Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Bulletin SB07-155 archive

Vulnerability Summary for the Week of May 28, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
2z Project -- 2z Project
SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter.
unknown
2007-05-30
7.0CVE-2007-2898
BUGTRAQ
OTHER-REF
FRSIRT
2z Project -- 2z Project
SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the post_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-30
7.0CVE-2007-2905
BUGTRAQ
OTHER-REF
FRSIRT
Apache Software Foundation -- Tomcat JK Web Server Connector
mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directly traversal, a related issue to CVE-2007-0450.
unknown
2007-05-25
7.0CVE-2007-1860
OTHER-REF
OTHER-REF
SECUNIA
Authentium -- Command Antivirus
Multiple buffer overflows in a certain ActiveX control in odapi.dll in Authentium Command Antivirus before 4.93.8 allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-05-31
8.0CVE-2007-2917
CERT-VN
BoastMachine -- BoastMachine
Cross-site scripting (XSS) vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action.
unknown
2007-05-30
10.0CVE-2007-2932
BUGTRAQ
BID
XF
Bochs -- Bochs
Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in emulated NE2000 device in Bochs 2.3 does not prevent TXCNT register values from exceeding the device memory size, which allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system, aka "RX Frame heap overflow."
unknown
2007-05-29
7.0CVE-2007-2893
OTHER-REF
FRSIRT
cpCommerce -- cpCommerce
SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id_category parameter.
unknown
2007-05-29
7.0CVE-2007-2890
MILW0RM
BID
cpCommerce -- cpCommerce
SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id_manufacturer parameter.
unknown
2007-05-31
7.0CVE-2007-2959
BUGTRAQ
BID
David Branco -- OpenBASE
Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the root_prefix parameter to (1) index.php, (2) email_subscribe.php, (3) download.php, or (4) development.php.
unknown
2007-05-30
7.0CVE-2007-2947
MILW0RM
BID
FRSIRT
Dian Gemilang -- DGNews
SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS).
unknown
2007-05-30
7.0CVE-2007-0693
BUGTRAQ
BID
OSVDB
DigiAppz -- DigiRez
Multiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Room_name parameter to room/info_book.asp or the (2) curYear parameter to room/week.asp.
unknown
2007-05-29
10.0CVE-2007-2880
BUGTRAQ
Dokeos -- Open Source Learning & Knowledge Management Tool
SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter.
unknown
2007-05-29
7.0CVE-2007-2889
MILW0RM
BID
XF
Dokeos -- Dokeos
SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter.
unknown
2007-05-30
7.0CVE-2007-2902
MILW0RM
EZB Systems -- UltraISO
Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information.
unknown
2007-05-29
8.0CVE-2007-2888
MILW0RM
BID
SECUNIA
F-Secure -- F-Secure Protection Service
F-Secure -- F-Secure Anti-Virus Linux Server Security
F-Secure -- F-Secure Internet Security
F-Secure -- F-Secure Anti-Virus Linux Client Security
F-Secure -- Internet Gatekeeper
F-Secure -- F-Secure Anti-Virus Client Security
F-secure -- F-Secure Anti-Virus
Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to gain privileges via a crafted I/O request packet (IRP), related to IOCTL (Input/Output Control) and "access validation of the address space."
unknown
2007-05-31
7.0CVE-2007-2965
OTHER-REF
FRSIRT
SECUNIA
F-Secure -- F-Secure Protection Service
F-Secure -- F-Secure Anti-Virus Linux Server Security
F-Secure -- F-Secure Internet Security
F-Secure -- F-Secure Anti-Virus Linux Client Security
F-Secure -- Internet Gatekeeper
F-Secure -- F-Secure Anti-Virus Client Security
F-secure -- F-Secure Anti-Virus
Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, a similar issue to CVE-2006-4335.
unknown
2007-05-31
7.0CVE-2007-2966
OTHER-REF
FRSIRT
SECUNIA
F-Secure -- F-Secure Protection Service
F-Secure -- F-Secure Anti-Virus Linux Server Security
F-Secure -- F-Secure Internet Security
F-Secure -- F-Secure Anti-Virus Linux Client Security
F-Secure -- Internet Gatekeeper
F-Secure -- F-Secure Anti-Virus Client Security
F-secure -- F-Secure Anti-Virus
Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) archives or (2) packed executables.
unknown
2007-05-31
10.0CVE-2007-2967
OTHER-REF
FRSIRT
FileCloset -- FileCloset
Unrestricted file upload vulnerability in FileCloset before 1.1.5 allows remote attackers to upload arbitrary PHP files via unspecified vectors.
