Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | Alcatel-Lucent -- OmniVista
| Multiple cross-site scripting (XSS) vulnerabilities in Alcatel OmniVista 4760 R4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter to php-bin/Webclient.php or (2) the Langue parameter to the default URI. | | 4.3 | CVE-2007-5190 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA
| almico -- SpeedFan
| Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on Microsoft Windows Vista x64, does not properly check a buffer during an IOCTL 0x9c402420 call, which allows local users to cause a denial of service (machine crash) and possibly gain privileges via unspecified vectors. | | 4.9 | CVE-2007-5634 OTHER-REF
| CA -- Host-Based Intrusion Prevention System
| Cross-site scripting (XSS) vulnerability in the Server component in CA Host-Based Intrusion Prevention System (HIPS) before 8.0.0.93 allows remote attackers to inject arbitrary web script or HTML via requests that are written to logs for later display in the log viewer. | | 4.3 | CVE-2007-5472 OTHER-REF FRSIRT SECUNIA
| CandyPress -- CandyPress Store
| Cross-site scripting (XSS) vulnerability in admin/logon.asp in ShoppingTree CandyPress Store 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different vector than CVE-2007-2804. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 4.3 | CVE-2007-5629 OTHER-REF BID
| Creative Digital Resources -- SocketMail
| Cross-site scripting (XSS) vulnerability in lostpwd.php in Creative Digital Resources SocketMail 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the lost_id parameter. | | 4.3 | CVE-2007-5649 OTHER-REF BID
| Hackish -- Hackish
| Cross-site scripting (XSS) vulnerability in shoutbox/blocco.php in Hackish BETA 1.1 allows remote attackers to inject arbitrary web script or HTML via the go_shout parameter. | | 4.3 | CVE-2007-5677 BUGTRAQ BID
| ifnet -- Webif
| Cross-site scripting (XSS) vulnerability in cgi-bin/webif.exe in ifnet WebIf allows remote attackers to inject arbitrary web script or HTML via the cmd parameter. | | 4.3 | CVE-2007-5673 FULLDISC FULLDISC BID SECUNIA
| instaguide -- weather
| Directory traversal vulnerability in index.php in InstaGuide Weather (aka Weather for PHP) 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PageName parameter. | | 6.8 | CVE-2007-5674 MILW0RM BID SECUNIA
| LiteSpeed Technologies -- LiteSpeed Web Server
| LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger use of an arbitrary MIME type for a file via a "%00." sequence followed by a new extension, as demonstrated by reading PHP source code via requests for .php%00.txt files, aka "Mime Type Injection." | | 6.8 | CVE-2007-5654 MILW0RM OTHER-REF
| Mozilla -- Firefox
| Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain sensitive system information by using the addMicrosummaryGenerator sidebar method to access file: URIs. | | 4.3 | CVE-2007-5335 OTHER-REF
| Nagios -- Plugins
| Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies. | | 5.0 | CVE-2007-5623 OTHER-REF
| Nagios -- Nagios
| Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts. | | 4.3 | CVE-2007-5624 OTHER-REF SECUNIA
| Nortel -- Mobile Voice Client Nortel -- Centrex IP Element Manager Nortel -- Business Communications Manager Nortel -- Meridian SL100 Nortel -- Meridian-Core-Option Nortel -- Centrex IP Client Manager
| The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines allow remote attackers to eavesdrop on the physical environment via an Open Audio Stream message that enables "surveillance mode." NOTE: issues relating to a small ID number space can be leveraged to make this attack easier. | | 4.3 | CVE-2007-5637 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA XF
| Nortel -- Mobile Voice Client Nortel -- Centrex IP Element Manager Nortel -- Business Communications Manager Nortel -- Meridian SL100 Nortel -- Meridian-Core-Option Nortel -- Centrex IP Client Manager
| The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines, use only 65536 different values in the 32-bit ID number field of an RUDP datagram, which makes it easier for remote attackers to guess the RUDP ID and spoof messages. NOTE: this can be leveraged for an eavesdropping attack by sending many Open Audio Stream messages. | | 4.3 | CVE-2007-5638 BUGTRAQ OTHER-REF BID SECUNIA XF
