Vulnerabilities - Ax3 Software

Sax2 Network Intrusion Detection System

A professional intrusion detection and prevention system (NIDS) which excels at real-time packet capture, 24/7 network monitor, advanced protocol analysis and automatic expert detection.

CAN-2007

Name: CVE-2007-0001

Description:
The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped.

Status: Candidate
Phase: Assigned (20061219)
Reference: MISC:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223129
Reference: REDHAT:RHSA-2007:0085
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0085.html
Reference: BID:22737
Reference: URL:http://www.securityfocus.com/bid/22737
Reference: SECTRACK:1017705
Reference: URL:http://www.securitytracker.com/id?1017705
Reference: SECUNIA:24300
Reference: URL:http://secunia.com/advisories/24300

Votes:

Name: CVE-2007-0002

Description:
Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. NOTE: the integer overflow has been split into CVE-2007-1466.

Status: Candidate
Phase: Assigned (20061219)
Reference: IDEFENSE:20070316 Multiple Vendor libwpd Multiple Buffer Overflow Vulnerabilities
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=490
Reference: BUGTRAQ:20070316 rPSA-2007-0057-1 libwpd
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/463033/100/0/threaded
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=494122
Reference: DEBIAN:DSA-1268
Reference: URL:http://www.debian.org/security/2007/dsa-1268
Reference: DEBIAN:DSA-1270
Reference: URL:http://www.debian.org/security/2007/dsa-1270
Reference: FEDORA:FEDORA-2007-350
Reference: URL:http://fedoranews.org/cms/node/2805
Reference: GENTOO:GLSA-200704-07
Reference: URL:http://security.gentoo.org/glsa/glsa-200704-07.xml
Reference: GENTOO:GLSA-200704-12
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200704-12.xml
Reference: MANDRIVA:MDKSA-2007:063
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:063
Reference: MANDRIVA:MDKSA-2007:064
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:064
Reference: REDHAT:RHSA-2007:0055
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0055.html
Reference: SLACKWARE:SSA-2007-085-02
Reference: URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.399659
Reference: SUNALERT:102863
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102863-1
Reference: SUSE:SUSE-SA:2007:023
Reference: URL:http://lists.suse.com/archive/suse-security-announce/2007-Mar/0007.html
Reference: UBUNTU:USN-437-1
Reference: URL:http://www.ubuntu.com/usn/usn-437-1
Reference: BID:23006
Reference: URL:http://www.securityfocus.com/bid/23006
Reference: FRSIRT:ADV-2007-0976
Reference: URL:http://www.frsirt.com/english/advisories/2007/0976
Reference: FRSIRT:ADV-2007-1032
Reference: URL:http://www.frsirt.com/english/advisories/2007/1032
Reference: FRSIRT:ADV-2007-1339
Reference: URL:http://www.frsirt.com/english/advisories/2007/1339
Reference: SECTRACK:1017789
Reference: URL:http://www.securitytracker.com/id?1017789
Reference: SECUNIA:24507
Reference: URL:http://secunia.com/advisories/24507
Reference: SECUNIA:24557
Reference: URL:http://secunia.com/advisories/24557
Reference: SECUNIA:24572
Reference: URL:http://secunia.com/advisories/24572
Reference: SECUNIA:24580
Reference: URL:http://secunia.com/advisories/24580
Reference: SECUNIA:24573
Reference: URL:http://secunia.com/advisories/24573
Reference: SECUNIA:24581
Reference: URL:http://secunia.com/advisories/24581
Reference: SECUNIA:24593
Reference: URL:http://secunia.com/advisories/24593
Reference: SECUNIA:24465
Reference: URL:http://secunia.com/advisories/24465
Reference: SECUNIA:24794
Reference: URL:http://secunia.com/advisories/24794
Reference: SECUNIA:24856
Reference: URL:http://secunia.com/advisories/24856
Reference: SECUNIA:24906
Reference: URL:http://secunia.com/advisories/24906
Reference: SECUNIA:24588
Reference: URL:http://secunia.com/advisories/24588
Reference: SECUNIA:24613
Reference: URL:http://secunia.com/advisories/24613
Reference: SECUNIA:24591
Reference: URL:http://secunia.com/advisories/24591

Votes:

Name: CVE-2007-0003

Description:
pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.

Status: Candidate
Phase: Assigned (20061219)
Reference: MLIST:[fedora-devel-list] 20070122 Re: rawhide report: 20070120 changes
Reference: URL:http://www.redhat.com/archives/fedora-devel-list/2007-January/msg01271.html
Reference: MLIST:[fedora-devel-list] 20070122 Re: rawhide report: 20070120 changes
Reference: URL:http://www.redhat.com/archives/fedora-devel-list/2007-January/msg01277.html
Reference: MLIST:[pam-list] 20070123 Linux-PAM 0.99.7.1 released
Reference: URL:https://www.redhat.com/archives/pam-list/2007-January/msg00017.html
Reference: SUSE:SUSE-SR:2007:003
Reference: URL:http://www.novell.com/linux/security/advisories/2007_3_sr.html
Reference: BID:22204
Reference: URL:http://www.securityfocus.com/bid/22204
Reference: FRSIRT:ADV-2007-0323
Reference: URL:http://www.frsirt.com/english/advisories/2007/0323
Reference: SECUNIA:23858
Reference: URL:http://secunia.com/advisories/23858
Reference: XF:linuxpam-pamunix-security-bypass(31739)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31739

Votes:

Name: CVE-2007-0004

Description:
The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the server would deny, and possibly obtain sensitive information about file permissions on the server, as demonstrated in a root_squash environment. NOTE: it is uncertain whether any scenarios involving this issue cross privilege boundaries.

Status: Candidate
Phase: Assigned (20061219)
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=199715

Votes:

Name: CVE-2007-0005

Description:
Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges.

Status: Candidate
Phase: Assigned (20061219)
Reference: BUGTRAQ:20070309 Buffer Overflow in Linux Drivers for Omnikey CardMan 4040 (CVE-2007-0005)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/462300/100/0/threaded
Reference: BUGTRAQ:20070615 rPSA-2007-0124-1 kernel xen
Reference: URL:http://www.securityfocus.com/archive/1/471457
Reference: CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.21-rc3
Reference: CONFIRM:https://issues.rpath.com/browse/RPL-1035
Reference: DEBIAN:DSA-1286
Reference: URL:http://www.debian.org/security/2007/dsa-1286
Reference: FEDORA:FEDORA-2007-335
Reference: URL:http://fedoranews.org/cms/node/2787
Reference: FEDORA:FEDORA-2007-336
Reference: URL:http://fedoranews.org/cms/node/2788
Reference: MANDRIVA:MDKSA-2007:078
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:078
Reference: REDHAT:RHSA-2007:0099
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0099.html
Reference: UBUNTU:USN-486-1
Reference: URL:http://www.ubuntu.com/usn/usn-486-1
Reference: UBUNTU:USN-489-1
Reference: URL:http://www.ubuntu.com/usn/usn-489-1
Reference: BID:22870
Reference: URL:http://www.securityfocus.com/bid/22870
Reference: FRSIRT:ADV-2007-0872
Reference: URL:http://www.frsirt.com/english/advisories/2007/0872
Reference: OSVDB:33023
Reference: URL:http://www.osvdb.org/33023
Reference: SECUNIA:24436
Reference: URL:http://secunia.com/advisories/24436
Reference: SECUNIA:24518
Reference: URL:http://secunia.com/advisories/24518
Reference: SECUNIA:24777
Reference: URL:http://secunia.com/advisories/24777
Reference: SECUNIA:24901
Reference: URL:http://secunia.com/advisories/24901
Reference: SECUNIA:25078
Reference: URL:http://secunia.com/advisories/25078
Reference: SECUNIA:25691
Reference: URL:http://secunia.com/advisories/25691
Reference: SECUNIA:26133
Reference: URL:http://secunia.com/advisories/26133
Reference: SECUNIA:26139
Reference: URL:http://secunia.com/advisories/26139
Reference: XF:kernel-cardman4040drivers-bo(32880)
Reference: URL:http://xforce.iss.net/xforce/xfdb/32880

Votes:

Name: CVE-2007-0006

Description:
The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion."

Status: Candidate
Phase: Assigned (20061219)
Reference: BUGTRAQ:20070615 rPSA-2007-0124-1 kernel xen
Reference: URL:http://www.securityfocus.com/archive/1/471457
Reference: CONFIRM:http://bugzilla.kernel.org/show_bug.cgi?id=7727
Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=227495
Reference: CONFIRM:https://issues.rpath.com/browse/RPL-1097
Reference: MANDRIVA:MDKSA-2007:047
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:047
Reference: MANDRIVA:MDKSA-2007:060
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:060
Reference: REDHAT:RHSA-2007:0085
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0085.html
Reference: REDHAT:RHSA-2007:0099
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0099.html
Reference: SUSE:SUSE-SA:2007:021
Reference: URL:http://www.novell.com/linux/security/advisories/2007_21_kernel.html
Reference: UBUNTU:USN-451-1
Reference: URL:http://www.ubuntu.com/usn/usn-451-1
Reference: BID:22539
Reference: URL:http://www.securityfocus.com/bid/22539
Reference: SECUNIA:24109
Reference: URL:http://secunia.com/advisories/24109
Reference: SECUNIA:24259
Reference: URL:http://secunia.com/advisories/24259
Reference: SECUNIA:24300
Reference: URL:http://secunia.com/advisories/24300
Reference: SECUNIA:24429
Reference: URL:http://secunia.com/advisories/24429
Reference: SECUNIA:24482
Reference: URL:http://secunia.com/advisories/24482
Reference: SECUNIA:24547
Reference: URL:http://secunia.com/advisories/24547
Reference: SECUNIA:24752
Reference: URL:http://secunia.com/advisories/24752
Reference: SECUNIA:25691
Reference: URL:http://secunia.com/advisories/25691

Votes:

Name: CVE-2007-0007

Description:
gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files.

Status: Candidate
Phase: Assigned (20061219)
Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223233
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?group_id=192&release_id=487446
Reference: FEDORA:FEDORA-2007-256
Reference: URL:http://fedoranews.org/cms/node/2725
Reference: MANDRIVA:MDKSA-2007:046
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:046
Reference: BID:22610
Reference: URL:http://www.securityfocus.com/bid/22610
Reference: FRSIRT:ADV-2007-0653
Reference: URL:http://www.frsirt.com/english/advisories/2007/0653
Reference: SECUNIA:24225
Reference: URL:http://secunia.com/advisories/24225
Reference: SECUNIA:24226
Reference: URL:http://secunia.com/advisories/24226
Reference: SECUNIA:24317
Reference: URL:http://secunia.com/advisories/24317
Reference: XF:gnucash-symlink(32558)
Reference: URL:http://xforce.iss.net/xforce/xfdb/32558

Votes:

Name: CVE-2007-0008

Description:
Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.

Status: Candidate
Phase: Assigned (20061219)
Reference: BUGTRAQ:20070226 rPSA-2007-0040-1 firefox
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/461336/100/0/threaded
Reference: BUGTRAQ:20070303 rPSA-2007-0040-3 firefox thunderbird
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/461809/100/0/threaded
Reference: CONFIRM:http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
Reference: IDEFENSE:20070223 Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482
Reference: MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=364319
Reference: CONFIRM:https://issues.rpath.com/browse/RPL-1081
Reference: CONFIRM:https://issues.rpath.com/browse/RPL-1103
Reference: DEBIAN:DSA-1336
Reference: URL:http://www.debian.org/security/2007/dsa-1336
Reference: FEDORA:FEDORA-2007-278
Reference: URL:http://fedoranews.org/cms/node/2709
Reference: FEDORA:FEDORA-2007-279
Reference: URL:http://fedoranews.org/cms/node/2711
Reference: FEDORA:FEDORA-2007-281
Reference: URL:http://fedoranews.org/cms/node/2713
Reference: FEDORA:FEDORA-2007-293
Reference: URL:http://fedoranews.org/cms/node/2728
Reference: FEDORA:FEDORA-2007-308
Reference: URL:http://fedoranews.org/cms/node/2747
Reference: FEDORA:FEDORA-2007-309
Reference: URL:http://fedoranews.org/cms/node/2749
Reference: GENTOO:GLSA-200703-18
Reference: URL:http://security.gentoo.org/glsa/glsa-200703-18.xml
Reference: GENTOO:GLSA-200703-22
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml
Reference: HP:HPSBUX02153
Reference: URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Reference: HP:SSRT061181
Reference: URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Reference: MANDRIVA:MDKSA-2007:050
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
Reference: MANDRIVA:MDKSA-2007:052
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
Reference: REDHAT:RHSA-2007:0079
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0079.html
Reference: REDHAT:RHSA-2007:0077
Reference: URL:http://rhn.redhat.com/errata/RHSA-2007-0077.html
Reference: REDHAT:RHSA-2007:0078
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0078.html
Reference: REDHAT:RHSA-2007:0097
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0097.html
Reference: REDHAT:RHSA-2007:0108
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0108.html
Reference: SGI:20070301-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
Reference: SGI:20070202-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
Reference: SLACKWARE:SSA:2007-066-03
Reference: URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
Reference: SLACKWARE:SSA:2007-066-04
Reference: URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
Reference: SLACKWARE:SSA:2007-066-05
Reference: URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
Reference: SUNALERT:102856
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1
Reference: SUNALERT:102945
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1
Reference: SUSE:SUSE-SA:2007:019
Reference: URL:http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
Reference: SUSE:SUSE-SA:2007:022
Reference: URL:http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
Reference: UBUNTU:USN-428-1
Reference: URL:http://www.ubuntu.com/usn/usn-428-1
Reference: UBUNTU:USN-431-1
Reference: URL:http://www.ubuntu.com/usn/usn-431-1
Reference: CERT-VN:VU#377812
Reference: URL:http://www.kb.cert.org/vuls/id/377812
Reference: BID:22694
Reference: URL:http://www.securityfocus.com/bid/22694
Reference: FRSIRT:ADV-2007-0719
Reference: URL:http://www.frsirt.com/english/advisories/2007/0719
Reference: FRSIRT:ADV-2007-0718
Reference: URL:http://www.frsirt.com/english/advisories/2007/0718
Reference: FRSIRT:ADV-2007-1165
Reference: URL:http://www.frsirt.com/english/advisories/2007/1165
Reference: FRSIRT:ADV-2007-2141
Reference: URL:http://www.frsirt.com/english/advisories/2007/2141
Reference: OSVDB:32105
Reference: URL:http://www.osvdb.org/32105
Reference: SECTRACK:1017696
Reference: URL:http://www.securitytracker.com/id?1017696
Reference: SECUNIA:24238
Reference: URL:http://secunia.com/advisories/24238
Reference: SECUNIA:24252
Reference: URL:http://secunia.com/advisories/24252
Reference: SECUNIA:24253
Reference: URL:http://secunia.com/advisories/24253
Reference: SECUNIA:24277
Reference: URL:http://secunia.com/advisories/24277
Reference: SECUNIA:24287
Reference: URL:http://secunia.com/advisories/24287
Reference: SECUNIA:24290
Reference: URL:http://secunia.com/advisories/24290
Reference: SECUNIA:24205
Reference: URL:http://secunia.com/advisories/24205
Reference: SECUNIA:24328
Reference: URL:http://secunia.com/advisories/24328
Reference: SECUNIA:24333
Reference: URL:http://secunia.com/advisories/24333
Reference: SECUNIA:24343
Reference: URL:http://secunia.com/advisories/24343
Reference: SECUNIA:24320
Reference: URL:http://secunia.com/advisories/24320
Reference: SECUNIA:24293
Reference: URL:http://secunia.com/advisories/24293
Reference: SECUNIA:24395
Reference: URL:http://secunia.com/advisories/24395
Reference: SECUNIA:24384
Reference: URL:http://secunia.com/advisories/24384
Reference: SECUNIA:24389
Reference: URL:http://secunia.com/advisories/24389
Reference: SECUNIA:24410
Reference: URL:http://secunia.com/advisories/24410
Reference: SECUNIA:24522
Reference: URL:http://secunia.com/advisories/24522
Reference: SECUNIA:24562
Reference: URL:http://secunia.com/advisories/24562
Reference: SECUNIA:24703
Reference: URL:http://secunia.com/advisories/24703
Reference: SECUNIA:24650
Reference: URL:http://secunia.com/advisories/24650
Reference: SECUNIA:25597
Reference: URL:http://secunia.com/advisories/25597
Reference: SECUNIA:24406
Reference: URL:http://secunia.com/advisories/24406
Reference: SECUNIA:24455
Reference: URL:http://secunia.com/advisories/24455
Reference: SECUNIA:24456
Reference: URL:http://secunia.com/advisories/24456
Reference: SECUNIA:24457
Reference: URL:http://secunia.com/advisories/24457
Reference: SECUNIA:24342
Reference: URL:http://secunia.com/advisories/24342
Reference: SECUNIA:25588
Reference: URL:http://secunia.com/advisories/25588
Reference: XF:nss-mastersecret-bo(32666)
Reference: URL:http://xforce.iss.net/xforce/xfdb/32666

Votes:

Name: CVE-2007-0009

Description:
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.

Status: Candidate
Phase: Assigned (20061219)
Reference: BUGTRAQ:20070226 rPSA-2007-0040-1 firefox
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/461336/100/0/threaded
Reference: BUGTRAQ:20070303 rPSA-2007-0040-3 firefox thunderbird
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/461809/100/0/threaded
Reference: CONFIRM:http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
Reference: IDEFENSE:20070223 Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483
Reference: MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=364323
Reference: CONFIRM:https://issues.rpath.com/browse/RPL-1081
Reference: CONFIRM:https://issues.rpath.com/browse/RPL-1103
Reference: DEBIAN:DSA-1336
Reference: URL:http://www.debian.org/security/2007/dsa-1336
Reference: FEDORA:FEDORA-2007-278
Reference: URL:http://fedoranews.org/cms/node/2709
Reference: FEDORA:FEDORA-2007-279
Reference: URL:http://fedoranews.org/cms/node/2711
Reference: FEDORA:FEDORA-2007-308
Reference: URL:http://fedoranews.org/cms/node/2747
Reference: FEDORA:FEDORA-2007-309
Reference: URL:http://fedoranews.org/cms/node/2749
Reference: GENTOO:GLSA-200703-18
Reference: URL:http://security.gentoo.org/glsa/glsa-200703-18.xml
Reference: GENTOO:GLSA-200703-22
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml
Reference: HP:HPSBUX02153
Reference: URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Reference: HP:SSRT061181
Reference: URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Reference: MANDRIVA:MDKSA-2007:050
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
Reference: MANDRIVA:MDKSA-2007:052
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
Reference: REDHAT:RHSA-2007:0079
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0079.html
Reference: REDHAT:RHSA-2007:0077
Reference: URL:http://rhn.redhat.com/errata/RHSA-2007-0077.html
Reference: REDHAT:RHSA-2007:0078
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0078.html
Reference: REDHAT:RHSA-2007:0097
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0097.html
Reference: REDHAT:RHSA-2007:0108
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0108.html
Reference: SGI:20070301-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
Reference: SGI:20070202-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
Reference: SLACKWARE:SSA:2007-066-03
Reference: URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
Reference: SLACKWARE:SSA:2007-066-04
Reference: URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
Reference: SLACKWARE:SSA:2007-066-05
Reference: URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
Reference: SUNALERT:102856
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1
Reference: SUNALERT:102945
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1
Reference: SUSE:SUSE-SA:2007:019
Reference: URL:http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
Reference: SUSE:SUSE-SA:2007:022
Reference: URL:http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
Reference: UBUNTU:USN-428-1
Reference: URL:http://www.ubuntu.com/usn/usn-428-1
Reference: UBUNTU:USN-431-1
Reference: URL:http://www.ubuntu.com/usn/usn-431-1
Reference: CERT-VN:VU#592796
Reference: URL:http://www.kb.cert.org/vuls/id/592796
Reference: FRSIRT:ADV-2007-0719
Reference: URL:http://www.frsirt.com/english/advisories/2007/0719
Reference: FRSIRT:ADV-2007-0718
Reference: URL:http://www.frsirt.com/english/advisories/2007/0718
Reference: FRSIRT:ADV-2007-1165
Reference: URL:http://www.frsirt.com/english/advisories/2007/1165
Reference: FRSIRT:ADV-2007-2141
Reference: URL:http://www.frsirt.com/english/advisories/2007/2141
Reference: OSVDB:32106
Reference: URL:http://www.osvdb.org/32106
Reference: SECTRACK:1017696
Reference: URL:http://www.securitytracker.com/id?1017696
Reference: SECUNIA:24253
Reference: URL:http://secunia.com/advisories/24253
Reference: SECUNIA:24277
Reference: URL:http://secunia.com/advisories/24277
Reference: SECUNIA:24287
Reference: URL:http://secunia.com/advisories/24287
Reference: SECUNIA:24290
Reference: URL:http://secunia.com/advisories/24290
Reference: SECUNIA:24333
Reference: URL:http://secunia.com/advisories/24333
Reference: SECUNIA:24343
Reference: URL:http://secunia.com/advisories/24343
Reference: SECUNIA:24293
Reference: URL:http://secunia.com/advisories/24293
Reference: SECUNIA:24395
Reference: URL:http://secunia.com/advisories/24395
Reference: SECUNIA:24384
Reference: URL:http://secunia.com/advisories/24384
Reference: SECUNIA:24389
Reference: URL:http://secunia.com/advisories/24389
Reference: SECUNIA:24410
Reference: URL:http://secunia.com/advisories/24410
Reference: SECUNIA:24522
Reference: URL:http://secunia.com/advisories/24522
Reference: SECUNIA:24562
Reference: URL:http://secunia.com/advisories/24562
Reference: SECUNIA:24703
Reference: URL:http://secunia.com/advisories/24703
Reference: SECUNIA:24650
Reference: URL:http://secunia.com/advisories/24650
Reference: SECUNIA:25597
Reference: URL:http://secunia.com/advisories/25597
Reference: SECUNIA:24406
Reference: URL:http://secunia.com/advisories/24406
Reference: SECUNIA:24455
Reference: URL:http://secunia.com/advisories/24455
Reference: SECUNIA:24456
Reference: URL:http://secunia.com/advisories/24456
Reference: SECUNIA:24457
Reference: URL:http://secunia.com/advisories/24457
Reference: SECUNIA:24342
Reference: URL:http://secunia.com/advisories/24342
Reference: SECUNIA:25588
Reference: URL:http://secunia.com/advisories/25588
Reference: XF:nss-clientmasterkey-bo(32663)
Reference: URL:http://xforce.iss.net/xforce/xfdb/32663

Votes:

Name: CVE-2007-0010

Description:
The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.

Status: Candidate
Phase: Assigned (20061219)
Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218932
Reference: CONFIRM:https://issues.rpath.com/browse/RPL-984
Reference: DEBIAN:DSA-1256
Reference: URL:http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00011.html
Reference: MANDRIVA:MDKSA-2007:039
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:039
Reference: REDHAT:RHSA-2007:0019
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0019.html
Reference: SUSE:SUSE-SR:2007:002
Reference: URL:http://www.novell.com/linux/security/advisories/2007_02_sr.html
Reference: UBUNTU:USN-415-1
Reference: URL:http://www.ubuntu.com/usn/usn-415-1
Reference: BID:22209
Reference: URL:http://www.securityfocus.com/bid/22209
Reference: FRSIRT:ADV-2007-0331
Reference: URL:http://www.frsirt.com/english/advisories/2007/0331
Reference: SECTRACK:1017552
Reference: URL:http://securitytracker.com/id?1017552
Reference: SECUNIA:23884
Reference: URL:http://secunia.com/advisories/23884
Reference: SECUNIA:23933
Reference: URL:http://secunia.com/advisories/23933
Reference: SECUNIA:23935
Reference: URL:http://secunia.com/advisories/23935
Reference: SECUNIA:24010
Reference: URL:http://secunia.com/advisories/24010
Reference: SECUNIA:24006
Reference: URL:http://secunia.com/advisories/24006
Reference: SECUNIA:24095
Reference: URL:http://secunia.com/advisories/24095
Reference: SECUNIA:23984
Reference: URL:http://secunia.com/advisories/23984

Votes:

Name: CVE-2007-0011

Description:
The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache.

