View Previous Bulletins

Bulletin (SB07-106)

Vulnerability Summary for the Week of April 9, 2007

Original Release date: Apr 16, 2007 | Last revised: -

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
ACD Systems -- ACDSee Photo Manager
Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via large width image sizes in a crafted BMP image, as demonstrated by w3intof.bmp and w4intof.bmp.
unknown
2007-04-10
8.0CVE-2007-1943
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
AlstraSoft -- Video Share Enterprise
siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not check authentication, which allows remote attackers to obtain or modify user information via a direct request.
unknown
2007-04-12
7.0CVE-2007-2017
OTHER-REF
BID
FRSIRT
SECUNIA
ArchiveXpert -- ArchiveXpert
Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 build 80 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .gz, (2) .jar, (3) .rar, (4) .tar.gz, (5) .zip, or (6) .tar file.
unknown
2007-04-10
7.0CVE-2007-1954
OTHER-REF
SECUNIA
CodeBreak -- CodeBreak
PHP remote file inclusion vulnerability in codebreak.php in CodeBreak allows remote attackers to execute arbitrary PHP code via a URL in the process_method parameter.
unknown
2007-04-12
7.0CVE-2007-1996
BUGTRAQ
Cyboards -- Cyboards PHP Lite
PHP remote file inclusion vulnerability in include/default_header.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter, a different vector than CVE-2006-2871.
unknown
2007-04-11
7.0CVE-2007-1983
MILW0RM
VIM
BID
XF
Daniel Naber -- LanguageTool
Cross-site scripting (XSS) vulnerability in the embedded webserver in Daniel Naber LanguageTool before 0.8.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.
unknown
2007-04-10
7.0CVE-2007-1939
OTHER-REF
DropAFew -- DropAFew
Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the delete action in (a) search.php or (b) search-pda.php, or the (2) calories parameter in a save action in editlogcal.php.
unknown
2007-04-11
7.0CVE-2007-1363
OTHER-REF
OTHER-REF
BID
SECUNIA
FastStone -- Image Viewer
Integer overflow in FastStone Image Viewer 2.9 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted BMP image, as demonstrated by wh3intof.bmp and wh4intof.bmp.
unknown
2007-04-10
8.0CVE-2007-1942
BUGTRAQ
OTHER-REF
BID
SECUNIA
Gazi Okul Sitesi -- Gazi Okul Sitesi
SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi 2007 allows remote attackers to execute arbitrary SQL commands via the query string.
unknown
2007-04-11
7.0CVE-2007-1971
BUGTRAQ
BID
HIOX INDIA -- Guest Book
Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php.
unknown
2007-04-12
7.0CVE-2007-1998
MILW0RM
holaCMS -- holaCMS
Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter.
unknown
2007-04-11
7.0CVE-2007-1977
OTHER-REF
SECUNIA
HP -- Portable File System
Unspecified vulnerability in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to gain privileges via unspecified vectors.
unknown
2007-04-12
7.0CVE-2007-1993
HP
BID
FRSIRT
SECTRACK
SECUNIA
IBM -- WebSphere Application Server
Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors.
unknown
2007-04-10
7.0CVE-2007-1945
OTHER-REF
AIXAPAR
FRSIRT
XF
InoutMailingListManager -- InoutMailingListManager
Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to changename.php and other unspecified vectors.
unknown
2007-04-12
7.0CVE-2007-2004
MILW0RM
Internet Pictures Corporation -- iPIX Image Well
Multiple buffer overflows in the Internet Pictures Corporation iPIX Image Well ActiveX control (iPIX-ImageWell-ipix.dll) allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-04-10
10.0CVE-2007-1687
CERT-VN
IrfanView -- IrfanView
Buffer overflow in IrfanView 3.99 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via the (1) xoffset or (2) yoffset RLE command, or (3) large non-RLE encoded blocks in a crafted BMP image, as demonstrated by rle8of3.bmp and rle8of4.bmp.