unknown
2007-05-31
7.0CVE-2007-2961
OTHER-REF
OTHER-REF
BID
SECUNIA
FirmWorX -- FirmWorX
Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bank_data[root] parameter to modules/bank/includes/design/main.inc.php, or the (2) fm_data[root] parameter to (a) includes/config/master.inc.php or (b) includes/functions/master.inc.php.
unknown
2007-05-29
7.0CVE-2007-2891
MILW0RM
BID
Frequency Clock -- Frequency Clock
Multiple PHP remote file inclusion vulnerabilities in Frequency Clock 0.1b (Beta 0.1) allow remote attackers to execute arbitrary PHP code via a URL in the securelib parameter to (1) conf.php or (2) cp2.php.
unknown
2007-05-30
7.0CVE-2007-2936
MILW0RM
BID
Fundanemt -- Fundanemt
core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dict parameter.
unknown
2007-05-30
7.0CVE-2007-2935
MILW0RM
OTHER-REF
BID
SECUNIA
GNUTurk -- GNUTurk Portal System
Cross-site scripting (XSS) vulnerability in mods.php in GTP GNUTurk Portal System 3G allows remote attackers to inject arbitrary web script or HTML via the month parameter.
unknown
2007-05-29
10.0CVE-2007-2879
BUGTRAQ
BID
Jelsoft -- vBulletin
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-????.
unknown
2007-05-30
10.0CVE-2007-2910
OTHER-REF
LEAD Technologies -- LeadTools Raster Dialog File Object
Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 in LeadTools Raster Dialog File Object allows remote attackers to execute arbitrary code via a long Directory property value.
unknown
2007-05-29
10.0CVE-2007-2895
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
LEAD Technologies -- LeadTools Raster Dialog File Object
Buffer overflow in a certain ActiveX control in LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long DestinationPath property value.
unknown
2007-05-30
10.0CVE-2007-2946
MILW0RM
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
Macrovision -- Update Service
Macrovision -- FLEXnet Connect
The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via the Execute method.
unknown
2007-05-31
8.0CVE-2007-0328
CERT-VN
OTHER-REF
Michael Brandon -- vBGSiteMap
Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php.
unknown
2007-05-30
7.0CVE-2007-2941
MILW0RM
BID
Microsoft -- Visual Basic
Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field.
unknown
2007-05-29
8.0CVE-2007-2884
MILW0RM
MILW0RM
BID
BID
XF
XF
Microsoft -- IIS
Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests.
unknown
2007-05-30
7.0CVE-2007-2897
FULLDISC
FULLDISC
XF
Microsoft -- Internet Explorer
Honeywell -- Ademco ATNBaseLoader100 Module
Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods.
unknown
2007-05-30
10.0CVE-2007-2938
MILW0RM
BID
FRSIRT
SECUNIA
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird
Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption.
unknown
2007-05-31
7.0CVE-2007-2868
OTHER-REF
my little homepage -- my little forum
SQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-05-30
7.0CVE-2007-2942
MILW0RM
BID
FRSIRT
SECUNIA
Navboard -- Navboard
Direct static code injection vulnerability in admin_config.php in NavBoard 2.6.0 allows remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action.
unknown
2007-05-30
7.0CVE-2007-2899
MILW0RM
BID
Phil-a-Form -- Phil-a-Form
SQL injection vulnerability in index.php in the Phil-a-Form (com_philaform) 1.2.0.0 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the form_id parameter.
unknown
2007-05-30
7.0CVE-2007-2933
MILW0RM
PHPEcho CMS -- PHPEcho CMS
Multiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters. NOTE: some of these details are obtained from third party information.
unknown
2007-05-25
7.0CVE-2007-2866
OTHER-REF
FRSIRT
phpPgAdmin -- phpPgAdmin
Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.
unknown
2007-05-25
8.0CVE-2007-2865
FULLDISC
BID
XF
Scallywag.org -- Scallywag
Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin_name parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/, a different vector than CVE-2007-2900. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-31
7.0CVE-2007-2960
FRSIRT
Sun -- Java Web Proxy Server
Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation.
unknown
2007-05-29
10.0CVE-2007-2881
IDEFENSE
SUNALERT
Tcl_Tk -- Tcl_Tk
Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths.
unknown
2007-05-29
7.0CVE-2007-2877
OTHER-REF
OTHER-REF
SECUNIA
TROforum -- TROforum
PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_url parameter.
