Weekly Vulnerabilities Reports > December 10 to 16, 2007
Overview
106 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 25 high severity vulnerabilities. This weekly summary report vulnerabilities in 109 products from 72 vendors including Microsoft, HP, IBM, Real Time Logic, and Apple. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Path Traversal", and "Code Injection".
- 97 reported vulnerabilities are remotely exploitables.
- 29 reported vulnerabilities have public exploit available.
- 50 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 97 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 13 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 6 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
15 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-12-15 | CVE-2007-6195 | HP | Buffer Errors vulnerability in HP Hp-Ux 11.11/11.23 Buffer overflow in the sw_rpc_agent_init function in swagentd in Software Distributor (SD), and possibly other DCE applications, in HP HP-UX B.11.11 and B.11.23 allows remote attackers to execute arbitrary code or cause a denial of service via malformed arguments in an opcode 0x04 DCE RPC request. | 10.0 |
2007-12-15 | CVE-2007-5580 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Security Agent Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445. | 10.0 |
2007-12-13 | CVE-2007-6204 | HP | Buffer Errors vulnerability in HP Openview Network Node Manager 6.41/7.0.1/7.51 Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe, as demonstrated via a long Action parameter to OpenView5.exe. | 10.0 |
2007-12-13 | CVE-2007-6330 | Meridian Software | Information Disclosure vulnerability in Meridian Software Prolog Manager 2007/7.0/7.5 Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames and passwords to the client in a (1) cleartext or (2) weakly encrypted format to support client-side login authentication, which makes it easier for remote attackers to obtain database access by capturing credentials via a man-in-the-middle attack. | 10.0 |
2007-12-12 | CVE-2007-5351 | Microsoft | Code Injection vulnerability in Microsoft Windows Vista Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability." | 10.0 |
2007-12-10 | CVE-2007-6293 | IBM | Unspecified vulnerability in IBM Hardware Management Console 6.1.3 Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 6 R1.3 allow attackers to gain privileges via "some HMC commands." | 10.0 |
2007-12-15 | CVE-2007-6387 | Intuit Microsoft Vantage Linquistics | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ActiveX control in awApi4.dll 4.0.0.42, as used by Vantage Linguistics AnswerWorks, and Intuit Clearly Bookkeeping, ProSeries, QuickBooks, Quicken, QuickTax, and TurboTax, allow remote attackers to execute arbitrary code via long arguments to the (1) GetHistory, (2) GetSeedQuery, (3) SetSeedQuery, and possibly other methods. | 9.3 |
2007-12-15 | CVE-2007-4707 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Multiple unspecified vulnerabilities in the Flash media handler in Apple QuickTime before 7.3.1 allow remote attackers to execute arbitrary code or have other unspecified impacts via a crafted QuickTime movie. | 9.3 |
2007-12-13 | CVE-2007-6015 | Samba | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request. | 9.3 |
2007-12-13 | CVE-2007-6332 | HP | Arbitrary Code Execution vulnerability in HP Info Center HPInfoDLL.DLL ActiveX Control The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method. | 9.3 |
2007-12-13 | CVE-2007-6331 | HP | Path Traversal vulnerability in HP Info Center and Quick Launch Button Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method. | 9.3 |
2007-12-12 | CVE-2007-3902 | Microsoft | Resource Management Errors vulnerability in Microsoft IE and Internet Explorer Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability." | 9.3 |
2007-12-12 | CVE-2007-3895 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Directx Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file. | 9.3 |
2007-12-12 | CVE-2007-0064 | Microsoft | Buffer Errors vulnerability in Microsoft products Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. | 9.3 |
2007-12-12 | CVE-2007-3039 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Message Queuing Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. | 9.0 |
