Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Bulletin SB07-057 archive

Vulnerability Summary for the Week of February 19, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
The administrator HTTP interface in Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier, allows remote attackers to bypass authentication controls via a direct URL request.
unknown
2007-02-21
7.0CVE-2007-1062
CISCO
FRSIRT
AbleDesign -- MyCalendar
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via (1) the go parameter, (2) the search menu in a go=search action, or (3) the username or (4) the password in a go=Login action.
unknown
2007-02-21
7.0CVE-2007-1050
BUGTRAQ
OTHER-REF
Aktueldownload -- Aktueldownload Haber Script
SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-02-21
10.0CVE-2007-1015
MILW0RM
FRSIRT
XF
Aktueldownload -- Aktueldownload Haber Script
SQL injection vulnerability in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via certain vectors related to the HaberDetay.asp and rss.asp components, and the id and kid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the combination of the HaberDetay.asp component and the id parameter is already covered by another February 2007 CVE candidate.
unknown
2007-02-21
7.0CVE-2007-1016
FRSIRT
Apple -- iChat
The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614.
unknown
2007-02-16
7.0CVE-2007-0710
OTHER-REF
APPLE
SECUNIA
Apple -- Mac OS X Server
Apple -- Mac OS X
Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503.
unknown
2007-02-22
10.0CVE-2007-1071
OTHER-REF
BID
ASPcode.net -- Pollmentor
SQL injection vulnerability in pollmentorres.asp in PollMentor 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-02-16
7.0CVE-2007-0984
milw0rm
BID
CedStat -- CedStat
Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 allows remote attackers to inject arbitrary web script or HTML via the hier parameter.
unknown
2007-02-21
7.0CVE-2007-1020
BUGTRAQ
OTHER-REF
BID
XF
Cisco -- Unified IP Conference Station 7935
Cisco -- Unified IP Phone 7911G
Cisco -- Unified IP Conference Station 7936
Cisco -- Unified IP Phone 7906G
Cisco -- Unified IP Phone 7970G
Cisco -- Unified IP Phone 7971G
Cisco -- Unified IP Phone 7941G
Cisco -- Unified IP Phone 7961G
The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device.
unknown
2007-02-21
10.0CVE-2007-1063
CISCO
FRSIRT
Cisco -- Unified IP Phone 7911G
Cisco -- Unified IP Phone 7906G
Cisco -- Unified IP Phone 7970G
Cisco -- Unified IP Phone 7971G
Cisco -- Unified IP Phone 7961G
Cisco -- Unified IP Phone 7941G
The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors. NOTE: this issue can be leveraged remotely via CVE-2007-1063.
unknown
2007-02-22
7.0CVE-2007-1072
CISCO
CISCO
SECUNIA
CodeAvalanche -- CodeAvalanche News
SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter.
unknown
2007-02-21
10.0CVE-2007-1021
MILW0RM
BID
FRSIRT
XF
Design4Online -- UserPages2
SQL injection vulnerability in page.asp in Design4Online UserPages2 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-22
7.0CVE-2007-1077
BID
Distributed Checksum ClearingHouse -- DCC
Unspecified vulnerability in Distributed Checksum Clearinghouse (DCC) before 1.3.51 allows remote attackers to delete or add hosts in /var/dcc/maps.
unknown
2007-02-21
7.0CVE-2007-1047
OTHER-REF
BID
FRSIRT
SECUNIA
DJI -- NewsBin Pro
Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file.
unknown
2007-02-22
8.0CVE-2007-1074
MILW0RM
BID
SECUNIA
XF
Ekiga -- Ekiga
Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors.
unknown
2007-02-19
10.0CVE-2007-1006
SECUNIA
Ezboo -- Webstats
Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.
