Bulletin (SB07-204)
Vulnerability Summary for the Week of July 16, 2007
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
- Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
- Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | Apple -- Quicktime | Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption. |
| 9.3 | CVE-2007-2392 OTHER-REF APPLE CERT-VN BID FRSIRT SECUNIA XF | Apple -- Quicktime | The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution. |
| 9.3 | CVE-2007-2393 OTHER-REF APPLE BID FRSIRT SECUNIA XF | Apple -- Quicktime | Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation. |
| 9.3 | CVE-2007-2394 IDEFENSE OTHER-REF APPLE BID FRSIRT SECUNIA XF | Apple -- Quicktime | The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets. |
| 9.3 | CVE-2007-2396 OTHER-REF APPLE BID FRSIRT SECUNIA XF | Apple -- Quicktime | QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets. |
| 9.3 | CVE-2007-2397 OTHER-REF APPLE BID FRSIRT SECUNIA XF | Apple -- Mac OS X | Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows remote attackers to execute arbitrary code via unspecified vectors, a related issue to CVE-2007-2386. |
| 10.0 | CVE-2007-3828 OTHER-REF BID | Aspindir -- husrevforum | SQL injection vulnerability in philboard_forum.asp in husrevforum 1.0.1 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.5 | CVE-2007-3884 BID FRSIRT SECUNIA | Asterisk -- s800i Appliance Asterisk -- AsteriskNOW Asterisk -- Asterisk Asterisk -- Asterisk Appliance Developer Kit | Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame. |
| 9.3 | CVE-2007-3762 OTHER-REF FRSIRT | BRICS -- JWIG | JWIG might allow context-dependent attackers to cause a denial of service (service degradation) via loops of references to external templates. |
| 7.8 | CVE-2007-3816 BUGTRAQ OTHER-REF | CA -- Alert Notification Server CA -- BrightStor ARCserve Client CA -- Anti-Virus CA -- Threat Manager CA -- Protection Suites CA -- BrightStor Enterprise Backup CA -- BrightStor ARCserve Backup | Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures. |
| 9.3 | CVE-2007-3825 IDEFENSE OTHER-REF FRSIRT SECUNIA | Cerulean Studios -- Trillian | Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///#1111111/ substring. |
| 7.5 | CVE-2007-3832 OTHER-REF CERT-VN BID | Cisco -- Unified CallManager Cisco -- Unified Communications Manager | Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow. |
| 9.3 | CVE-2006-5277 ISS CISCO BID SECTRACK SECUNIA XF | Cisco -- Unified CallManager Cisco -- Unified Communications Manager | Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow. |
| 10.0 | CVE-2006-5278 ISS CISCO BID SECTRACK SECUNIA XF | Cisco -- Unified Presence Server Cisco -- Unified Communications Manager | Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985. |
| 7.8 | CVE-2007-3775 CISCO BID SECTRACK | Citadel -- WebCit | Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors. |
| 7.5 | CVE-2007-3821 BUGTRAQ BID SECUNIA | Clavister -- Clavister CorePlus | The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does not properly parse SMTP commands in certain circumstances, which allows remote attackers to bypass address blacklists. |
| 10.0 | CVE-2007-3803 OTHER-REF OTHER-REF SECUNIA | CMScout -- CMScout | SQL injection vulnerability in forums.php in CMScout 1.23 and earlier allows remote attackers to execute arbitrary SQL commands via the f parameter in a forums action to index.php. |
| 7.5 | CVE-2007-3812 MILW0RM OTHER-REF BID SECUNIA XF | Dvbbs -- Dvbbs | Dvbbs 7.1.0 SP1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Data/Dvbbs7.mdb. |
| 7.8 | CVE-2007-3774 BUGTRAQ | EnvivoSoft -- enVivo!CMS | SQL injection vulnerability in default.asp in enVivo!CMS allows remote attackers to execute arbitrary SQL commands via the ID parameter in an article action. NOTE: this is probably different from CVE-2005-1413.4. |
| 7.5 | CVE-2007-3783 BUGTRAQ OTHER-REF FRSIRT SECUNIA | eSoft -- InstaGate EX2 UTM | ** DISPUTED ** Cross-site request forgery (CSRF) vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was a custom build for a former customer. |
