Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Bulletin SB07-183 archive

Vulnerability Summary for the Week of June 25, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adam van Dongen -- com_forum
Adam van Dongen -- phpBB component
PHP remote file inclusion vulnerability in download.php in the Adam van Dongen Forum (com_forum) component (aka phpBB component) 1.2.4RC3 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-06-26
7.0CVE-2006-7208
BUGTRAQ
MILW0RM
Ageet -- AGEphone
Buffer overflow in ageet AGEphone before 1.4.0 might allow remote attackers to have an unknown impact via unspecified vectors.
unknown
2007-06-22
10.0CVE-2006-7207
OTHER-REF
Ageet -- AGEphone
Multiple unspecified vulnerabilities in ageet AGEphone before 1.6.3 allow remote attackers to have an unknown impact via malformed SIP packets.
unknown
2007-06-22
10.0CVE-2007-3363
OTHER-REF
Apple -- Mac OS X Server
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
unknown
2007-06-27
7.0CVE-2007-1863
OTHER-REF
OTHER-REF
REDHAT
REDHAT
BID
Apple -- Mac OS X Server
Apple -- Mac OS X
WebKit in Apple Mac OS X 10.3.9, and 10.4.9 and later performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.
unknown
2007-06-25
8.0CVE-2007-2399
OTHER-REF
APPLE
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
Apple -- Safari
Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark.
unknown
2007-06-25
8.0CVE-2007-3376
FULLDISC
B1G -- b1gBB
PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB 2.24 allows remote attackers to execute arbitrary PHP code via a URL in the tfooter parameter.
unknown
2007-06-26
7.0CVE-2007-3401
MILW0RM
BID
bugmall -- Shopping Cart
BugMall Shopping Cart 2.5 and earlier has a default username "demo" and password "demo," which allows remote attackers to obtain login access.
unknown
2007-06-26
7.0CVE-2007-3446
MILW0RM
BID
ClickTech -- ClickGallery
SQL injection vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the image_id parameter.
unknown
2007-06-26
7.0CVE-2007-3411
OTHER-REF
DIA -- DIA
Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspecified attack vectors and impact, probably involving the use of vulnerable FreeType libraries that contain CVE-2007-2754 and/or CVE-2007-1351.
unknown
2007-06-26
7.0CVE-2007-3408
OTHER-REF
FRSIRT
SECUNIA
dreamLog -- dreamLog
Unrestricted file upload vulnerability in upload.php in dreamLog (aka dreamblog) 0.5 allows remote attackers to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile[] parameter.
unknown
2007-06-26
7.0CVE-2007-3403
MILW0RM
eDocStore -- eDocStore
SQL injection vulnerability in essentials/minutes/doc.php in eDocStore allows remote attackers to execute arbitrary SQL commands via the doc_id parameter in an inline action.
unknown
2007-06-26
7.0CVE-2007-3452
MILW0RM
SECUNIA
elkagroup -- Image Gallery
SQL injection vulnerability in property.php in elkagroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
unknown
2007-06-27
7.0CVE-2007-3461
MILW0RM
eNdonesia -- eNdonesia
Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via the (1) artid parameter to mod.php in a viewarticle action (publisher mod) and the (2) bid parameter to banners.php in a click action. NOTE: the mod.php viewdisk and viewlink vectors are already covered by CVE-2006-6873.
unknown
2007-06-26
7.0CVE-2007-3394
BUGTRAQ
BID
EVA-Web -- EVA-Web
Multiple PHP remote file inclusion vulnerabilities in index.php3 in EVA-Web 1.1 through 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) aide or (2) perso parameter.
unknown
2007-06-27
7.0CVE-2007-3460
MILW0RM
GD Graphics Library -- gdlib
Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact.
unknown
2007-06-28
7.0CVE-2007-3474
OTHER-REF
FRSIRT
SECUNIA
KVIrc -- IRC client
The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI.
unknown
2007-06-26
8.0CVE-2007-2951
OTHER-REF
OTHER-REF
SECUNIA
MIT -- Kerberos 5
Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.
unknown
2007-06-26
8.0CVE-2007-2443
OTHER-REF
CERT
CERT-VN
NetArt Media -- Pharmacy System
SQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action.
unknown
2007-06-26
7.0CVE-2007-3433
MILW0RM
BID
NLnet Labs -- Net DNS
Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin.
unknown
2007-06-25
7.0CVE-2007-3377
OTHER-REF
OTHER-REF
OTHER-REF
Pagetool -- Pagetool
SQL injection vulnerability in index.php in pagetool 1.07 allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a pagetool_news action.
unknown
2007-06-26
7.0CVE-2007-3402
MILW0RM
Papoo -- Papoo
SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the selmenuid parameter to certain components.
unknown
2007-06-26
7.0CVE-2007-3453
BUGTRAQ
OTHER-REF
BID
PC Soft -- WinDEV
Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to execute arbitrary code via a long string in the "used DLL" field in a WDP project file.
unknown
2007-06-28
8.0CVE-2007-3479
OTHER-REF
PHPee -- Power Phlogger
SQL injection vulnerability in include/get_userdata.php in Power Phlogger 2.2.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to login.php.
unknown
2007-06-26
7.0CVE-2007-3399
BUGTRAQ
BID
phpRaider -- phpRaider
Multiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 rc8 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) type parameter.
unknown
2007-06-26
7.0CVE-2007-3415
OTHER-REF
Pluxml -- Pluxml
Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename.
unknown
2007-06-26
7.0CVE-2007-3432
MILW0RM
Red Hat -- cluster_suite
Buffer overflow in cluster/cman/daemon/daemon.c in cman (redhat-cluster-suite) before 20070622 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long client messages.
unknown
2007-06-25
7.0CVE-2007-3374
MLIST
OTHER-REF
UBUNTU
SECUNIA
RIM -- Blackberry Enterprise Server
Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a default configuration that permits installation of arbitrary third-party applications on BlackBerry devices, which might facilitate loading of malware.
unknown
2007-06-28
10.0CVE-2007-3483
OTHER-REF
OTHER-REF
RKD Software -- BarCode ActiveX
Stack-based buffer overflow in the BeginPrint method in a certain ActiveX control in RKD Software (barcodetools.com) BarCodeAx.dll 4.9 allows remote attackers to execute arbitrary code via a long argument.
unknown
2007-06-26
8.0CVE-2007-3435
MILW0RM
BID
SECUNIA
Simple Invoices -- Simple Invoices
SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action.
unknown
2007-06-26
7.0CVE-2007-3430
MILW0RM
BID
SofaWare -- Safe@Office 500 UTM
Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password.
unknown
2007-06-27
10.0CVE-2007-3465
BUGTRAQ
OTHER-REF
OTHER-REF
Sun -- Solaris
Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors.
unknown
2007-06-28
7.0CVE-2007-3471
SUNALERT
SECUNIA
Trend Micro -- OfficeScan
Buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via crafted requests.
unknown
2007-06-26
10.0CVE-2007-3454
OTHER-REF
FRSIRT
SECUNIA
Trend Micro -- OfficeScan
cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via crafted HTTP headers, related to "stored decrypted user logon information."
unknown
2007-06-26
10.0CVE-2007-3455
OTHER-REF
FRSIRT
SECUNIA
Web-APP.org -- WebAPP
The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors.
unknown
2007-06-26
7.0CVE-2007-3419
OTHER-REF
OTHER-REF
Web-APP.org -- WebAPP
The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the (1) username, (2) password, (3) usertheme, and (4) userlang cookies for unauthorized users, which has unknown impact and remote attack vectors.
unknown
2007-06-26
7.0CVE-2007-3420
OTHER-REF
OTHER-REF
Web-APP.org -- WebAPP
The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, (5) profile view, (6) gallery view, (7) gallery comment, and (8) gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors.
unknown
2007-06-26
7.0CVE-2007-3421
OTHER-REF
OTHER-REF
Web-APP.org -- WebAPP
The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain (1) non-printing characters, (2) certain printing characters that do not commonly occur in URLs, or (3) invalid URL encoding sequences, which has unknown impact and remote attack vectors.
unknown
2007-06-26
7.0CVE-2007-3422
OTHER-REF
OTHER-REF
Web-APP.org -- WebAPP
cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors.
unknown
2007-06-26
7.0CVE-2007-3423
OTHER-REF
OTHER-REF
Web-APP.org -- WebAPP
The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the tocat parameter as a subdirectory name when moving an instant message, which has unknown impact and remote attack vectors.
unknown
2007-06-26
7.0CVE-2007-3424
OTHER-REF
OTHER-REF
ZoneO-Soft -- phpTrafficA
SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a stats action.
unknown
2007-06-26
7.0CVE-2007-3427
MILW0RM
OTHER-REF
VIM
ZoneO-Soft -- phpTrafficA
Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow remote attackers to have an unknown impact via the file parameter to (1) plotStatBar.php or (2) plotStatPie.php, different vectors than CVE-2007-1076.
unknown
2007-06-26
7.0CVE-2007-3428
OTHER-REF
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
bugmall -- Shopping Cart
SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box."
unknown
2007-06-26
5.6CVE-2007-3447
MILW0RM
OTHER-REF
BID
FRSIRT
CivilTech -- Avax Vector ActiveX
A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method.
unknown
2007-06-27
4.7CVE-2007-3459
BUGTRAQ
MILW0RM
e107 -- e107
Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg.
unknown
2007-06-26
5.6CVE-2007-3429
MILW0RM
Frank Mancuso -- MyNews
SQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie.
unknown
2007-06-26
5.6CVE-2007-2520
BUGTRAQ
OTHER-REF
OSVDB
GD Graphics Library -- gdlib
Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers has unspecified attack vectors and impact.
unknown
2007-06-28
4.8CVE-2007-3472
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
GD Graphics Library -- gdlib
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.
unknown
2007-06-28
5.6CVE-2007-3478
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Gorani Network -- 6ALBlog
SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
unknown
2007-06-26
5.6CVE-2007-3449
MILW0RM
BID
FRSIRT
Gorani Network -- 6ALBlog
SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-06-26
5.6CVE-2007-3450
FRSIRT
Gorani Network -- 6ALBlog
PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog allows remote authenticated administrators to execute arbitrary PHP code via a URL in the pg parameter.
unknown
2007-06-26
4.2CVE-2007-3451
MILW0RM
FRSIRT
Hiki -- Hiki
Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout.
unknown
2007-06-26
4.7CVE-2007-3395
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Lhaca -- File Archiver
Stack-based buffer overflow in Lhaca File Archiver allows user-assisted remote attackers to execute arbitrary code via a crafted LZH archive, as exploited by malware such as Trojan.Lhdropper.
unknown
2007-06-25
5.6CVE-2007-3375
OTHER-REF
BID
MIT -- Kerberos 5
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.
unknown
2007-06-26
5.6CVE-2007-2442
OTHER-REF
CERT-VN
CERT
MIT -- Kerberos 5
Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.
unknown
2007-06-26
4.8CVE-2007-2798
IDEFENSE
CERT
CERT-VN
NCTsoft Products -- NCTAudioEditor2
The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157 allows remote attackers to overwrite arbitrary files via the CreateFile method.
unknown
2007-06-26
5.6CVE-2007-3400
MILW0RM
BID
XF
RealNetworks -- Helix Player
RealNetworks -- RealPlayer
Buffer overflow in the wallclock functionality (SmilTimeValue::parseWallClockValue function) in RealNetworks RealPlayer and HelixPlayer 10.5-GOLD allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via SMIL file containing a long time string.
unknown
2007-06-26
5.6CVE-2007-3410
IDEFENSE
Snom -- Snom 320 Linux
The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to place calls to arbitrary phone numbers via certain requests to the web server on port 1800.
unknown
2007-06-26
4.7CVE-2007-3440
OTHER-REF
SofaWare -- Safe@Office 500 UTM
Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other vectors.
unknown
2007-06-27
6.0CVE-2007-3464
BUGTRAQ
OTHER-REF
OTHER-REF
Valerio Capello -- Dagger - The Cutting Edge
PHP remote file inclusion vulnerability in cal.func.php in Valerio Capello Dagger - The Cutting Edge r23jan2007 allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_lang parameter.
unknown
2007-06-26
5.6CVE-2007-3431
MILW0RM
SECUNIA
Vincent Hor -- Calendarix
Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters to calendar.php and the (3) search string to cal_search.php.
unknown
2007-06-26
5.6CVE-2007-3183
BUGTRAQ
OTHER-REF
OSVDB
Web-APP.org -- WebAPP
The displaypost function in cgi-bin/cgi-lib/forum_display.pl in web-app.org WebAPP before 0.9.9.7 does not display usernames in conjunction with real names, which makes it easier for remote authenticated users to impersonate other users.
unknown
2007-06-26
4.2CVE-2007-3418
OTHER-REF
OTHER-REF
Xythos -- Enterprise Document Manager
Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via (1) a saved Workflow name or (2) the Content-Type HTTP header. NOTE: item 2 also affects the same version numbers of Xythos Digital Locker (XDL). One or both vectors might also affect Xythos WebFile Server.
unknown
2007-06-27
4.2CVE-2007-3255
BUGTRAQ
BID
SECTRACK
SECTRACK
Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83 allows remote attackers to cause a denial of service (blocked call reception) via a malformed SIP invite message, possibly related to multiple format string specifiers in the From field, a spoofed source IP address, and limitations of the function stack frame.
unknown
2007-06-26
1.9CVE-2007-3444
OTHER-REF
OTHER-REF
Aastra Telecom -- 9112i SIP Phone
Format string vulnerability in the Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1.1.0.10 allows remote attackers to cause a denial of service (blocked call reception and slow calling) via format string specifiers in an SDP header value, a different vulnerability than CVE-2007-3349.
unknown
2007-06-26
2.3CVE-2007-3441
OTHER-REF
access2asp -- access2asp
Multiple cross-site scripting (XSS) vulnerabilities in access2asp 4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) od and (2) search parameters to (a) suppliersList.asp and (b) contactsList.asp.
unknown
2007-06-26
1.9CVE-2007-3414
OTHER-REF
AltaVista -- Search Engine
Cross-site scripting (XSS) vulnerability in AltaVista search engine allows remote attackers to inject arbitrary web script or HTML via the text parameter to the default URI.
unknown
2007-06-28
2.3CVE-2007-3486
OTHER-REF
AOL -- Instant Messenger
AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350.
unknown
2007-06-26
3.3CVE-2007-3437
OTHER-REF
Apache -- Apache
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
unknown
2007-06-27
2.3CVE-2006-5752
OTHER-REF
OTHER-REF
REDHAT
REDHAT
REDHAT
BID
Apple -- Safari
Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, and Windows Vista allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.
unknown
2007-06-25
1.9CVE-2007-2400
APPLE
BID
SECTRACK
Apple -- Mac OS X Server
Apple -- Mac OS X
CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, and 10.4.9 and later allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks.
unknown
2007-06-25
2.3CVE-2007-2401
OTHER-REF
OTHER-REF
APPLE
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
Apple -- Safari
Cross-domain vulnerability in Apple Safari allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute.
unknown
2007-06-28
3.3CVE-2007-3482
OTHER-REF
Avahi -- Avahi
The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error.
unknown
2007-06-22
1.6CVE-2007-3372
OTHER-REF
bitego -- bosDataGrid
Multiple cross-site scripting (XSS) vulnerabilities in bosDataGrid 2.50 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GridSearch, (2) gsearch, or (3) ParentID parameter to an unspecified component.
unknown
2007-06-26
1.9CVE-2007-3413
OTHER-REF
bugmall -- Shopping Cart
Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopping Cart 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgs parameter.
unknown
2007-06-26
1.9CVE-2007-3448
MILW0RM
OTHER-REF
BID
FRSIRT
ClickTech -- ClickGallery
Cross-site scripting (XSS) vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter.
unknown
2007-06-26
1.9CVE-2007-3412
OTHER-REF
ekg -- ekg
Memory leak in the image message functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service.
unknown
2007-06-26
2.3CVE-2007-1663
DEBIAN
BID
ekg -- ekg
ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service (NULL pointer dereference) via a vector related to the token OCR functionality.
unknown
2007-06-26
2.3CVE-2007-1664
DEBIAN
BID
ekg -- ekg
Memory leak in the token OCR functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service.
unknown
2007-06-26
2.3CVE-2007-1665
DEBIAN
BID
eTicket -- eTicket
index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages.
unknown
2007-06-28
2.3CVE-2007-2800
FULLDISC
OTHER-REF
OSVDB
GD Graphics Library -- gdlib
The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.
unknown
2007-06-28
3.3CVE-2007-3473
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
GD Graphics Library -- gdlib
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map.
unknown
2007-06-28
3.3CVE-2007-3475
OTHER-REF
OTHER-REF
GD Graphics Library -- gdlib
Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.
unknown
2007-06-28
2.7CVE-2007-3476
OTHER-REF
OTHER-REF
GD Graphics Library -- gdlib
The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.
unknown
2007-06-28
2.0CVE-2007-3477
OTHER-REF
OTHER-REF
OTHER-REF
Google -- Google Custom Search Engine
Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter.
unknown
2007-06-28
2.3CVE-2007-3484
OTHER-REF
IBM -- WebSphere Application Server
The web container in IBM WebSphere Application Server (WAS) before 6.0.2.21, and 6.1.x before 6.1.0.9, sends response data intended for a different request in certain circumstances after a closed connection error, which might allow remote attackers to obtain sensitive information.
unknown
2007-06-26
2.3CVE-2007-3397
OTHER-REF
AIXAPAR
BID
SECUNIA
Key Focus -- KF Web Server
Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) web server 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the opsubmenu parameter.
unknown
2007-06-26
1.9CVE-2007-3396
BUGTRAQ
Lebisoft -- Lebisoft zdefter
Multiple cross-site scripting (XSS) vulnerabilities in defter_yaz.asp in Lebisoft zdefter 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-06-26
1.9CVE-2007-3405
BID
Microsoft -- Windows 2003
Microsoft -- Windows 2000
Microsoft -- Windows XP
Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
unknown
2007-06-27
2.3CVE-2006-7210
MILW0RM
MILW0RM
MILW0RM
OTHER-REF
BID
Microsoft -- Internet Explorer
Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag.
unknown
2007-06-26
1.9CVE-2007-3406
OTHER-REF
BID
Microsoft -- MSN Messenger Service
Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation.
unknown
2007-06-26
2.3CVE-2007-3436
OTHER-REF
Microsoft -- Windows XP
** DISPUTED ** Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) command, to kill arbitrary processes of this other user, as demonstrated by the taskkill program. NOTE: the researcher claims a vendor dispute in which the vendor states that "RunAs and UAC are convenience features, not security boundaries. If you need a security guarantee, please log out and log back in with a different account."
unknown
2007-06-27
1.4CVE-2007-3463
BUGTRAQ
BUGTRAQ
Microsoft -- Internet Explorer
Cross-domain vulnerability in Microsoft Internet Explorer allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute.
unknown
2007-06-28
3.3CVE-2007-3481
OTHER-REF
NetArt Media -- Pharmacy System
index.php in Pharmacy System 2 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the page parameter, which reveals the table prefix in an error message.
unknown
2007-06-26
2.3CVE-2007-3434
MILW0RM
NLnet Labs -- Net DNS
Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.
unknown
2007-06-26
2.3CVE-2007-3409
OTHER-REF
Nortel -- PC Client SIP Soft Phone
The Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to cause a denial of service (device crash) via a SIP message with a malformed header.
unknown
2007-06-22
3.3CVE-2007-3361
OTHER-REF
BID
Nortel -- SIP Soft Phone
Buffer overflow in the SIP header parsing module in the Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to execute arbitrary code via a malformed message, a different vulnerability than CVE-2007-3361.
unknown
2007-06-26
3.3CVE-2007-3438
OTHER-REF
PC Soft -- WinDEV
PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to cause a denial of service (infinite loop and resource consumption) via a malformed WDP project file.
unknown
2007-06-28
2.7CVE-2007-3480
OTHER-REF
Perception -- LiteWeb
LiteWEB 2.7 allows remote attackers to cause a denial of service (hang) via a large number of requests for nonexistent pages.
unknown
2007-06-26
2.3CVE-2007-3398
BUGTRAQ
Red Hat -- Enterprise Linux AS
Red Hat -- Enterprise Linux ES
Red Hat -- Enterprise Linux WS
Red Hat -- Desktop
The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users to cause a denial of service (kernel OOPS from null dereference) via fput in a 32-bit ioctl on 64-bit x86 systems, an incomplete fix of CVE-2005-3044.1.
unknown
2007-06-26
1.0CVE-2007-0773
OTHER-REF
REDHAT
Red Hat -- Enterprise Linux
The sysfs_readdir function in the Linux kernel in Red Hat Enterprise Linux 4.5 allows local users to cause a denial of service (kernel OOPS) by dereferencing a null pointer to an inode in a dentry.
unknown
2007-06-26
1.6CVE-2007-3104
OTHER-REF
REDHAT
Red Hat -- cluster_suite
daemon.c in cman (redhat-cluster-suite) before 20070622 does not clear a buffer for reading requests, which might allow remote attackers to obtain sensitive information from previous requests.
unknown
2007-06-25
2.3CVE-2007-3373
MLIST
Research In Motion Limited -- BlackBerry 7270
Format string vulnerability on the Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 allows remote attackers to cause a denial of service (blocked call reception and calling) via format string specifiers in an SIP INVITE message that lacks a host name in the Contact header.
unknown
2007-06-26
1.1CVE-2007-3442
OTHER-REF
OTHER-REF
Research In Motion Limited -- BlackBerry 7270
The Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 does not properly manage transaction states, which allows remote attackers to cause a denial of service (temporary device hang) by sending a certain SIP INVITE message, but not providing an ACK when the call is answered.
unknown
2007-06-26
1.1CVE-2007-3443
OTHER-REF
OTHER-REF
Sergey Lyubka -- Simple HTTPD
Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to obtain sensitive information (script source code) via a URL with a trailing encoded space (%20).
unknown
2007-06-26
2.3CVE-2007-3407
BUGTRAQ
BID
SiteDepth -- SiteDepth CMS
Directory traversal vulnerability in ShowImage.php in SiteDepth CMS 3.44 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.
unknown
2007-06-26
2.3CVE-2007-3404
MILW0RM
FRSIRT
SJ Labs -- SJPhone
Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351.
unknown
2007-06-26
1.9CVE-2007-3445
OTHER-REF
Snom -- Snom 320 Linux
The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to read a list of missed calls, received calls, and dialed numbers via a direct request to the web server on port 1800.
unknown
2007-06-26
2.3CVE-2007-3439
OTHER-REF
SofaWare -- Safe@Office 500 UTM
Cross-site request forgery (CSRF) vulnerability in Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, allows remote attackers to execute commands as arbitrary users, and disable firewalling of the protected network.
unknown
2007-06-27
3.4CVE-2007-3462
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
Sun -- Solaris
The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors.
unknown
2007-06-27
2.3CVE-2007-3458
SUNALERT
FRSIRT
Sun -- Solaris
Unspecified vulnerability in the TCP Loopback/Fusion implementation in Sun Solaris 10 allows local users to cause a denial of service (resource exhaustion and service hang) via unspecified vectors.
unknown
2007-06-28
2.3CVE-2007-3469
SUNALERT
FRSIRT
SECUNIA
Sun -- Solaris
Multiple unspecified vulnerabilities in the KSSL kernel module in Sun Solaris 10, when configured with the KSSL proxy, allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors related to "memory buffers" of Secure Socket Layer (SSL) records.
unknown
2007-06-28
3.3CVE-2007-3470
SUNALERT
FRSIRT
SECUNIA
Symantec -- Mail Security
libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec Mail Security for SMTP before 5.0.1 Patch 181 and Mail Security Appliance before 5.0.0-36 allows remote attackers to cause a denial of service (crash) via a crafted executable attachment in an e-mail, involving the detection of "PE-Shield v0.2" and "ASPack v1.00-1.08.02".
unknown
2007-06-27
3.3CVE-2007-1792
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
VideoLAN -- VLC Media Player
Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate.
unknown
2007-06-27
3.3CVE-2007-3467
OTHER-REF
VideoLAN -- VLC Media Player
input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used.
unknown
2007-06-27
3.3CVE-2007-3468
OTHER-REF
Vincent Hor -- Calendarix
Multiple cross-site scripting (XSS) vulnerabilities in Calendarix 0.7.20070307, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) month parameters to calendar.php, and the (3) leftfooter parameter to cal_footer.inc.php. NOTE: the ycyear parameter to yearcal.php is already covered by CVE-2006-1835.
unknown
2007-06-26
1.9CVE-2007-3182
BUGTRAQ
OTHER-REF
OSVDB
Vincent Hor -- Calendarix
calendar.php in Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via large values to the (1) year and (2) month parameters, which causes negative values to be passed to the mktime library call, and reveals the installation path in the error message.
unknown
2007-06-27
2.3CVE-2007-3258
BUGTRAQ
FULLDISC
OTHER-REF
OSVDB
XF
Vincent Hor -- Calendarix
Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via (1) an invalid month[] parameter to calendar.php, (2) an invalid catview[] parameter to cal_week.php in a week operation, (3) an invalid ycyear[] parameter to yearcal.php, or (4) a direct request to cal_functions.inc.php, which reveals the installation path in various error messages.
unknown
2007-06-26
2.3CVE-2007-3259
BUGTRAQ
OTHER-REF
OSVDB
Web-APP.org -- WebAPP
Multiple cross-site request forgery (CSRF) vulnerabilities in the administration of (1) polls, (2) profiles, (3) IP bans, and (4) forums in web-app.org WebAPP before 0.9.9.7 allow remote attackers to perform deletions as administrators.
unknown
2007-06-26
2.3CVE-2007-3416
OTHER-REF
OTHER-REF
Web-APP.org -- WebAPP
Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the (1) process_search or (2) show_recent_searches function.
unknown
2007-06-26
1.9CVE-2007-3417
OTHER-REF
OTHER-REF
Wireshark -- Wireshark
Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.
unknown
2007-06-25
2.3CVE-2007-3389
OTHER-REF
OTHER-REF
Wireshark -- Wireshark
Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain systems, allows remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP.
unknown
2007-06-25
2.3CVE-2007-3390
OTHER-REF
OTHER-REF
Wireshark -- Wireshark
Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop.
unknown
2007-06-25
2.3CVE-2007-3391
OTHER-REF
OTHER-REF
Wireshark -- Wireshark
Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop.
unknown
2007-06-25
2.3CVE-2007-3392
OTHER-REF
OTHER-REF
OTHER-REF
Wireshark -- Wireshark
Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets.
unknown
2007-06-25
2.3CVE-2007-3393
OTHER-REF
OTHER-REF
Xythos -- Enterprise Document Manager
Multiple cross-site scripting (XSS) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via (1) a saved Workflow name; (2) a Workflow name, related to deletion of a Workflow template; (3) the Content-Type HTTP header; or (4) the name of an uploaded file. NOTE: items 3 and 4 also affect the same version numbers of Xythos Digital Locker (XDL). Some or all vectors might also affect Xythos WebFile Server.
unknown
2007-06-27
1.4CVE-2007-3254
BUGTRAQ
BID
SECTRACK
SECTRACK
Xythos -- Enterprise Document Manager
Xythos -- WebFile Server
Xythos -- Digital Locker
Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution.
unknown
2007-06-27
1.4CVE-2007-3256
BUGTRAQ
BID
SECTRACK
SECTRACK
Yandex -- Yandex.Server
Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) within parameter to the default URI.
unknown
2007-06-28
2.3CVE-2007-3485
OTHER-REF
OTHER-REF
ZoneO-Soft -- phpTrafficA
Multiple cross-site scripting (XSS) vulnerabilities in phpTrafficA before 1.2beta2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to keywords results in the (1) main, (2) daily, (3) weekly, (4) monthly, (5) new trends, (6) individual page, and (7) search engine statistics.
unknown
2007-06-26
1.9CVE-2006-7209
OTHER-REF
ZoneO-Soft -- phpTrafficA
Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to include arbitrary local files via the lang parameter, a different vector and version than CVE-2007-1076.2.
unknown
2007-06-26
2.3CVE-2007-3425
MILW0RM
OTHER-REF
VIM
ZoneO-Soft -- phpTrafficA
Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
unknown
2007-06-26
1.9CVE-2007-3426
MILW0RM
OTHER-REF
VIM
Back to top



Last updated July 02, 2007