Status: Candidate
Phase: Assigned (20070101)
Reference: BUGTRAQ:20071022 Corsaire Security Advisory - Citrix Access Gateway session ID disclosure issue
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/482626/100/100/threaded
Reference: CONFIRM:http://support.citrix.com/article/CTX112803
Reference: CONFIRM:http://support.citrix.com/article/CTX113814
Reference: BID:24975
Reference: URL:http://www.securityfocus.com/bid/24975
Reference: FRSIRT:ADV-2007-2583
Reference: URL:http://www.frsirt.com/english/advisories/2007/2583
Reference: SECTRACK:1018435
Reference: URL:http://securitytracker.com/id?1018435
Reference: SECUNIA:26143
Reference: URL:http://secunia.com/advisories/26143
Reference: XF:citrix-access-unspeci-information-disclosure(35510)
Reference: URL:http://xforce.iss.net/xforce/xfdb/35510

Votes:

Name: CVE-2007-0012

Description:
Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer crash) via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet is decoded and passed to the JVM.

Status: Candidate
Phase: Assigned (20070101)
Reference: BUGTRAQ:20080108 Corsaire Security Advisory: Sun J2RE DoS issue
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485942/100/0/threaded
Reference: BID:27185
Reference: URL:http://www.securityfocus.com/bid/27185
Reference: SREASON:3527
Reference: URL:http://securityreason.com/securityalert/3527
Reference: XF:sun-java-jpiexp32-dos(39549)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39549

Votes:

Name: CVE-2007-0013

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20070101)

Votes:

Name: CVE-2007-0014

Description:
ChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM.

Status: Candidate
Phase: Assigned (20070101)
Reference: BUGTRAQ:20070112 Corsaire Security Advisory: ChainKey Java Code Protection Bypass issue
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456712/100/0/threaded
Reference: BUGTRAQ:20070112 Re: Corsaire Security Advisory: ChainKey Java Code Protection Bypass issue
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456734/100/0/threaded

Votes:

Name: CVE-2007-0015

Description:
Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI.

Status: Candidate
Phase: Assigned (20070101)
Reference: MISC:http://projects.info-pull.com/moab/MOAB-01-01-2007.html
Reference: MILW0RM:3064
Reference: URL:http://milw0rm.com/exploits/3064
Reference: MISC:http://landonf.bikemonkey.org/code/macosx/MOAB_Day_1.20070102060815.15950.zadder.local.html
Reference: MISC:http://isc.sans.org/diary.html?storyid=2094
Reference: MISC:http://secunia.com/blog/7/
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=304989
Reference: APPLE:APPLE-SA-2007-01-23
Reference: URL:http://lists.apple.com/archives/Security-announce/2007/Jan/msg00000.html
Reference: CERT:TA07-005A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-005A.html
Reference: CERT-VN:VU#442497
Reference: URL:http://www.kb.cert.org/vuls/id/442497
Reference: BID:21829
Reference: URL:http://www.securityfocus.com/bid/21829
Reference: FRSIRT:ADV-2007-0001
Reference: URL:http://www.frsirt.com/english/advisories/2007/0001
Reference: OSVDB:31023
Reference: URL:http://www.osvdb.org/31023
Reference: SECTRACK:1017461
Reference: URL:http://securitytracker.com/id?1017461
Reference: SECUNIA:23540
Reference: URL:http://secunia.com/advisories/23540
Reference: XF:quicktime-rtsp-url-bo(31203)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31203

Votes:

Name: CVE-2007-0016

Description:
Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers to execute arbitrary code via a long filename in a LST file.

Status: Candidate
Phase: Assigned (20070102)
Reference: MILW0RM:4051
Reference: URL:http://www.milw0rm.com/exploits/4051
Reference: BID:21840
Reference: URL:http://www.securityfocus.com/bid/21840
Reference: SECUNIA:22959
Reference: URL:http://secunia.com/advisories/22959

Votes:

Name: CVE-2007-0017

Description:
Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.

Status: Candidate
Phase: Assigned (20070102)
Reference: MLIST:[vlc-devel] 20070102 Security hole in VLC media player for Mac...
Reference: URL:http://www.via.ecp.fr/via/ml/vlc-devel/2007-01/msg00005.html
Reference: MISC:http://projects.info-pull.com/moab/MOAB-02-01-2007.html
Reference: MISC:http://applefun.blogspot.com/2007/01/moab-02-01-2007-vlc-media-player-udp.html
Reference: MISC:http://landonf.bikemonkey.org/code/macosx/MOAB_Day_2.20070103045559.6753.timor.html
Reference: CONFIRM:http://trac.videolan.org/vlc/changeset/18481
Reference: CONFIRM:http://www.videolan.org/patches/vlc-0.8.6-MOAB-02-01-2007.patch
Reference: CONFIRM:http://www.videolan.org/sa0701.html
Reference: DEBIAN:DSA-1252
Reference: URL:http://www.debian.org/security/2007/dsa-1252
Reference: GENTOO:GLSA-200701-24
Reference: URL:http://security.gentoo.org/glsa/glsa-200701-24.xml
Reference: SUSE:SUSE-SA:2007:013
Reference: URL:http://www.novell.com/linux/security/advisories/2007_13_xine.html
Reference: BID:21852
Reference: URL:http://www.securityfocus.com/bid/21852
Reference: FRSIRT:ADV-2007-0026
Reference: URL:http://www.frsirt.com/english/advisories/2007/0026
Reference: SECTRACK:1017464
Reference: URL:http://securitytracker.com/id?1017464
Reference: SECUNIA:23592
Reference: URL:http://secunia.com/advisories/23592
Reference: SECUNIA:23829
Reference: URL:http://secunia.com/advisories/23829
Reference: SECUNIA:23910
Reference: URL:http://secunia.com/advisories/23910
Reference: SECUNIA:23971
Reference: URL:http://secunia.com/advisories/23971
Reference: XF:vlcmediaplayer-udp-format-string(31226)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31226

Votes:

Name: CVE-2007-0018

Description:
Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; (28) MP3 WAV Converter; (29) BearShare 6.0.2.26789; and (30) Oracle Siebel SimBuilder and CRM 7.x.

Status: Candidate
Phase: Assigned (20070102)
Reference: BUGTRAQ:20070124 Re: Secunia Research: NCTsoft Products NCTAudioFile2 ActiveXControl Buffer Overflow
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457965/100/200/threaded
Reference: BUGTRAQ:20070124 Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX ControlBuffer Overflow
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457936/100/200/threaded
Reference: BUGTRAQ:20070124 Secunia Research: Sienzo Digital Music Mentor NCTAudioFile2ActiveX Control Buffer Overflow
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457940/100/200/threaded
Reference: MISC:http://secunia.com/secunia_research/2007-2/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-3/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-4/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-5/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-6/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-7/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-8/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-9/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-10/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-11/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-12/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-13/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-14/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-15/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-16/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-17/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-18/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-19/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-20/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-21/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-22/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-23/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-24/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-25/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-26/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-27/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-28/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-29/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-30/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-31/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-32/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-33/advisory/
Reference: MISC:http://secunia.com/secunia_research/2007-34/advisory/
Reference: MISC:http://secunia.com/blog/6/
Reference: MISC:http://secunia.com/secunia_research/2007-50/advisory/
Reference: CERT-VN:VU#292713
Reference: URL:http://www.kb.cert.org/vuls/id/292713
Reference: BID:22196
Reference: URL:http://www.securityfocus.com/bid/22196
Reference: BID:23892
Reference: URL:http://www.securityfocus.com/bid/23892
Reference: FRSIRT:ADV-2007-0310
Reference: URL:http://www.frsirt.com/english/advisories/2007/0310
Reference: SECUNIA:23475
Reference: URL:http://secunia.com/advisories/23475
Reference: SECUNIA:23493
Reference: URL:http://secunia.com/advisories/23493
Reference: SECUNIA:23532
Reference: URL:http://secunia.com/advisories/23532
Reference: SECUNIA:23543
Reference: URL:http://secunia.com/advisories/23543
Reference: SECUNIA:23551
Reference: URL:http://secunia.com/advisories/23551
Reference: SECUNIA:23552
Reference: URL:http://secunia.com/advisories/23552
Reference: SECUNIA:23553
Reference: URL:http://secunia.com/advisories/23553
Reference: SECUNIA:23557
Reference: URL:http://secunia.com/advisories/23557
Reference: SECUNIA:23568
Reference: URL:http://secunia.com/advisories/23568
Reference: SECUNIA:23485
Reference: URL:http://secunia.com/advisories/23485
Reference: SECUNIA:23495
Reference: URL:http://secunia.com/advisories/23495
Reference: SECUNIA:23511
Reference: URL:http://secunia.com/advisories/23511
Reference: SECUNIA:23516
Reference: URL:http://secunia.com/advisories/23516
Reference: SECUNIA:23530
Reference: URL:http://secunia.com/advisories/23530
Reference: SECUNIA:23534
Reference: URL:http://secunia.com/advisories/23534
Reference: SECUNIA:23535
Reference: URL:http://secunia.com/advisories/23535
Reference: SECUNIA:23536
Reference: URL:http://secunia.com/advisories/23536
Reference: SECUNIA:23541
Reference: URL:http://secunia.com/advisories/23541
Reference: SECUNIA:23542
Reference: URL:http://secunia.com/advisories/23542
Reference: SECUNIA:23544
Reference: URL:http://secunia.com/advisories/23544
Reference: SECUNIA:23546
Reference: URL:http://secunia.com/advisories/23546
Reference: SECUNIA:23548
Reference: URL:http://secunia.com/advisories/23548
Reference: SECUNIA:23550
Reference: URL:http://secunia.com/advisories/23550
Reference: SECUNIA:23554
Reference: URL:http://secunia.com/advisories/23554
Reference: SECUNIA:23558
Reference: URL:http://secunia.com/advisories/23558
Reference: SECUNIA:23560
Reference: URL:http://secunia.com/advisories/23560
Reference: SECUNIA:23561
Reference: URL:http://secunia.com/advisories/23561
Reference: SECUNIA:23562
Reference: URL:http://secunia.com/advisories/23562
Reference: SECUNIA:23565
Reference: URL:http://secunia.com/advisories/23565
Reference: SECUNIA:23745
Reference: URL:http://secunia.com/advisories/23745
Reference: SECUNIA:23753
Reference: URL:http://secunia.com/advisories/23753
Reference: SECUNIA:23795
Reference: URL:http://secunia.com/advisories/23795
Reference: SECUNIA:22922
Reference: URL:http://secunia.com/advisories/22922
Reference: SECUNIA:25993
Reference: URL:http://secunia.com/advisories/25993
Reference: SECUNIA:26046
Reference: URL:http://secunia.com/advisories/26046
Reference: SECUNIA:26100
Reference: URL:http://secunia.com/advisories/26100
Reference: SECUNIA:26101
Reference: URL:http://secunia.com/advisories/26101
Reference: SECUNIA:28407
Reference: URL:http://secunia.com/advisories/28407
Reference: XF:nctaudiofile2-multiple-bo(31707)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31707

Votes:

Name: CVE-2007-0019

Description:
Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service.

Status: Candidate
Phase: Assigned (20070102)
Reference: MISC:http://projects.info-pull.com/moab/MOAB-18-01-2007.html
Reference: SECUNIA:23842
Reference: URL:http://secunia.com/advisories/23842
Reference: XF:rumpus-ftp-service-bo(31594)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31594

Votes:

Name: CVE-2007-0020

Description:
Heap-based buffer overflow in the SFTP protocol handler for Panic Transmit (Transmit.app) up to 3.5.5 allows remote attackers to execute arbitrary code via a long ftps:// URL.

Status: Candidate
Phase: Assigned (20070102)
Reference: MISC:http://projects.info-pull.com/moab/MOAB-19-01-2007.html
Reference: MILW0RM:3160
Reference: URL:http://milw0rm.com/exploits/3160
Reference: FRSIRT:ADV-2007-0273
Reference: URL:http://www.frsirt.com/english/advisories/2007/0273
Reference: SECUNIA:23861
Reference: URL:http://secunia.com/advisories/23861
Reference: XF:transmit-url-handler-bo(31673)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31673

Votes:

Name: CVE-2007-0021

Description:
Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI.

Status: Candidate
Phase: Assigned (20070102)
Reference: MISC:http://projects.info-pull.com/moab/MOAB-20-01-2007.html
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=305102
Reference: APPLE:APPLE-SA-2007-02-15
Reference: URL:http://lists.apple.com/archives/Security-announce/2007/Feb/msg00000.html
Reference: CERT:TA07-047A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-047A.html
Reference: CERT-VN:VU#794752
Reference: URL:http://www.kb.cert.org/vuls/id/794752
Reference: BID:22146
Reference: URL:http://www.securityfocus.com/bid/22146
Reference: FRSIRT:ADV-2007-0274
Reference: URL:http://www.frsirt.com/english/advisories/2007/0274
Reference: SECTRACK:1017661
Reference: URL:http://www.securitytracker.com/id?1017661
Reference: SECUNIA:24198
Reference: URL:http://secunia.com/advisories/24198
Reference: XF:ichat-aim-format-string(31679)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31679

Votes:

Name: CVE-2007-0022

Description:
Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to gain privileges via a modified PATH that points to a malicious launchctl program.

Status: Candidate
Phase: Assigned (20070102)
Reference: MISC:http://projects.info-pull.com/moab/MOAB-21-01-2007.html
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=305391
Reference: APPLE:APPLE-SA-2007-04-19
Reference: URL:http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html
Reference: CERT:TA07-109A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-109A.html
Reference: BID:22148
Reference: URL:http://www.securityfocus.com/bid/22148
Reference: FRSIRT:ADV-2007-1470
Reference: URL:http://www.frsirt.com/english/advisories/2007/1470
Reference: FRSIRT:ADV-2007-0074
Reference: URL:http://www.frsirt.com/english/advisories/2007/0074
Reference: OSVDB:31605
Reference: URL:http://www.osvdb.org/31605
Reference: SECTRACK:1017941
Reference: URL:http://www.securitytracker.com/id?1017941
Reference: SECUNIA:23793
Reference: URL:http://secunia.com/advisories/23793
Reference: SECUNIA:24966
Reference: URL:http://secunia.com/advisories/24966
Reference: XF:macos-writeconfig-privilege-escalation(31677)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31677

Votes:

Name: CVE-2007-0023

Description:
The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user.

Status: Candidate
Phase: Assigned (20070102)
Reference: MISC:http://projects.info-pull.com/moab/MOAB-22-01-2007.html
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=305102
Reference: APPLE:APPLE-SA-2007-02-15
Reference: URL:http://lists.apple.com/archives/Security-announce/2007/Feb/msg00000.html
Reference: CERT:TA07-047A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-047A.html
Reference: CERT-VN:VU#315856
Reference: URL:http://www.kb.cert.org/vuls/id/315856
Reference: BID:22188
Reference: URL:http://www.securityfocus.com/bid/22188
Reference: FRSIRT:ADV-2007-0074
Reference: URL:http://www.frsirt.com/english/advisories/2007/0074
Reference: OSVDB:32695
Reference: URL:http://www.osvdb.org/32695
Reference: SECTRACK:1017542
Reference: URL:http://securitytracker.com/id?1017542
Reference: SECUNIA:23846
Reference: URL:http://secunia.com/advisories/23846
Reference: SECUNIA:24198
Reference: URL:http://secunia.com/advisories/24198
Reference: XF:macos-inputmanager-privilege-escalation(31676)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31676

Votes:

Name: CVE-2007-0024

Description:
Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."

Status: Candidate
Phase: Assigned (20070103)
Reference: IDEFENSE:20070109 Microsoft Windows VML Element Integer Overflow Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=462
Reference: BUGTRAQ:20070116 MS07-004 VML Integer Overflow Exploit
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457053/100/0/threaded
Reference: BUGTRAQ:20070117 Re: MS07-004 VML Integer Overflow Exploit
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457164/100/0/threaded
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm
Reference: HP:HPSBST02184
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457274/100/0/threaded
Reference: HP:SSRT071296
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457274/100/0/threaded
Reference: MS:MS07-004
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/MS07-004.mspx
Reference: MSKB:929969
Reference: URL:http://support.microsoft.com/?kbid=929969
Reference: CERT:TA07-009A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-009A.html
Reference: CERT-VN:VU#122084
Reference: URL:http://www.kb.cert.org/vuls/id/122084
Reference: BID:21930
Reference: URL:http://www.securityfocus.com/bid/21930
Reference: FRSIRT:ADV-2007-0105
Reference: URL:http://www.frsirt.com/english/advisories/2007/0105
Reference: FRSIRT:ADV-2007-0129
Reference: URL:http://www.frsirt.com/english/advisories/2007/0129
Reference: OSVDB:31250
Reference: URL:http://www.osvdb.org/31250
Reference: OVAL:oval:org.mitre.oval:def:1058
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1058
Reference: SECTRACK:1017489
Reference: URL:http://securitytracker.com/id?1017489
Reference: SECUNIA:23677
Reference: URL:http://secunia.com/advisories/23677
Reference: XF:ie-vml-record-bo(31287)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31287

Votes:

Name: CVE-2007-0025

Description:
The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the the AfxOleSetEditMenu function in MFC42u.dll.

Status: Candidate
Phase: Assigned (20070103)
Reference: MS:MS07-012
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/MS07-012.mspx
Reference: CERT:TA07-044A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-044A.html
Reference: CERT-VN:VU#932041
Reference: URL:http://www.kb.cert.org/vuls/id/932041
Reference: BID:22476
Reference: URL:http://www.securityfocus.com/bid/22476
Reference: FRSIRT:ADV-2007-0581
Reference: URL:http://www.frsirt.com/english/advisories/2007/0581
Reference: OSVDB:31887
Reference: URL:http://www.osvdb.org/31887
Reference: OVAL:oval:org.mitre.oval:def:157
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:157
Reference: SECTRACK:1017638
Reference: URL:http://www.securitytracker.com/id?1017638
Reference: SECUNIA:24150
Reference: URL:http://secunia.com/advisories/24150

Votes:

Name: CVE-2007-0026

Description:
The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.

Status: Candidate
Phase: Assigned (20070103)
Reference: MS:MS07-011
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/MS07-011.mspx
Reference: CERT:TA07-044A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-044A.html
Reference: CERT-VN:VU#497756
Reference: URL:http://www.kb.cert.org/vuls/id/497756
Reference: BID:22483
Reference: URL:http://www.securityfocus.com/bid/22483
Reference: FRSIRT:ADV-2007-0580
Reference: URL:http://www.frsirt.com/english/advisories/2007/0580
Reference: OSVDB:31885
Reference: URL:http://www.osvdb.org/31885
Reference: OVAL:oval:org.mitre.oval:def:540
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:540
Reference: SECTRACK:1017637
Reference: URL:http://www.securitytracker.com/id?1017637
Reference: SECUNIA:24147
Reference: URL:http://secunia.com/advisories/24147

Votes:

Name: CVE-2007-0027

Description:
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.

Status: Candidate
Phase: Assigned (20070103)
Reference: HP:HPSBST02184
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457274/100/0/threaded
Reference: HP:SSRT071296
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457274/100/0/threaded
Reference: MS:MS07-002
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/MS07-002.mspx
Reference: CERT:TA07-009A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-009A.html
Reference: CERT-VN:VU#749964
Reference: URL:http://www.kb.cert.org/vuls/id/749964
Reference: BID:21856
Reference: URL:http://www.securityfocus.com/bid/21856
Reference: FRSIRT:ADV-2007-0103
Reference: URL:http://www.frsirt.com/english/advisories/2007/0103
Reference: OSVDB:31255
Reference: URL:http://www.osvdb.org/31255
Reference: OVAL:oval:org.mitre.oval:def:119
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:119
Reference: SECTRACK:1017487
Reference: URL:http://securitytracker.com/id?1017487

Votes:

Name: CVE-2007-0028

Description:
Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.

Status: Candidate
Phase: Assigned (20070103)
Reference: MISC:http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-30.html
Reference: MISC:http://www.fortinet.com/FortiGuardCenter/advisory/FGA-2007-01.html
Reference: HP:HPSBST02184
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457274/100/0/threaded
Reference: HP:SSRT071296
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457274/100/0/threaded
Reference: MS:MS07-002
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/MS07-002.mspx
Reference: CERT:TA07-009A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-009A.html
Reference: CERT-VN:VU#493185
Reference: URL:http://www.kb.cert.org/vuls/id/493185
Reference: BID:21952
Reference: URL:http://www.securityfocus.com/bid/21952
Reference: FRSIRT:ADV-2007-0103
Reference: URL:http://www.frsirt.com/english/advisories/2007/0103
Reference: OSVDB:31249
Reference: URL:http://www.osvdb.org/31249
Reference: OVAL:oval:org.mitre.oval:def:768
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:768
Reference: SECTRACK:1017485
Reference: URL:http://securitytracker.com/id?1017485
Reference: SECUNIA:23676
Reference: URL:http://secunia.com/advisories/23676

Votes:

Name: CVE-2007-0029

Description:
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."

Status: Candidate
Phase: Assigned (20070103)
Reference: HP:HPSBST02184
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457274/100/0/threaded
Reference: HP:SSRT071296
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457274/100/0/threaded
Reference: MS:MS07-002
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/MS07-002.mspx
Reference: CERT:TA07-009A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-009A.html
Reference: BID:21877
Reference: URL:http://www.securityfocus.com/bid/21877
Reference: FRSIRT:ADV-2007-0103
Reference: URL:http://www.frsirt.com/english/advisories/2007/0103
Reference: OSVDB:31256
Reference: URL:http://www.osvdb.org/31256
Reference: OVAL:oval:org.mitre.oval:def:1102
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1102
Reference: SECTRACK:1017487
Reference: URL:http://securitytracker.com/id?1017487

Votes:

Name: CVE-2007-0030

Description:
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.

Status: Candidate
Phase: Assigned (20070103)
Reference: IDEFENSE:20070109 Microsoft Excel Invalid Column Heap Corruption Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=460
Reference: HP:HPSBST02184
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457274/100/0/threaded
Reference: HP:SSRT071296
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457274/100/0/threaded
Reference: MS:MS07-002
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/MS07-002.mspx
Reference: CERT:TA07-009A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-009A.html
Reference: CERT-VN:VU#302836
Reference: URL:http://www.kb.cert.org/vuls/id/302836
Reference: BID:21925
Reference: URL:http://www.securityfocus.com/bid/21925
Reference: FRSIRT:ADV-2007-0103
Reference: URL:http://www.frsirt.com/english/advisories/2007/0103
Reference: OSVDB:31257
Reference: URL:http://www.osvdb.org/31257
Reference: OVAL:oval:org.mitre.oval:def:323
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:323
Reference: SECTRACK:1017487
Reference: URL:http://securitytracker.com/id?1017487

Votes:

Name: CVE-2007-0031

Description:
Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.