| 9.3 | CVE-2007-3786 OTHER-REF OTHER-REF OTHER-REF XF | eSoft -- InstaGate EX2 UTM | The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks. |
| 7.5 | CVE-2007-3787 OTHER-REF OTHER-REF | eSoft -- InstaGate EX2 UTM | The eSoft InstaGate EX2 UTM device stores the admin password within the settings HTML document, which might allow context-dependent attackers to obtain sensitive information by reading this document. |
| 7.6 | CVE-2007-3788 OTHER-REF OTHER-REF | eSyndicat -- eSyndiCat Directory | Multiple SQL injection vulnerabilities in eSyndiCat allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php or (2) the name parameter to page.php. |
| 7.5 | CVE-2007-3811 MILW0RM BID | fedoraproject -- fedora_core Red Hat -- Enterprise Linux AS Red Hat -- Enterprise Linux ES Red Hat -- Enterprise Linux WS Red Hat -- Desktop | The init.d script for the X.Org X11 xfs font server on Red Hat Enterprise Linux (RHEL) 4 and 5 before 20070712, and Fedora Core 6, might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file. |
| 7.2 | CVE-2007-3103 IDEFENSE OTHER-REF REDHAT REDHAT | Generic YouTube Clone Script -- Generic YouTube Clone Script | Cross-site request forgery (CSRF) vulnerability in the Email-Template module in Generic YouTube Clone Script allows remote attackers to upload files with arbitrary file types to templates/emails/ as administrators. |
| 10.0 | CVE-2007-3773 BUGTRAQ OTHER-REF | Grisoft -- AVG Antivirus | avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free Edition 7.5.446, provides an internal function that copies data to an arbitrary address, which allows local users to gain privileges via arbitrary address arguments to a function provided by the 0x5348E004 IOCTL for the generic DeviceIoControl handler. |
| 7.2 | CVE-2007-3777 BUGTRAQ BID SECTRACK SECUNIA | Hitachi -- JP1-NETM-DM Manager | SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| 7.5 | CVE-2007-3793 OTHER-REF BID SECUNIA XF | Hitachi -- uCosminexus Service Platform Hitachi -- Cosminexus Studio Hitachi -- uCosminexus Application Server Hitachi -- uCosminexus Operator Hitachi -- uCosminexus Client Hitachi -- uCosminexus Developer Hitachi -- uCosminexus Service Architect Hitachi -- Cosminexus Developer Hitachi -- Cosminexus Client Hitachi -- Cosminexus Server Hitachi -- Cosminexus Application Server | Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by a Java application. |
| 10.0 | CVE-2007-3794 OTHER-REF BID SECUNIA | Hitachi -- TPI Server Base | Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, 05-00-x before 05-00-/G, 05-01-x before 05-01-/A, and 05-02-x before 05-02-/C on HP-UX 11.0 through 11i v3 allows attackers to cause a denial of service by sending certain data to a port. |
| 7.1 | CVE-2007-3795 OTHER-REF BID SECUNIA XF | HydraIRC -- HydraIRC | Format string vulnerability in HydraIRC 0.3.151 allows remote attackers to cause a denial of service via format string specifiers in certain data related to failed DCC file transfer negotiation. |
| 7.8 | CVE-2007-3836 OTHER-REF XF | HydraIRC -- HydraIRC | Heap-based buffer overflow in HydraIRC 0.3.151 allows remote IRC servers to cause a denial of service (application crash) via a long CTCP request message containing '%' (percent) characters. |
| 7.8 | CVE-2007-3837 OTHER-REF XF | IBM -- Proventia Network IPS GX5108 IBM -- Proventia Network IPS GX5008 | PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. |
| 9.3 | CVE-2007-3831 OTHER-REF FRSIRT SECUNIA | Inmostore -- Inmostore | SQL injection vulnerability in admin/index.php in Inmostore 4.0 allows remote attackers to execute arbitrary SQL commands via the Password field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.5 | CVE-2007-3789 BID | Insanely Simple Blog -- Insanely Simple Blog | Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the current_subsection parameter to index.php and other unspecified vectors. |
| 7.5 | CVE-2007-3889 BUGTRAQ BID SECUNIA | Ipswitch -- WS_FTP | The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp. |
| 7.8 | CVE-2007-3823 OTHER-REF SECUNIA XF | IT747 -- Realtor 747 | SQL injection vulnerability in index.php in Realtor 747 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter. |
