Weekly Vulnerabilities Reports > December 17 to 23, 2007

Overview

145 new vulnerabilities reported during this period, including 29 critical vulnerabilities and 29 high severity vulnerabilities. This weekly summary report vulnerabilities in 110 products from 90 vendors including Apple, Hosting Controller, Linux, Adobe, and SUN. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "SQL Injection", and "Path Traversal".

  • 130 reported vulnerabilities are remotely exploitables.
  • 47 reported vulnerabilities have public exploit available.
  • 42 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 133 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 20 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 8 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

29 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-12-20 CVE-2007-6507 Trend Micro Permissions, Privileges, and Access Controls vulnerability in Trend Micro Serverprotect 5.58Securitypatch3

SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code.

10.0
2007-12-20 CVE-2007-6494 Hosting Controller Improper Input Validation vulnerability in Hosting Controller Hosting Controller 6.1Hotfix3.3

Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters.

10.0
2007-12-20 CVE-2007-6493 Imesh COM Improper Input Validation vulnerability in Imesh.Com Imesh

The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method.

10.0
2007-12-20 CVE-2007-6491 Kvaliitti SQL-Injection vulnerability in Kvaliitti Webdoc CMS 3.0

Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id parameters to subcategory.asp.

10.0
2007-12-20 CVE-2007-6456 Planamesa Security vulnerability in NeoOffice OpenOffice Code

Unspecified vulnerability in OpenOffice.org code in Planamesa NeoOffice 2.2.2 before Patch 4 has unknown impact and attack vectors related to MacOS 10.3.9 .odb files.

10.0
2007-12-20 CVE-2007-6454 Peercast Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Peercast 0.1211/0.1212/0.1215

Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.

10.0
2007-12-20 CVE-2007-6453 Raiden Professional Servers Path Traversal vulnerability in Raiden Professional Servers Raidenhttpd 2.0.19

Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a ..

10.0
2007-12-20 CVE-2007-6281 Stbernard Buffer Errors vulnerability in Stbernard Open File Manager 9.5

Heap-based buffer overflow in Open File Manager service (ofmnt.exe) in St.

10.0
2007-12-18 CVE-2007-6355 Aertherwide Numeric Errors vulnerability in Aertherwide Exiftags

Integer overflow in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow" that triggers an "illegal memory access," a different vulnerability than CVE-2007-6354.

10.0
2007-12-18 CVE-2007-6354 Aertherwide Buffer Overflow And Denial Of Service vulnerability in exiftags

Unspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow" that triggers an "illegal memory access," a different vulnerability than CVE-2007-6355.

10.0
2007-12-17 CVE-2007-4473 Gesytec Easylon Buffer Errors vulnerability in Gesytec Easylon OPC Server 2.30.32

Gesytec Easylon OPC Server before 2.3.44 does not properly validate server handles, which allows remote attackers to execute arbitrary code or cause a denial of service via unspecified network traffic to the OLE for Process Control (OPC) interface, probably related to free operations on arbitrary memory addresses through certain Remove functions, and read and write operations on arbitrary memory addresses through certain Set, Read, and Write functions.

10.0
2007-12-20 CVE-2007-6480 SUN Unspecified vulnerability in SUN Management+Center 3.5Update1/3.6/3.6.1

The Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code.

9.4
2007-12-19 CVE-2007-5856 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.5.1

Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information.

9.4
2007-12-18 CVE-2007-5862 Apple Improper Authentication vulnerability in Apple mac OS X

Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet.

9.4
2007-12-20 CVE-2007-6506 HP File Overwrite vulnerability in HP Software Update 'RulesEngine.dll' ActiveX Control

The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.

9.3
2007-12-20 CVE-2007-6243 Adobe Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.

9.3
2007-12-20 CVE-2007-6469 Phprpg SQL Injection vulnerability in PHPrpg 0.8

SQL injection vulnerability in index.php in phpRPG 0.8, when magic_qutoes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.

9.3
2007-12-20 CVE-2007-6468 Hammer OF Thyrion Buffer Errors vulnerability in Hammer of Thyrion Hammer of Thyrion 1.4.2

Buffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman.c and hexenworld/Client/huffman.c in Hammer of Thyrion 1.4.2 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted huffman encoded packet.

9.3
2007-12-19 CVE-2007-5863 Apple Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server

Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option.

