Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Bulletin SB07-281 archive

Vulnerability Summary for the Week of October 1, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
actSite -- actSite
Directory traversal vulnerability in phpinc/news.php in actSite 1.56 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the do parameter.
unknown
2007-10-03
7.5CVE-2007-5174
MILW0RM
OTHER-REF
BID
SECUNIA
ASP Product Catalog -- ASP Product Catalog
SQL injection vulnerability in catalog.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter and possibly other parameters.
unknown
2007-10-04
7.5CVE-2007-5220
BUGTRAQ
BID
Axis Communications -- 2100 Network Camera
Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page.
unknown
2007-10-04
9.3CVE-2007-5213
BUGTRAQ
OTHER-REF
BID
Computer Associates -- Desktop Management Suite
Computer Associates -- Protection Suites
Computer Associates -- BrightStor ARCserve Backup Laptops_Desktops
Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function.
unknown
2007-10-01
10.0CVE-2007-5003
EEYE
IDEFENSE
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
Computer Associates -- Desktop Management Suite
Computer Associates -- Protection Suites
Computer Associates -- BrightStor ARCserve Backup Laptops_Desktops
Integer overflow in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to execute arbitrary code via a long username and a certain "useless" password.
unknown
2007-10-01
9.3CVE-2007-5004
EEYE
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
Computer Associates -- Desktop Management Suite
Computer Associates -- Protection Suites
Computer Associates -- BrightStor ARCserve Backup Laptops_Desktops
Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbitrary files via a ..\ (dot dot backslash) sequence in the destination filename argument to sub-function 8 in the rxrReceiveFileFromServer command.
unknown
2007-10-01
10.0CVE-2007-5005
EEYE
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
Computer Associates -- Desktop Management Suite
Computer Associates -- Protection Suites
Computer Associates -- BrightStor ARCserve Backup Laptops_Desktops
Multiple command handlers in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 do not verify if a peer is authenticated, which allows remote attackers to add and delete users, and start client restores.
unknown
2007-10-01
10.0CVE-2007-5006
IDEFENSE
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
Computer Associates -- BrightStor Hierarchical Storage Manager
Multiple stack-based buffer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands.
unknown
2007-10-01
10.0CVE-2007-5082
IDEFENSE
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Computer Associates -- BrightStor Hierarchical Storage Manager
Multiple integer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands that trigger a heap-based buffer overflow.
unknown
2007-10-01
10.0CVE-2007-5083
IDEFENSE
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
e-Ark -- e-Ark
Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the cfg_vcard_path parameter to src/vcard_inc.php or (2) the cfg_phpmailer_path parameter to src/email_inc.php. NOTE: the ark_inc.php vector is already covered by CVE-2006-6086.
unknown
2007-10-04
7.5CVE-2007-5216
OTHER-REF
iceows -- iceows
IceGUI.DLL in ICEOWS 4.20b invokes a function with incorrect arguments, which allows user-assisted remote attackers to execute arbitrary code via a long filename in the header of an ACE archive, which triggers a stack-based buffer overflow.
unknown
2007-10-01
9.3CVE-2007-5155
OTHER-REF
SECUNIA
Jacob Hinkle -- Godsend
Multiple PHP remote file inclusion vulnerabilities in Jacob Hinkle GodSend 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the SCRIPT_DIR parameter to (1) gtk/main.inc.php or (2) cmdline.inc.php. NOTE: vector 2 is disputed by CVE because it is contained in unaccessible code, requiring that two undefined constants be equal.
unknown
2007-10-04
7.5CVE-2007-5215
OTHER-REF
Linux -- Kernel
mount and umount in Linux kernel calls the setuid and setgid functions in the wrong order and does not check the return values, which allows attackers to gain privileges via helpers such as mount.nfs.
unknown
2007-10-04
7.2CVE-2007-5191
OTHER-REF
MambAds -- MambAds
Mambo -- Mambo
SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter.
unknown
2007-10-03
7.5CVE-2007-5177
MILW0RM
BID
MAXdev -- MDPro
SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header.
unknown
2007-10-04
7.5CVE-2007-5222
OTHER-REF
OTHER-REF
BID
FRSIRT
XF
Netkamp -- Netkamp Emlak Scripti
SQL injection vulnerability in detay.asp in Netkamp Emlak Scripti allows remote attackers to execute arbitrary SQL commands via the ilan_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-10-03
7.5CVE-2007-5181
SECUNIA
NukeScripts -- NukeSentinel
SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125.