unknown
2007-02-21
7.0CVE-2007-1043
BUGTRAQ
OTHER-REF
BID
XF
FlashGameScript -- FlashGameScript
PHP remote file inclusion vulnerability in index.php in FlashGameScript 1.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the func parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-22
10.0CVE-2007-1078
BID
JBoss -- JBoss Application Server
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
unknown
2007-02-21
10.0CVE-2007-1036
BUGTRAQ
BUGTRAQ
BUGTRAQ
CERT-VN
Jupiter CMS -- Jupiter CMS
PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5, when PHP 5.0.0 or later is used, allows remote attackers to execute arbitrary PHP code via an ftp URL in the n parameter.
unknown
2007-02-16
8.0CVE-2007-0986
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
Milw0rm
BID
Jupiter CMS -- Jupiter CMS
Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot), or an absolute pathname, in the n parameter.
unknown
2007-02-16
7.0CVE-2007-0987
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
mAlbum -- mAlbum
mAlbum 0.3 has default accunts (1) "login"/"pass" for its administrative account and (2) "dqsfg"/"sdfg", which allows remote attackers to gain privileges.
unknown
2007-02-21
10.0CVE-2007-1045
BUGTRAQ
OTHER-REF
XF
Marcello Vitagliano -- Meganoide's News
PHP remote file inclusion vulnerability in include.php in Meganoide's news 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter.
unknown
2007-02-21
10.0CVE-2007-1024
BUGTRAQ
BID
XF
McRefer -- McRefer
Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php.
unknown
2007-02-22
10.0CVE-2007-1073
BUGTRAQ
MediaWiki -- MediaWiki
Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter. NOTE: this issue might be a duplicate of CVE-2007-0177.
unknown
2007-02-21
7.0CVE-2007-1055
BUGTRAQ
OTHER-REF
OTHER-REF
Meetinghouse -- AEGIS SecureConnect Client
Cisco -- Trust Agent
Cisco -- Security Agent
Cisco -- Secure Services Client
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1, and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624.
unknown
2007-02-21
7.0CVE-2007-1067
CISCO
Microsoft -- Internet Explorer
Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier allows remote attackers to execute arbitrary code via a .nzb file with a long subject field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-21
8.0CVE-2007-1037
BID
FRSIRT
Online Web Building -- Online Web Building
SQL injection vulnerability in user_pages/page.asp in Online Web Building 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter.
unknown
2007-02-21
7.0CVE-2007-1058
MILW0RM
FRSIRT
SECUNIA
PBLang -- PBLang
** DISPUTED ** PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dbpath parameter, a different vector than CVE-2006-5062. NOTE: this issue has been disputed by a reliable third party for 4.65, stating that the dbpath variable is initialized in an included file that is created upon installation.
unknown
2007-02-21
10.0CVE-2007-1052
BUGTRAQ
VIM
PHP-Nuke -- PHP-Nuke Emporium Module
SQL injection vulnerability in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
unknown
2007-02-21
7.0CVE-2007-1034
MILW0RM
BID
phpbb_wordsearch -- phpbb_wordsearch
PHP remote file inclusion vulnerability in admin_rebuild_search.php in phpbb_wordsearch allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-02-21
7.0CVE-2007-1048
BUGTRAQ
XF
phpCC -- phpCC
SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earlier allows remote attackers to execute arbitrary SQL commands via the npid parameter in a sign_gb action.
unknown
2007-02-16
7.0CVE-2007-0985
Milw0rm
BID
phpTrafficA -- phpTrafficA
Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and possibly earlier, allow remote attackers to include arbitrary local files via a .. (dot dot) in the (1) file parameter to plotStat.php and the (2) lang parameter to banref.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-22
7.0CVE-2007-1076
BID
SECUNIA
Quicksoft -- EasyMail Objects
Stack-based buffer overflow in the Connect method in the IMAP4 component in Quiksoft EasyMail Objects before 6.5 allows remote attackers to execute arbitrary code via a long host name.
