Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Bulletin SB07-149 archive

Vulnerability Summary for the Week of May 21, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
AlstraSoft -- Live Support
AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php.
unknown
2007-05-21
10.0CVE-2007-2775
MILW0RM
AlstraSoft -- Template Seller
AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php.
unknown
2007-05-21
10.0CVE-2007-2776
MILW0RM
AlstraSoft -- Template Seller
Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/.
unknown
2007-05-21
7.0CVE-2007-2777
MILW0RM
AlstraSoft -- E-Friends
SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php.
unknown
2007-05-22
10.0CVE-2007-2824
MILW0RM
BID
com_yanc -- com_yanc
SQL injection vulnerability in index.php in the com_yanc 1.4 beta Add-on for Mambo allows remote attackers to execute arbitrary SQL commands via the listid parameter.
unknown
2007-05-21
7.0CVE-2007-2792
MILW0RM
BID
eSyndicat -- eSyndiCat Pro
manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to create additional administrative accounts, and have other unspecified impact, via modified username, new_pass, new_pass2, status, super, and certain other parameters in an add action.
unknown
2007-05-21
10.0CVE-2007-2785
BUGTRAQ
file -- file
Integer overflow in the "file" program 4.20, when running on 32-bit systems, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.
unknown
2007-05-23
8.0CVE-2007-2799
OTHER-REF
Gazi Download Portal -- Gazi Download Portal
SQL injection vulnerability in down_indir.asp in Gazi Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-22
10.0CVE-2007-2810
BID
SECUNIA
Geeklog -- Geeklog
PHP remote file inclusion vulnerability in ImageImageMagick.php in Geeklog 2.x allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_system] parameter.
unknown
2007-05-21
7.0CVE-2007-2793
MILW0RM
BID
HP -- Tru64 UNIX
Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows remote attackers to identify valid users via unspecified vectors, probably related to timing attacks and AuthInteractiveFailureRandomTimeout.
unknown
2007-05-21
10.0CVE-2007-2791
HP
BID
FRSIRT
SECTRACK
SECUNIA
Jetbox -- Jetbox CMS
Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter.
unknown
2007-05-21
7.0CVE-2007-2685
FULLDISC
OTHER-REF
OSVDB
KSign -- KSignSWAT
Multiple stack-based buffer overflows in the KSign KSignSWAT ActiveX Control (AxKSignSWAT.dll) 2.0.3.3 allow remote attackers to execute arbitrary code via long arguments to the (1) SWAT_Init, (2) SWAT_InitEx, (3) SWAT_InitEx2, (4) SWAT_InitEx3, and (5) SWAT_Login functions.
unknown
2007-05-22
7.0CVE-2007-2820
FULLDISC
FRSIRT
SECUNIA
LEAD Technologies -- LeadTools JPEG 2000
Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG 2000 LEADJ2K.LEADJ2K.140 ActiveX control (LTJ2K14.ocx) 14.5.0.35 allows remote attackers to execute arbitrary code via a long BitmapDataPath property.
unknown
2007-05-21
8.0CVE-2007-2771
OTHER-REF
OTHER-REF
CERT-VN
SECUNIA
LEAD Technologies -- LeadTools Raster Thumbnail Object Library
Stack-based buffer overflow in the BrowseDir function in the (1) lttmb14E.ocx or (2) LTRTM14e.DLL ActiveX control in LeadTools Raster Thumbnail Object Library 14.5.0.44 allows remote attackers to execute arbitrary code via a long argument.
unknown
2007-05-21
7.0CVE-2007-2787
MILW0RM
MILW0RM
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
LEAD Technologies -- LeadTools ISIS ActiveX Control
Heap-based buffer overflow in LEAD Technologies LEADTOOLS ISIS ActiveX Control (ltisi14E.ocx) 14.5.0.44 and earlier allows remote attackers to execute arbitrary code via a long DriverName propery.
unknown
2007-05-22
8.0CVE-2007-2827
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Libstats -- Libstats
PHP remote file inclusion vulnerability in template_csv.php in Libstats 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rInfo[content] parameter.