| PeopleAggregator -- PeopleAggregator
| Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator 1.2pre6 allow remote attackers to execute arbitrary PHP code via a URL in the current_blockmodule_path parameter to (1) AudiosMediaGalleryModule/AudiosMediaGalleryModule.php, (2) ImagesMediaGalleryModule/ImagesMediaGalleryModule.php, (3) MembersFacewallModule/MembersFacewallModule.php, (4) NewestGroupsModule/NewestGroupsModule.php, (5) UploadMediaModule/UploadMediaModule.php, and (6) VideosMediaGalleryModule/VideosMediaGalleryModule.php in BetaBlockModules/; and (7) the path_prefix parameter to several components. | | 6.8 | CVE-2007-5631 MILW0RM
| PHP-Nuke -- PHP-Nuke Platinum
| PHP remote file inclusion vulnerability in modules/Forums/favorites.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary PHP code via a URL in the nuke_bb_root_path parameter. | | 6.8 | CVE-2007-5676 MILW0RM
| phppm -- PHP Project Management
| Multiple PHP remote file inclusion vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the full_path parameter to (1) certinfo/index.php, (2) emails/index.php, (3) events/index.php, (4) fax/index.php, (5) files/index.php, (6) files/list.php, (7) groupadm/index.php, (8) history/index.php, (9) info/index.php, (10) log/index.php, (11) mail/index.php, (12) messages/index.php, (13) organizations/index.php, (14) phones/index.php, (15) presence/index.php, (16) projects/index.php, (17) projects/summary.inc.php, (18) projects/list.php, (19) reports/index.php, (20) search/index.php, (21) snf/index.php?full_path, (22) syslog/index.php, (23) tasks/searchsimilar.php, (24) tasks/index.php, (25) tasks/summary.inc.php, and (26) useradm/index.php in modules; (27) /ajax/loadsplash.php; (28) /blocks/birthday.php; (29) /blocks/events.php; and (30) /blocks/help.php. | | 6.8 | CVE-2007-5641 MILW0RM
| phppm -- PHP Project Management
| Multiple directory traversal vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the def_lang parameter to modules/files/list.php; the m_path parameter to (2) modules/projects/summary.inc.php or (3) modules/tasks/summary.inc.php; (4) the module parameter to modules/projects/list.php; or the module parameter to index.php in the (5) certinfo, (6) emails, (7) events, (8) fax, (9) files, (10) groupadm, (11) history, (12) info, (13) log, (14) mail, (15) messages, (16) organizations, (17) phones, (18) presence, (19) projects, (20) reports, (21) search, (22) snf, (23) syslog, (24) tasks, or (25) useradm subdirectory of modules/. | | 6.8 | CVE-2007-5642 MILW0RM
| redhat -- enterprise_linux
| Unspecified vulnerability in the stack unwinder fixes in Red Hat Enterprise Linux 5, when running on AMD64 and Intel 64, allows local users to cause a denial of service via unknown vectors. | | 4.7 | CVE-2007-4574 REDHAT
| rnote -- rnote
| Multiple cross-site scripting (XSS) vulnerabilities in rnote.php in rNote 0.9.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) d or the (2) u parameter. | | 4.3 | CVE-2007-5648 OTHER-REF BID
| simongibson -- ASP Site Search SearchSimon Lite
| Cross-site scripting (XSS) vulnerability in filename.asp in ASP Site Search SearchSimon Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter. | | 4.3 | CVE-2007-5625 BUGTRAQ BID SECUNIA
| SocketKB -- SocketKB
| Multiple cross-site scripting (XSS) vulnerabilities in SocketKB 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) art_id or (2) node parameter in an article action to the default URI. | | 4.3 | CVE-2007-5647 OTHER-REF BID SECUNIA
| SocketMail -- SocketMail
| PHP remote file inclusion vulnerability in content/fnc-readmail3.php in SocketMail 2.2.8 allows remote attackers to execute arbitrary PHP code via a URL in the __SOCKETMAIL_ROOT parameter. | | 6.8 | CVE-2007-5627 MILW0RM
| Sun -- Solaris
| Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 through 10 allow local users to cause a denial of service (panic), related to the support for retrieval of kernel statistics, and possibly related to the sfmmu_mlspl_enter or sfmmu_mlist_enter functions. | | 4.9 | CVE-2007-5632 SUNALERT FRSIRT SECTRACK SECUNIA XF
| TOWeLs -- TOWeLS
| PHP remote file inclusion vulnerability in src/scripture.php in TOWeLS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the pageHeaderFile parameter. | | 6.8 | CVE-2007-5628 MILW0RM
|