View Previous Bulletins

Bulletin (SB07-134)

Vulnerability Summary for the Week of May 7, 2007

Original Release date: May 15, 2007 | Last revised: -

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability."
unknown
2007-05-08
8.0CVE-2007-2221
MS
CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0.
unknown
2007-05-11
7.0CVE-2007-2523
IDEFENSE
OTHER-REF
BID
FRSIRT
ACP3 -- ACP3
Multiple SQL injection vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to execute arbitrary SQL commands via (1) the mode parameter to feeds.php, the (2) form[cat] parameter to (a) news/list/index.php or (b) certain news/details/id_*/action_create/index.php files, or (3) the form[mods][] parameter to search/list/action_search/index.php.
unknown
2007-05-09
7.0CVE-2007-2577
BUGTRAQ
BID
ACP3 -- ACP3
Unspecified vulnerability in search/list/action_search/index.php in ACP3 4.0 beta 3 allows remote attackers to have unknown impact, relating to "Cookie Manipulation", via the form[search_term] parameter.
unknown
2007-05-09
7.0CVE-2007-2578
BUGTRAQ
BID
Advanced Guestbook -- Advanced Guestbook
Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extension, as demonstrated via a request to index.php.
unknown
2007-05-09
8.0CVE-2007-0609
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
BID
Agner Fog -- aForum
PHP remote file inclusion vulnerability in common/func.php in aForum 1.32 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CommonAbsDir parameter.
unknown
2007-05-11
7.0CVE-2007-2596
MILW0RM
BID
FRSIRT
american cart -- american cart
Multiple PHP remote file inclusion vulnerabilities in american cart 3.5 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php, (2) checkout.php, and (3) libsecure.php.
unknown
2007-05-09
7.0CVE-2007-2559
BUGTRAQ
Apache Software Foundation -- Apache Tomcat
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-05-09
7.0CVE-2006-7196
OTHER-REF
OTHER-REF
FRSIRT
Asterisk -- Asterisk
The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.
unknown
2007-05-07
10.0CVE-2007-2488
OTHER-REF
BarCodeWiz -- BarCode ActiveX Control
Stack-based buffer overflow in the Verify function in the BarCodeWiz ActiveX control 2.0 and 2.52 (BarcodeWiz.dll) allows remote attackers to execute arbitrary code via a long argument.
unknown
2007-05-09
8.0CVE-2007-2585
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Berylium -- Berylium2
PHP remote file inclusion vulnerability in berylium-classes.php in Berylium2 2003-08-18 allows remote attackers to execute arbitrary PHP code via a URL in the beryliumroot parameter.
unknown
2007-05-08
7.0CVE-2007-2531
MILW0RM
FRSIRT
Computer Associates -- eTrust Integrated Threat Management
Computer Associates -- eTrust PestPatrol
Computer Associates -- eTrust EZ Antivirus
Stack-based buffer overflow in the Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via unspecified vectors involving login authentication credentials.
unknown
2007-05-11
10.0CVE-2007-2522
OTHER-REF
BID
FRSIRT
Crie Sue -- PHPLojaFacil
Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLojaFacil 0.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_local parameter to (1) ftp.php, (2) libs/db.php, and (3) libs/ftp.php.
unknown
2007-05-11
7.0CVE-2007-2615
MILW0RM
BID
DivX City -- GDivX Zenith Player
Buffer overflow in a certain ActiveX control in the GDivX Zenith Player AviFixer class in fix.dll 1.0.0.1 allows remote attackers to execute arbitrary code via a long SetInputFile property value.
unknown
2007-05-11
8.0CVE-2007-2601
MILW0RM
BID
DynamicPAD -- DynamicPAD
Multiple PHP remote file inclusion vulnerabilities in DynamicPAD before 1.03.31 allow remote attackers to execute arbitrary PHP code via a URL in the HomeDir parameter to (1) dp_logs.php or (2) index.php.
unknown
2007-05-08
7.0CVE-2007-2527
MILW0RM
OTHER-REF
VIM
VIM
BID
FRSIRT
SECUNIA
E-GADS -- E-GADS
PHP remote file inclusion vulnerability in common.php in E-GADS! 2.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the locale parameter.