9.3
2007-12-19 CVE-2007-5859 Apple Resource Management Errors vulnerability in Apple Safari

Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption.

9.3
2007-12-19 CVE-2007-5853 Apple Multiple Security vulnerability in Apple mac OS X 10.4.11

Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partition maps, which triggers memory corruption.

9.3
2007-12-19 CVE-2007-5849 Apple
Easy Software Products
Numeric Errors vulnerability in Easy Software products Cups

Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.

9.3
2007-12-19 CVE-2007-4710 Apple Resource Management Errors vulnerability in Apple mac OS X 10.4.11

Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, which triggers memory corruption.

9.3
2007-12-19 CVE-2007-4708 Apple USE of Externally-Controlled Format String vulnerability in Apple mac OS X 10.4.11

Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler.

9.3
2007-12-18 CVE-2007-6436 Justsystem Buffer Errors vulnerability in Justsystem Ichitaro 2005/2006/2007

Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan.

9.3
2007-12-18 CVE-2007-6435 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Groupwise

Stack-based buffer overflow in Novell GroupWise before 6.5.7, when HTML preview of e-mail is enabled, allows user-assisted remote attackers to execute arbitrary code via a long SRC attribute in an IMG element when forwarding or replying to a crafted e-mail.

9.3
2007-12-17 CVE-2007-6413 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Solaris 10

Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120011-* and 120012-* patches, allows remote attackers to bypass certain netgroup restrictions and obtain root access to a filesystem via NFS requests from a client root user.

9.3
2007-12-17 CVE-2007-6402 3Ivx
Guliverkli
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in mplayerc.exe in Media Player Classic (MPC) 6.4.9, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6401.

9.3
2007-12-17 CVE-2007-6401 3Ivx
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6402.

9.3

29 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-12-19 CVE-2007-5850 Apple Buffer Errors vulnerability in Apple mac OS X 10.4.11

Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file.

8.8
2007-12-19 CVE-2007-4709 Apple Path Traversal vulnerability in Apple mac OS X 10.5.1

Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response.

8.8
2007-12-21 CVE-2007-6509 Appian Improper Input Validation vulnerability in Appian Business Process Management Suite 5.6

Unspecified vulnerability in Appian Enterprise Business Process Management (BPM) Suite 5.6 SP1 allows remote attackers to cause a denial of service via a crafted packet to port 5400/tcp.

7.8
2007-12-20 CVE-2007-6349 Perforce Resource Management Errors vulnerability in Perforce P4Web 2006.1/2006.2

P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windows, allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with an empty body and a Content-Length greater than 0.

7.8
2007-12-20 CVE-2007-6482 SUN
Linux
Multiple vulnerability in Sun Ray Device Manager Daemon

Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

7.8
2007-12-20 CVE-2007-5584 Cisco Denial Of Service vulnerability in Cisco Firewall Services Module 3.2(3)

Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2(3) allows remote attackers to cause a denial of service (device reload) via crafted "data in the control-plane path with Layer 7 Application Inspections."

7.8
2007-12-18 CVE-2007-5583 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IP Phone 7940

Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459.

7.8
2007-12-21 CVE-2007-6515 Sitescape Code Injection vulnerability in Sitescape Forum ST and Sitescape Forum ZX

support/dispatch.cgi in SiteScape Forum allows remote attackers to execute arbitrary TCL code via code separator characters in the query string.

7.5
2007-12-21 CVE-2007-6508 Xecms Path Traversal vulnerability in Xecms 1.0

Directory traversal vulnerability in view.php in xeCMS 1.0 allows remote attackers to read arbitrary files via a ..%2F (dot dot slash) in the list parameter.

7.5
2007-12-20 CVE-2007-6498 Hosting Controller SQL Injection vulnerability in Hosting Controller Hosting Controller 6.1Hotfix3.3

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp.

7.5
2007-12-20 CVE-2007-6497 Hosting Controller Permissions, Privileges, and Access Controls vulnerability in Hosting Controller Hosting Controller

Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a discount via an UpdateUser action to Accounts/AccountActions.asp with modified UserName, FullName, CreditLimit, and DefaultDiscount parameters, a related issue to CVE-2005-2219.

7.5
2007-12-20 CVE-2007-6489 Falcon Cross-Site Scripting vulnerability in Falcon Series ONE CMS 1.4.3

Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors.

7.5
2007-12-20 CVE-2007-6485 Centreon Code Injection vulnerability in Centreon 1.4.1

Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusCounter.php in include/monitoring/engine/.