| 7.5 | CVE-2007-3810 MILW0RM | libcURL -- libcURL | libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions. |
| 7.5 | CVE-2007-3564 OTHER-REF UBUNTU BID FRSIRT SECUNIA SECUNIA | MailMarshal -- MailMarshal SMTP | The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables. |
| 7.6 | CVE-2007-3796 FULLDISC OTHER-REF BID SECUNIA | Mehmet Zati Karahan -- MzK Blog | SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows remote attackers to execute arbitrary SQL commands via the katID parameter. |
| 10.0 | CVE-2007-3824 OTHER-REF FRSIRT SECUNIA | Microsoft -- Internet Explorer | Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called. |
| 9.3 | CVE-2007-3826 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | MKPortal -- MKPortal | Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the idurlo field in the delete_urlo function in (a) index.php in the urlobox module; the iden field in the (2) update_file and (3) del_file functions in (b) index.php in the reviews module; the (4) idnews field in the delete_news function and the (5) idcomm field in the del_comment function in (c) index.php in the news module; the (6) idcomm field in the delete_comments function in (d) index.php in the gallery module; the iden field in the (7) edit_file, (8) update_file, and (9) del_file functions in index.php in the gallery module; the (10) ide and (11) cat fields in the slide_update function in index.php in the gallery module; the iden field in the (12) update_file and (13) del_file functions in (d) index.php in the downloads module; and other unspecified vectors. |
| 7.5 | CVE-2007-3814 BUGTRAQ MILW0RM BID BID XF | Mozilla -- Firefox | Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document." |
| 7.5 | CVE-2007-3737 OTHER-REF FRSIRT SECUNIA | Mozilla -- Firefox | Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper. |
| 7.5 | CVE-2007-3738 OTHER-REF FRSIRT SECUNIA | MySQL -- MySQL Community Server | MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol. |
| 7.8 | CVE-2007-3780 OTHER-REF | NetWin -- SurgeFTP | The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command. |
| 8.5 | CVE-2007-3768 FULLDISC OTHER-REF FRSIRT SECUNIA XF | Oracle -- Oracle Database | Multiple unspecified vulnerabilities in in Oracle Database 10.2.0.3 allow remote authenticated users to have an unknown impact via (1) EXFSYS.DBMS_RLMGR_UTL in Rules Manager (DB11) and (2) Progam Interface (DB13). |
| 7.5 | CVE-2007-3858 OTHER-REF OTHER-REF FRSIRT SECUNIA | Oracle -- Collaboration Suite Oracle -- Oracle Application Server Oracle -- Oracle Database | Unspecified vulnerability in the Oracle Internet Directory component for Oracle Database 9.2.0.8 and 9.2.0.8DV; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka OID01. |
| 7.5 | CVE-2007-3859 OTHER-REF OTHER-REF FRSIRT SECUNIA | Oracle -- Application Express | Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. NOTE: a reliable researcher states that this is SQL injection in the wwv_flow_security.check_db_password function due to insufficient checks for '"' characters. |
| 7.5 | CVE-2007-3860 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF FRSIRT SECUNIA | Oracle -- Collaboration Suite Oracle -- Oracle Application Server | Unspecified vulnerability in Oracle Jdeveloper in Oracle Application Server 10.1.2.2 and Collaboration Suite 10.1.2 allows context-dependent attackers to have an unknown impact via custom applications that use JBO.KEY, aka JDEV01. |
| 7.5 | CVE-2007-3861 OTHER-REF OTHER-REF FRSIRT SECUNIA | Oracle -- Oracle Application Server | Unspecified vulnerability in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 allows remote attackers to have an unknown impact via Oracle Single Sign On, aka AS01. |
| 7.5 | CVE-2007-3862 OTHER-REF OTHER-REF FRSIRT SECUNIA | Oracle -- Collaboration Suite Oracle -- Oracle Application Server | Unspecified vulnerability in Oracle JDeveloper for Application Server 10.1.2.2 and 10.1.3.1, and Collaboration Suite 10.1.2, allows context-dependent attackers to have an unknown impact via custom applications that use JBO.SERVER, aka JDEV02. |
