Bulletin (SB07-197)
Vulnerability Summary for the Week of July 9, 2007
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
- Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
- Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | 3Com -- TippingPoint IPS TOS | Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets. |
| 7.5 | CVE-2007-3711 OTHER-REF FRSIRT SECUNIA | Adobe -- Flash Player | Unspecified vulnerability in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a crafted SWF file, related to an "input validation error." |
| 9.3 | CVE-2007-3456 OTHER-REF BID FRSIRT SECUNIA | Adobe -- Flash Player | Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which potentially allows remote attackers to conduct a CSRF attack via a crafted SWF file. |
| 9.3 | CVE-2007-3457 OTHER-REF FRSIRT SECUNIA | Aigaion -- Aigaion | SQL injection vulnerability in pagetopic.php in Aigaion 1.3.3 and earlier allows remote attackers to execute arbitrary SQL commands via the topic_id parameter. |
| 7.5 | CVE-2007-3683 MILW0RM BID SECUNIA | Apple -- Safari | Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher. |
| 7.5 | CVE-2007-3718 OTHER-REF BID | AsteriDex -- AsteriDex | Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex 3.0 and earlier allow remote attackers to inject arbitrary shell commands via the (1) IN and (2) OUT parameters. |
| 7.5 | CVE-2007-3621 BUGTRAQ MILW0RM OTHER-REF BID FRSIRT SECUNIA | AV Scripts -- AV Arcade | admin/index.php in AV Arcade 2.1b grants administrative privileges when the ava_userid cookie value is 1, which allows remote attackers to perform certain administrative actions. |
| 10.0 | CVE-2007-3643 BUGTRAQ BID XF | Computer Associates -- ERwin Process Modeler | Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not suggest any circumstances in which the filename would come from an untrusted source, and therefore perhaps the issue does not cross privilege boundaries and should not be included in CVE. |
| 10.0 | CVE-2007-3695 OTHER-REF BID | Computer Associates -- ERwin Data Model Validator | CA ERwin Data Model Validator (formerly AllFusion Data Model Validator) allows remote attackers to (1) cause a denial of service (application hang) via a malformed .EXP database file and (2) cause a denial of service (aaplication crash) via a crafted .EXP database file, which triggers a NULL dereference. |
| 7.8 | CVE-2007-3696 OTHER-REF BID | Drupal -- Print Module | The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments. |
| 7.8 | CVE-2007-3689 OTHER-REF OTHER-REF OTHER-REF FRSIRT | Drupal -- Forward Module | The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments. |
| 7.8 | CVE-2007-3690 OTHER-REF OTHER-REF OTHER-REF FRSIRT | eMeeting -- Online Dating Software | Multiple SQL injection vulnerabilities in eMeeting Online Dating Software 5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) b.php and (2) account/gallery.php, and other unspecified vectors. |
| 7.5 | CVE-2007-3609 MILW0RM | Entertainment CMS -- Entertainment CMS | Entertainment CMS allows remote attackers to bypass authentication and perform certain administrative actions by setting the adminLogged cookie to "Administrator." |
| 7.5 | CVE-2007-3704 BUGTRAQ BID | FlashGameScript -- FlashGameScript | SQL injection vulnerability in index.php in FlashGameScript 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a member action. |
| 7.5 | CVE-2007-3646 MILW0RM OTHER-REF BID FRSIRT SECUNIA | FreeBSD -- libarchive | archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow. |
| 9.3 | CVE-2007-3641 OTHER-REF OTHER-REF FREEBSD BID FRSIRT SECTRACK SECUNIA SECUNIA | FuseTalk Inc. -- FuseTalk | SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via the FTVAR_SUBCAT (txForumID) parameter to forum/index.cfm and possibly other unspecified components, related to forum/include/error/forumerror.cfm. |
| 7.5 | CVE-2007-3705 BUGTRAQ | GameSiteScript -- GameSiteScript | SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the params parameter, related to missing input validation of the id field. |
