Weekly Vulnerabilities Reports > December 17 to 23, 2007
Overview
145 new vulnerabilities reported during this period, including 29 critical vulnerabilities and 29 high severity vulnerabilities. This weekly summary report vulnerabilities in 110 products from 90 vendors including Apple, Hosting Controller, Linux, Adobe, and SUN. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "SQL Injection", and "Path Traversal".
- 130 reported vulnerabilities are remotely exploitables.
- 47 reported vulnerabilities have public exploit available.
- 42 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 133 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 20 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 8 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
29 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-12-20 | CVE-2007-6507 | Trend Micro | Permissions, Privileges, and Access Controls vulnerability in Trend Micro Serverprotect 5.58Securitypatch3 SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code. | 10.0 |
2007-12-20 | CVE-2007-6494 | Hosting Controller | Improper Input Validation vulnerability in Hosting Controller Hosting Controller 6.1Hotfix3.3 Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters. | 10.0 |
2007-12-20 | CVE-2007-6493 | Imesh COM | Improper Input Validation vulnerability in Imesh.Com Imesh The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method. | 10.0 |
2007-12-20 | CVE-2007-6491 | Kvaliitti | SQL-Injection vulnerability in Kvaliitti Webdoc CMS 3.0 Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id parameters to subcategory.asp. | 10.0 |
2007-12-20 | CVE-2007-6456 | Planamesa | Security vulnerability in NeoOffice OpenOffice Code Unspecified vulnerability in OpenOffice.org code in Planamesa NeoOffice 2.2.2 before Patch 4 has unknown impact and attack vectors related to MacOS 10.3.9 .odb files. | 10.0 |
2007-12-20 | CVE-2007-6454 | Peercast | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Peercast 0.1211/0.1212/0.1215 Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request. | 10.0 |
2007-12-20 | CVE-2007-6453 | Raiden Professional Servers | Path Traversal vulnerability in Raiden Professional Servers Raidenhttpd 2.0.19 Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. | 10.0 |
2007-12-20 | CVE-2007-6281 | Stbernard | Buffer Errors vulnerability in Stbernard Open File Manager 9.5 Heap-based buffer overflow in Open File Manager service (ofmnt.exe) in St. | 10.0 |
2007-12-18 | CVE-2007-6355 | Aertherwide | Numeric Errors vulnerability in Aertherwide Exiftags Integer overflow in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow" that triggers an "illegal memory access," a different vulnerability than CVE-2007-6354. | 10.0 |
2007-12-18 | CVE-2007-6354 | Aertherwide | Buffer Overflow And Denial Of Service vulnerability in exiftags Unspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow" that triggers an "illegal memory access," a different vulnerability than CVE-2007-6355. | 10.0 |
2007-12-17 | CVE-2007-4473 | Gesytec Easylon | Buffer Errors vulnerability in Gesytec Easylon OPC Server 2.30.32 Gesytec Easylon OPC Server before 2.3.44 does not properly validate server handles, which allows remote attackers to execute arbitrary code or cause a denial of service via unspecified network traffic to the OLE for Process Control (OPC) interface, probably related to free operations on arbitrary memory addresses through certain Remove functions, and read and write operations on arbitrary memory addresses through certain Set, Read, and Write functions. | 10.0 |
2007-12-20 | CVE-2007-6480 | SUN | Unspecified vulnerability in SUN Management+Center 3.5Update1/3.6/3.6.1 The Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code. | 9.4 |
2007-12-19 | CVE-2007-5856 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.5.1 Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information. | 9.4 |
2007-12-18 | CVE-2007-5862 | Apple | Improper Authentication vulnerability in Apple mac OS X Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet. | 9.4 |
2007-12-20 | CVE-2007-6506 | HP | File Overwrite vulnerability in HP Software Update 'RulesEngine.dll' ActiveX Control The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method. | 9.3 |