unknown
2007-04-10
8.0CVE-2007-1948
BUGTRAQ
OTHER-REF
FRSIRT
LedgerSMB -- LedgerSMB
DWS Systems Inc. -- SQL-Ledger
(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests.
unknown
2007-04-10
7.0CVE-2007-1923
BUGTRAQ
BID
Mambo -- Taskhopper Component
Joomla! -- Taskhopper Component
Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3) projectstatus_type.php, (4) request_type.php, (5) responses_type.php, (6) timelog_type.php, or (7) urgency_type.php in inc/.
unknown
2007-04-12
7.0CVE-2007-2005
MILW0RM
MamboXChange -- com_zoom
Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 beta 2 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) EXIF_Makernote.php or (2) EXIF.php in classes/iptc/.
unknown
2007-04-12
7.0CVE-2007-1992
MILW0RM
BID
Microsoft -- Content Management Server
Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
unknown
2007-04-10
10.0CVE-2007-0938
MS
Microsoft -- Windows XP
Unspecified vulnerability in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP requests that trigger memory corruption.
unknown
2007-04-10
8.0CVE-2007-1204
MS
Microsoft -- Windows 2000
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
unknown
2007-04-10
10.0CVE-2007-1205
MS
OTHER-REF
Microsoft -- Windows XP
Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp.
unknown
2007-04-10
10.0CVE-2007-1946
BUGTRAQ
OTHER-REF
BID
MyBB -- MyBB
MyBulletinBoard -- MyBulletinBoard
SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.
unknown
2007-04-11
7.0CVE-2007-1963
BUGTRAQ
MILW0RM
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
MyNews -- MyNews
PHP remote file inclusion vulnerability in include/blocks/week_events.php in MyNews 4.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter, a different vector than CVE-2007-0633.
unknown
2007-04-12
7.0CVE-2007-2014
OTHER-REF
FRSIRT
nazarkin.name -- Weatimages
PHP remote file inclusion vulnerability in index.php in Weatimages 1.7.1 and earlier, when weatimages.ini is missing, allows remote attackers to execute arbitrary PHP code via a URL in the ini[langpack] parameter.
unknown
2007-04-12
7.0CVE-2007-1999
MILW0RM
Nick Jones -- Topliste Module
SQL injection vulnerability in index.php in the Topliste 1.0 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter.
unknown
2007-04-11
7.0CVE-2007-1980
MILW0RM
BID
FRSIRT
XF
NullSoft -- Winamp
LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT (MATLAB sound) file that contains a value that is used as an offset, which triggers memory corruption.
unknown
2007-04-10
8.0CVE-2007-1921
BUGTRAQ
OTHER-REF
BID
FRSIRT
NullSoft -- Winamp
The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption.
unknown
2007-04-10
10.0CVE-2007-1922
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
FRSIRT
Onelook -- oboShop
Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
unknown
2007-04-10
7.0CVE-2007-1951
BUGTRAQ
OTHER-REF
Onelook -- onebyone CMS
Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
2007-03-30
2007-04-10
7.0CVE-2007-1952
BUGTRAQ
OTHER-REF
Onelook -- courts online
Session fixation vulnerability in onelook courts on-line allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
2007-03-30
2007-04-10
7.0CVE-2007-1953
BUGTRAQ
OTHER-REF
PHP-Fusion -- Arcade Module
SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view_game_list action.
unknown
2007-04-11
7.0CVE-2007-1978
MILW0RM
FRSIRT
XF
phpBB -- Mutant
PHP remote file inclusion vulnerability in mutant_functions.php in the Mutant 0.9.2 portal for phpBB 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-04-11
7.0CVE-2007-1961
MILW0RM
BID
PHPEcho CMS -- PHPEcho CMS
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in PHPEcho CMS 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _plugin_file parameter to smarty/internals/core.load_pulgins.php or the (2) root_path parameter to index.php. NOTE: CVE disputes (1) because the inclusion occurs within a function that is not called during a direct request. CVE disputes (2) because root_path is defined in config.php before use.
