Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Bulletin SB07-253 archive

Vulnerability Summary for the Week of September 3, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
212cafe -- 212cafeboard
SQL injection vulnerability in read.php in 212cafeBoard 6.30 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-09-05
7.5CVE-2007-4719
BUGTRAQ
CartKeeper -- CKGold Shopping Cart
SQL injection vulnerability in category.php in CartKeeper CKGold Shopping Cart 2.0 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
unknown
2007-09-06
7.5CVE-2007-4736
MILW0RM
Cisco -- Call Manager
Cisco -- Unified Communications Manager
Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265.
unknown
2007-08-31
9.3CVE-2007-4634
CISCO
BID
SECTRACK
SECUNIA
Cisco -- Video Surveillance SP_ISP Decoder Software
Cisco -- Video Surveillance IP Gateway Encoder_Decoder
Cisco -- Video Surveillance SP_ISP
The Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier have default passwords for the sypixx and root user accounts, which allows remote attackers to perform administrative actions, aka CSCsj34681.
unknown
2007-09-06
9.0CVE-2007-4746
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
Cisco -- Video Surveillance SP_ISP Decoder Software
Cisco -- Video Surveillance IP Gateway Encoder_Decoder
Cisco -- Video Surveillance SP_ISP
The telnet service in Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier does not require authentication, which allows remote attackers to perform administrative actions, aka CSCsj31729.
unknown
2007-09-06
10.0CVE-2007-4747
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
Claroline -- Claroline
Directory traversal vulnerability in inc/lib/language.lib.php in Claroline before 1.8.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
unknown
2007-09-05
7.5CVE-2007-4718
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Doomsday -- Doomsday
Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allow remote attackers to execute arbitrary code via a long chat (PKT_CHAT) message that is not properly handled by the (1) D_NetPlayerEvent function in d_net.c or the (2) Msg_Write function in net_msg.c, or (3) many commands that are not properly handled by the NetSv_ReadCommands function in d_netsv.c; or (4) cause a denial of service (daemon crash) via a chat (PKT_CHAT) message without a final '\0' character.
unknown
2007-08-31
10.0CVE-2007-4642
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
Doomsday -- Doomsday
Format string vulnerability in the Cl_GetPackets function in cl_main.c in the client in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allows remote Doomsday servers to execute arbitrary code via format string specifiers in a PSV_CONSOLE_TEXT message.
unknown
2007-08-31
7.5CVE-2007-4644
BUGTRAQ
OTHER-REF
BID
SECUNIA
eNetman -- eNetman
PHP remote file inclusion vulnerability in index.php in eNetman 1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
unknown
2007-09-05
7.5CVE-2007-4712
MILW0RM
SECUNIA
Firebird Project -- Firebird
Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405.
unknown
2007-09-04
7.5CVE-2007-4664
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
GForge -- GForge
SQL injection vulnerability in Gforge before 3.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2007-09-06
7.5CVE-2007-3913
GNU -- tar
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
unknown
2007-09-04
7.5CVE-2007-4476
SUSE
SECUNIA
Hexamail -- Hexamail Server
Buffer overflow in the pop3 service in Hexamail Server 3.0.0.001 Lite allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long USER command.
unknown
2007-08-31
10.0CVE-2007-4646
MILW0RM
Hitachi -- JP1_Cm2_Network Node Manager
Unspecified vulnerability in the Shared Trace Service in Hitachi JP1/Cm2/Network Node Manager (NNM) 07-10 through 07-10-05, and NNM Starter Edition Enterprise and 250 08-00 through 08-10, allows remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-09-05
9.3CVE-2007-4720
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Intuit -- Quickbooks
Multiple stack-based buffer overflows in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-09-05
9.3CVE-2007-0322
CERT-VN
Intuit -- Quickbooks
Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder.
unknown
2007-09-05
9.3CVE-2007-4471
CERT-VN
Microsoft -- MSN Messenger Service
Microsoft -- Windows Live Messenger
Heap-based buffer overflow in Microsoft MSN Messenger 7.x and Live Messenger before 8.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam sessions.
unknown
2007-08-31
9.3CVE-2007-2931
OTHER-REF
BID
FRSIRT
SECUNIA
MicroWorld Technologies -- eScan Anti-Virus
MicroWorld Technologies -- eScan Internet Security
MicroWorld Technologies -- eScan Virus Control
MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local users to gain privileges by replacing application files, as demonstrated by traysser.exe.
unknown
2007-08-31
7.2CVE-2007-4649
FULLDISC
BID
SECUNIA
XF
MIT -- Kerberos 5
Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.
unknown
2007-09-05
10.0CVE-2007-3999
OTHER-REF
OTHER-REF
REDHAT
MIT -- Kerberos 5
The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.