Status: Candidate
Phase: Assigned (20070103)
Reference: IDEFENSE:20070109 Microsoft Excel Long Palette Heap Overflow Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=461
Reference: HP:HPSBST02184
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457274/100/0/threaded
Reference: HP:SSRT071296
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457274/100/0/threaded
Reference: MS:MS07-002
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/MS07-002.mspx
Reference: CERT:TA07-009A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-009A.html
Reference: CERT-VN:VU#625532
Reference: URL:http://www.kb.cert.org/vuls/id/625532
Reference: BID:21922
Reference: URL:http://www.securityfocus.com/bid/21922
Reference: FRSIRT:ADV-2007-0103
Reference: URL:http://www.frsirt.com/english/advisories/2007/0103
Reference: OSVDB:31258
Reference: URL:http://www.osvdb.org/31258
Reference: OVAL:oval:org.mitre.oval:def:753
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:753
Reference: SECTRACK:1017487
Reference: URL:http://securitytracker.com/id?1017487

Votes:

Name: CVE-2007-0032

Status: Candidate
Phase: Assigned (20070103)

Votes:

Name: CVE-2007-0033

Description:
Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.

Status: Candidate
Phase: Assigned (20070103)
Reference: HP:HPSBST02184
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457274/100/0/threaded
Reference: HP:SSRT071296
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457274/100/0/threaded
Reference: MS:MS07-003
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/MS07-003.mspx
Reference: CERT:TA07-009A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-009A.html
Reference: CERT-VN:VU#476900
Reference: URL:http://www.kb.cert.org/vuls/id/476900
Reference: BID:21931
Reference: URL:http://www.securityfocus.com/bid/21931
Reference: FRSIRT:ADV-2007-0104
Reference: URL:http://www.frsirt.com/english/advisories/2007/0104
Reference: OSVDB:31252
Reference: URL:http://www.osvdb.org/31252
Reference: OVAL:oval:org.mitre.oval:def:516
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:516
Reference: SECTRACK:1017488
Reference: URL:http://securitytracker.com/id?1017488
Reference: SECUNIA:23674
Reference: URL:http://secunia.com/advisories/23674

Votes:

Name: CVE-2007-0034

Description:
Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."

Status: Candidate
Phase: Assigned (20070103)
Reference: BUGTRAQ:20070111 Computer Terrorism (UK) :: Incident Response Centre - Microsoft Outlook Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456589/100/0/threaded
Reference: MISC:http://www.computerterrorism.com/research/ct09-01-2007.htm
Reference: HP:HPSBST02184
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457274/100/0/threaded
Reference: HP:SSRT071296
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457274/100/0/threaded
Reference: MS:MS07-003
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/MS07-003.mspx
Reference: CERT:TA07-009A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-009A.html
Reference: CERT-VN:VU#271860
Reference: URL:http://www.kb.cert.org/vuls/id/271860
Reference: BID:21936
Reference: URL:http://www.securityfocus.com/bid/21936
Reference: FRSIRT:ADV-2007-0104
Reference: URL:http://www.frsirt.com/english/advisories/2007/0104
Reference: OSVDB:31254
Reference: URL:http://www.osvdb.org/31254
Reference: OVAL:oval:org.mitre.oval:def:153
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:153
Reference: SECTRACK:1017488
Reference: URL:http://securitytracker.com/id?1017488
Reference: SECUNIA:23674
Reference: URL:http://secunia.com/advisories/23674

Votes:

Name: CVE-2007-0035

Description:
Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."

Status: Candidate
Phase: Assigned (20070103)
Reference: HP:HPSBST02214
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/468871/100/200/threaded
Reference: HP:SSRT071422
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/468871/100/200/threaded
Reference: MS:MS07-024
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms07-024.mspx
Reference: CERT:TA07-128A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-128A.html
Reference: CERT-VN:VU#260777
Reference: URL:http://www.kb.cert.org/vuls/id/260777
Reference: BID:23804
Reference: URL:http://www.securityfocus.com/bid/23804
Reference: FRSIRT:ADV-2007-1709
Reference: URL:http://www.frsirt.com/english/advisories/2007/1709
Reference: OSVDB:34387
Reference: URL:http://www.osvdb.org/34387
Reference: OVAL:oval:org.mitre.oval:def:1737
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1737
Reference: SECTRACK:1018013
Reference: URL:http://www.securitytracker.com/id?1018013

Votes:

Name: CVE-2007-0036

Status: Candidate
Phase: Assigned (20070103)

Votes:

Name: CVE-2007-0037

Status: Candidate
Phase: Assigned (20070103)

Votes:

Name: CVE-2007-0038

Description:
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.

Status: Candidate
Phase: Assigned (20070103)
Reference: BUGTRAQ:20070330 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/464269/100/0/threaded
Reference: BUGTRAQ:20070330 Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/464339/100/0/threaded
Reference: BUGTRAQ:20070331 RE: [Full-disclosure] 0-day ANI vulnerability in Microsoft Windows(CVE-2007-0038)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/464342/100/0/threaded
Reference: BUGTRAQ:20070331 Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/464340/100/0/threaded
Reference: BUGTRAQ:20070402 More information on ZERT patch for ANI 0day
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/464459/100/100/threaded
Reference: BUGTRAQ:20070402 MS announces out-of-band patch for ANI 0day
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/464460/100/100/threaded
Reference: FULLDISC:20070330 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038)
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0470.html
Reference: MILW0RM:3634
Reference: URL:http://milw0rm.com/exploits/3634
Reference: MISC:http://www.determina.com/security_center/security_advisories/securityadvisory_0day_032907.asp
Reference: HP:HPSBST02206
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/466186/100/200/threaded
Reference: HP:SSRT071354
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/466186/100/200/threaded
Reference: MS:MS07-017
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/ms07-017.mspx
Reference: CERT:TA07-089A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-089A.html
Reference: CERT:TA07-093A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-093A.html
Reference: CERT:TA07-100A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-100A.html
Reference: CERT-VN:VU#191609
Reference: URL:http://www.kb.cert.org/vuls/id/191609
Reference: FRSIRT:ADV-2007-1215
Reference: URL:http://www.frsirt.com/english/advisories/2007/1215
Reference: OSVDB:33629
Reference: URL:http://www.osvdb.org/33629
Reference: OVAL:oval:org.mitre.oval:def:1854
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1854
Reference: SECUNIA:24659
Reference: URL:http://secunia.com/advisories/24659
Reference: SREASON:2542
Reference: URL:http://securityreason.com/securityalert/2542
Reference: XF:windows-ani-code-execution(33301)
Reference: URL:http://xforce.iss.net/xforce/xfdb/33301

Votes:

Name: CVE-2007-0039

Description:
The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.

Status: Candidate
Phase: Assigned (20070103)
Reference: BUGTRAQ:20070508 Exchange Calendar MODPROPS Denial of Service (CVE-2007-0039)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/468047/100/0/threaded
Reference: FULLDISC:20070509 Exchange Calendar MODPROPS Denial of Service (CVE-2007-0039)
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063232.html
Reference: MISC:http://www.determina.com/security.research/vulnerabilities/exchange-ical-modprops.html
Reference: HP:HPSBST02214
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/468871/100/200/threaded
Reference: HP:SSRT071422
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/468871/100/200/threaded
Reference: MS:MS07-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx
Reference: CERT:TA07-128A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-128A.html
Reference: BID:23808
Reference: URL:http://www.securityfocus.com/bid/23808
Reference: FRSIRT:ADV-2007-1711
Reference: URL:http://www.frsirt.com/english/advisories/2007/1711
Reference: OSVDB:34390
Reference: URL:http://www.osvdb.org/34390
Reference: OVAL:oval:org.mitre.oval:def:1593
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1593
Reference: SECTRACK:1018015
Reference: URL:http://www.securitytracker.com/id?1018015
Reference: SECUNIA:25183
Reference: URL:http://secunia.com/advisories/25183
Reference: XF:exchange-ical-dos(33888)
Reference: URL:http://xforce.iss.net/xforce/xfdb/33888

Votes:

Name: CVE-2007-0040

Description:
The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."

Status: Candidate
Phase: Assigned (20070103)
Reference: ISS:20070710 Microsoft Windows Active Directory Remote Code Execution
Reference: URL:http://www.iss.net/threats/267.html
Reference: HP:SSRT071446
Reference: URL:http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
Reference: MS:MS07-039
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/ms07-039.mspx
Reference: CERT:TA07-191A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-191A.html
Reference: CERT-VN:VU#487905
Reference: URL:http://www.kb.cert.org/vuls/id/487905
Reference: BID:24800
Reference: URL:http://www.securityfocus.com/bid/24800
Reference: FRSIRT:ADV-2007-2481
Reference: URL:http://www.frsirt.com/english/advisories/2007/2481
Reference: OVAL:oval:org.mitre.oval:def:2012
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2012
Reference: SECTRACK:1018355
Reference: URL:http://www.securitytracker.com/id?1018355
Reference: SECUNIA:26002
Reference: URL:http://secunia.com/advisories/26002

Votes:

Name: CVE-2007-0041

Description:
The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.

Status: Candidate
Phase: Assigned (20070103)
Reference: HP:SSRT071446
Reference: URL:http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
Reference: MS:MS07-040
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/ms07-040.mspx
Reference: CERT:TA07-191A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-191A.html
Reference: BID:24778
Reference: URL:http://www.securityfocus.com/bid/24778
Reference: FRSIRT:ADV-2007-2482
Reference: URL:http://www.frsirt.com/english/advisories/2007/2482
Reference: OVAL:oval:org.mitre.oval:def:2093
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2093
Reference: SECTRACK:1018356
Reference: URL:http://www.securitytracker.com/id?1018356
Reference: SECUNIA:26003
Reference: URL:http://secunia.com/advisories/26003
Reference: XF:ms-dotnet-pe-loader-bo(34637)
Reference: URL:http://xforce.iss.net/xforce/xfdb/34637

Votes:

Name: CVE-2007-0042

Description:
Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."

Status: Candidate
Phase: Assigned (20070103)
Reference: MISC:http://security-assessment.com/files/advisories/2007-07-11_Multiple_.NET_Null_Byte_Injection_Vulnerabilities.pdf
Reference: HP:SSRT071446
Reference: URL:http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
Reference: MS:MS07-040
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/ms07-040.mspx
Reference: CERT:TA07-191A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-191A.html
Reference: FRSIRT:ADV-2007-2482
Reference: URL:http://www.frsirt.com/english/advisories/2007/2482
Reference: OVAL:oval:org.mitre.oval:def:2070
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2070
Reference: SECTRACK:1018356
Reference: URL:http://www.securitytracker.com/id?1018356
Reference: SECUNIA:26003
Reference: URL:http://secunia.com/advisories/26003

Votes:

Name: CVE-2007-0043

Description:
The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".

Status: Candidate
Phase: Assigned (20070103)
Reference: HP:SSRT071446
Reference: URL:http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
Reference: MS:MS07-040
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/ms07-040.mspx
Reference: CERT:TA07-191A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-191A.html
Reference: BID:24811
Reference: URL:http://www.securityfocus.com/bid/24811
Reference: FRSIRT:ADV-2007-2482
Reference: URL:http://www.frsirt.com/english/advisories/2007/2482
Reference: OVAL:oval:org.mitre.oval:def:1873
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1873
Reference: SECTRACK:1018356
Reference: URL:http://www.securitytracker.com/id?1018356
Reference: SECUNIA:26003
Reference: URL:http://secunia.com/advisories/26003
Reference: XF:ms-dotnet-jit-bo(34639)
Reference: URL:http://xforce.iss.net/xforce/xfdb/34639

Votes:

Name: CVE-2007-0044

Description:
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."

Votes:

Name: CVE-2007-0045

Description:
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0 for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."

Status: Candidate
Phase: Assigned (20070103)
Reference: BUGTRAQ:20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455801/100/0/threaded
Reference: BUGTRAQ:20070103 RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
Reference: URL:http://www.securityfocus.com/archive/1/455836/100/0/threaded
Reference: BUGTRAQ:20070103 Re: Universal XSS with PDF files: highly dangerous
Reference: URL:http://www.securityfocus.com/archive/1/455800/100/0/threaded
Reference: BUGTRAQ:20070103 Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
Reference: URL:http://www.securityfocus.com/archive/1/455831/100/0/threaded
Reference: BUGTRAQ:20070103 Universal XSS with PDF files: highly dangerous
Reference: URL:http://www.securityfocus.com/archive/1/455790/100/0/threaded
Reference: BUGTRAQ:20070104 Universal PDF XSS After Party
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455906/100/0/threaded
Reference: MISC:http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
Reference: MISC:http://www.wisec.it/vulns.php?page=9
Reference: MISC:http://www.disenchant.ch/blog/hacking-with-browser-plugins/34
Reference: MISC:http://www.gnucitizen.org/blog/universal-pdf-xss-after-party
Reference: CONFIRM:http://www.gnucitizen.org/blog/danger-danger-danger/
Reference: CONFIRM:http://www.adobe.com/support/security/advisories/apsa07-01.html
Reference: CONFIRM:http://www.adobe.com/support/security/advisories/apsa07-02.html
Reference: CONFIRM:http://www.adobe.com/support/security/bulletins/apsb07-01.html
Reference: CONFIRM:http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
Reference: GENTOO:GLSA-200701-16
Reference: URL:http://security.gentoo.org/glsa/glsa-200701-16.xml
Reference: HP:HPSBUX02153
Reference: URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Reference: HP:SSRT061181
Reference: URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Reference: REDHAT:RHSA-2007:0017
Reference: URL:https://rhn.redhat.com/errata/RHSA-2007-0017.html
Reference: REDHAT:RHSA-2007:0021
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0021.html
Reference: SLACKWARE:SSA:2007-066-05
Reference: URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
Reference: SUNALERT:102847
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1
Reference: SUSE:SUSE-SA:2007:011
Reference: URL:http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
Reference: CERT-VN:VU#815960
Reference: URL:http://www.kb.cert.org/vuls/id/815960
Reference: BID:21858
Reference: URL:http://www.securityfocus.com/bid/21858
Reference: FRSIRT:ADV-2007-0032
Reference: URL:http://www.frsirt.com/english/advisories/2007/0032
Reference: FRSIRT:ADV-2007-0957
Reference: URL:http://www.frsirt.com/english/advisories/2007/0957
Reference: SECTRACK:1017469
Reference: URL:http://securitytracker.com/id?1017469
Reference: SECUNIA:23483
Reference: URL:http://secunia.com/advisories/23483
Reference: SECUNIA:23691
Reference: URL:http://secunia.com/advisories/23691
Reference: SECUNIA:23812
Reference: URL:http://secunia.com/advisories/23812
Reference: SECUNIA:23877
Reference: URL:http://secunia.com/advisories/23877
Reference: SECUNIA:23882
Reference: URL:http://secunia.com/advisories/23882
Reference: SECUNIA:24533
Reference: URL:http://secunia.com/advisories/24533
Reference: SECUNIA:24457
Reference: URL:http://secunia.com/advisories/24457
Reference: SREASON:2090
Reference: URL:http://securityreason.com/securityalert/2090
Reference: XF:adobe-acrobat-pdf-xss(31271)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31271

Votes:

Name: CVE-2007-0046

Description:
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.

Votes:

Name: CVE-2007-0047

Description:
CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.

Status: Candidate
Phase: Assigned (20070103)
Reference: MISC:http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
Reference: SUSE:SUSE-SA:2007:011
Reference: URL:http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
Reference: FRSIRT:ADV-2007-0032
Reference: URL:http://www.frsirt.com/english/advisories/2007/0032
Reference: SECTRACK:1017469
Reference: URL:http://securitytracker.com/id?1017469
Reference: SECUNIA:23882
Reference: URL:http://secunia.com/advisories/23882
Reference: XF:adobe-acrobat-xmlhttp-response-splitting(31291)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31291

Votes:

Name: CVE-2007-0048

Description:
Adobe Acrobat Reader Plugin before 8.0.0, when used with Internet Explorer, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL.

Votes:

Name: CVE-2007-0049

Description:
Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp.

Status: Candidate
Phase: Assigned (20070103)
Reference: MILW0RM:3068
Reference: URL:http://milw0rm.com/exploits/3068
Reference: BID:21847
Reference: URL:http://www.securityfocus.com/bid/21847
Reference: SECUNIA:23564
Reference: URL:http://secunia.com/advisories/23564
Reference: XF:tasktrackerpro-customize-auth-bypass(31235)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31235

Votes:

Name: CVE-2007-0050

Description:
** DISPUTED ** PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the language parameter. NOTE: this issue has been disputed by the developer and a third party, since the variable is set before use. CVE analysis suggests that there is a small time window of risk before the installation is complete.

Status: Candidate
Phase: Assigned (20070103)
Reference: BUGTRAQ:20070103 OpenPinboard <= Remote File Include
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455795/100/0/threaded
Reference: BUGTRAQ:20070103 Re: OpenPinboard <= Remote File Include
Reference: URL:http://www.securityfocus.com/archive/1/455818/100/0/threaded

Votes:

Name: CVE-2007-0051

Description:
Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed.

Status: Candidate
Phase: Assigned (20070104)
Reference: BUGTRAQ:20070104 DMA[2007-0104a] - 'iLife iPhoto Photocasing Format String Vulnerability'
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455968/100/0/threaded
Reference: MISC:http://projects.info-pull.com/moab/MOAB-04-01-2007.html
Reference: MISC:http://www.digitalmunition.com/DMA[2007-0104a].txt
Reference: MILW0RM:3080
Reference: URL:http://milw0rm.com/exploits/3080
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=305215
Reference: APPLE:APPLE-SA-2007-03-13
Reference: URL:http://lists.apple.com/archives/security-announce/2007/Mar//msg00003.html
Reference: BID:21871
Reference: URL:http://www.securityfocus.com/bid/21871
Reference: FRSIRT:ADV-2007-0057
Reference: URL:http://www.frsirt.com/english/advisories/2007/0057
Reference: SECUNIA:23615
Reference: URL:http://secunia.com/advisories/23615
Reference: XF:iphoto-xmltitle-format-string(31281)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31281

Votes:

Name: CVE-2007-0052

Description:
SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows remote attackers to execute arbitrary SQL commands via the id parameter.

Status: Candidate
Phase: Assigned (20070104)
Reference: MILW0RM:3061
Reference: URL:http://milw0rm.com/exploits/3061
Reference: BID:21836
Reference: URL:http://www.securityfocus.com/bid/21836
Reference: FRSIRT:ADV-2007-0015
Reference: URL:http://www.frsirt.com/english/advisories/2007/0015
Reference: SECUNIA:23576
Reference: URL:http://secunia.com/advisories/23576
Reference: XF:vicayn-haberdetay-sql-injection(31213)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31213

Votes:

Name: CVE-2007-0053

Description:
SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the iPro parameter.

Status: Candidate
Phase: Assigned (20070104)
Reference: MILW0RM:3062
Reference: URL:http://milw0rm.com/exploits/3062
Reference: BID:21833
Reference: URL:http://www.securityfocus.com/bid/21833
Reference: FRSIRT:ADV-2007-0016
Reference: URL:http://www.frsirt.com/english/advisories/2007/0016
Reference: SECUNIA:23572
Reference: URL:http://secunia.com/advisories/23572
Reference: XF:autodealer-detail-sql-injection(31219)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31219

Votes:

Name: CVE-2007-0054

Description:
Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior Foundry vCard PRO allows remote attackers to inject arbitrary web script or HTML via the sortby parameter.

Status: Candidate
Phase: Assigned (20070104)
Reference: BUGTRAQ:20070101 vBulletin vCard PRO XSS
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455615/100/0/threaded
Reference: BID:21844
Reference: URL:http://www.securityfocus.com/bid/21844
Reference: XF:vcard-gbrowse-xss(31182)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31182

Votes:

Name: CVE-2007-0055

Description:
Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in Formbankserver 1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Status: Candidate
Phase: Assigned (20070104)
Reference: MILW0RM:3063
Reference: URL:http://milw0rm.com/exploits/3063
Reference: FRSIRT:ADV-2007-0012
Reference: URL:http://www.frsirt.com/english/advisories/2007/0012
Reference: SECUNIA:23539
Reference: URL:http://secunia.com/advisories/23539
Reference: XF:formbankserver-name-directory-traversal(31214)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31214

Votes:

Name: CVE-2007-0056

Description:
Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe 4.5 and AShop Administration Panel allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) ashop/catalogue.php and (b) ashop/basket.php, the (2) exp parameter to ashop/catalogue.php, the (3) searchstring parameter to (c) ashop/search.php, the (4) checkout and (5) action parameters to (d) ashop/shipping.php, the cat parameter to (f) cart-path/admin/editcatalogue.php, and the (7) resultpage parameter to (g) cart-path/admin/salesadmin.php.

Status: Candidate
Phase: Assigned (20070104)
Reference: BUGTRAQ:20070101 AShop Shopping Cart Multiple XSS Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455629/100/0/threaded
Reference: BID:21845
Reference: URL:http://www.securityfocus.com/bid/21845
Reference: FRSIRT:ADV-2007-0028
Reference: URL:http://www.frsirt.com/english/advisories/2007/0028
Reference: SECUNIA:23547
Reference: URL:http://secunia.com/advisories/23547
Reference: SREASON:2091
Reference: URL:http://securityreason.com/securityalert/2091
Reference: XF:ashop-multiple-scripts-xss(31178)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31178

Votes:

Name: CVE-2007-0057

Description:
Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access.

Status: Candidate
Phase: Assigned (20070104)
Reference: CISCO:20070103 Multiple Vulnerabilities in Cisco Clean Access
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20070103-CleanAccess.shtml
Reference: FRSIRT:ADV-2007-0030
Reference: URL:http://www.frsirt.com/english/advisories/2007/0030
Reference: SECTRACK:1017465
Reference: URL:http://securitytracker.com/id?1017465
Reference: SECUNIA:23617
Reference: URL:http://secunia.com/advisories/23617

Votes:

Name: CVE-2007-0058

Description:
Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file.

Status: Candidate
Phase: Assigned (20070104)
Reference: CISCO:20070103 Multiple Vulnerabilities in Cisco Clean Access
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20070103-CleanAccess.shtml
Reference: FRSIRT:ADV-2007-0030
Reference: URL:http://www.frsirt.com/english/advisories/2007/0030
Reference: OSVDB:32579
Reference: URL:http://www.osvdb.org/32579
Reference: SECTRACK:1017465
Reference: URL:http://securitytracker.com/id?1017465
Reference: SECUNIA:23556
Reference: URL:http://secunia.com/advisories/23556

Votes:

Name: CVE-2007-0059

Description:
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.

Status: Candidate
Phase: Assigned (20070104)
Reference: MISC:http://projects.info-pull.com/moab/MOAB-03-01-2007.html
Reference: MISC:http://www.gnucitizen.org/blog/backdooring-quicktime-movies/
Reference: APPLE:APPLE-SA-2007-03-05
Reference: URL:http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=305149
Reference: CERT-VN:VU#304064
Reference: URL:http://www.kb.cert.org/vuls/id/304064

Votes:

Name: CVE-2007-0060

Description:
Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.

