PC Repair Service Centre

Computer Repair Center would post the daily security alert below. Please check if your server, web server, email server and PC have below Vulnerabilities and fix it as soon as possible. You may also contact our IT expertises at 9145-7188.

 

Vulnerability Summary for the Week of September 18, 2006
Posted on Tuesday September 26, 2006

">

High Vulnerabilities

Primary Vendor -- Product	Description	Discovered Published	CVSS Score	Source & Patch Info
AEwebworks -- aeDating	Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, and possibly earlier versions, allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/design.inc.php or (2) inc/admin_design.inc.php.	unknown 2006-09-19	7.0	CVE-2006-4870 OTHER-REF BID FRSIRT SECUNIA XF
All Enthusiast Inc -- ReviewPost PHP Pro	PHP remote file inclusion vulnerability in index.php in All Enthusiast ReviewPost 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the RP_PATH parameter.	unknown 2006-09-19	7.0	CVE-2006-4864 BUGTRAQ OTHER-REF FRSIRT SECUNIA XF
AlstraSoft -- E-Friends	Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonstrated by injecting PHP code into a log file.	unknown 2006-09-20	7.0	CVE-2006-4913 OTHER-REF BID FRSIRT SECUNIA XF
Apple -- Mac OS X Server Apple -- Mac OS X	Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network.	unknown 2006-09-21	7.0	CVE-2006-3507 APPLE BID FRSIRT SECUNIA
Apple -- Mac OS X Server Apple -- Mac OS X	Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates.	unknown 2006-09-21	7.0	CVE-2006-3508 APPLE BID FRSIRT SECUNIA
Apple -- Mac OS X Server Apple -- Mac OS X	Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames.	unknown 2006-09-21	7.0	CVE-2006-3509 APPLE BID FRSIRT SECUNIA
Artmedic Webdesign -- Artmedic Links	PHP remote file inclusion vulnerability in index.php in Artmedic Links 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, which is processed by the readfile function.	unknown 2006-09-20	7.0	CVE-2006-4905 BUGTRAQ OTHER-REF SECTRACK XF
ASP Indir -- Tekman Portal	SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) 1.0 allows remote attackers to execute arbitrary SQL commands via the uye_id parameter.	unknown 2006-09-20	7.0	CVE-2006-4916 OTHER-REF BID XF FRSIRT SECUNIA
Blojsom -- Blojsom	Multiple cross-site scripting (XSS) vulnerabilities in David Czarnecki Blojsom 2.31 allow remote attackers to inject arbitrary web script or HTML via the (1) blog-category-description, (2) blog-entry-title, (3) rss-enclosure-url, (4) technorati-tagsi, or (5) blog-category-name parameter in a blog post.	unknown 2006-09-15	7.0	CVE-2006-4829 BUGTRAQ CERT-VN BID FRSIRT SECUNIA XF
Blojsom -- Blojsom	Directory traversal vulnerability in EditBlogTemplatesPlugin.java in David Czarnecki Blojsom 2.30 allows remote attackers to have an unknown impact by sending an HTTP request with a certain value of blogTemplate.	unknown 2006-09-15	7.0	CVE-2006-4830 OTHER-REF
BolinOS -- BolinOS	PHP remote file inclusion vulnerability in system/_b/contentFiles/gBHTMLEditor.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.	unknown 2006-09-18	7.0	CVE-2006-4851 FRSIRT XF
Cisco -- Intrusion Prevention System	Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a "crafted sequence of fragmented IP packets".	unknown 2006-09-20	7.0	CVE-2006-4911 CISCO CERT-VN BID FRSIRT SECTRACK SECUNIA XF
Codeworx Technologies -- DCP-Portal	Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.	unknown 2006-09-15	7.0	CVE-2006-4837 BUGTRAQ BID
EasyPageCMS -- EasyPageCMS	SQL injection vulnerability in default.aspx in easypage allows remote attackers to execute arbitrary SQL commands via the srch parameter in the Search page.	unknown 2006-09-19	7.0	CVE-2006-4862 BUGTRAQ
guanxiCRM -- guanxiCRM Business Solution	PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in guanxiCRM 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appconf[rootpath] parameter.	unknown 2006-09-19	7.0	CVE-2006-4898 OTHER-REF BID XF
Haberx -- Haberx	SQL injection vulnerability in kategorix.asp in Haberx 1.02 through 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in kategorihaberx.asp.	unknown 2006-09-18	7.0	CVE-2006-4853 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF
Hitweb -- Hitweb	Multiple PHP remote file inclusion vulnerabilities in Brian Fraval Hitweb 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REP_CLASS parameter to (1) index.php, (2) arbo.php, (3) framepoint.php, (4) genpage.php, (5) lienvalider.php, (6) appreciation.php, (7) partenariat.php, (8) rechercher.php, (9) projet.php, (10) propoexample.php, (11) refererpoint.php, or (12) top50.php.	unknown 2006-09-18	7.0	CVE-2006-4848 BUGTRAQ BID
iDevSpot -- NixieAffiliate	IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to delete arbitrary affiliates via a modified id parameter to delete.php.	unknown 2006-09-19	7.0	CVE-2006-4895 BUGTRAQ BID
Iodine -- Iodine	Unspecified vulnerability in IP over DNS is now easy (iodine) before 0.3.2 has unknown impact and attack vectors, related to "potential security problems."	unknown 2006-09-15	7.0	CVE-2006-4831 OTHER-REF BID FRSIRT SECUNIA
Marc Cagninacci -- mcLinksCounter	** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Marc Cagninacci mcLinksCounter 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfile parameter in (1) login.php, (2) stats.php, (3) detail.php, or (4) erase.php. NOTE: CVE and a third party dispute this vulnerability, because the langfile parameter is set to english.php in each file.	unknown 2006-09-19	7.0	CVE-2006-4863 BUGTRAQ BUGTRAQ
MobilePublisherPHP -- MobilePublisherPHP	PHP remote file inclusion vulnerability in header.php in MobilePublisherPHP 1.5 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.	unknown 2006-09-18	7.0	CVE-2006-4849 Milw0rm SECUNIA BID FRSIRT XF
Mohammed Mehdi Panjwani -- Complain Center	SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi Panjwani Complain Center 1 allows remote attackers to execute arbitrary SQL commands via the (1) TxtUser (aka Username) and (2) TxtPass (aka Password) parameters in login.asp.	unknown 2006-09-19	7.0	CVE-2006-4861 BUGTRAQ
Mozilla -- SeaMonkey Mozilla -- Firefox Mozilla -- Thunderbird	Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier."	unknown 2006-09-15	7.0	CVE-2006-4565 OTHER-REF REDHAT REDHAT SECUNIA SECUNIA REDHAT BID FRSIRT SECTRACK SECTRACK SECTRACK SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA XF SGI UBUNTU SECUNIA
Mozilla -- SeaMonkey Mozilla -- Firefox	Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks.	unknown 2006-09-15	7.0	CVE-2006-4568 OTHER-REF REDHAT SECUNIA SECUNIA REDHAT BID FRSIRT SECTRACK SECTRACK SECUNIA SECUNIA SECUNIA XF SGI SECUNIA
Mozilla -- SeaMonkey Mozilla -- Thunderbird	Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data.	unknown 2006-09-15	7.0	CVE-2006-4571 OTHER-REF REDHAT REDHAT SECUNIA SECUNIA REDHAT BID FRSIRT SECTRACK SECTRACK SECTRACK SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA SGI UBUNTU SECUNIA
PhotoPost -- PHP Pro	PHP remote file inclusion vulnerability in zipndownload.php in PhotoPost 4.0 through 4.6 allows remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter.	unknown 2006-09-15	7.0	CVE-2006-4828 BUGTRAQ BID XF
PHP DocWriter -- PHP DocWriter	PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter.	unknown 2006-09-20	7.0	CVE-2006-4912 OTHER-REF BID FRSIRT XF
phpBB XS -- phpBB XS	PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780.	unknown 2006-09-19	7.0	CVE-2006-4893 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA
phpQuiz -- phpQuiz	PHP remote file inclusion vulnerability in index.php in Jule Slootbeek phpQuiz 0.01 allows remote attackers to execute arbitrary PHP code via a URL in the pagename parameter.	unknown 2006-09-15	7.0	CVE-2006-4834 BUGTRAQ OTHER-REF BID FRSIRT XF
phpunity.postcard -- phpunity-postcard	PHP remote file inclusion vulnerability in phpunity-postcard.php in phpunity.postcard allows remote attackers to execute arbitrary PHP code via a URL in the gallery_path parameter.	unknown 2006-09-19	7.0	CVE-2006-4869 OTHER-REF BID FRSIRT OSVDB SECUNIA
Qualiteam -- X-Cart	Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter.	unknown 2006-09-20	7.0	CVE-2006-4904 OTHER-REF BID FRSIRT SECUNIA XF
Quicksilver Forums -- Quicksilver Forums	PHP remote file inclusion vulnerability in lib/activeutil.php in Quicksilver Forums (QSF) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the set[include_path] parameter.	unknown 2006-09-15	7.0	CVE-2006-4824 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF
Reamday Enterprises -- Magic News Pro	PHP remote file inclusion vulnerability in scripts/news_page.php in Reamday Enterprises Magic News Pro 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter.	unknown 2006-09-15	7.0	CVE-2006-4823 OTHER-REF BID FRSIRT SECUNIA BUGTRAQ XF
Shadowed Portal -- Shadowed Portal	PHP remote file inclusion vulnerability in bottom.php in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.	unknown 2006-09-15	7.0	CVE-2006-4826 Milw0rm BID XF OSVDB SECUNIA
Shadowed Portal -- Shadowed Portal	PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) footer.php and (2) header.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The bottom.php parameter is already covered by CVE-2006-4826.	unknown 2006-09-19	7.0	CVE-2006-4885 SECUNIA
Simple Discussion Board -- Simple Discussion Board	Multiple PHP remote file inclusion vulnerabilities in Simple Discussion Board 0.1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) env_dir parameter to (a) blank.php, (b) admin.php, or (c) builddb.php, and the (2) script_root parameter to blank.php.	unknown 2006-09-20	7.0	CVE-2006-4918 OTHER-REF BID XF
Site@School -- Site@School	Multiple PHP remote file inclusion vulnerabilities in Site@School (S@S) 2.4.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to (1) starnet/modules/sn_allbum/slideshow.php, and (2) starnet/themes/editable/main.inc.php.	unknown 2006-09-20	7.0	CVE-2006-4920 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA OSVDB OSVDB
Site@School -- Site@School	PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to starnet/modules/include/include.php. NOTE: some of these details are obtained from third party information.	unknown 2006-09-20	7.0	CVE-2006-4921 BUGTRAQ FRSIRT SECUNIA OSVDB
Techno Dreams -- Articles & Papers Package	SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams Articles & Papers Package 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.	unknown 2006-09-19	7.0	CVE-2006-4891 BUGTRAQ OTHER-REF BID SECUNIA XF FRSIRT
Techno Dreams -- FAQ Manager Package	SQL injection vulnerability in faqview.asp in Techno Dreams FAQ Manager Package 1.0 allows remote attackers to execute arbitrary SQL commands via the key parameter.	unknown 2006-09-19	7.0	CVE-2006-4892 BUGTRAQ OTHER-REF BID SECUNIA XF FRSIRT
Unak -- Unak CMS	Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dirroot parameter to (1) fckeditor/editor/filemanager/browser/default/connectors/php/connector.php or (2) fckeditor/editor/dialog/fck_link.php.	unknown 2006-09-19	7.0	CVE-2006-4890 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF
Verso NetPerformer -- Frame Relay Access Device ACT	Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via a long username.	unknown 2006-09-15	8.0	CVE-2006-4832 BUGTRAQ FULLDISC BID FRSIRT SECUNIA XF