unknown
2007-09-05
8.5CVE-2007-4000
OTHER-REF
OTHER-REF
REDHAT
MIT -- Kerberos 5
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.
unknown
2007-09-06
10.0CVE-2007-4743
OTHER-REF
Next Generation Software -- Virtual DJ (VDJ)
Buffer overflow in Next Generation Software Virtual DJ (VDJ) 5.0 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file.
unknown
2007-09-06
9.3CVE-2007-4735
MILW0RM
BID
BID
FRSIRT
SECUNIA
Norman -- Norman Virus Control
The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak permissions (unrestricted write access) for the NvcOa device, which allows local users to gain privileges by (1) triggering a buffer overflow in a kernel pool via a string argument to ioctl 0xBF67201C; or by (2) sending a crafted KEVENT structure through ioctl 0xBF672028 to overwrite arbitrary memory locations.
unknown
2007-08-31
7.2CVE-2007-4648
BUGTRAQ
OTHER-REF
Novell -- Novell client
Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2 through SP4 for Windows allow remote attackers to execute arbitrary code via certain long arguments to the (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory, and other unspecified RPC requests, a different vulnerability than CVE-2006-5854.
unknown
2007-08-31
9.3CVE-2007-2954
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
PHD -- Help Desk
Multiple SQL injection vulnerabilities in PHD Help Desk before 1.31 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2007-09-05
7.5CVE-2007-4716
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
PHP -- PHP
Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.
unknown
2007-09-04
7.5CVE-2007-3996
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHP
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
unknown
2007-09-04
7.5CVE-2007-3997
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHP
PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.
unknown
2007-09-04
7.5CVE-2007-4652
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHP
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.
unknown
2007-09-04
7.5CVE-2007-4657
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHP
The money_format function in PHP before 5.2.4 permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
unknown
2007-09-04
7.5CVE-2007-4658
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHP
The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.
unknown
2007-09-04
7.5CVE-2007-4659
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHP
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation.
unknown
2007-09-04
7.5CVE-2007-4660
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHP
The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is due to an incomplete fix for CVE-2007-2872.
unknown
2007-09-04
7.5CVE-2007-4661
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHP
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.
unknown
2007-09-04
7.5CVE-2007-4662
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHP
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.
unknown
2007-09-04
7.5CVE-2007-4663
OTHER-REF
OTHER-REF
SECUNIA
phpBB -- phpBB
SQL injection vulnerability in links.php in the Links MOD 1.2.2 and earlier for phpBB 2.0.22 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter in a search action.
unknown
2007-09-04
7.5CVE-2007-4653
MILW0RM
phpBG -- phpBG
Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to (1) intern/admin/other/backup.php, (2) intern/admin/, (3) intern/clan/member_add.php, (4) intern/config/key_2.php, or (5) intern/config/forum.php.
unknown
2007-08-31
7.5CVE-2007-4636
MILW0RM
SpeedTech -- STPHPLibrary
Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php.
unknown
2007-09-06
7.5CVE-2007-4737
MILW0RM
SECUNIA
SpeedTech -- STPHPLibrary
Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawith! caption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-09-06
7.5CVE-2007-4738
SECUNIA
SuSE -- SuSE Linux Enterprise Server
Unspecified vulnerability in the NFSv4 ID mapper (nfsidmap) on SUSE Linux Enterprise 10 has unspecified attack vectors and impact, involving the name to uid translation in NFSv4 name lookups.
unknown
2007-09-04
7.5CVE-2007-4135
SUSE
SECUNIA
Telecom Italy -- Alice Messenger
The HPRevolutionRegistryManager ActiveX control in Hp.Revolution.RegistryManager.dll 1 in Telecom Italy Alice Messenger allows remote attackers to create registry keys and values via the arguments to the WriteRegistry method.
unknown
2007-09-06
9.3CVE-2007-4740
BUGTRAQ
OTHER-REF
SECTRACK
Weblogicnet -- Weblogicnet
Multiple PHP remote file inclusion vulnerabilities in Weblogicnet allow remote attackers to execute arbitrary PHP code via a URL in the files_dir parameter in (1) es_desp.php, (2) es_custom_menu.php, and (3) es_offer.php.
unknown
2007-09-05
7.5CVE-2007-4715
BUGTRAQ
MILW0RM
OTHER-REF
BID
Yahoo -- Messenger
Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.
unknown
2007-08-31
9.3CVE-2007-4515
IDEFENSE
OTHER-REF
SECUNIA
Yvora -- Yvora
SQL injection vulnerability in error_view.php in Yvora 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
unknown
2007-09-05
7.5CVE-2007-4714
MILW0RM
BID
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
2coolcode -- Our Space
newswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 allows remote attackers to upload certain files via unspecified vectors, probably involving unrestricted functionality in uploadmedia.cgi.
