Weekly Vulnerabilities Reports > December 3 to 9, 2007
Overview
69 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 66 products from 54 vendors including Apple, MIT, Xigla, SUN, and Bcoos. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Path Traversal", "Improper Input Validation", and "Cross-site Scripting".
- 57 reported vulnerabilities are remotely exploitables.
- 15 reported vulnerabilities have public exploit available.
- 25 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 65 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 5 reported vulnerabilities.
- Flac has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
15 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-12-07 | CVE-2007-6109 | GNU | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Emacs Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line. | 10.0 |
2007-12-06 | CVE-2007-5939 | Heimdal | Buffer Errors vulnerability in Heimdal 0.7.2 The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. | 10.0 |
2007-12-06 | CVE-2007-5769 | Netkit FTP | Buffer Errors vulnerability in Netkit-Ftp Netkit FTP 0.17 Double free vulnerability in the getreply function in ftp.c in netkit ftp (netkit-ftp) 0.17 20040614 and later allows remote FTP servers to cause a denial of service (application crash) and possibly have unspecified other impact via some types of FTP protocol behavior. | 10.0 |
2007-12-06 | CVE-2007-6194 | HP | Remote Unauthorized Access vulnerability in HP Select Identity Unspecified vulnerability in HP Select Identity 4.01 before 4.01.012 and 4.1x before 4.13.003 allows remote attackers to obtain unspecified access via unknown vectors. | 10.0 |
2007-12-06 | CVE-2007-5902 | MIT | Numeric Errors vulnerability in MIT Kerberos 5 Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request. | 10.0 |
2007-12-04 | CVE-2007-6238 | Apple | Remote vulnerability in Apple Quicktime 7.2 Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. | 10.0 |
2007-12-04 | CVE-2007-6234 | FTP Admin | Improper Authentication vulnerability in FTP Admin FTP Admin 0.1.0 index.php in FTP Admin 0.1.0 allows remote attackers to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user account. | 10.0 |
2007-12-07 | CVE-2007-6279 | Flac | Resource Management Errors vulnerability in Flac Libflac Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file. | 9.3 |
2007-12-07 | CVE-2007-6278 | Flac | Improper Input Validation vulnerability in Flac Libflac Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file. | 9.3 |
2007-12-07 | CVE-2007-6277 | Flac | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Flac Libflac Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. | 9.3 |
2007-12-07 | CVE-2007-6273 | Sonicwall | USE of Externally-Controlled Format String vulnerability in Sonicwall Global VPN Client 3.1.556/4.0.0.810 Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. | 9.3 |
2007-12-06 | CVE-2007-6263 | Netkit FTP | Improper Input Validation vulnerability in Netkit-Ftp Netkit FTP 0.17 The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via some types of FTP over SSL protocol behavior, as demonstrated by breaking a passive FTP DATA connection in a way that triggers an error in the server's SSL_accept function. | 9.3 |
2007-12-06 | CVE-2007-4575 | Openoffice | Code Injection vulnerability in Openoffice HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods." | 9.3 |
2007-12-06 | CVE-2007-5972 | MIT | Buffer Errors vulnerability in MIT Kerberos 5 1.5 Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. | 9.0 |
2007-12-04 | CVE-2007-6237 | Deluxebb | Improper Authentication vulnerability in Deluxebb 1.09 cp.php in DeluxeBB 1.09 does not verify that the membercookie parameter corresponds to the authenticated member during a profile update, which allows remote authenticated users to change the e-mail addresses of arbitrary accounts via a modified membercookie parameter, a different vector than CVE-2006-4078. | 9.0 |
18 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-12-07 | CVE-2007-6276 | Apple | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112. | 7.8 |