Back to top

Medium Vulnerabilities

Primary Vendor -- Product	Description	Discovered Published	CVSS Score	Source & Patch Info
Apple -- Mac OS X Server Apple -- Mac OS X	Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument.	unknown 2006-09-19	4.9	CVE-2006-4866 FULLDISC OTHER-REF BID
Apple -- Remote Desktop	Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation.	unknown 2006-09-19	4.9	CVE-2006-4887 BUGTRAQ BID XF
BolinOS -- BlinOS	PHP remote file inclusion vulnerability in system/_b/contentFiles/gBIndex.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter.	unknown 2006-09-18	5.6	CVE-2006-4850 BUGTRAQ Milw0rm BID FRSIRT SECUNIA XF
Cisco -- Cisco Guard DDos Mitigation Appliance	Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly handled when the appliance sends a meta-refresh.	unknown 2006-09-20	4.7	CVE-2006-4909 CISCO BID FRSIRT SECTRACK SECUNIA XF
Citrix -- Access Gateway AAC	Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors.	unknown 2006-09-18	5.6	CVE-2006-4846 CITRIX CITRIX BID FRSIRT SECTRACK SECUNIA XF
Claroline -- Claroline Dokeos -- Open Source Learning & Knowledge Management Tool	PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter.	unknown 2006-09-18	5.6	CVE-2006-4844 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF OTHER-REF FRSIRT SECUNIA
ClickTech -- ClickBlog	SQL injection vulnerability in default.asp (aka the login page) in ClickTech ClickBlog 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) form_codeword (aka the Password field) parameters.	unknown 2006-09-19	4.7	CVE-2006-4857 BUGTRAQ BID FRSIRT SECUNIA XF
Codeworx Technologies -- DCP-Portal	SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: The lostpassword.php and calendar.php vectors are already covered by CVE-2005-3365, and the search.php vector is already covered by CVE-2005-4227.	unknown 2006-09-15	5.6	CVE-2006-4836 BUGTRAQ BID
David Bennett -- PHP-Post	SQL injection vulnerability in profile.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.	unknown 2006-09-19	4.7	CVE-2006-4879 BUGTRAQ BID
David Bennett -- PHP-Post	Multiple cross-site scripting (XSS) vulnerabilities in David Bennett PHP-Post (PHPp) 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the replyuser parameter in (a) pm.php; (2) the txt_jumpto parameter in (b) dropdown.php; the (3) txt_error and (4) txt_templatenotexist parameters in (c) template.php; the (5) split parameter in certain files, as demonstrated by (d) editprofile.php, (e) search.php, (f) index.php, and (g) pm.php; and the (6) txt_login parameter in (h) loginline.php; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) txt_logout parameter in (i) loginline.php.	unknown 2006-09-19	4.7	CVE-2006-4881 BUGTRAQ BID
Doctor Web Ltd -- Dr.WebScanner	Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name.	unknown 2006-09-20	4.7	CVE-2006-4438 FULLDISC FRSIRT SECUNIA
George Lewe -- TeamCal Pro	PHP remote file inclusion vulnerability in includes/footer.html.inc.php in TeamCal Pro 2.8.001 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tc_config[app_root] parameter.	unknown 2006-09-18	5.6	CVE-2006-4845 OTHER-REF BID BID FRSIRT SECUNIA XF
Gnu -- Mailman	** DISPUTED ** Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable."	unknown 2006-09-19	4.7	CVE-2006-2191 MLIST MLIST
GNUTurk -- GNUTurk	SQL injection vulnerability in mods.php in GNUTurk 2G and earlier allows remote attackers to execute arbitrary SQL commands via the t_id parameter when the go parameter is "Forum."	unknown 2006-09-19	4.7	CVE-2006-4867 OTHER-REF OTHER-REF BID FRSIRT SECUNIA
gzip -- gzip	Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability."	unknown 2006-09-19	4.7	CVE-2006-4335 OTHER-REF REDHAT UBUNTU DEBIAN FREEBSD SLACKWARE SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA MANDRIVA CERT-VN FRSIRT SECUNIA SECUNIA XF
gzip -- gzip	Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index.	unknown 2006-09-19	4.7	CVE-2006-4336 OTHER-REF REDHAT UBUNTU DEBIAN FREEBSD SLACKWARE SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA MANDRIVA CERT-VN FRSIRT SECUNIA SECUNIA XF
gzip -- gzip	Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.	unknown 2006-09-19	4.7	CVE-2006-4337 OTHER-REF REDHAT UBUNTU DEBIAN FREEBSD SLACKWARE SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA MANDRIVA FRSIRT SECUNIA SECUNIA
IDevSpot -- BizDirectory	Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot BizDirectory allow remote attackers to inject arbitrary web script or HTML via (1) the stylesheet parameter in Feed.php or (2) the message parameter in status.php.	unknown 2006-09-19	4.7	CVE-2006-4883 BUGTRAQ BID XF FRSIRT SECTRACK SECUNIA
IDevSpot -- iSupport	Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 allow remote attackers to inject arbitrary web script or HTML via (1) the suser parameter in support/rightbar.php, (2) the ticket_id parameter in support/open_tickets.php, and (3) the cons_page_title parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.	unknown 2006-09-19	4.7	CVE-2006-4884 BID
Ipswitch -- WS_FTP Server	Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.	unknown 2006-09-18	4.2	CVE-2006-4847 IPSWITCH FRSIRT SECUNIA XF BID OSVDB
Julian Roberts -- Charon Cart	SQL injection vulnerability in Review.asp in Julian Roberts Charon Cart 3 allows remote attackers to execute arbitrary SQL commands via the ProductID parameter.	unknown 2006-09-19	4.7	CVE-2006-4882 BUGTRAQ BID FRSIRT SECTRACK SECUNIA XF
Jupiter CMS -- Jupiter CMS	Multiple cross-site scripting (XSS) vulnerabilities in Jupiter CMS allow remote attackers to inject arbitrary web script or HTML via the (1) language[Admin name] and (2) language[Admin back] parameters in (a) modules/blocks.php; the (3) language[Register title] and (4) language[Register title2] parameters in (b) modules/register.php; the (5) language[Mass-Email form title], (6) language[Mass-Email form desc], (7) language[Mass-Email form desc2] (8) language[Mass-Email form desc3], and (9) language[Mass-Email form desc4] parameters in (c) modules/mass-email.php; the (10) language[Forgotten title], (11) language[Forgotten desc], (12) language[Forgotten desc2], (13) language[Forgotten desc3], (14) language[Forgotten desc4], and (15) language[Forgotten desc5] parameters in (d) modules/register.php; and the (16) language[Search view desc], (17) language[Search view desc2], (18) language[Search view desc3], (19) language[Search view desc4], (20) language[Search view desc5], (21) language[Search view desc6], (22) language[Search view desc7], and (23) language[Search view desc8] parameters in (e) modules/search.php.	unknown 2006-09-19	4.7	CVE-2006-4874 BUGTRAQ BID
Jupiter CMS -- Jupiter CMS	Multiple SQL injection vulnerabilities in Jupiter CMS allow remote attackers to execute arbitrary SQL commands via (1) the user name during login, or the (2) key or (3) fpwusername parameters in modules/register.	unknown 2006-09-19	4.7	CVE-2006-4876 BUGTRAQ BID
Keyvan Janghorbani -- EShoppingPro	SQL injection vulnerability in search_run.asp in Keyvan1 (aka Keyvan Janghorbani) EShoppingPro 1.0 allows remote attackers to execute arbitrary SQL commands via the order parameter.	unknown 2006-09-19	4.7	CVE-2006-4871 BUGTRAQ BID FRSIRT SECTRACK SECUNIA XF
Keyvan Janghorbani -- ECardPro	SQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan Janghorbani) ECardPro 2.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter.	unknown 2006-09-19	4.7	CVE-2006-4872 BUGTRAQ BID FRSIRT SECTRACK SECUNIA XF
Limbo CMS -- Limbo CMS	Multiple unspecified vulnerabilities in (1) index.php, (2) minixml.inc.php, (3) doc.inc.php, (4) element.inc.php, (5) node.inc.php, (6) treecomp.inc.php, (7) forum.html.php, (8) forum.php, (9) antihack.php, (10) content.php, (11) initglobals.php, and (12) imanager.php in Limbo (aka Lite Mambo) CMS 1.0.4.2 before 20060311 have unknown impact and attack vectors.	unknown 2006-09-19	4.9	CVE-2006-4860 OTHER-REF OTHER-REF
MamboXChange -- Serverstat component	PHP remote file inclusion vulnerability in install.serverstat.php in the Serverstat (com_serverstat) 0.4.4 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.	unknown 2006-09-19	5.6	CVE-2006-4858 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF
Marc Logemann -- More.groupware	SQL injection vulnerability in modules/calendar/week.php in More.groupware 0.74 allows remote attackers to execute arbitrary SQL commands via the new_calendarid parameter.	unknown 2006-09-20	4.7	CVE-2006-4906 OTHER-REF BID XF FRSIRT SECUNIA
Microsoft -- Internet Explorer	Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.	unknown 2006-09-19	4.7	CVE-2006-4868 OTHER-REF CERT-VN BID FRSIRT SECUNIA XF OTHER-REF SECTRACK BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ OTHER-REF OSVDB
Telekorn -- SignKorn Guestbook	Multiple PHP remote file inclusion vulnerabilities in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) index.php, (2) includes/functions.gb.php, (3) includes/functions.admin.php, (4) includes/admin.inc.php, (5) help.php, (6) smile.php, (7) entry.php; (8) adminhelp0.php, (9) adminhelp1.php, (10) adminhelp2.php, and (11) adminhelp3.php in (a) help/en and (b) help/de directories; and the (12) preview.php, (13) log.php, (14) index.php, (15) config.php, and (16) admin.php in the (c) admin directory, a different set of vectors than CVE-2006-4788.	unknown 2006-09-19	5.6	CVE-2006-4889 BUGTRAQ OTHER-REF BID XF
Vmist -- Downstat	Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat 1.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the art parameter to (1) admin.php, (2) chart.php, (3) modes.php, or (4) stats.php.	unknown 2006-09-15	5.6	CVE-2006-4827 Milw0rm BID FRSIRT SECUNIA XF