| 7.5 | CVE-2007-3863 OTHER-REF OTHER-REF FRSIRT SECUNIA | Oracle -- Collaboration Suite | Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10.1.2 have unknown impact and remote attack vectors via (1) Instant Messaging/Presence (OCS01) and (2) Oracle Single Sign On (AS02). |
| 7.5 | CVE-2007-3864 OTHER-REF OTHER-REF FRSIRT SECUNIA | Oracle -- E-Business Suite | Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 12.0.1 has unknown impact and remote attack vectors, aka APPS01. |
| 7.5 | CVE-2007-3865 OTHER-REF OTHER-REF FRSIRT SECUNIA | Oracle -- E-Business Suite | Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 and 12.0.1 allow remote attackers to have an unknown impact via (a) Oracle Configurator (APPS02), (b) Oracle iExpenses (APPS03), (c) Oracle Application Object Library (APPS09), and (1) APPS12, (2) APPS13, and (3) APPS14 in (d) Oracle Payables. |
| 7.5 | CVE-2007-3866 OTHER-REF OTHER-REF FRSIRT SECUNIA | Oracle -- E-Business Suite | Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and attack vectors, related to (1) APPS04, (2) APPS05, and (3) APPS06 in (a) Oracle Application Object Library, (4) APPS07 in Oracle Customer Intelligence, (5) APPS08 in Oracle Payments, (7) APPS10 in Oracle Human Resources, and (8) APPS11 in iRecruitment. |
| 7.5 | CVE-2007-3867 OTHER-REF OTHER-REF FRSIRT SECUNIA | Oracle -- PeopleSoft Enterprise | Multiple unspecified vulnerabilities in the Customer Relationship Management Online Marketing component in Oracle PeopleSoft Enterprise 8.9 Bundle 26 and 9.0 Bundle 7 allow remote authenticated users to have an unknown impact, aka (1) PSE04 and (2) PSE05. |
| 7.5 | CVE-2007-3869 OTHER-REF OTHER-REF FRSIRT SECUNIA | os-cillation -- Xfce Terminal | The terminal_helper_execute function in terminal/terminal.c in Xfce Terminal 0.2.6 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a crafted link, as demonstrated using the "Open Link" functionality. |
| 7.8 | CVE-2007-3770 OTHER-REF SECUNIA XF | PHP -- PHP | The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption. |
| 7.8 | CVE-2007-3806 MILW0RM | PHP Arena -- paFileDB | SQL injection vulnerability in includes/search.php in paFileDB 3.6 allows remote attackers to execute arbitrary SQL commands via the categories[] parameter in a search action to index.php, a different vector than CVE-2005-2000. |
| 7.5 | CVE-2007-3808 MILW0RM BID | Pictures Rating -- Pictures Rating | SQL injection vulnerability in index.php in Pictures Rating (Picture Rating) allows remote attackers to execute arbitrary SQL commands via the msgid parameter. |
| 7.5 | CVE-2007-3881 MILW0RM BID | Pidgin -- Pidgin | Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who are listed in a users list, to execute certain commands via unspecified vectors, aka ZD-00000035. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. |
| 9.0 | CVE-2007-3841 OTHER-REF BID | policyd -- policyd | Buffer overflow in the w_read function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands. NOTE: some of these details are obtained from third party information. |
| 7.5 | CVE-2007-3791 OTHER-REF OTHER-REF OTHER-REF SECUNIA | PopScript.com -- Expert Advisor | SQL injection vulnerability in index.php in Expert Advisor allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2007-3882 MILW0RM BID | ProZIlla -- ProZilla Directory Script | Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors. |
| 7.5 | CVE-2007-3809 MILW0RM | Roxio -- CinePlayer InterActual Technologies -- InterActual Player | Multiple stack-based buffer overflows in (a) InterActual Player 2.60.12.0717 and (b) Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via a (1) long FailURL attribute in the IAMCE ActiveX Control (IAMCE.dll) or a (2) long URLCode attribute in the IAKey ActiveX Control (IAKey.dll). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 9.3 | CVE-2007-3829 BID SECUNIA SECUNIA XF | RSA -- ACE Server Progress Software Corp -- Progress Progress Software Corp -- OpenEdge RSA -- RSA Authentication Manager | Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE: this issue might overlap CVE-2007-3491. |
