Software Vulnerability
Main
Software Alerts
Software and Script Bug ExploitsSoftware Vulnerability
Random Feeds
Archives
| Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Feb 2009 | Jan 2009 | Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 | Feb 2008 | Jan 2008 | Dec 2007 | Nov 2007 |Mon, 31 Dec 07
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6592
Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
Mon, 31 Dec 07
Konqueror
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6591
KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
Mon, 31 Dec 07
Firefox, Mozilla, SeaMonkey, Netscape
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6590
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2, SeaMonkey 1.1.5, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
Mon, 31 Dec 07
Firefox, SeaMonkey
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6589
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947.
Mon, 31 Dec 07
PHCDownload
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6588
Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbitrary web script or HTML via the username field in an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Mon, 31 Dec 07
Plogger
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6587
SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Mon, 31 Dec 07
nicLor
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6586
SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a sezione page action to index.php.
Mon, 31 Dec 07
NmnNewsletter
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6585
PHP remote file inclusion vulnerability in confirmUnsubscription.php in NmnNewsletter 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the output parameter.
Mon, 31 Dec 07
1024 CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6584
Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to pages/print/default/ops/news.php or (2) the theme_dir parameter to pages/download/default/ops/search.php; or the admin_theme_dir parameter to (3) download.php, (4) forum.php, or (5) news.php in admin/ops/reports/ops/.
Mon, 31 Dec 07
1024 CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6583
SQL injection vulnerability in admin/ops/findip/ajax/search.php in 1024 CMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via the ip parameter.
Mon, 31 Dec 07
mBlog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6582
Directory traversal vulnerability in index.php in mBlog 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter in a page mode action.
Mon, 31 Dec 07
Social Engine
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6581
Multiple directory traversal vulnerabilities in Social Engine 2.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the global_lang parameter to (1) header_album.php, (2) header_blog.php, or (3) header_group.php; or (4) admin_header_album.php, (5) admin_header_blog.php, or (6) admin_header_group.php in admin/.
Mon, 31 Dec 07
Wallpaper Complete Website
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6580
Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter to category.php or (2) the groupid parameter to editadgroup.php.
Mon, 31 Dec 07
IP_Reg
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6579
Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote attackers to execute arbitrary SQL commands via the vlan_id parameter to (1) vlanview.php, (2) vlanedit.php, and (3) vlandel.php; the (4) assetclassgroup_id parameter to assetclassgroupview.php; the (5) subnet_id parameter to nodelist.php; and unspecified other vectors.
Mon, 31 Dec 07
PHP_ZLink
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6578
SQL injection vulnerability in go.php in PHP ZLink 0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Mon, 31 Dec 07
zBlog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6577
Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the categ parameter in a categ action or (2) the article parameter in an articles action.
Mon, 31 Dec 07
AdultScript
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6576
Multiple SQL injection vulnerabilities in Adult Script 1.6.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) videolink_count.php or (2) links.php.
Mon, 31 Dec 07
mmsLamp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6575
SQL injection vulnerability in default.php in MMSLamp allows remote attackers to execute arbitrary SQL commands via the idpro parameter in a prodotti_dettaglio action.
Mon, 31 Dec 07
Open Source Learning and Knowledge Management Tool
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6574
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php.
Mon, 31 Dec 07
QK SMTP Server 3
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6573
QK SMTP Server 3 allows remote attackers to cause a denial of service (daemon crash) via a long (1) HELO, (2) MAIL FROM, or (3) RCPT TO command; or (4) a long string in the message sent after the DATA command; possibly a related issue to CVE-2006-5551.
Mon, 31 Dec 07
Java Web Proxy Server, Java System Web Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6572
Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204.
Mon, 31 Dec 07
Java Web Proxy Server, Java System Web Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6571
Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356.
Mon, 31 Dec 07
Java Web Proxy Server, Java System Web Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6570
Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309.
Mon, 31 Dec 07
Java Web Proxy Server, Java System Web Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6569
Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246.
Mon, 31 Dec 07
XZero Community Classifieds
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6568
PHP remote file inclusion vulnerability in config.inc.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter.
Mon, 31 Dec 07
XZero Community Classifieds
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6567
Directory traversal vulnerability in index.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter in a page view action.
Mon, 31 Dec 07
XZero Community Classifieds
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6566
SQL injection vulnerability in post.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php.
Mon, 31 Dec 07
Blakord Portal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6565
Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A Beta and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to an arbitrary component.
Sat, 29 Dec 07
Limbo CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6564
Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the com_option parameter.
Sat, 29 Dec 07
WinAce
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6563
Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly other versions before 2.69, allows user-assisted remote attackers to execute arbitrary code via a long filename in a compressed UUE archive.
Sat, 29 Dec 07
TCPreen
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6562
Multiple stack-based buffer overflows in the use of FD_SET in TCPreen before 1.4.4 allow remote attackers to cause a denial of service via multiple concurrent connections, which result in overflows in the (1) SocketAddress::Connect function in libsolve/sockprot.cpp and (2) monitor_bridge function in src/bridge.cpp.
Sat, 29 Dec 07
PDFLib
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6561
Multiple stack-based buffer overflows in PDFLib allow user-assisted remote attackers to execute arbitrary code via a long filename argument to the PDF_load_image function that results in an overflow in the pdc_fsearch_fopen function, and possibly other vectors.
Sat, 29 Dec 07
Logaholic
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6560
Multiple cross-site scripting (XSS) vulnerabilities in Logaholic allow remote attackers to inject arbitrary web script or HTML via (1) the newconfname parameter to profiles.php or (2) the conf parameter to index.php.
Sat, 29 Dec 07
Logaholic
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6559
Multiple SQL injection vulnerabilities in Logaholic allow remote attackers to execute arbitrary SQL commands via (1) the from parameter to index.php or (2) the page parameter to update.php.
Sat, 29 Dec 07
TotalPlayer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6558
TotalPlayer 3.0 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .m3u file.
Sat, 29 Dec 07
MeGaCheatZ
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6557
Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote attackers to execute arbitrary SQL commands via the ItemID parameter to (1) comments.php, (2) view.php, (3) siteadmin/ViewItem.php, and unspecified other vectors.
Sat, 29 Dec 07
websihirbazi
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6556
Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to default.asp in a news page action or (2) the pageid parameter to default.asp.
Sat, 29 Dec 07
mosDirectory
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6555
PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.
Sat, 29 Dec 07
TeamCal Pro
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6554
Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) register.php, (3) login.php, or (4) statistics.php.
Sat, 29 Dec 07
TeamCal Pro
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6553
Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class.php, (2) absencecount.inc.php, (3) avatar.inc.php, (4) csvhandler.class.php, (5) functions.tcpro.php, (6) header.html.inc.php, (7) joomlajack.tcpro.php, (8) menu.inc.php, (9) other.inc.php, (10) tcabsence.class.php, (11) tcabsencegroup.class.php, (12) tcallowance.class.php, (13) tcannouncement.c...
Sat, 29 Dec 07
AuraCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6552
Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php to bypass a protection mechanism against direct request.
Sat, 29 Dec 07
MailMachine_PRO
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6551
SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Sat, 29 Dec 07
PMOS Helpdesk
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6550
form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter.
Sat, 29 Dec 07
RunCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6549
Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact and attack vectors, related to "pagetype using."
Sat, 29 Dec 07
RunCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6548
Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (3) the disclaimer parameter to modules/system/admin.php in a disclaimer action, (4) the disclaimer parameter to modules/mydownloads/admin/index.php in a mydownloadsConfigAdmin action, (5) the disclaimer parameter to modules/newbb_plus/admin/forum_...
Sat, 29 Dec 07
RunCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6547
RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session.
Sat, 29 Dec 07
RunCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6546
RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.
Sat, 29 Dec 07
RunCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6545
Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php; (2) the PATH_INFO to modules/news/index.php, possibly related to the XoopsPageNav class; or (3) an avatar image to edituser.php.
Sat, 29 Dec 07
RunCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6544
Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/.
Sat, 29 Dec 07
eSyndicat Link Exchange
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6543
SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
Sat, 29 Dec 07
Arcadem
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6542
PHP remote file inclusion vulnerability in admin/frontpage_right.php in Arcadem LE 2.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter.
Sat, 29 Dec 07
Neuron News
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6541
Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in a viewtopic action, or the (2) newsyear or (3) newsmonth parameter in a newsarchive action to the default URI in patch/.
Sat, 29 Dec 07
News
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6540
SQL injection vulnerability in neuron news 1.0 allows remote attackers to execute arbitrary SQL commands via the q parameter to the default URI in patch/.
Sat, 29 Dec 07
iSupport
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6539
PHP local file inclusion vulnerability in index.php in IDevspot iSupport 1.8 allows remote attackers to include local files via the include_file parameter.