25 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-12-14 | CVE-2007-6350 | Scponly | Permissions, Privileges, and Access Controls vulnerability in Scponly scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks. | 8.5 |
2007-12-12 | CVE-2007-3901 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Directx Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file. | 8.5 |
2007-12-15 | CVE-2007-6372 | Juniper | Improper Input Validation vulnerability in Juniper Junos Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, possibly BGP UPDATE packets that trigger session flapping. | 7.8 |
2007-12-15 | CVE-2007-6360 | SUN | Denial Of Service vulnerability in Sun SPARC XSCF Control Package (XCP) Firmware Unspecified vulnerability in the Sun eXtended System Control Facility (XSCF) Control Package (XCP) firmware before 1050 on SPARC Enterprise M4000, M5000, M8000, and M9000 servers allows remote attackers to cause a denial of service (reboot) via (1) telnet, (2) ssh, or (3) http network traffic that triggers memory exhaustion. | 7.8 |
2007-12-15 | CVE-2007-6384 | BEA | Improper Authentication vulnerability in BEA Weblogic Mobility Server 3.3/3.5/3.6 Unspecified vulnerability in the Image Converter functionality in BEA WebLogic Mobility Server 3.3, 3.5, and 3.6 through 3.6 SP1 allows remote attackers to obtain application file and resource access via unspecified vectors. | 7.5 |
2007-12-15 | CVE-2007-6380 | E Xoops | SQL Injection vulnerability in E-Xoops Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issues to CVE-2007-5104 and CVE-2007-6266. | 7.5 |
2007-12-15 | CVE-2007-6378 | Badblue | Path Traversal vulnerability in Badblue Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. | 7.5 |
2007-12-15 | CVE-2007-6377 | Badblue | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Badblue Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string. | 7.5 |
2007-12-15 | CVE-2007-6376 | Francisco Burzi | Path Traversal vulnerability in Francisco Burzi PHP-Nuke 8.0Final Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2007-12-15 | CVE-2007-6375 | Bitweaver | SQL Injection vulnerability in Bitweaver Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to wiki/list_pages.php and the (2) highlight parameter to search/index.php. | 7.5 |
2007-12-15 | CVE-2007-6373 | Gestdown | SQL Injection vulnerability in Gestdown 1.00Beta Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow remote attackers to execute arbitrary SQL commands via the (1) categorie parameter to catdownload.php, or the id parameter to (2) download.php or (3) hitcounter.php. | 7.5 |
2007-12-15 | CVE-2007-6366 | Sinecms | SQL Injection vulnerability in Sinecms Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to mods/Calendar/index.php, accessed through a Calendar info action to mods.php; the id parameter to admin/mods_adm.php in a (2) Guestbook modifica or (3) Calendar modify action; or the (4) mese or (5) anno parameter to admin/mods_adm.php in a Calendar action. | 7.5 |
2007-12-15 | CVE-2007-6362 | Joomla | SQL Injection vulnerability in Joomla RS Gallery2 Beta5 SQL injection vulnerability in index.php in the RSGallery (com_rsgallery) 2.0 beta 5 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an inline page action. | 7.5 |
2007-12-15 | CVE-2007-6338 | Trivantis | SQL Injection vulnerability in Trivantis Coursemill Enterprise Learning Management System 4.1 SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill Enterprise Learning Management System 4.1 SP4 allows remote attackers to execute arbitrary SQL commands via the user parameter (username field). | 7.5 |
2007-12-13 | CVE-2007-6345 | Aurora | SQL Injection vulnerability in Aurora Framework SQL injection vulnerability in aurora framework before 20071208 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib. | 7.5 |
2007-12-13 | CVE-2007-6342 | David Castro | SQL Injection vulnerability in David Castro Apache Authcas 0.4 SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie. | 7.5 |
2007-12-13 | CVE-2007-6327 | AVS Media | Buffer Errors vulnerability in AVS Media Avsmjpegfile.Dll 1.1.1.102 Buffer overflow in a certain ActiveX control in Online Media Technologies AVSMJPEGFILE.DLL 1.1.1.102 allows remote attackers to execute arbitrary code via a long first argument to the CreateStill method. | 7.5 |