unknown
2007-05-08
10.0CVE-2007-2521
MILW0RM
BID
fipsASP -- fipsCMS
SQL injection vulnerability in index.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-6115.
unknown
2007-05-09
7.0CVE-2007-2561
BUGTRAQ
BID
GNU Edu -- GNU Edu
Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; and (5) logout.php, (6) help.php, (7) index.php, (8) login.php, and (9) lom.php in web/.
unknown
2007-05-11
7.0CVE-2007-2609
MILW0RM
BID
Guilain Omont -- Wikivi5
PHP remote file inclusion vulnerability in handlers/page/show.php in Wikivi5 allows remote attackers to execute arbitrary PHP code via a URL in the sous_rep parameter.
unknown
2007-05-09
7.0CVE-2007-2570
MILW0RM
VIM
HP -- Tru64 UNIX
Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and 5.1A PK6 allows local users to execute arbitrary code via unspecified vectors.
unknown
2007-05-09
7.0CVE-2007-2553
HP
BID
IBM -- DB2
Unspecified vulnerability in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allows local users to execute arbitrary code via unspecified vectors.
unknown
2007-05-09
10.0CVE-2007-2582
FRSIRT
SECUNIA
Kayako -- eSupport
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the _m parameter.
unknown
2007-05-09
7.0CVE-2007-2562
BUGTRAQ
XF
LaVague -- LaVague
PHP remote file inclusion vulnerability in views/print/printbar.php in LaVague 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the views_path parameter.
unknown
2007-05-11
7.0CVE-2007-2607
MILW0RM
BID
McAfee -- SecurityCenter Agent
McAfee -- VirusScan
McAfee -- SecurityCenter
Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument.
unknown
2007-05-09
10.0CVE-2007-2584
IDEFENSE
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Microsoft -- Exchange Server
Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
unknown
2007-05-08
10.0CVE-2007-0213
MS
Microsoft -- Office
Microsoft -- Excel
Microsoft -- Excel Viewer
Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.
unknown
2007-05-08
8.0CVE-2007-0215
OTHER-REF
MS
Microsoft -- Exchange Server
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".
unknown
2007-05-08
7.0CVE-2007-0220
MS
Microsoft -- CAPICOM
Microsoft -- BizTalk Server
Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
unknown
2007-05-08
10.0CVE-2007-0940
MS
Microsoft -- Internet Explorer
Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls", which allows remote attackers to execute arbitrary code via a crafted COM object.
unknown
2007-05-08
8.0CVE-2007-0942
MS
Microsoft -- Internet Explorer
Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability."
unknown
2007-05-08
8.0CVE-2007-0944
OTHER-REF
MS
Microsoft -- Internet Explorer
Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory Corruption Vulnerability."
unknown
2007-05-08
8.0CVE-2007-0945
MS
Microsoft -- Internet Explorer
Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
unknown
2007-05-08
8.0CVE-2007-0946
MS
Microsoft -- Internet Explorer
Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
unknown
2007-05-08
8.0CVE-2007-0947
MS
Microsoft -- Word
Microsoft -- Works Suite
Microsoft Word 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text properties, which allows user-assisted remote attackers to trigger memory corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."
unknown
2007-05-08
8.0CVE-2007-1202
MS
Microsoft -- Excel
Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
unknown
2007-05-08
8.0CVE-2007-1203
MS
Microsoft -- Excel
Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted filter record in an Excel file, which results in memory corruption.
unknown
2007-05-08
8.0CVE-2007-1214
MS
Microsoft -- Office
Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.
unknown
2007-05-08
8.0CVE-2007-1747
MS
Microsoft -- SharePoint Server
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. NOTE: as of 20070505, a third party was unable to reproduce this issue.
unknown
2007-05-09
7.0CVE-2007-2581
BUGTRAQ
BUGTRAQ
BID
Microsoft -- Terminal Server
The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
unknown
2007-05-11
7.0CVE-2007-2593
BUGTRAQ
BUGTRAQ
BUGTRAQ
BID
Miplex2 -- Miplex2
PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.php in Miplex2 Alpha 1 allows remote attackers to execute arbitrary PHP code via a URL in the system[smarty][dir] parameter.