| 10.0 | CVE-2007-2417 OTHER-REF SECUNIA SECUNIA | SiteTrafficStats -- SiteTrafficStats | SQL injection vulnerability in referralUrl.php in Traffic Stats allows remote attackers to execute arbitrary SQL commands via the offset parameter. |
| 7.5 | CVE-2007-3840 MILW0RM BID | SquirrelMail -- GPG Plugin | The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpg_check_sign_pgp_mime function in gpg_hook_functions.php. NOTE: a parameter value can be set in the contents of an e-mail message. |
| 7.5 | CVE-2007-3778 IDEFENSE MLIST MLIST VIM BID FRSIRT SECUNIA | Symantec -- Symantec AntiVirus Symantec -- Symantec Gateway Security Symantec -- Scan Engine Symantec -- Symantec AntiVirus_Filtering Domino Symantec -- Symantec Web Security Symantec -- Norton Personal Firewall Symantec -- Norton Internet Security Symantec -- BrightMail AntiSpam Symantec -- Norton System Works Symantec -- Norton AntiVirus Symantec -- Client Security Symantec -- Mail Security Symantec -- Symantec AntiVirus Scan Engine | The Decomposer component in multiple Symantec products may allow remote attackers to execute arbitrary code via certain CAB archives, related to improper "bounds checks." |
| 10.0 | CVE-2007-3802 OTHER-REF BID FRSIRT SECUNIA | TCPDump -- TCPDump | Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet. |
| 7.5 | CVE-2007-3798 OTHER-REF |
|---|
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). |
| 5.5 | CVE-2007-3854 OTHER-REF OTHER-REF FRSIRT SECUNIA | 8e6 -- R3000 Enterprise Filter | Cross-site scripting (XSS) vulnerability in the 8e6 R3000 Enterprise Filter before 2.0.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this may be the same as CVE-2007-2970. |
| 4.3 | CVE-2007-3842 OTHER-REF | activeWeb -- contentserver | SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors. |
| 6.5 | CVE-2007-3013 OTHER-REF BID | activeWeb -- contentserver | Multiple cross-site scripting (XSS) vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) errors/rights.asp or (2) errors/transaction.asp, or (3) the name of a MIME type (mimetype). |
| 4.3 | CVE-2007-3014 OTHER-REF BID BID | activeWeb -- contentserver | The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklist_edit.asp. |
| 4.0 | CVE-2007-3017 BUGTRAQ OTHER-REF BID SECUNIA | activeWeb -- contentserver | activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories. |
| 4.0 | CVE-2007-3018 BUGTRAQ OTHER-REF BID SECUNIA | Apple -- Quicktime | QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets. |
| 5.0 | CVE-2007-2402 OTHER-REF APPLE BID FRSIRT SECUNIA XF | ASP Ziyaretci Defteri -- ASP Ziyaretci Defteri | Multiple cross-site scripting (XSS) vulnerabilities in mesaj_formu.asp in ASP Ziyaretci Defteri 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Isim, (2) Mesajiniz, and (3) E-posta field. |
| 4.3 | CVE-2007-3887 OTHER-REF BID FRSIRT SECUNIA | Aspindir -- husrevforum | Cross-site scripting (XSS) vulnerability in philboard_search.asp in husrevforum 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2007-3885 FRSIRT SECUNIA | Asterisk -- s800i Appliance Asterisk -- AsteriskNOW Asterisk -- Asterisk Asterisk -- Asterisk Appliance Developer Kit | The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable. |
| 5.0 | CVE-2007-3763 OTHER-REF FRSIRT | Asterisk -- s800i Appliance Asterisk -- AsteriskNOW Asterisk -- Asterisk Asterisk -- Asterisk Appliance Developer Kit | The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy." |
| 5.0 | CVE-2007-3764 OTHER-REF FRSIRT | Asterisk -- s800i Appliance Asterisk -- AsteriskNOW Asterisk -- Asterisk Asterisk -- Asterisk Appliance Developer Kit | The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port. |
| 5.0 | CVE-2007-3765 OTHER-REF FRSIRT | Azerbaijan Development Group -- AzDGDating | Multiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold 3.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the int_path parameter to (1) header.php, (2) footer.php, or (3) secure.admin.php in templates/. |