Sat, 29 Dec 07
MRBS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6538
SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.
Sat, 29 Dec 07
WinUAE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6537
Stack-based buffer overflow in the zfile_gunzip function in zfile.c in WinUAE 1.4.4 and earlier allows user-assisted remote attackers to execute arbitrary code via a long filename in a gzipped archive, such as a (1) gz, (2) adz, (3) roz, or (4) hdz archive in a compressed floppy disk image.
Sat, 29 Dec 07
Google Toolbar
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6536
The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com.
Sat, 29 Dec 07
Yahoo Toolbar
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6535
Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006.8.15.1 in Yahoo! Toolbar might allow attackers to execute arbitrary code via a long string to the IsTaggedBM method.
Sat, 29 Dec 07
Publisher
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6534
Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart.
Sat, 29 Dec 07
Zoom Player
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6533
Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows user-assisted remote attackers to execute arbitrary code via an HTTP link to a PLS file in a crafted ZPL file, which causes an overflow in Unicode handling when generating an error message.
Sat, 29 Dec 07
XUpload, LoadRunner, Virtual Office
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6530
Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function.
Sat, 29 Dec 07
Tikiwiki
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6529
Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving (1) tiki-edit_css.php, (2) tiki-list_games.php, or (3) tiki-g-admin_shared_source.php.
Fri, 28 Dec 07
Tikiwiki
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6528
Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter.
Fri, 28 Dec 07
PunBB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6527
uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a (1) JPG, (2) GIF, or (3) PNG MIME type.
Fri, 28 Dec 07
Tikiwiki
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6526
Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter.
Fri, 28 Dec 07
DB2 Content Manager Toolkit
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6525
Unspecified vulnerability in eClient in IBM DB2 Content Manager (CM) Toolkit 8.3 before fix pack 7 for z/OS has unknown impact and attack vectors, related to "scripting."
Fri, 28 Dec 07
Tomcat
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5342
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
Fri, 28 Dec 07
Lotus Domino Web Access
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4474
Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1.
Thu, 27 Dec 07
Opera
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6524
Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file.
Thu, 27 Dec 07
Opera
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6523
Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (CPU consumption) via a crafted bitmap (BMP) file that triggers a large number of calculations and checks.
Thu, 27 Dec 07
Opera
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6522
The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains.
Thu, 27 Dec 07
Opera
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6521
Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates.
Thu, 27 Dec 07
Opera
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6520
Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins.
Thu, 27 Dec 07
Tru64-UNIX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6519
Unspecified vulnerability in the File-on-File Mounting File System (FFM) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows local users to cause a denial of service (system crash) via unspecified vectors.
Thu, 27 Dec 07
Burning Board Lite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6518
Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder parameters.
Thu, 27 Dec 07
AERIES Browser Interface
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6517
SQL injection vulnerability in the forget password section (LostPwd.asp) in Eagle Software Aeries Browser Interface (ABI) 3.7.9.17 allows remote attackers to execute arbitrary SQL commands via the EmailAddress parameter. NOTE: some of these details are obtained from third party information.
Thu, 27 Dec 07
HP-UX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6419
Unspecified vulnerability in rpc.yppasswdd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
Tue, 25 Dec 07
Flic ActiveX Control
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6516
Buffer overflow in RavWare Software MAS Flic ActiveX Control (masflc.ocx) 1.0.0.1 allows remote attackers to execute arbitrary code via a long FileName property.
Tue, 25 Dec 07
sitescape_forum_zx, sitescape_forum_st
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6515
support/dispatch.cgi in SiteScape Forum allows remote attackers to execute arbitrary TCL code via code separator characters in the query string.
Tue, 25 Dec 07
HTTP Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6514
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "" (backslash), which is not handled by the intended AddType directive.
Tue, 25 Dec 07
eSupportDiagnostics
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6513
HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports dangerous methods, which allows remote attackers to (1) read arbitrary files via the ReadTextFile method, or (2) read arbitrary registry values via the ReadValue method.
Tue, 25 Dec 07
mysql_banner_exchange
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6512
PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc.
Tue, 25 Dec 07
Enterpise
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6511
Websense Enterprise 6.3.1 allows remote attackers to bypass content filtering by visiting http URLs with a (1) RealPlayer G2, (2) MSMSGS, or (3) StoneHttpAgent User-Agent header, which results in a Non-HTTP categorization.
Tue, 25 Dec 07
prowizard_4_pc
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6510
Multiple stack-based buffer overflows in ProWizard 4 PC (prowiz) 1.62 and earlier allow remote attackers to execute arbitrary code via a crafted file to the (1) AMOS-MusicBank, (2) FuzzacPacker, and (3) QuadraComposer rippers; and (4) have an unknown impact via a crafted file to the SkytPacker ripper.
Tue, 25 Dec 07
business_process_management_suite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6509
Unspecified vulnerability in Appian Enterprise Business Process Management (BPM) Suite 5.6 SP1 allows remote attackers to cause a denial of service via a crafted packet to port 5400/tcp.
Sat, 22 Dec 07
xeCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6508
Directory traversal vulnerability in view.php in xeCMS 1.0 allows remote attackers to read arbitrary files via a ..%2F (dot dot slash) in the list parameter.
Sat, 22 Dec 07
Kernel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4567
Linux kernel 2.6.22 and earlier, and possibly other versions, does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (kernel panic) via a crafted IPv6 packet.
Sat, 22 Dec 07
ServerProtect
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6507
SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code.
Sat, 22 Dec 07
Software Update
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6506
The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 3.0.8.4 allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.
Sat, 22 Dec 07
Solaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6505
Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities.
Sat, 22 Dec 07
P4Web
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6349
P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windows, allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with an empty body and a Content-Length greater than 0.
Sat, 22 Dec 07
Net_DNS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6341
Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS response.
Sat, 22 Dec 07
Ingres
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6334
Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.
Sat, 22 Dec 07
Enterprise Linux
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6285
The default configuration for autofs 5 (autofs5) on Red Hat Enterprise Linux (RHEL) 4 and 5 does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server.
Sat, 22 Dec 07
Hosting Controller
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6504
Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter.
Sat, 22 Dec 07
Hosting Controller
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6503
Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp with the (a) save, (b) 30, and (c) d_30 parameters.
Sat, 22 Dec 07
Hosting Controller
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6502
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using Microsoft.XMLHTTP or MSXML2.XMLHTTP objects, which trigger a response with the setup directory pathname in the HTML source; and (3) might allow remote attackers to obtain sensitive information via a request for /admin/forum/, w...
Sat, 22 Dec 07
Hosting Controller
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6501
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp.
Sat, 22 Dec 07
Hosting Controller
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6500
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp.
Sat, 22 Dec 07
Hosting Controller
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6499
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value."
Sat, 22 Dec 07
Hosting Controller
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6498
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp.
Sat, 22 Dec 07
Hosting Controller
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6497
Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a discount via an UpdateUser action to Accounts/AccountActions.asp with modified UserName, FullName, CreditLimit, and DefaultDiscount parameters, a related issue to CVE-2005-2219.
Sat, 22 Dec 07
Hosting Controller
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6496
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to CVE-2005-1654.
Sat, 22 Dec 07
Hosting Controller
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6495
inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. NOTE: this can be leveraged for remote code execution by changing the permissions of Forumdb, which is configured for execution of ASP scripts with administrative privileges, an...
Sat, 22 Dec 07
Hosting Controller
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6494
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters.
Sat, 22 Dec 07
iMesh
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6493
The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method.
Sat, 22 Dec 07
iMesh
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6492
The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an empty string in the argument to the ProcessRequestEx method.
Sat, 22 Dec 07
WebDoc CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6491
Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id parameters to subcategory.asp.
Sat, 22 Dec 07
Series One CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6490
Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php.
Sat, 22 Dec 07
Series One CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6489
Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors.
Sat, 22 Dec 07
Series One CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6488
Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php.
Sat, 22 Dec 07
WebGUI
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6487
Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 allows remote authenticated users with Secondary Admin privileges to create Admin accounts, a different vulnerability than CVE-2006-0680.
Sat, 22 Dec 07
LineShout
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6486
Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka the shoutbox) in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username (nickname) or (2) message parameter. NOTE: some of these details are obtained from third party information.
Sat, 22 Dec 07
Centreon
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6485
Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusCounter.php in include/monitoring/engine/.
Sat, 22 Dec 07
phpRPG
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6484
SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 22 Dec 07
Sentinel Protection Server, Sentinel Keys Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6483
Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.0.0 through 7.4.0 and possibly earlier versions, and Sentinel Keys Server 1.0.3 and possibly earlier versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the query string.