2007-12-20 | CVE-2007-6243 | Adobe | Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks. | 9.3 |
2007-12-20 | CVE-2007-6469 | Phprpg | SQL Injection vulnerability in PHPrpg 0.8 SQL injection vulnerability in index.php in phpRPG 0.8, when magic_qutoes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | 9.3 |
2007-12-20 | CVE-2007-6468 | Hammer OF Thyrion | Buffer Errors vulnerability in Hammer of Thyrion Hammer of Thyrion 1.4.2 Buffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman.c and hexenworld/Client/huffman.c in Hammer of Thyrion 1.4.2 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted huffman encoded packet. | 9.3 |
2007-12-19 | CVE-2007-5863 | Apple | Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option. | 9.3 |
2007-12-19 | CVE-2007-5859 | Apple | Resource Management Errors vulnerability in Apple Safari Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption. | 9.3 |
2007-12-19 | CVE-2007-5853 | Apple | Multiple Security vulnerability in Apple mac OS X 10.4.11 Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partition maps, which triggers memory corruption. | 9.3 |
2007-12-19 | CVE-2007-5849 | Apple Easy Software Products | Numeric Errors vulnerability in Easy Software products Cups Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow. | 9.3 |
2007-12-19 | CVE-2007-4710 | Apple | Resource Management Errors vulnerability in Apple mac OS X 10.4.11 Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, which triggers memory corruption. | 9.3 |
2007-12-19 | CVE-2007-4708 | Apple | USE of Externally-Controlled Format String vulnerability in Apple mac OS X 10.4.11 Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler. | 9.3 |
2007-12-18 | CVE-2007-6436 | Justsystem | Buffer Errors vulnerability in Justsystem Ichitaro 2005/2006/2007 Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan. | 9.3 |
2007-12-18 | CVE-2007-6435 | Novell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Groupwise Stack-based buffer overflow in Novell GroupWise before 6.5.7, when HTML preview of e-mail is enabled, allows user-assisted remote attackers to execute arbitrary code via a long SRC attribute in an IMG element when forwarding or replying to a crafted e-mail. | 9.3 |
2007-12-17 | CVE-2007-6413 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Solaris 10 Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120011-* and 120012-* patches, allows remote attackers to bypass certain netgroup restrictions and obtain root access to a filesystem via NFS requests from a client root user. | 9.3 |
2007-12-17 | CVE-2007-6402 | 3Ivx Guliverkli | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in mplayerc.exe in Media Player Classic (MPC) 6.4.9, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6401. | 9.3 |
2007-12-17 | CVE-2007-6401 | 3Ivx Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6402. | 9.3 |
29 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-12-19 | CVE-2007-5850 | Apple | Buffer Errors vulnerability in Apple mac OS X 10.4.11 Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file. | 8.8 |
2007-12-19 | CVE-2007-4709 | Apple | Path Traversal vulnerability in Apple mac OS X 10.5.1 Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response. | 8.8 |
2007-12-21 | CVE-2007-6509 | Appian | Improper Input Validation vulnerability in Appian Business Process Management Suite 5.6 Unspecified vulnerability in Appian Enterprise Business Process Management (BPM) Suite 5.6 SP1 allows remote attackers to cause a denial of service via a crafted packet to port 5400/tcp. | 7.8 |
2007-12-20 | CVE-2007-6349 | Perforce | Resource Management Errors vulnerability in Perforce P4Web 2006.1/2006.2 P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windows, allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with an empty body and a Content-Length greater than 0. | 7.8 |
2007-12-20 | CVE-2007-6482 | SUN Linux | Multiple vulnerability in Sun Ray Device Manager Daemon Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | 7.8 |
2007-12-20 | CVE-2007-5584 | Cisco | Denial Of Service vulnerability in Cisco Firewall Services Module 3.2(3) Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2(3) allows remote attackers to cause a denial of service (device reload) via crafted "data in the control-plane path with Layer 7 Application Inspections." | 7.8 |