7.5
2007-12-20 CVE-2007-6472 Phpmyrealty SQL Injection vulnerability in PHPmyrealty 1.0.9

Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allow (1) remote attackers to execute arbitrary SQL commands via the type parameter to search.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the listing_updated_days parameter to admin/findlistings.php.

7.5
2007-12-20 CVE-2007-6335 Clam Anti Virus Numeric Errors vulnerability in Clam Anti-Virus Clamav

Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.

7.5
2007-12-20 CVE-2007-6467 Mkportal SQL Injection vulnerability in Mkportal 1.1Rc1

SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action.

7.5
2007-12-20 CVE-2007-6466 Freewebshop SQL Injection vulnerability in Freewebshop 2.2.1

Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action.

7.5
2007-12-20 CVE-2007-6462 PHP Real Estate Classifieds SQL Injection vulnerability in PHP Real Estate Classifieds PHP Real Estate Classifieds Premium Plus

SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-12-20 CVE-2007-6458 My123Tkshop SQL Injection vulnerability in My123Tkshop E-Commerce-Suite 0.9.1

SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php.

7.5
2007-12-18 CVE-2007-6433 Jboss Improper Input Validation vulnerability in Jboss Seam

The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.

7.5
2007-12-17 CVE-2007-6414 Adultscript Credentials Management vulnerability in Adultscript 1.6

admin/administrator.php in Adult Script 1.6 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication and obtain administrative credentials via a direct request.

7.5
2007-12-17 CVE-2007-6396 Myupb Code Injection vulnerability in Myupb Flat PHP Board 1.2

Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the (1) username, (2) password, and (3) email parameters when registering a user account, which can be executed by accessing the user's php file for this account.

7.5
2007-12-17 CVE-2007-6394 P3Mbo SQL Injection vulnerability in P3Mbo Content Injector 1.53

SQL injection vulnerability in index.php in Content Injector 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter in an expand action.

7.5
2007-12-17 CVE-2007-6392 Dominion WEB SQL Injection vulnerability in Dominion web Dwdirectory

SQL injection vulnerability in DWdirectory 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter to the /search URI.

7.5
2007-12-17 CVE-2007-6391 SH News SQL Injection vulnerability in Sh-News 3.0

SQL injection vulnerability in patch/comments.php in SH-News 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-12-19 CVE-2007-5860 Apple Multiple Security vulnerability in Apple Mac OS X v10.5.1 2007-009

Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation."

7.2
2007-12-19 CVE-2007-5848 Apple Buffer Errors vulnerability in Apple mac OS X 10.4.11

Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.

7.2
2007-12-18 CVE-2007-6417 Linux Resource Management Errors vulnerability in Linux Kernel

The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash).

7.2
2007-12-20 CVE-2007-6492 Imesh COM Improper Input Validation vulnerability in Imesh.Com Imesh

The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an empty string in the argument to the ProcessRequestEx method.

7.1

81 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-12-21 CVE-2007-6516 Ravware Buffer Errors vulnerability in Ravware Flic Activex Control 1.0.0.1

Buffer overflow in RavWare Software MAS Flic ActiveX Control (masflc.ocx) 1.0.0.1 allows remote attackers to execute arbitrary code via a long FileName property.

6.8
2007-12-21 CVE-2007-6510 Prowizard Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Prowizard 4 PC

Multiple stack-based buffer overflows in ProWizard 4 PC (prowiz) 1.62 and earlier allow remote attackers to execute arbitrary code via a crafted file to the (1) AMOS-MusicBank, (2) FuzzacPacker, and (3) QuadraComposer rippers; and (4) have an unknown impact via a crafted file to the SkytPacker ripper.

6.8
2007-12-20 CVE-2007-6496 Hosting Controller Permissions, Privileges, and Access Controls vulnerability in Hosting Controller Hosting Controller 6.1Hotfix3.3

Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to CVE-2005-1654.

6.8
2007-12-20 CVE-2007-6488 Falcon Improper Input Validation vulnerability in Falcon Series ONE CMS 1.4.3

Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php.

6.8
2007-12-20 CVE-2007-6484 Phprpg SQL Injection vulnerability in PHPrpg 0.8

SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter.

6.8
2007-12-20 CVE-2007-6478 Rosoftengineering Buffer Errors vulnerability in Rosoftengineering Rosoft Media Player 4.1.7

Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8, and possibly earlier versions allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a .M3U file.