Sat, 22 Dec 07
Ray Server Software
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6482
Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
Sat, 22 Dec 07
Ray Server Software
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6481
Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to create or delete arbitrary directories via unspecified vectors.
Sat, 22 Dec 07
Management Center
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6480
The Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code.
Sat, 22 Dec 07
Dokeos
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6479
Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/.
Sat, 22 Dec 07
Rosoft Media Player
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6478
Stack-based buffer overflow in Rosoft Media Player 4.1.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a .M3U file. NOTE: some of these details are obtained from third party information.
Sat, 22 Dec 07
Web Interface
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6477
Cross-site scripting (XSS) vulnerability in the on-line help feature in Citrix Web Interface 2.0 and earlier, and NFuse, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Sat, 22 Dec 07
GF_3Xplorer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6476
GF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function.
Sat, 22 Dec 07
GF_3Xplorer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6475
Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_sel parameter to (1) updater.php and (2) thumber.php.
Sat, 22 Dec 07
GF_3Xplorer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6474
Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to inject arbitrary web script or HTML via the newdir parameter to index_3x.php, and unspecified other vectors.
Sat, 22 Dec 07
WFTPD Pro Explorer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6473
Heap-based buffer overflow in Texas Imperial Software WFTPD Pro Explorer 1.0 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command.
Sat, 22 Dec 07
phpMyRealty
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6472
Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allow (1) remote attackers to execute arbitrary SQL commands via the type parameter to search.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the listing_updated_days parameter to admin/findlistings.php. NOTE: some of these details are obtained from third party information.
Fri, 21 Dec 07
Open Source, Asterisk Business Edition
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6430
Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.
Fri, 21 Dec 07
libexif
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6352
Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags.
Fri, 21 Dec 07
libexif
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6351
libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags.
Fri, 21 Dec 07
FWSM
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5584
Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2(3) allows remote attackers to cause a denial of service (device reload) via crafted "data in the control-plane path with Layer 7 Application Inspections."
Fri, 21 Dec 07
exiv2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6353
Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.
Fri, 21 Dec 07
ClamAV
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6336
Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP file.
Fri, 21 Dec 07
ClamAV
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6335
Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.
Fri, 21 Dec 07
Flash Player
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6246
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges.
Fri, 21 Dec 07
Flash Player
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6245
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks.
Fri, 21 Dec 07
Flash Player
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6244
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.
Fri, 21 Dec 07
Flash Player
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6243
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
Fri, 21 Dec 07
Flash Player
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6242
Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors."
Fri, 21 Dec 07
phPay
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6471
Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a .. (dot dot backslash) in the config parameter.
Fri, 21 Dec 07
phpRPG
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6470
phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies.
Fri, 21 Dec 07
phpRPG
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6469
SQL injection vulnerability in index.php in phpRPG 0.8, when magic_qutoes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
Fri, 21 Dec 07
Hammer of Thyrion
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6468
Buffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman.c and hexenworld/Client/huffman.c in Hammer of Thyrion 1.4.2 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted huffman encoded packet. NOTE: some of these details are obtained from third party information.
Fri, 21 Dec 07
MKPortal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6467
SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action.
Fri, 21 Dec 07
FreeWebShop
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6466
Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action.
Fri, 21 Dec 07
Ganglia
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6465
Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and (10) st parameters to (b) web/graph.php; and the (11) c, (12) G, (13) h, (14) r, (15) m, (16) s, (17) cr, (18) hc, (19) sh, (20) p, (21) t, (22) jr, (23) js, (24) gw, (25) z, and (26) gs parameters to (c) web/get_context...
Fri, 21 Dec 07
Form Tools
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6464
Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0b allow remote attackers to execute arbitrary PHP code via a URL in the g_root_dir parameter to (1) admin_page_open.php and (2) client_page_open.php in global/templates/.
Fri, 21 Dec 07
Classifieds
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6463
Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in PHP Real Estate Classifieds allow remote attackers to inject arbitrary web script or HTML via unspecified "text areas/boxes."
Fri, 21 Dec 07
PHP Real Estate Classifieds Premium Plus
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6462
SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter.
Fri, 21 Dec 07
Flyspray
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6461
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript function; and (2) the details parameter in a details action, related to the History tab and the getHistory JavaScript function.
Fri, 21 Dec 07
Anon Proxy Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6460
Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy Server before 0.101 allow remote attackers to inject arbitrary web script or HTML via the URI, which is later displayed by (1) log.php or (2) logerror.php, a different vulnerability than CVE-2007-6459.
Fri, 21 Dec 07
Anon Proxy Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6459
Anon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than CVE-2007-6460.
Fri, 21 Dec 07
e-Commerce-Suite
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6458
SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php.
Fri, 21 Dec 07
SurgeMail
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6457
Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header.
Fri, 21 Dec 07
NeoOffice
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6456
Unspecified vulnerability in OpenOffice.org code in Planamesa NeoOffice 2.2.2 before Patch 4 has unknown impact and attack vectors related to MacOS 10.3.9 .odb files. NOTE: it is not clear whether this issue is a vulnerability.
Fri, 21 Dec 07
Mambo
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6455
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter.
Fri, 21 Dec 07
PeerCast
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6454
Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
Fri, 21 Dec 07
RaidenHTTPD
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6453
Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ulang parameter.
Fri, 21 Dec 07
Google Web Toolkit
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6452
Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS).
Fri, 21 Dec 07
Open File Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6281
Heap-based buffer overflow in Open File Manager service (ofmnt.exe) in St. Bernard Open File Manager 9.5 allows remote attackers to execute arbitrary code via a long request.
Fri, 21 Dec 07
Kernel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5966
Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third party information.
Fri, 21 Dec 07
KDE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5963
Unspecified vulnerability in kdebase allows local users to cause a denial of service (KDM login inaccessible, or resource consumption) via unknown vectors.
Fri, 21 Dec 07
Wireshark
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6451
Unspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory.
Fri, 21 Dec 07
Wireshark
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6450
The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
Fri, 21 Dec 07
Wireshark, Ethereal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6449
Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet.
Fri, 21 Dec 07
Wireshark
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6448
The Bluetooth SDP dissector in Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
Fri, 21 Dec 07
Wireshark
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6447
Buffer overflow in the iSeries (OS/400) Communication trace file parser in Wireshark (formerly Ethereal) 0.99.0 to 0.99.6 might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code unknown vectors.
Fri, 21 Dec 07
Wireshark
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6446
The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (large loop and resource consumption) via unknown vectors.
Fri, 21 Dec 07
Wireshark
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6445
Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6, when running on "some systems," allows remote attackers to cause a denial of service (crash) via crafted chunked messages.
Fri, 21 Dec 07
Wireshark
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6444
Wireshark (formerly Ethereal) 0.99.5 to 0.99.6 allows remote attackers to cause a denial of service (large loop) via a malformed DNP packet.
Fri, 21 Dec 07
Wireshark
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6443
Buffer overflow in the ANSI MAP dissector in Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on some unspecified platforms, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
Fri, 21 Dec 07
Wireshark
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6442
Buffer overflow in the SSL dissector in Wireshark (formerly Ethereal) 0.99.0 to 0.99.6 might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
Fri, 21 Dec 07
Wireshark
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6441
Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors related to "unaligned access on some platforms."
Fri, 21 Dec 07
Wireshark
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6440
Buffer overflow in the PPP dissector in Wireshark (formerly Ethereal) 0.99.6 might allow remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors.
Fri, 21 Dec 07
Wireshark
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6439
Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite or large loop) via the (1) Firebird/Interbase, (2) DCP ETSI, (3) IPv6, or (4) USB dissector, which can trigger resource consumption or a crash.
Fri, 21 Dec 07
Wireshark
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6438
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.6 allow remote attackers to cause a denial of service via (1) a crafted MP3 file, (2) the NCP dissector, or (3) the SMB dissector.
Fri, 21 Dec 07
syslog-ng Open Source Edition, syslog-ng Premium Edition
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6437
Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows remote attackers to cause a denial of service (crash) via a message with a timestamp that does not contain a trailing space, which triggers a NULL pointer dereference.
Fri, 21 Dec 07
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5863
Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option.
Fri, 21 Dec 07
Mac OS X
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5861
Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer.
Fri, 21 Dec 07
Mac OS X, Mac OS X Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5860
Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation."
Fri, 21 Dec 07
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5859
Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption.
Fri, 21 Dec 07
Safari
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5858
WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information.
Fri, 21 Dec 07
Mac OS X
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5857
Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack.
Fri, 21 Dec 07
Mac OS X
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5856
Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information.
Fri, 21 Dec 07
Mac OS X
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5855
Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity.