2007-12-11 | CVE-2007-6311 | Falt4 CMS | SQL Injection vulnerability in Falt4 CMS Falt4 Extreme RC4 10.9.2007 SQL injection vulnerability in (1) index.php, and possibly (2) admin/index.php, in Falt4Extreme RC4 10.9.2007 allows remote attackers to execute arbitrary SQL commands via the nav_ID parameter. | 7.5 |
2007-12-10 | CVE-2007-6299 | Drupal | Improper Input Validation vulnerability in Drupal Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules. | 7.5 |
2007-12-10 | CVE-2007-6292 | Mwopen | SQL Injection vulnerability in Mwopen E-Commerce 0/1.4 SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-12-10 | CVE-2007-6291 | Xigla | SQL Injection vulnerability in Xigla Absolute Banner Manager.Net 4.0 SQL injection vulnerability in abm.aspx in Xigla Absolute Banner Manager .NET 4.0 allows remote attackers to execute arbitrary SQL commands via the z parameter. | 7.5 |
2007-12-10 | CVE-2007-6288 | Tecnick COM | SQL Injection vulnerability in Tecnick.Com Tcexam Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2007-12-15 | CVE-2007-6386 | Trend Micro | Buffer Errors vulnerability in Trend Micro products Stack-based buffer overflow in PccScan.dll before build 1451 in Trend Micro AntiVirus plus AntiSpyware 2008, Internet Security 2008, and Internet Security Pro 2008 allows user-assisted remote attackers to cause a denial of service (SfCtlCom.exe crash), and allows local users to gain privileges, via a malformed .zip archive with a long name, as demonstrated by a .zip file created via format string specifiers in a crafted .uue file. | 7.2 |
2007-12-12 | CVE-2007-5350 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows Vista Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths." | 7.2 |
2007-12-15 | CVE-2007-6371 | Nokia | Improper Input Validation vulnerability in Nokia N95 12.0.013 Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attackers to cause a denial of service (device inoperability) via a SIP INVITE message accompanied by an immediately subsequent SIP CANCEL message, followed by a second SIP INVITE message in a different session. | 7.1 |
62 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-12-13 | CVE-2007-5964 | Redhat | Configuration vulnerability in Redhat Enterprise Linux 5.0 The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server. | 6.9 |
2007-12-15 | CVE-2007-6382 | Robocode | Remote Java Code Execution vulnerability in Robocode The Event Dispatch Thread in Robocode before 1.5.1 allows remote attackers to execute arbitrary Java code by using a robot to invoke the SwingUtilities.invokeLater method. | 6.8 |
2007-12-15 | CVE-2007-4706 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remote attackers to execute arbitrary code via a crafted QTL file. | 6.8 |
2007-12-14 | CVE-2007-6348 | Squirrelmail | Code Injection vulnerability in Squirrelmail 1.4.11/1.4.12 SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code. | 6.8 |
2007-12-13 | CVE-2007-6347 | Viart | Code Injection vulnerability in Viart products PHP remote file inclusion vulnerability in blocks/block_site_map.php in ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, and (4) Shop Free 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the root_folder_path parameter. | 6.8 |
2007-12-13 | CVE-2007-6344 | Mcms | Path Traversal vulnerability in Mcms Easy web Make 0 Directory traversal vulnerability in modules/cms/index.php in Mcms Easy Web Make 1.3, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2007-12-13 | CVE-2007-5989 | Skype Technologies | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Skype Technologies Skype Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption. | 6.8 |
2007-12-13 | CVE-2007-6325 | Fastpublish | Improper Input Validation vulnerability in Fastpublish CMS 1.9999 PHP remote file inclusion vulnerability in adminbereich/designconfig.php in Fastpublish CMS 1.9999 allows remote attackers to execute arbitrary PHP code via a URL in the config[fsBase] parameter, a different vector than CVE-2006-2726. | 6.8 |
2007-12-13 | CVE-2007-6324 | City Writer | Code Injection vulnerability in City Writer Citywriter 0.9.7 PHP remote file inclusion vulnerability in head.php in CityWriter 0.9.7 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | 6.8 |