unknown
2007-05-11
7.0CVE-2007-2608
MILW0RM
BID
Netsliver -- PFA CMS
** DISPUTED ** PHP remote file inclusion vulnerability in index.php in pfa CMS 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the repinc parameter. NOTE: CVE disputes this issue since $repinc is set to a constant value before use.
unknown
2007-05-09
7.0CVE-2007-2558
BUGTRAQ
VIM
NoAh -- NoAh
PHP remote file inclusion vulnerability in modules/noevents/templates/mfa_theme.php in NoAh (aka PHP Content Architect, phparch) 0.9 pre 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpls[1] parameter.
unknown
2007-05-09
7.0CVE-2007-2572
MILW0RM
Nokia -- Intellisync Mobile Suite
Nokia -- Intellisync Wireless Email Express
Nokia -- Groupwise Mobile Server
usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to modify user account details and cause a denial of service (account deactivation) via the userid parameter in an update action.
unknown
2007-05-11
7.0CVE-2007-2591
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
Nuked-Klan -- Nuked-Klan
SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, as demonstrated by a request to the /nk/ URI.
unknown
2007-05-09
7.0CVE-2007-2556
BUGTRAQ
MILW0RM
BID
SECUNIA
Office OCX -- Office Viewer OCX
Multiple buffer overflows in the Office Viewer OCX ActiveX control (oa.ocx) 3.2 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) HttpDownloadFile, (2) Open, (3) OpenWebFile, (4) DoOleCommand, (5) FTPDownloadFile, (6) FTPUploadFile, (7) HttpUploadFile, (8) Save, or (9) SaveWebFile function.
unknown
2007-05-09
8.0CVE-2007-2588
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
OpenLD -- OpenLD
Cross-site scripting (XSS) vulnerability in OpenLD before 1.1.9, and 1.1-modified before 1.1-modified3, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the Search feature.
unknown
2007-05-11
7.0CVE-2007-2610
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
Persism CMS -- Persism CMS
Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/.
unknown
2007-05-08
7.0CVE-2007-2545
MILW0RM
BID
PHP -- PHP
Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.
unknown
2007-05-08
7.0CVE-2007-1864
OTHER-REF
OTHER-REF
PHP -- PHP
CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.
unknown
2007-05-08
7.0CVE-2007-2509
BUGTRAQ
OTHER-REF
OTHER-REF
BID
PHP -- PHP
Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters.
unknown
2007-05-08
7.0CVE-2007-2510
OTHER-REF
OTHER-REF
PHP TopTree BBS -- PHP TopTree BBS
PHP remote file inclusion vulnerability in templates/default/tpl_message.php in PHP TopTree BBS 2.0.1a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the right_file parameter.
unknown
2007-05-08
7.0CVE-2007-2544
MILW0RM
phpHoo3 -- phpHoo3
** DISPUTED ** Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a login. NOTE: CVE disputes this vulnerability, since ADMIN_USER/ADMIN_PASS are initialized before use.
unknown
2007-05-08
7.0CVE-2007-2534
BUGTRAQ
VIM
BID
phpHtmlLib -- phpHtmlLib
PHP remote file inclusion vulnerability in examples/widget8.php in phpHtmlLib 2.4.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter.
unknown
2007-05-11
7.0CVE-2007-2614
BUGTRAQ
XF
phpMyPortal -- phpMyPortal
PHP remote file inclusion vulnerability in inc/articles.inc.php in phpMyPortal 3.0.0 RC3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[CHEMINMODULES] parameter.
unknown
2007-05-11
7.0CVE-2007-2594
MILW0RM
BID
FRSIRT
PHPtree -- PHPtree
PHP remote file inclusion vulnerability in plugin/HP_DEV/cms2.php in PHPtree 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_dir parameter.
unknown
2007-05-09
7.0CVE-2007-2573
MILW0RM
PMECMS -- PMECMS
Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[pathMod] parameter to index.php in (1) mod/image/, (2) mod/liens/, (3) mod/liste/, (4) mod/special/, or (5) mod/texte/.