2007-12-18 | CVE-2007-5583 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IP Phone 7940 Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459. | 7.8 |
2007-12-21 | CVE-2007-6515 | Sitescape | Code Injection vulnerability in Sitescape Forum ST and Sitescape Forum ZX support/dispatch.cgi in SiteScape Forum allows remote attackers to execute arbitrary TCL code via code separator characters in the query string. | 7.5 |
2007-12-21 | CVE-2007-6508 | Xecms | Path Traversal vulnerability in Xecms 1.0 Directory traversal vulnerability in view.php in xeCMS 1.0 allows remote attackers to read arbitrary files via a ..%2F (dot dot slash) in the list parameter. | 7.5 |
2007-12-20 | CVE-2007-6498 | Hosting Controller | SQL Injection vulnerability in Hosting Controller Hosting Controller 6.1Hotfix3.3 Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp. | 7.5 |
2007-12-20 | CVE-2007-6497 | Hosting Controller | Permissions, Privileges, and Access Controls vulnerability in Hosting Controller Hosting Controller Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a discount via an UpdateUser action to Accounts/AccountActions.asp with modified UserName, FullName, CreditLimit, and DefaultDiscount parameters, a related issue to CVE-2005-2219. | 7.5 |
2007-12-20 | CVE-2007-6489 | Falcon | Cross-Site Scripting vulnerability in Falcon Series ONE CMS 1.4.3 Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors. | 7.5 |
2007-12-20 | CVE-2007-6485 | Centreon | Code Injection vulnerability in Centreon 1.4.1 Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusCounter.php in include/monitoring/engine/. | 7.5 |
2007-12-20 | CVE-2007-6472 | Phpmyrealty | SQL Injection vulnerability in PHPmyrealty 1.0.9 Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allow (1) remote attackers to execute arbitrary SQL commands via the type parameter to search.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the listing_updated_days parameter to admin/findlistings.php. | 7.5 |
2007-12-20 | CVE-2007-6335 | Clam Anti Virus | Numeric Errors vulnerability in Clam Anti-Virus Clamav Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow. | 7.5 |
2007-12-20 | CVE-2007-6467 | Mkportal | SQL Injection vulnerability in Mkportal 1.1Rc1 SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action. | 7.5 |
2007-12-20 | CVE-2007-6466 | Freewebshop | SQL Injection vulnerability in Freewebshop 2.2.1 Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. | 7.5 |
2007-12-20 | CVE-2007-6462 | PHP Real Estate Classifieds | SQL Injection vulnerability in PHP Real Estate Classifieds PHP Real Estate Classifieds Premium Plus SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-12-20 | CVE-2007-6458 | My123Tkshop | SQL Injection vulnerability in My123Tkshop E-Commerce-Suite 0.9.1 SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php. | 7.5 |
2007-12-18 | CVE-2007-6433 | Jboss | Improper Input Validation vulnerability in Jboss Seam The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter. | 7.5 |
2007-12-17 | CVE-2007-6414 | Adultscript | Credentials Management vulnerability in Adultscript 1.6 admin/administrator.php in Adult Script 1.6 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication and obtain administrative credentials via a direct request. | 7.5 |
2007-12-17 | CVE-2007-6396 | Myupb | Code Injection vulnerability in Myupb Flat PHP Board 1.2 Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the (1) username, (2) password, and (3) email parameters when registering a user account, which can be executed by accessing the user's php file for this account. | 7.5 |
2007-12-17 | CVE-2007-6394 | P3Mbo | SQL Injection vulnerability in P3Mbo Content Injector 1.53 SQL injection vulnerability in index.php in Content Injector 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter in an expand action. | 7.5 |
2007-12-17 | CVE-2007-6392 | Dominion WEB | SQL Injection vulnerability in Dominion web Dwdirectory SQL injection vulnerability in DWdirectory 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter to the /search URI. | 7.5 |
2007-12-17 | CVE-2007-6391 | SH News | SQL Injection vulnerability in Sh-News 3.0 SQL injection vulnerability in patch/comments.php in SH-News 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-12-19 | CVE-2007-5860 | Apple | Multiple Security vulnerability in Apple Mac OS X v10.5.1 2007-009 Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation." | 7.2 |