Status: Candidate
Phase: Assigned (20070104)
Reference: ISS:20070724 CA Message Queuing Server (Cam.exe) Overflow
Reference: URL:http://www.iss.net/threats/272.html
Reference: BUGTRAQ:20070725 [CAID 35527]: CA Message Queuing (CAM / CAFT) Buffer Overflow Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/474602/100/0/threaded
Reference: CONFIRM:http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.asp
Reference: CONFIRM:http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149809
Reference: BID:25051
Reference: URL:http://www.securityfocus.com/bid/25051
Reference: FRSIRT:ADV-2007-2638
Reference: URL:http://www.frsirt.com/english/advisories/2007/2638
Reference: SECTRACK:1018449
Reference: URL:http://www.securitytracker.com/id?1018449
Reference: SECUNIA:26190
Reference: URL:http://secunia.com/advisories/26190
Reference: XF:systems-management-bo(32234)
Reference: URL:http://xforce.iss.net/xforce/xfdb/32234

Votes:

Name: CVE-2007-0061

Description:
The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory."

Status: Candidate
Phase: Assigned (20070104)
Reference: ISS:20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities
Reference: URL:http://www.iss.net/threats/275.html
Reference: FULLDISC:20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
Reference: CONFIRM:http://www.vmware.com/support/ace/doc/releasenotes_ace.html
Reference: CONFIRM:http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
Reference: CONFIRM:http://www.vmware.com/support/player/doc/releasenotes_player.html
Reference: CONFIRM:http://www.vmware.com/support/player2/doc/releasenotes_player2.html
Reference: CONFIRM:http://www.vmware.com/support/server/doc/releasenotes_server.html
Reference: CONFIRM:http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
Reference: CONFIRM:http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
Reference: GENTOO:GLSA-200711-23
Reference: URL:http://security.gentoo.org/glsa/glsa-200711-23.xml
Reference: UBUNTU:USN-543-1
Reference: URL:http://www.ubuntu.com/usn/usn-543-1
Reference: BID:25729
Reference: URL:http://www.securityfocus.com/bid/25729
Reference: FRSIRT:ADV-2007-3229
Reference: URL:http://www.frsirt.com/english/advisories/2007/3229
Reference: SECTRACK:1018717
Reference: URL:http://www.securitytracker.com/id?1018717
Reference: SECUNIA:26890
Reference: URL:http://secunia.com/advisories/26890
Reference: SECUNIA:27694
Reference: URL:http://secunia.com/advisories/27694
Reference: SECUNIA:27706
Reference: URL:http://secunia.com/advisories/27706
Reference: XF:dhcp-malformed-packet-bo(33101)
Reference: URL:http://xforce.iss.net/xforce/xfdb/33101

Votes:

Name: CVE-2007-0062

Description:
Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients.

Status: Candidate
Phase: Assigned (20070104)
Reference: ISS:20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities
Reference: URL:http://www.iss.net/threats/275.html
Reference: FULLDISC:20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
Reference: CONFIRM:http://www.vmware.com/support/ace/doc/releasenotes_ace.html
Reference: CONFIRM:http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
Reference: CONFIRM:http://www.vmware.com/support/player/doc/releasenotes_player.html
Reference: CONFIRM:http://www.vmware.com/support/player2/doc/releasenotes_player2.html
Reference: CONFIRM:http://www.vmware.com/support/server/doc/releasenotes_server.html
Reference: CONFIRM:http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
Reference: CONFIRM:http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=227135
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=339561
Reference: GENTOO:GLSA-200711-23
Reference: URL:http://security.gentoo.org/glsa/glsa-200711-23.xml
Reference: GENTOO:GLSA-200808-05
Reference: URL:http://security.gentoo.org/glsa/glsa-200808-05.xml
Reference: UBUNTU:USN-543-1
Reference: URL:http://www.ubuntu.com/usn/usn-543-1
Reference: BID:25729
Reference: URL:http://www.securityfocus.com/bid/25729
Reference: FRSIRT:ADV-2007-3229
Reference: URL:http://www.frsirt.com/english/advisories/2007/3229
Reference: SECTRACK:1018717
Reference: URL:http://www.securitytracker.com/id?1018717
Reference: SECUNIA:26890
Reference: URL:http://secunia.com/advisories/26890
Reference: SECUNIA:27694
Reference: URL:http://secunia.com/advisories/27694
Reference: SECUNIA:27706
Reference: URL:http://secunia.com/advisories/27706
Reference: SECUNIA:31396
Reference: URL:http://secunia.com/advisories/31396
Reference: XF:dhcp-param-overflow(33102)
Reference: URL:http://xforce.iss.net/xforce/xfdb/33102

Votes:

Name: CVE-2007-0063

Description:
Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow.

Status: Candidate
Phase: Assigned (20070104)
Reference: ISS:20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities
Reference: URL:http://www.iss.net/threats/275.html
Reference: FULLDISC:20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
Reference: CONFIRM:http://www.vmware.com/support/ace/doc/releasenotes_ace.html
Reference: CONFIRM:http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
Reference: CONFIRM:http://www.vmware.com/support/player/doc/releasenotes_player.html
Reference: CONFIRM:http://www.vmware.com/support/player2/doc/releasenotes_player2.html
Reference: CONFIRM:http://www.vmware.com/support/server/doc/releasenotes_server.html
Reference: CONFIRM:http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
Reference: CONFIRM:http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
Reference: GENTOO:GLSA-200711-23
Reference: URL:http://security.gentoo.org/glsa/glsa-200711-23.xml
Reference: UBUNTU:USN-543-1
Reference: URL:http://www.ubuntu.com/usn/usn-543-1
Reference: BID:25729
Reference: URL:http://www.securityfocus.com/bid/25729
Reference: FRSIRT:ADV-2007-3229
Reference: URL:http://www.frsirt.com/english/advisories/2007/3229
Reference: SECTRACK:1018717
Reference: URL:http://www.securitytracker.com/id?1018717
Reference: SECUNIA:26890
Reference: URL:http://secunia.com/advisories/26890
Reference: SECUNIA:27694
Reference: URL:http://secunia.com/advisories/27694
Reference: SECUNIA:27706
Reference: URL:http://secunia.com/advisories/27706
Reference: XF:dhcp-param-underflow(33103)
Reference: URL:http://xforce.iss.net/xforce/xfdb/33103

Votes:

Name: CVE-2007-0064

Description:
Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.

Status: Candidate
Phase: Assigned (20070104)
Reference: HP:HPSBST02299
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485268/100/0/threaded
Reference: HP:SSRT071506
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485268/100/0/threaded
Reference: MS:MS07-068
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms07-068.mspx
Reference: CERT:TA07-345A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-345A.html
Reference: CERT-VN:VU#319385
Reference: URL:http://www.kb.cert.org/vuls/id/319385
Reference: BID:26776
Reference: URL:http://www.securityfocus.com/bid/26776
Reference: FRSIRT:ADV-2007-4183
Reference: URL:http://www.frsirt.com/english/advisories/2007/4183
Reference: OVAL:oval:org.mitre.oval:def:3622
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3622
Reference: SECTRACK:1019074
Reference: URL:http://www.securitytracker.com/id?1019074
Reference: SECUNIA:28034
Reference: URL:http://secunia.com/advisories/28034

Votes:

Name: CVE-2007-0065

Description:
Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.

Status: Candidate
Phase: Assigned (20070104)
Reference: HP:HPSBST02314
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: HP:SSRT080016
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: MS:MS08-008
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-008.mspx
Reference: CERT:TA08-043C
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-043C.html
Reference: BID:27661
Reference: URL:http://www.securityfocus.com/bid/27661
Reference: FRSIRT:ADV-2008-0510
Reference: URL:http://www.frsirt.com/english/advisories/2008/0510/references
Reference: OVAL:oval:org.mitre.oval:def:5388
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5388
Reference: SECTRACK:1019373
Reference: URL:http://www.securitytracker.com/id?1019373
Reference: SECUNIA:28902
Reference: URL:http://secunia.com/advisories/28902

Votes:

Name: CVE-2007-0066

Description:
The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."

Status: Candidate
Phase: Assigned (20070104)
Reference: ISS:20070108 Multiple (3) Microsoft Windows TCP/IP Remote Code Execution and DoS Vulnerabilities
Reference: URL:http://www.iss.net/threats/282.html
Reference: MISC:http://blogs.technet.com/swi/archive/2008/01/08/ms08-001-part-2-the-case-of-the-moderate-icmp-mitigations.aspx
Reference: HP:HPSBST02304
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486317/100/0/threaded
Reference: HP:SSRT080003
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486317/100/0/threaded
Reference: MS:MS08-001
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx
Reference: CERT:TA08-008A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-008A.html
Reference: BID:27139
Reference: URL:http://www.securityfocus.com/bid/27139
Reference: FRSIRT:ADV-2008-0069
Reference: URL:http://www.frsirt.com/english/advisories/2008/0069
Reference: OVAL:oval:org.mitre.oval:def:5271
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5271
Reference: SECTRACK:1019166
Reference: URL:http://securitytracker.com/id?1019166
Reference: SECUNIA:28297
Reference: URL:http://secunia.com/advisories/28297
Reference: XF:win-tcpip-icmp-dos(39254)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39254

Votes:

Name: CVE-2007-0067

Description:
Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x before 6.5.6, and 7.0.x before 7.0.3 allows remote attackers to cause a denial of service (daemon crash) via requests for URLs that reference certain files.

Status: Candidate
Phase: Assigned (20070104)
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg21257251
Reference: BID:24307
Reference: URL:http://www.securityfocus.com/bid/24307
Reference: FRSIRT:ADV-2007-2046
Reference: URL:http://www.frsirt.com/english/advisories/2007/2046
Reference: SECTRACK:1018189
Reference: URL:http://www.securitytracker.com/id?1018189
Reference: SECUNIA:25542
Reference: URL:http://secunia.com/advisories/25542
Reference: XF:domino-unspecified-dos(34689)
Reference: URL:http://xforce.iss.net/xforce/xfdb/34689

Votes:

Name: CVE-2007-0068

Description:
IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database.

Status: Candidate
Phase: Assigned (20070104)
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg21258784
Reference: BID:24322
Reference: URL:http://www.securityfocus.com/bid/24322
Reference: FRSIRT:ADV-2007-2063
Reference: URL:http://www.frsirt.com/english/advisories/2007/2063
Reference: SECUNIA:25520
Reference: URL:http://secunia.com/advisories/25520
Reference: XF:domino-signature-privilege-escalation(34718)
Reference: URL:http://xforce.iss.net/xforce/xfdb/34718

Votes:

Name: CVE-2007-0069

Description:
Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."

Status: Candidate
Phase: Assigned (20070104)
Reference: ISS:20070108 Multiple (3) Microsoft Windows TCP/IP Remote Code Execution and DoS Vulnerabilities
Reference: URL:http://www.iss.net/threats/282.html
Reference: MISC:http://blogs.technet.com/swi/archive/2008/01/08/ms08-001-part-3-the-case-of-the-igmp-network-critical.aspx
Reference: HP:HPSBST02304
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486317/100/0/threaded
Reference: HP:SSRT080003
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486317/100/0/threaded
Reference: MS:MS08-001
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx
Reference: CERT:TA08-008A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-008A.html
Reference: CERT-VN:VU#115083
Reference: URL:http://www.kb.cert.org/vuls/id/115083
Reference: BID:27100
Reference: URL:http://www.securityfocus.com/bid/27100
Reference: FRSIRT:ADV-2008-0069
Reference: URL:http://www.frsirt.com/english/advisories/2008/0069
Reference: OVAL:oval:org.mitre.oval:def:5370
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5370
Reference: SECTRACK:1019166
Reference: URL:http://securitytracker.com/id?1019166
Reference: SECUNIA:28297
Reference: URL:http://secunia.com/advisories/28297
Reference: XF:win-ssm-igmp-bo(39452)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39452
Reference: XF:win-ssm-mld-bo(39453)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39453

Votes:

Name: CVE-2007-0070

Status: Candidate
Phase: Assigned (20070104)

Votes:

Name: CVE-2007-0071

Description:
Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.

Status: Candidate
Phase: Assigned (20070104)
Reference: ISS:20080408 Adobe Flash Player Invalid Pointer Vulnerability
Reference: URL:http://www.iss.net/threats/289.html
Reference: MISC:http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf
Reference: MISC:http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/
Reference: MISC:http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html
Reference: MISC:http://isc.sans.org/diary.html?storyid=4465
Reference: CONFIRM:http://www.adobe.com/support/security/bulletins/apsb08-11.html
Reference: APPLE:APPLE-SA-2008-05-28
Reference: URL:http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
Reference: GENTOO:GLSA-200804-21
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml
Reference: REDHAT:RHSA-2008:0221
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0221.html
Reference: SUNALERT:238305
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
Reference: SUSE:SUSE-SA:2008:022
Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html
Reference: CERT:TA08-100A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-100A.html
Reference: CERT:TA08-150A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-150A.html
Reference: CERT:TA08-149A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-149A.html
Reference: CERT-VN:VU#159523
Reference: URL:http://www.kb.cert.org/vuls/id/159523
Reference: CERT-VN:VU#395473
Reference: URL:http://www.kb.cert.org/vuls/id/395473
Reference: BID:28695
Reference: URL:http://www.securityfocus.com/bid/28695
Reference: BID:29386
Reference: URL:http://www.securityfocus.com/bid/29386
Reference: FRSIRT:ADV-2008-1662
Reference: URL:http://www.frsirt.com/english/advisories/2008/1662/references
Reference: FRSIRT:ADV-2008-1697
Reference: URL:http://www.frsirt.com/english/advisories/2008/1697
Reference: FRSIRT:ADV-2008-1724
Reference: URL:http://www.frsirt.com/english/advisories/2008/1724/references
Reference: OSVDB:44282
Reference: URL:http://www.osvdb.org/44282
Reference: SECTRACK:1019811
Reference: URL:http://www.securitytracker.com/id?1019811
Reference: SECTRACK:1020114
Reference: URL:http://www.securitytracker.com/id?1020114
Reference: SECUNIA:29763
Reference: URL:http://secunia.com/advisories/29763
Reference: SECUNIA:29865
Reference: URL:http://secunia.com/advisories/29865
Reference: SECUNIA:30404
Reference: URL:http://secunia.com/advisories/30404
Reference: SECUNIA:30430
Reference: URL:http://secunia.com/advisories/30430
Reference: SECUNIA:30507
Reference: URL:http://secunia.com/advisories/30507
Reference: XF:multimedia-file-integer-overflow(37277)
Reference: URL:http://xforce.iss.net/getrecord.jsp?id=37277

Votes:

Name: CVE-2007-0072

Status: Candidate
Phase: Assigned (20070104)

Votes:

Name: CVE-2007-0073

Status: Candidate
Phase: Assigned (20070104)

Votes:

Name: CVE-2007-0074

Status: Candidate
Phase: Assigned (20070104)

Votes:

Name: CVE-2007-0075

Description:
AspBB stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for db/aspbb.mdb.

Status: Candidate
Phase: Assigned (20070104)
Reference: BUGTRAQ:20070102 AspBB Remote Password Disclosure
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455683/100/0/threaded
Reference: MISC:http://www.aria-security.com/forum/showthread.php?t=82
Reference: SREASON:2100
Reference: URL:http://securityreason.com/securityalert/2100
Reference: XF:aspbb-aspbb-info-disclosure(31230)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31230

Votes:

Name: CVE-2007-0076

Description:
Openforum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for openforum.mdb.

Status: Candidate
Phase: Assigned (20070104)
Reference: BUGTRAQ:20070102 Openforum Remote password Disclosure
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455684/100/0/threaded
Reference: MISC:http://www.aria-security.com/forum/showthread.php?t=80
Reference: SREASON:2099
Reference: URL:http://securityreason.com/securityalert/2099
Reference: XF:openforum-openforum-password-disclosure(31209)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31209

Votes:

Name: CVE-2007-0077

Description:
lblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a certain file in admin/db/newFolder/.

Status: Candidate
Phase: Assigned (20070104)
Reference: BUGTRAQ:20070102 lblog Remote Password Disclosure
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455681/100/0/threaded
Reference: MISC:http://www.aria-security.com/forum/showthread.php?t=79
Reference: SECTRACK:1017462
Reference: URL:http://securitytracker.com/id?1017462
Reference: SREASON:2098
Reference: URL:http://securityreason.com/securityalert/2098
Reference: XF:lblog-newfolder-information-disclosure(31229)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31229

Votes:

Name: CVE-2007-0078

Description:
BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb.

Status: Candidate
Phase: Assigned (20070104)
Reference: BUGTRAQ:20070101 BattleBlog Database Download Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455614/100/0/threaded
Reference: MISC:http://www.aria-security.com/forum/showthread.php?t=76
Reference: SREASON:2097
Reference: URL:http://securityreason.com/securityalert/2097
Reference: XF:battleblog-blankmaster-info-disclosure(31224)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31224

Votes:

Name: CVE-2007-0079

Description:
rblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/admin.mdb or (2) data/rblog.mdb.

Status: Candidate
Phase: Assigned (20070104)
Reference: BUGTRAQ:20070101 rblog Database Download Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455626/100/0/threaded
Reference: MISC:http://www.aria-security.com/forum/showthread.php?t=77
Reference: SECUNIA:23538
Reference: URL:http://secunia.com/advisories/23538
Reference: SREASON:2102
Reference: URL:http://securityreason.com/securityalert/2102
Reference: XF:rblog-database-info-disclosure(31200)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31200

Votes:

Name: CVE-2007-0080

Description:
** DISPUTED ** Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited "only to local administrators who have write access to the server configuration files." CVE concurs with the dispute.

Status: Candidate
Phase: Assigned (20070104)
Reference: BUGTRAQ:20070102 FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455678/100/0/threaded
Reference: BUGTRAQ:20070103 Re: FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution
Reference: URL:http://www.securityfocus.com/archive/1/455812/100/0/threaded
Reference: MISC:http://www.freeradius.org/security.html
Reference: VIM:20070211 FreeRADIUS dispute of CVE-2007-0080
Reference: URL:http://www.attrition.org/pipermail/vim/2007-February/001304.html
Reference: SECTRACK:1017463
Reference: URL:http://securitytracker.com/id?1017463
Reference: XF:freeradius-smbconnectserver-bo(31248)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31248

Votes:

Name: CVE-2007-0081

Description:
Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and possibly other versions allows local users to provide a Trojan horse iphlpapi.dll to SKPF by placing it in the installation directory.

Status: Candidate
Phase: Assigned (20070104)
Reference: BUGTRAQ:20070101 Kerio Fake 'iphlpapi' DLL injection Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455624/100/0/threaded
Reference: MISC:http://www.matousec.com/info/advisories/Kerio-Fake-iphlpapi-DLL-injection.php
Reference: BID:21828
Reference: URL:http://www.securityfocus.com/bid/21828
Reference: OSVDB:33356
Reference: URL:http://www.osvdb.org/33356
Reference: SREASON:2095
Reference: URL:http://securityreason.com/securityalert/2095
Reference: XF:kerio-directory-code-execution(31232)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31232

Votes:

Name: CVE-2007-0082

Description:
users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts.

Status: Candidate
Phase: Assigned (20070104)
Reference: MILW0RM:3049
Reference: URL:http://milw0rm.com/exploits/3049
Reference: BID:21827
Reference: URL:http://www.securityfocus.com/bid/21827
Reference: FRSIRT:ADV-2007-0010
Reference: URL:http://www.frsirt.com/english/advisories/2007/0010
Reference: XF:imgallery-start1-file-upload(31237)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31237

Votes:

Name: CVE-2007-0083

Description:
Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a getURL statement in a .swf file, as demonstrated by "Remote Cookie Disclosure." NOTE: it could be argued that this is an issue in Shockwave instead of Nuked Klan.

Status: Candidate
Phase: Assigned (20070104)
Reference: BUGTRAQ:20070102 Nuked Klan <= 1.7 Remote Cookie Disclosure Exploit
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455726/100/0/threaded
Reference: BID:21850
Reference: URL:http://www.securityfocus.com/bid/21850
Reference: SREASON:2101
Reference: URL:http://securityreason.com/securityalert/2101

Votes:

Name: CVE-2007-0084

Description:
** DISPUTED ** Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows local users to gain privileges via a long MC-filename. NOTE: this issue has been disputed by a reliable third party who states that the compiler is not a privileged program, so privilege boundaries cannot be crossed.

Status: Candidate
Phase: Assigned (20070104)
Reference: BUGTRAQ:20070102 Windows NT Message Compiler 1.00.5239 arbitrary code execution
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455729/100/0/threaded
Reference: BUGTRAQ:20070103 Re: Windows NT Message Compiler 1.00.5239 arbitrary code execution
Reference: URL:http://www.securityfocus.com/archive/1/455789/100/0/threaded

Votes:

Name: CVE-2007-0085

Description:
Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer reference.

Status: Candidate
Phase: Assigned (20070104)
Reference: MLIST:[openbsd-cvs] 20070103 Re: CVS: cvs.openbsd.org: src
Reference: URL:http://marc.theaimsgroup.com/?l=openbsd-cvs&m=116781980706409&w=2
Reference: MLIST:[openbsd-cvs] 20070103 CVS: cvs.openbsd.org: www
Reference: URL:http://marc.theaimsgroup.com/?l=openbsd-cvs&m=116785923301416&w=2
Reference: MISC:http://ilja.netric.org/files/Unusual%20bugs%2023c3.pdf
Reference: OPENBSD:[3.9] 017: SECURITY FIX: January 3, 2007
Reference: URL:http://www.openbsd.org/errata39.html#agp
Reference: OPENBSD:[4.0] 007: SECURITY FIX: January 3, 2007
Reference: URL:http://www.openbsd.org/errata.html#agp
Reference: FRSIRT:ADV-2007-0043
Reference: URL:http://www.frsirt.com/english/advisories/2007/0043
Reference: OSVDB:32574
Reference: URL:http://www.osvdb.org/32574
Reference: SECTRACK:1017468
Reference: URL:http://securitytracker.com/id?1017468
Reference: SECUNIA:23608
Reference: URL:http://secunia.com/advisories/23608
Reference: XF:openbsd-vga-privilege-escalation(31276)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31276

Votes:

Name: CVE-2007-0086

Description:
** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.

Status: Candidate
Phase: Assigned (20070105)
Reference: BUGTRAQ:20070103 a cheesy Apache / IIS DoS vuln (+a question)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455833/100/0/threaded
Reference: BUGTRAQ:20070104 Re: a cheesy Apache / IIS DoS vuln (+a question)
Reference: URL:http://www.securityfocus.com/archive/1/455879/100/0/threaded
Reference: BUGTRAQ:20070104 Re: a cheesy Apache / IIS DoS vuln (+a question)
Reference: URL:http://www.securityfocus.com/archive/1/455920/100/0/threaded
Reference: BUGTRAQ:20070104 Re: a cheesy Apache / IIS DoS vuln (+a question)
Reference: URL:http://www.securityfocus.com/archive/1/455882/100/0/threaded

Votes:

Name: CVE-2007-0087

Description:
** DISPUTED ** Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.

Votes:

Name: CVE-2007-0088

Description:
Multiple directory traversal vulnerabilities in openmedia allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) src parameter to page.php or the (2) format parameter to search_form.php.

Status: Candidate
Phase: Assigned (20070105)
Reference: BUGTRAQ:20070102 openmedia local read file
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455786/100/0/threaded
Reference: SREASON:2103
Reference: URL:http://securityreason.com/securityalert/2103
Reference: XF:openmedia-page-directory-traversal(31258)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31258

Votes:

Name: CVE-2007-0089

Description:
jgbbs stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/bbs.mdb.