Fri, 21 Dec 07
Mac OS X
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5854
Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file.
Fri, 21 Dec 07
Mac OS X
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5853
Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partition maps, which triggers memory corruption.
Fri, 21 Dec 07
Mac OS X
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5851
iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors.
Fri, 21 Dec 07
Mac OS X
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5850
Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file.
Fri, 21 Dec 07
Mac OS X
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5849
Integer underflow in CUPS in Apple Mac OS X 10.5.1, when SNMP is enabled, allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.
Fri, 21 Dec 07
Mac OS X
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5848
Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.
Fri, 21 Dec 07
Mac OS X
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5847
Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information.
Fri, 21 Dec 07
Mac OS X
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4710
Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, which triggers memory corruption.
Fri, 21 Dec 07
Mac OS X
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4709
Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response.
Fri, 21 Dec 07
Mac OS X
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4708
Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler.
Fri, 21 Dec 07
Mac OS X
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3876
Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows local users to execute arbitrary code via crafted command line arguments to (1) mount_smbfs and (2) smbutil.
Thu, 20 Dec 07
Ichitaro
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6436
Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan. NOTE: some of these details are obtained from third party information.
Thu, 20 Dec 07
Groupwise
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6435
Stack-based buffer overflow in Novell GroupWise before 6.5.7, when HTML preview of e-mail is enabled, allows user-assisted remote attackers to execute arbitrary code via a long SRC attribute in an IMG element when forwarding or replying to a crafted e-mail.
Thu, 20 Dec 07
Kernel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6434
Linux kernel 2.6.23 allows local users to create low pages in virtual userspace memory and bypass mmap_min_addr protection via a crafted executable file that calls the do_brk function.
Thu, 20 Dec 07
Seam
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6433
The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.
Thu, 20 Dec 07
exiftags
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6356
exiftags before 1.01 allows attackers to cause a denial of service (infinite loop) via recursive IFD references in the EXIF data in a JPEG image.
Thu, 20 Dec 07
exiftags
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6355
Unspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow," a different vulnerability than CVE-2007-6354.
Wed, 19 Dec 07
exiftags
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6354
Unspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow," a different vulnerability than CVE-2007-6355.
Wed, 19 Dec 07
Mac OS X
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5862
Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet.
Wed, 19 Dec 07
Trixbox
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6424
registry.pl in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote web site without sufficiently validating the origin of the commands, which allows remote attackers to disable trixbox and execute arbitrary commands via a DNS spoofing attack.
Wed, 19 Dec 07
Enterprise Linux, Fedora
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6283
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.
Tue, 18 Dec 07
Debian Linux
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6418
The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.
Tue, 18 Dec 07
Kernel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6417
The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly allocate memory in some circumstances, which might allow local users to read sensitive kernel data or cause a denial of service (crash).
Tue, 18 Dec 07
Xen
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6416
The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations.
Tue, 18 Dec 07
AdultScript
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6414
admin/administrator.php in Adult Script 1.6 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication and obtain administrative credentials via a direct request. NOTE: this can be leveraged for arbitrary code execution through a request to admin/videolinks_view.php.
Tue, 18 Dec 07
Solaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6413
Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120011-* and 120012-* patches, allows remote attackers to bypass certain netgroup restrictions and obtain root access to a filesystem via NFS requests from a client root user.
Tue, 18 Dec 07
OPC Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4473
Gesytec Easylon OPC Server before 2.3.44 does not properly validate server handles, which allows remote attackers to execute arbitrary code or cause a denial of service via unspecified network traffic to the OLE for Process Control (OPC) interface, probably related to free operations on arbitrary memory addresses through certain Remove functions, and read and write operations on arbitrary memory addresses through certain Set, Read, and Write functions.
Tue, 18 Dec 07
Bitweaver
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6412
Direct static code injection vulnerability in wiki/index.php in Bitweaver 2.0.0 and earlier, when comments are enabled, allows remote attackers to inject arbitrary PHP code via an editcomments action.
Tue, 18 Dec 07
Gadu-Gadu Instant Messenger
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6411
Multiple buffer overflows in the HandleEmotsConfig function in the GG Client in Gadu-Gadu 7.7 Build 3669 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (gg.exe process crash) via a long string in an emots.txt file.
Tue, 18 Dec 07
Gadu-Gadu Instant Messenger
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6410
Gadu-Gadu does not properly perform protocol handling, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and add arbitrary user accounts or cause a denial of service as administrators via an unspecified "crafted link," possibly related to the gg protocol.
Tue, 18 Dec 07
Gadu-Gadu Instant Messenger
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6409
The gg protocol handler in Gadu-Gadu, when this product is installed but not running, does not properly handle the skin attribute, which allows remote attackers to cause a denial of service (resource consumption) via unspecified network traffic.
Tue, 18 Dec 07
Tivoli Provisioning Manager Express
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6408
IBM Tivoli Provisioning Manager Express provides unspecified information in error messages when (1) attempted duplication of a username occurs when creating an account or (2) when trying to login using a valid username, which makes it easier for remote attackers to enumerate usernames.
Tue, 18 Dec 07
Tivoli Provisioning Manager Express
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6407
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Provisioning Manager Express allow remote attackers to inject arbitrary web script or HTML via the (1) "assess modification," (2) user-id, and other unspecified fields to the /tpmx URI; or (3) involving unspecified vectors related to "error processing."
Tue, 18 Dec 07
eTrust Threat Management Console
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6406
Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly Computer Associates) eTrust Threat Management Console allow remote attackers to inject arbitrary web script or HTML via the IP Address field and other unspecified fields.
Tue, 18 Dec 07
SHTTPD
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6405
Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407.
Tue, 18 Dec 07
shttp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6404
Directory traversal vulnerability in Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to read arbitrary files via a .. (dot dot backslash) in the URI.
Tue, 18 Dec 07
Nullsoft Winamp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6403
Stack-based buffer overflow in Nullsoft Winamp 5.32 allows user-assisted remote attackers to execute arbitrary code via crafted unicode in a .mp4 file, with crafted tags, contained in a certain .rar archive, a related issue to CVE-2007-2498. NOTE: for exploitation, the victim must select a certain menu option at the time of the attack.
Tue, 18 Dec 07
Media Player Classic
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6402
Stack-based buffer overflow in mplayerc.exe in Media Player Classic (MPC) 6.4.9, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6401.
Tue, 18 Dec 07
Windows Media Player
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6401
Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6402.
Tue, 18 Dec 07
PolDoc Document Management System
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6400
Directory traversal vulnerability in download_file.php in PolDoc CMS (aka PDDMS) 0.96 allows remote attackers to read arbitrary files via a .. (dot dot) or absolute pathname in the filename parameter.
Tue, 18 Dec 07
Flat PHP Board
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6399
index.php in Flat PHP Board 1.2 and earlier allows remote authenticated users to obtain the password for the current user account by reading the password parameter value in the HTML source for the page generated by a profile action.
Tue, 18 Dec 07
Board
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6398
Flat PHP Board 1.2 and earlier allows remote attackers to bypass authentication and obtain limited access to an arbitrary user account via the fpb_username cookie.
Tue, 18 Dec 07
Board
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6397
Multiple directory traversal vulnerabilities in index.php in Flat PHP Board 1.2 and earlier allow remote attackers to (1) create arbitrary files via a .. (dot dot) in the username parameter when registering a user account, and (2) read arbitrary PHP files via a .. (dot dot) in (a) the topic parameter in a topic action or (b) the username parameter in a viewprofile action.
Tue, 18 Dec 07
Flat PHP Board
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6396
Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the (1) username, (2) password, and (3) email parameters when registering a user account, which can be executed by accessing the user's php file for this account. NOTE: similar code injection might be possible in a user profile.
Tue, 18 Dec 07
Board
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6395
Flat PHP Board 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for the username php file for any user account in users/.
Tue, 18 Dec 07
Content Injector
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6394
SQL injection vulnerability in index.php in Content Injector 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter in an expand action.
Tue, 18 Dec 07
ACE Image Hosting Script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6393
SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode.
Tue, 18 Dec 07
DWdirectory
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6392
SQL injection vulnerability in DWdirectory 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter to the /search URI.
Tue, 18 Dec 07
SH-News
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6391
SQL injection vulnerability in patch/comments.php in SH-News 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Tue, 18 Dec 07
Serendipity
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6390
Cross-site request forgery (CSRF) vulnerability in the mycalendar plugin before 0.13, a plugin for Serendipity, allows remote attackers to perform actions as blog administrators, which can be leveraged to conduct cross-site scripting (XSS) attacks on the blog page.
Tue, 18 Dec 07
Screensaver
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6389
The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V.