| 4.3 | CVE-2007-3792 BUGTRAQ BID | Belkin -- F5D7231-4 | Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router F5D7231-4 with firmware 4.05.03 allows remote attackers to inject arbitrary web script or HTML via a hostname of a DHCP client. |
| 4.3 | CVE-2007-3784 FULLDISC OTHER-REF BID SECUNIA | Cerulean Studios -- Trillian | The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:\" substring and contains a full pathname in the ini field. NOTE: this can be leveraged for code execution by writing to a Startup folder. |
| 5.0 | CVE-2007-3833 OTHER-REF BID | Cisco -- Unified Presence Server Cisco -- Unified Communications Manager | Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962. |
| 5.0 | CVE-2007-3776 CISCO BID SECTRACK | Clavister -- Clavister CorePlus | The IKE implementation in Clavister CorePlus before 8.80.03, and 8.80.00, does not properly validate certificates during IKE negotiation, which allows remote attackers cause a denial of service (gateway stop) via certain certificates. |
| 5.4 | CVE-2007-3805 OTHER-REF OTHER-REF SECUNIA | Data Dynamics -- ActiveBar | The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.1 and earlier allows remote attackers to create or overwrite files via a full pathname in (1) the second argument to the Save method, or the first argument to the (2) SaveLayoutChanges or (3) SaveMenuUsageData method. |
| 5.1 | CVE-2007-3883 MILW0RM | Drupal -- LoginToboggan Module | Cross-site scripting (XSS) vulnerability in the LoginToboggan module 4.7.x-1.0, 4.7.x-1.x-dev, and 5.x-1.x-dev before 20070712 for Drupal, when configured to display a "Log out" link, allows remote attackers to inject arbitrary web script or HTML via a crafted username. NOTE: Drupal sanitizes the username by removing certain characters, so this might not be a vulnerability on default installations. |
| 4.3 | CVE-2007-3817 OTHER-REF BID FRSIRT SECUNIA XF | EldoS Corporation -- SecureBlackbox | Absolute path traversal vulnerability in a certain ActiveX control in PGPBBox.dll in EldoS SecureBlackbox (sbb) 5.1.0.112 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveToFile method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 5.8 | CVE-2007-3785 BID XF | ExLibris Group -- ALEPH | Multiple cross-site scripting (XSS) vulnerabilities in Ex Libris ALEPH allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a URL that can be discovered through a keyword search. NOTE: this may be related to the MetaLib XSS issue, CVE-2007-3835. |
| 4.3 | CVE-2007-3834 BUGTRAQ OTHER-REF | IBM -- Tivoli Provisioning Manager OS Deployment | The TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to cause a denial of service (rembo.exe crash and multiple service outage) via a read (RRQ) request with an invalid blksize (blocksize), which triggers a divide-by-zero error. |
| 5.0 | CVE-2007-3268 IDEFENSE OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA | Insanely Simple Blog -- Insanely Simple Blog | Multiple cross-site scripting (XSS) vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the search action, possibly related to the term parameter to index.php; or (2) an anonymous blog entry, possibly involving the (a) posted_by, (b) subject, and (c) content parameters to index.php; as demonstrated by the onmouseover attribute of certain elements. NOTE: some of these details are obtained from third party information. |
| 4.3 | CVE-2007-3888 BUGTRAQ BID SECUNIA | Microsoft -- DirectX SDK | Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with an encoding that produces more data than expected when decoding. |
| 6.8 | CVE-2006-4183 IDEFENSE | MKPortal -- NoBoard Module | PHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attackers to execute arbitrary PHP code via a URL in the MK_PATH parameter. |
| 4.3 | CVE-2007-3813 MILW0RM | Mozilla -- Firefox Mozilla -- Thunderbird | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption. |
| 5.0 | CVE-2007-3734 OTHER-REF FRSIRT SECUNIA | Mozilla -- Firefox Mozilla -- Thunderbird | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption. |
| 5.0 | CVE-2007-3735 OTHER-REF FRSIRT SECUNIA | Mozilla -- Firefox | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed. |
