Weekly Vulnerabilities Reports > December 3 to 9, 2007

Overview

75 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 83 products from 60 vendors including Apple, MIT, Xigla, Debian, and Linux. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "SQL Injection", "Numeric Errors", and "Path Traversal".

  • 62 reported vulnerabilities are remotely exploitables.
  • 16 reported vulnerabilities have public exploit available.
  • 25 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 71 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 5 reported vulnerabilities.
  • MIT has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

16 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-12-07 CVE-2007-6109 GNU Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Emacs

Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line.

10.0
2007-12-06 CVE-2007-5939 Heimdal Buffer Errors vulnerability in Heimdal 0.7.2

The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username.

10.0
2007-12-06 CVE-2007-5769 Netkit FTP Buffer Errors vulnerability in Netkit-Ftp Netkit FTP 0.17

Double free vulnerability in the getreply function in ftp.c in netkit ftp (netkit-ftp) 0.17 20040614 and later allows remote FTP servers to cause a denial of service (application crash) and possibly have unspecified other impact via some types of FTP protocol behavior.

10.0
2007-12-06 CVE-2007-6194 HP Remote Unauthorized Access vulnerability in HP Select Identity

Unspecified vulnerability in HP Select Identity 4.01 before 4.01.012 and 4.1x before 4.13.003 allows remote attackers to obtain unspecified access via unknown vectors.

10.0
2007-12-06 CVE-2007-5902 MIT Numeric Errors vulnerability in MIT Kerberos 5

Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.

10.0
2007-12-04 CVE-2007-6238 Apple Remote vulnerability in Apple Quicktime 7.2

Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166.

10.0
2007-12-04 CVE-2007-6234 FTP Admin Improper Authentication vulnerability in FTP Admin FTP Admin 0.1.0

index.php in FTP Admin 0.1.0 allows remote attackers to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user account.

10.0
2007-12-07 CVE-2007-6279 Flac Resource Management Errors vulnerability in Flac Libflac

Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file.

9.3
2007-12-07 CVE-2007-6278 Flac Improper Input Validation vulnerability in Flac Libflac

Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.

9.3
2007-12-07 CVE-2007-6277 Flac Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Flac Libflac

Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow.

9.3
2007-12-07 CVE-2007-6273 Sonicwall USE of Externally-Controlled Format String vulnerability in Sonicwall Global VPN Client 3.1.556/4.0.0.810

Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag.

9.3
2007-12-06 CVE-2007-6263 Netkit FTP Improper Input Validation vulnerability in Netkit-Ftp Netkit FTP 0.17

The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via some types of FTP over SSL protocol behavior, as demonstrated by breaking a passive FTP DATA connection in a way that triggers an error in the server's SSL_accept function.

9.3
2007-12-06 CVE-2007-5894 MIT Memory Corruption vulnerability in MIT Kerberos 5

** DISPUTED ** The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors.

9.3
2007-12-06 CVE-2007-4575 Openoffice Code Injection vulnerability in Openoffice

HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."

9.3
2007-12-06 CVE-2007-5972 MIT Buffer Errors vulnerability in MIT Kerberos 5 1.5

Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors.

9.0
2007-12-04 CVE-2007-6237 Deluxebb Improper Authentication vulnerability in Deluxebb 1.09

cp.php in DeluxeBB 1.09 does not verify that the membercookie parameter corresponds to the authenticated member during a profile update, which allows remote authenticated users to change the e-mail addresses of arbitrary accounts via a modified membercookie parameter, a different vector than CVE-2006-4078.

9.0

18 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-12-07 CVE-2007-6276 Apple Numeric Errors vulnerability in Apple mac OS X and mac OS X Server

The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112.

7.8
2007-12-04 CVE-2007-6221 Tumusika Evolution Information Exposure vulnerability in Tumusika Evolution Tumusika Evolution 1.7R5

TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.

7.8
2007-12-07 CVE-2007-6275 Bcoos SQL Injection vulnerability in Bcoos

SQL injection vulnerability in modules/adresses/ratefile.php in bcoos 1.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter, a different vector than CVE-2007-6266.