Tue, 18 Dec 07
CVE-2007-6387 (ActiveX, AnswerWorks, Turbo Tax, Quickbooks, Quicken, QuickTax, Bookkeeping, ProS...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6387
Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ActiveX control in awApi4.dll 4.0.0.42, as used by Vantage Linguistics AnswerWorks, and Intuit Clearly Bookkeeping, ProSeries, QuickBooks, Quicken, QuickTax, and TurboTax, allow remote attackers to execute arbitrary code via long arguments to the (1) GetHistory, (2) GetSeedQuery, (3) SetSeedQuery, and possibly other methods. NOTE: some of these details are obtained from third party information.
Tue, 18 Dec 07
CVE-2007-6386 (Trend Micro AntiVirus plus AntiSpyware, Trend Micro Internet Security Pro, Trend ...)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6386
Stack-based buffer overflow in PccScan.dll before build 1451 in Trend Micro AntiVirus plus AntiSpyware 2008, Internet Security 2008, and Internet Security Pro 2008 allows user-assisted remote attackers to cause a denial of service (SfCtlCom.exe crash), and allows local users to gain privileges, via a malformed .zip archive with a long name, as demonstrated by a .zip file created via format string specifiers in a crafted .uue file.
Tue, 18 Dec 07
WinRoute Firewall
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6385
The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.
Tue, 18 Dec 07
WebLogic Mobility Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6384
Unspecified vulnerability in the Image Converter functionality in BEA WebLogic Mobility Server 3.3, 3.5, and 3.6 through 3.6 SP1 allows remote attackers to obtain application file and resource access via unspecified vectors.
Tue, 18 Dec 07
Chandler Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6383
The DAV component in Chandler Server (Cosmo) before 0.10.1 does not check resource creation permissions, which allows remote authenticated users to create arbitrary resources in another user's home collection.
Tue, 18 Dec 07
Robocode
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6382
The Event Dispatch Thread in Robocode before 1.5.1 allows remote attackers to execute arbitrary Java code by using a robot to invoke the SwingUtilities.invokeLater method.
Tue, 18 Dec 07
TYPO3
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6381
SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Tue, 18 Dec 07
e-Xoops
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6380
Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issue...
Tue, 18 Dec 07
BadBlue
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6379
BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message.
Tue, 18 Dec 07
BadBlue
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6378
Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter.
Tue, 18 Dec 07
BadBlue
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6377
Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string.
Tue, 18 Dec 07
PHP-Nuke
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6376
Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 18 Dec 07
Bitweaver
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6375
Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to wiki/list_pages.php and the (2) highlight parameter to search/index.php. NOTE: the researcher also reported injection via JavaScript code in the Search box, but this is probably a forced SQL error or other separate primary issue.
Tue, 18 Dec 07
Bitweaver
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6374
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) users/register.php or (2) search/index.php, or an editcomments action in (3) wiki/index.php or (4) forums/index.php. NOTE: the error parameter to users/login.php is covered by CVE-2006-3103.
Tue, 18 Dec 07
Gestdown
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6373
Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow remote attackers to execute arbitrary SQL commands via the (1) categorie parameter to catdownload.php, or the id parameter to (2) download.php or (3) hitcounter.php.
Tue, 18 Dec 07
JUNOS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6372
Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets.
Tue, 18 Dec 07
N95 RM-159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6371
Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote attackers to cause a denial of service (device inoperability) via a SIP INVITE message accompanied by an immediately subsequent SIP CANCEL message, followed by a second SIP INVITE message in a different session.
Tue, 18 Dec 07
7940
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6370
Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459.
Tue, 18 Dec 07
PictPress
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6369
Multiple directory traversal vulnerabilities in resize.php in the PictPress 0.91 and earlier plugin for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) size or (2) path parameter.
Tue, 18 Dec 07
ezContents
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6368
Directory traversal vulnerability in index.php in ezContents 1.4.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the link parameter.
Tue, 18 Dec 07
SineCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6367
Multiple cross-site scripting (XSS) vulnerabilities in the guestbook in SineCMS 2.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username (user) or (2) comment (commento) field, different vectors than CVE-2007-2357.
Tue, 18 Dec 07
SineCMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6366
Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to mods/Calendar/index.php, accessed through a Calendar info action to mods.php; the id parameter to admin/mods_adm.php in a (2) Guestbook modifica or (3) Calendar modify action; or the (4) mese or (5) anno parameter to admin/mods_adm.php in a Calendar action. NOTE: the component for vectors 2 through 5 might be limited to administrators.
Tue, 18 Dec 07
Event Calendar
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6365
Cross-site scripting (XSS) vulnerability in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 allows remote attackers to inject arbitrary web script or HTML via the month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the day and year vectors are covered by CVE-2007-6274.
Tue, 18 Dec 07
JLMForo System
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6364
Cross-site scripting (XSS) vulnerability in modificarPerfil.php in JLMForo System allows remote authenticated users to inject arbitrary web script or HTML via a signature.
Tue, 18 Dec 07
Tivoli Netcool Security Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6363
IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when using Active Directory (AD) LDAP authentication, allows remote attackers to obtain login access via unspecified vectors without entering a password.
Tue, 18 Dec 07
RS Gallery2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6362
SQL injection vulnerability in index.php in the RSGallery (com_rsgallery) 2.0 beta 5 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an inline page action.
Tue, 18 Dec 07
Gekko
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6361
Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
Tue, 18 Dec 07
eXtended System Control Facility XCP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6360
Unspecified vulnerability in the Sun eXtended System Control Facility (XSCF) Control Package (XCP) firmware before 1050 on SPARC Enterprise M4000, M5000, M8000, and M9000 servers allows remote attackers to cause a denial of service (reboot) via (1) telnet, (2) ssh, or (3) http network traffic that triggers memory exhaustion.
Tue, 18 Dec 07
Mac OS X
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6359
The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL.
Tue, 18 Dec 07
pdftops
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6358
files/pdftops.pl before 1.20 in pdftops allows local users to overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp temporary file, which is created when pdftops reads a PDF file from stdin, such as when pdftops is invoked by CUPS.
Tue, 18 Dec 07
Access
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6357
Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.
Tue, 18 Dec 07
CourseMill Enterprise Learning Management System
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6338
SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill Enterprise Learning Management System 4.1 SP4 allows remote attackers to execute arbitrary SQL commands via the user parameter (username field). NOTE: some of these details are obtained from third party information.
Tue, 18 Dec 07
Portage
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6249
etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.
Tue, 18 Dec 07
HP-UX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6195
Unspecified vulnerability in HP HP-UX B.11.11 and B.11.23, when running DCE such as in Software Distributor (SD), allows remote attackers to cause a denial of service via unspecified vectors.
Tue, 18 Dec 07
Kernel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6151
The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which triggers a buffer overflow.
Tue, 18 Dec 07
CiscoWorks Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5582
Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Tue, 18 Dec 07
Security Agent
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5580
Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted packet in a TCP session on port (1) 139 or (2) 445, possibly involving the Microsoft Server Message Block (SMB) protocol.
Tue, 18 Dec 07
Quicktime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4707
Multiple unspecified vulnerabilities in the Flash media handler in Apple QuickTime before 7.3.1 allow remote attackers to execute arbitrary code or have other unspecified impacts via a crafted QuickTime movie.
Tue, 18 Dec 07
Quicktime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4706
Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remote attackers to execute arbitrary code via a crafted QTL file.
Sat, 15 Dec 07
scponly
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6350
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, and (3) svn , as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks.
Sat, 15 Dec 07
SquirrelMail
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6348
SquirrelMail 1.4.11 and 1.4.12, as distributed on www.squirrelmail.org before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code.
Sat, 15 Dec 07
Helpdesk, CMS, Shop Evaluation, Shop Free
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6347
PHP remote file inclusion vulnerability in blocks/block_site_map.php in ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, and (4) Shop Free 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the root_folder_path parameter. NOTE: some of these details are obtained from third party information.
Sat, 15 Dec 07
Rainboard
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6346
Cross-site scripting (XSS) vulnerability in Rainboard before 2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Sat, 15 Dec 07
Aurora Framework
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6345
SQL injection vulnerability in aurora framework before 20071208 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib. NOTE: some of these details are obtained from third party information.
Sat, 15 Dec 07
Easy Web Make
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6344
Directory traversal vulnerability in modules/cms/index.php in Mcms Easy Web Make 1.3, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.
Sat, 15 Dec 07
OpenView Network Node Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6343
Cross-site scripting (XSS) vulnerability in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Sat, 15 Dec 07
Apache_AuthCAS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6342
SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
Sat, 15 Dec 07
OpenView Network Node Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6204
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe.
Sat, 15 Dec 07
Samba
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6015
Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.