6.8
2007-12-20 CVE-2007-6352 Libexif Numeric Errors vulnerability in Libexif

Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exif_data_load_data_thumbnail function in exif-data.c.

6.8
2007-12-20 CVE-2007-6336 Clam Anti Virus Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Clam Anti-Virus Clamav

Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file.

6.8
2007-12-20 CVE-2007-6242 Adobe Improper Input Validation vulnerability in Adobe Flash Player

Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors."

6.8
2007-12-20 CVE-2007-6464 Form Tools Code Injection vulnerability in Form Tools Form Tools 1.5.0B

Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0b allow remote attackers to execute arbitrary PHP code via a URL in the g_root_dir parameter to (1) admin_page_open.php and (2) client_page_open.php in global/templates/.

6.8
2007-12-20 CVE-2007-6459 Anon Proxy Server Code Injection vulnerability in Anon Proxy Server Anon Proxy Server 0.100

Anon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than CVE-2007-6460.

6.8
2007-12-19 CVE-2007-5861 Apple Resource Management Errors vulnerability in Apple mac OS X 10.4.11

Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer.

6.8
2007-12-17 CVE-2007-6412 Bitweaver Code Injection vulnerability in Bitweaver

Direct static code injection vulnerability in wiki/index.php in Bitweaver 2.0.0 and earlier, when comments are enabled, allows remote attackers to inject arbitrary PHP code via an editcomments action.

6.8
2007-12-17 CVE-2007-6403 Winamp Buffer Errors vulnerability in Winamp Nullsoft Winamp 5.32

Stack-based buffer overflow in Nullsoft Winamp 5.32 allows user-assisted remote attackers to execute arbitrary code via crafted unicode in a .mp4 file, with crafted tags, contained in a certain .rar archive, a related issue to CVE-2007-2498.

6.8
2007-12-19 CVE-2007-5847 Apple Race Condition vulnerability in Apple mac OS X 10.4.11

Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information.

6.6
2007-12-19 CVE-2007-3876 Apple Buffer Errors vulnerability in Apple mac OS X 10.4.11

Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows local users to execute arbitrary code via (1) a long workgroup (-W) option to mount_smbfs or (2) an unspecified manipulation of the command line to smbutil.

6.6
2007-12-20 CVE-2007-6495 Hosting Controller Permissions, Privileges, and Access Controls vulnerability in Hosting Controller Hosting Controller 6.1Hotfix3.3

inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp.

6.5
2007-12-17 CVE-2007-6399 Myupb Credentials Management vulnerability in Myupb Flat PHP Board

index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action.

6.5
2007-12-17 CVE-2007-6393 ACE Image Hosting Script SQL Injection vulnerability in ACE Image Hosting Script ACE Image Hosting Script 0

SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode.

6.5
2007-12-20 CVE-2007-6481 SUN Multiple vulnerability in Sun Ray Device Manager Daemon

Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to create or delete arbitrary directories via unspecified vectors.

6.4
2007-12-20 CVE-2007-6475 GF 3Xplorer Path Traversal vulnerability in GF 3Xplorer GF 3Xplorer 2.4

Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to include and execute arbitrary local files via a ..

6.4
2007-12-20 CVE-2007-6470 Phprpg Permissions, Privileges, and Access Controls vulnerability in PHPrpg 0.8

phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies.

6.4
2007-12-19 CVE-2007-5857 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.5.1

Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack.

6.4
2007-12-19 CVE-2007-5855 Apple Improper Authentication vulnerability in Apple mac OS X 10.4.11/10.5.1

Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity.

6.4
2007-12-17 CVE-2007-6405 Shttpd Information Exposure vulnerability in Shttpd 1.34/1.35/1.38

Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f.

6.4
2007-12-20 CVE-2007-6285 Redhat Configuration vulnerability in Redhat Enterprise Linux 4.0/5.0

The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device.

6.2
2007-12-20 CVE-2007-6473 Texas Imperial Software Buffer Errors vulnerability in Texas Imperial Software Wftpd PRO Explorer 1.0

Heap-based buffer overflow in Texas Imperial Software WFTPD Pro Explorer 1.0 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command.

5.8
2007-12-20 CVE-2007-6245 Adobe Buffer Errors vulnerability in Adobe Flash Player 7.0/8.0/9.0

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks.