Back to top

Low Vulnerabilities

Primary Vendor -- Product	Description	Discovered Published	CVSS Score	Source & Patch Info
A.l-Pifou -- A.l-Pifou	Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then accessing livre_dor.php to trigger the inclusion from inc/change_lang_ck.php, possibly related to livre_livre.php. NOTE: the livre_livre.php relationship has been reported by some third party sources.	unknown 2006-09-20	1.9	CVE-2006-4914 FULLDISC OSVDB SECUNIA BID FRSIRT
Bluview -- Blue Magic Board	Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) db_mysql_error.php, (4) langlist.php, (5) sendmail.php, or (6) style.php, which reveals the path in various error messages.	unknown 2006-09-15	2.3	CVE-2006-4835 BUGTRAQ XF
Cisco -- Cisco IDS Cisco -- Cisco IPS	The web administration interface (mainApp) to Cisco IDS before 4.1(5c), and IPS 5.0 before 5.0(6p1) and 5.1 before 5.1(2) allows remote attackers to cause a denial of service (unresponsive device) via a crafted SSLv2 Client Hello packet.	unknown 2006-09-20	2.3	CVE-2006-4910 CISCO BID FRSIRT SECTRACK SECUNIA XF
CMtextS -- CMtextS	CMtextS 1.0 and earlier stores users_logins/admin.txt under the web document root with insufficient access control, which allows remote attackers to obtain the administrator password.	unknown 2006-09-19	2.3	CVE-2006-4897 OTHER-REF FRSIRT SECUNIA XF
Codeworx Technologies -- DCP-Portal	Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5) page_options parameters in (b) admin/inc/header.inc.php.	unknown 2006-09-15	2.3	CVE-2006-4838 BUGTRAQ BID
David Bennett -- PHP-Post	Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php.	unknown 2006-09-19	2.3	CVE-2006-4877 BUGTRAQ BID
David Bennett -- PHP-Post	Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) sequence in the template parameter.	unknown 2006-09-19	2.3	CVE-2006-4878 BUGTRAQ BID
David Bennett -- PHP-Post	David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) footer.php, (2) template.php, or (3) lastvisit.php, which reveals the installation path in various error messages.	unknown 2006-09-19	2.3	CVE-2006-4880 BUGTRAQ BID
Drupal -- Drupal Userreview module	Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	unknown 2006-09-15	2.3	CVE-2006-4821 OTHER-REF FRSIRT SECUNIA BID XF
eMuSOFT -- emuCMS	Multiple cross-site scripting (XSS) vulnerabilities in index.php in eMuSOFT emuCMS 0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) page parameters.	unknown 2006-09-15	2.3	CVE-2006-4822 OTHER-REF BID FRSIRT SECUNIA OSVDB
eSyndiCat Portal System -- eSyndiCat Portal System	Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat Portal System allows remote attackers to inject arbitrary web script or HTML via the what parameter.	unknown 2006-09-20	2.3	CVE-2006-4923 BUGTRAQ BID XF FRSIRT SECUNIA
gzip -- gzip	Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.	unknown 2006-09-19	2.3	CVE-2006-4334 OTHER-REF REDHAT UBUNTU DEBIAN FREEBSD SLACKWARE SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA MANDRIVA CERT-VN SECUNIA SECUNIA XF
gzip -- gzip	unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive.	unknown 2006-09-19	2.3	CVE-2006-4338 OTHER-REF REDHAT UBUNTU DEBIAN FREEBSD SLACKWARE SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA MANDRIVA FRSIRT OSVDB SECUNIA SECUNIA
HP -- HP-UX	Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.	unknown 2006-09-15	1.6	CVE-2006-4820 HP BID FRSIRT SECTRACK SECUNIA XF
iDevSpot -- NixieAffiliate	Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in iDevSpot NixieAffiliate 1.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.	unknown 2006-09-19	2.3	CVE-2006-4894 BUGTRAQ BID
Innovate Portal -- Innovate Portal	Cross-site scripting (XSS) vulnerability in index.php in Innovate Portal 2.0 allows remote attackers to inject arbitrary web script or HTML via the content parameter.	unknown 2006-09-20	2.3	CVE-2006-4915 BUGTRAQ BID XF
Jupiter CMS -- Jupiter CMS	Jupiter CMS allows remote attackers to obtain sensitive information via a direct request for (1) includes/functions.php, (2) modules/register.php, (3) modules/poll.php, (4) modules/panel.php, (5) modules/pm.php, (6) modules/news.php, (7) modules/templates_change.php, (8) modules/users.php, (9) modules/misc.php, (10) modules/masspm.php, (11) modules/mass-email.php, (12) modules/main-nav.php, (13) modules/login.php, (14) modules/layout.php, (15) modules/hq.php, (16) modules/forum.php, (17) modules/forum-admin.php, (18) modules/events.php, (19) modules/emoticons.php, (20) modules/download.php, (21) modules/blocks.php, (22) modules/ban.php, (23) modules/badwords.php, (24) modules/ads.php, or (25) modules/admin.php, which reveals the installation path in various error messages. NOTE: The modules/online.php vector is already covered by CVE-2006-1679.	unknown 2006-09-19	2.3	CVE-2006-4873 BUGTRAQ BID
Jupiter CMS -- Jupiter CMS	Unrestricted file upload vulnerability in modules/galleryuploadfunction.php in Jupiter CMS allows remote attackers to upload picture files, and possibly files with arbitrary extensions, to gallery/albums/public.	unknown 2006-09-19	2.3	CVE-2006-4875 BUGTRAQ BID
Limbo CMS -- Limbo CMS	Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression.	unknown 2006-09-19	2.3	CVE-2006-4859 OTHER-REF BID
Linux -- Linux kernel	The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local users to cause a denial of service (crash) via an SCTP socket with a certain SO_LINGER value, possibly related to the patch for CVE-2006-3745. NOTE: older kernel versions for specific Linux distributions are also affected, due to backporting of the CVE-2006-3745 patch.	unknown 2006-09-19	2.3	CVE-2006-4535 OTHER-REF UBUNTU BID OTHER-REF SECUNIA XF
McAfee -- VirusScan Enterprise McAfee -- McAfee Scan Engine	The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 allows local privileged users to bypass security restrictions and disable the On-Access Scan option by opening the program via the task bar and quickly clicking the Disable button, possibly due to an interface-related race condition.	unknown 2006-09-19	3.9	CVE-2006-4886 BUGTRAQ XF
Microsoft -- Internet Explorer	Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT.	unknown 2006-09-19	2.3	CVE-2006-4888 BUGTRAQ OTHER-REF OSVDB
Mozilla -- Network Security Services (NSS) Mozilla -- SeaMonkey Mozilla -- Firefox Mozilla -- Thunderbird	Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339.	unknown 2006-09-15	2.3	CVE-2006-4340 MLIST OTHER-REF OTHER-REF REDHAT REDHAT SECUNIA SECUNIA REDHAT FRSIRT FRSIRT SECTRACK SECTRACK SECTRACK SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA SGI UBUNTU SECUNIA
Mozilla -- SeaMonkey Mozilla -- Firefox Mozilla -- Thunderbird	Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ("[\\"), which leads to a buffer over-read.	unknown 2006-09-15	2.3	CVE-2006-4566 OTHER-REF REDHAT REDHAT SECUNIA SECUNIA REDHAT BID FRSIRT SECTRACK SECTRACK SECTRACK SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA XF SGI UBUNTU SECUNIA
Mozilla -- Firefox Mozilla -- Thunderbird	Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.	unknown 2006-09-15	1.9	CVE-2006-4567 OTHER-REF REDHAT SECUNIA SECUNIA REDHAT BID FRSIRT SECTRACK SECTRACK SECUNIA SECUNIA SECUNIA XF UBUNTU
Mozilla -- Firefox	The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.	unknown 2006-09-15	2.3	CVE-2006-4569 OTHER-REF SECUNIA REDHAT BID SECTRACK SECUNIA XF
Mozilla -- SeaMonkey Mozilla -- Thunderbird	Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message.	unknown 2006-09-15	1.9	CVE-2006-4570 OTHER-REF REDHAT REDHAT BID SECTRACK SECTRACK SECUNIA SECUNIA SECUNIA SECUNIA XF SGI UBUNTU SECUNIA
Ohio State University -- server	OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL to a non-existent file, which displays the web root path in the resulting error message.	unknown 2006-09-20	2.3	CVE-2006-4907 BUGTRAQ SECUNIA XF
Ohio State University -- OSU httpd	OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL containing an * (asterisk) wildcard, which displays all matching file and directory information.	unknown 2006-09-20	2.3	CVE-2006-4908 BUGTRAQ SECUNIA XF
phpQuiz -- phpQuiz	Walter Beschmout PhpQuiz allows remote attackers to obtain sensitive information via a direct request to cfgphpquiz/install.php and other unspecified vectors.	unknown 2006-09-19	2.3	CVE-2006-4865 BUGTRAQ
PT News -- PT News	Cross-site scripting (XSS) vulnerability in search.php in PT News 1.7.8 allows remote attackers to inject arbitrary web script or HTML via the pgname parameter.	unknown 2006-09-20	2.3	CVE-2006-4917 BUGTRAQ BID FRSIRT SECUNIA XF
QuadComm -- Q-Shop	SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allows remote attackers to execute arbitrary SQL commands via the OrderBy parameter.	unknown 2006-09-18	2.3	CVE-2006-4852 BUGTRAQ Milw0rm BID SECUNIA XF FRSIRT OSVDB
Roller WebLogger -- Roller WebLogger	Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) url parameters; (4) certain content parameters in the preview method; or (5) the q parameter in (a) sitesearch.do.	unknown 2006-09-19	2.3	CVE-2006-4856 BUGTRAQ OTHER-REF OTHER-REF CERT-VN BID FRSIRT SECUNIA
Site@School -- Site@School	Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter.	unknown 2006-09-20	1.9	CVE-2006-4919 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA
Site@School -- Site@School	Unrestricted file upload vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to upload and execute arbitrary files with executable extensions.	unknown 2006-09-20	2.3	CVE-2006-4922 BUGTRAQ OTHER-REF BID
SoftComplex -- PHP Event Calendar	Multiple cross-site scripting (XSS) vulnerabilities in cl_files/index.php in SoftComplex PHP Event Calendar 1.5.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) ti, (2) bi, or (3) cbgi parameters.	unknown 2006-09-15	2.3	CVE-2006-4825 BUGTRAQ BID SECUNIA XF
Symantec -- Norton Personal Firewall Symantec -- Norton Internet Security	The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly other versions of Norton Personal Firewall and Norton Internet Security, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.	unknown 2006-09-19	2.3	CVE-2006-4855 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA
Usermin -- Usermin	Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.	unknown 2006-09-19	3.3	CVE-2006-4246 OTHER-REF SOURCEFORGE OTHER-REF DEBIAN BID SECUNIA SECUNIA FRSIRT XF
Verso NetPerformer -- Frame Relay Access Device ACT	Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allow remote attackers to cause a denial of service (hang or reboot) via an ICMP packet with the same destination and source address and port, aka the "Land" vulnerability.	unknown 2006-09-15	3.3	CVE-2006-4833 BUGTRAQ FULLDISC BID FRSIRT SECUNIA XF
Zope -- Zope	The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.	unknown 2006-09-19	2.3	CVE-2006-4684 MLIST OTHER-REF DEBIAN FRSIRT SECUNIA SECUNIA

Back to top

Vulnerability Summary for the Week of June 25, 2012
Posted on Tuesday July 03, 2012

Vulnerability Summary for the Week of April 30, 2007
Posted on Tuesday May 08, 2007