unknown
2007-02-21
10.0CVE-2007-1029
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Red Hat -- Red Hat Enterprise Linux AS
Red Hat -- Red Hat Enterprise Linux ES
Red Hat -- Red Hat Enterprise Linux WS
Ekiga -- Ekiga
Red Hat -- Red Hat Desktop
Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function.
unknown
2007-02-20
10.0CVE-2007-1007
OTHER-REF
REDHAT
SECUNIA
S&H Computer Systems -- News Rover
Multiple stack-based buffer overflows in S&H Computer Systems News Rover 12.1 Rev 1 allow remote attackers to execute arbitrary code via a .nzb file with a long (1) group or (2) subject string.
unknown
2007-02-21
8.0CVE-2007-1041
MILW0RM
BID
FRSIRT
SECUNIA
Sangwan Kim -- Bookmark4U
SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter.
unknown
2007-02-22
7.0CVE-2006-7025
FULLDISC
VIM
FRSIRT
OSVDB
SECUNIA
XF
ScriptDungeon -- XLAtunes
SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in view mode. NOTE: some of these details are obtained from third party information.
unknown
2007-02-21
7.0CVE-2007-1026
MILW0RM
BID
FRSIRT
Snitz Communications -- Snitz Forums 2000
SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-02-21
7.0CVE-2007-1023
MILW0RM
BID
XF
Snort -- Snort
Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic.
unknown
2007-02-19
10.0CVE-2006-5276
ISS
OTHER-REF
CERT
XF
Symantec -- Automated Support Assistant
Symantec -- Norton Internet Security
SupportSoft -- SmartIssue
Symantec -- Norton System Works
Symantec -- Norton Antivirus
SupportSoft -- ScriptRunner
Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.
unknown
2007-02-22
10.0CVE-2006-6490
IDEFENSE
OTHER-REF
CERT-VN
Trend Micro -- Client/Server/Messaging Security
Trend Micro -- OfficeScan Corporate Edition
Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI.dll, as used in OfficeScan 7.0 before Build 1344, OfficeScan 7.3 before Build 1241, and Client / Server / Messaging Security 3.0 before Build 1197, allow remote attackers to execute arbitrary code via a crafted HTML document.
unknown
2007-02-20
8.0CVE-2007-0325
OTHER-REF
OTHER-REF
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
Trend Micro -- ServerProtect
Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.
unknown
2007-02-21
10.0CVE-2007-1070
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
Turuncu Portal -- Turuncu Portal
SQL injection vulnerability in h_goster.asp in Turuncu Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-21
7.0CVE-2007-1022
BID
SECUNIA
TYPO3 -- TYPO3
The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information.
unknown
2007-02-22
7.0CVE-2007-1081
OTHER-REF
FRSIRT
VicFTPS -- VicFTPS
Stack-based buffer overflow in VicFTPS before 5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long CWD command.
unknown
2007-02-21
10.0CVE-2007-1014
MILW0RM
OTHER-REF
BID
FRSIRT
SECUNIA
VirtualSystem -- Htaccess Passwort Generator
PHP remote file inclusion vulnerability in generate.php in VirtualSystem Htaccess Passwort Generator 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the ht_pfad parameter.
unknown
2007-02-21
10.0CVE-2007-1013
MILW0RM
BID
FRSIRT
VirtualSystem -- VS-News-System
PHP remote file inclusion vulnerability in show_news_inc.php in VirtualSystem VS-News-System 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter.
unknown
2007-02-21
8.0CVE-2007-1017
MILW0RM
BID
SECUNIA
XF
VirtualSystem -- VS-News-System
PHP remote file inclusion vulnerability in tpl/header.php in VirtualSystem VS-News-System 1.2.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-21
8.0CVE-2007-1018
SECUNIA
VirtualSystem -- VS-Link-Partner
PHP remote file inclusion vulnerability in inc/functions_inc.php in VS-Link-Partner 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad, or possibly script_pfad, parameter.