unknown
2007-05-08
7.0CVE-2007-2540
MILW0RM
BID
Podium CMS -- Podium CMS
Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting (XSS).
unknown
2007-05-09
7.0CVE-2007-2555
BUGTRAQ
Practical Creative & Code -- Friendly
Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the friendly_path parameter to (1) core/data/yaml.inc.php, or _load.php in (2) core/data/, (3) core/display/, or (4) core/support/.
unknown
2007-05-09
7.0CVE-2007-2569
MILW0RM
RIM -- TeamOn Import Object ActiveX Control
Buffer overflow in the SetLanguage function in Research In Motion (RIM) TeamOn Import Object ActiveX control (TOImport.dll) allows remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-05-08
7.0CVE-2007-0323
MS
CERT-VN
RunCMS -- RunCMS
SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter.
unknown
2007-05-08
7.0CVE-2007-2538
BUGTRAQ
OTHER-REF
BID
XF
Sienzo -- Digital Music Mentor
Multiple stack-based buffer overflows in the Sienzo Digital Music Mentor (DMM) 2.6.0.4 ActiveX control (DSKernel2.dll) allow remote attackers to execute arbitrary code via a long argument to the (1) LockModules or (2) UnlockModule function.
unknown
2007-05-09
10.0CVE-2007-2564
OTHER-REF
OTHER-REF
SimpleNews -- SimpleNews
SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
unknown
2007-05-11
10.0CVE-2007-2598
MILW0RM
FRSIRT
SmartCode -- VNC Manager
Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument.
unknown
2007-05-08
8.0CVE-2007-2526
OTHER-REF
OTHER-REF
BID
SECUNIA
SquirrelMail -- SquirrelMail
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element.
unknown
2007-05-11
7.0CVE-2007-2589
OTHER-REF
FRSIRT
SECUNIA
Sun -- Solaris
Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL.
unknown
2007-05-08
7.0CVE-2007-2529
IDEFENSE
SUNALERT
BID
FRSIRT
SECTRACK
SECUNIA
Taltech -- Tal Bar Code ActiveX control
Buffer overflow in the SaveBarCode function in the Taltech Tal Bar Code ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-05-09
10.0CVE-2007-2567
BUGTRAQ
TellTargetCMS -- TellTarget CMS
Multiple PHP remote file inclusion vulnerabilities in telltarget CMS 1.3.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) ordnertiefe parameter to site_conf.php; or the (2) tt_docroot parameter to (a) class.csv.php, (b) produkte_nach_serie.php, or (c) ref_kd_rubrik.php in functionen/; (d) hg_referenz_jobgalerie.php, (e) surfer_anmeldung_NWL.php, (f) produkte_nach_serie_alle.php, (g) surfer_aendern.php, (h) ref_kd_rubrik.php, or (i) referenz.php in module/; or (j) 1/lay.php or (k) 3/lay.php in standard/.
unknown
2007-05-11
7.0CVE-2007-2597
MILW0RM
BID
FRSIRT
Trend Micro -- ServerProtect
Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2- Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBinding function in the AgRpcCln.dll library in SpntSvc.exe; or (2) TCP port 3628, which triggers an overflow in EarthAgent.exe. NOTE: both issues are reachable via TmRpcSrv.dll.
unknown
2007-05-08
10.0CVE-2007-2508
OTHER-REF
OTHER-REF
OTHER-REF
BID
BID
FRSIRT
SECTRACK
SECUNIA
Trend Micro -- ServerProtect
Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests. NOTE: this is probably a different vulnerability than CVE-2007-2508.
unknown
2007-05-08
10.0CVE-2007-2528
OTHER-REF
Trend Micro -- ServerProtect
Multiple buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2- Build 1174 allow remote attackers to execute arbitrary code via a crafted RPC message processed by the (1) the RPCFN_ActiveRollback function in (a) stcommon.dll, or the (2) ENG_SetRealTimeScanConfigInfo or (3) ENG_SendEmail functions in (b) eng50.dll.