2007-12-12 | CVE-2007-5007 | Gnome | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Gnome Balsa Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command. | 6.8 |
2007-12-12 | CVE-2007-6318 | Wordpress | SQL Injection vulnerability in Wordpress SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character. | 6.8 |
2007-12-12 | CVE-2007-5347 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability." | 6.8 |
2007-12-12 | CVE-2007-5344 | Microsoft | Code Injection vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability." | 6.8 |
2007-12-12 | CVE-2007-3903 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability." | 6.8 |
2007-12-10 | CVE-2007-6302 | Novell | Buffer Errors vulnerability in Novell Netmail 3.5.2 Multiple heap-based buffer overflows in avirus.exe in Novell NetMail 3.5.2 before Messaging Architects M+NetMail 3.52f (aka 3.5.2F) allows remote attackers to execute arbitrary code via unspecified ASCII integers used as memory allocation arguments, aka "ZDI-CAN-162." | 6.8 |
2007-12-10 | CVE-2007-6289 | Iptel | Code Injection vulnerability in Iptel Serweb Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SERWEB[configdir] parameter to load_lang.php, (2) _SERWEB[functionsdir] parameter to main_prepend.php, and the (3) _PHPLIB[libdir] parameter to load_phplib.php, different vectors than CVE-2007-3359 and CVE-2007-3358. | 6.8 |
2007-12-15 | CVE-2007-6381 | Typo3 | SQL Injection vulnerability in Typo3 SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2007-12-13 | CVE-2007-6329 | Microsoft | Credentials Management vulnerability in Microsoft Office 2007 Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container. | 6.4 |
2007-12-15 | CVE-2007-6357 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Access Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. | 5.8 |
2007-12-13 | CVE-2007-6333 | HP | Arbitrary Code Execution vulnerability in HP Info Center HPInfoDLL.DLL ActiveX Control The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method. | 5.8 |
2007-12-10 | CVE-2007-5970 | Oracle | Remote Security vulnerability in MySQL MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges. | 5.8 |
2007-12-15 | CVE-2007-6383 | Chandler Project | Permissions, Privileges, and Access Controls vulnerability in Chandler Project Chandler Server The DAV component in Chandler Server (Cosmo) before 0.10.1 does not check resource creation permissions, which allows remote authenticated users to create arbitrary resources in another user's home collection. | 5.5 |
2007-12-12 | CVE-2007-6317 | Real Time Logic | Path Traversal vulnerability in Real Time Logic products Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/. | 5.5 |
2007-12-15 | CVE-2007-6379 | Badblue | Configuration vulnerability in Badblue BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message. | 5.0 |
2007-12-15 | CVE-2007-6369 | Wordpress | Path Traversal vulnerability in Wordpress Pictpress Multiple directory traversal vulnerabilities in resize.php in the PictPress 0.91 and earlier plugin for WordPress allow remote attackers to read arbitrary files via a .. | 5.0 |
2007-12-15 | CVE-2007-6368 | Ezcontents | Path Traversal vulnerability in Ezcontents 1.4.5 Directory traversal vulnerability in index.php in ezContents 1.4.5 allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-12-15 | CVE-2007-6361 | Gekkoware | Permissions, Privileges, and Access Controls vulnerability in Gekkoware Gekko Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. | 5.0 |
2007-12-13 | CVE-2007-6326 | Sergey Lyubka | Improper Input Validation vulnerability in Sergey Lyubka Simple Httpd 1.3 Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI. | 5.0 |
2007-12-13 | CVE-2007-6323 | MMS Gallery | Path Traversal vulnerability in MMS Gallery MMS Gallery PHP 1.0 Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 allow remote attackers to read arbitrary files via a .. | 5.0 |
2007-12-13 | CVE-2007-6322 | Xml2Owl | Path Traversal vulnerability in Xml2Owl 0.1.1 Directory traversal vulnerability in filedownload.php in xml2owl 0.1.1 allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-12-12 | CVE-2007-6314 | Real Time Logic | Improper Input Validation vulnerability in Real Time Logic products BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a (1) + (plus), (2) . | 5.0 |