unknown
2007-04-11
7.0CVE-2007-1987
BUGTRAQ
phpexplorator -- phpexplorator
Multiple PHP remote file inclusion vulnerabilities in phpexplorator.php in phpexplorator 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd or (2) lang_path parameter.
unknown
2007-04-11
7.0CVE-2007-1985
BUGTRAQ
Pineapple Technologies -- Lore
Multiple PHP remote file inclusion vulnerabilities in Pineapple Technologies Lore 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_path parameter to third_party/phpmailer/class.phpmailer.php or the (2) get_plugin_file_path parameter to third_party/smarty/libs/plugins/function.html_checkboxes.php. NOTE: the affected files might be from other software packages, so this might not be a vulnerability in Lore itself. NOTE: (1) might be the same issue as CVE-2006-5734.4.
unknown
2007-04-12
7.0CVE-2007-2021
BUGTRAQ
pL-PHP -- pL-PHP
Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) pass parameter.
unknown
2007-04-12
7.0CVE-2007-2006
MILW0RM
pL-PHP -- pL-PHP
admin.php in pL-PHP beta 0.9 allows remote attackers to bypass authentication by setting the is_admin parameter to 1.
unknown
2007-04-12
7.0CVE-2007-2007
MILW0RM
pL-PHP -- pL-PHP
Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
unknown
2007-04-12
7.0CVE-2007-2008
MILW0RM
Raphaël Limbach -- Crea-Book
Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter.
unknown
2007-04-12
7.0CVE-2007-2000
MILW0RM
Roxio -- CinePlayer
Stack-based buffer overflow in SonicDVDDashVRNav.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via unspecified properties and methods in the SonicDVDDashVRNav.dll ActiveX control.
unknown
2007-04-11
10.0CVE-2007-1559
OTHER-REF
FRSIRT
SECUNIA
Ryan Haudenschilt -- Battle.Net Clan Script
SQL injection vulnerability in login.php in Ryan Haudenschilt Battle.net Clan Script for PHP 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass parameter.
unknown
2007-04-10
7.0CVE-2007-1909
MILW0RM
BID
Sam Crew -- MyBlog
PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, a different vector than CVE-2007-1968. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-04-12
7.0CVE-2007-1990
FRSIRT
SAP -- RFC Library
Buffer overflow in the RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
unknown
2007-04-10
7.0CVE-2007-1915
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
SAP -- RFC Library
Buffer overflow in the RFC_START_GUI function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
unknown
2007-04-10
10.0CVE-2007-1916
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
SAP -- RFC Library
Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
unknown
2007-04-10
10.0CVE-2007-1917
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Scar4U -- ScarNews
Directory traversal vulnerability in scarnews.inc.php in ScarNews 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sn_admin_dir parameter.
unknown
2007-04-10
7.0CVE-2007-1932
MILW0RM
FRSIRT
SignKorea -- SKCommAX ActiveX Control
Multiple stack-based buffer overflows in the SignKorea SKCrypAX ActiveX control module 5.4.1.2 allow remote attackers to execute arbitrary code via a long string in unspecified arguments to the (1) DownloadCert, (2) DecryptFileByKey, and (3) EncryptFileByKey functions, a different module and vectors than CVE-2007-1722. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-04-10
10.0CVE-2007-1955
SECUNIA
Smarty -- Smarty
** DISPUTED ** PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR is a constant.
unknown
2007-04-12
7.0CVE-2006-7193
BUGTRAQ
BUGTRAQ
XF
SmodBIP -- SmodBIP
SQL injection vulnerability in index.php in the aktualnosci module in SmodBIP 1.06 and earlier allows remote attackers to execute arbitrary SQL commands via the zoom parameter.
unknown
2007-04-10
7.0CVE-2007-1920
MILW0RM
BID
XF
SmodCMS -- SmodCMS
SQL injection vulnerability in index.php in the slownik module in SmodCMS 2.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ssid parameter.
unknown
2007-04-10
7.0CVE-2007-1931
MILW0RM
FRSIRT
XF
Tomex -- phpGalleryScript
PHP remote file inclusion vulnerability in init.gallery.php in phpGalleryScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the include_class parameter.