2007-12-19 | CVE-2007-5848 | Apple | Buffer Errors vulnerability in Apple mac OS X 10.4.11 Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service. | 7.2 |
2007-12-18 | CVE-2007-6417 | Linux | Resource Management Errors vulnerability in Linux Kernel The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash). | 7.2 |
2007-12-20 | CVE-2007-6492 | Imesh COM | Improper Input Validation vulnerability in Imesh.Com Imesh The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an empty string in the argument to the ProcessRequestEx method. | 7.1 |
81 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-12-21 | CVE-2007-6516 | Ravware | Buffer Errors vulnerability in Ravware Flic Activex Control 1.0.0.1 Buffer overflow in RavWare Software MAS Flic ActiveX Control (masflc.ocx) 1.0.0.1 allows remote attackers to execute arbitrary code via a long FileName property. | 6.8 |
2007-12-21 | CVE-2007-6510 | Prowizard | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Prowizard 4 PC Multiple stack-based buffer overflows in ProWizard 4 PC (prowiz) 1.62 and earlier allow remote attackers to execute arbitrary code via a crafted file to the (1) AMOS-MusicBank, (2) FuzzacPacker, and (3) QuadraComposer rippers; and (4) have an unknown impact via a crafted file to the SkytPacker ripper. | 6.8 |
2007-12-20 | CVE-2007-6496 | Hosting Controller | Permissions, Privileges, and Access Controls vulnerability in Hosting Controller Hosting Controller 6.1Hotfix3.3 Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to CVE-2005-1654. | 6.8 |
2007-12-20 | CVE-2007-6488 | Falcon | Improper Input Validation vulnerability in Falcon Series ONE CMS 1.4.3 Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php. | 6.8 |
2007-12-20 | CVE-2007-6484 | Phprpg | SQL Injection vulnerability in PHPrpg 0.8 SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. | 6.8 |
2007-12-20 | CVE-2007-6478 | Rosoftengineering | Buffer Errors vulnerability in Rosoftengineering Rosoft Media Player 4.1.7 Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8, and possibly earlier versions allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a .M3U file. | 6.8 |
2007-12-20 | CVE-2007-6352 | Libexif | Numeric Errors vulnerability in Libexif Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exif_data_load_data_thumbnail function in exif-data.c. | 6.8 |
2007-12-20 | CVE-2007-6336 | Clam Anti Virus | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Clam Anti-Virus Clamav Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file. | 6.8 |
2007-12-20 | CVE-2007-6242 | Adobe | Improper Input Validation vulnerability in Adobe Flash Player Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors." | 6.8 |
2007-12-20 | CVE-2007-6464 | Form Tools | Code Injection vulnerability in Form Tools Form Tools 1.5.0B Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0b allow remote attackers to execute arbitrary PHP code via a URL in the g_root_dir parameter to (1) admin_page_open.php and (2) client_page_open.php in global/templates/. | 6.8 |
2007-12-20 | CVE-2007-6459 | Anon Proxy Server | Code Injection vulnerability in Anon Proxy Server Anon Proxy Server 0.100 Anon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than CVE-2007-6460. | 6.8 |
2007-12-19 | CVE-2007-5861 | Apple | Resource Management Errors vulnerability in Apple mac OS X 10.4.11 Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer. | 6.8 |
2007-12-17 | CVE-2007-6412 | Bitweaver | Code Injection vulnerability in Bitweaver Direct static code injection vulnerability in wiki/index.php in Bitweaver 2.0.0 and earlier, when comments are enabled, allows remote attackers to inject arbitrary PHP code via an editcomments action. | 6.8 |
2007-12-17 | CVE-2007-6403 | Winamp | Buffer Errors vulnerability in Winamp Nullsoft Winamp 5.32 Stack-based buffer overflow in Nullsoft Winamp 5.32 allows user-assisted remote attackers to execute arbitrary code via crafted unicode in a .mp4 file, with crafted tags, contained in a certain .rar archive, a related issue to CVE-2007-2498. | 6.8 |
2007-12-19 | CVE-2007-5847 | Apple | Race Condition vulnerability in Apple mac OS X 10.4.11 Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information. | 6.6 |