">

High Vulnerabilities

Primary Vendor -- Product	Description	Discovered Published	CVSS Score	Source & Patch Info
Adobe -- Photoshop Adobe -- Photoshop Elements	Buffer overflow in Adobe Photoshop CS2 and CS3, and Photoshop Elements 5.0, allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.	unknown 2007-04-30	8.0	CVE-2007-2365 MILW0RM BID FRSIRT SECUNIA XF
AFFLIB -- AFFLIB	Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.	unknown 2007-04-30	10.0	CVE-2007-2053 BUGTRAQ OTHER-REF BID XF
AFFLIB -- AFFLIB	Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.	unknown 2007-04-30	7.0	CVE-2007-2054 BUGTRAQ OTHER-REF XF
AFFLIB -- AFFLIB	AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving (1) certain command line parameters in tools/afconvert.cpp and (2) arguments to the get_parameter function in aimage/ident.cpp. NOTE: it is unknown if the get_parameter vector (2) is ever called.	unknown 2007-04-30	7.0	CVE-2007-2055 BUGTRAQ OTHER-REF XF
AFFLIB -- AFFLIB	Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls, possibly involving (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/imager.cpp, and (f) tools/afxml.cpp. NOTE: this identifier is intended to address the vectors that were not fixed in CVE-2007-2054, but the unfixed vectors were not explicitly listed.	unknown 2007-04-30	10.0	CVE-2007-2352 BUGTRAQ OTHER-REF
Ahhp-Portal -- Ahhp-Portal	Multiple PHP remote file inclusion vulnerabilities in page.php in Ahhp-Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) fp or (2) sc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.	unknown 2007-05-01	7.0	CVE-2007-2428 BID
Ariadne -- Ariadne CMS	Cross-site scripting (XSS) vulnerability in index.php in Ariadne 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the ARLogin parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.	unknown 2007-05-02	7.0	CVE-2007-2433 SECUNIA
Aventail -- Aventail Connect	Buffer overflow in asnsp.dll in Aventail Connect 4.1.2.13 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a malformed DNS query.	unknown 2007-05-02	10.0	CVE-2007-2434 FULLDISC BID XF
b2evolution -- b2evolution	** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_path parameter to (a) a_noskin.php, (b) a_stub.php, (c) admin.php, (d) contact.php, (e) default.php, (f) index.php, and (g) multiblogs.php in blogs/; the (2) view_path and (3) control_path parameters to blogs/admin.php; and the (4) skins_path parameter to (h) blogs/contact.php and (i) blogs/multiblogs.php. NOTE: this issue is disputed by CVE, since the inc_path, view_path, control_path, and skins_path variables are all initialized in conf/_advanced.php before they are used.	unknown 2007-04-30	7.0	CVE-2007-2358 BUGTRAQ VIM XF
Burak Yilmaz -- Burak Yilmaz Blog	SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.	unknown 2007-05-01	7.0	CVE-2007-2420 BUGTRAQ BID XF
Burnstone -- BurnCMS	Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) mysql.class.php or (2) postgres.class.php in lib/db/; or (3) authuser.php, (4) misc.php, or (5) connect.php in lib/.	unknown 2007-04-30	7.0	CVE-2007-2364 MILW0RM BID FRSIRT XF
Cerulean Studios -- Trillian Pro	Heap-based buffer overflow in the Rendezvous / Extensible Messaging and Presence Protocol (XMPP) component (plugins\rendezvous.dll) for Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to execute arbitrary code via a message that triggers the overflow from expansion that occurs during encoding.	unknown 2007-05-02	7.0	CVE-2007-2418 OTHER-REF
Cerulean Studios -- Trillian Pro	Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string.	unknown 2007-05-02	7.0	CVE-2007-2478 IDEFENSE OTHER-REF BID FRSIRT SECTRACK SECUNIA XF XF
Cisco -- PIX Cisco -- Adaptive Security Appliance	Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors.	unknown 2007-05-02	10.0	CVE-2007-2462 CISCO CERT-VN BID
CMS Made Simple -- CMS Made Simple	SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.	unknown 2007-05-02	7.0	CVE-2007-2473 OTHER-REF OTHER-REF BID SECUNIA
Comdev -- Modules Builder	** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter to (1) config-bak.php or (2) config.php. NOTE: CVE disputes this vulnerability because the unmodified scripts set the applicable variable to the empty string; reasonable modified copies would use a fixed pathname string.	unknown 2007-05-01	7.0	CVE-2007-2422 BUGTRAQ XF
E-Annu -- E-Annu	SQL injection vulnerability in home.php in E-Annu allows remote attackers to execute arbitrary SQL commands via the a parameter.	unknown 2007-05-01	7.0	CVE-2007-2416 BUGTRAQ BID XF
EMC -- RSA Security SiteKey	EMC RSA Security SiteKey does not set the secure qualifier on the SiteKey Flash token (aka the PassMark Flash shared object), which might allow remote attackers to obtain the token via HTTP.	unknown 2007-04-30	10.0	CVE-2006-7201 OTHER-REF OTHER-REF
Fabrice Bellard -- QEMU	Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2 might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.	unknown 2007-05-02	7.0	CVE-2007-1320 OTHER-REF DEBIAN BID FRSIRT SECUNIA SECUNIA
FileRun -- FileRun	SQL injection vulnerability in index.php in FileRun 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the fid parameter.	unknown 2007-05-02	7.0	CVE-2007-2469 OTHER-REF BID SECUNIA
FireFly -- FireFly	Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) localize.php or (2) config.php in modules/admin/include/.	unknown 2007-05-02	7.0	CVE-2007-2456 MILW0RM VIM BID FRSIRT
FireFly -- FireFly	PHP remote file inclusion vulnerability in modules/admin/include/config.php in FireFly 1.1.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.	unknown 2007-05-02	7.0	CVE-2007-2460 VIM FRSIRT
Gregory Kokanosky -- phpMyNewsLetter	admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action.	unknown 2007-04-30	10.0	CVE-2007-2371 MILW0RM BID
Gregory Kokanosky -- phpMyNewsLetter	admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier prints a Location header but does not exit when administrative credentials are missing, which allows remote attackers to compose an e-mail message via a post with the subject, message, format, and list_id fields; and send the message via a direct request for the MsgId value under admin/.	unknown 2007-04-30	10.0	CVE-2007-2372 MILW0RM BID
Hitachi -- Groupmax Mobile Option	Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone 07-00 through 07-30, 5 for i-mode 05-11 through 05-23, and 6 for EZweb 06-00 through 06-04 allows remote attackers to execute arbitrary code via unspecified vectors.	unknown 2007-05-01	7.0	CVE-2007-2421 OTHER-REF BID FRSIRT SECUNIA XF
HP -- Power Manager Remote Agent	Unspecified vulnerability in the HP Power Manager Remote Agent (RA) 4.0Build10 and earlier in HP-UX B.11.11 and B.11.23 allows local users to execute arbitrary code via unspecified vectors.	unknown 2007-04-30	7.0	CVE-2007-2351 HP BID FRSIRT SECUNIA SECTRACK
IBM -- WebSphere Application Server	Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/OS 601 before 6.0.2.13, has unknown impact and attack vectors, related to a "Potential security exposure," aka PK26123.	unknown 2007-04-30	7.0	CVE-2006-7198 OTHER-REF AIXAPAR AIXAPAR FRSIRT SECTRACK SECUNIA XF
ManageEngine -- PasswordManager Pro	ManageEngine PasswordManager Pro (PMP) allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.	unknown 2007-05-01	10.0	CVE-2007-2429 BID
Microsoft -- Windows 2000 Microsoft -- Windows Server 2003 Microsoft -- Windows XP	Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.	unknown 2007-04-30	8.0	CVE-2007-2374 OTHER-REF BID
MicroWorld Technologies -- eScan	The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222.	unknown 2007-05-02	10.0	CVE-2007-0655 OTHER-REF FRSIRT SECUNIA
Novell -- Novell SecureLogin	Unspecified vulnerability in the ADSCHEMA utility in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to granting "users excess permissions to their own attributes."	unknown 2007-05-02	7.0	CVE-2007-2475 NOVELL FRSIRT
Novell -- Novell SecureLogin	Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to Active Directory (AD) password changes.	unknown 2007-05-02	7.0	CVE-2007-2476 OTHER-REF FRSIRT
Nukedit -- Nukedit	Cross-site scripting (XSS) vulnerability in utilities/search.asp in nukedit 4.9.7b allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.	unknown 2007-05-02	7.0	CVE-2007-2432 BID SECUNIA
OPeNDAP -- Server3	The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP 3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.	unknown 2007-04-30	10.0	CVE-2007-2355 OTHER-REF OTHER-REF CERT-VN BID FRSIRT SECTRACK SECUNIA
phpMyChat -- phpMyChat	** DISPUTED ** PHP remote file inclusion vulnerability in phpMyChat.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the {ChatPath} parameter. NOTE: this has been disputed by multiple third parties and CVE because $ChatPath is set to a constant value.	unknown 2007-05-02	7.0	CVE-2007-2477 BUGTRAQ BUGTRAQ VIM VIM
Pixaria -- Pixaria Gallery	PHP remote file inclusion vulnerability in resources/includes/class.Smarty.php in Pixaria Gallery before 1.4.3 allows remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter.	unknown 2007-05-02	7.0	CVE-2007-2457 MILW0RM OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF
Pixaria -- Pixaria Gallery	Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery before 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter to psg.smarty.lib.php and certain include and library scripts.	unknown 2007-05-02	7.0	CVE-2007-2458 OTHER-REF OTHER-REF OTHER-REF FRSIRT
pnFlashGames -- pnFlashGames	SQL injection vulnerability in index.php in the pnFlashGames 1.5 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.	unknown 2007-05-01	7.0	CVE-2007-2427 MILW0RM BID
Ruben Boelinger -- myflash	PHP remote file inclusion vulnerability in myflash-button.php in the myflash 1.00 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter.	unknown 2007-05-03	7.0	CVE-2007-2485 MILW0RM OTHER-REF BID FRSIRT XF
Sphider -- Sphider	** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Sphider 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. NOTE: a third party disputes this vulnerability, stating that "the application is not vulnerable to this issue."	unknown 2007-05-01	7.0	CVE-2007-2411 BUGTRAQ BID BUGTRAQ XF
Sun -- JRE Sun -- SDK Sun -- Java Enterprise System	Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.	unknown 2007-05-02	7.0	CVE-2007-2435 SUNALERT BID FRSIRT SECUNIA SECTRACK XF
Symantec -- LiveState Recovery Symantec -- Ghost Symantec -- BackupExec System Recovery Symantec -- Norton Save & Recovery	Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string.	unknown 2007-04-30	7.0	CVE-2007-2359 IDEFENSE OTHER-REF SECTRACK XF
Symantec -- Enterprise Security Manager	The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol.	unknown 2007-04-30	10.0	CVE-2007-2375 OTHER-REF BID SECUNIA
Tecnick.com -- TCExam	Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web script via the _SERVER[SCRIPT_NAME] parameter.	unknown 2007-05-01	7.0	CVE-2007-2431 MILW0RM OTHER-REF VIM
The GIMP Team -- GIMP	Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.	unknown 2007-04-30	8.0	CVE-2007-2356 MILW0RM BID SECUNIA XF OTHER-REF FRSIRT
The Merchant Project -- The Merchant	PHP remote file inclusion vulnerability in help/index.php in The Merchant (themerchant) 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the show parameter.	unknown 2007-05-01	7.0	CVE-2007-2424 MILW0RM
Tony Cook -- Imager	Heap-based buffer overflow in Imager before 0.57 allows remote attackers to cause a denial of service (application abort) and possibly execute arbitrary code via compressed 8-bit BMP files.	unknown 2007-05-01	10.0	CVE-2007-2413 OTHER-REF OTHER-REF SECUNIA BID FRSIRT
Turnkey Web Tools -- SunShop Shopping Cart	Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) include/payment/payflow_pro.php, (2) global.php, or (3) libsecure.php, different vectors than CVE-2007-2070.	unknown 2007-05-02	7.0	CVE-2007-2474 BUGTRAQ BID
VIM Development Group -- VIM	The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.	unknown 2007-05-02	8.0	CVE-2007-2438 MLIST MLIST OTHER-REF OTHER-REF OTHER-REF OTHER-REF BUGTRAQ BID FRSIRT SECUNIA
WF-Links -- WF-Links	SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1.03 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter.	unknown 2007-04-30	7.0	CVE-2007-2373 MILW0RM
Wildbits -- myGallery	PHP remote file inclusion vulnerability in myfunctions/mygallerybrowser.php in the myGallery 1.4b4 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the myPath parameter.	unknown 2007-05-01	7.0	CVE-2007-2426 MILW0RM BID FRSIRT SECUNIA XF
Xoops -- John Mordo Jobs Module	SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. NOTE: the module name was originally reported as Job Listings.	unknown 2007-04-30	7.0	CVE-2007-2370 MILW0RM VIM