unknown
2007-04-12
7.0CVE-2007-2019
BUGTRAQ
VIM
UBBCentral -- UBB.threads
SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads 6.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the C parameter.
unknown
2007-04-10
7.0CVE-2007-1956
BUGTRAQ
WebBlizzard -- Content Management System
Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
2007-03-30
2007-04-10
7.0CVE-2007-1949
BUGTRAQ
OTHER-REF
WitShare -- WitShare
Directory traversal vulnerability in index.php in witshare 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the menu parameter.
unknown
2007-04-10
7.0CVE-2007-1928
BUGTRAQ
BID
XodaGallery -- XodaGallery
** DISPUTED ** Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via the cmd parameter. NOTE: CVE disputes this vulnerability because administration.php does not use the cmd parameter for inclusion.
unknown
2007-04-12
7.0CVE-2007-2020
BUGTRAQ
VIM
XF
Xoops -- Rha7 Downloads Module
SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.
unknown
2007-04-11
7.0CVE-2007-1960
MILW0RM
BID
Xoops -- WF-Snippets
SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat op action.
unknown
2007-04-11
7.0CVE-2007-1962
MILW0RM
XF
Xoops -- Happy Linux XFsection
WF-Sections -- WF-Sections
Xoops -- ZMagazine
SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.
unknown
2007-04-11
7.0CVE-2007-1974
MILW0RM
MILW0RM
MILW0RM
OTHER-REF
OTHER-REF
OTHER-REF
VIM
BID
BID
BID
FRSIRT
FRSIRT
FRSIRT
XF
XF
XF
Xoops -- Xoops Virii Info Module
** DISPUTED ** PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack.
unknown
2007-04-11
7.0CVE-2007-1976
MILW0RM
VIM
VIM
FRSIRT
XF
Xoops -- Xoops PopnupBlog
SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected.
unknown
2007-04-11
7.0CVE-2007-1979
MILW0RM
BID
FRSIRT
SECUNIA
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream Livre d'or (livor) 2.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
unknown
2007-04-10
5.6CVE-2007-1919
BUGTRAQ
BID
Multiple directory traversal vulnerabilities in PcP-Guestbook (PcP-Book) 3.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) gb.php, or (3) faq.php.
unknown
2007-04-10
4.9CVE-2007-1933
MILW0RM
AlstraSoft -- Video Share Enterprise
SQL injection vulnerability in msg.php in AlstraSoft Video Share Enterprise allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
unknown
2007-04-12
4.2CVE-2007-2018
OTHER-REF
BID
FRSIRT
SECUNIA
Apache Software Foundation -- Apache HTTP Server
Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the vendor has reportedly disputed this issue, stating that "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
unknown
2007-04-13
5.6CVE-2007-1741
IDEFENSE
MLIST
MLIST
BID
SECTRACK
XF
Barnraiser -- AROUNDMe
Multiple PHP remote file inclusion vulnerabilities in barnraiser AROUNDMe 0.7.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_path_core parameter to inc/core_profile.header.php, the (2) template_path_core parameter to template/barnraiser_01/maint_contact_view.tpl.php, and the (3) template_path parameter to template/barnraiser_01/default.tpl.php. NOTE: this issue might overlap CVE-2006-5533.
unknown
2007-04-11
5.6CVE-2007-1986
MILW0RM
BID
Crea-Book -- Crea-Book
Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3.
unknown
2007-04-12
4.2CVE-2007-2001
MILW0RM
Debian -- Debian Linux
Buffer overflow in man and man-db 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag.
unknown
2007-04-10
4.9CVE-2006-4250
DEBIAN
BID
FRSIRT
FRSIRT
DreamCodes -- Scorp Book
PHP remote file inclusion vulnerability in smilies.php in Scorp Book 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter.
unknown
2007-04-10
5.6CVE-2007-1937
MILW0RM
FRSIRT
eCardMAX.com -- Hot Editor
MyBB -- MyBB Hot Editor Plugin
Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the first parameter.