unknown
2007-05-08
10.0CVE-2007-2533
OTHER-REF
OTHER-REF
FRSIRT
Tropicalm -- Tropicalm Crowell Resource
Multiple PHP remote file inclusion vulnerabilities in Tropicalm Crowell Resource 4.5.2 allow remote attackers to execute arbitrary PHP code via a URL in the RESPATH parameter to (1) dosearch.php or (2) printfriendly.php.
unknown
2007-05-08
7.0CVE-2007-2530
MILW0RM
FRSIRT
XF
Turnkey Web Tools -- SunShop Shopping Cart
Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation."
unknown
2007-05-09
7.0CVE-2007-2548
BUGTRAQ
BID
Turnkey Web Tools -- SunShop Shopping Cart
SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) c or (2) quantity parameter.
unknown
2007-05-09
7.0CVE-2007-2549
BUGTRAQ
BID
Versado CMS -- Versado CMS
PHP remote file inclusion vulnerability in includes/ajax_listado.php in Versado CMS 1.07 allows remote attackers to execute arbitrary PHP code via a URL in the urlModulo parameter.
unknown
2007-05-08
7.0CVE-2007-2541
MILW0RM
BID
XF
VersalSoft -- HTTP File Upload ActiveX control
Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control (UFileUploaderD.dll) allows remote attackers to execute arbitrary code via a long argument.
unknown
2007-05-09
8.0CVE-2007-2563
OTHER-REF
OTHER-REF
SECUNIA
vm watermark -- vm watermark
PHP remote file inclusion vulnerability in watermark.php in the vm watermark 0.4.1 mod for Gallery allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter.
unknown
2007-05-09
7.0CVE-2007-2575
MILW0RM
Wavelink Media -- TutorialCMS
Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php.
unknown
2007-05-11
7.0CVE-2007-2599
MILW0RM
BID
FRSIRT
Wavelink Media -- TutorialCMS
Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or the (3) search parameter to search.php.
unknown
2007-05-11
7.0CVE-2007-2600
MILW0RM
BID
FRSIRT
WikkaWiki -- WikkaWiki
SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute arbitrary SQL commands via the limit parameter. NOTE: this issue only applies to a "modified installation."
unknown
2007-05-11
7.0CVE-2007-2612
OTHER-REF
OTHER-REF
FRSIRT
WikkaWiki -- WikkaWiki
WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable.
unknown
2007-05-11
10.0CVE-2007-2613
OTHER-REF
OTHER-REF
FRSIRT
Workbench Survival Guide -- Workbench Survival Guide
PHP remote file inclusion vulnerability in header.php in workbench survival guide 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
unknown
2007-05-08
7.0CVE-2007-2542
MILW0RM
BID
XF
Xoops -- Flashgames Module
SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.
unknown
2007-05-08
7.0CVE-2007-2543
MILW0RM
BID
XF
Xoops -- wfquotes Module
SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat op action.
unknown
2007-05-09
7.0CVE-2007-2571
MILW0RM
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Advanced Guestbook -- Advanced Guestbook
Cross-site scripting (XSS) vulnerability in picture.php in Advanced Guestbook 2.4.2 allows remote attackers to inject arbitrary web script or HTML via the picture parameter.
unknown
2007-05-09
5.6CVE-2007-0605
BUGTRAQ
OTHER-REF
BID
OSVDB
CGX -- CGX
Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 allow remote attackers to execute arbitrary PHP code via a URL in the pathCGX parameter to (1) mtdialogo.php, (2) ltdialogo.php, (3) login.php, and (4) logingecon.php in inc/; and multiple unspecified files in frm/, sql/, and cns/.
unknown
2007-05-11
5.6CVE-2007-2611
MILW0RM
BID
SECUNIA
East Wind Software -- advdaudio.ocx
Buffer overflow in the East Wind Software advdaudio.ocx 1.5.1.1 ActiveX control allows user-assisted remote attackers to execute arbitrary code via a long OpenDVD property value. NOTE: this issue might be related to CVE-2007-0976.