5.8
2007-12-20 CVE-2007-6471 Phpay Path Traversal vulnerability in PHPay 2.02.01/2.2.1

Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\ (dot dot backslash) in the config parameter.

5.8
2007-12-20 CVE-2007-6504 Hosting Controller Permissions, Privileges, and Access Controls vulnerability in Hosting Controller Hosting Controller

Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter.

5.5
2007-12-20 CVE-2007-6503 Hosting Controller Permissions, Privileges, and Access Controls vulnerability in Hosting Controller Hosting Controller

Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp with the (a) save, (b) 30, and (c) d_30 parameters.

5.5
2007-12-20 CVE-2007-6502 Hosting Controller Information Exposure vulnerability in Hosting Controller Hosting Controller

Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using Microsoft.XMLHTTP or MSXML2.XMLHTTP objects, which trigger a response with the setup directory pathname in the HTML source; and (3) might allow remote attackers to obtain sensitive information via a request for /admin/forum/, which reveals the path in an error message when a forum is not found.

5.5
2007-12-20 CVE-2007-6501 Hosting Controller Permissions, Privileges, and Access Controls vulnerability in Hosting Controller Hosting Controller

Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp.

5.5
2007-12-20 CVE-2007-6499 Hosting Controller Permissions, Privileges, and Access Controls vulnerability in Hosting Controller Hosting Controller

Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value."

5.5
2007-12-21 CVE-2007-6512 PHP Permissions, Privileges, and Access Controls vulnerability in PHP Mysql Banner Exchange 2.2.1

PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc.

5.0
2007-12-21 CVE-2007-6511 Websense Security Bypass vulnerability in Websense Enterpise 6.3.1

Websense Enterprise 6.3.1 allows remote attackers to bypass content filtering by visiting http URLs with a (1) RealPlayer G2, (2) MSMSGS, or (3) StoneHttpAgent User-Agent header, which results in a Non-HTTP categorization.

5.0
2007-12-20 CVE-2007-6341 NET DNS Buffer Errors vulnerability in NET DNS NET DNS 0.60

Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS response.

5.0
2007-12-20 CVE-2007-6334 Microsoft
Ingres
Permissions, Privileges, and Access Controls vulnerability in Ingres 2.5/2.6

Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.

5.0
2007-12-20 CVE-2007-6483 Safenet Path Traversal vulnerability in Safenet Sentinel Keys Server and Sentinel Protection Server

Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.0.0 through 7.4.0 and possibly earlier versions, and Sentinel Keys Server 1.0.3 and possibly earlier versions, allows remote attackers to read arbitrary files via a ..

5.0
2007-12-20 CVE-2007-6476 GF 3Xplorer Information Exposure vulnerability in GF 3Xplorer GF 3Xplorer 2.4

GF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function.

5.0
2007-12-20 CVE-2007-6457 Netwin Buffer Errors vulnerability in Netwin Surgemail 38K4

Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header.

5.0
2007-12-19 CVE-2007-6450 Wireshark Denial of Service vulnerability in Wireshark 0.99.6

The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.

5.0
2007-12-19 CVE-2007-6437 Balabit Improper Input Validation vulnerability in Balabit products

Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows remote attackers to cause a denial of service (crash) via a message with a timestamp that does not contain a trailing space, which triggers a NULL pointer dereference.

5.0
2007-12-18 CVE-2007-6356 Aertherwide Resource Management Errors vulnerability in Aertherwide Exiftags

exiftags before 1.01 allows attackers to cause a denial of service (infinite loop) via recursive IFD references in the EXIF data in a JPEG image.

5.0
2007-12-17 CVE-2007-6408 IBM Information Exposure vulnerability in IBM Tivoli Provisioning Manager Express

IBM Tivoli Provisioning Manager Express provides unspecified information in error messages when (1) attempted duplication of a username occurs when creating an account or (2) when trying to login using a valid username, which makes it easier for remote attackers to enumerate usernames.

5.0
2007-12-17 CVE-2007-6404 Microsoft
Shttp
Path Traversal vulnerability in Shttp

Directory traversal vulnerability in Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI.

5.0
2007-12-17 CVE-2007-6400 Poldoc Path Traversal vulnerability in Poldoc Document Management System 0.96

Directory traversal vulnerability in download_file.php in PolDoc CMS (aka PDDMS) 0.96 allows remote attackers to read arbitrary files via a ..