unknown
2007-05-21
7.0CVE-2007-2779
MILW0RM
BID
Madirish Webmail -- Madirish Webmail
PHP remote file inclusion vulnerability in lib/addressbook.php in Madirish Webmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-22
7.0CVE-2007-2826
BID
MADWifi -- MADWifi
Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allow local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value.
unknown
2007-05-23
10.0CVE-2007-2831
OTHER-REF
OTHER-REF
Microsoft -- IIS
The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Server (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw.
unknown
2007-05-22
10.0CVE-2007-2815
BUGTRAQ
MSKB
MicroWorld Technologies -- eScan
Stack-based buffer overflow in the MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan before 9.0.718.1 allows remote attackers to execute arbitrary code via a long command.
unknown
2007-05-23
10.0CVE-2007-2687
OTHER-REF
FRSIRT
SECUNIA
Ol' Bookmarks -- Ol' Bookmarks
Multiple PHP remote file inclusion vulnerabilities in ol'bookmarks 0.7.4 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) test1.php, (2) blackorange.php, (3) default.php, (4) frames1.php, (5) frames1_top.php, (6) test1.php, (7) test2.php, (8) test3.php, (9) test4.php, (10) test5.php, (11) test6.php, (12) frames1_left.php, and (13) frames1_center.php in themes/.
unknown
2007-05-22
7.0CVE-2007-2816
MILW0RM
VIM
BID
FRSIRT
Ol' Bookmarks -- Ol' Bookmarks
SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-05-22
7.0CVE-2007-2817
MILW0RM
BID
OPeNDAP -- Hyrax
OPeNDAP -- BES
BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly handle compressed files, which allows remote attackers to upload arbitrary files or execute arbitrary commands via a crafted compressed file.
unknown
2007-05-21
7.0CVE-2007-2769
OTHER-REF
CERT-VN
BID
Opera Software -- Opera Web Browser
Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274.
unknown
2007-05-22
8.0CVE-2007-2809
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Packeteer -- PacketShaper
Packeteer PacketShaper uses fixed increments in TCP initial sequence number (ISN) values, which allows remote attackers to predict the ISN value, and perform session hijacking or disruption.
unknown
2007-05-21
7.0CVE-2007-2782
BUGTRAQ
BID
Pegasus -- ImagN' ActiveX Control
Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX control (IMW32O40.OCX) 4.00.041 allow remote attackers to execute arbitrary code via (1) a long FileName parameter, or unspecified vectors involving the (2) BeginReport, (3) CreatePictureExA, (4) DefineImage, (5) DefineImageEx, (6) DefineImageFox, (7) CopyBufToClipExA, (8) LoadEx, (9) LoadFox, and other functions.
unknown
2007-05-22
7.0CVE-2007-2814
OTHER-REF
BID
FRSIRT
SECUNIA
Qualcomm -- Eudora
Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote SMTP servers to execute arbitrary code via a long SMTP reply. NOTE: the user must click through a warning about a possible buffer overflow exploit to trigger this issue.
unknown
2007-05-21
8.0CVE-2007-2770
MILW0RM
SECUNIA
XF
Rational Software -- Hidden Administrator
Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 and earlier allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors. NOTE: this issue has no actionable information, and perhaps should not be included in CVE.
unknown
2007-05-21
10.0CVE-2007-2783
BUGTRAQ
BID
Sun -- JDK
Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03, and 1.6.x before 1.6.0_01-b06, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file.
unknown
2007-05-21
8.0CVE-2007-2788
OTHER-REF
BID
FRSIRT
SECUNIA
XF
SunLight CMS -- SunLight CMS
Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) _connect.php or (2) modules/startup.php.
unknown
2007-05-21
7.0CVE-2007-2774
MILW0RM
BID
Vizayn Urun -- Tanitim Sitesi
SQL injection vulnerability in default.asp in Vizayn Urun Tanitim Sitesi 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a haberdetay action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-22
7.0CVE-2007-2803
SECUNIA
VP-ASP -- VP-ASP Shopping Cart
Cross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP Shopping Cart 6.50, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the type parameter.
unknown
2007-05-21
7.0CVE-2007-2790
BUGTRAQ
Wavelink Media -- TutorialCMS
TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php.