Sat, 15 Dec 07
Skype
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5989
Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption.
Sat, 15 Dec 07
Info Center
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6333
The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Buttons (QLBCTRL.exe), allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method.
Sat, 15 Dec 07
Info Center
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6332
The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Buttons (QLBCTRL.exe), on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method.
Sat, 15 Dec 07
Info Center
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6331
Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Buttons (QLBCTRL.exe), allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method. NOTE: only a user-assisted attack is possible on Windows Vista.
Sat, 15 Dec 07
Prolog Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6330
Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames and passwords to the client in a (1) cleartext or (2) weakly encrypted format to support client-side login authentication, which makes it easier for remote attackers to obtain database access by capturing credentials via a man-in-the-middle attack.
Sat, 15 Dec 07
Office
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6329
Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
Sat, 15 Dec 07
DOSBox
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6328
** DISPUTED ** DOSBox 0.72 and earlier allows local users to obtain access to the filesystem on the host operating system via the mount command. NOTE: the researcher reports a vendor response stating that this is not a security problem.
Sat, 15 Dec 07
CVE-2007-6327 (AVSMJPEGFILE.DLL)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6327
Buffer overflow in a certain ActiveX control in Online Media Technologies AVSMJPEGFILE.DLL 1.1.1.102 allows remote attackers to execute arbitrary code via a long first argument to the CreateStill method.
Sat, 15 Dec 07
Simple HTTPD
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6326
Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI.
Sat, 15 Dec 07
Fastpublish CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6325
PHP remote file inclusion vulnerability in adminbereich/designconfig.php in Fastpublish CMS 1.9999 allows remote attackers to execute arbitrary PHP code via a URL in the config[fsBase] parameter, a different vector than CVE-2006-2726.
Sat, 15 Dec 07
CityWriter
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6324
PHP remote file inclusion vulnerability in head.php in CityWriter 0.9.7 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
Fri, 14 Dec 07
MMS Gallery PHP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6323
Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) get_image.php or (2) get_file.php in mms_template/.
Fri, 14 Dec 07
xml2owl
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6322
Directory traversal vulnerability in filedownload.php in xml2owl 0.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Fri, 14 Dec 07
enterprise_linux
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5964
The default configuration of autofs 5 in Red Hat Enterprise Linux (RHEL) 5 omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server.
Fri, 14 Dec 07
Apache HTTP Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5000
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Fri, 14 Dec 07
Balsa
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5007
Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.
Thu, 13 Dec 07
Roundcube Webmail
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6321
Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.
Thu, 13 Dec 07
feature_module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6320
Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks.
Thu, 13 Dec 07
WordPress
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6318
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "" in a multibyte character.
Thu, 13 Dec 07
BarracudaDrive Web Server Home Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6317
Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain .. (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a .. (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/.
Thu, 13 Dec 07
BarracudaDrive Web Server Home Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6316
Cross-site scripting (XSS) vulnerability in BarracudaDrive Web Server before 3.8 allows remote attackers to inject arbitrary web script or HTML via the URI path in an HTTP GET request, which is activated by administrators viewing log files via the Trace page.
Thu, 13 Dec 07
BarracudaDrive Web Server Home Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6315
Group Chat in BarracudaDrive Web Server before 3.8 allows remote authenticated users to cause a denial of service (crash) via a HTTP request to /eh/chat.ehintf/C. that does not contain a Connection ID, which results in a NULL pointer dereference.
Thu, 13 Dec 07
BarracudaDrive Web Server, BarracudaDrive Web Server Home Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6314
BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a (1) + (plus), (2) . (dot), or (3) %80 and similar characters to the file name in the URL.
Thu, 13 Dec 07
windows-nt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5351
Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
Thu, 13 Dec 07
windows-nt
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5350
Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths."
Thu, 13 Dec 07
Internet Explorer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5347
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."
Thu, 13 Dec 07
Internet Explorer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5344
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website involving uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, a variant of "Uninitialized Memory Corruption Vulnerability."
Thu, 13 Dec 07
Internet Explorer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3903
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website involving uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability."
Thu, 13 Dec 07
Internet Explorer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3902
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website involving uninitialized or deleted objects, a different issue than CVE-2007-3903 and CVE-2007-5344, one variant of "Uninitialized Memory Corruption Vulnerability."
Thu, 13 Dec 07
DirectX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3901
Unspecified vulnerability in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted Synchronized Accessible Media Interchange (SAMI) file.
Wed, 12 Dec 07
DirectX
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3895
Unspecified vulnerability in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file.
Wed, 12 Dec 07
Microsoft Messagin Queuing
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3039
Buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via unspecified vectors. NOTE: remote vectors exist for Windows 2000 Professional SP4 and Windows XP SP2; they are only local for the other operating systems.
Wed, 12 Dec 07
Media Format Runtime, Media Services
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0064
Unspecified vulnerability in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
Wed, 12 Dec 07
Web Security Suite, Enterpise, Reporting Tools
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6312
Cross-site scripting (XSS) vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field.
Wed, 12 Dec 07
Falt4 Extreme RC4
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6311
SQL injection vulnerability in (1) index.php, and possibly (2) admin/index.php, in Falt4Extreme RC4 10.9.2007 allows remote attackers to execute arbitrary SQL commands via the nav_ID parameter.
Wed, 12 Dec 07
Falt4 Extreme RC4
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6310
Multiple cross-site scripting (XSS) vulnerabilities in Falt4Extreme RC4 10.9.2007 allow remote attackers to inject arbitrary web script or HTML via the handler parameter to (1) index.php and possibly (2) admin/index.php, and (3) the topic parameter to modules/feed/feed.php (aka modules/feed.php).
Wed, 12 Dec 07
webSPELL
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6309
Multiple cross-site scripting (XSS) vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the galleryID parameter in a usergallery upload action; or the (2) upID, (3) tag, (4) month, (5) userID, or (6) year parameter in a calendar announce action.
Wed, 12 Dec 07
HttpLogger
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6308
Cross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Wed, 12 Dec 07
wwwstats
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6307
Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header.
Wed, 12 Dec 07
JFreeChart
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6306
Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.
Wed, 12 Dec 07
Serendipity
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6205
Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed.
Wed, 12 Dec 07
Hardware Management Console
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6305
Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands."
Wed, 12 Dec 07
MySQL
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6304
The federated engine in MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, does not properly handle a response with a small number of columns, which allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.
Wed, 12 Dec 07
MySQL
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6303
MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.
Wed, 12 Dec 07
NetMail
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6302
Unspecified vulnerability in Novell NetMail 3.5.2 before Messaging Architects M+NetMail 3.52f (aka 3.5.2F) allows remote attackers to execute arbitrary code via unknown vectors, aka "ZDI-CVE-162."
Wed, 12 Dec 07
MySQL
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5970
MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.
Tue, 11 Dec 07
MySQL Community Server
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5969
MySQL Community Server before 5.0.51, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
Tue, 11 Dec 07
MySQL
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5968
MySQL 5.1.x before 5.1.23 might allow attackers to gain privileges via unspecified use of the BINLOG statement in conjunction with the binlog filename, which is interpreted as an absolute path by some components of the product, and as a relative path by other components.
Tue, 11 Dec 07
Open Newsletter
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6301
Cross-site scripting (XSS) vulnerability in compose.php in OpenNewsletter 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.
Tue, 11 Dec 07
Fusion News
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6300
Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 allows remote attackers to perform unauthorized actions via unspecified vectors.
Tue, 11 Dec 07
Drupal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6299
Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules.
Tue, 11 Dec 07
Shoutbox
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6298
Cross-site scripting (XSS) vulnerability in the Shoutbox module for Drupal 5.x before Shoutbox 5.x-1.1 allows remote authenticated users to inject arbitrary web script or HTML via Shoutbox block messages.
Tue, 11 Dec 07
PHPMyChat
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6297
Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3. NOTE: the FontName vectors for start_page.css.php3 and style.css.php3 are already covered by CVE-2005-1619. The medium vectors for start_page.css.php3 (start_page.css.php) and style.css.php3 (style.c...
Tue, 11 Dec 07
phpMyChat
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6296
PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the From parameter.
Tue, 11 Dec 07
Lotus Sametime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6295
Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI.
Tue, 11 Dec 07
Hardware Management Console
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6294
Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 3 R3.7 allow attackers to gain privileges via "some HMC commands."
Tue, 11 Dec 07
Hardware Management Console
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6293
Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 6 R1.3 allow attackers to gain privileges via "some HMC commands."
Tue, 11 Dec 07
E-commerce
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6292
SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
Tue, 11 Dec 07
CVE-2007-6291 (Absolute Banner Manager.NET)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6291
SQL injection vulnerability in abm.aspx in Xigla Absolute Banner Manager .NET 4.0 allows remote attackers to execute arbitrary SQL commands via the z parameter.