5.0
2007-12-17 CVE-2007-6398 Flat PHP Improper Authentication vulnerability in Flat PHP Board

Flat PHP Board 1.2 and earlier allows remote attackers to bypass authentication and obtain limited access to an arbitrary user account via the fpb_username cookie.

5.0
2007-12-17 CVE-2007-6397 Flat PHP Path Traversal vulnerability in Flat PHP Board

Multiple directory traversal vulnerabilities in index.php in Flat PHP Board 1.2 and earlier allow remote attackers to (1) create arbitrary files via a ..

5.0
2007-12-17 CVE-2007-6395 Flat PHP Permissions, Privileges, and Access Controls vulnerability in Flat PHP Board

Flat PHP Board 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for the username php file for any user account in users/.

5.0
2007-12-20 CVE-2007-6500 Hosting Controller Permissions, Privileges, and Access Controls vulnerability in Hosting Controller Hosting Controller

Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp.

4.9
2007-12-20 CVE-2007-6487 Plain Black Permissions, Privileges, and Access Controls vulnerability in Plain Black Webgui

Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 allows remote authenticated users with Secondary Admin privileges to create Admin accounts, a different vulnerability than CVE-2006-0680.

4.9
2007-12-20 CVE-2007-6479 Dokeos Permissions, Privileges, and Access Controls vulnerability in Dokeos 1.8.4

Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/.

4.9
2007-12-18 CVE-2007-6283 Redhat
Fedoraproject
Oracle
Centos
Information Exposure vulnerability in multiple products

Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.

4.9
2007-12-19 CVE-2007-5963 KDE Local Denial Of Service vulnerability in KDE KDM

Unspecified vulnerability in kdebase allows local users to cause a denial of service (KDM login inaccessible, or resource consumption) via unknown vectors.

4.7
2007-12-17 CVE-2007-6416 XEN Permissions, Privileges, and Access Controls vulnerability in XEN 3.1.2

The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations.

4.6
2007-12-20 CVE-2007-6246 Linux
Adobe
Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges.

4.4
2007-12-21 CVE-2007-6514 Linux
Apache
Information Exposure vulnerability in Apache Http Server 2.2.6

Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.

4.3
2007-12-21 CVE-2007-6513 HP Information Exposure vulnerability in HP Esupportdiagnostics 1.0.11.0

HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports dangerous methods, which allows remote attackers to (1) read arbitrary files via the ReadTextFile method, or (2) read arbitrary registry values via the ReadValue method.

4.3
2007-12-20 CVE-2007-6490 Falcon Cross-Site Request Forgery (CSRF) vulnerability in Falcon Series ONE CMS 1.4.3

Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php.

4.3
2007-12-20 CVE-2007-6486 Geek Palace COM Cross-Site Scripting vulnerability in Geek-Palace.Com Lineshout 1.0

Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka the shoutbox) in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username (nickname) or (2) message parameter.

4.3
2007-12-20 CVE-2007-6477 Citrix Cross-Site Scripting vulnerability in Citrix web Interface 2.0

Cross-site scripting (XSS) vulnerability in the on-line help feature in Citrix Web Interface 2.0 and earlier, and NFuse, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-12-20 CVE-2007-6474 GF 3Xplorer Cross-Site Scripting vulnerability in GF 3Xplorer GF 3Xplorer 2.4

Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to inject arbitrary web script or HTML via the newdir parameter to index_3x.php, and unspecified other vectors.

4.3
2007-12-20 CVE-2007-6430 Asterisk Improper Authentication vulnerability in Asterisk Business Edition and Open Source

Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.

4.3
2007-12-20 CVE-2007-6351 Libexif Project Unspecified vulnerability in Libexif Project Libexif

libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags, possibly involving the exif_loader_write function in exif_loader.c.

4.3
2007-12-20 CVE-2007-6244 Adobe Cross-Site Scripting vulnerability in Adobe Flash Player 8.0/9.0

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.

4.3
2007-12-20 CVE-2007-6465 Ganglia Cross-Site Scripting vulnerability in Ganglia

Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and (10) st parameters to (b) web/graph.php; and the (11) c, (12) G, (13) h, (14) r, (15) m, (16) s, (17) cr, (18) hc, (19) sh, (20) p, (21) t, (22) jr, (23) js, (24) gw, (25) z, and (26) gs parameters to (c) web/get_context.php.