unknown
2007-10-01
7.5CVE-2007-5150
BUGTRAQ
OTHER-REF
OTHER-REF
BID
NukeScripts -- NukeSentinel
SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel 2.5.12 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie.
unknown
2007-10-01
7.5CVE-2007-5151
BUGTRAQ
OTHER-REF
BID
Ohesa Emlak Portali -- Ohesa Emlak Portali
Multiple SQL injection vulnerabilities in Ohesa Emlak Portali allow remote attackers to execute arbitrary SQL commands via the (1) Kategori parameter in satilik.asp and the (2) Emlak parameter in detay.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-10-03
7.5CVE-2007-5180
SECUNIA
PHP-Fusion -- Expanded Calendar module
PHP-Fusion -- PHP-Fusion
SQL injection vulnerability in infusions/calendar_events_panel/show_single.php in the Expanded Calendar 2.x module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the sel parameter.
unknown
2007-10-03
7.5CVE-2007-5187
MILW0RM
Poppawid -- Poppawid
PHP remote file inclusion vulnerability in mail/childwindow.inc.php in Poppawid 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the form parameter.
unknown
2007-10-04
7.5CVE-2007-5221
MILW0RM
BID
SmbFTPD -- SmbFTPD
Format string vulnerability in the SMBDirList function in dirlist.c in SmbFTPD 0.96 allows remote attackers to execute arbitrary code via format string specifiers in a directory name.
unknown
2007-10-03
7.5CVE-2007-5184
MILW0RM
OTHER-REF
BID
FRSIRT
SECUNIA
Sun -- Java System Application Server
Sun -- Java System Access Manager
Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks.
unknown
2007-10-01
7.5CVE-2007-5152
SUNALERT
Tcl_Tk -- Tcl_Tk
Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) before 8.4.16 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first.
unknown
2007-09-28
7.5CVE-2007-5137
OTHER-REF
SECUNIA
x-script -- GuestBook
Multiple SQL injection vulnerabilities in mes_add.php in x-script GuestBook 1.3a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) icq, and (4) website parameters.
unknown
2007-10-03
7.5CVE-2007-5189
BUGTRAQ
XOOPS -- Xoops
Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17.1-RC1 and earlier allows remote attackers to upload arbitrary files via unspecified vectors related to improper upload configuration settings in class/uploader.php and class/mimetypes.inc.php, possibly an incomplete blacklist that omits the .php4 extension.
unknown
2007-10-03
7.5CVE-2007-5188
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
actSite -- actSite
PHP remote file inclusion vulnerability lib/base.php in actSite 1.991 Beta allows remote attackers to execute arbitrary PHP code via a URL in the BaseCfg[BaseDir] parameter.
unknown
2007-10-03
6.8CVE-2007-5175
MILW0RM
BID
aimluck -- Aipo ASP
aimluck -- Aipo
Session fixation vulnerability in Aipo and Aipo ASP 3.0.1.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
unknown
2007-10-01
4.3CVE-2007-5154
OTHER-REF
SECUNIA
AlstraSoft -- Affiliate Network Pro
Multiple unspecified vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to include local files and have other unspecified impact, related to incorrect input validation or other defects involving (1) admin/backupstart.php, (2) a .sql filename under admin/admin/dump/, (3) a .sql filename in the fl parameter to admin/downloadbackup.php, and (4) a .. (dot dot) in the fl parameter to admin/downloadbackup.php.
unknown
2007-10-04
6.8CVE-2007-5223
BUGTRAQ
BID
Apache Software Foundation -- HTTP Server
sitex -- sitex CMS
FCKeditor -- FCKeditor
Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
unknown
2007-10-01
6.8CVE-2007-5156
BUGTRAQ
OTHER-REF
Apple -- Quicktime
Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045.
unknown
2007-10-04
6.8CVE-2007-4673
OTHER-REF
APPLE
BID
Arbor Networks -- Peakflow SP
Arbor Networks Peakflow SP before 3.5.1 patch 14, and 3.6.x before 3.6.1 patch 5, allows remote authenticated users to bypass access restrictions and read or write unspecified data via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-10-04
4.9CVE-2007-5210
SECUNIA
Arbor Networks -- Peakflow SP
Multiple cross-site scripting (XSS) vulnerabilities in Arbor Networks Peakflow SP 3.5.1 before patch 14, and 3.6.1 before patch 5, when scope accounts are enabled, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving GET or POST requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-10-04
4.3CVE-2007-5211
SECUNIA
Axis Communications -- 2100 Network Camera
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings.