Tue, 11 Dec 07
SERWeb
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6290
Multiple directory traversal vulnerabilities in js/get_js.php in SERWeb 2.0.0 dev1 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod and (2) js parameters.
Tue, 11 Dec 07
SERWeb
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6289
Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SERWEB[configdir] parameter to load_lang.php, (2) _SERWEB[functionsdir] parameter to main_prepend.php, and the (3) _PHPLIB[libdir] parameter to load_phplib.php, different vectors than CVE-2007-3359 and CVE-2007-3358.
Tue, 11 Dec 07
TCExam
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6288
Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
Tue, 11 Dec 07
HyperVM
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6287
Cross-site scripting (XSS) vulnerability in the login page in Lxlabs HyperVM 2.0 allows remote attackers to inject arbitrary web script or HTML via the frm_emessage parameter, a different vector than CVE-2006-6649. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 8 Dec 07
libflac
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6279
Multiple double-free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file.
Sat, 8 Dec 07
libflac
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6278
Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.
Sat, 8 Dec 07
libflac
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6277
Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-T...
Sat, 8 Dec 07
Mac OS X
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6276
The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted packet to UDP port 4112, which triggers an "arithmetic exception error."
Sat, 8 Dec 07
bcoos
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6275
SQL injection vulnerability in modules/adresses/ratefile.php in bcoos 1.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter, a different vector than CVE-2007-????.
Sat, 8 Dec 07
bcoos
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6274
Multiple cross-site scripting (XSS) vulnerabilities in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) day or (2) year parameter.
Sat, 8 Dec 07
Global VPN Client
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6273
Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries.
Sat, 8 Dec 07
Joomla
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6272
Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search action to the com_search component.
Sat, 8 Dec 07
CVE-2007-6271 (Absolute News Manager.NET)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6271
Absolute News Manager.NET 5.1 allows remote attackers to obtain sensitive information via a direct request to getpath.aspx, which reveals the installation path in an error message.
Sat, 8 Dec 07
CVE-2007-6270 (Absolute News Manager.NET)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6270
Multiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx and the (2) template parameter to pages/default.aspx.
Sat, 8 Dec 07
CVE-2007-6269 (Absolute News Manager.NET)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6269
Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the (1) z, (2) pz, (3) ord, and (4) sort parameters.
Sat, 8 Dec 07
CVE-2007-6268 (Absolute News Manager.NET)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6268
Directory traversal vulnerability in pages/default.aspx in Absolute News Manager.NET 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
Sat, 8 Dec 07
EdgeSight for Presentation Server, EdgeSight for Endpoints, EdgeSight for NetScaler
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6267
Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information.
Sat, 8 Dec 07
bcoos
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6266
Multiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to modules/arcade/index.php in a show_stats action, or the lid parameter to (2) modules/myalbum/ratephoto.php or (3) modules/mylinks/ratelink.php, different vectors than CVE-2007-5104.
Sat, 8 Dec 07
Avast Antivirus Home, Avast Antivirus Professional
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6265
Unspecified vulnerability in avast! 4 Home and Professional Editions before 4.7.1098 allows remote attackers to have an unknown impact via a crafted TAR archive.
Sat, 8 Dec 07
Emacs
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6109
Buffer overflow in emacs allows attackers to have an unknown impact, as demonstrated via a vector involving the command line.
Sat, 8 Dec 07
e2fsprogs
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5497
Multiple integer overflows in libext2fs in e2fsprogs allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.
Fri, 7 Dec 07
netkit_ftpd
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6263
The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via some types of FTP over SSL protocol behavior, as demonstrated by breaking a passive FTP DATA connection in a way that triggers an error in the server's SSL_accept function. NOTE: the netkit ftp issue...
Fri, 7 Dec 07
Heimdal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5939
The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect.
Fri, 7 Dec 07
Wireless WiFi Link 4965AGN, PRO Wireless 3945ABG
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5938
The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwl_get_hw_mode return value without checking for NULL, which might allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors during module initialization.
Fri, 7 Dec 07
netkit_ftp
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5769
Double-free vulnerability in the getreply function in ftp.c in netkit ftp (netkit-ftp) 0.17 20040614 and later allows remote FTP servers to cause a denial of service (application crash) and possibly have unspecified other impact via some types of FTP protocol behavior. NOTE: the netkit-ftpd issue is covered by CVE-2007-????.
Fri, 7 Dec 07
VLC Media Player
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6262
A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability."
Fri, 7 Dec 07
Mac OS X
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6261
Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary.
Fri, 7 Dec 07
Database 11g, Database 10g
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6260
The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed.
Fri, 7 Dec 07
Select Identity
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6194
Unspecified vulnerability in HP Select Identity 4.01 before 4.01.012 and 4.1x before 4.13.003 allows remote attackers to obtain unspecified access via unknown vectors.
Fri, 7 Dec 07
Kerberos 5
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5972
Double-free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and thus the attacker must have privileges to store this key.
Fri, 7 Dec 07
Kerberos 5
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5971
Double-free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.
Fri, 7 Dec 07
Kerberos 5
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5902
Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.
Fri, 7 Dec 07
Kerberos 5
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5901
Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.
Fri, 7 Dec 07
Kerberos 5
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5894
The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used.
Fri, 7 Dec 07
OpenOffice
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4575
Unspecified vulnerability in HSQLDB before 1.8.0.9 in OpenOffice.org (OOo) 2 before 2.3.1 allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents.
Wed, 5 Dec 07
Quicktime
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6238
Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. ...
Wed, 5 Dec 07
DeluxeBB
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6237
cp.php in DeluxeBB 1.09 does not verify that the membercookie parameter corresponds to the authenticated member during a profile update, which allows remote authenticated users to change the e-mail addresses of arbitrary accounts via a modified membercookie parameter, a different vector than CVE-2006-4078. NOTE: this can be leveraged for administrative access by requesting password-reset e-mail through a lostpw action to misc.php.
Wed, 5 Dec 07
Windows Media Player
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6236
Microsoft Windows Media Player (WMP) allows remote attackers to cause a denial of service (application crash) via a certain AIFF file that triggers a divide-by-zero error, as demonstrated by kr.aiff.
Wed, 5 Dec 07
FTP Admin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6233
Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
Wed, 5 Dec 07
Admin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6232
Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.
Wed, 5 Dec 07
Tellmatic
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6231
Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/.
Wed, 5 Dec 07
Wesnoth
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5742
Directory traversal vulnerability in the WML engine preprocessor for Wesnoth before 1.2.8 allows remote attackers to read arbitrary files via ".." sequences in unknown vectors.
Wed, 5 Dec 07
Rayzz Script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6229
PHP remote file inclusion vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[site][project_path] parameter.
Wed, 5 Dec 07
Yahoo Toolbar
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6228
Stack-based buffer overflow in the Helper class in the yt.ythelper.2 ActiveX control in Yahoo! Toolbar 1.4.1 allows remote attackers to cause a denial of service (browser crash) via a long argument to the c method.
Wed, 5 Dec 07
QEMU
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6227
QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com.
Wed, 5 Dec 07
Rack Power Distribution Unit, OAS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6226
The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits.
Wed, 5 Dec 07
Solaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6225
Unspecified vulnerability in Sun Solaris 10, when 64bit mode is used on the x86 platform, allows local users in a Linux (lx) branded zone to cause a denial of service (panic) via unspecified vectors.
Wed, 5 Dec 07
RealPlayer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6224
The RealNetworks RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll, as shipped with RealPlayer 11, allows remote attackers to cause a denial of service (browser crash) via a certain argument to the GetSourceTransport method.
Wed, 5 Dec 07
Garage
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6223
SQL injection vulnerability in garage.php in phpBB Garage 1.2.0 Beta3 allows remote attackers to execute arbitrary SQL commands via the make_id parameter in a search action in browse mode.
Wed, 5 Dec 07
Interleave
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6222
The CheckCustomerAccess function in functions.php in CRM-CTT Interleave before 4.2.0 (formerly CRM-CTT) does not properly verify user privileges, which allows remote authenticated users with the LIMITTOCUSTOMERS privilege to bypass intended access restrictions and edit non-active user settings. NOTE: some of these details are obtained from third party information.
Wed, 5 Dec 07
TuMusika Evolution
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6221
TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 5 Dec 07
Typespeed
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6220
typespeed before 0.6.4 allows remote attackers to cause a denial of service (application crash) via unspecified network behavior that triggers a divide-by-zero error.