| 7.5 | CVE-2007-3631 MILW0RM | Hitachi -- Cosminexus TPBroker Hitachi -- Cosminexus Application Server Hitachi -- uCosminexus Application Server Hitachi -- TPBroker Developer Hitachi -- TPBroker | Unspecified vulnerability in the ADM daemon in Hitachi TPBroker before 20070706 allows remote attackers to cause a denial of service (daemon crash) via a certain request. |
| 7.8 | CVE-2007-3626 OTHER-REF SECUNIA | IBM -- AIX | Stack-based buffer overflow in the odm_searchpath function in libodm in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long ODMPATH environment variable. |
| 7.2 | CVE-2007-3680 IDEFENSE OTHER-REF AIXAPAR BID FRSIRT SECTRACK SECUNIA | KDDI -- EZFactory Download CGI | Directory traversal vulnerability in download.cgi in EZFactory KDDI Download CGI 1.x allows remote attackers to read and download arbitrary files via a .. (dot dot) in the name parameter. |
| 7.8 | CVE-2007-3692 OTHER-REF OTHER-REF FRSIRT SECTRACK | Konst -- CenterICQ | Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might overlap CVE-2007-0160. |
| 7.5 | CVE-2007-3713 BID | Levent Veysi Portal -- Levent Veysi Portal | SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 10.0 | CVE-2007-3629 SECUNIA | Linux -- Kernel | The decode_choice function in net/netfilter/bf_conntrack_h323_asn1.c in the Linux kernel before 2.6.22 allows remote attackers to cause a denial of service (crash) via an encoded, out-of-range index value for a choice field, which triggers a NULL pointer dereference. |
| 7.8 | CVE-2007-3642 OTHER-REF SECUNIA | Masuga Design -- Unobtrusive Ajax Star Rating Bar | Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating Bar before 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) q and (2) t parameters in (a) db.php and (b) rpc.php. |
| 7.5 | CVE-2007-3684 OTHER-REF OSVDB OSVDB SECUNIA | Masuga Design -- Unobtrusive Ajax Star Rating Bar | CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTP_REFERER parameter. |
| 7.5 | CVE-2007-3686 OTHER-REF OSVDB SECUNIA | maxsi -- evisit analyst | Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) idsp1.pl, (2) ip.pl, and (3) einsite_director.pl. NOTE: this issue can be leveraged for path disclosure from resulting error messages. |
| 7.5 | CVE-2007-3677 OTHER-REF BID | McAfee -- ProtectionPilot McAfee -- e-Business Server | Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet, which causes stack corruption. |
| 7.6 | CVE-2006-5271 ISS OTHER-REF FRSIRT SECUNIA XF | McAfee -- ProtectionPilot McAfee -- e-Business Server McAfee -- CMA | Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted ping packet. |
| 7.5 | CVE-2006-5272 ISS OTHER-REF FRSIRT SECUNIA XF | McAfee -- ProtectionPilot McAfee -- e-Business Server McAfee -- CMA | Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 through 3.6.0.453 allows remote attackers to execute arbitrary code via a crafted packet. |
| 7.6 | CVE-2006-5273 ISS OTHER-REF FRSIRT SECUNIA XF | McAfee -- CMA McAfee -- ePolicy Orchestrator McAfee -- ProtectionPilot | Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors. |
| 7.6 | CVE-2006-5274 ISS OTHER-REF FRSIRT SECUNIA XF | Microsoft -- windows | The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes." |
| 10.0 | CVE-2007-0040 MS | Microsoft -- .NET Framework | The PE Loader service in Microsoft .NET Framework 2.0 SP2 and earlier for Windows 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow. |
| 9.3 | CVE-2007-0041 MS | Microsoft -- .NET Framework | ASP.NET in Microsoft .NET Framework 2.0 SP2 and earlier for Windows 2000, XP, and Server 2003; and 2.0 and earlier for Windows Vista allows remote attackers to access configuration files and obtain sensitive information via "invalid URLs," probably containing a terminating NULL byte. |
| 7.8 | CVE-2007-0042 MS | Microsoft -- .NET Framework | The Just In Time (JIT) Compiler service in Microsoft .NET Framework 2.0 through 2.0 SP2 for Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability". |
| 9.3 | CVE-2007-0043 MS | Microsoft -- Publisher | Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page, aka the "Publisher Invalid Memory Reference Vulnerability". |