2007-12-19 | CVE-2007-3876 | Apple | Buffer Errors vulnerability in Apple mac OS X 10.4.11 Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows local users to execute arbitrary code via (1) a long workgroup (-W) option to mount_smbfs or (2) an unspecified manipulation of the command line to smbutil. | 6.6 |
2007-12-20 | CVE-2007-6495 | Hosting Controller | Permissions, Privileges, and Access Controls vulnerability in Hosting Controller Hosting Controller 6.1Hotfix3.3 inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. | 6.5 |
2007-12-17 | CVE-2007-6399 | Myupb | Credentials Management vulnerability in Myupb Flat PHP Board index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action. | 6.5 |
2007-12-17 | CVE-2007-6393 | ACE Image Hosting Script | SQL Injection vulnerability in ACE Image Hosting Script ACE Image Hosting Script 0 SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode. | 6.5 |
2007-12-20 | CVE-2007-6481 | SUN | Multiple vulnerability in Sun Ray Device Manager Daemon Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to create or delete arbitrary directories via unspecified vectors. | 6.4 |
2007-12-20 | CVE-2007-6475 | GF 3Xplorer | Path Traversal vulnerability in GF 3Xplorer GF 3Xplorer 2.4 Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to include and execute arbitrary local files via a .. | 6.4 |
2007-12-20 | CVE-2007-6470 | Phprpg | Permissions, Privileges, and Access Controls vulnerability in PHPrpg 0.8 phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies. | 6.4 |
2007-12-19 | CVE-2007-5857 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.5.1 Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack. | 6.4 |
2007-12-19 | CVE-2007-5855 | Apple | Improper Authentication vulnerability in Apple mac OS X 10.4.11/10.5.1 Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity. | 6.4 |
2007-12-17 | CVE-2007-6405 | Shttpd | Information Exposure vulnerability in Shttpd 1.34/1.35/1.38 Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. | 6.4 |
2007-12-20 | CVE-2007-6285 | Redhat | Configuration vulnerability in Redhat Enterprise Linux 4.0/5.0 The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device. | 6.2 |
2007-12-20 | CVE-2007-6473 | Texas Imperial Software | Buffer Errors vulnerability in Texas Imperial Software Wftpd PRO Explorer 1.0 Heap-based buffer overflow in Texas Imperial Software WFTPD Pro Explorer 1.0 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command. | 5.8 |
2007-12-20 | CVE-2007-6245 | Adobe | Buffer Errors vulnerability in Adobe Flash Player 7.0/8.0/9.0 Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks. | 5.8 |
2007-12-20 | CVE-2007-6471 | Phpay | Path Traversal vulnerability in PHPay 2.02.01/2.2.1 Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\ (dot dot backslash) in the config parameter. | 5.8 |
2007-12-20 | CVE-2007-6504 | Hosting Controller | Permissions, Privileges, and Access Controls vulnerability in Hosting Controller Hosting Controller Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter. | 5.5 |
2007-12-20 | CVE-2007-6503 | Hosting Controller | Permissions, Privileges, and Access Controls vulnerability in Hosting Controller Hosting Controller Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp with the (a) save, (b) 30, and (c) d_30 parameters. | 5.5 |
2007-12-20 | CVE-2007-6502 | Hosting Controller | Information Exposure vulnerability in Hosting Controller Hosting Controller Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using Microsoft.XMLHTTP or MSXML2.XMLHTTP objects, which trigger a response with the setup directory pathname in the HTML source; and (3) might allow remote attackers to obtain sensitive information via a request for /admin/forum/, which reveals the path in an error message when a forum is not found. | 5.5 |
2007-12-20 | CVE-2007-6501 | Hosting Controller | Permissions, Privileges, and Access Controls vulnerability in Hosting Controller Hosting Controller Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp. | 5.5 |
2007-12-20 | CVE-2007-6499 | Hosting Controller | Permissions, Privileges, and Access Controls vulnerability in Hosting Controller Hosting Controller Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value." | 5.5 |