unknown
2007-05-09
5.6CVE-2007-2576
MILW0RM
OTHER-REF
OTHER-REF
Mambo -- Mambo
MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, which allows remote authenticated administrators to have an unknown impact via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-09
4.2CVE-2007-2557
SECUNIA
Microsoft -- Office
Microsoft -- Works Suite
Microsoft Word 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."
unknown
2007-05-08
5.6CVE-2007-0035
MS
Nokia -- Intellisync Mobile Suite
Nokia -- Intellisync Wireless Email Express
Nokia -- Groupwise Mobile Server
Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp.
unknown
2007-05-11
4.7CVE-2007-2590
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
NPDS -- NPDS
Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a (1) nickname or (2) Id in a cookie, or (3) the X-Forwarded-For (X_FORWARDED_FOR) HTTP header.
unknown
2007-05-08
4.2CVE-2007-2537
BUGTRAQ
OTHER-REF
BID
PHP -- PHP
Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors.
unknown
2007-05-08
4.9CVE-2007-2511
OTHER-REF
OTHER-REF
RScript -- RSAuction
RSAuction 2.73.1.3 allows remote authenticated users to move their own account status from Suspended to Active via a direct request for the activation URL that is provided at the time of account registration. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-11
4.2CVE-2007-2595
BID
SECUNIA
Simple Machines -- Simple Machines Forum
Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
2007-04-30
2007-05-09
5.6CVE-2007-2546
BUGTRAQ
OTHER-REF
SECUNIA
SquirrelMail -- SquirrelMail
Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer.
unknown
2007-05-11
5.6CVE-2007-1262
OTHER-REF
FRSIRT
SECUNIA
Symantec -- Norton Internet Security
Symantec -- Norton System Works
Symantec -- Norton AntiVirus
The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting.
unknown
2007-05-11
4.8CVE-2006-3456
IDEFENSE
OTHER-REF
BID
FRSIRT
Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
unknown
2007-05-08
3.3CVE-2007-1670
BUGTRAQ
BID
XF
ACP3 -- ACP3
Multiple cross-site scripting (XSS) vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to inject arbitrary web script or HTML via (1) the form[mail] parameter to contact/contact/index.php; the (2) form[mods][] or (3) form[search_term] parameter to search/list/action_search/index.php; (4) the id parameter to modules/dl/download.php; (5) the form[cat] parameter to news/list/index.php; the (6) form[cat], (7) form[name], or (8) form[message] parameter to certain news/details/id_*/action_create/index.php files; or (9) the form[mail] parameter to newsletter/create/index.php.
unknown
2007-05-09
3.7CVE-2007-2579
BUGTRAQ
BID
Adobe -- RoboHelp Server
Adobe -- RoboHelp
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving templates and (1) whstart.js and (2) whcsh_home.htm in WebHelp, (3) wf_startpage.js and (4) wf_startqs.htm in FlashHelp, or (5) WindowManager.dll in RoboHelp Server 6.
unknown
2007-05-09
1.9CVE-2007-1280
OTHER-REF
BID
FRSIRT
SECUNIA
Advanced Guestbook -- Advanced Guestbook
Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path.
unknown
2007-05-09
2.7CVE-2007-0608
BUGTRAQ
OTHER-REF
OSVDB
OSVDB
OSVDB
Apache Software Foundation -- Apache Tomcat
Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
unknown
2007-05-09
1.9CVE-2006-7195
OTHER-REF
FRSIRT
Apache Software Foundation -- Apache Tomcat
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
unknown
2007-05-09
1.1CVE-2007-1358
OTHER-REF
FRSIRT
Apache Software Foundation -- Apache Tomcat
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
unknown
2007-05-09
3.3CVE-2007-1858
OTHER-REF
OTHER-REF
FRSIRT
Apple -- Safari
Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved passwords) via unspecified vectors related to "some Mac OS X components" and presence of the passwords in a user's keychain. NOTE: this information is based upon a vague pre-advisory.
unknown
2007-05-09
2.3CVE-2007-2580
BUGTRAQ
Archangel Management -- Archangel Weblog
Directory traversal vulnerability in index.php in Archangel Weblog 0.90.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the index parameter.