unknown
2007-10-04
4.3CVE-2007-5212
BUGTRAQ
OTHER-REF
BID
Axis Communications -- 2100 Network Camera
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the root directory and (b) the view/ directory; (2) parameters associated with saved settings, as demonstrated by (c) the conf_Network_HostName parameter on the Network page and (d) the conf_Layout_OwnTitle parameter to ServerManager.srv; and (3) the query string to ServerManager.srv, which is displayed on the logs page. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings.
unknown
2007-10-04
4.3CVE-2007-5214
BUGTRAQ
OTHER-REF
BID
XF
XF
XF
CenterTools -- DriveLock
Stack-based buffer overflow in DriveLock.exe in CenterTools DriveLock 5.0 allows remote attackers to execute arbitrary code via a long HTTP request to TCP port 6061. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-10-04
6.8CVE-2007-5209
SECUNIA
Chupix -- Chupix CMS
PHP remote file inclusion vulnerability in admin/include/header.php in chupix 0.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter.
unknown
2007-09-28
6.8CVE-2007-5139
MILW0RM
clanlite -- clanlite
Multiple PHP remote file inclusion vulnerabilities in ClanLite 1.23.01.2005 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules/serveur_jeux.php or (2) conf/conf-php.php. NOTE: vector 1 is disputed by CVE because the require_once is only reached when a certain constant has already been defined.
unknown
2007-10-01
6.8CVE-2007-5168
OTHER-REF
Computer Associates -- BrightStor Hierarchical Storage Manager
Multiple SQL injection vulnerabilities in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary SQL commands via unspecified CsAgent service commands.
unknown
2007-10-01
6.8CVE-2007-5084
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Cyberlink -- PowerDVD
Directory traversal vulnerability in the CLAVSetting.CLSetting.1 ActiveX control in CLAVSetting.DLL 1.00.1829 in the CLAVSetting module in CyberLink PowerDVD 7.0 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the CreateNewFile method.
unknown
2007-10-04
6.4CVE-2007-5219
MILW0RM
BID
SECUNIA
Der Dirigent -- Der Dirigent
Multiple PHP remote file inclusion vulnerabilities in dedi-group Der Dirigent 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the dedi_path parameter to (1) inc.generate_code.php, (2) fnc.type_forms.php, or (3) fnc.type.php in backend/inc/, or (4) frontend.php or (5) backend.php in projekt01/cms/inc/; or (6) the this_dir parameter to backend/inc/class.filemanager.php. NOTE: vectors 4 and 5 are disputed by CVE because PHP encounters a fatal function-call error on a direct request for the file, before reaching the include statement.
unknown
2007-10-01
6.8CVE-2007-5146
OTHER-REF
Don Barnes -- DRBGuestbook
Cross-site scripting (XSS) vulnerability in index.php in Don Barnes DRBGuestbook 1.1.13 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
unknown
2007-10-04
5.0CVE-2007-5218
BUGTRAQ
egov -- Manger
Multiple cross-site scripting (XSS) vulnerabilities in eGov Manager allow remote attackers to inject arbitrary web script or HTML via unspecified "user-supplied input" to (1) center.exe or (2) Index.exe.
unknown
2007-10-04
5.0CVE-2007-5078
BUGTRAQ
OTHER-REF
BID
FrontAccounting -- FrontAccounting
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.12 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/logout.php or certain PHP scripts under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, (7) purchasing/, (8) reporting/, (9) sales/, or (10) taxes/. NOTE: the config.php vector is already covered by CVE-2007-4279, and the login.php and language.php vectors are already covered by CVE-2007-5117. NOTE: this issue is disputed by CVE because path_to_root is defined before use in all of the other files reported in the original disclosure.