2007-12-10 | CVE-2007-6304 | Mysql Oracle | Privilege Escalation And Denial Of Service vulnerability in MySQL Server The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns. | 5.0 |
2007-12-10 | CVE-2007-6300 | Fusion News | Cross-Site Request Forgery (CSRF) vulnerability in Fusion News Fusion News 3.9.0 Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 allows remote attackers to perform unauthorized actions via unspecified vectors. | 5.0 |
2007-12-10 | CVE-2007-6296 | Phpmychat | Code Injection vulnerability in PHPmychat 0.14.5 PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the From parameter. | 5.0 |
2007-12-10 | CVE-2007-6290 | Iptel | Path Traversal vulnerability in Iptel Serweb 2.0.0Dev1 Multiple directory traversal vulnerabilities in js/get_js.php in SERWeb 2.0.0 dev1 and earlier allow remote attackers to read arbitrary files via a .. | 5.0 |
2007-12-15 | CVE-2007-6359 | Apple | Numeric Errors vulnerability in Apple mac OS X 10.5.1 The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL. | 4.9 |
2007-12-15 | CVE-2007-6358 | Glyph AND COG | Unspecified vulnerability in Glyph and COG Pdftops pdftops.pl before 1.20 in alternate pdftops filter allows local users to overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp temporary file, which is created when pdftops reads a PDF file from stdin, such as when pdftops is invoked by CUPS. | 4.9 |
2007-12-10 | CVE-2007-6294 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Hardware Management Console 3.3.7 Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 3 R3.7 allow attackers to gain privileges via "some HMC commands." | 4.9 |
2007-12-10 | CVE-2007-6305 | Linux Unix IBM | Buffer Errors vulnerability in IBM Hardware Management Console 7.3.2.0 Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands." | 4.6 |
2007-12-15 | CVE-2007-6374 | Bitweaver | Cross-Site Scripting vulnerability in Bitweaver Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) users/register.php or (2) search/index.php, or an editcomments action in (3) wiki/index.php or (4) forums/index.php. | 4.3 |
2007-12-15 | CVE-2007-6367 | Sinecms | Cross-Site Scripting vulnerability in Sinecms Multiple cross-site scripting (XSS) vulnerabilities in the guestbook in SineCMS 2.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username (user) or (2) comment (commento) field, different vectors than CVE-2007-2357. | 4.3 |
2007-12-15 | CVE-2007-6365 | Bcoos | Cross-Site Scripting vulnerability in Bcoos Event Calendar 1.0.10 Cross-site scripting (XSS) vulnerability in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 allows remote attackers to inject arbitrary web script or HTML via the month parameter. | 4.3 |
2007-12-15 | CVE-2007-6364 | Jlmforo System | Cross-Site Scripting vulnerability in Jlmforo System Jlmforo System Cross-site scripting (XSS) vulnerability in modificarPerfil.php in JLMForo System allows remote authenticated users to inject arbitrary web script or HTML via a signature. | 4.3 |
2007-12-15 | CVE-2007-5582 | Cisco | Cross-Site Scripting vulnerability in Cisco Ciscoworks Server 2.6 Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-12-13 | CVE-2007-6346 | Rainboard | Cross-Site Scripting vulnerability in Rainboard Cross-site scripting (XSS) vulnerability in Rainboard before 2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-12-13 | CVE-2007-6343 | HP | Cross-Site Scripting vulnerability in HP Openview Network Node Manager 6.41/7.0.1/7.51 Cross-site scripting (XSS) vulnerability in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-12-12 | CVE-2007-6321 | Roundcube | Cross-Site Scripting vulnerability in Roundcube Webmail 0.1 Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands. | 4.3 |
2007-12-12 | CVE-2007-6320 | Drupal | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Feature Module 4.7.Xdev/5.Xdev Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks. | 4.3 |