7.5
2007-12-07 CVE-2007-6272 Joomla SQL Injection vulnerability in Joomla 1.5Rc3

Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search action to the com_search component.

7.5
2007-12-07 CVE-2007-6269 Xigla SQL Injection vulnerability in Xigla Absolute News Manager.Net 5.1

Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the (1) z, (2) pz, (3) ord, and (4) sort parameters.

7.5
2007-12-07 CVE-2007-6266 Bcoos SQL Injection vulnerability in Bcoos 1.0.10

Multiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to modules/arcade/index.php in a show_stats action, or the lid parameter to (2) modules/myalbum/ratephoto.php or (3) modules/mylinks/ratelink.php, different vectors than CVE-2007-5104.

7.5
2007-12-05 CVE-2007-6241 Beehive Forum Unspecified vulnerability in Beehive Forum Beehive Forum

Multiple unspecified vulnerabilities in Beehive Forum 0.7.1 have unknown "critical" impact and attack vectors, different issues than CVE-2007-6014.

7.5
2007-12-05 CVE-2007-6240 Snitz Communications SQL Injection vulnerability in Snitz Communications Snitz Forums 2000 3.4.06

SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the BuildTime parameter.

7.5
2007-12-05 CVE-2007-6014 Beehive Forum SQL Injection vulnerability in Beehive Forum Beehive Forum

SQL injection vulnerability in post.php in Beehive Forum 0.7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t_dedupe parameter.

7.5
2007-12-05 CVE-2007-5614 Mortbay Jetty Unspecified vulnerability in Mortbay Jetty

Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.

7.5
2007-12-04 CVE-2007-6231 Tellmatic Code Injection vulnerability in Tellmatic 1.0.7

Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/.

7.5
2007-12-04 CVE-2007-6230 Rayzz Path Traversal vulnerability in Rayzz Script 2.0

Directory traversal vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-12-04 CVE-2007-6229 Rayzz Code Injection vulnerability in Rayzz Script 2.0

PHP remote file inclusion vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[site][project_path] parameter.

7.5
2007-12-04 CVE-2007-6223 Phpbb SQL Injection vulnerability in PHPbb Garage 1.2.0Beta3

SQL injection vulnerability in garage.php in phpBB Garage 1.2.0 Beta3 allows remote attackers to execute arbitrary SQL commands via the make_id parameter in a search action in browse mode.

7.5
2007-12-04 CVE-2007-6217 Irola SQL Injection vulnerability in Irola My-Time 3.5

Multiple SQL injection vulnerabilities in login.asp in Irola My-Time (aka Timesheet) 3.5 allow remote attackers to execute arbitrary SQL commands via the (1) login (aka Username) and (2) password parameters.

7.5
2007-12-04 CVE-2007-6227 Qemu Buffer Errors vulnerability in Qemu 0.9.0

QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com.

7.2
2007-12-04 CVE-2007-6211 Debian
Sing
Permissions, Privileges, and Access Controls vulnerability in Sing 1.1

Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L (output log file) option.

7.2
2007-12-04 CVE-2007-6226 APC Improper Authentication vulnerability in APC OAS and Switched Rack PDU Firmware

The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits.

7.1

36 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-12-06 CVE-2007-5971 Apple
MIT
Resource Management Errors vulnerability in MIT Kerberos 5

Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.

6.9
2007-12-06 CVE-2007-5901 Apple
MIT
Resource Management Errors vulnerability in MIT Kerberos 5

Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.

6.9
2007-12-07 CVE-2007-6265 Avast Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Avast Antivirus Home and Avast Antivirus Professional

Unspecified vulnerability in avast! 4 Home and Professional Editions before 4.7.1098 allows remote attackers to have an unknown impact via a crafted TAR archive.

6.8
2007-12-06 CVE-2007-6262 Videolan Buffer Errors vulnerability in Videolan VLC Media Player 0.8.6/0.8.6A/0.8.6B

A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability."

6.8
2007-12-06 CVE-2007-6260 Oracle Credentials Management vulnerability in Oracle Database Server

The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener.