2007-12-04 | CVE-2007-6221 | Tumusika Evolution | Information Exposure vulnerability in Tumusika Evolution Tumusika Evolution 1.7R5 TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. | 7.8 |
2007-12-07 | CVE-2007-6275 | Bcoos | SQL Injection vulnerability in Bcoos SQL injection vulnerability in modules/adresses/ratefile.php in bcoos 1.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter, a different vector than CVE-2007-6266. | 7.5 |
2007-12-07 | CVE-2007-6272 | Joomla | SQL Injection vulnerability in Joomla 1.5Rc3 Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search action to the com_search component. | 7.5 |
2007-12-07 | CVE-2007-6269 | Xigla | SQL Injection vulnerability in Xigla Absolute News Manager.Net 5.1 Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the (1) z, (2) pz, (3) ord, and (4) sort parameters. | 7.5 |
2007-12-07 | CVE-2007-6266 | Bcoos | SQL Injection vulnerability in Bcoos 1.0.10 Multiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to modules/arcade/index.php in a show_stats action, or the lid parameter to (2) modules/myalbum/ratephoto.php or (3) modules/mylinks/ratelink.php, different vectors than CVE-2007-5104. | 7.5 |
2007-12-05 | CVE-2007-6241 | Beehive Forum | Unspecified vulnerability in Beehive Forum Beehive Forum Multiple unspecified vulnerabilities in Beehive Forum 0.7.1 have unknown "critical" impact and attack vectors, different issues than CVE-2007-6014. | 7.5 |
2007-12-05 | CVE-2007-6240 | Snitz Communications | SQL Injection vulnerability in Snitz Communications Snitz Forums 2000 3.4.06 SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the BuildTime parameter. | 7.5 |
2007-12-05 | CVE-2007-6014 | Beehive Forum | SQL Injection vulnerability in Beehive Forum Beehive Forum SQL injection vulnerability in post.php in Beehive Forum 0.7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t_dedupe parameter. | 7.5 |
2007-12-05 | CVE-2007-5614 | Mortbay Jetty | Unspecified vulnerability in Mortbay Jetty Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors. | 7.5 |
2007-12-04 | CVE-2007-6231 | Tellmatic | Code Injection vulnerability in Tellmatic 1.0.7 Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. | 7.5 |
2007-12-04 | CVE-2007-6230 | Rayzz | Path Traversal vulnerability in Rayzz Script 2.0 Directory traversal vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2007-12-04 | CVE-2007-6229 | Rayzz | Code Injection vulnerability in Rayzz Script 2.0 PHP remote file inclusion vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[site][project_path] parameter. | 7.5 |
2007-12-04 | CVE-2007-6223 | Phpbb | SQL Injection vulnerability in PHPbb Garage 1.2.0Beta3 SQL injection vulnerability in garage.php in phpBB Garage 1.2.0 Beta3 allows remote attackers to execute arbitrary SQL commands via the make_id parameter in a search action in browse mode. | 7.5 |
2007-12-04 | CVE-2007-6217 | Irola | SQL Injection vulnerability in Irola My-Time 3.5 Multiple SQL injection vulnerabilities in login.asp in Irola My-Time (aka Timesheet) 3.5 allow remote attackers to execute arbitrary SQL commands via the (1) login (aka Username) and (2) password parameters. | 7.5 |
2007-12-04 | CVE-2007-6227 | Qemu | Buffer Errors vulnerability in Qemu 0.9.0 QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com. | 7.2 |
2007-12-04 | CVE-2007-6211 | Debian Sing | Permissions, Privileges, and Access Controls vulnerability in Sing 1.1 Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L (output log file) option. | 7.2 |
2007-12-04 | CVE-2007-6226 | APC | Improper Authentication vulnerability in APC OAS and Switched Rack PDU Firmware The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits. | 7.1 |
32 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-12-06 | CVE-2007-5971 | Apple MIT | Resource Management Errors vulnerability in MIT Kerberos 5 Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. | 6.9 |