unknown
2007-10-01
6.8CVE-2007-5148
OTHER-REF
Grokster -- Grokster
Altnet -- Altnet Download Manager
KaZaA -- KaZaA Media Desktop
Stack-based buffer overflow in the ADM4 ActiveX control in adm4.dll in Altnet Download Manager 4.0.0.6, as used in (1) Kazaa 3.2.7 and (2) Grokster, allows remote attackers to execute arbitrary code via a long argument to the Install method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-10-04
6.8CVE-2007-5217
FRSIRT
FRSIRT
SECUNIA
SECUNIA
grouplink -- eHelpDesk
Multiple cross-site scripting (XSS) vulnerabilities in GroupLink eHelpDesk 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) NA_DISPLAYNAME parameter in helpdesk/user/rf_create.jsp and the (2) username and (3) LDAPError parameters in index2.jsp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-10-03
4.3CVE-2007-5176
SECUNIA
i-Systems Inc. -- Feedreader
Cross-site scripting (XSS) vulnerability in the internal browser in i-Systems Feedreader 3.10 allows remote attackers to inject arbitrary web script or HTML via an item in a feed, as demonstrated by a WordPress blog update.
unknown
2007-10-01
4.3CVE-2007-5161
BUGTRAQ
BID
IntegraMOD -- Nederland
PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in IntegraMOD Nederland 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-09-28
6.8CVE-2007-5140
MILW0RM
Jimmac -- Original Photo Gallery
inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows remote attackers to execute arbitrary programs via the exif_prog parameter, which is specified in an exec function call.
unknown
2007-10-04
6.8CVE-2007-5224
BUGTRAQ
OTHER-REF
OTHER-REF
lustig -- lustig.cms
PHP remote file inclusion vulnerability in forum/forum.php in lustig.cms BETA 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the view parameter.
unknown
2007-09-28
6.8CVE-2007-5138
MILW0RM
megasol -- OdysseySuite
Cross-site scripting (XSS) vulnerability in Mailbox.mws in OdysseySuite, possibly 4.0.729, allows remote attackers to inject arbitrary web script or HTML via the idkey parameter.
unknown
2007-10-03
4.3CVE-2007-5183
OTHER-REF
Microsoft -- Windows Live Messenger
Buffer overflow in the GDI engine in Windows Live Messenger, as used for Windows MSN Live 8.1, allows user-assisted remote attackers to cause a denial of service (application crash or system crash) and possibly execute arbitrary code by placing a malformed file in a new folder under the Sharing Folders path, and triggering a synchronize operation through the Windows MSN Live online service, possibly related to extended file attributes and possibly related to an incomplete fix for MS07-046, as demonstrated by a (1) .jpg, (2) .gif, (3) .wmf, (4) .doc, or (5) .ico file.
unknown
2007-10-01
4.3CVE-2007-5144
OTHER-REF
BID
Microsoft -- windows-nt
Multiple buffer overflows in system DLL files in Microsoft Windows XP, as used by Microsoft Windows Explorer (explorer.exe) 6.00.2900.2180, Don Ho Notepad++, unspecified Adobe Macromedia applications, and other programs, allow user-assisted remote attackers to cause a denial of service (application crash) via long strings in the (1) author, (2) title, (3) subject, and (4) comment Properties fields of a file, possibly involving improper handling of extended file attributes by the (a) NtQueryInformationFile, (b) NtQueryDirectoryFile, (c) NtSetInformationFile, (d) FileAllInformation, (e) FileNameInformation, and other FILE_INFORMATION_CLASS functions in ntdll.dll and the (f) GetFileAttributesExW and (g) GetFileAttributesW functions in kernel32.dll, a related issue to CVE-2007-1347.
unknown
2007-10-01
4.3CVE-2007-5145
OTHER-REF
Microsoft -- Internet Explorer
The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attackers to change field focus and copy keystrokes via a certain use of a JavaScript htmlFor attribute, as demonstrated by changing focus from a textarea to a file upload field, a related issue to CVE-2007-3511.
unknown
2007-10-01
4.3CVE-2007-5158
OTHER-REF
BID
SECUNIA
mxBB -- MX Glance
contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB places a critical security check within a comment because of a missing comment delimiter, which allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via a URL in the mx_root_path parameter. NOTE: some sources incorrectly state that phpbb_root_path is the affected parameter.
unknown
2007-10-03
6.8CVE-2007-5178
MILW0RM
VIM
VIM
BID
myIpacNG-stats -- myIpacNG-stats
** DISPUTED ** PHP remote file inclusion vulnerability in init.php in Jens Tkotz myIpacNG-stats (MINGS) 0.05 allows remote attackers to execute arbitrary PHP code via a URL in the MINGS_BASE parameter. NOTE: this issue is disputed by CVE because MINGS_BASE is defined before use.