unknown
2007-04-10
5.6CVE-2007-1906
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
BID
XF
Guernion Sylvain Portail -- Web Php
Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allow remote attackers to execute arbitrary PHP code via a URL in the pageAll parameter to index.php in (1) template/Vert/, or (2) template/Noir/.
unknown
2007-04-10
5.6CVE-2007-1957
BUGTRAQ
InoutMailingListManager -- InoutMailingListManager
InoutMailingListManager 3.1 and earlier allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by setting an arbitrary admin cookie.
unknown
2007-04-12
5.6CVE-2007-2002
MILW0RM
InoutMailingListManager -- InoutMailingListManager
InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect.
unknown
2007-04-12
5.6CVE-2007-2003
MILW0RM
JBMC Software -- DirectAdmin
Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log; (3) allows context-dependent attackers to inject arbitrary web script or HTML into /var/log/messages via a PHP script that invokes /usr/bin/logger; (4) allows local users to inject arbitrary web script or HTML into /var/log/messages by invoking /usr/bin/logger at the command line; and allows remote attackers to inject arbitrary web script or HTML via remote requests logged in the (5) /var/log/exim/rejectlog, (6) /var/log/exim/mainlog, (7) /var/log/proftpd/auth.log, (8) /var/log/httpd/error_log, (9) /var/log/httpd/access_log, (10) /var/log/directadmin/error.log, and (11) /var/log/directadmin/security.log files.
unknown
2007-04-10
5.6CVE-2007-1926
BUGTRAQ
OTHER-REF
OTHER-REF
SECUNIA
lite-cms -- lite-cms
PHP remote file inclusion vulnerability in index.php in lite-cms 0.2.1 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.
unknown
2007-04-11
5.6CVE-2007-1984
BUGTRAQ
Microsoft -- Windows 2000
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
The Windows Kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 uses insecure permissions on mapped memory segments, which allows local users to gain privileges.
unknown
2007-04-10
5.6CVE-2007-1206
MS
Microsoft -- Windows Vista
Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.
unknown
2007-04-10
5.6CVE-2007-1209
BUGTRAQ
MS
Microsoft -- Word
Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.
unknown
2007-04-10
5.6CVE-2007-1910
MILW0RM
BID
Microsoft -- Windows NT
Microsoft -- Windows 2000
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file.
unknown
2007-04-10
5.6CVE-2007-1912
MILW0RM
BID
Microsoft -- Windows NT
Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206.
unknown
2007-04-11
5.6CVE-2007-1973
BUGTRAQ
OTHER-REF
Pathos -- Content Management System
PHP remote file inclusion vulnerability in warn.php in Pathos Content Management System (CMS) 0.92-2 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
unknown
2007-04-10
5.6CVE-2007-1907
MILW0RM
PHP-Nuke -- eBoard Module
Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[name] parameter.
unknown
2007-04-10
5.6CVE-2007-1934
MILW0RM
FRSIRT
PHP121 -- PHP121 Instant Messenger
PHP file inclusion vulnerability in php121db.php in PHP121 Instant Messenger 2.2 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the php121dir parameter, which is accessed by the file_exists function.
unknown
2007-04-10
5.6CVE-2007-1908
MILW0RM
phpContact -- phpContact
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpContact allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) contact_business.php or (2) contact_person.php. NOTE: this issue is disputed by CVE and a reliable third party, because include_path is initialized to a fixed value before use.
unknown
2007-04-10
5.6CVE-2007-1924
BUGTRAQ
VIM
Pineapple Technologies -- QuizShock
Cross-site scripting (XSS) vulnerability in auth.php in Pineapple Technologies QuizShock 1.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via encoded special characters in the forward_to parameter, as demonstrated using "<"<".
unknown
2007-04-10
5.6CVE-2007-1905
BUGTRAQ
BID
Really Simple PHP and Ajax -- Really Simple PHP and Ajax
Multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) __IncludeFilePHPClass, (2) __ClassPath, and (3) __class parameters to (a) rspa/framework/Controller_v5.php, and (b) rspa/framework/Controller_v4.php.