unknown
2007-05-09
2.3CVE-2007-2574
MILW0RM
Associated Press -- Newspower
Associated Press (AP) Newspower 4.0.1 and earlier uses a default blank password for the MySQL root account, which allows remote attackers to insert or modify news articles via shows.tblscript.
unknown
2007-05-09
3.3CVE-2007-2554
BUGTRAQ
Audio CD Tools -- Audio CD Ripper OCX
Unspecified vulnerability in the Init function in the Audio CD Ripper OCX (AudioCDRipperOCX.ocx) 1.0 ActiveX control allows remote attackers to cause a denial of service (NULL dereference and Internet Explorer crash) via unspecified vectors.
unknown
2007-05-11
3.3CVE-2007-2603
BUGTRAQ
BID
Avast -- Avast Antivirus
avast! antivirus before 4.7.981 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
unknown
2007-05-08
3.3CVE-2007-1672
BUGTRAQ
BID
XF
AVIRA -- Antivir
avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
unknown
2007-05-08
3.3CVE-2007-1671
BUGTRAQ
BID
XF
Axis Communications -- AXIS 2411 Video Server
Axis Communications -- AXIS 2130 PTZ Network Camera
Axis Communications -- AXIS 2420 Network Camera
Axis Communications -- AXIS 2401 Video Server
Axis Communications -- AXIS Panorama PTZ Camera
Axis Communications -- AXIS 2110 Network Camera
Axis Communications -- AXIS 2400 Video Server
Axis Communications -- AXIS 2420-IR Network Camera
Axis Communications -- AXIS 2100 Network Camera
Axis Communications -- AXIS 2400+ Video Server
Axis Communications -- AXIS 2401+ Blade Video Server
Axis Communications -- AXIS 2400+ Blade Video Server
Axis Communications -- AXIS 2120 Network Camera
Axis Communications -- AXIS 2401+ Video Server
Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument.
unknown
2007-05-07
3.3CVE-2007-2239
OTHER-REF
CERT-VN
SECUNIA
Barracuda Networks -- Barracuda Spam Firewall
Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, and Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
unknown
2007-05-08
3.3CVE-2007-1669
BUGTRAQ
BID
XF
Brew City Software -- FlexLabel OCX
Unspecified vulnerability in the FlexLabel ActiveX control allows remote attackers to cause a denial of service (unstable behavior) via an improper initialization, as demonstrated by a certain value of the Caption property.
unknown
2007-05-11
3.3CVE-2007-2604
BUGTRAQ
Brujula Toolbar -- Brujula Toolbar
Unspecified vulnerability in the GetPropertyById function in ISoftomateObj in SoftomateLib in BRUJULA4.NET.DLL in the Brujula Toolbar (Brujula.net toolbar) allows attackers to cause a denial of service (NULL dereference and browser crash) via certain arguments.
unknown
2007-05-11
2.7CVE-2007-2605
BUGTRAQ
BID
Cdelia Software -- ImageProcessing
Cdelia Software ImageProcessing allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted BMP file.
unknown
2007-05-09
2.7CVE-2007-2565
BUGTRAQ
BUGTRAQ
BID
Cisco -- IOS
The IOS FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote authenticated users to have unspecified impact, probably including read and write of arbitrary files, aka bug ID CSCek55259.
unknown
2007-05-09
2.0CVE-2007-2586
CISCO
Cisco -- IOS
The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authenticated users to cause a denial of service (IOS reload) via unspecified vectors involving transferring files (aka bug ID CSCse29244).
unknown
2007-05-09
2.0CVE-2007-2587
CISCO
Devellion -- CubeCart
Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php.
unknown
2007-05-09
2.3CVE-2007-2550
BUGTRAQ
BID
Firebird -- Firebird
Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE.
unknown
2007-05-11
3.3CVE-2007-2606
BUGTRAQ
Ipswitch -- WhatsUp Gold
Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of service (application crash) or execute arbitrary code via a long MIB filename argument. NOTE: If there is not a common scenario under which MIBEXTRA.EXE is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
unknown
2007-05-11
3.3CVE-2007-2602
BUGTRAQ
Linux -- Kernel
Memory leak in the PPPoE socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized.
