Weekly Vulnerabilities Reports > December 10 to 16, 2007

Overview

110 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 28 high severity vulnerabilities. This weekly summary report vulnerabilities in 114 products from 74 vendors including Microsoft, HP, IBM, Real Time Logic, and Oracle. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Path Traversal", and "Code Injection".

  • 99 reported vulnerabilities are remotely exploitables.
  • 29 reported vulnerabilities have public exploit available.
  • 51 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 100 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 13 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

15 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-12-15 CVE-2007-6195 HP Buffer Errors vulnerability in HP Hp-Ux 11.11/11.23

Buffer overflow in the sw_rpc_agent_init function in swagentd in Software Distributor (SD), and possibly other DCE applications, in HP HP-UX B.11.11 and B.11.23 allows remote attackers to execute arbitrary code or cause a denial of service via malformed arguments in an opcode 0x04 DCE RPC request.

10.0
2007-12-15 CVE-2007-5580 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Security Agent

Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445.

10.0
2007-12-13 CVE-2007-6204 HP Buffer Errors vulnerability in HP Openview Network Node Manager 6.41/7.0.1/7.51

Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe, as demonstrated via a long Action parameter to OpenView5.exe.

10.0
2007-12-13 CVE-2007-6330 Meridian Software Information Disclosure vulnerability in Meridian Software Prolog Manager 2007/7.0/7.5

Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames and passwords to the client in a (1) cleartext or (2) weakly encrypted format to support client-side login authentication, which makes it easier for remote attackers to obtain database access by capturing credentials via a man-in-the-middle attack.

10.0
2007-12-12 CVE-2007-5351 Microsoft Code Injection vulnerability in Microsoft Windows Vista

Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."

10.0
2007-12-10 CVE-2007-6293 IBM Unspecified vulnerability in IBM Hardware Management Console 6.1.3

Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 6 R1.3 allow attackers to gain privileges via "some HMC commands."

10.0
2007-12-15 CVE-2007-6387 Intuit
Microsoft
Vantage Linquistics
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ActiveX control in awApi4.dll 4.0.0.42, as used by Vantage Linguistics AnswerWorks, and Intuit Clearly Bookkeeping, ProSeries, QuickBooks, Quicken, QuickTax, and TurboTax, allow remote attackers to execute arbitrary code via long arguments to the (1) GetHistory, (2) GetSeedQuery, (3) SetSeedQuery, and possibly other methods.

9.3
2007-12-15 CVE-2007-4707 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Multiple unspecified vulnerabilities in the Flash media handler in Apple QuickTime before 7.3.1 allow remote attackers to execute arbitrary code or have other unspecified impacts via a crafted QuickTime movie.

9.3
2007-12-13 CVE-2007-6015 Samba Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba

Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.

9.3
2007-12-13 CVE-2007-6332 HP Arbitrary Code Execution vulnerability in HP Info Center HPInfoDLL.DLL ActiveX Control

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method.

9.3
2007-12-13 CVE-2007-6331 HP Path Traversal vulnerability in HP Info Center and Quick Launch Button

Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method.

9.3
2007-12-12 CVE-2007-3902 Microsoft Resource Management Errors vulnerability in Microsoft IE and Internet Explorer

Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."

9.3
2007-12-12 CVE-2007-3895 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Directx

Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file.

9.3
2007-12-12 CVE-2007-0064 Microsoft Buffer Errors vulnerability in Microsoft products

Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.

9.3
2007-12-12 CVE-2007-3039 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Message Queuing

Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103.

9.0

28 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-12-14 CVE-2007-6350 Scponly Permissions, Privileges, and Access Controls vulnerability in Scponly

scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks.

8.5
2007-12-12 CVE-2007-3901 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Directx

Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file.

8.5
2007-12-15 CVE-2007-6372 Juniper Improper Input Validation vulnerability in Juniper Junos

Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, possibly BGP UPDATE packets that trigger session flapping.