| 9.3 | CVE-2007-1754 MS | Microsoft -- Office Microsoft -- Excel | Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability". |
| 9.3 | CVE-2007-1756 MS | Microsoft -- Office Microsoft -- Excel | Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption. |
| 9.3 | CVE-2007-3029 MS | Microsoft -- Excel Microsoft -- Excel Viewer | Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability". |
| 7.6 | CVE-2007-3030 MS | Microsoft -- windows | The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability." |
| 7.8 | CVE-2007-3038 MS | Microsoft -- windows | Unspecified vulnerability in the kernel in Microsoft Windows Vista has unspecified remote attack vectors and impact, as shown in the "0day IPO" presentation at SyScan'07. |
| 7.8 | CVE-2007-3671 OTHER-REF OTHER-REF BID | MKPortal -- MKPortal | SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZD-00000008. NOTE: this information is based upon a vague pre-advisory. |
| 7.5 | CVE-2007-3637 MLIST OTHER-REF BID | Nonnoi Solutions -- ASP Barcode | The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows remote attackers to overwrite arbitrary files via an argument to the SaveBarcode function. |
| 7.5 | CVE-2007-3660 BUGTRAQ OTHER-REF | OpenLD -- OpenLD | SQL injection vulnerability in index.php in OpenLD 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2007-3682 MILW0RM BID SECUNIA | PHP Comet-Server -- PHP Comet-Server | PHP remote file inclusion vulnerability in example/gamedemo/inc.functions.php in PHP Comet-Server allows remote attackers to execute arbitrary PHP code via a URL in the projectPath parameter. |
| 7.5 | CVE-2007-3710 BUGTRAQ | PHP Lite -- Calendar Express | Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) login.php, (2) auth.php, and (3) subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.5 | CVE-2007-3627 BID | PowerPhlogger -- PowerPhlogger | SQL injection vulnerability in include/get_userdata.php in PowerPhlogger (PPhlogger) 2.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.5 | CVE-2007-3595 FRSIRT | Quark -- QuarkXPress | Stack-based buffer overflow in the MSWord text-import extension (Word 6-2000 Filter.xnt) in QuarkXPress 7.2 for Windows, when using the Rectangle Text Box tool for importing text, allows user-assisted remote attackers to execute arbitrary code via a long font name. |
| 7.6 | CVE-2007-3678 OTHER-REF SECUNIA | SAP -- SAPLPD SAP -- SAPSPRINT | Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote attackers to cause a denial of service (application crash) via a certain print job request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.8 | CVE-2006-7220 BID | SAP -- EnjoySAP | Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX control in FrontEnd\SapGui\kwedit.dll in the EnjoySAP SAP GUI allows remote attackers to execute arbitrary code via a long argument to the PrepareToPostHTML function. |
| 7.6 | CVE-2007-3605 BUGTRAQ MILW0RM BID BID XF | SAP -- EnjoySAP | Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, on systems using ASCII versions, allows remote attackers to execute arbitrary code via a long first argument to the LaunchGui function. |
| 7.6 | CVE-2007-3606 MILW0RM BID BID XF | SAP -- SAP DB | Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other unspecified vectors related to "numerous other fields." |
| 7.5 | CVE-2007-3614 BUGTRAQ BID | SAP -- SAP Web Application Server SAP -- Internet Communication Manager | Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache. |
| 7.8 | CVE-2007-3615 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA | SAP -- SAP Message Server | Heap-based buffer overflow in the Message HTTP Server in SAP Message Server allows remote attackers to execute arbitrary code via a long string in the group parameter to /msgserver/html/group. |
| 10.0 | CVE-2007-3624 BUGTRAQ OTHER-REF BID SECUNIA | SquirrelMail -- SquirrelMail SquirrelMail -- GPG Plugin | Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher. |
| 7.5 | CVE-2007-3636 MLIST | Sun -- Java System Application Server Sun -- Java System Web Server | Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-????. |