unknown
2007-05-08
1.6CVE-2007-2525
OTHER-REF
SECUNIA
Mambo -- Mambo Open Source
The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors.
unknown
2007-05-09
3.3CVE-2006-7202
OTHER-REF
BID
SECUNIA
Mentiss ACGV -- ACGVannu
Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rubrik parameter.
unknown
2007-05-09
2.3CVE-2007-2560
MILW0RM
VIM
BID
Microsoft -- Exchange Server
The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (server hang) via a malformed calendar content request in an Internet Calendar (iCal) file.
unknown
2007-05-08
3.3CVE-2007-0039
MS
Microsoft -- Exchange Server
IMAP support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via a crafted IMAP command, aka the "IMAP Literal Processing Vulnerability."
unknown
2007-05-08
3.3CVE-2007-0221
MS
MySQL -- MySQL
MySQL 5.x before 5.0.40 allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.
unknown
2007-05-09
3.3CVE-2007-2583
OTHER-REF
GENTOO
SECUNIA
Nokia -- Intellisync Mobile Suite
Nokia -- Intellisync Wireless Email Express
Nokia -- Groupwise Mobile Server
Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files.
unknown
2007-05-11
1.9CVE-2007-2592
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
Obie Website -- Mini Web Shop
Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to (1) sendmail.php or (2) order_form.php, different vectors than CVE-2006-6734.
unknown
2007-05-08
1.9CVE-2007-2532
BUGTRAQ
BID
XF
OTRS -- OTRS
Cross-site scripting (XSS) vulnerability in index.pl in OTRS (Open Ticket Request System) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action.
unknown
2007-05-08
1.9CVE-2007-2524
BUGTRAQ
OTHER-REF
BID
PicoZip -- PicoZip
PicoZip allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
unknown
2007-05-08
3.3CVE-2007-2536
BUGTRAQ
BID
XF
PoPToP -- PPTP Server
pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3.4 allows remote attackers to cause a denial of service (PPTP connection tear-down) via (1) GRE packets with out-of-order sequence numbers or (2) certain GRE packets that are processed using a wrong pointer and improperly dequeued.
unknown
2007-05-11
2.3CVE-2007-0244
OTHER-REF
DEBIAN
BID
FRSIRT
rPath -- rPath Linux
Linux -- Kernel
The netlink functionality in the Linux kernel 2.6.19 and earlier does not properly handle NETLINK_FIB_LOOKUP replies, which allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors, probably related to infinite recursion.
unknown
2007-05-07
3.3CVE-2007-1861
OTHER-REF
SECUNIA
RunCMS -- RunCMS
The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors.
unknown
2007-05-08
3.3CVE-2007-2539
BUGTRAQ
OTHER-REF
BID
Taltech -- Tal Bar Code ActiveX control
The SaveBarCode function in the Taltech Tal Bar Code ActiveX control allows remote attackers to cause a denial of service (disk consumption) by uploading multiple bar codes, as demonstrated by a WSF package.
unknown
2007-05-09
2.3CVE-2007-2566
BUGTRAQ
Turnkey Web Tools -- SunShop Shopping Cart
Cross-site scripting (XSS) vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter.
unknown
2007-05-09
1.9CVE-2007-2547
BUGTRAQ
BID
unzoo -- unzoo
unzoo.c allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
unknown
2007-05-08
3.3CVE-2007-1673
BUGTRAQ
BID
XF
WikkaWiki -- WikkaWiki
Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
unknown
2007-05-09
1.9CVE-2007-2551
OTHER-REF
OTHER-REF
SECUNIA
WikkaWiki -- WikkaWiki
the RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to read private pages via RSS feeds.
unknown
2007-05-09
2.3CVE-2007-2552
OTHER-REF
OTHER-REF
SECUNIA
WinAce -- WinAce
WinAce allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
unknown
2007-05-08
3.3CVE-2007-2535
BUGTRAQ
BID
XF
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Document Feedback

Was this document helpful?  Yes  |   Somewhat  |   No