2007-12-06 | CVE-2007-5901 | Apple MIT | Resource Management Errors vulnerability in MIT Kerberos 5 Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. | 6.9 |
2007-12-07 | CVE-2007-6265 | Avast | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Avast Antivirus Home and Avast Antivirus Professional Unspecified vulnerability in avast! 4 Home and Professional Editions before 4.7.1098 allows remote attackers to have an unknown impact via a crafted TAR archive. | 6.8 |
2007-12-06 | CVE-2007-6262 | Videolan | Buffer Errors vulnerability in Videolan VLC Media Player 0.8.6/0.8.6A/0.8.6B A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability." | 6.8 |
2007-12-06 | CVE-2007-6260 | Oracle | Credentials Management vulnerability in Oracle Database Server The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. | 6.8 |
2007-12-04 | CVE-2007-6228 | Yahoo | Buffer Errors vulnerability in Yahoo Toolbar 1.4.1 Stack-based buffer overflow in the Helper class in the yt.ythelper.2 ActiveX control in Yahoo! Toolbar 1.4.1 allows remote attackers to cause a denial of service (browser crash) via a long argument to the c method. | 6.8 |
2007-12-04 | CVE-2007-6222 | CRM CTT | Permissions, Privileges, and Access Controls vulnerability in CRM CTT Interleave The CheckCustomerAccess function in functions.php in CRM-CTT Interleave before 4.2.0 (formerly CRM-CTT) does not properly verify user privileges, which allows remote authenticated users with the LIMITTOCUSTOMERS privilege to bypass intended access restrictions and edit non-active user settings. | 6.5 |
2007-12-05 | CVE-2007-5355 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5.01/6/7 The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks. | 5.8 |
2007-12-07 | CVE-2007-6271 | Xigla | Improper Input Validation vulnerability in Xigla Absolute News Manager.Net 5.1 Absolute News Manager.NET 5.1 allows remote attackers to obtain sensitive information via a direct request to getpath.aspx, which reveals the installation path in an error message. | 5.0 |
2007-12-07 | CVE-2007-6268 | Xigla | Path Traversal vulnerability in Xigla Absolute News Manager.Net 5.1 Directory traversal vulnerability in pages/default.aspx in Absolute News Manager.NET 5.1 allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-12-05 | CVE-2007-5615 | Mortbay Jetty | Code Injection vulnerability in Mortbay Jetty CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 5.0 |
2007-12-04 | CVE-2007-6239 | Squid | Improper Input Validation vulnerability in Squid web Proxy Cache The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects. | 5.0 |
2007-12-04 | CVE-2007-6236 | Microsoft | Numeric Errors vulnerability in Microsoft Windows Media Player 11 Microsoft Windows Media Player (WMP) allows remote attackers to cause a denial of service (application crash) via a certain AIFF file that triggers a divide-by-zero error, as demonstrated by kr.aiff. | 5.0 |
2007-12-04 | CVE-2007-6220 | Typespeed Debian | Numeric Errors vulnerability in Typespeed typespeed before 0.6.4 allows remote attackers to cause a denial of service (application crash) via unspecified network behavior that triggers a divide-by-zero error. | 5.0 |
2007-12-04 | CVE-2007-6218 | Ossigeno | Improper Input Validation vulnerability in Ossigeno CMS 2.2Pre1 Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b) uninstall_module.php in upload/xax/admin/modules/, (c) upload/xax/admin/patch/index.php, and (d) install_module.php and (e) uninstall_module.php in upload/xax/ossigeno/admin/; and the (2) ossigeno parameter to (f) ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php, different vectors than CVE-2007-5234. | 5.0 |
2007-12-04 | CVE-2007-6215 | WEB Meetme | Path Traversal vulnerability in Web-Meetme 3.0.3 Multiple directory traversal vulnerabilities in play.php in Web-MeetMe 3.0.3 allow remote attackers to read arbitrary files via a .. | 5.0 |
2007-12-04 | CVE-2007-6213 | Webed | Path Traversal vulnerability in Webed 0.0.9 Multiple directory traversal vulnerabilities in mod/chat/index.php in WebED 0.0.9 allow remote attackers to read arbitrary files via a .. | 5.0 |