unknown
2007-04-11
5.6CVE-2007-1982
MILW0RM
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Request It -- Request It
PHP remote file inclusion vulnerability in index.php in Request It 1.0b allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
unknown
2007-04-12
5.6CVE-2007-2015
BUGTRAQ
OTHER-REF
VIM
BID
FRSIRT
SECUNIA
Sam Crew -- MyBlog
PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the scoreid parameter.
unknown
2007-04-11
5.6CVE-2007-1968
BUGTRAQ
VIM
BID
Scar4U.de -- ScarAdController
PHP file inclusion vulnerability in admin/index.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the site parameter, which is accessed by the file_exists function.
unknown
2007-04-10
5.6CVE-2007-1935
MILW0RM
Scar4U.de -- ScarAdController
PHP remote file inclusion vulnerability in scaradcontrol.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sac_config_dir parameter.
unknown
2007-04-10
5.6CVE-2007-1936
MILW0RM
SimpCMS -- SimpCMS
PHP remote file inclusion vulnerability in index.php in SimpCMS Light 04.10.2007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.
unknown
2007-04-12
5.6CVE-2007-2009
MILW0RM
VIM
Sky Gunning -- MySpeach
PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my_ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630.
unknown
2007-04-09
5.6CVE-2007-1895
MILW0RM
FRSIRT
SECUNIA
SLAED -- Content Management System
Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path parameter to admin/admin.php or the (2) modpath parameter to index.php.
unknown
2007-04-11
5.6CVE-2007-1975
BUGTRAQ
XF
Stat12 -- Stat12
PHP remote file inclusion vulnerability in index.php in stat12 allows remote attackers to execute arbitrary PHP code via a URL in the langpath parameter. NOTE: this issue was published by an unreliable researcher, and there is little information to determine which product is actually affected. This could be an invalid report.
unknown
2007-04-11
5.6CVE-2007-1967
BUGTRAQ
TinyMUX -- TinyMUX
Unspecified vulnerability in the process_cmdent function in command.cpp in TinyMUX before 2.4 has unknown impact and attack vectors, related to lack of the "'other half' of buffer overflow protection."
unknown
2007-04-11
4.9CVE-2007-1959
OTHER-REF
FRSIRT
Tru-Zone -- NukeET
The borrado function in modules/Your_Account/index.php in Tru-Zone Nuke ET 3.4 before fix 7 does not verify that account deletion requests come from the account owner, which allows remote authenticated users to delete arbitrary accounts via a modified cookie.
unknown
2007-04-10
4.2CVE-2007-1925
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
WordPress -- WordPress
SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.
unknown
2007-04-09
4.2CVE-2007-1897
MILW0RM
OTHER-REF
OTHER-REF
BID
SECUNIA
Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Directory traversal vulnerability in downloadpic.php in Beryo 2.0 allows remote atatckers to read arbitrary files via a .. (dot dot) in the chemin parameter.
unknown
2007-04-10
2.3CVE-2007-1929
MILW0RM
FRSIRT
XF
Adobe -- Bridge
Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 update for Apple OS X, when patching with desktop management tools, allows local users to gain privileges via unspecified vectors.
unknown
2007-04-11
3.9CVE-2007-1279
OTHER-REF
BID
FRSIRT
SECTRACK
Adobe -- ColdFusion MX
Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/.
unknown
2007-04-11
3.9CVE-2007-1874
OTHER-REF
IDEFENSE
SECUNIA
AOL -- ICQ
AOL -- Instant Messenger
Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation.
unknown
2007-04-10
1.9CVE-2007-1904
IDEFENSE
BID
Apple -- AirPort Extreme
The AirPort Disk feature of the AirPort Extreme Base Station with 802.11n before Firmware Update 7.1 does not properly enforce password protection of a USB hard drive, which allows remote attackers on the local network to list arbitrary directories.