unknown
2007-02-21
7.0CVE-2007-1025
MILW0RM
BID
FRSIRT
XF
VMWare -- VMWare Workstation
VMware Workstation 5.5.3 build 34685 does not provide per-user restrictions on certain privileged actions, which allows local users to perform restricted operations such as changing system time, accessing hardware components, and stop the "VMware tools service" service. NOTE: exploitation is simplified via (1) weak file permisssions (Users = Read & Execute) for %PROGRAMFILES%\VMware; and weak registry key permissions (access by Users) for (2) vmmouse, (3) vmscsi, (4) VMTools, (5) vmx_svga, and (6) vmxnet in HKLM\SYSTEM\CurrentControlSet\Services\; which allows local users to perform various privileged actions outside of the guest OS by executing certain files under %PROGRAMFILES%\VMware\VMware Tools, as demonstrated by (a) VMControlPanel.cpl and (b) vmwareservice.exe.
unknown
2007-02-21
7.0CVE-2007-1056
BUGTRAQ
VS-Gastebuch -- VS-Gastebuch
PHP remote file inclusion vulnerability in functions_inc.php in VS-Gastebuch 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad parameter.
unknown
2007-02-21
7.0CVE-2007-1011
OTHER-REF
BID
FRSIRT
SECUNIA
Warped Systems -- phpXmms
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpXmms 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the tcmdp parameter to (1) phpxmmsb.php or (2) phpxmmst.php. NOTE: this issue has been disputed by a reliable third party, stating that the tcmdp variable is initialized by config.php.
unknown
2007-02-21
10.0CVE-2007-1053
BUGTRAQ
VIM
Xpression News -- Xpression News
Directory traversal vulnerability in archives.php in Xpression News (X-News) 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter.
unknown
2007-02-21
7.0CVE-2007-1040
MILW0RM
BID
FRSIRT
SECUNIA
XF
Xpression News -- Xpression News
Directory traversal vulnerability in news.php in Xpression News (X-News) 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-21
8.0CVE-2007-1042
SECUNIA
XF
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors.
unknown
2007-02-21
4.9CVE-2007-1035
OTHER-REF
OTHER-REF
BID
FRSIRT
XF
Ansatheus -- AT Contenator
PHP remote file inclusion vulnerability in _admin/nav.php in AT Contenator 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Root_To_Script parameter.
unknown
2007-02-16
4.8CVE-2007-0983
milw0rm
XF
Barry Jaspan -- Image Pager
Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image Pager 4.7.x-1.x-dev and 5.x-1.x-dev before 2007-02-08 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTML entities and the IMG element.
unknown
2007-02-21
5.6CVE-2007-1028
OTHER-REF
BID
FRSIRT
XF
Clam Anti-Virus -- ClamAV
Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.
unknown
2007-02-16
4.7CVE-2007-0898
IDEFENSE
BID
FRSIRT
SECUNIA
Comodo -- Comodo Firewall Pro
Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and earlier uses a weak cryptographic hashing function (CRC32) to identify trusted modules, which allows local users to bypass security protections by substituting modified modules that have the same CRC32 value.
unknown
2007-02-21
4.9CVE-2007-1051
BUGTRAQ
FULLDISC
OTHER-REF
XF
DeskPro -- DeskPro
Cross-site scripting (XSS) vulnerability in faq.php in DeskPRO 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the article parameter.
unknown
2007-02-21
5.6CVE-2007-1012
BUGTRAQ
XF
Drupal -- Secure Site module
Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and 5.x-1.x-dev module for Drupal allows remote attackers to bypass access restrictions via a crafted URL.
unknown
2007-02-21
5.6CVE-2007-1033
OTHER-REF
FRSIRT
XF
Francisco Burzi -- PHP-Nuke
SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable).
unknown
2007-02-21
5.6CVE-2007-1061
MILW0RM
FRSIRT
SECUNIA
Interspire -- SendStudio
Multiple PHP remote file inclusion vulnerabilities in Interspire SendStudio 2004.14 and earlier, when register_globals and allow_fopenurl are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOTDIR parameter to (1) createemails.inc.php and (2) send_emails.inc.php in /admin/includes/.