6.8
2007-12-04 CVE-2007-6228 Yahoo Buffer Errors vulnerability in Yahoo Toolbar 1.4.1

Stack-based buffer overflow in the Helper class in the yt.ythelper.2 ActiveX control in Yahoo! Toolbar 1.4.1 allows remote attackers to cause a denial of service (browser crash) via a long argument to the c method.

6.8
2007-12-04 CVE-2007-6222 CRM CTT Permissions, Privileges, and Access Controls vulnerability in CRM CTT Interleave

The CheckCustomerAccess function in functions.php in CRM-CTT Interleave before 4.2.0 (formerly CRM-CTT) does not properly verify user privileges, which allows remote authenticated users with the LIMITTOCUSTOMERS privilege to bypass intended access restrictions and edit non-active user settings.

6.5
2007-12-07 CVE-2007-5497 Ext2 Filesystems Utilities Numeric Errors vulnerability in Ext2 Filesystems Utilities E2Fsprogs

Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.

5.8
2007-12-05 CVE-2007-5355 Microsoft Unspecified vulnerability in Microsoft IE 5.01/6/7

The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks.

5.8
2007-12-07 CVE-2007-6271 Xigla Improper Input Validation vulnerability in Xigla Absolute News Manager.Net 5.1

Absolute News Manager.NET 5.1 allows remote attackers to obtain sensitive information via a direct request to getpath.aspx, which reveals the installation path in an error message.

5.0
2007-12-07 CVE-2007-6268 Xigla Path Traversal vulnerability in Xigla Absolute News Manager.Net 5.1

Directory traversal vulnerability in pages/default.aspx in Absolute News Manager.NET 5.1 allows remote attackers to read arbitrary files via a ..

5.0
2007-12-06 CVE-2007-5938 Intel Numeric Errors vulnerability in Intel PRO Wireless 3945Abg and Wireless Wifi Link 4965Agn

The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwl_get_hw_mode return value without checking for NULL, which might allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors during module initialization.

5.0
2007-12-05 CVE-2007-5615 Mortbay Jetty Code Injection vulnerability in Mortbay Jetty

CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

5.0
2007-12-04 CVE-2007-6239 Squid Improper Input Validation vulnerability in Squid web Proxy Cache

The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects.

5.0
2007-12-04 CVE-2007-6236 Microsoft Numeric Errors vulnerability in Microsoft Windows Media Player 11

Microsoft Windows Media Player (WMP) allows remote attackers to cause a denial of service (application crash) via a certain AIFF file that triggers a divide-by-zero error, as demonstrated by kr.aiff.

5.0
2007-12-04 CVE-2007-6235 Realnetworks Improper Input Validation vulnerability in Realnetworks Realplayer 11

A certain ActiveX control in RealNetworks RealPlayer 11 allows remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error.

5.0
2007-12-04 CVE-2007-6224 Microsoft
Realnetworks
Improper Input Validation vulnerability in Realnetworks Realplayer 11.0

The RealNetworks RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll, as shipped with RealPlayer 11, allows remote attackers to cause a denial of service (browser crash) via a certain argument to the GetSourceTransport method.

5.0
2007-12-04 CVE-2007-6220 Typespeed
Debian
Numeric Errors vulnerability in Typespeed

typespeed before 0.6.4 allows remote attackers to cause a denial of service (application crash) via unspecified network behavior that triggers a divide-by-zero error.

5.0
2007-12-04 CVE-2007-6218 Ossigeno Improper Input Validation vulnerability in Ossigeno CMS 2.2Pre1

Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b) uninstall_module.php in upload/xax/admin/modules/, (c) upload/xax/admin/patch/index.php, and (d) install_module.php and (e) uninstall_module.php in upload/xax/ossigeno/admin/; and the (2) ossigeno parameter to (f) ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php, different vectors than CVE-2007-5234.

5.0
2007-12-04 CVE-2007-6215 WEB Meetme Path Traversal vulnerability in Web-Meetme 3.0.3

Multiple directory traversal vulnerabilities in play.php in Web-MeetMe 3.0.3 allow remote attackers to read arbitrary files via a ..