| 9.3 | CVE-2007-3715 SUNALERT BID FRSIRT SECUNIA | Sun -- JDK Sun -- JRE | The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-????. |
| 9.3 | CVE-2007-3716 SUNALERT FRSIRT SECUNIA | Symantec -- Veritas Backup Exec | Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests. |
| 7.5 | CVE-2007-3509 IDEFENSE OTHER-REF BID SECUNIA | Symantec -- Ghost | Buffer overflow in RemoteCommand.DLL in Symantec Norton Ghost 12.0 allows remote attackers to execute arbitrary code via the Connect function. |
| 7.5 | CVE-2007-3666 BUGTRAQ BUGTRAQ OTHER-REF | The GIMP Team -- GIMP | Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files. |
| 9.3 | CVE-2006-4519 IDEFENSE OTHER-REF OTHER-REF FRSIRT SECTRACK | Tipping Point -- Tipping Point 3Com -- TippingPoint IPS TOS | TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack. |
| 7.5 | CVE-2007-3701 BUGTRAQ OTHER-REF OTHER-REF BID | TUFaT -- FlashBB | PHP remote file inclusion vulnerability in phpbb/sendmsg.php in FlashBB 1.1.8 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter. |
| 7.5 | CVE-2007-3697 BUGTRAQ MILW0RM | Valarsoft -- WebMatic | SQL injection vulnerability in Webmatic before 2.6.2, and possibly other versions before 2.7, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly related to admin/admin_album.php and admin/admin_downloads.php. NOTE: some of these details are obtained from third party information. |
| 7.5 | CVE-2007-3648 OTHER-REF FRSIRT | Valarsoft -- WebMatic | Multiple unspecified vulnerabilities in Webmatic before 2.7 have unknown impact and attack vectors, related to the "administration area." |
| 7.5 | CVE-2007-3727 OTHER-REF FRSIRT | Vastal I-Tech -- phpVID | SQL injection vulnerability in categories_type.php in phpVID 0.9.9 allows remote attackers to execute arbitrary SQL commands via the cat parameter. |
| 7.5 | CVE-2007-3610 MILW0RM FRSIRT | Visual IRC -- Visual IRC | Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC servers to execute arbitrary code via a long response to a JOIN command. |
| 7.5 | CVE-2007-3612 MILW0RM | VRNews -- VRNews | admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a (1) edit, (2) add, (3) config, or (4) del value in the act parameter. |
| 9.3 | CVE-2007-3611 MILW0RM | vtiger -- vtiger CRM | vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission. |
| 8.5 | CVE-2007-3599 OTHER-REF OTHER-REF | Zen Cart -- Zen Cart | Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter. |
| 8.5 | CVE-2007-3597 BUGTRAQ OTHER-REF OTHER-REF SECUNIA | ZoneO-Soft -- phpTrafficA | The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the username cookie to "traffic." NOTE: some of these details are obtained from third party information. |
| 10.0 | CVE-2007-3647 BUGTRAQ OTHER-REF SECUNIA |
|---|
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ActiveReportsExcelReport -- ActiveReportsExcelReport | Unspecified vulnerability in EXCLEXPT.DLL in ActiveReportsExcelReport allows remote attackers to cause a denial of service via the DDRow Height variable. |
| 5.0 | CVE-2007-3667 BUGTRAQ | ADA -- ImgSvr | Directory traversal vulnerability in Ada Image Server (ImgSvr) 0.6.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this is probably a different issue than CVE-2004-2464. |
| 5.0 | CVE-2007-3714 BID | Adobe -- Adobe Integrated Runtime | Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent attackers to modify arbitrary files within an executing .air file (compiled AIR application) and perform cross-site scripting (XSS) attacks, as demonstrated by an application that modifies an HTML file inside itself via JavaScript that uses an APPEND open operation and the writeUTFBytes function. NOTE: this may be an intended consequence of the AIR permission model; if so, then perhaps this issue should not be included in CVE. |
| 4.3 | CVE-2007-3640 BUGTRAQ | AdventNet -- ManageEngine Netflow Analyzer | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in (c) netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp. |
| 4.3 | CVE-2007-3593 OTHER-REF BID SECUNIA | AV Scripts -- AV Tutorial Script | changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter. |