2007-12-04 | CVE-2007-6212 | Path Traversal vulnerability in Google KML 1.1 Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. | 5.0 | |
2007-12-06 | CVE-2007-6261 | Apple | Numeric Errors vulnerability in Apple mac OS X 10.4/10.5.1 Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary. | 4.9 |
2007-12-04 | CVE-2007-6233 | FTP Admin | Path Traversal vulnerability in FTP Admin FTP Admin 0.1.0 Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allows remote authenticated users to include and execute arbitrary local files via a .. | 4.9 |
2007-12-04 | CVE-2007-6225 | SUN | Local Denial of Service vulnerability in SUN Solaris 10 Unspecified vulnerability in Sun Solaris 10, when 64bit mode is used on the x86 platform, allows local users in a Linux (lx) branded zone to cause a denial of service (panic) via unspecified vectors. | 4.9 |
2007-12-04 | CVE-2007-6216 | SUN | Race Condition vulnerability in SUN Solaris and Sunos Race condition in the Fibre Channel protocol (fcp) driver and Devices filesystem (devfs) in Sun Solaris 10 allows local users to cause a denial of service (system hang) via some programs that access hardware resources, as demonstrated by the (1) cfgadm and (2) format programs. | 4.7 |
2007-12-04 | CVE-2007-6209 | Linux ZSH | Permissions, Privileges, and Access Controls vulnerability in ZSH 4.3.4 Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 4.6 |
2007-12-07 | CVE-2007-6274 | Bcoos | Cross-Site Scripting vulnerability in Bcoos Multiple cross-site scripting (XSS) vulnerabilities in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) day or (2) year parameter. | 4.3 |
2007-12-07 | CVE-2007-6270 | Xigla | Cross-Site Scripting vulnerability in Xigla Absolute News Manager.Net 5.1 Multiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx and the (2) template parameter to pages/default.aspx. | 4.3 |
2007-12-05 | CVE-2007-5613 | Mortbay Jetty | Cross-Site Scripting vulnerability in Mortbay Jetty Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies. | 4.3 |
2007-12-04 | CVE-2007-6232 | HP IBM Linux Santa Cruz Operation SGI SUN Windriver FTP | Cross-Site Scripting vulnerability in FTP Admin 0.1.0 Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action. | 4.3 |
2007-12-04 | CVE-2007-6219 | IBM | Cross-Site Scripting vulnerability in IBM Tivoli Netcool Security Manager 1.3.0 Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool Security Manager 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-12-04 | CVE-2007-6214 | Learnloop | Path Traversal vulnerability in Learnloop 2.0Beta7 Directory traversal vulnerability in include/file_download.php in LearnLoop 2.0 beta7 allows remote attackers to read arbitrary files via a .. | 4.3 |
2007-12-03 | CVE-2007-6203 | Apache | Cross-Site Scripting vulnerability in Apache Http Server Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918. | 4.3 |
2007-12-03 | CVE-2006-7226 | Redhat | Denial Of Service vulnerability in PCRE Perl Compatible Regular Expression Subpattern Memory Allocation Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of service (error or crash). | 4.3 |
2007-12-03 | CVE-2006-7225 | Perl | Improper Input Validation vulnerability in Perl Pcre Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a [[ sequence. | 4.3 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-12-04 | CVE-2007-6208 | Claws Mail | Link Following vulnerability in Claws Mail Claws Mail Tools sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file. | 3.6 |
2007-12-07 | CVE-2007-6267 | Citrix | Credentials Management vulnerability in Citrix products Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information. | 2.1 |
2007-12-04 | CVE-2007-6210 | Zabbix | Configuration vulnerability in Zabbix Agentd 1.1.4 zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" scripts with gid 0, which might allow local users to gain privileges. | 2.1 |
2007-12-04 | CVE-2007-6207 | Xensource INC | Improper Input Validation vulnerability in Xensource INC XEN Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains. | 2.1 |