Status: Candidate
Phase: Assigned (20070105)
Reference: BUGTRAQ:20070103 jgbbs
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455832/100/0/threaded
Reference: MISC:http://aria-security.com/forum/showthread.php?t=87
Reference: XF:jgbbs-bbs-information-disclosure(31274)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31274

Votes:

Name: CVE-2007-0090

Description:
WineGlass stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/data.mdb.

Status: Candidate
Phase: Assigned (20070105)
Reference: BUGTRAQ:20070103 WineGlass "data.mdb" Remote Password Disclosure
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455807/100/0/threaded
Reference: MISC:http://aria-security.com/forum/showthread.php?p=112
Reference: FRSIRT:ADV-2007-0037
Reference: URL:http://www.frsirt.com/english/advisories/2007/0037
Reference: SECUNIA:23594
Reference: URL:http://secunia.com/advisories/23594

Votes:

Name: CVE-2007-0091

Description:
newsCMSlite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for newsCMS.mdb.

Status: Candidate
Phase: Assigned (20070105)
Reference: MILW0RM:3066
Reference: URL:http://milw0rm.com/exploits/3066
Reference: XF:newscmslite-newscms-info-disclosure(31222)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31222

Votes:

Name: CVE-2007-0092

Description:
SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter.

Status: Candidate
Phase: Assigned (20070105)
Reference: MILW0RM:3074
Reference: URL:http://milw0rm.com/exploits/3074
Reference: FRSIRT:ADV-2007-0036
Reference: URL:http://www.frsirt.com/english/advisories/2007/0036
Reference: SECUNIA:23610
Reference: URL:http://secunia.com/advisories/23610
Reference: XF:esmartcart-productdetail-sql-injection(31243)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31243

Votes:

Name: CVE-2007-0093

Description:
SQL injection vulnerability in page.php in Simple Web Content Management System allows remote attackers to execute arbitrary SQL commands via the id parameter.

Status: Candidate
Phase: Assigned (20070105)
Reference: BUGTRAQ:20070103 Simple Web Content Management System SQL Injection Exploit
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455814/100/0/threaded
Reference: MISC:http://acid-root.new.fr/poc/18070102.txt
Reference: MILW0RM:3076
Reference: URL:http://milw0rm.com/exploits/3076
Reference: FRSIRT:ADV-2007-0040
Reference: URL:http://www.frsirt.com/english/advisories/2007/0040
Reference: SECUNIA:23590
Reference: URL:http://secunia.com/advisories/23590
Reference: SREASON:2106
Reference: URL:http://securityreason.com/securityalert/2106
Reference: XF:swcms-page-sql-injection(31261)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31261

Votes:

Name: CVE-2007-0094

Description:
Sven Moderow GuestBook 0.3a stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for (1) gbook97.mdb or (2) gbook.mdb in ~db/.

Status: Candidate
Phase: Assigned (20070105)
Reference: BUGTRAQ:20070103 GuestBook v0.3a Remote Password Disclosure
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455788/100/0/threaded
Reference: MISC:http://aria-security.com/forum/showthread.php?p=114
Reference: SREASON:2105
Reference: URL:http://securityreason.com/securityalert/2105
Reference: XF:guestbook-gbook-information-disclosure(31245)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31245

Votes:

Name: CVE-2007-0095

Description:
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.

Status: Candidate
Phase: Assigned (20070105)
Reference: FULLDISC:20070102 Inforamtion Discloser Vulnerabilities in phpMyAdmin
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051544.html
Reference: MANDRIVA:MDKSA-2007:199
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:199
Reference: SREASON:2104
Reference: URL:http://securityreason.com/securityalert/2104
Reference: XF:phpmyadmin-darkblueorange-path-disclosure(31223)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31223

Votes:

Name: CVE-2007-0096

Description:
CarbonCommunities stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for DataBase/Carbon2.4d.mdb.

Status: Candidate
Phase: Assigned (20070105)
Reference: MISC:http://aria-security.com/forum/showthread.php?t=85
Reference: FRSIRT:ADV-2007-0038
Reference: URL:http://www.frsirt.com/english/advisories/2007/0038
Reference: XF:carboncommunities-carbon2-info-disclosure(31253)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31253

Votes:

Name: CVE-2007-0097

Description:
Multiple stack-based buffer overflows in the (1) LoadTree and (2) ReadHeader functions in PAISO.DLL 1.7.3.0 (1.7.3 beta) in ConeXware PowerArchiver 2006 9.64.02 allow user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories.

Status: Candidate
Phase: Assigned (20070105)
Reference: BUGTRAQ:20070104 [vuln.sg] PowerArchiver PAISO.DLL Buffer Overflow Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455892/100/0/threaded
Reference: FULLDISC:20070104 PowerArchiver PAISO.DLL Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=116791509125050&w=2
Reference: MISC:http://vuln.sg/powarc964-en.html
Reference: FRSIRT:ADV-2007-0041
Reference: URL:http://www.frsirt.com/english/advisories/2007/0041
Reference: SECUNIA:23559
Reference: URL:http://secunia.com/advisories/23559
Reference: XF:powerarchiver-loadtree-readheader-bo(31263)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31263

Votes:

Name: CVE-2007-0098

Description:
Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.

Status: Candidate
Phase: Assigned (20070105)
Reference: MILW0RM:3075
Reference: URL:http://milw0rm.com/exploits/3075
Reference: FRSIRT:ADV-2007-0035
Reference: URL:http://www.frsirt.com/english/advisories/2007/0035
Reference: XF:verliadmin-language-file-include(31241)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31241

Votes:

Name: CVE-2007-0099

Description:
Race condition in the msxml3 module in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger null pointer dereferences or memory corruption.

Status: Candidate
Phase: Assigned (20070108)
Reference: BUGTRAQ:20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455965/100/0/threaded
Reference: BUGTRAQ:20070104 RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455986/100/0/threaded
Reference: BUGTRAQ:20070104 Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456343/100/0/threaded
Reference: FULLDISC:20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws)
Reference: URL:http://seclists.org/fulldisclosure/2007/Jan/0110.html
Reference: MISC:http://isc.sans.org/diary.php?storyid=2004
Reference: BID:21872
Reference: URL:http://www.securityfocus.com/bid/21872
Reference: SECUNIA:23655
Reference: URL:http://secunia.com/advisories/23655

Votes:

Name: CVE-2007-0100

Description:
The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows remote attackers to overwrite arbitrary files by modifying the client config file on the server, or by operating a malicious server.

Status: Candidate
Phase: Assigned (20070108)
Reference: BUGTRAQ:20070104 Perforce client: security hole by design
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455977/100/0/threaded

Votes:

Name: CVE-2007-0101

Description:
Cross-site request forgery (CSRF) vulnerability in SPINE allows remote attackers to perform unauthorized actions as administrators via unspecified vectors. NOTE: some of these details are obtained from third party information.

Status: Candidate
Phase: Assigned (20070108)
Reference: MISC:http://spine.sourceforge.net/changelog.html
Reference: FRSIRT:ADV-2007-0042
Reference: URL:http://www.frsirt.com/english/advisories/2007/0042
Reference: SECUNIA:23537
Reference: URL:http://secunia.com/advisories/23537
Reference: XF:spine-unspecified-csrf(31283)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31283

Votes:

Name: CVE-2007-0102

Description:
The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

Status: Candidate
Phase: Assigned (20070108)
Reference: MISC:http://projects.info-pull.com/moab/MOAB-06-01-2007.html
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=305214
Reference: CERT:TA07-072A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Reference: BID:21910
Reference: URL:http://www.securityfocus.com/bid/21910
Reference: FRSIRT:ADV-2007-0930
Reference: URL:http://www.frsirt.com/english/advisories/2007/0930
Reference: SECTRACK:1017749
Reference: URL:http://www.securitytracker.com/id?1017749
Reference: SECUNIA:24479
Reference: URL:http://secunia.com/advisories/24479
Reference: XF:multiple-vendor-pdf-code-execution(31364)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31364

Votes:

Name: CVE-2007-0103

Description:
The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

Status: Candidate
Phase: Assigned (20070108)
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=305214
Reference: CERT:TA07-072A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Reference: BID:21910
Reference: URL:http://www.securityfocus.com/bid/21910
Reference: MISC:http://projects.info-pull.com/moab/MOAB-06-01-2007.html
Reference: FRSIRT:ADV-2007-0930
Reference: URL:http://www.frsirt.com/english/advisories/2007/0930
Reference: SECTRACK:1017749
Reference: URL:http://www.securitytracker.com/id?1017749
Reference: SECUNIA:24479
Reference: URL:http://secunia.com/advisories/24479
Reference: XF:multiple-vendor-pdf-code-execution(31364)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31364

Votes:

Name: CVE-2007-0104

Description:
The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

Status: Candidate
Phase: Assigned (20070108)
Reference: BUGTRAQ:20070116 [KDE Security Advisory] kpdf/kword/xpdf denial of service vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457055/100/0/threaded
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20070115-1.txt
Reference: CONFIRM:https://issues.rpath.com/browse/RPL-964
Reference: CONFIRM:http://support.novell.com/techcenter/psdb/44d7cb9b669d58e0ce5aa5d7ab2c7c53.html
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=305214
Reference: MANDRIVA:MDKSA-2007:018
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:018
Reference: MANDRIVA:MDKSA-2007:020
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:020
Reference: MANDRIVA:MDKSA-2007:022
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:022
Reference: MANDRIVA:MDKSA-2007:019
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:019
Reference: MANDRIVA:MDKSA-2007:021
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:021
Reference: MANDRIVA:MDKSA-2007:024
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:024
Reference: SUSE:SUSE-SR:2007:003
Reference: URL:http://www.novell.com/linux/security/advisories/2007_3_sr.html
Reference: UBUNTU:USN-410-1
Reference: URL:http://www.ubuntu.com/usn/usn-410-1
Reference: UBUNTU:USN-410-2
Reference: URL:http://www.ubuntu.com/usn/usn-410-2
Reference: CERT:TA07-072A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Reference: BID:21910
Reference: URL:http://www.securityfocus.com/bid/21910
Reference: MISC:http://projects.info-pull.com/moab/MOAB-06-01-2007.html
Reference: FRSIRT:ADV-2007-0203
Reference: URL:http://www.frsirt.com/english/advisories/2007/0203
Reference: FRSIRT:ADV-2007-0212
Reference: URL:http://www.frsirt.com/english/advisories/2007/0212
Reference: FRSIRT:ADV-2007-0244
Reference: URL:http://www.frsirt.com/english/advisories/2007/0244
Reference: FRSIRT:ADV-2007-0930
Reference: URL:http://www.frsirt.com/english/advisories/2007/0930
Reference: SECTRACK:1017514
Reference: URL:http://securitytracker.com/id?1017514
Reference: SECTRACK:1017749
Reference: URL:http://www.securitytracker.com/id?1017749
Reference: SECUNIA:23799
Reference: URL:http://secunia.com/advisories/23799
Reference: SECUNIA:23791
Reference: URL:http://secunia.com/advisories/23791
Reference: SECUNIA:23808
Reference: URL:http://secunia.com/advisories/23808
Reference: SECUNIA:23813
Reference: URL:http://secunia.com/advisories/23813
Reference: SECUNIA:23815
Reference: URL:http://secunia.com/advisories/23815
Reference: SECUNIA:23844
Reference: URL:http://secunia.com/advisories/23844
Reference: SECUNIA:23839
Reference: URL:http://secunia.com/advisories/23839
Reference: SECUNIA:23876
Reference: URL:http://secunia.com/advisories/23876
Reference: SECUNIA:24204
Reference: URL:http://secunia.com/advisories/24204
Reference: SECUNIA:24479
Reference: URL:http://secunia.com/advisories/24479
Reference: XF:multiple-vendor-pdf-code-execution(31364)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31364

Votes:

Name: CVE-2007-0105

Description:
Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.

Status: Candidate
Phase: Assigned (20070108)
Reference: CISCO:20070105 Multiple Vulnerabilities in Cisco Secure Access Control Server
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml
Reference: CERT-VN:VU#744249
Reference: URL:http://www.kb.cert.org/vuls/id/744249
Reference: BID:21900
Reference: URL:http://www.securityfocus.com/bid/21900
Reference: FRSIRT:ADV-2007-0068
Reference: URL:http://www.frsirt.com/english/advisories/2007/0068
Reference: OSVDB:32642
Reference: URL:http://www.osvdb.org/32642
Reference: SECTRACK:1017475
Reference: URL:http://securitytracker.com/id?1017475
Reference: SECUNIA:23629
Reference: URL:http://secunia.com/advisories/23629
Reference: XF:cisco-acs-csadmin-bo(31323)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31323

Votes:

Name: CVE-2007-0106

Description:
Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request.

Status: Candidate
Phase: Assigned (20070108)
Reference: BUGTRAQ:20070105 Advisory 01/2007: WordPress CSRF Protection XSS Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456048/100/0/threaded
Reference: MISC:http://www.hardened-php.net/advisory_012007.140.html
Reference: CONFIRM:http://wordpress.org/development/2007/01/wordpress-206/
Reference: BID:21893
Reference: URL:http://www.securityfocus.com/bid/21893
Reference: FRSIRT:ADV-2007-0061
Reference: URL:http://www.frsirt.com/english/advisories/2007/0061
Reference: SECUNIA:23595
Reference: URL:http://secunia.com/advisories/23595
Reference: SREASON:2114
Reference: URL:http://securityreason.com/securityalert/2114

Votes:

Name: CVE-2007-0107

Description:
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.

Status: Candidate
Phase: Assigned (20070108)
Reference: BUGTRAQ:20070105 Advisory 02/2007: WordPress Trackback Charset Decoding SQL Injection Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456049/100/0/threaded
Reference: MISC:http://www.hardened-php.net/advisory_022007.141.html
Reference: CONFIRM:http://wordpress.org/development/2007/01/wordpress-206/
Reference: GENTOO:GLSA-200701-10
Reference: URL:http://security.gentoo.org/glsa/glsa-200701-10.xml
Reference: OPENPKG:OpenPKG-SA-2007.005
Reference: URL:http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.005.html
Reference: BID:21907
Reference: URL:http://www.securityfocus.com/bid/21907
Reference: FRSIRT:ADV-2007-0061
Reference: URL:http://www.frsirt.com/english/advisories/2007/0061
Reference: SECUNIA:23595
Reference: URL:http://secunia.com/advisories/23595
Reference: SECUNIA:23741
Reference: URL:http://secunia.com/advisories/23741
Reference: SREASON:2112
Reference: URL:http://securityreason.com/securityalert/2112
Reference: XF:wordpress-mbstring-security-bypass(31297)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31297

Votes:

Name: CVE-2007-0108

Description:
nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles.

Status: Candidate
Phase: Assigned (20070108)
Reference: CONFIRM:http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974970.htm
Reference: BID:21886
Reference: URL:http://www.securityfocus.com/bid/21886
Reference: FRSIRT:ADV-2007-0064
Reference: URL:http://www.frsirt.com/english/advisories/2007/0064
Reference: SECTRACK:1017471
Reference: URL:http://securitytracker.com/id?1017471
Reference: SECUNIA:23619
Reference: URL:http://secunia.com/advisories/23619
Reference: XF:novell-profile-security-bypass(31343)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31343

Votes:

Name: CVE-2007-0109

Description:
wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.

Status: Candidate
Phase: Assigned (20070108)
Reference: BUGTRAQ:20070103 Wordpress <= 2.x dictionnary & Bruteforce attack
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455927/100/0/threaded
Reference: GENTOO:GLSA-200701-10
Reference: URL:http://security.gentoo.org/glsa/glsa-200701-10.xml
Reference: FRSIRT:ADV-2007-0062
Reference: URL:http://www.frsirt.com/english/advisories/2007/0062
Reference: SECUNIA:23621
Reference: URL:http://secunia.com/advisories/23621
Reference: SECUNIA:23741
Reference: URL:http://secunia.com/advisories/23741
Reference: SREASON:2113
Reference: URL:http://securityreason.com/securityalert/2113
Reference: XF:wordpress-account-enumeration(31262)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31262

Votes:

Name: CVE-2007-0110

Description:
Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message.

Status: Candidate
Phase: Assigned (20070108)
Reference: CONFIRM:https://secure-support.novell.com/KanisaPlatform/Publishing/143/3615264_f.SAL_Public.html
Reference: BID:21921
Reference: URL:http://www.securityfocus.com/bid/21921
Reference: FRSIRT:ADV-2007-0073
Reference: URL:http://www.frsirt.com/english/advisories/2007/0073
Reference: SECTRACK:1017483
Reference: URL:http://securitytracker.com/id?1017483
Reference: SECUNIA:23654
Reference: URL:http://secunia.com/advisories/23654

Votes:

Name: CVE-2007-0111

Description:
Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as used in mobile devices running Windows Mobile 5.0, 2003, and 2003SE, allows remote attackers to execute arbitrary code via a crafted PNG image.

Status: Candidate
Phase: Assigned (20070108)
Reference: MISC:http://blog.trendmicro.com/flaw-in-3rd-party-app-weakens-windows-mobile/
Reference: MISC:http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+Resco+Photo+Viewer+6%2E01+Enabling+Code+Injection+and+Arbitrary+Code+Execution
Reference: BID:21920
Reference: URL:http://www.securityfocus.com/bid/21920
Reference: FRSIRT:ADV-2007-0072
Reference: URL:http://www.frsirt.com/english/advisories/2007/0072
Reference: SECUNIA:23658
Reference: URL:http://secunia.com/advisories/23658

Votes:

Name: CVE-2007-0112

Description:
SQL injection vulnerability in cats.asp in createauction allows remote attackers to execute arbitrary SQL commands via the catid parameter.

Status: Candidate
Phase: Assigned (20070108)
Reference: BUGTRAQ:20070107 createauction (cats.asp) Remote SQL Injection Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456272/100/0/threaded
Reference: BID:21929
Reference: URL:http://www.securityfocus.com/bid/21929
Reference: SREASON:2111
Reference: URL:http://securityreason.com/securityalert/2111
Reference: XF:createauction-cats-sql-injection(31356)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31356

Votes:

Name: CVE-2007-0113

Description:
Buffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote authenticated users to cause a denial of service (reset or reboot) via (1) a long traffic class argument to the "class show" command or (2) a long POLICY parameter value in clastree.htm.

Status: Candidate
Phase: Assigned (20070108)
Reference: BUGTRAQ:20070108 Packeteer PacketWise CLI overflow DoS
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456267/100/0/threaded
Reference: BID:21933
Reference: URL:http://www.securityfocus.com/bid/21933
Reference: FRSIRT:ADV-2007-0098
Reference: URL:http://www.frsirt.com/english/advisories/2007/0098
Reference: SECUNIA:23685
Reference: URL:http://secunia.com/advisories/23685
Reference: SREASON:2110
Reference: URL:http://securityreason.com/securityalert/2110
Reference: XF:packetshaper-argument-dos(31357)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31357

Votes:

Name: CVE-2007-0114

Description:
Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote attackers to obtain sensitive information regarding "content details" via unspecified vectors.

Status: Candidate
Phase: Assigned (20070108)
Reference: SUNALERT:102764
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102764-1
Reference: BID:21908
Reference: URL:http://www.securityfocus.com/bid/21908
Reference: FRSIRT:ADV-2007-0076
Reference: URL:http://www.frsirt.com/english/advisories/2007/0076
Reference: SECUNIA:23630
Reference: URL:http://secunia.com/advisories/23630
Reference: XF:sun-java-cds-info-disclosure(31345)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31345

Votes:

Name: CVE-2007-0115

Description:
Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php.

Status: Candidate
Phase: Assigned (20070108)
Reference: BUGTRAQ:20070105 Coppermine Photo Gallery <= 1.4.10 SQL Injection Exploit
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456051/100/0/threaded
Reference: VIM:20070108 Source verify - Coppermine Photo Gallery <= 1.4.10 code injection
Reference: URL:http://www.attrition.org/pipermail/vim/2007-January/001218.html
Reference: MISC:http://acid-root.new.fr/poc/19070104.txt
Reference: SREASON:2107
Reference: URL:http://securityreason.com/securityalert/2107

Votes:

Name: CVE-2007-0116

Description:
Digger Solutions Intranet Open Source (IOS) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for data/intranet.mdb.

Status: Candidate
Phase: Assigned (20070108)
Reference: BUGTRAQ:20070105 Intranet Open Source Remote Password Disclosure "intranet.mdb"
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456047/100/0/threaded
Reference: MISC:http://aria-security.com/forum/showthread.php?goto=newpost&t=88
Reference: SREASON:2109
Reference: URL:http://securityreason.com/securityalert/2109
Reference: XF:intranet-intranet-info-disclosure(31308)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31308

Votes:

Name: CVE-2007-0117

Description:
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.

Status: Candidate
Phase: Assigned (20070108)
Reference: MISC:http://projects.info-pull.com/moab/MOAB-05-01-2007.html
Reference: BID:21899
Reference: URL:http://www.securityfocus.com/bid/21899
Reference: FRSIRT:ADV-2007-0074
Reference: URL:http://www.frsirt.com/english/advisories/2007/0074
Reference: SECUNIA:23653
Reference: URL:http://secunia.com/advisories/23653

Votes:

Name: CVE-2007-0118

Description:
Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to (1) edittag.cgi, (2) edittag.pl, (3) edittag_mp.cgi, or (4) edittag_mp.pl.

Status: Candidate
Phase: Assigned (20070108)
Reference: BUGTRAQ:20070105 Multiple bugs in EditTag
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456055/100/0/threaded
Reference: BID:21890
Reference: URL:http://www.securityfocus.com/bid/21890
Reference: SECUNIA:7950
Reference: URL:http://secunia.com/advisories/7950

Votes:

Name: CVE-2007-0119

Description:
Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.cgi.

Status: Candidate
Phase: Assigned (20070108)
Reference: BUGTRAQ:20070105 Multiple bugs in EditTag
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456055/100/0/threaded
Reference: BID:21891
Reference: URL:http://www.securityfocus.com/bid/21891
Reference: SECUNIA:7950
Reference: URL:http://secunia.com/advisories/7950

Votes:

Name: CVE-2007-0120

Description:
Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values.

Status: Candidate
Phase: Assigned (20070108)
Reference: MILW0RM:3078
Reference: URL:http://milw0rm.com/exploits/3078
Reference: BID:21898
Reference: URL:http://www.securityfocus.com/bid/21898
Reference: XF:acunetix-content-length-dos(31279)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31279

Votes:

Name: CVE-2007-0121

Description:
Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

Status: Candidate
Phase: Assigned (20070108)
Reference: BUGTRAQ:20070105 RI Blog 1.3 XSS Vuln.
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456052/100/0/threaded
Reference: BID:21880
Reference: URL:http://www.securityfocus.com/bid/21880
Reference: FRSIRT:ADV-2007-0083
Reference: URL:http://www.frsirt.com/english/advisories/2007/0083
Reference: SECUNIA:23657
Reference: URL:http://secunia.com/advisories/23657
Reference: SREASON:2108
Reference: URL:http://securityreason.com/securityalert/2108
Reference: XF:riblog-search-xss(31317)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31317

Votes:

Name: CVE-2007-0122

Description:
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.

Status: Candidate
Phase: Assigned (20070108)
Reference: BUGTRAQ:20070105 Coppermine Photo Gallery <= 1.4.10 SQL Injection Exploit
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456051/100/0/threaded
Reference: MILW0RM:3085
Reference: URL:http://milw0rm.com/exploits/3085
Reference: MISC:http://acid-root.new.fr/poc/19070104.txt
Reference: BID:21894
Reference: URL:http://www.securityfocus.com/bid/21894
Reference: SECUNIA:25846
Reference: URL:http://secunia.com/advisories/25846
Reference: SREASON:2123
Reference: URL:http://securityreason.com/securityalert/2123

Votes:

Name: CVE-2007-0123

Description:
Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations.