| 6.4 | CVE-2007-3630 MILW0RM | AV Scripts -- AV Tutorial Script | Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script (avtutorial) 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) userid parameters, a different issue than CVE-2007-3630. |
| 6.8 | CVE-2007-3691 VIM SECUNIA | Chilkat Software -- Chilkat Zip ActiveX control | Absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveLastError method and probably the (2) WriteExe method. |
| 6.4 | CVE-2007-3633 MILW0RM BID | Citrix -- Citrix Presentation Server | The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname. |
| 5.0 | CVE-2007-3625 OTHER-REF SECUNIA | Clam Anti-Virus -- ClamAV | The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference. |
| 4.3 | CVE-2007-3725 BUGTRAQ OTHER-REF OTHER-REF | CodeIgniter -- CodeIgniter | Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 before 20070628, when enable_query_strings is true, allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter. |
| 5.0 | CVE-2007-3707 BUGTRAQ | CodeIgniter -- CodeIgniter | Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before 20070626 allows remote attackers to inject arbitrary web script or HTML via (1) String.fromCharCode and (2) malformed nested tag manipulations in an unspecified component, related to insufficient sanitization by the xss_clean function. |
| 4.3 | CVE-2007-3708 BUGTRAQ | CodeIgniter -- CodeIgniter | CRLF injection vulnerability in the redirect function in url_helper.php in CodeIgniter 1.5.3 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in an unspecified parameter, as demonstrated by a Set-Cookie header. |
| 5.0 | CVE-2007-3709 BUGTRAQ | DotClear -- DotClear | Cross-site scripting (XSS) vulnerability in ecrire/tools.php in DotClear 1.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified form fields on the blogroll page. |
| 4.3 | CVE-2007-3672 OTHER-REF SECUNIA | Elite Bulletin Board -- Elite Bulletin Board | Unspecified vulnerability in Profile.php in Elite Bulletin Board before 1.0.10 allows remote attackers to modify profile information via unspecified vectors related to "a remote form," probably related to direct requests and missing authorization checks. |
| 5.0 | CVE-2007-3591 OTHER-REF BID SECUNIA | Elite Bulletin Board -- Elite Bulletin Board | PM.php in Elite Bulletin Board before 1.0.10 allows remote authenticated users to delete arbitrary PM messages and conduct other attacks via modified id fields. |
| 6.5 | CVE-2007-3592 OTHER-REF BID SECUNIA | Eltima Software -- Virtual Serial Port | Eltima Software Virtual Serial Port (VSPAX) ActiveX control (VSPort.DLL) allows remote attackers to cause a denial of service via certain function calls, as demonstrated via the (1) Attach, (2) Write, and (3) WriteStr functions. |
| 5.0 | CVE-2007-3661 BUGTRAQ | Eltima Software -- RunService | Multiple unspecified vulnerabilities in Eltima Software RunService ActiveX control (RunService.dll) allow remote attackers to cause a denial of service via certain functions when "improperly used", as demonstrated by the AcceptControls subroutine. |
| 5.0 | CVE-2007-3664 BUGTRAQ | EZ Publish -- EZ Publish | eZ publish before 3.8.1 does not properly enforce permissions for "content edit Language" when there are four or more languages, which allows remote authenticated users to perform translations into languages that are not listed in a Module Function Limitation policy. |
| 4.0 | CVE-2006-7218 OTHER-REF OTHER-REF OTHER-REF | EZ Publish -- EZ Publish | eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a new draft. |
| 4.0 | CVE-2006-7219 OTHER-REF OTHER-REF OTHER-REF | FreeBSD -- libarchive | archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive. |
| 4.3 | CVE-2007-3644 OTHER-REF OTHER-REF FREEBSD BID FRSIRT SECTRACK SECUNIA SECUNIA | FreeWRL -- FreeWRL | Buffer overflow in the doBrowserAction function in FreeWRL 1.19.3 allows local users to execute arbitrary code via a crafted BROWSER environment variable. NOTE: it is not clear whether this issue crosses privilege boundaries. |
| 4.6 | CVE-2007-3659 BUGTRAQ OTHER-REF | Gobi and Helma -- Gobi | Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built on Helma, allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search function. |