2007-12-21 | CVE-2007-6512 | PHP | Permissions, Privileges, and Access Controls vulnerability in PHP Mysql Banner Exchange 2.2.1 PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc. | 5.0 |
2007-12-21 | CVE-2007-6511 | Websense | Security Bypass vulnerability in Websense Enterpise 6.3.1 Websense Enterprise 6.3.1 allows remote attackers to bypass content filtering by visiting http URLs with a (1) RealPlayer G2, (2) MSMSGS, or (3) StoneHttpAgent User-Agent header, which results in a Non-HTTP categorization. | 5.0 |
2007-12-20 | CVE-2007-6341 | NET DNS | Buffer Errors vulnerability in NET DNS NET DNS 0.60 Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS response. | 5.0 |
2007-12-20 | CVE-2007-6334 | Microsoft Ingres | Permissions, Privileges, and Access Controls vulnerability in Ingres 2.5/2.6 Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges. | 5.0 |
2007-12-20 | CVE-2007-6483 | Safenet | Path Traversal vulnerability in Safenet Sentinel Keys Server and Sentinel Protection Server Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.0.0 through 7.4.0 and possibly earlier versions, and Sentinel Keys Server 1.0.3 and possibly earlier versions, allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-12-20 | CVE-2007-6476 | GF 3Xplorer | Information Exposure vulnerability in GF 3Xplorer GF 3Xplorer 2.4 GF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function. | 5.0 |
2007-12-20 | CVE-2007-6457 | Netwin | Buffer Errors vulnerability in Netwin Surgemail 38K4 Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header. | 5.0 |
2007-12-19 | CVE-2007-6450 | Wireshark | Denial of Service vulnerability in Wireshark 0.99.6 The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. | 5.0 |
2007-12-19 | CVE-2007-6437 | Balabit | Improper Input Validation vulnerability in Balabit products Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows remote attackers to cause a denial of service (crash) via a message with a timestamp that does not contain a trailing space, which triggers a NULL pointer dereference. | 5.0 |
2007-12-18 | CVE-2007-6356 | Aertherwide | Resource Management Errors vulnerability in Aertherwide Exiftags exiftags before 1.01 allows attackers to cause a denial of service (infinite loop) via recursive IFD references in the EXIF data in a JPEG image. | 5.0 |
2007-12-17 | CVE-2007-6408 | IBM | Information Exposure vulnerability in IBM Tivoli Provisioning Manager Express IBM Tivoli Provisioning Manager Express provides unspecified information in error messages when (1) attempted duplication of a username occurs when creating an account or (2) when trying to login using a valid username, which makes it easier for remote attackers to enumerate usernames. | 5.0 |
2007-12-17 | CVE-2007-6404 | Microsoft Shttp | Path Traversal vulnerability in Shttp Directory traversal vulnerability in Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. | 5.0 |
2007-12-17 | CVE-2007-6400 | Poldoc | Path Traversal vulnerability in Poldoc Document Management System 0.96 Directory traversal vulnerability in download_file.php in PolDoc CMS (aka PDDMS) 0.96 allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-12-17 | CVE-2007-6398 | Flat PHP | Improper Authentication vulnerability in Flat PHP Board Flat PHP Board 1.2 and earlier allows remote attackers to bypass authentication and obtain limited access to an arbitrary user account via the fpb_username cookie. | 5.0 |
2007-12-17 | CVE-2007-6397 | Flat PHP | Path Traversal vulnerability in Flat PHP Board Multiple directory traversal vulnerabilities in index.php in Flat PHP Board 1.2 and earlier allow remote attackers to (1) create arbitrary files via a .. | 5.0 |
2007-12-17 | CVE-2007-6395 | Flat PHP | Permissions, Privileges, and Access Controls vulnerability in Flat PHP Board Flat PHP Board 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for the username php file for any user account in users/. | 5.0 |
2007-12-20 | CVE-2007-6500 | Hosting Controller | Permissions, Privileges, and Access Controls vulnerability in Hosting Controller Hosting Controller Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp. | 4.9 |
2007-12-20 | CVE-2007-6487 | Plain Black | Permissions, Privileges, and Access Controls vulnerability in Plain Black Webgui Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 allows remote authenticated users with Secondary Admin privileges to create Admin accounts, a different vulnerability than CVE-2006-0680. | 4.9 |