2007-12-12 | CVE-2007-6316 | Real Time Logic | Cross-Site Scripting vulnerability in Real Time Logic products Cross-site scripting (XSS) vulnerability in BarracudaDrive Web Server before 3.8 allows remote attackers to inject arbitrary web script or HTML via the URI path in an HTTP GET request, which is activated by administrators viewing log files via the Trace page. | 4.3 |
2007-12-11 | CVE-2007-6312 | Websense | Cross-Site Scripting vulnerability in Websense Enterpise, Reporting Tools and web Security Suite Cross-site scripting (XSS) vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field. | 4.3 |
2007-12-11 | CVE-2007-6310 | Falt4 CMS | Cross-Site Scripting vulnerability in Falt4 CMS Falt4 Extreme RC4 10.9.2007 Multiple cross-site scripting (XSS) vulnerabilities in Falt4Extreme RC4 10.9.2007 allow remote attackers to inject arbitrary web script or HTML via the handler parameter to (1) index.php and possibly (2) admin/index.php, and (3) the topic parameter to modules/feed/feed.php (aka modules/feed.php). | 4.3 |
2007-12-11 | CVE-2007-6309 | Webspell | Cross-Site Scripting vulnerability in Webspell 4.1.2 Multiple cross-site scripting (XSS) vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the galleryID parameter in a usergallery upload action; or the (2) upID, (3) tag, (4) month, (5) userID, or (6) year parameter in a calendar announce action. | 4.3 |
2007-12-11 | CVE-2007-6308 | Httplogger | Cross-Site Scripting vulnerability in Httplogger 0.8.1 Cross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-12-11 | CVE-2007-6307 | Jfree | Cross-Site Scripting vulnerability in Jfree Jfreechart 1.0.8 Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header. | 4.3 |
2007-12-11 | CVE-2007-6306 | Jfree | Cross-Site Scripting vulnerability in Jfree Jfreechart 1.0.8 Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area. | 4.3 |
2007-12-11 | CVE-2007-6205 | S9Y | Cross-Site Scripting vulnerability in S9Y Serendipity Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed. | 4.3 |
2007-12-10 | CVE-2007-6301 | Open Newsletter | Cross-Site Scripting vulnerability in Open Newsletter Open Newsletter Cross-site scripting (XSS) vulnerability in compose.php in OpenNewsletter 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter. | 4.3 |
2007-12-10 | CVE-2007-6298 | Drupal | Cross-Site Scripting vulnerability in Drupal Shoutbox Cross-site scripting (XSS) vulnerability in the Shoutbox module for Drupal 5.x before Shoutbox 5.x-1.1 allows remote authenticated users to inject arbitrary web script or HTML via Shoutbox block messages. | 4.3 |
2007-12-10 | CVE-2007-6297 | PHP Heaven | Cross-Site Scripting vulnerability in PHP Heaven PHPmychat 0.14.5 Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3. | 4.3 |
2007-12-10 | CVE-2007-6295 | IBM | Cross-Site Scripting vulnerability in IBM Lotus Sametime Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI. | 4.3 |
2007-12-10 | CVE-2007-6287 | Lxlabs | Cross-Site Scripting vulnerability in Lxlabs Hypervm 2.0 Cross-site scripting (XSS) vulnerability in the login page in Lxlabs HyperVM 2.0 allows remote attackers to inject arbitrary web script or HTML via the frm_emessage parameter, a different vector than CVE-2006-6649. | 4.3 |
2007-12-12 | CVE-2007-6315 | Real Time Logic | Buffer Errors vulnerability in Real Time Logic products Group Chat in BarracudaDrive Web Server before 3.8 allows remote authenticated users to cause a denial of service (crash) via a HTTP request to /eh/chat.ehintf/C. | 4.0 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-12-10 | CVE-2007-6303 | Mysql Oracle | Privilege Escalation And Denial Of Service vulnerability in MySQL Server MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. | 3.5 |
2007-12-15 | CVE-2007-6385 | Kerio | Improper Authentication vulnerability in Kerio Winroute Firewall The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. | 2.1 |
2007-12-15 | CVE-2007-6363 | IBM | Cross-Site Scripting vulnerability in IBM Tivoli Netcool Security Manager 1.3.0 IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when using Active Directory (AD) LDAP authentication, allows remote attackers to obtain login access via unspecified vectors without entering a password. | 2.1 |
2007-12-15 | CVE-2007-6249 | Gentoo | Information Exposure vulnerability in Gentoo Portage 2.0.51.22/2.1.1/2.1.3.10 etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file. | 2.1 |