| 4.3 | CVE-2007-3693 OTHER-REF | HiddenChest -- Yb ve Bayi Babvuru Formu | Multiple cross-site scripting (XSS) vulnerabilities in HiddenChest "is ve Bayi Basvuru Formu" (Yb ve Bayi Babvuru Formu) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2007-3712 BID | Hitachi -- JP1-HiCommand Device Manager Hitachi -- JP1-HiCommand Tiered Storage Manager Hitachi -- JP1-HiCommand Global Link Availability Manager Hitachi -- JP1-HiCommand Replication Monitor | Cross-site scripting (XSS) vulnerability in the Hitachi JP1/HiCommand Device Manager, Tiered Storage Manager, Replication Monitor, and GlobalLink Availability Manager before 20070528 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. |
| 4.3 | CVE-2007-3623 OTHER-REF SECUNIA | HP -- Photo Digital Imaging ActiveX Control | Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method. |
| 6.8 | CVE-2007-3649 MILW0RM BID XF | HP -- OpenVMS | The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid POP usernames. |
| 5.0 | CVE-2007-3729 OTHER-REF SECUNIA | HP -- OpenVMS | The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 does not log the source IP address or attempted username for login attempts, which might help remote attackers to avoid identification. |
| 5.0 | CVE-2007-3730 OTHER-REF SECUNIA | Inferno Technologies -- RPG Inferno | SQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 module for vBulletin allows remote authenticated attackers to execute arbitrary SQL commands via the id parameter in a ScanMember do action. |
| 6.5 | CVE-2007-3687 MILW0RM BID | Innovasys -- DockStudioXP | Multiple unspecified vulnerabilities in the InnovaDSXP2.OCX ActiveX Control have unspecified attack vectors and impact, including a denial of service via "improper use" of the SaveToFile function. |
| 5.0 | CVE-2007-3669 BUGTRAQ | IzzySoft -- phpVideoPro | inc/vul_check.inc in phpVideoPro before 0.8.8 permits non-alphanumeric characters in the sess_id parameter, which has unknown impact and remote attack vectors, probably cross-site scripting (XSS). |
| 4.3 | CVE-2007-3596 OTHER-REF OTHER-REF OTHER-REF BID SECUNIA XF | LimeSurvey -- LimeSurvey | Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/. |
| 6.8 | CVE-2007-3632 MILW0RM | Maia Mailguard -- Maia Mailguard | Directory traversal vulnerability in login.php in Maia Mailguard 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. |
| 5.0 | CVE-2007-3619 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID SECUNIA | Maia Mailguard -- Maia Mailguard | Multiple directory traversal vulnerabilities in Maia Mailguard 1.0.2 and earlier might allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) prevlang and (2) super parameters to (a) php/login.php; the (3) charset parameter to (a) php/login.php, (b) php/internal-init.php, and (c) php/xlogin.php; the (4) lang parameter to (b) php/internal-init.php; and the (5) language parameter to (c) php/xlogin.php. |
| 5.0 | CVE-2007-3620 OTHER-REF OTHER-REF SECUNIA | Mail Machine -- Mail Machine | Directory traversal vulnerability in the load function in cgi-bin/mail/mailmachine.cgi in Mail Machine 3.989 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the archives parameter in a Load action. |
| 5.0 | CVE-2007-3702 MILW0RM BID | Media Player Classic -- Media Player Classic | Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FLV file. |
| 6.8 | CVE-2007-3662 BUGTRAQ BUGTRAQ | Media Player Classic -- Media Player Classic | Divide-by-zero error in Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted MPA file. |
| 6.8 | CVE-2007-3663 BUGTRAQ OTHER-REF | Microsoft -- Windows Server 2000 | The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040. |
| 5.0 | CVE-2007-3028 MS | Microsoft -- Register Server | Unspecified vulnerability in Microsoft Register Server (REGSVR) allows attackers to cause a denial of service via a crafted DLL library. |
| 5.0 | CVE-2007-3658 BUGTRAQ BUGTRAQ OTHER-REF | Microsoft -- Internet Explorer Mozilla -- Firefox | Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. |