unknown
2007-08-31
5.0CVE-2007-4647
MILW0RM
AnyInventory -- AnyInventory
PHP remote file inclusion vulnerability in environment.php in AnyInventory 1.9.1 and 2.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PREFIX parameter.
unknown
2007-09-06
6.8CVE-2007-4744
MILW0RM
BID
SECUNIA
XF
Apache Software Foundation -- Apache HTTP Server
Jasio.net -- Ragnarok Online Control Panel
Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
unknown
2007-09-05
6.8CVE-2007-4723
BUGTRAQ
Apache Software Foundation -- Tomcat
Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
unknown
2007-09-05
4.3CVE-2007-4724
BUGTRAQ
Apple -- iTunes
Buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a music file with crafted album cover art.
unknown
2007-09-06
6.8CVE-2007-3752
OTHER-REF
SECUNIA
SECUNIA
Aztech -- DSL 600EU router
The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077.
unknown
2007-09-06
4.3CVE-2007-4733
BUGTRAQ
SECTRACK
Bharat Mediratta -- Gallery
Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in WebDAV and (b) Reupload modules.
unknown
2007-09-04
6.4CVE-2007-4650
OTHER-REF
Blizzard Entertainment -- Starcraft Brood War
Blizzard Entertainment StarCraft Brood War 1.15.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed map, which triggers an out-of-bounds read during a minimap preview.
unknown
2007-08-31
4.3CVE-2007-4638
BUGTRAQ
BID
Broderbund -- Expressit 3DGreetings Player
Multiple buffer overflows in the Broderbund Expressit 3DGreetings Player ActiveX control could allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-09-06
6.8CVE-2007-4472
CERT-VN
SECUNIA
CGI-RESCUE -- Shopping Basket Professional
Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via directory traversal sequences in unspecified parameters to (1) list.cgi or (2) list2.cgi.
unknown
2007-09-04
5.0CVE-2007-4655
OTHER-REF
SECUNIA
Cisco -- Cisco IOS
Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105.
unknown
2007-08-31
4.3CVE-2007-4632
CISCO
BID
Cisco -- Call Manager
Cisco -- Unified Communications Manager
Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728.
unknown
2007-08-31
6.4CVE-2007-4633
CISCO
BID
SECTRACK
SECUNIA
Cisco -- WebNS
TeamF1 -- SSHield
OpenBSD -- OpenSSH
Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via a series of large packets designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144), possibly a related issue to CVE-2002-1024.
unknown
2007-09-04
5.0CVE-2007-4654
BUGTRAQ
Claroline -- Claroline
Claroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by a parameter value containing an XSS sequence.
unknown
2007-09-06
4.3CVE-2007-4742
OTHER-REF
OTHER-REF
Debian -- reprepro
reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command.
unknown
2007-09-06
5.0CVE-2007-4739
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
Doomsday -- Doomsday
Integer underflow in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a PKT_CHAT packet with a data length less than 3, which triggers an erroneous malloc, possibly related to the Sv_HandlePacket function in sv_main.c.
unknown
2007-08-31
5.0CVE-2007-4643
BUGTRAQ
OTHER-REF
BID
SECUNIA
EnterpriseDB -- EnterpriseDB Advanced Server
EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbg_create_listener, which allows remote authenticated users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a SELECT statement that invokes a pldbg_ function, as demonstrated by (1) pldbg_get_stack and (2) pldbg_abort_target, which triggers use of an uninitialized pointer.
unknown
2007-08-31
6.5CVE-2007-4639
BUGTRAQ
BID
Firebird Project -- Firebird
Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to cause a denial of service (daemon crash) via an XNET session that makes multiple simultaneous requests to register events, aka CORE-1403.
unknown
2007-09-04
5.0CVE-2007-4665
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Firebird Project -- Firebird
Unspecified vulnerability in the server in Firebird before 2.0.2, when a Superserver/TCP/IP environment is configured, allows remote attackers to cause a denial of service (CPU and memory consumption) via "large network packets with garbage", aka CORE-1397.
unknown
2007-09-04
5.0CVE-2007-4666
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Firebird Project -- Firebird
Unspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149.
unknown
2007-09-04
5.0CVE-2007-4667
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Firebird Project -- Firebird
Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, aka CORE-1312.
unknown
2007-09-04
5.0CVE-2007-4668
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
Firebird Project -- Firebird
The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148.
unknown
2007-09-04
4.0CVE-2007-4669
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
Igor Pavlov -- 7-Zip
Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before 4.42.00.04, as derived from Igor Pavlov 7-Zip before 4.53 beta, allows user-assisted remote attackers to execute arbitrary code via a long filename in an archive, leading to a heap-based buffer overflow.
unknown
2007-09-05
6.8CVE-2007-4725
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
Joomla -- AkoBook
Mambo -- Mambo Site Server
Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function.