4.3
2007-12-20 CVE-2007-6463 PHP Real Estate Script Cross-Site Scripting vulnerability in PHP Real Estate Script Classifieds

Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in PHP Real Estate Classifieds allow remote attackers to inject arbitrary web script or HTML via unspecified "text areas/boxes."

4.3
2007-12-20 CVE-2007-6461 Flyspray Cross-Site Scripting vulnerability in Flyspray

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript function; and (2) the details parameter in a details action, related to the History tab and the getHistory JavaScript function.

4.3
2007-12-20 CVE-2007-6460 Anon Proxy Server Cross-Site Scripting vulnerability in Anon Proxy Server Anon Proxy Server 0.101

Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy Server before 0.101 allow remote attackers to inject arbitrary web script or HTML via the URI, which is later displayed by (1) log.php or (2) logerror.php, a different vulnerability than CVE-2007-6459.

4.3
2007-12-20 CVE-2007-6455 Mambo Cross-Site Scripting vulnerability in Mambo 4.6.2

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter.

4.3
2007-12-20 CVE-2007-6452 Google Cross-Site Scripting vulnerability in Google web Toolkit 1.4.60

Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS).

4.3
2007-12-19 CVE-2007-6451 Wireshark Resource Management Errors vulnerability in Wireshark

Unspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory.

4.3
2007-12-19 CVE-2007-5858 Apple Cross-site Scripting vulnerability in Apple Safari

WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information.

4.3
2007-12-19 CVE-2007-5854 Apple Cross-Site Scripting vulnerability in Apple mac OS X 10.4.11/10.5.1

Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file.

4.3
2007-12-17 CVE-2007-6411 Gadu Gadu Buffer Errors vulnerability in Gadu-Gadu Instant Messenger 7.7

Multiple buffer overflows in the HandleEmotsConfig function in the GG Client in Gadu-Gadu 7.7 Build 3669 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (gg.exe process crash) via a long string in an emots.txt file.

4.3
2007-12-17 CVE-2007-6410 Gadu Gadu Cross-Site Request Forgery (CSRF) vulnerability in Gadu-Gadu Instant Messenger

Gadu-Gadu does not properly perform protocol handling, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and add arbitrary user accounts or cause a denial of service as administrators via an unspecified "crafted link," possibly related to the gg protocol.

4.3
2007-12-17 CVE-2007-6409 Gadu Gadu Configuration vulnerability in Gadu-Gadu Instant Messenger

The gg protocol handler in Gadu-Gadu, when this product is installed but not running, does not properly handle the skin attribute, which allows remote attackers to cause a denial of service (resource consumption) via unspecified network traffic.

4.3
2007-12-17 CVE-2007-6407 IBM Cross-Site Scripting vulnerability in IBM Tivoli Provisioning Manager Express

Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Provisioning Manager Express allow remote attackers to inject arbitrary web script or HTML via the (1) "assess modification," (2) user-id, and other unspecified fields to the /tpmx URI; or (3) involving unspecified vectors related to "error processing."

4.3
2007-12-17 CVE-2007-6406 Broadcom Cross-Site Scripting vulnerability in Broadcom Etrust Threat Management Console

Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly Computer Associates) eTrust Threat Management Console allow remote attackers to inject arbitrary web script or HTML via the IP Address field and other unspecified fields.

4.3
2007-12-17 CVE-2007-6390 Serendipity Cross-Site Request Forgery (CSRF) vulnerability in Serendipity

Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13 for Serendipity allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page.

4.3

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-12-19 CVE-2007-5851 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.4.11

iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors.

3.6
2007-12-20 CVE-2007-6505 SUN Configuration vulnerability in SUN Solaris 9

Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities.

3.5
2007-12-19 CVE-2007-6441 Wireshark Permissions, Privileges, and Access Controls vulnerability in Wireshark 0.99.6

The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors related to "unaligned access on some platforms."

3.3
2007-12-18 CVE-2007-6434 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel 2.6.23

Linux kernel 2.6.23 allows local users to create low pages in virtual userspace memory and bypass mmap_min_addr protection via a crafted executable file that calls the do_brk function.

2.1
2007-12-18 CVE-2007-6418 Debian Information Exposure vulnerability in Debian Linux

The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.

2.1
2007-12-17 CVE-2007-6389 Gnome Local Information Disclosure vulnerability in Gnome Screensaver 2.20

The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V.

2.1