007-11-30 CVE-2007-6187 Noah Path Traversal vulnerability in Noah

Multiple directory traversal vulnerabilities in PHP Content Architect (aka NoAh) 0.9 pre 1.2 and earlier allow remote attackers to read arbitrary files via a ..

5.0
2007-11-29 CVE-2007-4346 Symantec Resource Management Errors vulnerability in Symantec Backupexec System Recovery 11.0.6235/11.0.7170

The Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allows remote attackers to cause a denial of service (NULL dereference and service crash) via a crafted packet to port 5633/tcp.

5.0
2007-11-29 CVE-2007-6161 Tilde Information Exposure vulnerability in Tilde CMS

index.php in Tilde CMS 4.x and earlier allows remote attackers to obtain sensitive information via a certain search parameter value in a search action, which reveals the path.

5.0
2007-11-27 CVE-2007-6146 Hitachi Improper Input Validation vulnerability in Hitachi JP1 File Transmission Server 0700

Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Windows might allow remote attackers to cause a denial of service (service stop) via a "specific file" argument to an FTP command.

5.0
2007-11-27 CVE-2007-6145 Hitachi Improper Authentication vulnerability in Hitachi JP1 File Transmission Server

Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-01 allows remote attackers to bypass authentication and "view files" via unspecified vectors.

5.0
2007-11-26 CVE-2007-6130 GNU Improper Authentication vulnerability in GNU Gnump3D 2.9

gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions.

5.0
2007-11-26 CVE-2007-6122 IRC Services Improper Input Validation vulnerability in IRC Services IRC Services

The default_encrypt function in encrypt.c in IRC Services before 5.0.63, and 5.1.x before 5.1.7, allows remote attackers to cause a denial of service (daemon crash) via a long password.

5.0
2007-11-30 CVE-2007-5494 Redhat Resource Management Errors vulnerability in Redhat Enterprise Linux 4.0/5.0

Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux (RHEL) 4 and 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP.

4.9
2007-12-01 CVE-2007-6196 Calacode Cross-Site Scripting vulnerability in Calacode Atmail Webmail System

Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail before 5.2 allows remote attackers to inject arbitrary web script or HTML via the func parameter.

4.3
2007-11-30 CVE-2007-6192 Citrix Cryptographic Issues vulnerability in Citrix Netscaler 8.0

The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack.

4.3
2007-11-30 CVE-2007-6173 Liferay Cross-Site Scripting vulnerability in Liferay Enterprise Portal 4.3.1

Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 4.3.1 allows remote attackers to inject arbitrary web script or HTML via the emailAddress parameter in a Send New Password action, a different vector than CVE-2007-6055.

4.3
2007-11-29 CVE-2007-6162 Wsdeluxe Cross-Site Scripting vulnerability in Wsdeluxe Fmdeluxe 2.1

Cross-site scripting (XSS) vulnerability in index.php in FMDeluxe 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a category action.

4.3
2007-11-29 CVE-2007-6160 Tilde Cross-Site Scripting vulnerability in Tilde CMS 4.0

Cross-site scripting (XSS) vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via the aarstal parameter in a yeardetail action.

4.3
2007-11-29 CVE-2007-6157 Simplegallery Cross-Site Scripting vulnerability in Simplegallery 0.1.3

Cross-site scripting (XSS) vulnerability in index.php in SimpleGallery 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the album parameter.

4.3
2007-11-29 CVE-2007-6156 Secureideas Cross-Site Scripting vulnerability in Secureideas Basic Analysis and Security Engine

Multiple cross-site scripting (XSS) vulnerabilities in base_qry_main.php in Base Analysis and Security Engine (BASE) before 1.3.9 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[0] and (2) sig[1] parameters.

4.3
2007-11-27 CVE-2007-6142 Salims Softhouse Cross-Site Scripting vulnerability in Salims Softhouse JAF CMS 4.0Rc2

Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) show parameter to index.php and the (2) print parameter to print.php.

4.3
2007-11-27 CVE-2007-6141 Vbtube Cross-Site Scripting vulnerability in Vbtube 1.1Beta

Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 Beta allows remote attackers to inject arbitrary web script or HTML via the search parameter.

4.3
2007-11-27 CVE-2007-6136 M2Scripts Cross-Site Scripting vulnerability in M2Scripts MY Space Scripts Poll Creator 0

Multiple cross-site scripting (XSS) vulnerabilities in index.php in M2Scripts MySpace Scripts Poll Creator allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) intro, and (3) question parameters, and (4) unspecified answer parameters, in a create_new action.

4.3
2007-11-27 CVE-2007-6135 Phpslideshow Cross-Site Scripting vulnerability in PHPslideshow 0.9.9.2

Cross-site scripting (XSS) vulnerability in phpslideshow.php in PHPSlideShow 0.9.9.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the directory parameter.

4.3
2007-11-26 CVE-2007-5960 Mozilla Path Traversal vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

4.3
2007-11-26 CVE-2007-6126 Project Alumni Cross-Site Scripting vulnerability in Project Alumni Project Alumni 1.0.8

Multiple cross-site scripting (XSS) vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to (1) xml/index.php; or (2) the year parameter to view.page.inc.php, which is reachable through a view action to the top-level index.php.

4.3
2007-11-26 CVE-2007-6124 Softbiz Cross-Site Scripting vulnerability in Softbiz Freelancers Script 1.0

Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Freelancers Script 1 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter.

4.3

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-11-30 CVE-2007-6190 Cisco Information Exposure vulnerability in Cisco Unified IP Phone

The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.

3.5
2007-11-30 CVE-2007-6150 Freebsd Information Exposure vulnerability in Freebsd

The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values.

2.1
2007-11-26 CVE-2007-6131 Redhat Configuration vulnerability in Redhat Fedora Core F7

buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files.

2.1