Status: Candidate
Phase: Assigned (20070108)
Reference: BUGTRAQ:20070105 Uber Uploader 4.2 Arbitrary File Upload Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456045/100/0/threaded
Reference: SREASON:2116
Reference: URL:http://securityreason.com/securityalert/2116
Reference: XF:uber-uploader-phtml-file-upload(31303)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31303

Votes:

Name: CVE-2007-0124

Description:
Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist.

Status: Candidate
Phase: Assigned (20070108)
Reference: BUGTRAQ:20070105 [DRUPAL-SA-2007-002] Drupal 4.6.11 / 4.7.5 fixes DoS issue
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456056/100/0/threaded
Reference: CONFIRM:http://drupal.org/node/104238
Reference: BID:21895
Reference: URL:http://www.securityfocus.com/bid/21895
Reference: FRSIRT:ADV-2007-0051
Reference: URL:http://www.frsirt.com/english/advisories/2007/0051
Reference: SECUNIA:23586
Reference: URL:http://secunia.com/advisories/23586
Reference: SREASON:2115
Reference: URL:http://securityreason.com/securityalert/2115

Votes:

Name: CVE-2007-0125

Description:
Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file.

Status: Candidate
Phase: Assigned (20070108)
Reference: IDEFENSE:20070105 Kaspersky Antivirus Scan Engine PE File Denial of Service Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=459
Reference: BID:21901
Reference: URL:http://www.securityfocus.com/bid/21901
Reference: FRSIRT:ADV-2007-0067
Reference: URL:http://www.frsirt.com/english/advisories/2007/0067
Reference: SECTRACK:1017476
Reference: URL:http://securitytracker.com/id?1017476
Reference: SECUNIA:23575
Reference: URL:http://secunia.com/advisories/23575
Reference: XF:kaspersky-antivirus-pe-dos(31315)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31315

Votes:

Name: CVE-2007-0126

Description:
Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table (DHT) marker.

Status: Candidate
Phase: Assigned (20070108)
Reference: IDEFENSE:20070105 Opera Software Opera Web Browser JPG Image DHT Marker Heap Corruption Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=457
Reference: CONFIRM:http://www.opera.com/support/search/supsearch.dml?index=852
Reference: GENTOO:GLSA-200701-08
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200701-08.xml
Reference: SUSE:SUSE-SA:2007:009
Reference: URL:http://lists.suse.com/archive/suse-security-announce/2007-Jan/0009.html
Reference: FRSIRT:ADV-2007-0060
Reference: URL:http://www.frsirt.com/english/advisories/2007/0060
Reference: SECTRACK:1017473
Reference: URL:http://securitytracker.com/id?1017473
Reference: SECUNIA:23613
Reference: URL:http://secunia.com/advisories/23613
Reference: SECUNIA:23739
Reference: URL:http://secunia.com/advisories/23739
Reference: SECUNIA:23771
Reference: URL:http://secunia.com/advisories/23771
Reference: XF:opera-jpeg-dht-bo(31305)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31305

Votes:

Name: CVE-2007-0127

Description:
The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call.

Status: Candidate
Phase: Assigned (20070108)
Reference: IDEFENSE:20070105 Opera Software Opera Web Browser createSVGTransformFromMatrix Object Typecasting Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458
Reference: CONFIRM:http://www.opera.com/support/search/supsearch.dml?index=851
Reference: GENTOO:GLSA-200701-08
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200701-08.xml
Reference: SUSE:SUSE-SA:2007:009
Reference: URL:http://lists.suse.com/archive/suse-security-announce/2007-Jan/0009.html
Reference: FRSIRT:ADV-2007-0060
Reference: URL:http://www.frsirt.com/english/advisories/2007/0060
Reference: SECTRACK:1017473
Reference: URL:http://securitytracker.com/id?1017473
Reference: SECUNIA:23613
Reference: URL:http://secunia.com/advisories/23613
Reference: SECUNIA:23739
Reference: URL:http://secunia.com/advisories/23739
Reference: SECUNIA:23771
Reference: URL:http://secunia.com/advisories/23771

Votes:

Name: CVE-2007-0128

Description:
SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter.

Status: Candidate
Phase: Assigned (20070108)
Reference: MILW0RM:3081
Reference: URL:http://milw0rm.com/exploits/3081
Reference: FRSIRT:ADV-2007-0053
Reference: URL:http://www.frsirt.com/english/advisories/2007/0053
Reference: SECUNIA:23606
Reference: URL:http://secunia.com/advisories/23606

Votes:

Name: CVE-2007-0129

Description:
SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatID parameter.

Status: Candidate
Phase: Assigned (20070108)
Reference: MILW0RM:3073
Reference: URL:http://milw0rm.com/exploits/3073
Reference: FRSIRT:ADV-2007-0052
Reference: URL:http://www.frsirt.com/english/advisories/2007/0052
Reference: XF:locazolist-main-sql-injection(31242)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31242

Votes:

Name: CVE-2007-0130

Description:
SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Status: Candidate
Phase: Assigned (20070108)
Reference: BUGTRAQ:20070105 IG Calendar SQL Injection
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456044/100/0/threaded
Reference: MILW0RM:3082
Reference: URL:http://milw0rm.com/exploits/3082
Reference: BID:21873
Reference: URL:http://www.securityfocus.com/bid/21873
Reference: FRSIRT:ADV-2007-0055
Reference: URL:http://www.frsirt.com/english/advisories/2007/0055
Reference: SECUNIA:23602
Reference: URL:http://secunia.com/advisories/23602
Reference: XF:igcalendar-user-sql-injection(31300)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31300

Votes:

Name: CVE-2007-0131

Description:
JAMWiki before 0.5.0 does not properly check permissions during moves of "read-only or admin-only topics," which allows remote attackers to make unauthorized changes to the wiki.

Status: Candidate
Phase: Assigned (20070108)
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?group_id=171441&release_id=475663
Reference: BID:21879
Reference: URL:http://www.securityfocus.com/bid/21879
Reference: SECUNIA:23634
Reference: URL:http://secunia.com/advisories/23634
Reference: XF:jamwiki-permission-security-bypass(31296)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31296

Votes:

Name: CVE-2007-0132

Description:
SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Status: Candidate
Phase: Assigned (20070108)
Reference: BUGTRAQ:20070105 IG Shop remote code execution
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456043/100/0/threaded
Reference: MILW0RM:3083
Reference: URL:http://milw0rm.com/exploits/3083
Reference: MISC:http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt
Reference: BID:21874
Reference: URL:http://www.securityfocus.com/bid/21874
Reference: FRSIRT:ADV-2007-0056
Reference: URL:http://www.frsirt.com/english/advisories/2007/0056
Reference: SECUNIA:23604
Reference: URL:http://secunia.com/advisories/23604
Reference: XF:igshop-compareproduct-sql-injection(31299)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31299

Votes:

Name: CVE-2007-0133

Description:
Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter.

Status: Candidate
Phase: Assigned (20070108)
Reference: FRSIRT:ADV-2007-0056
Reference: URL:http://www.frsirt.com/english/advisories/2007/0056

Votes:

Name: CVE-2007-0134

Description:
Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4.

Status: Candidate
Phase: Assigned (20070108)
Reference: BUGTRAQ:20070105 IG Shop remote code execution
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456043/100/0/threaded
Reference: BUGTRAQ:20070619 iG Shop 1.4 eval Inclusion Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/471722/100/0/threaded
Reference: MISC:http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt
Reference: MILW0RM:3083
Reference: URL:http://milw0rm.com/exploits/3083
Reference: VIM:20070618 Dup: iG Shop 1.4 (page.php) Remote Code Execution Exploit
Reference: URL:http://www.attrition.org/pipermail/vim/2007-June/001664.html
Reference: BID:21875
Reference: URL:http://www.securityfocus.com/bid/21875
Reference: FRSIRT:ADV-2007-0056
Reference: URL:http://www.frsirt.com/english/advisories/2007/0056
Reference: SECUNIA:23604
Reference: URL:http://secunia.com/advisories/23604
Reference: XF:igshop-cartpage-code-execution(31301)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31301

Votes:

Name: CVE-2007-0135

Description:
PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the current_path parameter.

Status: Candidate
Phase: Assigned (20070108)
Reference: VIM:20070108 Source verify of Aratix RFI
Reference: URL:http://www.attrition.org/pipermail/vim/2007-January/001219.html
Reference: MISC:http://securityreason.com/exploitalert/1698
Reference: MILW0RM:3079
Reference: URL:http://milw0rm.com/exploits/3079
Reference: FRSIRT:ADV-2007-0054
Reference: URL:http://www.frsirt.com/english/advisories/2007/0054
Reference: XF:aratix-init-file-include(31282)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31282

Votes:

Name: CVE-2007-0136

Description:
Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information.

Status: Candidate
Phase: Assigned (20070108)
Reference: BUGTRAQ:20070105 [DRUPAL-SA-2007-001] Drupal 4.6.11 / 4.7.5 fixes XSS issue
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456054/100/100/threaded
Reference: FULLDISC:20070105 [DRUPAL-SA-2007-001] Drupal 4.6.11 / 4.7.5 fixes
Reference: URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=116799778408115&w=2
Reference: CONFIRM:http://drupal.org/node/104233
Reference: CONFIRM:http://drupal.org/files/sa-2007-001/advisory.txt
Reference: FRSIRT:ADV-2007-0050
Reference: URL:http://www.frsirt.com/english/advisories/2007/0050
Reference: XF:drupal-core-unspecified-xss(31311)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31311

Votes:

Name: CVE-2007-0137

Description:
Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ Serene Bach 2.05R and earlier, and 2.08D and earlier in the 2.08 series; and (2) sb 1.13D and earlier, and 1.18R and earlier in the 1.18 series; allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Status: Candidate
Phase: Assigned (20070108)
Reference: MISC:http://jvn.jp/jp/JVN%2365500885/index.html
Reference: CONFIRM:http://serenebach.net/log/sb119R.html
Reference: CONFIRM:http://serenebach.net/log/sb209R.html
Reference: BID:21884
Reference: URL:http://www.securityfocus.com/bid/21884
Reference: FRSIRT:ADV-2007-0065
Reference: URL:http://www.frsirt.com/english/advisories/2007/0065
Reference: SECTRACK:1017470
Reference: URL:http://securitytracker.com/id?1017470
Reference: SECUNIA:23623
Reference: URL:http://secunia.com/advisories/23623
Reference: XF:serene-bach-unspecified-xss(31302)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31302

Votes:

Name: CVE-2007-0138

Description:
formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with (1) AbfrageForm or (2) EingabeForm, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Status: Candidate
Phase: Assigned (20070108)
Reference: SECUNIA:23539
Reference: URL:http://secunia.com/advisories/23539
Reference: XF:formbankserver-formbank-dos(31216)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31216

Votes:

Name: CVE-2007-0139

Description:
Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain "unintended privileged access to data and system resources" via unspecified vectors, related to (1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.HLB, and (4) [SYSMGR]CTF$STARTUP.COM.

Status: Candidate
Phase: Assigned (20070108)
Reference: CONFIRM:ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/AXP_DNVOSIMUP01-V0703-2.txt
Reference: CONFIRM:ftp://ftp.itrc.hp.com/openvms_patches/vax/V7.3/VAX_DNVOSIMUP01-V0703.txt
Reference: FRSIRT:ADV-2007-0063
Reference: URL:http://www.frsirt.com/english/advisories/2007/0063
Reference: SECUNIA:23636
Reference: URL:http://secunia.com/advisories/23636

Votes:

Name: CVE-2007-0140

Description:
SQL injection vulnerability in down.asp in Kolayindir Download (Yenionline) allows remote attackers to execute arbitrary SQL commands via the id parameter.

Status: Candidate
Phase: Assigned (20070109)
Reference: BUGTRAQ:20070105 Kolayindir Download (Yenionline) (tr) SqL Injection Vuln.
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456068/100/0/threaded
Reference: BID:21889
Reference: URL:http://www.securityfocus.com/bid/21889
Reference: FRSIRT:ADV-2007-0079
Reference: URL:http://www.frsirt.com/english/advisories/2007/0079
Reference: SECUNIA:23645
Reference: URL:http://secunia.com/advisories/23645
Reference: SREASON:2122
Reference: URL:http://securityreason.com/securityalert/2122
Reference: XF:kolayindirdownload-down-sql-injection(31320)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31320

Votes:

Name: CVE-2007-0141

Description:
Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

Status: Candidate
Phase: Assigned (20070109)
Reference: BUGTRAQ:20070106 Yet Another Link Directory v1.0
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456122/100/0/threaded
Reference: BID:21904
Reference: URL:http://www.securityfocus.com/bid/21904
Reference: FRSIRT:ADV-2007-0082
Reference: URL:http://www.frsirt.com/english/advisories/2007/0082
Reference: SECUNIA:23646
Reference: URL:http://secunia.com/advisories/23646
Reference: SREASON:2121
Reference: URL:http://securityreason.com/securityalert/2121
Reference: XF:yald-yald-xss(31322)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31322

Votes:

Name: CVE-2007-0142

Description:
SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the CatID parameter.

Status: Candidate
Phase: Assigned (20070109)
Reference: BUGTRAQ:20070106 shopstorenow (orange.asp) sql injection
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456127/100/0/threaded
Reference: BID:21905
Reference: URL:http://www.securityfocus.com/bid/21905
Reference: FRSIRT:ADV-2007-0080
Reference: URL:http://www.frsirt.com/english/advisories/2007/0080
Reference: SECUNIA:23642
Reference: URL:http://secunia.com/advisories/23642
Reference: SREASON:2120
Reference: URL:http://securityreason.com/securityalert/2120
Reference: XF:shopstorenow-orange-sql-injection(31313)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31313

Votes:

Name: CVE-2007-0143

Description:
Multiple PHP remote file inclusion vulnerabilities in NUNE News Script 2.0pre2 allow remote attackers to execute arbitrary PHP code via a URL in the custom_admin_path parameter to (1) index.php or (2) archives.php.

Status: Candidate
Phase: Assigned (20070109)
Reference: BUGTRAQ:20070107 NUNE News Script (custom_admin_path) Remote File Include Vulnerablity
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456242/100/0/threaded
Reference: MILW0RM:3090
Reference: URL:http://milw0rm.com/exploits/3090
Reference: FRSIRT:ADV-2007-0078
Reference: URL:http://www.frsirt.com/english/advisories/2007/0078
Reference: SECUNIA:23635
Reference: URL:http://secunia.com/advisories/23635
Reference: XF:nune-index-archives-file-include(31312)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31312

Votes:

Name: CVE-2007-0144

Description:
Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter.

Status: Candidate
Phase: Assigned (20070109)
Reference: MILW0RM:3089
Reference: URL:http://milw0rm.com/exploits/3089
Reference: SECUNIA:23652
Reference: URL:http://secunia.com/advisories/23652
Reference: XF:qos-search-xss(31321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31321

Votes:

Name: CVE-2007-0145

Description:
PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP News (BP News) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter, a different vector than CVE-2006-4648 and CVE-2006-4649.

Status: Candidate
Phase: Assigned (20070109)
Reference: SECTRACK:1017477
Reference: URL:http://securitytracker.com/id?1017477
Reference: XF:bingo-bnsmrep1-file-include(31328)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31328

Votes:

Name: CVE-2007-0146

Description:
Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6) Address 2, (7) Town/City, (8) Postcode, (9) Phone Number, (10) Email Address and (11) Website Address form fields in (c) new_customer.php; and unspecified fields in (d) search.php and (e) client-results.php.

Status: Candidate
Phase: Assigned (20070109)
Reference: BUGTRAQ:20070106 Fix & Chips CMS v1.0
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456121/100/0/threaded
Reference: FRSIRT:ADV-2007-0081
Reference: URL:http://www.frsirt.com/english/advisories/2007/0081
Reference: OSVDB:32646
Reference: URL:http://www.osvdb.org/32646
Reference: OSVDB:32647
Reference: URL:http://www.osvdb.org/32647
Reference: OSVDB:32648
Reference: URL:http://www.osvdb.org/32648
Reference: OSVDB:32649
Reference: URL:http://www.osvdb.org/32649
Reference: OSVDB:32650
Reference: URL:http://www.osvdb.org/32650
Reference: SECUNIA:23625
Reference: URL:http://secunia.com/advisories/23625
Reference: SREASON:2119
Reference: URL:http://securityreason.com/securityalert/2119
Reference: XF:fixandchips-multiple-scripts-xss(31319)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31319

Votes:

Name: CVE-2007-0147

Description:
Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles.

Status: Candidate
Phase: Assigned (20070109)
Reference: CONFIRM:http://www.cuyahoga-project.org/10/section.aspx/61
Reference: CONFIRM:http://cuyahoga.svn.sourceforge.net/viewvc/cuyahoga?view=rev&revision=551
Reference: BID:21927
Reference: URL:http://www.securityfocus.com/bid/21927
Reference: SECUNIA:23662
Reference: URL:http://secunia.com/advisories/23662

Votes:

Name: CVE-2007-0148

Description:
Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function.

Status: Candidate
Phase: Assigned (20070109)
Reference: BUGTRAQ:20070111 DMA[2007-0107a] OmniWeb Javascript Alert Format String Vulnerabiity and DMA[2007-0109a] Apple Finder Disk Image Volume Label Overflow / DoS
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456578/100/0/threaded
Reference: MISC:http://projects.info-pull.com/moab/MOAB-07-01-2007.html
Reference: MILW0RM:3098
Reference: URL:http://milw0rm.com/exploits/3098
Reference: MISC:http://www.digitalmunition.com/DMA%5B2007-0107a%5D.txt
Reference: CONFIRM:http://www.omnigroup.com/applications/omniweb/releasenotes/
Reference: CONFIRM:http://blog.omnigroup.com/2007/01/07/omniweb-552-now-available-and-more-secure/
Reference: BID:21911
Reference: URL:http://www.securityfocus.com/bid/21911
Reference: FRSIRT:ADV-2007-0075
Reference: URL:http://www.frsirt.com/english/advisories/2007/0075
Reference: SECUNIA:23624
Reference: URL:http://secunia.com/advisories/23624
Reference: XF:omniweb-alert-format-string(31324)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31324

Votes:

Name: CVE-2007-0149

Description:
EMembersPro 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for users.mdb.

Status: Candidate
Phase: Assigned (20070109)
Reference: BUGTRAQ:20070107 EMembersPro 1.0 Remote Password Disclosure Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456228/100/0/threaded
Reference: SREASON:2118
Reference: URL:http://securityreason.com/securityalert/2118
Reference: XF:ememberspro-users-info-disclosure(31329)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31329

Votes:

Name: CVE-2007-0150

Description:
Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters.

Status: Candidate
Phase: Assigned (20070109)
Reference: BUGTRAQ:20070107 Dayfox Blog Remote File Include Vuln.
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456212/100/0/threaded
Reference: FRSIRT:ADV-2007-0099
Reference: URL:http://www.frsirt.com/english/advisories/2007/0099
Reference: SECUNIA:23661
Reference: URL:http://secunia.com/advisories/23661
Reference: SREASON:2117
Reference: URL:http://securityreason.com/securityalert/2117
Reference: XF:dayfoxblog-index-file-include(31336)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31336

Votes:

Name: CVE-2007-0151

Description:
MitiSoft stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for access_MS/MitiSoft.mdb.

Status: Candidate
Phase: Assigned (20070109)
Reference: BUGTRAQ:20070107 MitiSoft Remote Password Disclosure Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456230/100/0/threaded
Reference: XF:mitisoft-mitisoft-info-disclosure(31341)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31341

Votes:

Name: CVE-2007-0152

Description:
OhhASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/OhhASP.mdb.

Status: Candidate
Phase: Assigned (20070109)
Reference: BUGTRAQ:20070106 ohhASP Remote Password Disclosure
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456117/100/0/threaded
Reference: MISC:http://64.38.62.221/ariasecucom/forum/showthread.php?t=89
Reference: XF:ohhasp-ohhasp-info-disclosure(31342)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31342

Votes:

Name: CVE-2007-0153

Description:
AJLogin 3.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for ajlogin.mdb.

Status: Candidate
Phase: Assigned (20070109)
Reference: BUGTRAQ:20070107 AJLogin v3.5 Remote Password Disclosure Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456226/100/0/threaded
Reference: SREASON:2127
Reference: URL:http://securityreason.com/securityalert/2127
Reference: XF:ajlogin-ajlogin-info-disclosure(31331)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31331

Votes:

Name: CVE-2007-0154

Description:
Webulas stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/db.mdb.

Status: Candidate
Phase: Assigned (20070109)
Reference: BUGTRAQ:20070107 Webulas Remote Password Disclosure Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456239/100/0/threaded
Reference: SREASON:2126
Reference: URL:http://securityreason.com/securityalert/2126
Reference: XF:webulas-db-info-disclosure(31338)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31338

Votes:

Name: CVE-2007-0155

Description:
HarikaOnline 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for harikaonline.mdb.

Status: Candidate
Phase: Assigned (20070109)
Reference: BUGTRAQ:20070107 HarikaOnline v2.0 Remote Password Disclosure Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456238/100/0/threaded
Reference: SREASON:2125
Reference: URL:http://securityreason.com/securityalert/2125
Reference: XF:harikaonline-harikaonline-info-disclosure(31339)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31339

Votes:

Name: CVE-2007-0156

Description:
M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb.

Status: Candidate
Phase: Assigned (20070109)
Reference: BUGTRAQ:20070107 M-Core Remote Password Disclosure Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456235/100/0/threaded
Reference: SREASON:2124
Reference: URL:http://securityreason.com/securityalert/2124
Reference: XF:mcore-uyelik-info-disclosure(31340)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31340

Votes:

Name: CVE-2007-0157

Description:
Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index.

Status: Candidate
Phase: Assigned (20070109)
Reference: MLIST:[neon] 20070107 invalid chars cause sigserv in neon
Reference: URL:http://mailman.webdav.org/pipermail/neon/2007-January/002362.html
Reference: MLIST:[cadaver] 20070123 release 0.22.5
Reference: URL:http://mailman.webdav.org/pipermail/cadaver/2007-January/001015.html
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi/neon26_0.26.2-3_to_mdx1.diff?bug=404723;msg=5;att=2
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723
Reference: CONFIRM:http://www.webdav.org/cadaver/
Reference: MANDRIVA:MDKSA-2007:013
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:013
Reference: SUSE:SUSE-SR:2007:002
Reference: URL:http://www.novell.com/linux/security/advisories/2007_02_sr.html
Reference: BID:22035
Reference: URL:http://www.securityfocus.com/bid/22035
Reference: FRSIRT:ADV-2007-0172
Reference: URL:http://www.frsirt.com/english/advisories/2007/0172
Reference: FRSIRT:ADV-2007-0362
Reference: URL:http://www.frsirt.com/english/advisories/2007/0362
Reference: SECUNIA:23763
Reference: URL:http://secunia.com/advisories/23763
Reference: SECUNIA:23751
Reference: URL:http://secunia.com/advisories/23751
Reference: SECUNIA:23984
Reference: URL:http://secunia.com/advisories/23984

Votes:

Name: CVE-2007-0158

Status: Candidate
Phase: Assigned (20070109)

Votes:

Name: CVE-2007-0159

Description:
Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the database filename, which is returned by a request to app/update_getfilename.