Wed, 5 Dec 07
Tivoli Netcool Security Manager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6219
Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool Security Manager 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Wed, 5 Dec 07
CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6218
Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b) uninstall_module.php in upload/xax/admin/modules/, (c) upload/xax/admin/patch/index.php, and (d) install_module.php and (e) uninstall_module.php in upload/xax/ossigeno/admin/; and the (2) ossigeno parameter to (f) ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php, different vect...
Wed, 5 Dec 07
My-Time
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6217
Multiple SQL injection vulnerabilities in login.asp in Irola My-Time (aka Timesheet) 3.5 allow remote attackers to execute arbitrary SQL commands via the (1) login (aka Username) and (2) password parameters. NOTE: some of these details are obtained from third party information.
Wed, 5 Dec 07
Solaris
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6216
Race condition in the Fibre Channel protocol (fcp) driver and Devices filesystem (devfs) in Sun Solaris 10 allows local users to cause a denial of service (system hang) via some programs that access hardware resources, as demonstrated by the (1) cfgadm and (2) format programs.
Wed, 5 Dec 07
Web-MeetMe
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6215
Multiple directory traversal vulnerabilities in play.php in Web-MeetMe 3.0.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) roomNo and possibly the (2) bookid parameter.
Wed, 5 Dec 07
LearnLoop
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6214
Directory traversal vulnerability in include/file_download.php in LearnLoop 2.0 beta7 allows remote attackers to read arbitrary files via a .. (dot dot) in the sFilePath parameter. NOTE: exploitation requires that the product is configured, but has zero files in the database.
Wed, 5 Dec 07
WebED
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6213
Multiple directory traversal vulnerabilities in mod/chat/index.php in WebED 0.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) Root and (2) Path parameters.
Wed, 5 Dec 07
KML
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6212
Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the layer parameter.
Wed, 5 Dec 07
SING
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6211
Send Nasty ICMP Garbage (sing) on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L (output log file) option.
Wed, 5 Dec 07
Zabbix_agentd
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6210
zabbix_agentd 1.1.4 in ZABBIX runs "UserParameter" scripts with gid 0, which might allow local users to gain privileges.
Wed, 5 Dec 07
ZSH
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6209
difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Wed, 5 Dec 07
Claws Mail Tools
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6208
sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file.
Wed, 5 Dec 07
Xen
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6207
Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains.
Wed, 5 Dec 07
Kernel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6206
Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.
Wed, 5 Dec 07
Apache
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6203
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
Wed, 5 Dec 07
Desktop, Enterprise Linux AS, Enterprise Linux ES, Enterprise Linux WS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-7226
Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of service (error or crash).
Wed, 5 Dec 07
PCRE
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-7225
Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a [[ sequence.
Wed, 5 Dec 07
Beehive Forum
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6241
Multiple unspecified vulnerabilities in Beehive Forum 0.7.1 have unknown "critical" impact and attack vectors, different issues than CVE-2007-6014.
Wed, 5 Dec 07
Jetty
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5615
CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Wed, 5 Dec 07
RealPlayer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6235
A certain ActiveX control in RealNetworks RealPlayer 11 allows remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. NOTE: this might be related to CVE-2007-4904.
Wed, 5 Dec 07
FTP Admin
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6234
index.php in FTP Admin 0.1.0 allows remote attackers to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user account.
Wed, 5 Dec 07
Rayzz Script
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6230
Directory traversal vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the CFG[site][project_path] parameter.
Wed, 5 Dec 07
Rsync
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6200
Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.
Wed, 5 Dec 07
AquaLogic Interaction
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6198
portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter.
Wed, 5 Dec 07
Snitz Forums
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6240
SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the BuildTime parameter.
Wed, 5 Dec 07
Beehive Forum
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6014
SQL injection vulnerability in post.php in Beehive Forum 0.7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t_dedupe parameter.
Wed, 5 Dec 07
Jetty
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5614
Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.
Wed, 5 Dec 07
Jetty
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5613
Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies.
Wed, 5 Dec 07
Internet Explorer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5355
The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks.
Wed, 5 Dec 07
Squid Web Proxy Cache
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6239
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers.
Tue, 4 Dec 07
Seditio
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6202
SQL injection vulnerability in plugins/search/search.php in Neocrome Seditio CMS 121 and earlier allows remote attackers to execute arbitrary SQL commands via the pag_sub[] parameter to plug.php.
Tue, 4 Dec 07
Wesnoth
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6201
Unspecified vulnerability in Wesnoth before 1.2.8 allows attackers to cause a denial of service (hang) via a "faulty add-on" and possibly execute other commands via unknown vectors related to the turn_cmd option.
Tue, 4 Dec 07
Rsync
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6199
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.
Tue, 4 Dec 07
AquaLogic Interaction
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6197
The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page.
Tue, 4 Dec 07
atmail Webmail System
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6196
Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail before 5.2 allows remote attackers to inject arbitrary web script or HTML via the func parameter.
Sun, 2 Dec 07
FIPS Object Module
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5502
The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness.
Sat, 1 Dec 07
Online Anti-Virus Scanner
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6189
A certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in BitDefender Online Anti-Virus Scanner 8.0 allows remote attackers to execute arbitrary code via a long argument to the InitX method that begins with a "%%" sequence, which is misinterpreted as a Unicode string and decoded twice, leading to improper memory allocation and a heap-based buffer overflow.
Sat, 1 Dec 07
NoAh
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6187
Multiple directory traversal vulnerabilities in PHP Content Architect (aka NoAh) 0.9 pre 1.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the filepath parameter to (1) css_file.php, (2) js_file.php, or (3) xml_file.php in noah/modules/nosystem/templates/.
Sat, 1 Dec 07
Asterisk
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6170
SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.
Sat, 1 Dec 07
FreeBSD
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6150
The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values.
Sat, 1 Dec 07
Cairo
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5503
Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image, which is not properly handled by the read_png function.
Sat, 1 Dec 07
Eurologon CMS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6185
Directory traversal vulnerability in users/files.php in Eurologon CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a download action, as demonstrated by a certain PHP file containing database credentials.
Sat, 1 Dec 07
Project Alumni
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6184
Directory traversal vulnerability in index.php in Project Alumni 1.0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter.
Sat, 1 Dec 07
Ruby_Gnome2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6183
Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.
Sat, 1 Dec 07
ISPManager
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6182
The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 allows local users to gain privileges via shell metacharacters in command line arguments.
Sat, 1 Dec 07
Cygwin_dll
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6181
Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote authenticated user who uses the SCP protocol to send a file to the Cygwin machine, and thereby causes scp.exe on this machine to execute, and then overwrite heap memory with characters from the filename. NOTE: it is also reported that a related issue might exist in 1.5.7 through 1.5.19.
Sat, 1 Dec 07
Easy Hosting Control Panel
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6178
Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir parameter to (1) dbutil.bck.php and (2) dbutil.php in config/.
Sat, 1 Dec 07
PHP-Con
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6177
PHP remote file inclusion vulnerability in Exchange/include.php in PHP-CON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfg[APPPATH] parameter.
Sat, 1 Dec 07
K+B-Bestellsystem
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6176
kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action.
Sat, 1 Dec 07
Lhaplus
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6175
Buffer overflow in Lhaplus 1.55 and earlier allows remote attackers to execute arbitrary code via a crafted LZH archive, a different vector than CVE-2007-5048.
Sat, 1 Dec 07
PHPDevShell
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6174
PHPDevShell before 0.7.0 allows remote authenticated users to gain privileges via a crafted request to update a user profile. NOTE: some of these details are obtained from third party information.
Sat, 1 Dec 07
Liferay Enterprise Portal
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6173
Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 4.3.1 allows remote attackers to inject arbitrary web script or HTML via the emailAddress parameter in a Send New Password action, a different vector than CVE-2007-6055. NOTE: some of these details are obtained from third party information.
Sat, 1 Dec 07
WpQuiz
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6172
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewimage.php and (2) comments.php.
Sat, 1 Dec 07
BackupExec System Recovery
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4346
The Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allows remote attackers to cause a denial of service (NULL dereference and service crash) via a crafted packet to port 5633/tcp.
Sat, 1 Dec 07
CVE-2007-6193
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6193
The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface.
Sat, 1 Dec 07
NetScaler
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6192
The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack.
Sat, 1 Dec 07
CVE-2007-6191 (p.mapper)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6191
Multiple PHP remote file inclusion vulnerabilities in Armin Burger p.mapper 3.2.0 beta3 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PM_INCPHP] parameter to (1) incphp/globals.php or (2) plugins/export/mc_table.php. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in p.mapper.
Sat, 1 Dec 07
Unified IP Phone
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6190
The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.
Sat, 1 Dec 07
enterprise_linux
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5494
Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP.