Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Bulletin SB07-169 archive

Vulnerability Summary for the Week of June 11, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
American Financing -- Link Request Contact Form
Unrestricted file upload vulnerability in Link Request Contact Form 3.4 allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content type, as demonstrated by image/jpeg.
unknown
2007-06-12
7.0CVE-2007-3199
MILW0RM
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Apple -- Safari
Apple Safari for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demoonstrated using a gopher URI.
unknown
2007-06-12
8.0CVE-2007-3186
BUGTRAQ
FULLDISC
OTHER-REF
BID
XF
Apple -- Safari
Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original disclosure has no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
unknown
2007-06-12
7.0CVE-2007-3187
OTHER-REF
Cellosoft -- Cellosoft Tokens Object
Stack-based buffer overflow in nptoken.mox in the Cellosoft Tokens Object 2.0.0.6 extension for Vitalize! allows remote attackers to execute arbitrary code via a long string argument to the RemoveChr method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-06-14
8.0CVE-2007-3210
BID
SECUNIA
Cisco -- Trust Agent
Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation.
unknown
2007-06-12
7.0CVE-2007-3184
BUGTRAQ
CISCO
BID
XF
Computer Associates -- BrightStor ARCserve Backup for Laptops & Desktops
Multiple unspecified vulnerabilities in the server component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via unknown attack vectors. NOTE: this information is based upon a vague pre-advisory. It is possible that this will be SPLIT when more details are released.
unknown
2007-06-14
10.0CVE-2007-3216
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Daniel Stenberg -- c-ares
c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value.
unknown
2007-06-11
7.0CVE-2007-3152
OTHER-REF
BID
SECUNIA
EDraw -- Office Viewer Component
A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20 allows remote attackers to delete arbitrary files via the DeleteLocalFile method.
unknown
2007-06-11
8.0CVE-2007-3168
MILW0RM
OTHER-REF
BID
FRSIRT
SECUNIA
XF
eGroupWare -- eGroupWare
Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors.
unknown
2007-06-11
7.0CVE-2007-3154
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
eGroupWare -- eGroupWare
Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier.
unknown
2007-06-11
7.0CVE-2007-3155
OTHER-REF
OTHER-REF
BID
SECUNIA
Firebird -- Firebird
BakBone -- NetVault
Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll."
unknown
2007-06-12
7.0CVE-2007-3181
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
GeometriX Download Portal -- GeometriX Download Portal
SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-06-12
7.0CVE-2007-3188
MILW0RM
BID
SECUNIA
Google -- Google Desktop
Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results stored on your computer" portion of the search results, and when clicked invokes Google Desktop to execute this file.
unknown
2007-06-11
8.0CVE-2007-3150
OTHER-REF
OTHER-REF
Jelsoft -- vBSupport Integrated Ticket System
SQL injection vulnerability in vBSupport.php in vSupport Integrated Ticket System 3.x.x allows remote attackers to execute arbitrary SQL commands via the ticketid parameter in a showticket action.
unknown
2007-06-12
7.0CVE-2007-3196
BUGTRAQ
BID
XF
Jelsoft -- vBSupport Integrated Ticket System
SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before 1.1a allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2007-06-12
7.0CVE-2007-3197
OTHER-REF
JFFNMS -- JFFNMS
SQL injection vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.4-pre2 allows remote attackers to execute arbitrary SQL commands via the pass parameter. NOTE: this issue reportedly exists because of an initial incomplete fix for CVE-2007-3190. The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-06-12
7.0CVE-2007-3204
SECUNIA
libexif -- libexif
Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow.
unknown
2007-06-14
7.0CVE-2006-4168
IDEFENSE
OTHER-REF
FRSIRT
SECUNIA
Microsoft -- Internet Explorer
Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption.
unknown
2007-06-12
8.0CVE-2007-0218
MS
Microsoft -- Visio
Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
unknown
2007-06-12
8.0CVE-2007-0934
MS
Microsoft -- Visio
Microsoft -- Office
Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
unknown
2007-06-12
8.0CVE-2007-0936
MS
Microsoft -- Internet Explorer
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption.
unknown
2007-06-12
8.0CVE-2007-1750
MS
Microsoft -- Internet Explorer
Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, aka "Uninitialized Memory Corruption Vulnerability."
unknown
2007-06-12
8.0CVE-2007-1751
MS
Microsoft -- Internet Explorer
Microsoft Internet Explorer 7 allows remote attackers to spoof web site content and execute arbitrary code via script that modifies the Navigation Cancel page, aka " Navigation Cancel Page Spoofing Vulnerability." NOTE: this issue might be a duplicate of CVE-2007-1499; if so, then this CVE will be REJECTED.
unknown
2007-06-12
8.0CVE-2007-1752
MS
Microsoft -- Windows 2003
Microsoft -- Windows 2000
Microsoft -- Windows XP
Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
unknown
2007-06-12
8.0CVE-2007-2218
MS
Microsoft -- Windows 2003
Microsoft -- Windows 2000
Microsoft -- Windows XP
Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
unknown
2007-06-12
8.0CVE-2007-2219
MS
Microsoft -- Internet Explorer
Multiple unspecified vulnerabilities in speech control ActiveX controls in (1) Xlisten.dll and (2) Xvoice.dll, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption.
unknown
2007-06-12
8.0CVE-2007-2222
MS
Microsoft -- Windows Vista
Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka " Permissive User Information Store ACLs Information Disclosure Vulnerability."
unknown
2007-06-12
7.0CVE-2007-2229
MS
Microsoft -- Internet Explorer
Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability."
unknown
2007-06-12
8.0CVE-2007-3027
MS
myWebland -- myBloggie
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the bloggie_root_path parameter to (1) config.php; (2) db.php, (3) template.php, (4) functions.php, and (5) classes.php in includes/; (6) viewmode.php; and (7) blog_body.php. NOTE: another researcher disputes the vulnerability because the files are protected against direct requests, contain no relevant include statements, or do not exist.
unknown
2007-06-12
7.0CVE-2007-3194
BUGTRAQ
BUGTRAQ
newsSync -- newsSync
PHP remote file inclusion vulnerability in inc/nuke_include.php in newsSync 1.5.0rc6 allows remote attackers to execute arbitrary PHP code via a URL in the newsSync_NUKE_PATH parameter.
unknown
2007-06-08
7.0CVE-2007-3136
MILW0RM
BID
OpenOffice -- OpenOffice
Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a crafted RTF file.
unknown
2007-06-12
8.0CVE-2007-0245
DEBIAN
Particle Blogger -- Particle Blogger
Multiple SQL injection vulnerabilities in archives.php in Particle Blogger 1.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the month parameter and other unspecified vectors.
unknown
2007-06-11
7.0CVE-2007-3179
BUGTRAQ
PHP Real Estate Classifieds -- PHP Real Estate Classifieds
PHP remote file inclusion vulnerability in admin/header.php in PHP Real Estate Classifieds Premium Plus allows remote attackers to execute arbitrary PHP code via a URL in the loc parameter.
unknown
2007-06-11
7.0CVE-2007-3160
MILW0RM
BID
PHPMailer -- PHPMailer
PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.
unknown
2007-06-14
8.0CVE-2007-3215
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
PhpWiki -- PhpWiki
lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations.
unknown
2007-06-12
10.0CVE-2007-3193
OTHER-REF
OTHER-REF
SECUNIA
Prototype Of An PHP Application -- Prototype Of An PHP Application
Multiple PHP remote file inclusion vulnerabilities in Prototype of an PHP application 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the path_inc parameter to (1) index.php in gestion/; (2) identification.php, (3) disconnect.php, (4) loginliste.php, (5) loginmodif.php, (6) index.php, and (7) ident.inc.php in ident/; (8) menuadministration.php and (9) menuprincipal.php in menu/; (10) param.inc.php in param/; (11) index.php in plugins/phpgacl/; and (12) index.php and (13) common.inc.php.
unknown
2007-06-14
7.0CVE-2007-3217
BUGTRAQ
BID
Software602 -- 602Pro LAN SUITE
Stack-based buffer overflow in smtpdll.dll in the SMTP service in 602Pro LAN SUITE 2003 2003.0.03.0828 allows remote attackers to execute arbitrary code via an e-mail message with a long address. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-06-12
7.0CVE-2007-3203
BID
SECUNIA
Todd Miller -- Sudo
MIT -- Kerberos 5
sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be "a user, who can already log into your system, and can already use sudo."
unknown
2007-06-11
7.0CVE-2007-3149
BUGTRAQ
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
Vivotek -- MjpegControl
Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control (aka MjpegControl) in MjpegDecoder.dll 2.0.0.13 allows remote attackers to execute arbitrary code via a long PtzUrl property value.
unknown
2007-06-11
8.0CVE-2007-3167
MILW0RM
W2B -- Online Banking
Multiple SQL injection vulnerabilities in W2B Online Banking allow remote attackers to execute arbitrary SQL commands via (1) the draft parameter to mailer.w2b or (2) the listDocPay parameter to DocPay.w2b.
unknown
2007-06-11
7.0CVE-2007-3175
OTHER-REF
XF
YaBB -- YaBB
CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequences to a .vars file. NOTE: this can be leveraged to execute arbitrary code.
unknown
2007-06-14
10.0CVE-2007-3208
IDEFENSE
OTHER-REF
BID
SECTRACK
SECUNIA
Yahoo! -- Messenger
Yahoo! -- Yahoo Webcam ActiveX Control
Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information.
unknown
2007-06-11
8.0CVE-2007-3147
FULLDISC
MILW0RM
OTHER-REF
OTHER-REF
OTHER-REF
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
XF
Yahoo! -- Messenger
Yahoo! -- Yahoo Webcam ActiveX Control
Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method.
unknown
2007-06-11
8.0CVE-2007-3148
FULLDISC
MILW0RM
OTHER-REF
OTHER-REF
OTHER-REF
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
XF
Zindizayn Okul Web Sistemi -- Zindizayn Okul Web Sistemi
Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) pass parameter to (a) mezungiris.asp or (b) ogretmenkontrol.asp.
unknown
2007-06-11
7.0CVE-2007-3178
BUGTRAQ
Zoomify -- Zoomify Viewer ActiveX Control
Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX control in ZActiveX.dll might allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-06-11
8.0CVE-2007-2920
CERT-VN
BID
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
e-Vision -- e-Vision CMS
SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter.
unknown
2007-06-14
5.6CVE-2007-3214
MILW0RM
BID
FRSIRT
SECUNIA
XF
HP -- Help and Support Center
Buffer overflow in Help and Support Center before 4.4 C on HP systems allows remote attackers to read or write arbitrary files via unknown vectors.
unknown
2007-06-12
6.7CVE-2007-3180
OTHER-REF
Ingate -- Ingate Firewall
Ingate -- Ingate SIParator
Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter.
unknown
2007-06-11
4.2CVE-2007-3177
OTHER-REF
FRSIRT
SECUNIA
JFFNMS -- JFFNMS
Multiple SQL injection vulnerabilities in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass parameters.
unknown
2007-06-12
5.6CVE-2007-3190
FULLDISC
SECUNIA
JFFNMS -- JFFNMS
Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function.
unknown
2007-06-12
6.7CVE-2007-3191
FULLDISC
SECUNIA
JFFNMS -- JFFNMS
admin/setup.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to read and modify configuration settings via a direct request.
unknown
2007-06-12
6.7CVE-2007-3192
FULLDISC
SECUNIA
KDE -- Konqueror
Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
unknown
2007-06-11
4.7CVE-2007-3143
OTHER-REF
BID
Linux -- Kernel
The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source.
unknown
2007-06-11
4.9CVE-2007-2453
MLIST
MLIST
OTHER-REF
Mozilla -- Mozilla
Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
unknown
2007-06-11
4.7CVE-2007-3144
OTHER-REF
BID
Qualcomm -- Eudora
Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, remote IMAP servers to execute arbitrary code via a long FLAGS response to a SELECT INBOX command.
unknown
2007-06-11
5.6CVE-2007-3166
MILW0RM
Visicom Media -- Ace-FTP
Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote FTP servers to execute arbitrary code via a long response.
unknown
2007-06-11
5.6CVE-2007-3161
MILW0RM
Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
3Com -- OfficeConnect Secure Router
Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter.
unknown
2007-06-11
1.9CVE-2006-3974
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Almnzm -- Almnzm
Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to '[' and ']' characters.
unknown
2007-06-11
2.3CVE-2007-3173
BUGTRAQ
XF
Apache Software Foundation -- Tomcat
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
unknown
2007-06-14
2.3CVE-2007-2449
BUGTRAQ
OTHER-REF
Apple -- Safari
Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-06-14
1.9CVE-2007-2391
APPLE
Apple -- Safari
Apple Safari for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi.
unknown
2007-06-12
3.3CVE-2007-3185
OTHER-REF
Arris -- Cadant C3 CMTS
Arris Cadant C3 CMTS allows remote attackers to cause a denial of service (service termination) via a malformed IP packet with an invalid IP option.
unknown
2007-06-12
3.3CVE-2007-2796
OTHER-REF
Beehive Forum -- Beehive Forum
Multiple cross-site scripting (XSS) vulnerabilities in links.php in Beehive Forum 0.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewmode, (2) fid, and (3) sort_dir parameters, different vectors than CVE-2005-4460.
unknown
2007-06-14
2.3CVE-2007-3212
OTHER-REF
BID
SECUNIA
Bruce Corkhill -- Web Wiz Rich Text Editor
Cross-site scripting (XSS) vulnerability in the rich text editor in Webwiz allows remote attackers to inject arbitrary web script or HTML via URL-encoded HTML composed of a frameset in which a frame has a SRC attribute pointing to a JavaScript document.
unknown
2007-06-12
1.9CVE-2007-3202
BUGTRAQ
BID
Daniel Stenberg -- c-ares
The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values.
unknown
2007-06-11
2.3CVE-2007-3153
OTHER-REF
Domain Technologie Control -- Domain Technologie Control
Cross-site scripting (XSS) vulnerability in 404.php in Domain Technologie Control (DTC) before 0.25.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-06-14
1.9CVE-2007-3211
BID
SECUNIA
XF
EDraw -- Office Viewer Component
Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long first argument to the HttpDownloadFile method.
unknown
2007-06-11
1.9CVE-2007-3169
MILW0RM
OTHER-REF
BID
FRSIRT
SECUNIA
XF
ERFAN WIKI -- ERFAN WIKI
Cross-site scripting (XSS) vulnerability in index.php in ERFAN WIKI 1.00 allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-06-12
2.3CVE-2007-3195
BID
SECUNIA
Frederico Caldeira Knabben -- FCKeditor
Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658.
unknown
2007-06-11
2.3CVE-2007-3163
OTHER-REF
OTHER-REF
Galeon -- Galeon Browser
Visual truncation vulnerability in Galeon 2.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
unknown
2007-06-11
3.7CVE-2007-3145
OTHER-REF
BID
Hardened-PHP Project -- Subhosin
PHP -- PHP
Hardened-PHP Project -- Hardened-PHP
The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Subhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Subhosin.
unknown
2007-06-13
2.3CVE-2007-3205
BUGTRAQ
BUGTRAQ
Ingate -- Ingate Firewall
Ingate -- Ingate SIParator
Unspecified vulnerability in Ingate Firewall and SIParator before 4.5.2 allows remote authenticated users without full privileges to download a Support Report.
unknown
2007-06-11
1.4CVE-2007-3176
OTHER-REF
FRSIRT
SECUNIA
Invision Power Services -- Invision Power Board
Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity.
unknown
2007-06-14
3.3CVE-2007-3219
OTHER-REF
BID
SECUNIA
JFFNMS -- JFFNMS
Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
unknown
2007-06-12
2.3CVE-2007-3189
FULLDISC
SECUNIA
Linux -- Kernel
Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.
unknown
2007-06-11
2.3CVE-2007-2875
IDEFENSE
OTHER-REF
OTHER-REF
BID
Linux -- Kernel
The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference.
unknown
2007-06-11
2.3CVE-2007-2876
MLIST
MLIST
OTHER-REF
Maran -- PHP Blog
Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP Blog (Maran Blog), possibly only versions before 20070610, allows remote attackers to inject arbitrary web script or HTML via the id parameter.
unknown
2007-06-12
2.3CVE-2007-3198
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
Microsoft -- Outlook Express
Microsoft -- Windows Mail
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."
unknown
2007-06-12
1.9CVE-2007-2225
MS
Microsoft -- Outlook Express
Microsoft -- Windows Mail
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."
unknown
2007-06-12
1.9CVE-2007-2227
MS
Microsoft -- Internet Explorer
Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar.
unknown
2007-06-11
3.7CVE-2007-3164
OTHER-REF
OTHER-REF
MiniWeb HTTP Server -- MiniWeb HTTP Server
http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Content-Length HTTP header.
unknown
2007-06-11
2.3CVE-2007-3159
MILW0RM
BID
SECUNIA
XF
NonGNU -- Mail Notification
Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses unencrypted connections for accounts configured with SSL/TLS, which allows remote attackers to obtain sensitive information by sniffing the network.
unknown
2007-06-14
3.3CVE-2007-3209
OTHER-REF
OTHER-REF
SECUNIA
XF
Novell -- Novell Modular Authentication Service
NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and earlier on NetWare logs its invoking command line to NMASINST.LOG, which might allow local users to obtain the admin username and password by reading this file.
unknown
2007-06-12
2.3CVE-2007-3200
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Packeteer -- PacketShaper
rpttop.htm in the web management interface in Packeteer PacketShaper 7.3.0g2 and 7.5.0g1 allows remote attackers to cause a denial of service (device reboot) via a request with empty values of the OP.MEAS.DATAQUERY and MEAS.TYPE parameters.
unknown
2007-06-11
2.3CVE-2007-3151
BUGTRAQ
BID
PHP Live! -- PHP Live!
Cross-site scripting (XSS) vulnerability in request.php in PHP Live! 3.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the pagex parameter.
unknown
2007-06-14
2.3CVE-2007-3218
OTHER-REF
BID
Red Hat -- Red Hat Enterprise Linux Desktop
Red Hat -- Red Hat Enterprise Linux
usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss).
unknown
2007-06-14
3.3CVE-2007-3099
OTHER-REF
OTHER-REF
REDHAT
SECUNIA
Red Hat -- Red Hat open-iscsi
usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaphore.
unknown
2007-06-14
2.3CVE-2007-3100
OTHER-REF
OTHER-REF
REDHAT
SECUNIA
SafeNet -- SafeNet HighAssurance Remote
SafeNet -- SoftRemote VPN Client
IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build 12, and SoftRemote, allows remote attackers to cause a denial of service (infinite loop and system hang) via an invalid packet with certain bytes in an option header, possibly related to the IPv6 support for IPSec.
unknown
2007-06-11
2.3CVE-2007-3157
FULLDISC
OTHER-REF
BID
XF
SpamAssassin -- SpamAssassin
SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd.
unknown
2007-06-11
1.3CVE-2007-2873
OTHER-REF
Sporum Forum -- Sporum Forum
Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in Sporum Forum 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) mode parameters.
unknown
2007-06-14
1.9CVE-2007-3213
OTHER-REF
SECUNIA
Subversion -- Subversion
Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.
unknown
2007-06-14
2.0CVE-2007-2448
OTHER-REF
BID
SECTRACK
TenYearsGone -- ASP Folder Gallery
download_script.asp in ASP Folder Gallery allows remote attackers to read arbitrary files via a filename in the file parameter.
unknown
2007-06-11
2.3CVE-2007-3158
BUGTRAQ
BID
Tor -- Tor
Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to inappropriate remote observers.
unknown
2007-06-11
2.3CVE-2007-3165
MLIST
BID
FRSIRT
SECUNIA
UebiMiau -- UebiMiau
Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau Webmail allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to redirect.php or (2) the selected_theme parameter to demo/pop3/error.php.
unknown
2007-06-11
1.9CVE-2007-3170
FULLDISC
BID
XF
UebiMiau -- UebiMiau
Uebimiau Webmail allows remote attackers to obtain sensitive information via a request to demo/pop3/error.php with an invalid value of the (1) smarty or (2) selected_theme parameter, which reveals the path in various error messages.
unknown
2007-06-11
2.3CVE-2007-3171
FULLDISC
BID
XF
UebiMiau -- UebiMiau
Directory traversal vulnerability in demo/pop3/error.php in Uebimiau Webmail allows remote attackers to determine the existence of arbitrary directories via an absolute pathname and .. (dot dot) in the selected_theme parameter.
unknown
2007-06-11
2.3CVE-2007-3172
FULLDISC
BID
XF
W2B -- Online Banking
Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the adtype parameter, a different vector than CVE-2006-1980.
unknown
2007-06-11
1.9CVE-2007-3174
OTHER-REF
XF
Webmin -- Webmin
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-06-11
1.9CVE-2007-3156
OTHER-REF
BID
FRSIRT
SECUNIA
WestByte -- Internet Download Accelerator
Buffer overflow in the NotSafe function in the idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in Internet Download Accelerator (ida) 5.2 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long argument.
unknown
2007-06-11
2.3CVE-2007-3162
MILW0RM
BID
WinPT -- WinPT
Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 allows user-assisted remote attackers to install a key listed under the wrong user ID, and possibly cause the user to encrypt a victim's correspondence with this attacker-supplied key, via a key ID composed of the attacker's user ID, space characters, an invalid WinPT message, additional space characters, and the victim's user ID.
unknown
2007-06-12
2.7CVE-2007-3201
BUGTRAQ
OTHER-REF
BID
XF
Zen Help Desk Software -- Zen Help Desk
Zen Help Desk 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for ZenHelpDesk.mdb.
unknown
2007-06-11
2.3CVE-2007-3146
BUGTRAQ
Back to top



Last updated June 18, 2007