2007-12-20 | CVE-2007-6479 | Dokeos | Permissions, Privileges, and Access Controls vulnerability in Dokeos 1.8.4 Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/. | 4.9 |
2007-12-18 | CVE-2007-6283 | Redhat Fedoraproject Oracle Centos | Information Exposure vulnerability in multiple products Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named. | 4.9 |
2007-12-19 | CVE-2007-5963 | KDE | Local Denial Of Service vulnerability in KDE KDM Unspecified vulnerability in kdebase allows local users to cause a denial of service (KDM login inaccessible, or resource consumption) via unknown vectors. | 4.7 |
2007-12-17 | CVE-2007-6416 | XEN | Permissions, Privileges, and Access Controls vulnerability in XEN 3.1.2 The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations. | 4.6 |
2007-12-20 | CVE-2007-6246 | Linux Adobe | Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges. | 4.4 |
2007-12-21 | CVE-2007-6514 | Linux Apache | Information Exposure vulnerability in Apache Http Server 2.2.6 Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive. | 4.3 |
2007-12-21 | CVE-2007-6513 | HP | Information Exposure vulnerability in HP Esupportdiagnostics 1.0.11.0 HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports dangerous methods, which allows remote attackers to (1) read arbitrary files via the ReadTextFile method, or (2) read arbitrary registry values via the ReadValue method. | 4.3 |
2007-12-20 | CVE-2007-6490 | Falcon | Cross-Site Request Forgery (CSRF) vulnerability in Falcon Series ONE CMS 1.4.3 Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php. | 4.3 |
2007-12-20 | CVE-2007-6486 | Geek Palace COM | Cross-Site Scripting vulnerability in Geek-Palace.Com Lineshout 1.0 Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka the shoutbox) in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username (nickname) or (2) message parameter. | 4.3 |
2007-12-20 | CVE-2007-6477 | Citrix | Cross-Site Scripting vulnerability in Citrix web Interface 2.0 Cross-site scripting (XSS) vulnerability in the on-line help feature in Citrix Web Interface 2.0 and earlier, and NFuse, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-12-20 | CVE-2007-6474 | GF 3Xplorer | Cross-Site Scripting vulnerability in GF 3Xplorer GF 3Xplorer 2.4 Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to inject arbitrary web script or HTML via the newdir parameter to index_3x.php, and unspecified other vectors. | 4.3 |
2007-12-20 | CVE-2007-6430 | Asterisk | Improper Authentication vulnerability in Asterisk Business Edition and Open Source Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username. | 4.3 |
2007-12-20 | CVE-2007-6351 | Libexif Project | Unspecified vulnerability in Libexif Project Libexif libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags, possibly involving the exif_loader_write function in exif_loader.c. | 4.3 |
2007-12-20 | CVE-2007-6244 | Adobe | Cross-Site Scripting vulnerability in Adobe Flash Player 8.0/9.0 Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer. | 4.3 |
2007-12-20 | CVE-2007-6465 | Ganglia | Cross-Site Scripting vulnerability in Ganglia Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and (10) st parameters to (b) web/graph.php; and the (11) c, (12) G, (13) h, (14) r, (15) m, (16) s, (17) cr, (18) hc, (19) sh, (20) p, (21) t, (22) jr, (23) js, (24) gw, (25) z, and (26) gs parameters to (c) web/get_context.php. | 4.3 |
2007-12-20 | CVE-2007-6463 | PHP Real Estate Script | Cross-Site Scripting vulnerability in PHP Real Estate Script Classifieds Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in PHP Real Estate Classifieds allow remote attackers to inject arbitrary web script or HTML via unspecified "text areas/boxes." | 4.3 |
2007-12-20 | CVE-2007-6461 | Flyspray | Cross-Site Scripting vulnerability in Flyspray Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript function; and (2) the details parameter in a details action, related to the History tab and the getHistory JavaScript function. | 4.3 |