Status: Candidate
Phase: Assigned (20070109)
Reference: MISC:http://arctic.org/~dean/patches/GeoIP-1.4.0-update-vulnerability.patch
Reference: MANDRIVA:MDKSA-2007:004
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:004
Reference: UBUNTU:USN-412-1
Reference: URL:http://www.ubuntu.com/usn/usn-412-1
Reference: BID:21959
Reference: URL:http://www.securityfocus.com/bid/21959
Reference: FRSIRT:ADV-2007-0117
Reference: URL:http://www.frsirt.com/english/advisories/2007/0117
Reference: FRSIRT:ADV-2007-0118
Reference: URL:http://www.frsirt.com/english/advisories/2007/0118
Reference: SECUNIA:23880
Reference: URL:http://secunia.com/advisories/23880
Reference: SECUNIA:23906
Reference: URL:http://secunia.com/advisories/23906
Reference: XF:geoip-geoipupdate-directory-traversal(31383)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31383

Votes:

Name: CVE-2007-0160

Description:
Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings.

Status: Candidate
Phase: Assigned (20070109)
Reference: BUGTRAQ:20070107 TK53 Advisory #1: CenterICQ remote DoS buffer overflow in LiveJournal handling
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456255/100/0/threaded
Reference: GENTOO:GLSA-200701-20
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200701-20.xml
Reference: BID:21932
Reference: URL:http://www.securityfocus.com/bid/21932
Reference: FRSIRT:ADV-2007-0306
Reference: URL:http://www.frsirt.com/english/advisories/2007/0306
Reference: SECTRACK:1017545
Reference: URL:http://securitytracker.com/id?1017545
Reference: SREASON:2129
Reference: URL:http://securityreason.com/securityalert/2129
Reference: XF:centericq-username-bo(31330)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31330

Votes:

Name: CVE-2007-0161

Description:
The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023.

Status: Candidate
Phase: Assigned (20070109)
Reference: BUGTRAQ:20070108 HP Multiple Products PML Driver Local Privilege Escalation
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456259/100/0/threaded
Reference: MISC:http://secway.org/advisory/AD20070108.txt
Reference: BID:21935
Reference: URL:http://www.securityfocus.com/bid/21935
Reference: FRSIRT:ADV-2007-0094
Reference: URL:http://www.frsirt.com/english/advisories/2007/0094
Reference: SECUNIA:23663
Reference: URL:http://secunia.com/advisories/23663
Reference: SREASON:2128
Reference: URL:http://securityreason.com/securityalert/2128
Reference: XF:pml-driver-config-privilege-escalation(31361)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31361

Votes:

Name: CVE-2007-0162

Description:
Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing the binary or library files.

Status: Candidate
Phase: Assigned (20070109)
Reference: MISC:http://landonf.bikemonkey.org/code/macosx/MOAB_Day_8.20070109002959.18582.timor.html
Reference: MISC:http://projects.info-pull.com/moab/MOAB-08-01-2007.html
Reference: BID:21951
Reference: URL:http://www.securityfocus.com/bid/21951
Reference: SECUNIA:23649
Reference: URL:http://secunia.com/advisories/23649
Reference: XF:ape-appenhancer-privilege-escalation(31349)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31349

Votes:

Name: CVE-2007-0163

Description:
SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information.

Status: Candidate
Phase: Assigned (20070109)
Reference: BUGTRAQ:20070106 Cracking Steganography Application in less than ONE minute
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456283/100/0/threaded
Reference: BUGTRAQ:20070107 A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456519/100/0/threaded
Reference: MISC:http://homepage.mac.com/adonismac/Advisory/steg/steganography.html
Reference: SECUNIA:23639
Reference: URL:http://secunia.com/advisories/23639
Reference: XF:steganography-password-security-bypass(31378)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31378

Votes:

Name: CVE-2007-0164

Description:
Camouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing certain bytes of the JPEG image with alternate password information.

Status: Candidate
Phase: Assigned (20070109)
Reference: BUGTRAQ:20070107 A Major design Bug in Camouflage 1.2.1 (latest)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456541/100/0/threaded
Reference: MISC:http://homepage.mac.com/adonismac/Advisory/steg/camouflage.html
Reference: BID:21939
Reference: URL:http://www.securityfocus.com/bid/21939
Reference: SECUNIA:23578
Reference: URL:http://secunia.com/advisories/23578
Reference: XF:camouflage-password-security-bypass(31375)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31375

Votes:

Name: CVE-2007-0165

Description:
Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.

Status: Candidate
Phase: Assigned (20070109)
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-036.htm
Reference: SUNALERT:102713
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102713-1
Reference: BID:21964
Reference: URL:http://www.securityfocus.com/bid/21964
Reference: FRSIRT:ADV-2007-0110
Reference: URL:http://www.frsirt.com/english/advisories/2007/0110
Reference: OVAL:oval:org.mitre.oval:def:2210
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2210
Reference: SECTRACK:1017492
Reference: URL:http://securitytracker.com/id?1017492
Reference: SECUNIA:23700
Reference: URL:http://secunia.com/advisories/23700
Reference: SECUNIA:24056
Reference: URL:http://secunia.com/advisories/24056
Reference: XF:solaris-rpcbind-dos(31366)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31366

Votes:

Name: CVE-2007-0166

Description:
The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack.

Status: Candidate
Phase: Assigned (20070109)
Reference: FREEBSD:FreeBSD-SA-07:01
Reference: URL:http://security.freebsd.org/advisories/FreeBSD-SA-07:01.jail.asc
Reference: BID:22011
Reference: URL:http://www.securityfocus.com/bid/22011
Reference: SECTRACK:1017505
Reference: URL:http://securitytracker.com/id?1017505
Reference: SECUNIA:23730
Reference: URL:http://secunia.com/advisories/23730

Votes:

Name: CVE-2007-0167

Description:
Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with other aliases, allow remote attackers to execute arbitrary PHP code via a URL in the INC parameter in (1) config_admin.php, (2) config_main.php, (3) config_member.php, and (4) mysql_config.php in config/; (5) admin.php and (6) index.php in admini/; (7) paypalipn/ipnprocess.php; (8) index.php and (9) registration.php in members/; and (10) ppcbannerclick.php and (11) ppcclick.php in main/.

Status: Candidate
Phase: Assigned (20070109)
Reference: BUGTRAQ:20070109 ppc engine Multiple file inclusion
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456386/100/0/threaded
Reference: MILW0RM:3104
Reference: URL:http://milw0rm.com/exploits/3104
Reference: VIM:20070109 "ppc engine" is WGS-PPC
Reference: URL:http://www.attrition.org/pipermail/vim/2007-January/001221.html
Reference: BID:21961
Reference: URL:http://www.securityfocus.com/bid/21961
Reference: OSVDB:33444
Reference: URL:http://www.osvdb.org/33444
Reference: OSVDB:33445
Reference: URL:http://www.osvdb.org/33445
Reference: OSVDB:33446
Reference: URL:http://www.osvdb.org/33446
Reference: OSVDB:33447
Reference: URL:http://www.osvdb.org/33447
Reference: OSVDB:33448
Reference: URL:http://www.osvdb.org/33448
Reference: OSVDB:33449
Reference: URL:http://www.osvdb.org/33449
Reference: OSVDB:33450
Reference: URL:http://www.osvdb.org/33450
Reference: OSVDB:33451
Reference: URL:http://www.osvdb.org/33451
Reference: OSVDB:33452
Reference: URL:http://www.osvdb.org/33452
Reference: OSVDB:33453
Reference: URL:http://www.osvdb.org/33453
Reference: OSVDB:33454
Reference: URL:http://www.osvdb.org/33454
Reference: SREASON:2134
Reference: URL:http://securityreason.com/securityalert/2134
Reference: XF:demoppc-inc-file-include(31355)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31355

Votes:

Name: CVE-2007-0168

Description:
The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed.

Status: Candidate
Phase: Assigned (20070110)
Reference: BUGTRAQ:20070111 ZDI-07-002: CA BrightStor ARCserve Backup Tape Engine Code Execution Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456616/100/0/threaded
Reference: BUGTRAQ:20070111 LS-20061002 - Computer Associates BrightStor ARCserve Backup Remote Code Execution Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/456637
Reference: BUGTRAQ:20070111 [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/456711
Reference: MISC:http://www.zerodayinitiative.com/advisories/ZDI-07-002.html
Reference: MISC:http://livesploit.com/advisories/LS-20061002.pdf
Reference: MISC:http://www.lssec.com/advisories/LS-20061002.pdf
Reference: CONFIRM:http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp
Reference: CERT-VN:VU#662400
Reference: URL:http://www.kb.cert.org/vuls/id/662400
Reference: BID:22010
Reference: URL:http://www.securityfocus.com/bid/22010
Reference: FRSIRT:ADV-2007-0154
Reference: URL:http://www.frsirt.com/english/advisories/2007/0154
Reference: SECTRACK:1017506
Reference: URL:http://securitytracker.com/id?1017506
Reference: SECUNIA:23648
Reference: URL:http://secunia.com/advisories/23648
Reference: XF:brightstor-tapeengine-code-execution(31442)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31442

Votes:

Name: CVE-2007-0169

Description:
Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service, or opnum (3) 0xCF in the Tape Engine service.

Status: Candidate
Phase: Assigned (20070110)
Reference: IDEFENSE:20070111 Computer Associates BrightStor ARCserve Backup RPC Engine PFC Request Buffer Overflow Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=467
Reference: BUGTRAQ:20070111 ZDI-07-003: CA BrightStor ARCserve Backup Message Engine Buffer Overflow Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456619/100/0/threaded
Reference: BUGTRAQ:20070111 ZDI-07-004: CA BrightStor ARCserve Backup Tape Engine Buffer Overflow Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456618/100/0/threaded
Reference: BUGTRAQ:20070111 [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/456711
Reference: MISC:http://www.zerodayinitiative.com/advisories/ZDI-07-003.html
Reference: MISC:http://www.zerodayinitiative.com/advisories/ZDI-07-004.html
Reference: CONFIRM:http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp
Reference: CERT-VN:VU#180336
Reference: URL:http://www.kb.cert.org/vuls/id/180336
Reference: CERT-VN:VU#151032
Reference: URL:http://www.kb.cert.org/vuls/id/151032
Reference: BID:22005
Reference: URL:http://www.securityfocus.com/bid/22005
Reference: BID:22006
Reference: URL:http://www.securityfocus.com/bid/22006
Reference: FRSIRT:ADV-2007-0154
Reference: URL:http://www.frsirt.com/english/advisories/2007/0154
Reference: SECTRACK:1017506
Reference: URL:http://securitytracker.com/id?1017506
Reference: SECUNIA:23648
Reference: URL:http://secunia.com/advisories/23648
Reference: XF:brightstor-messageengine-rpc-bo(31443)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31443
Reference: XF:brightstor-tapeengine-rpc-bo(31433)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31433

Votes:

Name: CVE-2007-0170

Description:
PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMV_serverpath parameter.

Status: Candidate
Phase: Assigned (20070110)
Reference: MILW0RM:3097
Reference: URL:http://milw0rm.com/exploits/3097
Reference: BID:21917
Reference: URL:http://www.securityfocus.com/bid/21917
Reference: XF:allmyvisitors-index-file-include(31316)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31316

Votes:

Name: CVE-2007-0171

Description:
PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter.

Status: Candidate
Phase: Assigned (20070110)
Reference: MILW0RM:3096
Reference: URL:http://milw0rm.com/exploits/3096
Reference: BID:21916
Reference: URL:http://www.securityfocus.com/bid/21916
Reference: XF:allmylinks-index-file-include(31314)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31314

Votes:

Name: CVE-2007-0172

Description:
Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and (2) signin.php; and possibly via a URL in unspecified parameters to (3) include/submit.inc.php, (4) admin/index.php, (5) include/cm_submit.inc.php, and (6) index.php.

Status: Candidate
Phase: Assigned (20070110)
Reference: MILW0RM:3093
Reference: URL:http://milw0rm.com/exploits/3093
Reference: BID:21918
Reference: URL:http://www.securityfocus.com/bid/21918
Reference: XF:allmyguests-multiple-file-include(31310)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31310

Votes:

Name: CVE-2007-0173

Description:
Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.

Status: Candidate
Phase: Assigned (20070110)
Reference: MILW0RM:3091
Reference: URL:http://milw0rm.com/exploits/3091
Reference: BID:21914
Reference: URL:http://www.securityfocus.com/bid/21914
Reference: FRSIRT:ADV-2007-0097
Reference: URL:http://www.frsirt.com/english/advisories/2007/0097
Reference: XF:l2j-statistik-index-file-include(31309)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31309

Votes:

Name: CVE-2007-0174

Description:
Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ActiveX Control in Sina UC2006 and earlier allow remote attackers to execute arbitrary code via a long string in the (1) astrVerion parameter to the SendChatRoomOpt function or (2) the astrDownDir parameter to the SendDownLoadFile function.

Status: Candidate
Phase: Assigned (20070110)
Reference: BUGTRAQ:20070109 Sina UC ActiveX Multiple Remote Stack Overflow
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456378/100/0/threaded
Reference: FULLDISC:20070109 Sina UC ActiveX Multiple Remote Stack Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=116832852700467&w=2
Reference: MISC:http://secway.org/advisory/ad20070109EN.txt
Reference: BID:21958
Reference: URL:http://www.securityfocus.com/bid/21958
Reference: FRSIRT:ADV-2007-0093
Reference: URL:http://www.frsirt.com/english/advisories/2007/0093
Reference: SECUNIA:23638
Reference: URL:http://secunia.com/advisories/23638
Reference: XF:sinauc-sendchatroomopt-bo(31348)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31348
Reference: XF:sinauc-senddownloadfile-bo(31350)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31350

Votes:

Name: CVE-2007-0175

Description:
Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter.

Status: Candidate
Phase: Assigned (20070110)
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=410568
Reference: DEBIAN:DSA-1568
Reference: URL:http://www.debian.org/security/2008/dsa-1568
Reference: BID:21953
Reference: URL:http://www.securityfocus.com/bid/21953
Reference: SECUNIA:23656
Reference: URL:http://secunia.com/advisories/23656
Reference: SECUNIA:30093
Reference: URL:http://secunia.com/advisories/30093
Reference: XF:b2evolution-login-xss(31368)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31368

Votes:

Name: CVE-2007-0176

Description:
Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter.

Status: Candidate
Phase: Assigned (20070110)
Reference: BUGTRAQ:20070108 GForge Cross Site Scripting vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456296/100/0/threaded
Reference: MISC:http://www.eazel.es/advisory006-gforge-cross-site-scripting-vulnerability.html
Reference: DEBIAN:DSA-1475
Reference: URL:http://www.debian.org/security/2008/dsa-1475
Reference: BID:21946
Reference: URL:http://www.securityfocus.com/bid/21946
Reference: SECTRACK:1017482
Reference: URL:http://securitytracker.com/id?1017482
Reference: SECUNIA:23675
Reference: URL:http://secunia.com/advisories/23675
Reference: SECUNIA:28598
Reference: URL:http://secunia.com/advisories/28598
Reference: SREASON:2133
Reference: URL:http://securityreason.com/securityalert/2133
Reference: XF:gforge-words-xss(31346)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31346

Votes:

Name: CVE-2007-0177

Description:
Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Status: Candidate
Phase: Assigned (20070110)
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=652721
Reference: CONFIRM:http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES
Reference: CONFIRM:http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES
Reference: CONFIRM:http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES
Reference: CONFIRM:http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES
Reference: SUSE:SUSE-SR:2007:006
Reference: URL:http://www.novell.com/linux/security/advisories/2007_6_sr.html
Reference: BID:21956
Reference: URL:http://www.securityfocus.com/bid/21956
Reference: FRSIRT:ADV-2007-0096
Reference: URL:http://www.frsirt.com/english/advisories/2007/0096
Reference: SECUNIA:23647
Reference: URL:http://secunia.com/advisories/23647
Reference: SECUNIA:24889
Reference: URL:http://secunia.com/advisories/24889
Reference: XF:mediawiki-ajax-unspecified-xss(31359)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31359

Votes:

Name: CVE-2007-0178

Description:
PHP remote file inclusion vulnerability in info.php in Easy Banner Pro 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter.

Status: Candidate
Phase: Assigned (20070110)
Reference: BUGTRAQ:20070108 Easy Banner Pro Version 2.8 <= Remote File Inclusion
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456404/100/0/threaded
Reference: BID:21967
Reference: URL:http://www.securityfocus.com/bid/21967
Reference: SREASON:2132
Reference: URL:http://securityreason.com/securityalert/2132
Reference: XF:easybannerpro-info-file-include(31374)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31374

Votes:

Name: CVE-2007-0179

Description:
SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter.

Status: Candidate
Phase: Assigned (20070110)
Reference: BUGTRAQ:20070109 Re: PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456384/100/0/threaded
Reference: BID:21962
Reference: URL:http://www.securityfocus.com/bid/21962
Reference: SREASON:2131
Reference: URL:http://securityreason.com/securityalert/2131

Votes:

Name: CVE-2007-0180

Description:
Stack-based buffer overflow in EF Commander 5.75 allows user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories, which produces a large filename that triggers the overflow.

Status: Candidate
Phase: Assigned (20070110)
Reference: MISC:http://vuln.sg/efcommander575-en.html
Reference: BID:21969
Reference: URL:http://www.securityfocus.com/bid/21969
Reference: SECUNIA:23659
Reference: URL:http://secunia.com/advisories/23659
Reference: XF:efcommander-iso-pathname-bo(31365)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31365

Votes:

Name: CVE-2007-0181

Description:
PHP remote file inclusion vulnerability in include/common_function.php in magic photo storage website allows remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter.

Status: Candidate
Phase: Assigned (20070110)
Reference: BUGTRAQ:20070108 magic photo storage website Remote File Inclusion
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456264/100/0/threaded
Reference: MILW0RM:3100
Reference: URL:http://milw0rm.com/exploits/3100
Reference: BID:21965
Reference: URL:http://www.securityfocus.com/bid/21965
Reference: FRSIRT:ADV-2007-0136
Reference: URL:http://www.frsirt.com/english/advisories/2007/0136
Reference: SECUNIA:23687
Reference: URL:http://secunia.com/advisories/23687
Reference: XF:magicphotostorage-config-file-include(31347)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31347

Votes:

Name: CVE-2007-0182

Description:
Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5) admin_paypal_email.php, (6) approve_member.php, (7) delete_member.php, (8) index.php, (9) list_members.php, (10) membership_pricing.php, or (11) send_email.php in admin/; (12) config.php or (13) db_config.php in include/; or (14) add_category.php, (15) add_news.php, (16) change_catalog_template.php, (17) couple_milestone.php, (18) couple_profile.php, (19) delete_category.php, (20) index.php, (21) login.php, (22) logout.php, (23) register.php, (24) upload_photo.php, (25) user_catelog_password.php, (26) user_email.php, (27) user_extend.php, or (28) user_membership_password.php in user/. NOTE: the include/common_function.php vector is already covered by another candidate from the same date.

Status: Candidate
Phase: Assigned (20070110)
Reference: BUGTRAQ:20070108 magic photo storage website Multiple Remote File Inclusion
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456389/100/0/threaded
Reference: BID:21965
Reference: URL:http://www.securityfocus.com/bid/21965
Reference: OSVDB:32668
Reference: URL:http://www.osvdb.org/32668
Reference: OSVDB:33411
Reference: URL:http://www.osvdb.org/33411
Reference: OSVDB:33412
Reference: URL:http://www.osvdb.org/33412
Reference: OSVDB:33413
Reference: URL:http://www.osvdb.org/33413
Reference: OSVDB:33414
Reference: URL:http://www.osvdb.org/33414
Reference: OSVDB:33415
Reference: URL:http://www.osvdb.org/33415
Reference: OSVDB:33416
Reference: URL:http://www.osvdb.org/33416
Reference: OSVDB:33417
Reference: URL:http://www.osvdb.org/33417
Reference: OSVDB:33418
Reference: URL:http://www.osvdb.org/33418
Reference: OSVDB:33419
Reference: URL:http://www.osvdb.org/33419
Reference: OSVDB:33420
Reference: URL:http://www.osvdb.org/33420
Reference: OSVDB:33421
Reference: URL:http://www.osvdb.org/33421
Reference: OSVDB:33422
Reference: URL:http://www.osvdb.org/33422
Reference: OSVDB:33423
Reference: URL:http://www.osvdb.org/33423
Reference: OSVDB:33425
Reference: URL:http://www.osvdb.org/33425
Reference: OSVDB:33426
Reference: URL:http://www.osvdb.org/33426
Reference: OSVDB:33427
Reference: URL:http://www.osvdb.org/33427
Reference: OSVDB:33428
Reference: URL:http://www.osvdb.org/33428
Reference: OSVDB:33429
Reference: URL:http://www.osvdb.org/33429
Reference: OSVDB:33430
Reference: URL:http://www.osvdb.org/33430
Reference: OSVDB:33431
Reference: URL:http://www.osvdb.org/33431
Reference: OSVDB:33433
Reference: URL:http://www.osvdb.org/33433
Reference: OSVDB:33435
Reference: URL:http://www.osvdb.org/33435
Reference: OSVDB:33436
Reference: URL:http://www.osvdb.org/33436
Reference: OSVDB:33437
Reference: URL:http://www.osvdb.org/33437
Reference: OSVDB:33438
Reference: URL:http://www.osvdb.org/33438
Reference: OSVDB:33439
Reference: URL:http://www.osvdb.org/33439
Reference: OSVDB:33432
Reference: URL:http://www.osvdb.org/33432
Reference: OSVDB:33434
Reference: URL:http://www.osvdb.org/33434
Reference: SREASON:2136
Reference: URL:http://securityreason.com/securityalert/2136

Votes:

Name: CVE-2007-0183

Description:
Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Status: Candidate
Phase: Assigned (20070110)
Reference: BID:21977
Reference: URL:http://www.securityfocus.com/bid/21977
Reference: SECUNIA:23605
Reference: URL:http://secunia.com/advisories/23605

Votes:

Name: CVE-2007-0184

Description:
Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.

Status: Candidate
Phase: Assigned (20070110)
Reference: CONFIRM:http://getahead.ltd.uk/dwr/changelog
Reference: BID:21955
Reference: URL:http://www.securityfocus.com/bid/21955
Reference: FRSIRT:ADV-2007-0095
Reference: URL:http://www.frsirt.com/english/advisories/2007/0095
Reference: SECUNIA:23641
Reference: URL:http://secunia.com/advisories/23641
Reference: XF:dwr-include-exclude-security-bypass(31377)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31377

Votes:

Name: CVE-2007-0185

Description:
Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to cause a denial of service (memory exhaustion and servlet outage) via unknown vectors related to a large number of calls in a batch.

Status: Candidate
Phase: Assigned (20070110)
Reference: CONFIRM:http://getahead.ltd.uk/dwr/changelog
Reference: BID:21955
Reference: URL:http://www.securityfocus.com/bid/21955
Reference: FRSIRT:ADV-2007-0095
Reference: URL:http://www.frsirt.com/english/advisories/2007/0095
Reference: SECUNIA:23641
Reference: URL:http://secunia.com/advisories/23641
Reference: XF:dwr-servlet-engine-dos(31382)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31382

Votes:

Name: CVE-2007-0186

Description:
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an <FP_DO_NOT_TOUCH> element; and (13) the vhost parameter to my.activation.php. NOTE: it is possible that this candidate overlaps CVE-2006-3550.