unknown
2007-09-06
4.3CVE-2007-4745
OTHER-REF
SECUNIA
Move Networks Inc -- Qunatum Streaming Player
Multiple stack-based buffer overflows in the Quantum Streaming Internet Explorer Player ActiveX control in qsp2ie07051001.dll 1.0.0.1 in Move Media Player allow remote attackers to execute arbitrary code via a long string to the (1) Play and (2) Buzzer methods. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-09-05
6.8CVE-2007-4722
SECUNIA
NMDeluxe -- NMDeluxe
SQL injection vulnerability in index.php in NMDeluxe 2.0.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a newspost do action, a different vulnerability than CVE-2006-1108.
unknown
2007-08-31
6.4CVE-2007-4645
MILW0RM
Ots Labs -- OTSTurntables
Buffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file.
unknown
2007-09-06
4.3CVE-2007-4734
MILW0RM
BID
SECUNIA
Pakupaku -- Pakupaku CMS
Unrestricted file upload vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to upload and execute arbitrary PHP files in uploads/ via an Uploads action.
unknown
2007-08-31
6.4CVE-2007-4640
MILW0RM
SECUNIA
Pakupaku -- Pakupaku CMS
Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
unknown
2007-08-31
6.4CVE-2007-4641
MILW0RM
SECUNIA
PHP -- PHP
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.
unknown
2007-09-04
5.0CVE-2007-3998
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHP
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.
unknown
2007-09-04
5.0CVE-2007-4670
OTHER-REF
OTHER-REF
PPStream -- PPStream
Buffer overflow in the PowerPlayer.dll ActiveX control in PPStream 2.0.1.3829 allows remote attackers to execute arbitrary code via a long Logo parameter.
unknown
2007-09-06
6.8CVE-2007-4748
MILW0RM
BID
XF
QGit -- QGit
The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbtirary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames.
unknown
2007-08-31
4.6CVE-2007-4631
OTHER-REF
Red Hat -- Enterprise Linux Desktop
Red Hat -- Enterprise Linux
Red Hat Enterprise Linux (RHEL) 5 creates the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 rpm with a database that lacks checksum information, which allows context-dependent attackers to bypass file integrity checks and modify certain files.
unknown
2007-09-04
5.0CVE-2007-3849
OTHER-REF
REDHAT
ROI Revolution -- Urchin
Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in Urchin 5.6.00r2 allow remote attackers to inject arbitrary web script or HTML via the (1) dtc, (2) vid, (3) n, (4) dt, (5) ed, and (6) bd parameters.
unknown
2007-09-05
4.3CVE-2007-4713
OTHER-REF
Sun -- Solaris
Unspecified vulnerability in the strfreectty function in the Special File System (SPECFS) in Sun Solaris 8 through 10 allows local users to cause a denial of service (system panic), related to passing a NULL pointer to the pgsignal function.
unknown
2007-09-06
4.9CVE-2007-4732
SUNALERT
FRSIRT
SECTRACK
SECUNIA
WebOddity -- WebOddity
Directory traversal vulnerability in Web Oddity 0.09b allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
unknown
2007-09-05
5.0CVE-2007-4726
MILW0RM
BID
Wireshark -- Wireshark
Integer signedness error in the DNP3 dissector in Wireshark 0.99.5 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain DNP3 packet.
unknown
2007-09-05
5.0CVE-2007-4721
BUGTRAQ
MILW0RM
OTHER-REF
SECTRACK
XF
www.toms-seiten.at -- Toms Gaestebuch
Multiple cross-site scripting (XSS) vulnerabilities in Toms Gaestebuch 1.00 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage, (2) mail, and (3) name parameters in a show action to (a) form.php; the (4) language and (5) anzeigebreite parameters to (b) admin/header.php; and the (6) msg parameter to (c) install.php, different vectors than CVE-2006-0706.
unknown
2007-09-05
4.3CVE-2007-4711
BUGTRAQ
BID
SECUNIA
xGB -- xGB
xGB.php in xGB 2.0 does not require authentication for an admin edit action, which allows remote attackers to make unspecified changes via an unknown series of steps.
unknown
2007-08-31
6.4CVE-2007-4637
MILW0RM
Yahoo -- Messenger
Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-08-31
5.0CVE-2007-4635
BID
Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Backup Manager -- Backup Manager
backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766.
unknown
2007-09-04
2.1CVE-2007-4656
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
Claroline -- Claroline
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advancedUserSearch.php, and the (3) view parameter in admin/campusProblem.php.
unknown
2007-09-05
3.5CVE-2007-4717
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Claroline -- Claroline
Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-09-06
3.5CVE-2007-4741
OTHER-REF
SECUNIA
Back to top



Last updated September 10, 2007