Back to top

Medium Vulnerabilities

Primary Vendor -- Product	Description	Discovered Published	CVSS Score	Source & Patch Info
Apple -- Mac OS X Server	The Apple Security Update 2007-004 uses an incorrect configuration file for FTPServer in Apple Mac OS X Server 10.4.9, which might allow remote authenticated users to access additional directories.	unknown 2007-05-02	4.0	CVE-2007-0745 APPLE
Corel -- Paint Shop Pro Photo	Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.	unknown 2007-04-30	4.8	CVE-2007-2366 MILW0RM BID FRSIRT SECUNIA XF
Don Moore -- MyDNS	Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c.	unknown 2007-04-30	6.0	CVE-2007-2362 FULLDISC OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF
EMC -- RSA Security SiteKey	EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is easier to monitor this attack than "attacks against static web pages."	unknown 2007-04-30	6.0	CVE-2006-7199 OTHER-REF OTHER-REF OTHER-REF
EMC -- RSA Security SiteKey	EMC RSA Security SiteKey issues challenge-bypass tokens that persist forever without a cancellation interface for end users, which makes it easier for attackers to bypass one stage of authentication by stealing and replaying a token.	unknown 2007-04-30	6.0	CVE-2006-7200 OTHER-REF OTHER-REF
freePBX -- freePBX	admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter.	unknown 2007-04-30	4.2	CVE-2007-2350 FULLDISC FRSIRT SECUNIA
IrfanView -- IrfanView	Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file.	unknown 2007-04-30	4.8	CVE-2007-2363 MILW0RM BID XF FRSIRT SECUNIA
Linux -- Kernel	The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other applications.	unknown 2007-05-03	4.9	CVE-2007-2480 OTHER-REF
Parallels -- Parallels Desktop	Heap-based buffer overflow in the VGA device in Parallels allows local users, with root access to the guest operating system, to terminate the virtual machine and possibly execute arbitrary code in the host operating system via unspecified vectors related to bitblt operations.	unknown 2007-05-02	4.2	CVE-2007-2454 OTHER-REF
Ruben Boelinger -- wordTube	PHP remote file inclusion vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter.	unknown 2007-05-03	5.6	CVE-2007-2481 BUGTRAQ MILW0RM OTHER-REF BID FRSIRT SECUNIA XF
Ruben Boelinger -- wordTube	Directory traversal vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the wpPATH parameter.	unknown 2007-05-03	5.6	CVE-2007-2482 BUGTRAQ MILW0RM OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF
Ruben Boelinger -- wp-Table	PHP remote file inclusion vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter.	unknown 2007-05-03	5.6	CVE-2007-2484 MILW0RM OTHER-REF FRSIRT SECUNIA XF
SineCMS -- SineCMS	Cross-site scripting (XSS) vulnerability in mods/Core/result.php in SineCms 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the stringa parameter.	unknown 2007-04-30	5.6	CVE-2007-2357 BUGTRAQ BID FRSIRT SECUNIA XF
Symantec -- LiveState Recovery Symantec -- Ghost Symantec -- BackupExec System Recovery Symantec -- Norton Save & Recovery	Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key.	unknown 2007-04-30	4.2	CVE-2007-2360 IDEFENSE OTHER-REF SECTRACK
VMWare -- VMWare Workstation	VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to "corrupt the virtual machine's register context" by debugging a local program and stepping into a "syscall instruction."	unknown 2007-05-02	4.9	CVE-2007-1876 OTHER-REF
Xscreensaver -- Xscreensaver	XScreenSaver 4.10, when using a remote directory service for credentials, allows local users to bypass authentication by preventing network connectivity, which causes XScreenSaver to crash and unlock the screen.	unknown 2007-05-02	4.9	CVE-2007-1859 REDHAT

Back to top

Low Vulnerabilities

Primary Vendor -- Product	Description	Discovered Published	CVSS Score	Source & Patch Info
Apache Software Foundation -- Axis	Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.	unknown 2007-04-30	3.3	CVE-2007-2353 VIM BID OSVDB
Blackdot -- Imageview	Directory traversal vulnerability in fileview.php in Imageview 5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the album parameter.	unknown 2007-05-01	2.3	CVE-2007-2425 MILW0RM
Cerulean Studios -- Trillian Pro	Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker.	unknown 2007-05-02	3.3	CVE-2007-2479 IDEFENSE OTHER-REF BID FRSIRT SECTRACK SECUNIA XF XF
Cisco -- PIX Cisco -- Adaptive Security Appliance	The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers to cause a denial of service (dropped packets) via a DHCPREQUEST or DHCPINFORM message that causes multiple DHCPACK messages to be sent from DHCP servers to the agent, which consumes the memory allocated for a local buffer. NOTE: this issue only occurs when multiple DHCP servers are used.	unknown 2007-05-02	3.3	CVE-2007-2461 CISCO CERT-VN BID
Cisco -- PIX Cisco -- Adaptive Security Appliance	Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination and password Expiry.	unknown 2007-05-02	3.3	CVE-2007-2463 CISCO BID
Cisco -- PIX Cisco -- Adaptive Security Appliance	Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using "clientless SSL VPNs," allows remote attackers to cause a denial of service (device reload) via "non-standard SSL sessions."	unknown 2007-05-02	2.7	CVE-2007-2464 CISCO BID
Clam Anti-Virus -- ClamAV	The PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file, resulting in a "file descriptor leak".	unknown 2007-04-30	3.3	CVE-2007-2029 DEBIAN BID SECUNIA
Dojo Toolkit -- Dojo Toolkit	The Dojo framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."	unknown 2007-04-30	3.3	CVE-2007-2376 OTHER-REF
Fabrice Bellard -- QEMU	QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction.	unknown 2007-05-02	2.3	CVE-2007-1322 OTHER-REF DEBIAN BID FRSIRT SECUNIA SECUNIA
Fabrice Bellard -- QEMU	QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error.	unknown 2007-05-02	2.3	CVE-2007-1366 MLIST MLIST OTHER-REF DEBIAN BID FRSIRT SECUNIA SECUNIA
FileRun -- FileRun	Multiple cross-site scripting (XSS) vulnerabilities in index.php in FileRun 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) module, or (3) section parameter.	unknown 2007-05-02	3.7	CVE-2007-2470 OTHER-REF BID SECUNIA
Getahead -- Direct Web Remoting	The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."	unknown 2007-04-30	3.3	CVE-2007-2377 OTHER-REF
Google -- Google Web Toolkit	The Google Web Toolkit (GWT) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."	unknown 2007-04-30	3.3	CVE-2007-2378 OTHER-REF
HP -- OpenVMS	Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 and 8.3 allows local users to cause a denial of service (crash) via "Program actions relating to exceptions."	unknown 2007-05-02	2.3	CVE-2007-2468 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF
Invision Power Services -- Invision Power Board	Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files.	unknown 2007-04-30	3.7	CVE-2007-2349 OTHER-REF FRSIRT SECUNIA XF
ISC -- BIND	Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function.	unknown 2007-05-02	2.7	CVE-2007-2241 OTHER-REF FRSIRT SECTRACK SECUNIA
jQuery -- jQuery	The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."	unknown 2007-04-30	3.3	CVE-2007-2379 OTHER-REF
Mad4Milk -- Moo.fx	The Moo.fx framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."	unknown 2007-04-30	3.3	CVE-2007-2382 OTHER-REF
Microsoft -- Atlas framework	The Microsoft Atlas framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."	unknown 2007-04-30	3.3	CVE-2007-2380 OTHER-REF
Mochikit -- MochiKit Framework	The MochiKit framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."	unknown 2007-04-30	3.3	CVE-2007-2381 OTHER-REF
MoinMoin -- MoinMoin	Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.	unknown 2007-05-01	3.7	CVE-2007-2423 BID
Motobit -- Motobit	Directory traversal vulnerability in download.asp in Motobit 1.3 and 1.5 (aka PStruh-CZ) allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter.	unknown 2007-05-03	2.3	CVE-2007-2486 MILW0RM XF
myServer -- myServer	MyServer before 0.8.8 allows remote attackers to cause a denial of service via unspecified vectors.	unknown 2007-05-01	3.3	CVE-2007-2414 OTHER-REF OTHER-REF SECUNIA BID XF
Novell -- eDirectory	ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file.	unknown 2007-04-30	3.3	CVE-2006-4520 IDEFENSE OTHER-REF BID FRSIRT SECTRACK XF
Parallels -- Parallels Desktop	Parallels allows local users to cause a denial of service (virtual machine abort) via (1) certain INT instructions, as demonstrated by INT 0xAA; (2) an IRET instruction when an invalid address is at the top of the stack; (3) a malformed MOVNTI instruction, as demonstrated by using a register as a destination; or a write operation to (4) SEGR6 or (5) SEGR7.	unknown 2007-05-02	3.3	CVE-2007-2455 OTHER-REF
PHP -- PHP webSPELL -- webSPELL	Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.	unknown 2007-04-30	3.3	CVE-2007-2369 MILW0RM
Pi3Web -- Pi3Web Web Server	Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial of service (application exit) via a long URI. NOTE: as of 20070429, the vendor was unable to reproduce this issue, stating "Couldn't reproduce any crash."	unknown 2007-05-01	3.3	CVE-2007-2415 OTHER-REF BID SECUNIA FRSIRT XF
Progress -- WebSpeed Messenger	Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information.	unknown 2007-04-30	3.3	CVE-2007-2354 BUGTRAQ OTHER-REF
PrototypeJS -- Prototype framework	The Prototype (prototypejs) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."	unknown 2007-04-30	3.3	CVE-2007-2383 OTHER-REF
Red Hat -- Red Hat Enterprise Linux Desktop Red Hat -- Red Hat Enterprise Linux Desktop Workstation Red Hat -- Red Hat Enterprise Linux Linux -- Kernel	Unspecified vulnerability in the utrace support for Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service	unknown 2007-05-02	2.3	CVE-2007-0771 REDHAT BID SECTRACK SECUNIA
rPath -- rPath Linux -- Kernel	The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel before 2.6.20.8 allows local users to cause a denial of service (kernel panic) via NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack overflow.	unknown 2007-05-02	2.3	CVE-2007-2436 OTHER-REF BID FRSIRT SECUNIA
Script.aculo.us -- Script.aculo.us	The Script.aculo.us framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."	unknown 2007-04-30	3.3	CVE-2007-2384 OTHER-REF
Seir Anphin -- Seir Anphin	** DISPUTED ** Directory traversal vulnerability in modules/file.php in Seir Anphin allows remote attackers to obtain sensitive information via a .. (dot dot) in the a[filepath] parameter. NOTE: a third party has disputed this issue because the a array is populated by a database query before use.	unknown 2007-05-01	3.3	CVE-2007-2412 BUGTRAQ VIM XF
Sendcard -- Sendcard	Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to read arbitrary files via a full pathname in the form parameter.	unknown 2007-05-02	2.3	CVE-2007-2471 MILW0RM SECUNIA XF
Sendcard -- Sendcard	Cross-site scripting (XSS) vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the form parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.	unknown 2007-05-02	1.9	CVE-2007-2472 SECUNIA
Sun -- Solaris	Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing (BSM) is enabled for file read, write, attribute modify, create, or delete audit classes, allows local users to cause a denial of service (panic) via unknown vectors, possibly related to the audit_savepath function.	unknown 2007-05-02	1.9	CVE-2007-2465 SUNALERT BID FRSIRT SECTRACK SECUNIA XF
Sun -- Java System Directory Server Sun -- ONE Directory Server	Unspecified vulnerability in the LDAP Software Development Kit (SDK) for C, as used in Sun Java System Directory Server 5.2 up to Patch 4 and Sun ONE Directory Server 5.1, allows remote attackers to cause a denial of service (crash) via certain BER encodings.	unknown 2007-05-02	3.3	CVE-2007-2466 SUNALERT BID FRSIRT SECTRACK SECUNIA XF
Symantec -- LiveState Recovery Symantec -- Ghost Symantec -- BackupExec System Recovery Symantec -- Norton Save & Recovery	Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file.	unknown 2007-04-30	2.3	CVE-2007-2361 IDEFENSE OTHER-REF SECTRACK XF
Tecnick.com -- TCExam	shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php.	unknown 2007-05-01	3.3	CVE-2007-2430 MILW0RM OTHER-REF
Tony Cook -- Imager	Buffer overflow in the read_4bit_bmp function in bmp.c in Imager 0.56 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via 4-bit/pixel BMP files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.	unknown 2007-05-02	3.3	CVE-2007-2459 FRSIRT
VMWare -- VMWare Workstation	The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF).	unknown 2007-05-02	3.3	CVE-2007-1069 OTHER-REF
VMWare -- VMWare Workstation	The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors.	unknown 2007-05-02	3.3	CVE-2007-1337 OTHER-REF XF
VMWare -- VMWare Workstation	Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host system via the "Backdoor I/O Port" interface.	unknown 2007-05-02	3.7	CVE-2007-1744 IDEFENSE OTHER-REF BID SECTRACK
VMWare -- VMWare Workstation	VMware Workstation before 5.5.4 allows attackers to cause a denial of service against the guest OS by causing the virtual machine process (VMX) to store malformed configuration information.	unknown 2007-05-02	3.3	CVE-2007-1877 OTHER-REF
webSPELL -- webSPELL	picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter.	unknown 2007-04-30	3.3	CVE-2007-2368 MILW0RM
Wserve HTTP Server -- Wserve HTTP Server	Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) 4.6 allows remote attackers to cause a denial of service (forced application exit) via a long directory name in the URI.	unknown 2007-04-30	3.3	CVE-2007-2367 BUGTRAQ BID
X.Org -- Xserver X.Org -- X Window System	The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error.	unknown 2007-05-02	2.0	CVE-2007-2437 OTHER-REF SECTRACK XF
Yahoo! -- Yahoo UI framework	The Yahoo! UI framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."	unknown 2007-04-30	3.3	CVE-2007-2385 OTHER-REF
Zone Labs -- ZoneAlarm Pro	ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions and other products, allows local users to cause a denial of service (system crash) by sending malformed data to the vsdatant device driver, which causes an invalid memory access.	unknown 2007-05-02	2.3	CVE-2007-2467 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA

Back to top

Vulnerability Summary for the Week of October 22, 2012
Posted on Tuesday October 30, 2012

Vulnerability Summary for the Week of December 10, 2007
Posted on Tuesday December 18, 2007

">

High Vulnerabilities

Primary Vendor -- Product	Description	Discovered Published	CVSS Score	Source & Patch Info
Aurora -- Aurora Framework	SQL injection vulnerability in aurora framework before 20071208 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib. NOTE: some of these details are obtained from third party information.	unknown 2007-12-13	7.5	CVE-2007-6345 OTHER-REF SECUNIA
AVS Media -- AVSMJPEGFILE.DLL	Buffer overflow in a certain ActiveX control in Online Media Technologies AVSMJPEGFILE.DLL 1.1.1.102 allows remote attackers to execute arbitrary code via a long first argument to the CreateStill method.	unknown 2007-12-13	7.5	CVE-2007-6327 MILW0RM OTHER-REF BID XF
David Castro -- Apache_AuthCAS	SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.	unknown 2007-12-13	7.5	CVE-2007-6342 BUGTRAQ BID
DOSBox -- DOSBox	** DISPUTED ** DOSBox 0.72 and earlier allows local users to obtain access to the filesystem on the host operating system via the mount command. NOTE: the researcher reports a vendor response stating that this is not a security problem.	unknown 2007-12-13	7.2	CVE-2007-6328 BUGTRAQ FRSIRT XF
Falt4 CMS -- Falt4 Extreme RC4	SQL injection vulnerability in (1) index.php, and possibly (2) admin/index.php, in Falt4Extreme RC4 10.9.2007 allows remote attackers to execute arbitrary SQL commands via the nav_ID parameter.	unknown 2007-12-11	7.5	CVE-2007-6311 BUGTRAQ MILW0RM OTHER-REF OTHER-REF BID
GNU -- Emacs	Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line.	unknown 2007-12-07	10.0	CVE-2007-6109 SUSE OTHER-REF GENTOO SECUNIA XF
HP -- OpenView Network Node Manager	Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe.	unknown 2007-12-13	10.0	CVE-2007-6204 BUGTRAQ OTHER-REF HP BID FRSIRT SECTRACK SECUNIA XF
HP -- Info Center	Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Buttons (QLBCTRL.exe), allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method. NOTE: only a user-assisted attack is possible on Windows Vista.	unknown 2007-12-13	9.3	CVE-2007-6331 MILW0RM OTHER-REF BID FRSIRT SECTRACK SECUNIA XF
HP -- Info Center	The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Buttons (QLBCTRL.exe), on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method.	unknown 2007-12-13	9.3	CVE-2007-6332 MILW0RM OTHER-REF BID FRSIRT SECTRACK SECUNIA XF
Meridian Software -- Prolog Manager	Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames and passwords to the client in a (1) cleartext or (2) weakly encrypted format to support client-side login authentication, which makes it easier for remote attackers to obtain database access by capturing credentials via a man-in-the-middle attack.	unknown 2007-12-13	10.0	CVE-2007-6330 BUGTRAQ BID XF
Microsoft -- windows_media_format_runtime Microsoft -- windows_media_services Microsoft -- Media Format Runtime	Unspecified vulnerability in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.	unknown 2007-12-11	9.3	CVE-2007-0064 MS
Microsoft -- Message Queuing MSMQ	Buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via unspecified vectors. NOTE: remote vectors exist for Windows 2000 Professional SP4 and Windows XP SP2; they are only local for the other operating systems.	unknown 2007-12-11	9.0	CVE-2007-3039 MS
Microsoft -- DirectX	Unspecified vulnerability in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file.	unknown 2007-12-11	9.3	CVE-2007-3895 MS FRSIRT SECUNIA
Microsoft -- DirectX	Unspecified vulnerability in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted Synchronized Accessible Media Interchange (SAMI) file.	unknown 2007-12-11	10.0	CVE-2007-3901 MS FRSIRT SECUNIA XF
Microsoft -- Internet Explorer	Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website involving uninitialized or deleted objects, a different issue than CVE-2007-3903 and CVE-2007-5344, one variant of "Uninitialized Memory Corruption Vulnerability."	unknown 2007-12-11	10.0	CVE-2007-3902
Microsoft -- windows-nt	Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths."	unknown 2007-12-11	7.2	CVE-2007-5350 MS
scponly -- scponly	scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, and (3) svn , as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks.	unknown 2007-12-14	8.5	CVE-2007-6350 OTHER-REF