unknown
2007-05-22
8.0CVE-2007-2822
MILW0RM
OTHER-REF
FRSIRT
SECUNIA
WikyBlog -- WikyBlog
Cross-site scripting (XSS) vulnerability in include/sessionRegister.php in WikyBlog before 1.4.13 allows remote attackers to inject arbitrary web script or HTML, probably via vectors related to a certain data2 array element.
unknown
2007-05-21
7.0CVE-2007-2781
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
WordPress -- WordPress
SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter.
unknown
2007-05-22
8.0CVE-2007-2821
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Zomplog -- Zomplog
SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in Zomplog 3.8 and earlier allows remote attackers to execute arbitrary SQL commands via the speler parameter.
unknown
2007-05-21
7.0CVE-2007-2773
MILW0RM
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Eggheads -- Eggdrop IRC bot
Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, remote IRC servers to execute arbitrary code via a long private message.
unknown
2007-05-22
5.6CVE-2007-2807
OTHER-REF
SECUNIA
HT Editor -- HT Editor
Multiple buffer overflows in HT Editor before 2.0.6 might allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the editor display width. NOTE: some of the details were obtained from third party information.
unknown
2007-05-22
5.6CVE-2007-2823
OTHER-REF
BID
SECUNIA
PHP Group -- PEAR
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.
2007-05-06
2007-05-22
5.6CVE-2007-2519
OTHER-REF
Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
@Mail -- @Mail Webmail
Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in @Mail 5.02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) links and (2) images.
unknown
2007-05-22
2.3CVE-2007-2825
OTHER-REF
XF
Apache Software Foundation -- Tomcat
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.
unknown
2007-05-21
1.9CVE-2007-1355
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
CactuSoft -- Parodia
Cross-site scripting (XSS) vulnerability in cand_login.asp in CactuSoft Parodia 6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the strJobIDs parameter.
unknown
2007-05-22
2.3CVE-2007-2818
OTHER-REF
BID
XF
CandyPress -- CandyPress Store
Multiple cross-site scripting (XSS) vulnerabilities in scripts/prodList.asp in CandyPress Store 3.5.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) brand and (2) Msg parameters.
unknown
2007-05-22
1.9CVE-2007-2804
OTHER-REF
FRSIRT
SECUNIA
Cisco -- IOS Transmission Control Protocol
Cisco IOS 12.4 and earlier, when using the crypto packages and SSL support is enabled, allows remote attackers to cause a denial of service via a malformed (1) ClientHello, (2) ChangeCipherSpec, or (3) Finished message during an SSL session.
unknown
2007-05-22
3.3CVE-2007-2813
CISCO
Cisco -- Call Manager
Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.
unknown
2007-05-23
1.9CVE-2007-2832
FULLDISC
OTHER-REF
CISCO
FRSIRT
SECUNIA
Clientexec -- Clientexec
Multiple cross-site scripting (XSS) vulnerabilities in index.php in ClientExec (CE) 3.0 beta2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) ticketID, (2) view, and (3) fuse parameters.
unknown
2007-05-22
1.9CVE-2007-2805
OTHER-REF
BID
XF
Computer Associates -- BrightStor ARCserve Backup
(1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet.
unknown
2007-05-21
3.3CVE-2007-2772
BUGTRAQ
MILW0RM
MILW0RM
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
XF
XF
GaliX -- GaliX
Multiple cross-site scripting (XSS) vulnerabilities in index.php in GaliX 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) galix_cat_detail, (2) galix_gal_detail, and (3) galix_cat_detail_sort parameters.
unknown
2007-05-22
3.7CVE-2007-2806
OTHER-REF
BID
SECUNIA
Globus -- Globus Toolkit
Unspecified vulnerability in globus-job-manager in Globus Toolkit 4.1.1 and earlier (globus_nexus-6.6 and earlier) allows remote attackers to cause a denial of service (resource exhaustion and system crash) via certain requests to temporary TCP ports for a GRAM2 job or its MPICH-G2 applications.