unknown
2007-05-30
7.0CVE-2007-2937
MILW0RM
BID
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Quicktime
Unspecified vulnerability in Apple QuickTime for Java 7.1.6 on Mac OS X and Windows allows remote attackers to execute arbitrary code via unknown vectors related to Java applets.
unknown
2007-05-29
5.6CVE-2007-2388
APPLE
Credant -- Credant Mobile Guardian Shield - Windows
Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier stores account names and passwords in plaintext in memory, which allows local users to obtain sensitive information by (1) reading the paging file or (2) dumping and searching the memory image. NOTE: This issue crosses privilege boundaries because the product is intended to protect the data on a stolen computer.
unknown
2007-05-29
4.9CVE-2007-2883
BUGTRAQ
BID
FlaP -- FlaP
Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 Beta) allow remote attackers to execute arbitrary PHP code via a URL in the pachtofile parameter to (1) skin/html/table.php or (2) login.php.
unknown
2007-05-30
5.6CVE-2007-2940
MILW0RM
BID
FRSIRT
GForge -- GForge
plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO.
unknown
2007-05-29
5.6CVE-2007-0246
OTHER-REF
DEBIAN
BID
FRSIRT
SECUNIA
SECUNIA
Jelsoft -- vBulletin
Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update.
unknown
2007-05-30
6.0CVE-2007-2909
OTHER-REF
Jelsoft -- vBulletin
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573.
unknown
2007-05-30
4.8CVE-2007-2911
OTHER-REF
Logitech -- VideoCall
Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors.
unknown
2007-05-31
5.6CVE-2007-2918
CERT-VN
BID
Mazens PHP Chat -- Mazens PHP Chat
Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat 3.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the basepath parameter to (1) ITX.php, (2) IT_Error.php, or (3) IT.php in include/pear/.
unknown
2007-05-30
5.6CVE-2007-2939
MILW0RM
BID
FRSIRT
Scallywag.org -- Scallywag
Multiple PHP remote file inclusion vulnerabilities in Scallywag allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/.
unknown
2007-05-30
5.6CVE-2007-2900
MILW0RM
SSL-Explorer -- SSL-Explorer
Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote authenticated users to enter redirect URLs containing (1) JavaScript or (2) HTTP headers, which has unknown impact, possibly resulting in cross-site scripting (XSS) or HTTP request smuggling.
unknown
2007-05-30
6.0CVE-2007-2907
OTHER-REF
Symantec -- Enterprise Security Manager
Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports.
unknown
2007-05-29
5.6CVE-2007-2896
OTHER-REF
OTHER-REF
BID
SECUNIA
Webavis -- Webavis
PHP remote file inclusion vulnerability in class/class.php in Webavis 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
unknown
2007-05-30
5.6CVE-2007-2943
MILW0RM
FRSIRT
Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Quicktime
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets.
unknown
2007-05-29
2.7CVE-2007-2389
APPLE
ASP-Nuke -- ASP-Nuke
Cross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-29
1.9CVE-2007-2892
OTHER-REF
BID
Bochs -- Bochs
The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error.
unknown
2007-05-29
1.6CVE-2007-2894
OTHER-REF
FRSIRT
ClonusWiki -- ClonusWiki
Cross-site scripting (XSS) vulnerability in index.php in ClonusWiki .5 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
unknown
2007-05-30
1.9CVE-2007-2913
BUGTRAQ
DGNews -- DGNews
DGNews 2.1 allows remote attackers to obtain sensitive information via a fullnews request to news.php with an invalid newsid parameter, and other unspecified vectors, which reveal the path in various error messages.
unknown
2007-05-30
2.3CVE-2007-0692
BUGTRAQ
OSVDB
Dian Gemilang -- DGNews
Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 allows remote attackers to inject arbitrary web script or HTML via the copyright parameter.
unknown
2007-05-30
1.9CVE-2007-0694
BUGTRAQ
BID
OSVDB
Dokeos -- Dokeos
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors.
unknown
2007-05-30
1.9CVE-2007-2901
MILW0RM
F-Secure -- Policy Manager
The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs.
unknown
2007-05-31
2.3CVE-2007-2964
OTHER-REF
FRSIRT
SECUNIA
Forsnet -- Web Icerik Yonetim Sistemi
Cross-site scripting (XSS) vulnerability in index.php in Web Icerik Yonetim Sistemi (WIYS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the No parameter in the Sayfa page.