Back to top

Medium Vulnerabilities

Primary Vendor -- Product	Description	Discovered Published	CVSS Score	Source & Patch Info
Apache Software Foundation -- Apache HTTP Server	Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	unknown 2007-12-13	4.3	CVE-2007-5000 OTHER-REF OTHER-REF OTHER-REF FRSIRT FRSIRT SECUNIA SECUNIA
City Writer -- CityWriter	PHP remote file inclusion vulnerability in head.php in CityWriter 0.9.7 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.	unknown 2007-12-13	6.8	CVE-2007-6324 MILW0RM
Drupal -- feature_module	Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks.	unknown 2007-12-11	4.3	CVE-2007-6320 OTHER-REF
Ext2 Filesystems Utilities -- e2fsprogs	Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.	unknown 2007-12-07	5.8	CVE-2007-5497 SUSE OTHER-REF DEBIAN UBUNTU BID FRSIRT SECUNIA SECUNIA SECUNIA XF MANDRIVA SECUNIA
Falt4 CMS -- Falt4 Extreme RC4	Multiple cross-site scripting (XSS) vulnerabilities in Falt4Extreme RC4 10.9.2007 allow remote attackers to inject arbitrary web script or HTML via the handler parameter to (1) index.php and possibly (2) admin/index.php, and (3) the topic parameter to modules/feed/feed.php (aka modules/feed.php).	unknown 2007-12-11	4.3	CVE-2007-6310 BUGTRAQ MILW0RM OTHER-REF OTHER-REF BID
Fastpublish -- Fastpublish CMS	PHP remote file inclusion vulnerability in adminbereich/designconfig.php in Fastpublish CMS 1.9999 allows remote attackers to execute arbitrary PHP code via a URL in the config[fsBase] parameter, a different vector than CVE-2006-2726.	unknown 2007-12-13	6.8	CVE-2007-6325 MILW0RM FRSIRT SECUNIA
GNOME -- Balsa	Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.	unknown 2007-12-12	6.8	CVE-2007-5007 MLIST OTHER-REF OTHER-REF OTHER-REF GENTOO SUSE BID FRSIRT SECUNIA SECUNIA SECUNIA
HP -- Info Center	The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Buttons (QLBCTRL.exe), allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method.	unknown 2007-12-13	5.8	CVE-2007-6333 MILW0RM OTHER-REF BID FRSIRT SECTRACK SECUNIA XF
HP -- OpenView Network Node Manager	Cross-site scripting (XSS) vulnerability in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	unknown 2007-12-13	4.3	CVE-2007-6343 HP FRSIRT SECTRACK SECUNIA
HttpLogger -- HttpLogger	Cross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	unknown 2007-12-11	4.3	CVE-2007-6308 OTHER-REF OTHER-REF SECUNIA
IBM -- Hardware Management Console	Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands."	unknown 2007-12-10	4.6	CVE-2007-6305 OTHER-REF OTHER-REF SECUNIA
JFree -- JFreeChart	Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.	unknown 2007-12-11	4.3	CVE-2007-6306 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF OTHER-REF BID SECUNIA XF
JFree -- JFreeChart	Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header.	unknown 2007-12-11	4.3	CVE-2007-6307 BUGTRAQ OTHER-REF BID SECUNIA XF
Mcms -- Easy Web Make	Directory traversal vulnerability in modules/cms/index.php in Mcms Easy Web Make 1.3, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.	unknown 2007-12-13	6.8	CVE-2007-6344 MILW0RM BID SECUNIA XF
Microsoft -- Internet Explorer	Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website involving uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability."	unknown 2007-12-11	6.8	CVE-2007-3903 MS
Microsoft -- Internet Explorer	Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website involving uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, a variant of "Uninitialized Memory Corruption Vulnerability."	unknown 2007-12-11	6.8	CVE-2007-5344
Microsoft -- Internet Explorer	Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."	unknown 2007-12-11	6.8	CVE-2007-5347 MS
Microsoft -- windows-nt	Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."	unknown 2007-12-11	6.4	CVE-2007-5351 MS
Microsoft -- Office	Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.	unknown 2007-12-13	6.4	CVE-2007-6329 BUGTRAQ BID
MMS Gallery -- MMS Gallery PHP	Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) get_image.php or (2) get_file.php in mms_template/.	unknown 2007-12-13	5.0	CVE-2007-6323 MILW0RM
MySQL -- MySQL	MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.	unknown 2007-12-10	5.8	CVE-2007-5970 OTHER-REF OTHER-REF
MySQL -- MySQL	The federated engine in MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, does not properly handle a response with a small number of columns, which allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.	unknown 2007-12-10	5.0	CVE-2007-6304 OTHER-REF OTHER-REF OTHER-REF OTHER-REF
Novell -- NetMail	Multiple heap-based buffer overflows in avirus.exe in Novell NetMail 3.5.2 before Messaging Architects M+NetMail 3.52f (aka 3.5.2F) allows remote attackers to execute arbitrary code via unspecified ASCII integers used as memory allocation arguments, aka "ZDI-CVE-162."	unknown 2007-12-10	6.8	CVE-2007-6302 OTHER-REF OTHER-REF FRSIRT SECUNIA BUGTRAQ OTHER-REF BID SECTRACK XF
Rainboard -- Rainboard	Cross-site scripting (XSS) vulnerability in Rainboard before 2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	unknown 2007-12-13	4.3	CVE-2007-6346 OTHER-REF OTHER-REF SECUNIA
Real Time Logic -- BarracudaDrive Web Server Real Time Logic -- BarracudaDrive Web Server Home Server	BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a (1) + (plus), (2) . (dot), or (3) %80 and similar characters to the file name in the URL.	unknown 2007-12-11	5.0	CVE-2007-6314 BUGTRAQ OTHER-REF BID SECUNIA
Real Time Logic -- BarracudaDrive Web Server Real Time Logic -- BarracudaDrive Web Server Home Server	Group Chat in BarracudaDrive Web Server before 3.8 allows remote authenticated users to cause a denial of service (crash) via a HTTP request to /eh/chat.ehintf/C. that does not contain a Connection ID, which results in a NULL pointer dereference.	unknown 2007-12-11	4.0	CVE-2007-6315 BUGTRAQ OTHER-REF BID SECUNIA
Real Time Logic -- BarracudaDrive Web Server Real Time Logic -- BarracudaDrive Web Server Home Server	Cross-site scripting (XSS) vulnerability in BarracudaDrive Web Server before 3.8 allows remote attackers to inject arbitrary web script or HTML via the URI path in an HTTP GET request, which is activated by administrators viewing log files via the Trace page.	unknown 2007-12-11	4.3	CVE-2007-6316 BUGTRAQ OTHER-REF BID SECUNIA
Real Time Logic -- BarracudaDrive Web Server Real Time Logic -- BarracudaDrive Web Server Home Server	Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/.	unknown 2007-12-11	5.5	CVE-2007-6317 BUGTRAQ OTHER-REF BID SECUNIA
Red Hat -- enterprise_linux	The default configuration of autofs 5 in Red Hat Enterprise Linux (RHEL) 5 omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server.	unknown 2007-12-13	6.9	CVE-2007-5964 OTHER-REF REDHAT SECUNIA
Roundcube Webmail Project -- Roundcube Webmail	Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.	unknown 2007-12-11	4.3	CVE-2007-6321 BUGTRAQ OTHER-REF XF
S9Y -- Serendipity	Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed.	unknown 2007-12-11	4.3	CVE-2007-6205 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA
Samba -- Samba	Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.	unknown 2007-12-13	6.8	CVE-2007-6015 BUGTRAQ BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF REDHAT BID SECUNIA
Sergey Lyubka -- Simple HTTPD	Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI.	unknown 2007-12-13	5.0	CVE-2007-6326 MILW0RM OTHER-REF BID XF
Skype Technologies -- Skype	Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption.	unknown 2007-12-13	6.8	CVE-2007-5989 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA
SquirrelMail -- SquirrelMail	SquirrelMail 1.4.11 and 1.4.12, as distributed on www.squirrelmail.org before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code.	unknown 2007-12-14	6.8	CVE-2007-6348 OTHER-REF
ViArt -- Helpdesk ViArt -- Shop Evaluation ViArt -- Shop Free ViArt -- CMS	PHP remote file inclusion vulnerability in blocks/block_site_map.php in ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, and (4) Shop Free 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the root_folder_path parameter. NOTE: some of these details are obtained from third party information.	unknown 2007-12-13	6.8	CVE-2007-6347 MILW0RM BID SECUNIA
Websense -- Web Security Suite Websense -- Enterpise Websense -- Reporting Tools	Cross-site scripting (XSS) vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field.	unknown 2007-12-11	4.3	CVE-2007-6312 BUGTRAQ OTHER-REF OTHER-REF BID
webSPELL -- webSPELL	Multiple cross-site scripting (XSS) vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the galleryID parameter in a usergallery upload action; or the (2) upID, (3) tag, (4) month, (5) userID, or (6) year parameter in a calendar announce action.	unknown 2007-12-11	4.3	CVE-2007-6309 BUGTRAQ BID
WordPress -- WordPress	SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.	unknown 2007-12-11	6.8	CVE-2007-6318 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF FULLDISC
xml2owl -- xml2owl	Directory traversal vulnerability in filedownload.php in xml2owl 0.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.	unknown 2007-12-13	5.0	CVE-2007-6322 MILW0RM

Back to top

Low Vulnerabilities

Primary Vendor -- Product	Description	Discovered Published	CVSS Score	Source & Patch Info
MySQL -- MySQL	MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.	unknown 2007-12-10	3.5	CVE-2007-6303 OTHER-REF OTHER-REF OTHER-REF OTHER-REF

Back to top
=

Vulnerability Summary for the Week of June 3, 2013
Posted on Tuesday June 11, 2013

 

Vulnerability Summary for the Week of July 21, 2008
Posted on Tuesday July 29, 2008

">

High Vulnerabilities

Primary Vendor -- Product	Description	Discovered Published	CVSS Score	Source & Patch Info
alphadmin -- alphadmin_cms	AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authentication and gain administrative access by setting the aa_login cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.	unknown 2008-07-25	7.5	CVE-2008-3300 BID
AlstraSoft -- Affiliate Network Pro	SQL injection vulnerability in index.php in AlstraSoft Affiliate Network Pro allows remote attackers to execute arbitrary SQL commands via the pgm parameter in a directory action.	unknown 2008-07-21	7.5	CVE-2008-3240 MILW0RM BID
aprox -- aprox_cms_engine aprox -- aproxengine	SQL injection vulnerability in index.php in AproxEngine (aka Aprox CMS Engine) 5.1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.	unknown 2008-07-24	7.5	CVE-2008-3291 MILW0RM OTHER-REF BID XF
arctictracker -- arctic_issue_tracker	SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 allows remote attackers to execute arbitrary SQL commands via the filter parameter.	unknown 2008-07-21	7.5	CVE-2008-3250 MILW0RM BID
Asterisk -- Asterisk	Asterisk allows remote attackers to cause a denial of service (CPU consumption) by quickly sending a large number of IAX POKE requests.	unknown 2008-07-22	7.8	CVE-2008-3263 OTHER-REF BID XF
Asterisk -- AsteriskNOW Asterisk -- Asterisk Business Edition Asterisk -- Asterisk Appliance Developer Kit Asterisk -- Open Source	The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.	unknown 2008-07-24	7.8	CVE-2008-3264 OTHER-REF BID
cable-modems -- phphoo3	SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, 4.4.8, and 5.2.6 allows remote attackers to execute arbitrary SQL commands via the viewCat parameter.	unknown 2008-07-21	7.5	CVE-2008-3245 MILW0RM BID XF
Drupal -- Drupal	Session fixation vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.	unknown 2008-07-18	7.5	CVE-2008-3222 MLIST OTHER-REF
eSyndicat -- esyndicat	eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.	unknown 2008-07-25	7.5	CVE-2008-3299 BID
Fedora -- newsx	Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period.	unknown 2008-07-21	10.0	CVE-2008-3252 FEDORA FEDORA BID XF
iamilkay -- yuhhu_pubs_black_cat	SQL injection vulnerability in browse.groups.php in Yuhhu Pubs Black Cat allows remote attackers to execute arbitrary SQL commands via the category parameter.	unknown 2008-07-18	7.5	CVE-2008-3206 BUGTRAQ BID XF
Linux -- Kernel	The LDT implementation in the Linux kernel 2.6.25.x on x86_64 platforms uses an incorrect size for ldt_desc, which allows local users to cause a denial of service (system crash) or possibly gain privileges via unspecified vectors.	unknown 2008-07-24	7.2	CVE-2008-3247 OTHER-REF
MojoScripts -- mojojobs	SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows remote attackers to execute arbitrary SQL commands via the cat_a parameter.	unknown 2008-07-24	7.5	CVE-2008-3267 MILW0RM XF
Oracle -- weblogic_server BEA Systems -- WebLogic Server BEA Systems -- apache_connector_in_weblogic_server	Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. NOTE: it is possible that this overlaps CVE-2008-2579 or another issue disclosed in Oracle's CPUJul2008 advisory.	unknown 2008-07-22	10.0	CVE-2008-3257 MILW0RM VIM VIM SECTRACK XF
ppmate -- ppmedia_class	Heap-based buffer overflow in the PPMedia Class ActiveX control in PPMPlayer.dll in PPMate 2.3.1.93 allows remote attackers to execute arbitrary code via a long argument to the StartUrl method. NOTE: some of these details are obtained from third party information.	unknown 2008-07-21	10.0	CVE-2008-3242 MILW0RM BID XF
pragyan -- praygan_cms	PHP remote file inclusion vulnerability in cms/modules/form.lib.php in Pragyan CMS 2.6.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) sourceFolder or (2) moduleFolder parameter.	unknown 2008-07-18	9.3	CVE-2008-3207 MILW0RM BID XF
RIM -- blackberry_enterprise_server_for_exchange RIM -- blackberry_enterprise_server_for_domino Blackberry -- enterprise_server RIM -- blackberry_enterprise_server_for_novell_groupwise Blackberry -- unite RIM -- Blackberry Enterprise Server RIM -- blackberry_unite	Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment.	unknown 2008-07-21	9.3	CVE-2008-3246 OTHER-REF OTHER-REF CERT-VN SECTRACK SECUNIA XF XF
Siteframe -- siteframe_cms Siteframe -- Siteframe Beaumont	SQL injection vulnerability in folder.php in Siteframe CMS 3.2.3 and earlier, and Siteframe Beaumont 5.0.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter.	unknown 2008-07-22	7.5	CVE-2008-3256 MILW0RM BID
Social Engine -- Social Engine	Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.83 allow remote attackers to execute arbitrary SQL commands via (1) an se_user cookie to include/class_user.php or (2) an se_admin cookie to include/class_admin.php.	unknown 2008-07-25	7.5	CVE-2008-3297 BUGTRAQ BID XF
Softacid -- hotel_reservation_system_multi	SQL injection vulnerability in picture_pic_bv.asp in SoftAcid Hotel Reservation System (HRS) Multi allows remote attackers to execute arbitrary SQL commands via the key parameter.	unknown 2008-07-24	7.5	CVE-2008-3266 MILW0RM BID
TPL Design -- tplsoccersite	Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the opp parameter to tampereunited/opponent.php; or the id parameter to (2) index.php, (3) player.php, (4) matchdetails.php, or (5) additionalpage.php in tampereunited/.	unknown 2008-07-21	7.5	CVE-2008-3251 MILW0RM XF
ultrastats -- ultrastats	SQL injection vulnerability in players-detail.php in UltraStats 0.2.136, 0.2.140, and 0.2.142 allows remote attackers to execute arbitrary SQL commands via the id parameter.	unknown 2008-07-21	7.5	CVE-2008-3241 MILW0RM OTHER-REF BID
XOOPS -- Xoops	Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.	unknown 2008-07-25	7.5	CVE-2008-3296 BID XF
Zoph -- Zoph	Multiple SQL injection vulnerabilities in Zoph before 0.7.0.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.	unknown 2008-07-22	7.5	CVE-2008-3258 OTHER-REF

Back to top

Medium Vulnerabilities

Primary Vendor -- Product	Description	Discovered Published	CVSS Score	Source & Patch Info
alain_barbet -- filesys_smbclientparser	The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters.	unknown 2008-07-24	6.8	CVE-2008-3285 BUGTRAQ BID XF
BrickHost -- phpScheduleIt	Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when useLogonName is enabled, allows remote attackers with administrator email address knowledge to bypass restrictions and gain privileges via unspecified vectors related to login names. NOTE: some of these details are obtained from third party information.	unknown 2008-07-24	6.8	CVE-2008-3268 OTHER-REF BID XF
Carlos Desseno -- youtube_blog	Cross-site scripting (XSS) vulnerability in mensaje.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to inject arbitrary web script or HTML via the m parameter.	unknown 2008-07-25	4.3	CVE-2008-3305 MILW0RM BID XF
Citrix -- xenserver	Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition (Express and Enterprise) 4.1.0; and HP integrated Citrix XenServer (Select and Enterprise) 4.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	unknown 2008-07-22	4.3	CVE-2008-3253 OTHER-REF BID SECTRACK XF
Clam Anti-Virus -- ClamAV	libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713.	unknown 2008-07-18	5.0	CVE-2008-3215 MLIST MLIST OTHER-REF OTHER-REF
Claroline -- Claroline	Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/.	unknown 2008-07-22	4.3	CVE-2008-3260 BUGTRAQ OTHER-REF OTHER-REF BID XF
Claroline -- Claroline	Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.	unknown 2008-07-22	4.3	CVE-2008-3261 BUGTRAQ OTHER-REF OTHER-REF BID XF
Claroline -- Claroline	Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password.	unknown 2008-07-22	5.8	CVE-2008-3262 BUGTRAQ OTHER-REF OTHER-REF XF
Debian -- projectl	The save function in br/prefmanager.d in projectl 1.001 creates a projectL.prf file in the current working directory, which allows local users to overwrite arbitrary files via a symlink attack.	unknown 2008-07-18	4.6	CVE-2008-3216 MLIST OTHER-REF
Drupal -- Drupal	Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values.	unknown 2008-07-18	4.3	CVE-2008-3218 MLIST OTHER-REF
Drupal -- Drupal	The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not "prevent use of the object HTML tag in administrator input," which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS) protection mechanism.	unknown 2008-07-18	5.0	CVE-2008-3219 MLIST
EMC -- dantz_retrospect_backup_server	The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords.	unknown 2008-07-24	5.0	CVE-2008-3288 BUGTRAQ OTHER-REF
EMC Dantz -- Retrospect Backup Client	retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via malformed packets to TCP port 497, which trigger a NULL pointer dereference.	unknown 2008-07-24	5.0	CVE-2008-3287 BUGTRAQ BID
EMC Dantz -- Retrospect Backup Client	EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet.	unknown 2008-07-24	5.8	CVE-2008-3289 BUGTRAQ OTHER-REF
EMC Dantz -- Retrospect Backup Client	retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via a series of long packets containing 0x00 characters to TCP port 497 that trigger memory corruption, probably involving an English product version on a Chinese OS version.	unknown 2008-07-24	5.0	CVE-2008-3290 BUGTRAQ BID
EZWebAlbum -- EZWebAlbum	constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php.	unknown 2008-07-24	6.4	CVE-2008-3292 MILW0RM BID XF
EZWebAlbum -- EZWebAlbum	Directory traversal vulnerability in download.php in EZWebAlbum allows remote attackers to read arbitrary files via the dlfilename parameter.	unknown 2008-07-24	5.0	CVE-2008-3293 MILW0RM BID XF
F-Prot -- F-Prot Antivirus F-Prot -- scanning_engine	Multiple unspecified vulnerabilities in the scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allow remote attackers to cause a denial of service via (1) a crafted UPX-compressed file, which triggers an engine crash; (2) a crafted Microsoft Office file, which triggers an infinite loop; or (3) an ASPack-compressed file, which triggers an engine crash.	unknown 2008-07-21	4.3	CVE-2008-3243 OTHER-REF BID
F-Prot -- F-Prot Antivirus F-Prot -- scanning_engine	The scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allows remote attackers to cause a denial of service (engine crash) via a CHM file with a large nb_dir value that triggers an out-of-bounds read.	unknown 2008-07-21	4.3	CVE-2008-3244 OTHER-REF OTHER-REF BID SECTRACK XF
Joomla -- com_dtregister	SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventId parameter in a pay_options action to index.php.	unknown 2008-07-24	6.8	CVE-2008-3265 MILW0RM OTHER-REF BID XF
Lenovo -- thinkvantage_system_update	The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.	unknown 2008-07-21	5.1	CVE-2008-3249 OTHER-REF
ln-lab -- webproxy	Cross-site scripting (XSS) vulnerability in LunarNight Laboratory WebProxy 1.7.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	unknown 2008-07-22	4.3	CVE-2008-3255 OTHER-REF OTHER-REF BID XF
opensuse -- libxcrypt	libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords.	unknown 2008-07-22	6.2	CVE-2008-3188
precoc -- precms	SQL injection vulnerability in index.php in preCMS 1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a UserProfil action.	unknown 2008-07-22	6.8	CVE-2008-3254 MILW0RM BID XF
Sierra -- SWAT 4	SWAT 4 1.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) VERIFYCONTENT or (2) GAMECONFIG command sent to the server before user session initialization, which triggers a NULL pointer dereference; or (3) a GAMESPYRESPONSE command followed by a long RS string.	unknown 2008-07-24	5.0	CVE-2008-3286 OTHER-REF OTHER-REF BID XF XF
Social Engine -- Social Engine	SocialEngine (SE) before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code.	unknown 2008-07-25	6.0	CVE-2008-3298 BUGTRAQ XF
tuxplanet -- bilboblog	SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter.	unknown 2008-07-25	6.0	CVE-2008-3302 MILW0RM XF
tuxplanet -- bilboblog	admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters.	unknown 2008-07-25	6.8	CVE-2008-3303 MILW0RM BID XF
tuxplanet -- bilboblog	BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via (1) an enable_cache=false query string to footer.php or (2) a direct request to pagination.php, which reveals the installation path in an error message.	unknown 2008-07-25	5.0	CVE-2008-3304 MILW0RM XF
VIM Development Group -- VIM	src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by writing to this file during a time window associated with a race condition.	unknown 2008-07-24	4.6	CVE-2008-3294 FULLDISC
winsoftmagic -- winremotepc_full winsoftmagic -- winremotepc_lite	WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full 2008 allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet to TCP port 4321.	unknown 2008-07-24	5.0	CVE-2008-3269 MILW0RM BID
XOOPS -- Xoops	Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.	unknown 2008-07-25	4.3	CVE-2008-3295 BID XF

Back to top

Low Vulnerabilities

Primary Vendor -- Product	Description	Discovered Published	CVSS Score	Source & Patch Info
OpenBSD -- OpenSSH OpenSSH -- OpenSSH	OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.	unknown 2008-07-22	1.2	CVE-2008-3259 OTHER-REF OTHER-REF BID
tuxplanet -- bilboblog	Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) content parameter to admin/update.php, related to conflicting code in widget.php; and allow remote attackers to inject arbitrary web script or HTML via the (2) titleId parameter to head.php, reachable through index.php; the (3) t_lang[lang_copyright] parameter to footer.php; the (4) content parameter to the default URI under admin/; the (5) url, (6) t_lang[lang_admin_help], (7) t_lang[lang_admin_clear_cache], (8) t_lang[lang_admin_home], and (9) t_lang[lang_admin_logout] parameters to admin/homelink.php; and the (10) t_lang[lang_admin_new_post] parameter to admin/post.php. NOTE: some of these details are obtained from third party information.	unknown 2008-07-25	3.5	CVE-2008-3301 MILW0RM BID XF

Back to top

Vulnerability Summary for the Week of December 30, 2013
Posted on Tuesday January 07, 2014

 

Vulnerability Summary for the Week of October 24, 2022
Posted on Tuesday November 01, 2022