5.0
2007-12-04 CVE-2007-6213 Webed Path Traversal vulnerability in Webed 0.0.9

Multiple directory traversal vulnerabilities in mod/chat/index.php in WebED 0.0.9 allow remote attackers to read arbitrary files via a ..

5.0
2007-12-04 CVE-2007-6212 Google Path Traversal vulnerability in Google KML 1.1

Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a ..

5.0
2007-12-06 CVE-2007-6261 Apple Numeric Errors vulnerability in Apple mac OS X 10.4/10.5.1

Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary.

4.9
2007-12-04 CVE-2007-6233 FTP Admin Path Traversal vulnerability in FTP Admin FTP Admin 0.1.0

Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allows remote authenticated users to include and execute arbitrary local files via a ..

4.9
2007-12-04 CVE-2007-6225 SUN Local Denial of Service vulnerability in SUN Solaris 10

Unspecified vulnerability in Sun Solaris 10, when 64bit mode is used on the x86 platform, allows local users in a Linux (lx) branded zone to cause a denial of service (panic) via unspecified vectors.

4.9
2007-12-04 CVE-2007-6216 SUN Race Condition vulnerability in SUN Solaris and Sunos

Race condition in the Fibre Channel protocol (fcp) driver and Devices filesystem (devfs) in Sun Solaris 10 allows local users to cause a denial of service (system hang) via some programs that access hardware resources, as demonstrated by the (1) cfgadm and (2) format programs.

4.7
2007-12-04 CVE-2007-6209 Linux
ZSH
Permissions, Privileges, and Access Controls vulnerability in ZSH 4.3.4

Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

4.6
2007-12-07 CVE-2007-6274 Bcoos Cross-Site Scripting vulnerability in Bcoos

Multiple cross-site scripting (XSS) vulnerabilities in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) day or (2) year parameter.

4.3
2007-12-07 CVE-2007-6270 Xigla Cross-Site Scripting vulnerability in Xigla Absolute News Manager.Net 5.1

Multiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx and the (2) template parameter to pages/default.aspx.

4.3
2007-12-05 CVE-2007-5613 Mortbay Jetty Cross-Site Scripting vulnerability in Mortbay Jetty

Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies.

4.3
2007-12-04 CVE-2007-6232 HP
IBM
Linux
Santa Cruz Operation
SGI
SUN
Windriver
FTP
Cross-Site Scripting vulnerability in FTP Admin 0.1.0

Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.

4.3
2007-12-04 CVE-2007-6219 IBM Cross-Site Scripting vulnerability in IBM Tivoli Netcool Security Manager 1.3.0

Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool Security Manager 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-12-04 CVE-2007-6214 Learnloop Path Traversal vulnerability in Learnloop 2.0Beta7

Directory traversal vulnerability in include/file_download.php in LearnLoop 2.0 beta7 allows remote attackers to read arbitrary files via a ..

4.3
2007-12-03 CVE-2007-6203 Apache Cross-Site Scripting vulnerability in Apache Http Server

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.

4.3
2007-12-03 CVE-2006-7226 Redhat Denial Of Service vulnerability in PCRE Perl Compatible Regular Expression Subpattern Memory Allocation

Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of service (error or crash).

4.3
2007-12-03 CVE-2006-7225 Perl Improper Input Validation vulnerability in Perl Pcre

Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a [[ sequence.

4.3

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-12-04 CVE-2007-6208 Claws Mail Link Following vulnerability in Claws Mail Claws Mail Tools

sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file.

3.6
2007-12-07 CVE-2007-6267 Citrix Credentials Management vulnerability in Citrix products

Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information.

2.1
2007-12-04 CVE-2007-6210 Zabbix Configuration vulnerability in Zabbix Agentd 1.1.4

zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" scripts with gid 0, which might allow local users to gain privileges.

2.1
2007-12-04 CVE-2007-6207 Xensource INC Improper Input Validation vulnerability in Xensource INC XEN

Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains.

2.1
2007-12-04 CVE-2007-6206 Linux
Opensuse
Suse
Redhat
Debian
Canonical
Information Exposure vulnerability in multiple products

The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.

2.1