2007-12-20 | CVE-2007-6460 | Anon Proxy Server | Cross-Site Scripting vulnerability in Anon Proxy Server Anon Proxy Server 0.101 Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy Server before 0.101 allow remote attackers to inject arbitrary web script or HTML via the URI, which is later displayed by (1) log.php or (2) logerror.php, a different vulnerability than CVE-2007-6459. | 4.3 |
2007-12-20 | CVE-2007-6455 | Mambo | Cross-Site Scripting vulnerability in Mambo 4.6.2 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter. | 4.3 |
2007-12-20 | CVE-2007-6452 | Cross-Site Scripting vulnerability in Google web Toolkit 1.4.60 Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS). | 4.3 | |
2007-12-19 | CVE-2007-6451 | Wireshark | Resource Management Errors vulnerability in Wireshark Unspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory. | 4.3 |
2007-12-19 | CVE-2007-5858 | Apple | Cross-site Scripting vulnerability in Apple Safari WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information. | 4.3 |
2007-12-19 | CVE-2007-5854 | Apple | Cross-Site Scripting vulnerability in Apple mac OS X 10.4.11/10.5.1 Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file. | 4.3 |
2007-12-17 | CVE-2007-6411 | Gadu Gadu | Buffer Errors vulnerability in Gadu-Gadu Instant Messenger 7.7 Multiple buffer overflows in the HandleEmotsConfig function in the GG Client in Gadu-Gadu 7.7 Build 3669 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (gg.exe process crash) via a long string in an emots.txt file. | 4.3 |
2007-12-17 | CVE-2007-6410 | Gadu Gadu | Cross-Site Request Forgery (CSRF) vulnerability in Gadu-Gadu Instant Messenger Gadu-Gadu does not properly perform protocol handling, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and add arbitrary user accounts or cause a denial of service as administrators via an unspecified "crafted link," possibly related to the gg protocol. | 4.3 |
2007-12-17 | CVE-2007-6409 | Gadu Gadu | Configuration vulnerability in Gadu-Gadu Instant Messenger The gg protocol handler in Gadu-Gadu, when this product is installed but not running, does not properly handle the skin attribute, which allows remote attackers to cause a denial of service (resource consumption) via unspecified network traffic. | 4.3 |
2007-12-17 | CVE-2007-6407 | IBM | Cross-Site Scripting vulnerability in IBM Tivoli Provisioning Manager Express Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Provisioning Manager Express allow remote attackers to inject arbitrary web script or HTML via the (1) "assess modification," (2) user-id, and other unspecified fields to the /tpmx URI; or (3) involving unspecified vectors related to "error processing." | 4.3 |
2007-12-17 | CVE-2007-6406 | Broadcom | Cross-Site Scripting vulnerability in Broadcom Etrust Threat Management Console Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly Computer Associates) eTrust Threat Management Console allow remote attackers to inject arbitrary web script or HTML via the IP Address field and other unspecified fields. | 4.3 |
2007-12-17 | CVE-2007-6390 | Serendipity | Cross-Site Request Forgery (CSRF) vulnerability in Serendipity Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page. | 4.3 |
6 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-12-19 | CVE-2007-5851 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.4.11 iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors. | 3.6 |
2007-12-20 | CVE-2007-6505 | SUN | Configuration vulnerability in SUN Solaris 9 Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities. | 3.5 |
2007-12-19 | CVE-2007-6441 | Wireshark | Permissions, Privileges, and Access Controls vulnerability in Wireshark 0.99.6 The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors related to "unaligned access on some platforms." | 3.3 |
2007-12-18 | CVE-2007-6434 | Linux | Permissions, Privileges, and Access Controls vulnerability in Linux Kernel 2.6.23 Linux kernel 2.6.23 allows local users to create low pages in virtual userspace memory and bypass mmap_min_addr protection via a crafted executable file that calls the do_brk function. | 2.1 |
2007-12-18 | CVE-2007-6418 | Debian | Information Exposure vulnerability in Debian Linux The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments. | 2.1 |
2007-12-17 | CVE-2007-6389 | Gnome | Local Information Disclosure vulnerability in Gnome Screensaver 2.20 The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V. | 2.1 |