| 4.3 | CVE-2007-3736 OTHER-REF FRSIRT SECUNIA | Mozilla -- Firefox | Mozilla Firefox allows for cookies to be set with a null domain (aka "domainless cookies"), which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a javascript: window. |
| 5.0 | CVE-2007-3827 BUGTRAQ | MySQL -- MySQL Community Server | MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. |
| 4.0 | CVE-2007-3781 OTHER-REF | MySQL -- MySQL Community Server | MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table. |
| 6.5 | CVE-2007-3782 OTHER-REF OTHER-REF | Netimage Media -- Element CMS | Cross-site scripting (XSS) vulnerability in default.asp in Element CMS allows remote attackers to inject arbitrary web script or HTML via the s parameter in a search pID action. |
| 4.3 | CVE-2007-3886 FULLDISC SECUNIA | NetWin -- SurgeFTP | Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account. |
| 5.8 | CVE-2007-3769 FULLDISC OTHER-REF FRSIRT SECUNIA XF | Opera Software -- Opera | Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. |
| 5.0 | CVE-2007-3819 BUGTRAQ FRSIRT SECUNIA | Oracle -- Oracle Database | Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to have unknown impact via (1) DBMS_JAVA_TEST in the JavaVM component (DB01), (2) Oracle Text component (DB09), and (3) MDSYS.SDO_GEOR_INT in the Spatial component (DB15). NOTE: a reliable researcher claims that DB01 is SQL injection in DBMS_PRVTAQIS. |
| 6.5 | CVE-2007-3853 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF FRSIRT SECUNIA | Oracle -- Oracle Database | Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via (1) SYS.DBMS_DRS in the DataGuard component (DB03), (2) SYS.DBMS_STANDARD in the PL/SQL component (DB10), (3) MDSYS.RTREE_IDX in the Spatial component (DB16), and (4) SQL Compiler (DB17). NOTE: a reliable researcher claims that DB17 is for using Views to perform unauthorized insert, update, or delete actions. |
| 6.5 | CVE-2007-3855 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF FRSIRT SECUNIA | Oracle -- Oracle10g Oracle -- Oracle10g Database Server Release 2 Oracle -- Oracle 9i Database Release 2 | Unspecified vulnerability in the Oracle Data Mining component for Oracle Database 10g Release 2 10.2.0.2 and 10.2.0.3, 10g 10.1.0.5, and Oracle9i Database Release 2 9.2.0.7, 9.2.0.8, and 9.2.0.8DV has unknown impact and remote authenticated attack vectors related to DMSYS.DMP_SYS, aka DB04. |
| 6.5 | CVE-2007-3856 OTHER-REF OTHER-REF FRSIRT SECUNIA | Oracle -- Oracle Database | Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 allow remote authenticated users to have an unknown impact via (a) the Oracle Text component, including (1) unspecified vectors (DB05), (2) CTXSYS.DRVXMD (DB06), (3) CTXSYS.DRI_MOVE_CTXSYS (DB07), (4) CTXSYS.DRVXMD (DB08), and (b) JavaVM (DB14). |
| 6.5 | CVE-2007-3857 OTHER-REF OTHER-REF FRSIRT SECUNIA | Oracle -- PeopleSoft Enterprise | Multiple unspecified vulnerabilities in PeopleTools in Oracle PeopleSoft Enterprise 8.22.15, 8.47.13, 8.48.10, and 8.49.02 allows remote authenticated users or attackers to have an unknown impact via multiple vectors, aka (1) PSE01, (2) PSE02, and (3) PSE03. |
| 6.5 | CVE-2007-3868 OTHER-REF OTHER-REF FRSIRT SECUNIA | Oracle -- PeopleSoft Enterprise | Multiple unspecified vulnerabilities in the Human Capital Management component in Oracle PeopleSoft Enterprise 8.9 Bundle 11 allow local users to have unknown impact via unknown vectors, aka (1) PSE06 and (2) PSE07. |
| 4.6 | CVE-2007-3870 OTHER-REF OTHER-REF FRSIRT SECUNIA | PHP -- PHP | The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument. |
| 5.8 | CVE-2007-3790 MILW0RM | PHP -- PHP | The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated. |
| 6.4 | CVE-2007-3799 OTHER-REF | PSnews -- PSnews | Directory traversal vulnerability in news/show.php in PsNews 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newspath parameter. |