unknown
2007-05-21
3.3CVE-2007-2784
MLIST
OTHER-REF
OTHER-REF
BID
SECUNIA
HLstats -- HLstats
Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.35, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the action parameter.
unknown
2007-05-22
2.3CVE-2007-2812
BUGTRAQ
BUGTRAQ
BID
FRSIRT
SECUNIA
ircd-ratbox -- ircd-ratbox
Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows remote attackers to cause a denial of service (resource exhaustion) by making many requests from a single client.
unknown
2007-05-21
2.3CVE-2007-2786
MLIST
OPENPKG
BID
SECUNIA
XF
Jetbox -- Jetbox CMS
Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (2) a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or (3) the id[] parameter to admin/cms/opentree.php, which reveals the installation path in the resulting error message.
unknown
2007-05-21
2.3CVE-2007-2684
FULLDISC
OTHER-REF
OSVDB
Jetbox -- Jetbox CMS
Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in a sendpwd task.
unknown
2007-05-22
1.9CVE-2007-2686
FULLDISC
OTHER-REF
OSVDB
JohnTP -- AdSense-Deluxe
Cross-site request forgery (CSRF) vulnerability in adsense-deluxe.php in the AdSense-Deluxe 0.x plugin for WordPress allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors.
unknown
2007-05-22
3.4CVE-2007-2828
OTHER-REF
SECUNIA
MADWifi -- MADWifi
The 802.11 network stack in net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference.
unknown
2007-05-23
2.3CVE-2007-2829
OTHER-REF
OTHER-REF
MADWifi -- MADWifi
The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error.
unknown
2007-05-23
2.3CVE-2007-2830
OTHER-REF
OTHER-REF
MolyX -- MolyX Board
Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to index.php and other unspecified PHP scripts.
unknown
2007-05-21
3.3CVE-2007-2778
MILW0RM
BID
OpenBSD -- OpenSSH
OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
unknown
2007-05-21
1.9CVE-2007-2768
FULLDISC
OSVDB
OPeNDAP -- Hyrax
OPeNDAP -- BES
Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 allows remote attackers to list filesystem contents and obtain sensitive information via unknown vectors.
unknown
2007-05-21
3.3CVE-2007-2767
OTHER-REF
CERT-VN
BID
OSK -- Advance-Flow
Cross-site scripting (XSS) vulnerability in OSK Advance-Flow 4.41 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-05-22
2.3CVE-2007-2811
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
PHP -- PHP
The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents.
unknown
2007-05-22
1.6CVE-2006-7204
OTHER-REF
OTHER-REF
OSVDB
SECUNIA
PHP Group -- PHP
The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value.
unknown
2007-05-23
2.3CVE-2006-7205
OTHER-REF
OSVDB
SECTRACK
PsychoStats -- PsychoStats
PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensitive information via a request for server.php with a missing or invalid newtheme parameter, which reveals a path in an error message.
unknown
2007-05-21
3.3CVE-2007-2780
FULLDISC
FULLDISC
BID
RM -- RM EasyMail Plus
Cross-site scripting (XSS) vulnerability in cp/ps/Main/login/Login in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the d parameter.
unknown
2007-05-22
1.9CVE-2007-2802
OTHER-REF
SECUNIA
RSA -- BSAFE Cert-C
RSA -- BSAFE Crypto-C
The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects.
unknown
2007-05-22
2.3CVE-2006-3894
OTHER-REF
CISCO
CERT-VN
Sun -- JDK
The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03, and 1.6.x before 1.6.0_01-b06, on Unix/Linux systems, allows remote attackers to trigger the opening of arbitrary local files via a crafted BMP file, which causes a denial of service (system hang) in certain cases such as /dev/tty, and has other unspecified impact.
unknown
2007-05-21
2.7CVE-2007-2789
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Track+ -- Track+
Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the projId parameter.
unknown
2007-05-22
2.3CVE-2007-2819
OTHER-REF
BID
XF
Yngve Svendsen -- Gnatsweb
GNU -- GNATS
Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter.
unknown
2007-05-22
1.9CVE-2007-2808
OTHER-REF
FRSIRT
SECUNIA
Back to top



Last updated May 29, 2007