unknown
2007-10-01
6.8CVE-2007-5165
OTHER-REF
Nagios -- Plugins
Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10 allows remote web servers to execute arbitrary code via long Location header responses (redirects).
unknown
2007-10-04
6.8CVE-2007-5198
OTHER-REF
OTHER-REF
Netkamp -- Netkamp Emlak Scripti
Cross-site scripting (XSS) vulnerability in mail.asp in Netkamp Emlak Scripti allows remote attackers to inject arbitrary web script or HTML via the Email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-10-03
4.3CVE-2007-5182
SECUNIA
Nexty -- Nexty
** DISPUTED ** PHP remote file inclusion vulnerability in includes/functions/layout.php in Nexty 1.01.A Beta allows remote attackers to execute arbitrary PHP code via a URL in the rel parameter. NOTE: this issue is disputed by CVE because the applicable include is in a function that is not called on a direct request.
unknown
2007-10-01
6.8CVE-2007-5163
OTHER-REF
North Country Public Radio -- Public Media Manager
PHP remote file inclusion vulnerability in NewsCMS/news/newstopic_inc.php in North Country Public Radio Public Media Manager (PMM) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the indir parameter.
unknown
2007-10-01
6.8CVE-2007-5149
OTHER-REF
OpenID -- OpenID
phpBB -- phpBB
PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path parameter.
unknown
2007-10-03
6.8CVE-2007-5173
MILW0RM
BID
PHP Fidonet Tosser -- PHP Fidonet Tosser
phpFidoNode -- phpFidoNode
PHP remote file inclusion vulnerability in phfito-post.php in Alex Kocharin PHP Fidonet Tosser (PhFiTo) 1.3.0 in phpFidoNode allows remote attackers to execute arbitrary PHP code via a URL in the SRC_PATH parameter to phfito-post.
unknown
2007-10-01
6.8CVE-2007-5157
MILW0RM
BID
phpLister -- phpLister
PHP remote file inclusion vulnerability in .systeme/fonctions.php in phpLister 0.5-pre2 allows remote attackers to execute arbitrary PHP code via a URL in the nom_rep_systeme parameter.
unknown
2007-10-01
6.8CVE-2007-5167
OTHER-REF
phpwcms-xt -- phpwcms-xt
Multiple PHP remote file inclusion vulnerabilities in phpWCMS XT 0.0.7 BETA and earlier allow remote attackers to execute arbitrary PHP code via a URL in the HTML_MENU_DirPath parameter to (1) config_HTML_MENU.php and (2) config_PHPLM.php in phpwcms_template/inc_script/frontend_render/navigation/.
unknown
2007-10-03
6.8CVE-2007-5185
MILW0RM
Pidgin -- Pidgin
libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location."
unknown
2007-10-01
4.3CVE-2007-4996
OTHER-REF
SECUNIA
Puzzle Apps CMS -- Puzzle Apps CMS
Multiple PHP remote file inclusion vulnerabilities in Puzzle Apps CMS 2.2.1 allow remote attackers to execute arbitrary PHP code via a URL in the MODULEDIR parameter to (1) core/modules/my/my.module.php or (2) core/modules/xml/xml.module.php; the COREROOT parameter to (3) config.loader.php, (4) platform.loader.php, (5) core.loader.php, (6) person.loader.php, or (7) module.loader.php in core/ or (8) install/steps/step_3.php; or the THISDIR parameter to (9) people.lib.php, (10) general.lib.php, (11) content.lib.php, or (12) templates.lib.php in core/modules/admin/libs/ or (13) core/modules/webstat/MEC/index.php.
unknown
2007-10-01
6.8CVE-2007-5147
OTHER-REF
Quicksilver Forums -- Quicksilver Forums
Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows remote attackers to delete arbitrary PMs via unspecified vectors.
unknown
2007-10-01
5.0CVE-2007-5171
OTHER-REF
SECUNIA
Quicksilver Forums -- Quicksilver Forums
Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message.
unknown
2007-10-01
5.0CVE-2007-5172
OTHER-REF
SECUNIA
Restaurant Management System -- Restaurant Management System
Multiple PHP remote file inclusion vulnerabilities in Thierry Leriche Restaurant Management System (ReMaSys) 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the DIR_ROOT parameter to (a) global.php, or the (2) DIR_PAGE parameter to (b) template/fr/page.php or (c) page/fr/boxConnection.php.