unknown
2007-04-10
1.9CVE-2007-0734
OTHER-REF
APPLE
FRSIRT
SECUNIA
bftpd -- bftpd
Double-free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command. NOTE: some of these details are obtained from third party information.
unknown
2007-04-12
2.0CVE-2007-2010
OTHER-REF
SECUNIA
cattaDoc -- cattaDoc
Directory traversal vulnerability in download2.php in cattaDoc 2.21 allows remote attackers to read arbitrary files via a .. (dot dot) in the fn1 parameter.
unknown
2007-04-10
3.3CVE-2007-1930
MILW0RM
FRSIRT
XF
DeskPRO -- DeskPRO
Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
unknown
2007-04-12
1.9CVE-2007-2011
BUGTRAQ
BID
SECUNIA
DotClear -- DotClear
Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE: some of these details are obtained from third party information.
unknown
2007-04-12
1.9CVE-2007-1989
OTHER-REF
OTHER-REF
SECUNIA
DropAFew -- DropAFew
DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in editlogcal.php; (2) add arbitrary links via links.php; or (3) create arbitrary users via newaccount2.php.
unknown
2007-04-11
2.3CVE-2007-1364
OTHER-REF
OTHER-REF
BID
SECUNIA
exV2 -- Content Management System
Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php.
2007-04-01
2007-04-11
1.9CVE-2007-1965
BUGTRAQ
OTHER-REF
BID
exV2 -- Content Management System
Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.
unknown
2007-04-11
2.3CVE-2007-1966
BUGTRAQ
OTHER-REF
HP -- HP-UX
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details, it is not clear whether this is the same as CVE-2007-0916.
unknown
2007-04-12
2.3CVE-2007-1994
HP
BID
SECTRACK
IBM -- Tivoli Business Service Manager
IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 logs passwords in plaintext, which allows local users to obtain sensitive information by reading (1) ncisetup.db or (2) msi.log.
unknown
2007-04-10
2.3CVE-2007-1940
AIXAPAR
BID
FRSIRT
SECTRACK
SECUNIA
IBM -- Lotus Notes
Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in Domino Web Access (DWA) in IBM Lotus Notes before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via a multipart/related e-mail message, a different issue than CVE-2006-4843.
unknown
2007-04-10
1.9CVE-2007-1941
OTHER-REF
OTHER-REF
SECTRACK
IBM -- WebSphere Application Server
The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double-free vulnerability.
unknown
2007-04-10
2.3CVE-2007-1944
OTHER-REF
FRSIRT
Ichitaro -- Ichitaro
Ichitaro 2005 through 2007, and possibly related products, allows remote attackers to have an unknown impact, possibly cross-site scripting (XSS), via unspecified vectors in a document distributed through e-mail or a web site.
unknown
2007-04-10
1.9CVE-2007-1938
OTHER-REF
FRSIRT
SECUNIA
IPsec-Tools -- IPsec-Tools
The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in Ipsec-tools before 0.6.7 allows remote attackers to cause a denial of service (tunnel crash) via crafted (1) DELETE (ISAKMP_NPTYPE_D) and (2) NOTIFY (ISAKMP_NPTYPE_N) messages.
unknown
2007-04-10
2.3CVE-2007-1841
MLIST
OTHER-REF
FRSIRT
SECUNIA
JEX-Treme -- Einfacher Passworschutz
Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme Einfacher Passworschutz allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
unknown
2007-04-12
1.9CVE-2007-2013
OTHER-REF
FRSIRT
Linux -- Kernel
The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before 2.6.21, and possibly 2.4.x, allows remote attackers to cause a denial of service (crash) via an AppleTalk frame that is shorter than the specified length, which triggers a BUG_ON call when an attempt is made to perform a checksum.
unknown
2007-04-10
3.3CVE-2007-1357
OTHER-REF
OTHER-REF
BID
SECUNIA
Metamod-P -- Metamod-P
The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command.