| 4.3 | CVE-2007-3670 OTHER-REF OTHER-REF BID FRSIRT SECUNIA | Mozilla -- Firefox | Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs. |
| 6.8 | CVE-2007-3656 BUGTRAQ OTHER-REF OTHER-REF BID XF | Mozilla -- Firefox | ** DISPUTED ** Mozilla Firefox 2.0.0.4 allows remote attackers to cause a denial of service by opening multiple tabs in a popup window. NOTE: this issue has been disputed by third party researchers, stating that "this does not crash on me, and I can't see a likely mechanism of action that would lead to a DoS condition." |
| 4.3 | CVE-2007-3657 BUGTRAQ BUGTRAQ BID | NMSDVDXLib -- NMSDVDXLib | Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NMSDVDXLib allow remote attackers to cause a denial of service via "improperly initialized" (1) LoadSegmentWord, (2) PartitionType, (3) SectorCount, and (4) BootFilePath variables. |
| 5.0 | CVE-2007-3668 BUGTRAQ | PEAR -- Structures_DataGrid_DataSource_MDB2 | Unspecified vulnerability in the fetch function in MDB2.php in PEAR Structures-DataGrid-DataSource-MDB2 0.1.9 and earlier allows attackers to "manipulate the generated sorting queries." |
| 5.0 | CVE-2007-3628 OTHER-REF FRSIRT | RARLAB -- UnRAR | Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number. |
| 4.3 | CVE-2007-3726 BUGTRAQ BUGTRAQ BUGTRAQ | SAP -- EnjoySAP | Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to cause a denial of service (process crash) via unspecified vectors. |
| 5.0 | CVE-2007-3607 BUGTRAQ MILW0RM MILW0RM BID | SAP -- EnjoySAP | Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors. |
| 5.0 | CVE-2007-3608 BUGTRAQ MILW0RM MILW0RM BID | SAP -- Internet Graphics Server | Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP Internet Graphics Service (IGS) allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter. |
| 4.3 | CVE-2007-3613 BUGTRAQ BID SECUNIA | SILC -- SILC Client SILC -- SILC Toolkit | Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via "NICK_CHANGE" notifications. |
| 5.0 | CVE-2007-3728 OTHER-REF SECUNIA | SquirrelMail -- SquirrelMail SquirrelMail -- GPG Plugin | Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. NOTE: this information is based upon a vague pre-advisory. |
| 6.5 | CVE-2007-3634 MLIST MLIST MLIST OTHER-REF BID | SquirrelMail -- SquirrelMail SquirrelMail -- GPG Plugin | Unspecified vulnerability in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow remote authenticated users to inject certain commands via unspecified vectors, probably related to a "dangerous PHP call." |
| 6.5 | CVE-2007-3635 MLIST OTHER-REF | Sun -- JRE | Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file. |
| 6.8 | CVE-2007-3655 BUGTRAQ BID | Sun -- JDK Sun -- SDK Sun -- JRE | The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.2.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests. |
| 4.3 | CVE-2007-3698 SUNALERT | Sun -- Solaris | rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225. |
| 6.9 | CVE-2007-3717 SUNALERT FRSIRT SECUNIA | Symantec -- Ghost | Multiple unspecified vulnerabilities in FileBackup.DLL in Symantec Norton Ghost 12.0 allow remote attackers to cause a denial of service via unspecified vectors involving the UpdateCatalog and other functions. |
| 5.0 | CVE-2007-3665 BUGTRAQ BUGTRAQ OTHER-REF | vtiger -- vtiger CRM | index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that the attack vector results in a "You are not permitted to execute this Operation" error message in a 5.0.3 demo. |
| 5.5 | CVE-2007-3598 OTHER-REF OTHER-REF OTHER-REF OTHER-REF | vtiger -- vtiger CRM | WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module. |
| 4.0 | CVE-2007-3600 OTHER-REF OTHER-REF OTHER-REF | vtiger -- vtiger CRM | The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin. |
| 5.5 | CVE-2007-3602 OTHER-REF OTHER-REF OTHER-REF OTHER-REF | vtiger -- vtiger CRM | SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php. |
| 6.5 | CVE-2007-3603 OTHER-REF OTHER-REF OTHER-REF OTHER-REF | vtiger -- vtiger CRM | vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php. |
| 4.0 | CVE-2007-3604 OTHER-REF OTHER-REF OTHER-REF OTHER-REF | vtiger -- vtiger CRM | index.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module. |