unknown
2007-10-01
6.8CVE-2007-5160
OTHER-REF
rPath -- rmake
The Chroot server in rMake 1.0.11 creates a /dev/zero device file with read/write permissions for the rMake user and the same device numbers as /dev/port, which might allow local users to gain root privileges.
unknown
2007-10-04
6.9CVE-2007-5194
OTHER-REF
BID
ruby-lang -- Ruby
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.
unknown
2007-10-01
4.3CVE-2007-5162
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
Segue CMS -- Segue CMS
PHP remote file inclusion vulnerability in index.php in Segue CMS 1.8.4 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter, a different vector than CVE-2006-5497.
unknown
2007-10-03
6.8CVE-2007-5186
MILW0RM
VIM
VIM
SiteSys -- SiteSys
Multiple PHP remote file inclusion vulnerabilities in SiteSys 1.0a allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) inc/pagehead.inc.php or (2) inc/pageinit.inc.php.
unknown
2007-10-01
6.8CVE-2007-5166
OTHER-REF
sitex -- sitex CMS
SQL injection vulnerability in search.php in SiteX CMS 0.7.3 Beta allows remote attackers to execute arbitrary SQL commands via the search parameter.
unknown
2007-09-28
6.8CVE-2007-5141
BUGTRAQ
OTHER-REF
Solidweb -- Novus
Cross-site scripting (XSS) vulnerability in buscar.asp in Solidweb Novus 1.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-09-28
4.3CVE-2007-5142
BID
Sun -- Java System Application Server
Sun -- Java System Access Manager
Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-10-01
6.8CVE-2007-5153
SUNALERT
Sun -- Embedded Lights Out Manager
Unspecified vulnerability in the embedded service processor (SP) before 3.09 in Sun Fire X2100 M2 and X2200 M2 Embedded Lights Out Manager (ELOM) allows remote attackers to send arbitrary network traffic and act as a spam proxy.
unknown
2007-10-01
5.0CVE-2007-5170
SUNALERT
BID
SECUNIA
Sun -- Solaris
Unspecified vulnerability in Named Pipes on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via unknown vectors, possibly involving the pipe function.
unknown
2007-10-04
4.9CVE-2007-5225
SUNALERT
TWiki -- TWiki
The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied.
unknown
2007-10-04
5.0CVE-2007-5193
OTHER-REF
UniversiBO -- UniversiBO
** DISPUTED ** PHP remote file inclusion vulnerability in htmls/forum/includes/topic_review.php in UniversiBO 1.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue is disputed by CVE because the applicable include is in a function that is not called on a direct request.
unknown
2007-10-01
6.8CVE-2007-5164
OTHER-REF
Y&K Iletisim Formu -- Y&K Iletisim Formu
Multiple cross-site scripting (XSS) vulnerabilities in iletisim.asp in Y&K Iletisim Formu allow remote attackers to inject arbitrary web script or HTML via the (1) ad, (2) sehir, (3) yas, (4) cins, (5) tel, (6) mail, and (7) mesaj parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-10-03
4.3CVE-2007-5179
SECUNIA
Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Debian -- Duplicity
The FTP backend for Duplicity sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments.
unknown
2007-10-04
2.1CVE-2007-5201
OTHER-REF
OTHER-REF
Debian -- guilt
guilt 0.27 allows local users to overwrite arbitrary files via a symlink attack on a guilt.log.[PID] temporary file.
unknown
2007-10-04
3.3CVE-2007-5207
OTHER-REF
F-Secure -- F-Secure Anti-Virus
F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows local users to bypass virus scanning by using the system32 directory to store a crafted (1) archive or (2) packed executable. NOTE: in many environments, this does not cross privilege boundaries because any process able to write to system32 could also shut off F-Secure Anti-Virus.
unknown
2007-10-01
1.9CVE-2007-5143
OTHER-REF
SECUNIA
Linux -- Kernel
The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, which allows local users to cause a denial of service (panic) via unspecified vectors.
unknown
2007-10-04
1.9CVE-2007-4133
OTHER-REF
OTHER-REF
DEBIAN
BID
Back to top



Last updated October 08, 2007