unknown
2007-05-29
1.9CVE-2007-2887
BUGTRAQ
GMTT -- Music Distro
Cross-site scripting (XSS) vulnerability in showown.php in GMTT Music Distro 1.2 allows remote attackers to inject arbitrary web script or HTML via the st parameter.
unknown
2007-05-30
1.9CVE-2007-2916
BUGTRAQ
Invision Power Services -- Invision Power Board
Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources.
unknown
2007-05-31
1.9CVE-2007-2963
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Jelsoft -- vBulletin
Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action.
unknown
2007-05-30
1.9CVE-2007-2908
BUGTRAQ
BID
SECUNIA
Jelsoft -- vBulletin
Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user.
unknown
2007-05-30
2.3CVE-2007-2912
OTHER-REF
Linux -- Kernel
Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES in the Linux kernel before 2.6.21.3 allows attackers to obtain sensitive information via unspecified vectors.
unknown
2007-05-29
2.3CVE-2007-2451
OTHER-REF
OTHER-REF
SECUNIA
Linux -- Kernel
The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors.
unknown
2007-05-29
2.3CVE-2007-2878
OTHER-REF
BID
Microsoft -- Visual Database Tools Database Designer
The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in VDT70.DLL in Microsoft Visual Database Tools (MSVDT) Database Designer 7.0 allows remote attackers to cause a denial of service (Internet Explorer 6 crash) via a long argument.
unknown
2007-05-29
1.9CVE-2007-2885
OTHER-REF
BID
Microsoft -- Office
Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
unknown
2007-05-30
2.3CVE-2007-2903
OTHER-REF
OTHER-REF
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."
unknown
2007-05-31
3.3CVE-2007-1362
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird
Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues.
unknown
2007-05-31
3.3CVE-2007-2867
OTHER-REF
Mozilla -- Firefox
The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form.
unknown
2007-05-31
2.3CVE-2007-2869
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site.
unknown
2007-05-31
1.9CVE-2007-2870
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks.
unknown
2007-05-31
1.9CVE-2007-2871
OTHER-REF
myEvent -- myEvent
myEvent 1.6 allows remote attackers to obtain sensitive information via (1) a Log In action without a password to login.php, or an invalid (2) view[] or (3) monthno[] parameter to myevent.php, which reveals the path in various error messages.
unknown
2007-05-30
2.3CVE-2007-0690
BUGTRAQ
OSVDB
Nortel -- Communications Server
Unspecified vulnerability in the Nortel CS 1000 M media card in Enterprise VoIP-Core-CS 1000E, 1000M, and 1000S 04.50W before 20070523 in Meridian/CS 1000 allows remote attackers to cause a denial of service (card hang) via unspecified vectors.
unknown
2007-05-29
2.3CVE-2007-2886
OTHER-REF
OTHER-REF
BID
FRSIRT
XF
Particle Soft -- Particle Gallery
Cross-site scripting (XSS) vulnerability in search.php in Particle Gallery 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the order parameter.
unknown
2007-05-31
1.9CVE-2007-2962
BUGTRAQ
PsychoStats -- PsychoStats
Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) awards.php, (2) login.php, (3) register.php, (4) weapons.php, and possibly other unspecified files.
unknown
2007-05-30
1.9CVE-2007-2914
BUGTRAQ
RM EasyMail -- RM EasyMail Plus
Cross-site scripting (XSS) vulnerability in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the title field in an email.
unknown
2007-05-30
1.9CVE-2007-2915
BUGTRAQ
RMForum -- RMForum
RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb.
unknown
2007-05-30
2.3CVE-2007-2945
BUGTRAQ
SECUNIA
Sun -- Solaris
Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets.
unknown
2007-05-29
2.3CVE-2007-2882
SUNALERT
BID
FRSIRT
SECUNIA
Sun -- Java System Messaging Server
Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653.
unknown
2007-05-30
1.9CVE-2007-2904
SUNALERT
Sun -- Java Embedding Plugin
Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a denial of service (browser crash) via a Thread subclass that calls super.run from its run method.
unknown
2007-05-30
2.3CVE-2007-2906
OTHER-REF
WabCMS -- WabCMS
WabCMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/wabcmsn.mdb. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-30
2.3CVE-2007-2944
SECUNIA
Windy Road -- Vistered Little
Directory traversal vulnerability in skins/common.css.php in Vistered Little 1.6a allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter.
unknown
2007-05-30
3.3CVE-2007-2934
MILW0RM
VIM
BID
Back to top



Last updated June 04, 2007