7.8
2007-12-15 CVE-2007-6360 SUN Denial Of Service vulnerability in Sun SPARC XSCF Control Package (XCP) Firmware

Unspecified vulnerability in the Sun eXtended System Control Facility (XSCF) Control Package (XCP) firmware before 1050 on SPARC Enterprise M4000, M5000, M8000, and M9000 servers allows remote attackers to cause a denial of service (reboot) via (1) telnet, (2) ssh, or (3) http network traffic that triggers memory exhaustion.

7.8
2007-12-15 CVE-2007-6384 BEA Improper Authentication vulnerability in BEA Weblogic Mobility Server 3.3/3.5/3.6

Unspecified vulnerability in the Image Converter functionality in BEA WebLogic Mobility Server 3.3, 3.5, and 3.6 through 3.6 SP1 allows remote attackers to obtain application file and resource access via unspecified vectors.

7.5
2007-12-15 CVE-2007-6380 E Xoops SQL Injection vulnerability in E-Xoops

Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issues to CVE-2007-5104 and CVE-2007-6266.

7.5
2007-12-15 CVE-2007-6378 Badblue Path Traversal vulnerability in Badblue

Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a ..

7.5
2007-12-15 CVE-2007-6377 Badblue Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Badblue

Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string.

7.5
2007-12-15 CVE-2007-6376 Francisco Burzi Path Traversal vulnerability in Francisco Burzi PHP-Nuke 8.0Final

Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-12-15 CVE-2007-6375 Bitweaver SQL Injection vulnerability in Bitweaver

Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to wiki/list_pages.php and the (2) highlight parameter to search/index.php.

7.5
2007-12-15 CVE-2007-6373 Gestdown SQL Injection vulnerability in Gestdown 1.00Beta

Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow remote attackers to execute arbitrary SQL commands via the (1) categorie parameter to catdownload.php, or the id parameter to (2) download.php or (3) hitcounter.php.

7.5
2007-12-15 CVE-2007-6366 Sinecms SQL Injection vulnerability in Sinecms

Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to mods/Calendar/index.php, accessed through a Calendar info action to mods.php; the id parameter to admin/mods_adm.php in a (2) Guestbook modifica or (3) Calendar modify action; or the (4) mese or (5) anno parameter to admin/mods_adm.php in a Calendar action.

7.5
2007-12-15 CVE-2007-6362 Joomla SQL Injection vulnerability in Joomla RS Gallery2 Beta5

SQL injection vulnerability in index.php in the RSGallery (com_rsgallery) 2.0 beta 5 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an inline page action.

7.5
2007-12-15 CVE-2007-6338 Trivantis SQL Injection vulnerability in Trivantis Coursemill Enterprise Learning Management System 4.1

SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill Enterprise Learning Management System 4.1 SP4 allows remote attackers to execute arbitrary SQL commands via the user parameter (username field).

7.5
2007-12-13 CVE-2007-6345 Aurora SQL Injection vulnerability in Aurora Framework

SQL injection vulnerability in aurora framework before 20071208 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib.

7.5
2007-12-13 CVE-2007-6342 David Castro SQL Injection vulnerability in David Castro Apache Authcas 0.4

SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.

7.5
2007-12-13 CVE-2007-6327 AVS Media Buffer Errors vulnerability in AVS Media Avsmjpegfile.Dll 1.1.1.102

Buffer overflow in a certain ActiveX control in Online Media Technologies AVSMJPEGFILE.DLL 1.1.1.102 allows remote attackers to execute arbitrary code via a long first argument to the CreateStill method.

7.5
2007-12-11 CVE-2007-6311 Falt4 CMS SQL Injection vulnerability in Falt4 CMS Falt4 Extreme RC4 10.9.2007

SQL injection vulnerability in (1) index.php, and possibly (2) admin/index.php, in Falt4Extreme RC4 10.9.2007 allows remote attackers to execute arbitrary SQL commands via the nav_ID parameter.

7.5
2007-12-10 CVE-2007-6299 Drupal Improper Input Validation vulnerability in Drupal

Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules.

7.5
2007-12-10 CVE-2007-6292 Mwopen SQL Injection vulnerability in Mwopen E-Commerce 0/1.4

SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-12-10 CVE-2007-6291 Xigla SQL Injection vulnerability in Xigla Absolute Banner Manager.Net 4.0

SQL injection vulnerability in abm.aspx in Xigla Absolute Banner Manager .NET 4.0 allows remote attackers to execute arbitrary SQL commands via the z parameter.

7.5
2007-12-10 CVE-2007-6288 Tecnick COM SQL Injection vulnerability in Tecnick.Com Tcexam

Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2007-12-15 CVE-2007-6386 Trend Micro Buffer Errors vulnerability in Trend Micro products

Stack-based buffer overflow in PccScan.dll before build 1451 in Trend Micro AntiVirus plus AntiSpyware 2008, Internet Security 2008, and Internet Security Pro 2008 allows user-assisted remote attackers to cause a denial of service (SfCtlCom.exe crash), and allows local users to gain privileges, via a malformed .zip archive with a long name, as demonstrated by a .zip file created via format string specifiers in a crafted .uue file.

7.2
2007-12-15 CVE-2007-6151 Linux Buffer Errors vulnerability in Linux Kernel 2.6.23

The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which triggers a buffer overflow.

7.2
2007-12-13 CVE-2007-6328 Dosbox Unspecified vulnerability in Dosbox

** DISPUTED ** DOSBox 0.72 and earlier allows local users to obtain access to the filesystem on the host operating system via the mount command.

7.2
2007-12-12 CVE-2007-5350 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows Vista

Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths."

7.2
2007-12-15 CVE-2007-6371 Nokia Improper Input Validation vulnerability in Nokia N95 12.0.013

Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attackers to cause a denial of service (device inoperability) via a SIP INVITE message accompanied by an immediately subsequent SIP CANCEL message, followed by a second SIP INVITE message in a different session.

7.1
2007-12-10 CVE-2007-5969 Mysql Permissions, Privileges, and Access Controls vulnerability in Mysql products

MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.

7.1

63 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-12-13 CVE-2007-5964 Redhat Configuration vulnerability in Redhat Enterprise Linux 5.0

The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server.

6.9
2007-12-15 CVE-2007-6382 Robocode Remote Java Code Execution vulnerability in Robocode

The Event Dispatch Thread in Robocode before 1.5.1 allows remote attackers to execute arbitrary Java code by using a robot to invoke the SwingUtilities.invokeLater method.

6.8
2007-12-15 CVE-2007-4706 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remote attackers to execute arbitrary code via a crafted QTL file.

6.8
2007-12-14 CVE-2007-6348 Squirrelmail Code Injection vulnerability in Squirrelmail 1.4.11/1.4.12

SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code.

6.8
2007-12-13 CVE-2007-6347 Viart Code Injection vulnerability in Viart products

PHP remote file inclusion vulnerability in blocks/block_site_map.php in ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, and (4) Shop Free 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the root_folder_path parameter.

6.8
2007-12-13 CVE-2007-6344 Mcms Path Traversal vulnerability in Mcms Easy web Make 0

Directory traversal vulnerability in modules/cms/index.php in Mcms Easy Web Make 1.3, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2007-12-13 CVE-2007-5989 Skype Technologies Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Skype Technologies Skype

Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption.

6.8
2007-12-13 CVE-2007-6325 Fastpublish Improper Input Validation vulnerability in Fastpublish CMS 1.9999

PHP remote file inclusion vulnerability in adminbereich/designconfig.php in Fastpublish CMS 1.9999 allows remote attackers to execute arbitrary PHP code via a URL in the config[fsBase] parameter, a different vector than CVE-2006-2726.

6.8
2007-12-13 CVE-2007-6324 City Writer Code Injection vulnerability in City Writer Citywriter 0.9.7

PHP remote file inclusion vulnerability in head.php in CityWriter 0.9.7 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

6.8
2007-12-12 CVE-2007-5007 Gnome Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Gnome Balsa

Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.

6.8
2007-12-12 CVE-2007-6318 Wordpress SQL Injection vulnerability in Wordpress

SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.

6.8
2007-12-12 CVE-2007-5347 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."

6.8
2007-12-12 CVE-2007-5344 Microsoft Code Injection vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability."

6.8
2007-12-12 CVE-2007-3903 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability."

6.8
2007-12-10 CVE-2007-6302 Novell Buffer Errors vulnerability in Novell Netmail 3.5.2

Multiple heap-based buffer overflows in avirus.exe in Novell NetMail 3.5.2 before Messaging Architects M+NetMail 3.52f (aka 3.5.2F) allows remote attackers to execute arbitrary code via unspecified ASCII integers used as memory allocation arguments, aka "ZDI-CAN-162."

6.8
2007-12-10 CVE-2007-6289 Iptel Code Injection vulnerability in Iptel Serweb

Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SERWEB[configdir] parameter to load_lang.php, (2) _SERWEB[functionsdir] parameter to main_prepend.php, and the (3) _PHPLIB[libdir] parameter to load_phplib.php, different vectors than CVE-2007-3359 and CVE-2007-3358.

6.8
2007-12-15 CVE-2007-6381 Typo3 SQL Injection vulnerability in Typo3

SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2007-12-13 CVE-2007-6329 Microsoft Credentials Management vulnerability in Microsoft Office 2007

Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.

6.4
2007-12-15 CVE-2007-6357 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Access

Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file.

5.8
2007-12-13 CVE-2007-6333 HP Arbitrary Code Execution vulnerability in HP Info Center HPInfoDLL.DLL ActiveX Control

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method.

5.8
2007-12-10 CVE-2007-5970 Oracle Remote Security vulnerability in MySQL

MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.

5.8
2007-12-15 CVE-2007-6383 Chandler Project Permissions, Privileges, and Access Controls vulnerability in Chandler Project Chandler Server

The DAV component in Chandler Server (Cosmo) before 0.10.1 does not check resource creation permissions, which allows remote authenticated users to create arbitrary resources in another user's home collection.

5.5
2007-12-12 CVE-2007-6317 Real Time Logic Path Traversal vulnerability in Real Time Logic products

Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/.

5.5
2007-12-15 CVE-2007-6379 Badblue Configuration vulnerability in Badblue

BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message.

5.0
2007-12-15 CVE-2007-6369 Wordpress Path Traversal vulnerability in Wordpress Pictpress

Multiple directory traversal vulnerabilities in resize.php in the PictPress 0.91 and earlier plugin for WordPress allow remote attackers to read arbitrary files via a ..

5.0
2007-12-15 CVE-2007-6368 Ezcontents Path Traversal vulnerability in Ezcontents 1.4.5

Directory traversal vulnerability in index.php in ezContents 1.4.5 allows remote attackers to read arbitrary files via a ..

5.0
2007-12-15 CVE-2007-6361 Gekkoware Permissions, Privileges, and Access Controls vulnerability in Gekkoware Gekko

Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries.

5.0
2007-12-13 CVE-2007-6326 Sergey Lyubka Improper Input Validation vulnerability in Sergey Lyubka Simple Httpd 1.3

Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI.

5.0
2007-12-13 CVE-2007-6323 MMS Gallery Path Traversal vulnerability in MMS Gallery MMS Gallery PHP 1.0

Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 allow remote attackers to read arbitrary files via a ..

5.0
2007-12-13 CVE-2007-6322 Xml2Owl Path Traversal vulnerability in Xml2Owl 0.1.1

Directory traversal vulnerability in filedownload.php in xml2owl 0.1.1 allows remote attackers to read arbitrary files via a ..

5.0
2007-12-12 CVE-2007-6314 Real Time Logic Improper Input Validation vulnerability in Real Time Logic products

BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a (1) + (plus), (2) .

5.0
2007-12-10 CVE-2007-6304 Mysql
Oracle
Privilege Escalation And Denial Of Service vulnerability in MySQL Server

The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.

5.0
2007-12-10 CVE-2007-6300 Fusion News Cross-Site Request Forgery (CSRF) vulnerability in Fusion News Fusion News 3.9.0

Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 allows remote attackers to perform unauthorized actions via unspecified vectors.

5.0
2007-12-10 CVE-2007-6296 Phpmychat Code Injection vulnerability in PHPmychat 0.14.5

PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the From parameter.

5.0
2007-12-10 CVE-2007-6290 Iptel Path Traversal vulnerability in Iptel Serweb 2.0.0Dev1

Multiple directory traversal vulnerabilities in js/get_js.php in SERWeb 2.0.0 dev1 and earlier allow remote attackers to read arbitrary files via a ..

5.0
2007-12-15 CVE-2007-6359 Apple Numeric Errors vulnerability in Apple mac OS X 10.5.1

The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL.

4.9
2007-12-15 CVE-2007-6358 Glyph AND COG Unspecified vulnerability in Glyph and COG Pdftops

pdftops.pl before 1.20 in alternate pdftops filter allows local users to overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp temporary file, which is created when pdftops reads a PDF file from stdin, such as when pdftops is invoked by CUPS.

4.9
2007-12-10 CVE-2007-6294 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Hardware Management Console 3.3.7

Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 3 R3.7 allow attackers to gain privileges via "some HMC commands."

4.9
2007-12-10 CVE-2007-6305 Linux
Unix
IBM
Buffer Errors vulnerability in IBM Hardware Management Console 7.3.2.0

Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands."

4.6
2007-12-15 CVE-2007-6374 Bitweaver Cross-Site Scripting vulnerability in Bitweaver

Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) users/register.php or (2) search/index.php, or an editcomments action in (3) wiki/index.php or (4) forums/index.php.

4.3
2007-12-15 CVE-2007-6367 Sinecms Cross-Site Scripting vulnerability in Sinecms

Multiple cross-site scripting (XSS) vulnerabilities in the guestbook in SineCMS 2.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username (user) or (2) comment (commento) field, different vectors than CVE-2007-2357.

4.3
2007-12-15 CVE-2007-6365 Bcoos Cross-Site Scripting vulnerability in Bcoos Event Calendar 1.0.10

Cross-site scripting (XSS) vulnerability in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 allows remote attackers to inject arbitrary web script or HTML via the month parameter.

4.3
2007-12-15 CVE-2007-6364 Jlmforo System Cross-Site Scripting vulnerability in Jlmforo System Jlmforo System

Cross-site scripting (XSS) vulnerability in modificarPerfil.php in JLMForo System allows remote authenticated users to inject arbitrary web script or HTML via a signature.

4.3
2007-12-15 CVE-2007-5582 Cisco Cross-Site Scripting vulnerability in Cisco Ciscoworks Server 2.6

Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-12-13 CVE-2007-6346 Rainboard Cross-Site Scripting vulnerability in Rainboard

Cross-site scripting (XSS) vulnerability in Rainboard before 2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-12-13 CVE-2007-6343 HP Cross-Site Scripting vulnerability in HP Openview Network Node Manager 6.41/7.0.1/7.51

Cross-site scripting (XSS) vulnerability in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-12-13 CVE-2007-5000 Apache Cross-Site Scripting vulnerability in Apache Http Server

Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-12-12 CVE-2007-6321 Roundcube Cross-Site Scripting vulnerability in Roundcube Webmail 0.1

Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.

4.3
2007-12-12 CVE-2007-6320 Drupal Cross-Site Request Forgery (CSRF) vulnerability in Drupal Feature Module 4.7.Xdev/5.Xdev

Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks.

4.3
2007-12-12 CVE-2007-6316 Real Time Logic Cross-Site Scripting vulnerability in Real Time Logic products

Cross-site scripting (XSS) vulnerability in BarracudaDrive Web Server before 3.8 allows remote attackers to inject arbitrary web script or HTML via the URI path in an HTTP GET request, which is activated by administrators viewing log files via the Trace page.

4.3
2007-12-11 CVE-2007-6312 Websense Cross-Site Scripting vulnerability in Websense Enterpise, Reporting Tools and web Security Suite

Cross-site scripting (XSS) vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field.

4.3
2007-12-11 CVE-2007-6310 Falt4 CMS Cross-Site Scripting vulnerability in Falt4 CMS Falt4 Extreme RC4 10.9.2007

Multiple cross-site scripting (XSS) vulnerabilities in Falt4Extreme RC4 10.9.2007 allow remote attackers to inject arbitrary web script or HTML via the handler parameter to (1) index.php and possibly (2) admin/index.php, and (3) the topic parameter to modules/feed/feed.php (aka modules/feed.php).

4.3
2007-12-11 CVE-2007-6309 Webspell Cross-Site Scripting vulnerability in Webspell 4.1.2

Multiple cross-site scripting (XSS) vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the galleryID parameter in a usergallery upload action; or the (2) upID, (3) tag, (4) month, (5) userID, or (6) year parameter in a calendar announce action.

4.3
2007-12-11 CVE-2007-6308 Httplogger Cross-Site Scripting vulnerability in Httplogger 0.8.1

Cross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-12-11 CVE-2007-6307 Jfree Cross-Site Scripting vulnerability in Jfree Jfreechart 1.0.8

Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header.

4.3
2007-12-11 CVE-2007-6306 Jfree Cross-Site Scripting vulnerability in Jfree Jfreechart 1.0.8

Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.

4.3
2007-12-11 CVE-2007-6205 S9Y Cross-Site Scripting vulnerability in S9Y Serendipity

Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed.

4.3
2007-12-10 CVE-2007-6301 Open Newsletter Cross-Site Scripting vulnerability in Open Newsletter Open Newsletter

Cross-site scripting (XSS) vulnerability in compose.php in OpenNewsletter 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.

4.3
2007-12-10 CVE-2007-6298 Drupal Cross-Site Scripting vulnerability in Drupal Shoutbox

Cross-site scripting (XSS) vulnerability in the Shoutbox module for Drupal 5.x before Shoutbox 5.x-1.1 allows remote authenticated users to inject arbitrary web script or HTML via Shoutbox block messages.

4.3
2007-12-10 CVE-2007-6297 PHP Heaven Cross-Site Scripting vulnerability in PHP Heaven PHPmychat 0.14.5

Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3.

4.3
2007-12-10 CVE-2007-6295 IBM Cross-Site Scripting vulnerability in IBM Lotus Sametime

Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI.

4.3
2007-12-10 CVE-2007-6287 Lxlabs Cross-Site Scripting vulnerability in Lxlabs Hypervm 2.0

Cross-site scripting (XSS) vulnerability in the login page in Lxlabs HyperVM 2.0 allows remote attackers to inject arbitrary web script or HTML via the frm_emessage parameter, a different vector than CVE-2006-6649.

4.3
2007-12-12 CVE-2007-6315 Real Time Logic Buffer Errors vulnerability in Real Time Logic products

Group Chat in BarracudaDrive Web Server before 3.8 allows remote authenticated users to cause a denial of service (crash) via a HTTP request to /eh/chat.ehintf/C.

4.0

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-12-10 CVE-2007-6303 Mysql
Oracle
Privilege Escalation And Denial Of Service vulnerability in MySQL Server

MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.

3.5
2007-12-15 CVE-2007-6385 Kerio Improper Authentication vulnerability in Kerio Winroute Firewall

The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors.

2.1
2007-12-15 CVE-2007-6363 IBM Cross-Site Scripting vulnerability in IBM Tivoli Netcool Security Manager 1.3.0

IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when using Active Directory (AD) LDAP authentication, allows remote attackers to obtain login access via unspecified vectors without entering a password.

2.1
2007-12-15 CVE-2007-6249 Gentoo Information Exposure vulnerability in Gentoo Portage 2.0.51.22/2.1.1/2.1.3.10

etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.

2.1