unknown
2007-02-21
5.6CVE-2007-1060
MILW0RM
OTHER-REF
FRSIRT
SECUNIA
MediaWiki -- MediaWiki
Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer.
unknown
2007-02-21
5.6CVE-2007-1054
BUGTRAQ
OTHER-REF
OTHER-REF
VIM
Meetinghouse -- AEGIS SecureConnect Client
Cisco -- Trust Agent
Cisco -- Security Agent
Cisco -- Secure Services Client
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1, and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120.
unknown
2007-02-21
4.2CVE-2007-1064
CISCO
Meetinghouse -- AEGIS SecureConnect Client
Cisco -- Trust Agent
Cisco -- Security Agent
Cisco -- Secure Services Client
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1, and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836.
unknown
2007-02-21
4.2CVE-2007-1065
CISCO
Meetinghouse -- AEGIS SecureConnect Client
Cisco -- Trust Agent
Cisco -- Security Agent
Cisco -- Secure Services Client
Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1, and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558.
unknown
2007-02-21
4.2CVE-2007-1066
CISCO
Meetinghouse -- AEGIS SecureConnect Client
Cisco -- Trust Agent
Cisco -- Security Agent
Cisco -- Secure Services Client
The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1, and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423.
unknown
2007-02-21
4.2CVE-2007-1068
CISCO
Microsoft -- Windows Server 2003
Microsoft -- Windows Vista
Microsoft -- Windows XP
The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
unknown
2007-02-22
4.9CVE-2007-0843
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
Mozilla -- Firefox
Firefox does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.
unknown
2007-02-22
5.6CVE-2007-1084
BUGTRAQ
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
BID
Nortel -- Net Direct client
The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client.
unknown
2007-02-21
5.6CVE-2007-1057
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
PeanutKB -- Peanut Knowledge Base
Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 and earlier has unknown impact and attack vectors.
unknown
2007-02-21
4.9CVE-2007-1039
OTHER-REF
FRSIRT
phpMyFAQ -- phpMyFAQ
Unspecified vulnerability in phpMyFAQ before 1.6.9, when register_globals is enabled, allows remote attackers to "gain the privilege for uploading files on the server."
unknown
2007-02-21
5.6CVE-2007-1032
OTHER-REF
SECUNIA
Ultimate Fun Book -- Ultimate Fun Book
PHP remote file inclusion vulnerability in function.php in Ultimate Fun Book 1.02 allows remote attackers to execute arbitrary PHP code via a URL in the gbpfad parameter. NOTE: some sources mention "Ultimate Fun Board," but this appears to be an error.
unknown
2007-02-21
5.6CVE-2007-1059
MILW0RM
BID
FRSIRT
SECUNIA
Verisign -- MPKI
Buffer overflow in the Verisign Managed PKI Service Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
unknown
2007-02-22
5.6CVE-2007-1083
IDEFENSE
OTHER-REF
OTHER-REF
OTHER-REF
CERT-VN
BID
Vivvo -- Article Manager CMS
Directory traversal vulnerability in include/db_conn.php in SpoonLabs Vivvo Article Management CMS 3.4 allows remote attackers to include and execute arbitrary local files via the root parameter.
unknown
2007-02-21
5.6CVE-2007-1031
MILW0RM
BID
XF
webSPELL -- webSPELL
SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388.
unknown
2007-02-21
5.6CVE-2007-1019
MILW0RM
BID
SECUNIA
XF
ZebraFeeds -- ZebraFeeds
Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the zf_path parameter to (1) aggregator.php and (2) controller.php in newsfeeds/includes/.
unknown
2007-02-21
5.6CVE-2007-1010
MILW0RM
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apache -- SpamAssassin
Unspecified vulnerability in Apache SpamAssassin before 3.1.8 allows remote attackers to cause an unspecified denial of service via long URLs in an email.