| 6.4 | CVE-2007-3772 MILW0RM | Republike Slovenije -- PIRS | Buffer overflow in pirs32.exe in Poslovni informator Republike Slovenije (PIRS) 2007 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long search string in certain fields in the GUI. NOTE: this may cross privilege boundaries if PIRS is used by data-entry workers who do not have full access to the underlying Windows environment. |
| 4.9 | CVE-2007-3815 FULLDISC OTHER-REF XF | SquirrelMail -- GPG Plugin | Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_base.php. |
| 5.5 | CVE-2006-4169 IDEFENSE BID FRSIRT SECUNIA | SquirrelMail -- GPG Plugin | PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PGP (GPG) Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter. |
| 4.3 | CVE-2007-3779 OTHER-REF VIM | Symantec -- Norton AntiSpam Symantec -- Norton Personal Firewall Symantec -- Norton Internet Security Symantec -- Symantec AntiVirus Symantec -- Norton System Works Symantec -- Norton AntiVirus Symantec -- Client Security | Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\symTDI\, which results in memory overwrite. |
| 6.9 | CVE-2007-3673 IDEFENSE OTHER-REF BID FRSIRT SECTRACK SECUNIA | Symantec -- Symantec AntiVirus Symantec -- Client Security | Stack-based buffer overflow in the Internet E-mail Auto-Protect feature in Symantec AntiVirus Corporate Edition before 10.1, and Client Security before 3.1, allows local users to cause a denial of service (service crash) via a long (1) To, (2) From, or (3) Subject header in an outbound SMTP e-mail message. NOTE: the original vendor advisory referenced CVE-2006-3456, but this was an error. |
| 4.6 | CVE-2007-3771 OTHER-REF BID SECTRACK SECTRACK SECUNIA | Symantec -- Symantec AntiVirus Symantec -- Client Security | Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code. |
| 6.0 | CVE-2007-3800 OTHER-REF BID FRSIRT SECUNIA | TBDev.NET -- DR | Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 010306 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.0 | CVE-2007-3839 OTHER-REF BID |
|---|
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | Citadel -- WebCit | Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room names, and (5) uploaded file names. |
| 2.6 | CVE-2007-3822 BUGTRAQ BID SECUNIA | Clavister -- Clavister CorePlus | The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before 8.81.00 and 8.80.03 might allow remote attackers to bypass scanning via small files. |
| 0.0 | CVE-2007-3804 OTHER-REF OTHER-REF SECUNIA | Drupal -- LoginToboggan Module | Cross-site scripting (XSS) vulnerability in the LoginToboggan module 5.x-1.x-dev before 20070712 for Drupal allows remote authenticated users with "administer blocks" permission to inject arbitrary JavaScript and gain privileges via "the message displayed above the default user login block." |
| 3.5 | CVE-2007-3818 OTHER-REF | ExLibris Group -- MetaLib | Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and 4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a resource id that can be discovered through a search. |
| 2.6 | CVE-2007-3835 BUGTRAQ OTHER-REF | IBM -- Proventia Network IPS GX5108 IBM -- Proventia Network IPS GX5008 | Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to inject arbitrary web script or HTML via the reminder parameter. |
| 3.5 | CVE-2007-3830 OTHER-REF FRSIRT SECUNIA | KDE -- Konqueror | konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. |
| 2.6 | CVE-2007-3820 BUGTRAQ BUGTRAQ FRSIRT SECUNIA | SiteScape -- SiteScape Forum | Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attackers to inject arbitrary web script or HTML via the user name field in the login procedure, and other unspecified vectors. |
| 2.6 | CVE-2007-3807 BUGTRAQ OTHER-REF BID SECUNIA XF | Symantec -- Norton Internet Security Symantec -- Norton Personal Firewall Symantec -- Symantec AntiVirus Scan Engine Symantec -- Norton Antivirus Symantec -- Norton System Works Symantec -- Symantec Web Security | The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a crafted RAR archive file header. |
| 0.0 | CVE-2007-3801 OTHER-REF BID FRSIRT SECUNIA | TBDev.NET -- DR | Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 2.6 | CVE-2007-3838 OTHER-REF BID |
|---|
This product is provided subject to this Notification and this Privacy & Use policy.