unknown
2007-04-11
3.3CVE-2007-1981
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Microsoft -- .NET Framework
Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
unknown
2007-04-10
1.9CVE-2006-7192
BUGTRAQ
OTHER-REF
OTHER-REF
BID
Microsoft -- Content Management Server
Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability"
unknown
2007-04-10
1.9CVE-2007-0939
MS
Microsoft -- Word
Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
unknown
2007-04-10
2.7CVE-2007-1911
MILW0RM
MimarSinan -- CompreXX
Multiple directory traversal vulnerabilities in MimarSinan CompreXX 4.1 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .rar, (2) .jar or (3) .zip archive.
unknown
2007-04-12
3.7CVE-2007-2012
OTHER-REF
BID
FRSIRT
SECUNIA
Mozilla -- Firefox
Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks.
unknown
2007-04-11
2.3CVE-2007-1970
BUGTRAQ
MyBB -- MyBB
MyBulletinBoard -- MyBulletinBoard
member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.
unknown
2007-04-11
3.4CVE-2007-1964
BUGTRAQ
Parakey Inc. -- Firebug
Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome by overwriting the toString function via a certain function declaration, related to incorrect identification of anonymous JavaScript functions, a different issue than CVE-2007-1878.
unknown
2007-04-10
1.1CVE-2007-1947
BUGTRAQ
OTHER-REF
OTHER-REF
PHP -- PHP
CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string.
unknown
2007-04-10
2.3CVE-2007-1900
OTHER-REF
BID
SECUNIA
PHPEcho CMS -- PHPEcho CMS
Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in PHPEcho CMS 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
unknown
2007-04-11
1.9CVE-2007-1988
BUGTRAQ
phpMyAdmin -- phpMyAdmin
Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter.
unknown
2007-04-12
1.9CVE-2007-2016
BUGTRAQ
Quagga -- Quagga Routing Software Suite
bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.
unknown
2007-04-12
2.7CVE-2007-1995
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
Sam Crew -- MyBlog
Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam Crew MyBlog remote attackers to inject arbitrary web script or HTML via the id parameter.
unknown
2007-04-11
1.9CVE-2007-1969
BUGTRAQ
SAP -- RFC Library
The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
unknown
2007-04-10
2.3CVE-2007-1913
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
SAP -- RFC Library
The RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to obtain sensitive information (external RFC server configuration data) via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
unknown
2007-04-10
3.3CVE-2007-1914
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
SAP -- RFC Library
The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 and 7.00 before 20070109 implements an option for exclusive access to an RFC server, which allows remote attackers to cause a denial of service (client lockout) via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
unknown
2007-04-10
2.3CVE-2007-1918
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Sky Gunning -- MySpeach
Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) and trailing %00 (NULL) in a my_ms[root] cookie.
unknown
2007-04-09
3.7CVE-2007-1896
MILW0RM
FRSIRT
SECUNIA
TinyMUX -- TinyMUX
Buffer overflow in TinyMUX before 2.4 allows attackers to cause a denial of service via unspecified vectors related to "too many substring matches in a regexp $-command." NOTE: some of these details are obtained from third party information.
unknown
2007-04-11
2.3CVE-2007-1958
OTHER-REF
FRSIRT
WebBlizzard -- Content Management System
Cross-site scripting (XSS) vulnerability in index_cms.php in WebBlizzard CMS allows remote attackers to inject arbitrary web script or HTML via the Suchzeile parameter.
unknown
2007-04-10
1.9CVE-2007-1950
BUGTRAQ
OTHER-REF
WordPress -- WordPress
xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."
unknown
2007-04-09
3.4CVE-2007-1893
OTHER-REF
OTHER-REF
SECUNIA
XF
WordPress -- WordPress
Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.
unknown
2007-04-09
1.9CVE-2007-1894
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
YoungZSoft -- CMailServer
Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter.
unknown
2007-04-10
1.9CVE-2007-1927
BUGTRAQ
BID
YoungZSoft -- CMailServer
Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927.
unknown
2007-04-12
1.9CVE-2007-1991
BID
SECUNIA
XF
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Document Feedback

Was this document helpful?  Yes  |   Somewhat  |   No