unknown
2007-02-16
3.3CVE-2007-0451
OTHER-REF
FEDORA
FEDORA
FRSIRT
BID
SECUNIA
SECUNIA
Apple -- iTunes
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation.
unknown
2007-02-19
1.9CVE-2007-1008
BUGTRAQ
BID
Clam Anti-Virus -- ClamAV
Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.
unknown
2007-02-16
2.3CVE-2007-0897
IDEFENSE
BID
FRSIRT
SECUNIA
Dem_trac -- Dem_trac
Dem_trac allows remote attackers to read log file contents via a direct request for /anc_sit.txt.
unknown
2007-02-21
2.3CVE-2007-1046
BUGTRAQ
OTHER-REF
XF
FTPx -- FTP Explorer
FTP Explorer 1.0.1 Build 047 allows remote servers to cause a denial of service (CPU consumption) via a long response to a PWD command.
unknown
2007-02-22
2.3CVE-2007-1082
MILW0RM
BID
XF
GNUCash -- GNUCash
gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files.
unknown
2007-02-19
3.3CVE-2007-0007
OTHER-REF
SECUNIA
IBM -- DB2
Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.
unknown
2007-02-21
2.3CVE-2007-1027
AIXAPAR
FRSIRT
SECUNIA
Linux -- Kernel
The Linux kernel before 2.6.20.1 allows remote attackers to cause a denial of service (oops) via a crafed NFSACL 2 ACCESS request that triggers a free of an incorrect pointer.
unknown
2007-02-20
2.3CVE-2007-0772
OTHER-REF
FRSIRT
SECUNIA
Mozilla -- Firefox
Mozilla Firefox mmight allow remote attackers to condut spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar.
unknown
2007-02-19
1.9CVE-2007-1004
BUGTRAQ
BUGTRAQ
BID
Niels Provos -- libevent
Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset.
unknown
2007-02-21
3.3CVE-2007-1030
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Pearson Education -- Powerschool
Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an arbitrary filename ending in ".js."
unknown
2007-02-21
2.3CVE-2007-1044
BUGTRAQ
BID
Red Hat -- Red Hat Enterprise Linux ES
Red Hat -- Red Hat Enterprise Linux AS
Red Hat -- Red Hat Enterprise Linux WS
The zend_hash_init function in PHP, when running on a 64-bit platform, allows user-assisted remote attackers to cause a denial of service (resource consumption) by unserializing crafted data, which causes an infinite loop.
unknown
2007-02-20
1.9CVE-2007-0988
OTHER-REF
OTHER-REF
REDHAT
SECUNIA
RhinoSoft -- FTP Voyager
Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0.3 and earlier allows remote servers to cause a denial of service (crash) via a long response to a CWD command, which triggers the overflow when the user aborts the command.
unknown
2007-02-22
3.3CVE-2007-1079
MILW0RM
BID
XF
Shemes.com -- Grabit
Shemes.com Grabit 1.5.3, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a .nzb file with a subject field containing ';' (semicolon) characters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-21
2.3CVE-2007-1038
BID
FRSIRT
TaskFreak! -- TaskFreak!
Cross-site scripting (XSS) vulnerability in error.php in TaskFreak! 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-16
1.9CVE-2007-0982
BID
SECUNIA
TurboSoft -- TurboFTP
TurboFTP 5.30 Build 572 allows remote servers to cause a denial of service (CPU consumption) via a response with a large number of newline characters.
unknown
2007-02-22
3.3CVE-2007-1075
MILW0RM
BID
TurboSoft -- TurboFTP
Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow remote servers to cause a denial of service via (1) long filename in a response to a LIST command, and (2) a long response to a CWD command.
unknown
2007-02-22
3.3CVE-2007-1080
MILW0RM
BID
WordPress -- WordPress
Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable.
unknown
2007-02-21
1.9CVE-2007-1049
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
Back to top



Last updated February 26, 2007