| 6.5 | CVE-2007-3616 OTHER-REF OTHER-REF | vtiger -- vtiger CRM | The report module in vtiger CRM before 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries. |
| 4.0 | CVE-2007-3617 OTHER-REF OTHER-REF | WinPcap -- WinPcap | The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. |
| 6.6 | CVE-2007-3681 IDEFENSE MILW0RM OTHER-REF BID FRSIRT SECTRACK SECUNIA | WordPress -- WordPress | WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php. |
| 4.0 | CVE-2007-3639 BUGTRAQ XF | Yahoo -- Messenger | Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague pre-advisory. |
| 6.0 | CVE-2007-3638 OTHER-REF BID | Zenturi -- Zenturi ProgramChecker | Stack-based buffer overflow in a certain ActiveX control in sasatl.dll 1.5.0.531 in Zenturi Program Checker (ProgramChecker) Pro allows remote attackers to execute arbitrary code via a long argument to the Fill method. NOTE: this is probably a different issue than CVE-2007-2987. |
| 6.8 | CVE-2007-3703 MILW0RM BID |
|---|
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | AdventNet -- ManageEngine Netflow Analyzer | Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do. NOTE: the searchTerm parameter in Search.do is already covered by CVE-2006-2343. |
| 2.6 | CVE-2007-3594 OTHER-REF BID | Alt-N -- MDaemon | Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon before 9.61 allows remote attackers to cause a denial of service (crash) via malformed messages. |
| 2.6 | CVE-2007-3622 OTHER-REF SECUNIA | CodeIgniter -- CodeIgniter | The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 allows remote attackers to unset arbitrary global variables with unspecified impact, as demonstrated by a _SERVER cookie. |
| 2.1 | CVE-2007-3706 BUGTRAQ | DotClear -- DotClear | Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the (1) tool_url parameter to ecrire/tools.php and multiple fields on the (2) blogconf, (3) blogroll, (4) ecrire/redacteur.php, and (5) ecrire/user_prefs.php pages. |
| 2.6 | CVE-2007-3688 OTHER-REF SECUNIA | FreeBSD -- FreeBSD | The ULE process scheduler in the FreeBSD kernel gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." |
| 2.1 | CVE-2007-3721 OTHER-REF | FreeBSD -- FreeBSD | The 4BSD process scheduler in the FreeBSD kernel performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that result in the process not being active during a clock interrupt, as described in "Secretly Monopolizing the CPU Without Superuser Privileges." |
| 2.1 | CVE-2007-3722 OTHER-REF | Linux -- Kernel | The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." |
| 2.1 | CVE-2007-3719 OTHER-REF | Linux -- Kernel | The process scheduler in the Linux kernel 2.4 performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that result in the process not being active during a clock interrupt, as described in "Secretly Monopolizing the CPU Without Superuser Privileges." |
| 2.1 | CVE-2007-3720 OTHER-REF | Masuga Design -- Unobtrusive Ajax Star Rating Bar | Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. |
| 2.6 | CVE-2007-3685 OTHER-REF OSVDB SECUNIA | Microsoft -- Windows XP | The process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." |
| 2.1 | CVE-2007-3724 OTHER-REF | Red Hat -- Linux | The signal handling in the Linux kernel 2.6.2 and later, when run on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency. |
| 2.1 | CVE-2007-3107 OTHER-REF REDHAT SECTRACK SECUNIA | Sun -- Java System Access Manager | Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth. |
| 1.7 | CVE-2007-3700 SUNALERT | Sun -- Solaris | The process scheduler in the Sun Solaris kernel does not make use of the process statistics kept by the kernel and performs scheduling based upon CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." |
| 2.1 | CVE-2007-3723 OTHER-REF | vtiger -- vtiger CRM | vtiger CRM before 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users' calendar activities via a (1) home page or (2) event list view. |
| 2.1 | CVE-2007-3601 OTHER-REF OTHER-REF |
|---|
This product is provided subject to this Notification and this Privacy & Use policy.