Status: Candidate
Phase: Assigned (20070110)
Reference: FULLDISC:20070106 NNL-Labs & MNIN - F5 FirePass Security Advisory
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html
Reference: MISC:http://www.mnin.org/advisories/2007_firepass.pdf
Reference: CONFIRM:https://tech.f5.com/home/solutions/sol6919.html
Reference: CONFIRM:https://tech.f5.com/home/solutions/sol6920.html
Reference: BID:21957
Reference: URL:http://www.securityfocus.com/bid/21957
Reference: OSVDB:32740
Reference: URL:http://www.osvdb.org/32740
Reference: OSVDB:32741
Reference: URL:http://www.osvdb.org/32741
Reference: OSVDB:32742
Reference: URL:http://www.osvdb.org/32742
Reference: OSVDB:32743
Reference: URL:http://www.osvdb.org/32743
Reference: OSVDB:32739
Reference: URL:http://www.osvdb.org/32739
Reference: OSVDB:32737
Reference: URL:http://www.osvdb.org/32737
Reference: OSVDB:32738
Reference: URL:http://www.osvdb.org/32738
Reference: SECUNIA:23627
Reference: URL:http://secunia.com/advisories/23627
Reference: SECUNIA:23643
Reference: URL:http://secunia.com/advisories/23643

Votes:

Name: CVE-2007-0187

Description:
F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name.

Votes:

Name: CVE-2007-0188

Description:
F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources.

Votes:

Name: CVE-2007-0189

Description:
** DISPUTED ** PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. NOTE: CVE disputes this issue, since GeoBB 1.0 sets $action to a whitelisted value.

Status: Candidate
Phase: Assigned (20070110)
Reference: BUGTRAQ:20070107 GeoBB Georgian Bulletin Board Remote File Include Vuln.
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456251/100/0/threaded
Reference: VIM:20070110 Dispute of GeoBB RFI
Reference: URL:http://www.attrition.org/pipermail/vim/2007-January/001230.html
Reference: SREASON:2141
Reference: URL:http://securityreason.com/securityalert/2141
Reference: XF:geobb-index-file-include(31335)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31335

Votes:

Name: CVE-2007-0190

Description:
PHP remote file inclusion vulnerability in edit_address.php in edit-x ecommerce allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter.

Status: Candidate
Phase: Assigned (20070110)
Reference: BUGTRAQ:20070109 edit-x ecommerce (include_dir) Remote File include
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456439/100/0/threaded
Reference: BID:21974
Reference: URL:http://www.securityfocus.com/bid/21974
Reference: FRSIRT:ADV-2007-0158
Reference: URL:http://www.frsirt.com/english/advisories/2007/0158
Reference: SREASON:2139
Reference: URL:http://securityreason.com/securityalert/2139
Reference: XF:editx-editaddress-file-include(31384)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31384

Votes:

Name: CVE-2007-0191

Description:
Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contents_new operation in the ad_contents section.

Status: Candidate
Phase: Assigned (20070110)
Reference: BUGTRAQ:20070105 MkPortal Admin XSS
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456042/100/100/threaded
Reference: SREASON:2138
Reference: URL:http://securityreason.com/securityalert/2138
Reference: XF:mkportal-admin-xss(31304)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31304

Votes:

Name: CVE-2007-0192

Description:
Cross-site request forgery (CSRF) vulnerability in the save_main operation in the ad_perms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka the "All Guests are Admin" attack.

Status: Candidate
Phase: Assigned (20070110)
Reference: BUGTRAQ:20070104 MkPortal "All Guests are Admin" Exploit
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/455894/100/100/threaded
Reference: SREASON:2137
Reference: URL:http://securityreason.com/securityalert/2137

Votes:

Name: CVE-2007-0193

Description:
FON La Fonera routers do not properly limit DNS service access by unauthenticated clients, which allows remote attackers to tunnel traffic via DNS requests for hosts that should not be accessible before authentication.

Status: Candidate
Phase: Assigned (20070110)
Reference: BUGTRAQ:20070106 FON Router allows anonymous web access
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456128/100/0/threaded
Reference: BUGTRAQ:20070107 Re: FON Router allows anonymous web access
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456344/100/0/threaded

Votes:

Name: CVE-2007-0194

Description:
admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensitive information via a direct request with an MK_PATH=1 query string, which reveals the path in an error message.

Status: Candidate
Phase: Assigned (20070110)
Reference: BUGTRAQ:20070108 MKPortal Full Path Disclosure
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456257/100/0/threaded
Reference: XF:mkportal-admin-path-disclosure(31333)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31333

Votes:

Name: CVE-2007-0195

Description:
my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account.

Votes:

Name: CVE-2007-0196

Description:
SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other parameters. NOTE: some details were obtained from third party information.

Status: Candidate
Phase: Assigned (20070110)
Reference: MILW0RM:3105
Reference: URL:http://milw0rm.com/exploits/3105
Reference: BID:21963
Reference: URL:http://www.securityfocus.com/bid/21963
Reference: FRSIRT:ADV-2007-0143
Reference: URL:http://www.frsirt.com/english/advisories/2007/0143
Reference: SECUNIA:23531
Reference: URL:http://secunia.com/advisories/23531
Reference: XF:motionborg-admincheckuser-sql-injection(31360)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31360

Votes:

Name: CVE-2007-0197

Description:
Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption.

Status: Candidate
Phase: Assigned (20070110)
Reference: BUGTRAQ:20070111 DMA[2007-0107a] OmniWeb Javascript Alert Format String Vulnerabiity and DMA[2007-0109a] Apple Finder Disk Image Volume Label Overflow / DoS
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456578/100/0/threaded
Reference: MISC:http://projects.info-pull.com/moab/MOAB-09-01-2007.html
Reference: MISC:http://www.digitalmunition.com/DMA%5B2007-0109a%5D.txt
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=305102
Reference: APPLE:APPLE-SA-2007-02-15
Reference: URL:http://lists.apple.com/archives/Security-announce/2007/Feb/msg00000.html
Reference: CERT:TA07-047A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-047A.html
Reference: CERT-VN:VU#240880
Reference: URL:http://www.kb.cert.org/vuls/id/240880
Reference: BID:21980
Reference: URL:http://www.securityfocus.com/bid/21980
Reference: FRSIRT:ADV-2007-0140
Reference: URL:http://www.frsirt.com/english/advisories/2007/0140
Reference: OSVDB:32714
Reference: URL:http://www.osvdb.org/32714
Reference: SECTRACK:1017662
Reference: URL:http://www.securitytracker.com/id?1017662
Reference: SECUNIA:24198
Reference: URL:http://secunia.com/advisories/24198
Reference: XF:macos-finder-dos(31410)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31410

Votes:

Name: CVE-2007-0198

Description:
The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote attackers to cause a denial of service (repeated process restart) via a certain TCP session on the JTapi server port.

Status: Candidate
Phase: Assigned (20070110)
Reference: CISCO:20070110 Cisco Unified Contact Center and IP Contact Center JTapi Gateway Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20070110-jtapi.shtml
Reference: BID:21988
Reference: URL:http://www.securityfocus.com/bid/21988
Reference: FRSIRT:ADV-2007-0138
Reference: URL:http://www.frsirt.com/english/advisories/2007/0138
Reference: SECTRACK:1017499
Reference: URL:http://securitytracker.com/id?1017499
Reference: SECUNIA:23710
Reference: URL:http://secunia.com/advisories/23710

Votes:

Name: CVE-2007-0199

Description:
The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange."

Status: Candidate
Phase: Assigned (20070110)
Reference: CISCO:20070110 DLSw Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20070110-dlsw.shtml
Reference: BID:21990
Reference: URL:http://www.securityfocus.com/bid/21990
Reference: FRSIRT:ADV-2007-0139
Reference: URL:http://www.frsirt.com/english/advisories/2007/0139
Reference: SECTRACK:1017498
Reference: URL:http://securitytracker.com/id?1017498
Reference: SECUNIA:23697
Reference: URL:http://secunia.com/advisories/23697

Votes:

Name: CVE-2007-0200

Description:
PHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Gallery (axiompng) 0.8.6 allows remote attackers to execute arbitrary PHP code via a URL in the baseAxiomPath parameter.

Status: Candidate
Phase: Assigned (20070110)
Reference: MILW0RM:3108
Reference: URL:http://milw0rm.com/exploits/3108
Reference: VIM:20070110 source verify - Axiom RFI
Reference: URL:http://www.attrition.org/pipermail/vim/2007-January/001233.html
Reference: BID:21972
Reference: URL:http://www.securityfocus.com/bid/21972
Reference: FRSIRT:ADV-2007-0107
Reference: URL:http://www.frsirt.com/english/advisories/2007/0107
Reference: SECUNIA:23715
Reference: URL:http://secunia.com/advisories/23715
Reference: XF:axiom-template-file-include(31372)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31372

Votes:

Name: CVE-2007-0201

Description:
Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows remote attackers to execute arbitrary code via a long destination hostname (dest).

Status: Candidate
Phase: Assigned (20070110)
Reference: MISC:http://www.ranum.com/security/computer_security/editorials/codetools/
Reference: BID:21960
Reference: URL:http://www.securityfocus.com/bid/21960
Reference: SECTRACK:1017481
Reference: URL:http://securitytracker.com/id?1017481
Reference: XF:tisfwtk-ftpgw-bo(31363)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31363

Votes:

Name: CVE-2007-0202

Description:
SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lang parameter.

Status: Candidate
Phase: Assigned (20070110)
Reference: BUGTRAQ:20070107 @lex Guestbook <= 4.0.2 Remote Command Execution Exploit
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456218/100/0/threaded
Reference: MISC:http://acid-root.new.fr/poc/20070107.txt
Reference: MILW0RM:3103
Reference: URL:http://milw0rm.com/exploits/3103
Reference: BID:21926
Reference: URL:http://www.securityfocus.com/bid/21926
Reference: FRSIRT:ADV-2007-0137
Reference: URL:http://www.frsirt.com/english/advisories/2007/0137
Reference: SECUNIA:23637
Reference: URL:http://secunia.com/advisories/23637
Reference: SREASON:2135
Reference: URL:http://securityreason.com/securityalert/2135

Votes:

Name: CVE-2007-0203

Description:
Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.

Status: Candidate
Phase: Assigned (20070110)
Reference: CONFIRM:http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0
Reference: MANDRIVA:MDKSA-2007:199
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:199
Reference: BID:21987
Reference: URL:http://www.securityfocus.com/bid/21987
Reference: SECUNIA:23702
Reference: URL:http://secunia.com/advisories/23702

Votes:

Name: CVE-2007-0204

Description:
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information,

Status: Candidate
Phase: Assigned (20070110)
Reference: MISC:http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0
Reference: MANDRIVA:MDKSA-2007:199
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:199
Reference: BID:21987
Reference: URL:http://www.securityfocus.com/bid/21987
Reference: FRSIRT:ADV-2007-0125
Reference: URL:http://www.frsirt.com/english/advisories/2007/0125
Reference: SECUNIA:23702
Reference: URL:http://secunia.com/advisories/23702
Reference: XF:phpmyadmin-unspecified-xss(31387)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31387

Votes:

Name: CVE-2007-0205

Description:
Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the lang directory, then referencing that file via the lang parameter to index.php, which passes a sanity check in livre_include.php.

Status: Candidate
Phase: Assigned (20070111)
Reference: BUGTRAQ:20070107 @lex Guestbook <= 4.0.2 Remote Command Execution Exploit
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456218/100/0/threaded
Reference: MISC:http://acid-root.new.fr/poc/20070107.txt
Reference: MILW0RM:3103
Reference: URL:http://milw0rm.com/exploits/3103
Reference: BID:21926
Reference: URL:http://www.securityfocus.com/bid/21926
Reference: SREASON:2135
Reference: URL:http://securityreason.com/securityalert/2135

Votes:

Name: CVE-2007-0206

Description:
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to read arbitrary files via unknown vectors.

Status: Candidate
Phase: Assigned (20070111)
Reference: HP:HPSBMA02175
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456615/100/0/threaded
Reference: HP:SSRT061174
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456615/100/0/threaded
Reference: BID:22009
Reference: URL:http://www.securityfocus.com/bid/22009
Reference: FRSIRT:ADV-2007-0153
Reference: URL:http://www.frsirt.com/english/advisories/2007/0153
Reference: SECTRACK:1017503
Reference: URL:http://securitytracker.com/id?1017503
Reference: SREASON:2140
Reference: URL:http://securityreason.com/securityalert/2140

Votes:

Name: CVE-2007-0207

Status: Candidate
Phase: Assigned (20070112)

Votes:

Name: CVE-2007-0208

Description:
Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.

Status: Candidate
Phase: Assigned (20070112)
Reference: MS:MS07-014
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/MS07-014.mspx
Reference: CERT:TA07-044A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-044A.html
Reference: BID:22477
Reference: URL:http://www.securityfocus.com/bid/22477
Reference: FRSIRT:ADV-2007-0583
Reference: URL:http://www.frsirt.com/english/advisories/2007/0583
Reference: OSVDB:34385
Reference: URL:http://www.osvdb.org/34385
Reference: OVAL:oval:org.mitre.oval:def:700
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:700
Reference: SECTRACK:1017639
Reference: URL:http://www.securitytracker.com/id?1017639

Votes:

Name: CVE-2007-0209

Description:
Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.

Status: Candidate
Phase: Assigned (20070112)
Reference: MS:MS07-014
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/MS07-014.mspx
Reference: CERT:TA07-044A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-044A.html
Reference: BID:22482
Reference: URL:http://www.securityfocus.com/bid/22482
Reference: FRSIRT:ADV-2007-0583
Reference: URL:http://www.frsirt.com/english/advisories/2007/0583
Reference: OVAL:oval:org.mitre.oval:def:187
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:187
Reference: SECTRACK:1017639
Reference: URL:http://www.securitytracker.com/id?1017639

Votes:

Name: CVE-2007-0210

Description:
The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow.

Status: Candidate
Phase: Assigned (20070112)
Reference: MS:MS07-007
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/MS07-007.mspx
Reference: CERT:TA07-044A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-044A.html
Reference: BID:22499
Reference: URL:http://www.securityfocus.com/bid/22499
Reference: FRSIRT:ADV-2007-0576
Reference: URL:http://www.frsirt.com/english/advisories/2007/0576
Reference: OSVDB:31889
Reference: URL:http://www.osvdb.org/31889
Reference: OVAL:oval:org.mitre.oval:def:186
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:186
Reference: SECTRACK:1017634
Reference: URL:http://www.securitytracker.com/id?1017634
Reference: SECUNIA:24132
Reference: URL:http://secunia.com/advisories/24132

Votes:

Name: CVE-2007-0211

Description:
The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."

Status: Candidate
Phase: Assigned (20070112)
Reference: MS:MS07-006
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/MS07-006.mspx
Reference: CERT:TA07-044A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-044A.html
Reference: CERT-VN:VU#240796
Reference: URL:http://www.kb.cert.org/vuls/id/240796
Reference: BID:22481
Reference: URL:http://www.securityfocus.com/bid/22481
Reference: FRSIRT:ADV-2007-0575
Reference: URL:http://www.frsirt.com/english/advisories/2007/0575
Reference: OSVDB:31890
Reference: URL:http://www.osvdb.org/31890
Reference: OVAL:oval:org.mitre.oval:def:224
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:224
Reference: SECTRACK:1017633
Reference: URL:http://www.securitytracker.com/id?1017633
Reference: SECUNIA:24126
Reference: URL:http://secunia.com/advisories/24126

Votes:

Name: CVE-2007-0212

Status: Candidate
Phase: Assigned (20070112)

Votes:

Name: CVE-2007-0213

Description:
Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.

Status: Candidate
Phase: Assigned (20070112)
Reference: HP:HPSBST02214
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/468871/100/200/threaded
Reference: HP:SSRT071422
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/468871/100/200/threaded
Reference: MS:MS07-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx
Reference: CERT:TA07-128A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-128A.html
Reference: CERT-VN:VU#343145
Reference: URL:http://www.kb.cert.org/vuls/id/343145
Reference: BID:23809
Reference: URL:http://www.securityfocus.com/bid/23809
Reference: FRSIRT:ADV-2007-1711
Reference: URL:http://www.frsirt.com/english/advisories/2007/1711
Reference: OSVDB:34391
Reference: URL:http://www.osvdb.org/34391
Reference: OVAL:oval:org.mitre.oval:def:1890
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1890
Reference: SECTRACK:1018015
Reference: URL:http://www.securitytracker.com/id?1018015
Reference: SECUNIA:25183
Reference: URL:http://secunia.com/advisories/25183
Reference: XF:exchange-mime-base64-code-execution(33889)
Reference: URL:http://xforce.iss.net/xforce/xfdb/33889

Votes:

Name: CVE-2007-0214

Description:
The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.

Status: Candidate
Phase: Assigned (20070112)
Reference: MS:MS07-008
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/MS07-008.mspx
Reference: CERT:TA07-044A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-044A.html
Reference: CERT-VN:VU#563756
Reference: URL:http://www.kb.cert.org/vuls/id/563756
Reference: BID:22478
Reference: URL:http://www.securityfocus.com/bid/22478
Reference: FRSIRT:ADV-2007-0577
Reference: URL:http://www.frsirt.com/english/advisories/2007/0577
Reference: OSVDB:31884
Reference: URL:http://www.osvdb.org/31884
Reference: OVAL:oval:org.mitre.oval:def:125
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:125
Reference: SECTRACK:1017635
Reference: URL:http://www.securitytracker.com/id?1017635
Reference: SECUNIA:24136
Reference: URL:http://secunia.com/advisories/24136

Votes:

Name: CVE-2007-0215

Description:
Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.

Status: Candidate
Phase: Assigned (20070112)
Reference: BUGTRAQ:20070508 ZDI-07-026: Microsoft Excel BIFF File Format Named Graph Record Parsing Stack Overflow Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/467988/100/0/threaded
Reference: MISC:http://www.zerodayinitiative.com/advisories/ZDI-07-026.html
Reference: HP:HPSBST02214
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/468871/100/200/threaded
Reference: HP:SSRT071422
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/468871/100/200/threaded
Reference: MS:MS07-023
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms07-023.mspx
Reference: CERT:TA07-128A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-128A.html
Reference: BID:23760
Reference: URL:http://www.securityfocus.com/bid/23760
Reference: FRSIRT:ADV-2007-1708
Reference: URL:http://www.frsirt.com/english/advisories/2007/1708
Reference: OSVDB:34393
Reference: URL:http://www.osvdb.org/34393
Reference: OVAL:oval:org.mitre.oval:def:1971
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1971
Reference: SECTRACK:1018012
Reference: URL:http://www.securitytracker.com/id?1018012
Reference: SECUNIA:25150
Reference: URL:http://secunia.com/advisories/25150
Reference: XF:excel-biff-file-bo(33913)
Reference: URL:http://xforce.iss.net/xforce/xfdb/33913

Votes:

Name: CVE-2007-0216

Description:
wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."

Status: Candidate
Phase: Assigned (20070112)
Reference: IDEFENSE:20080208 Microsoft Office Works Converter Heap Overflow Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=659
Reference: HP:HPSBST02314
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: HP:SSRT080016
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: MS:MS08-011
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-011.mspx
Reference: CERT:TA08-043C
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-043C.html
Reference: BID:27657
Reference: URL:http://www.securityfocus.com/bid/27657
Reference: FRSIRT:ADV-2008-0513
Reference: URL:http://www.frsirt.com/english/advisories/2008/0513/references
Reference: OVAL:oval:org.mitre.oval:def:5309
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5309
Reference: SECTRACK:1019386
Reference: URL:http://www.securitytracker.com/id?1019386
Reference: SECUNIA:28904
Reference: URL:http://secunia.com/advisories/28904

Votes:

Name: CVE-2007-0217

Description:
The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.

Status: Candidate
Phase: Assigned (20070112)
Reference: IDEFENSE:20070213 Microsoft 'wininet.dll' FTP Reply Null Termination Heap Corruption Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473
Reference: BUGTRAQ:20070309 MS07-016 FTP Response DOS PoC
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/462303/100/0/threaded
Reference: MS:MS07-016
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/MS07-016.mspx
Reference: CERT:TA07-044A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-044A.html
Reference: CERT-VN:VU#613564
Reference: URL:http://www.kb.cert.org/vuls/id/613564
Reference: BID:22489
Reference: URL:http://www.securityfocus.com/bid/22489
Reference: FRSIRT:ADV-2007-0584
Reference: URL:http://www.frsirt.com/english/advisories/2007/0584
Reference: OSVDB:31892
Reference: URL:http://www.osvdb.org/31892
Reference: OVAL:oval:org.mitre.oval:def:1141
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1141
Reference: SECTRACK:1017642
Reference: URL:http://www.securitytracker.com/id?1017642
Reference: SECUNIA:24156
Reference: URL:http://secunia.com/advisories/24156

Votes:

Name: CVE-2007-0218

Description:
Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function.

Status: Candidate
Phase: Assigned (20070112)
Reference: IDEFENSE:20070612 Microsoft License Manager and urlmon.dll COM Object Interaction Invalid Memory Access Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=542
Reference: HP:HPSBST02231
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/471947/100/0/threaded
Reference: HP:SSRT071438
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/471947/100/0/threaded
Reference: MS:MS07-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms07-033.mspx
Reference: CERT:TA07-163A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-163A.html
Reference: BID:24372
Reference: URL:http://www.securityfocus.com/bid/24372
Reference: FRSIRT:ADV-2007-2153
Reference: URL:http://www.frsirt.com/english/advisories/2007/2153
Reference: OVAL:oval:org.mitre.oval:def:1084
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1084
Reference: SECTRACK:1018235
Reference: URL:http://securitytracker.com/id?1018235
Reference: SECUNIA:25627
Reference: URL:http://secunia.com/advisories/25627
Reference: XF:webbrowser-object-code-execution(32106)
Reference: URL:http://xforce.iss.net/xforce/xfdb/32106

Votes:

Name: CVE-2007-0219

Description:
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.

Status: Candidate
Phase: Assigned (20070112)
Reference: MS:MS07-016
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/MS07-016.mspx
Reference: CERT:TA07-044A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-044A.html
Reference: CERT-VN:VU#771788
Reference: URL:http://www.kb.cert.org/vuls/id/771788
Reference: BID:22504
Reference: URL:http://www.securityfocus.com/bid/22504
Reference: FRSIRT:ADV-2007-0584
Reference: URL:http://www.frsirt.com/english/advisories/2007/0584
Reference: OSVDB:31893
Reference: URL:http://www.osvdb.org/31893
Reference: OSVDB:31894
Reference: URL:http://www.osvdb.org/31894
Reference: OSVDB:31895
Reference: URL:http://www.osvdb.org/31895
Reference: OVAL:oval:org.mitre.oval:def:257
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:257
Reference: SECTRACK:1017643
Reference: URL:http://www.securitytracker.com/id?1017643
Reference: SECUNIA:24156
Reference: URL:http://secunia.com/advisories/24156
Reference: XF:ie-com-activex-code-execution(32427)
Reference: URL:http://xforce.iss.net/xforce/xfdb/32427

Votes:

Name: CVE-2007-0220

Description:
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".

Status: Candidate
Phase: Assigned (20070112)
Reference: HP:HPSBST02214
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/468871/100/200/threaded
Reference: HP:SSRT071422
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/468871/100/200/threaded
Reference: MS:MS07-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx
Reference: CERT:TA07-128A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-128A.html
Reference: CERT-VN:VU#124113
Reference: URL:http://www.kb.cert.org/vuls/id/124113
Reference: BID:23806
Reference: URL:http://www.securityfocus.com/bid/23806
Reference: FRSIRT:ADV-2007-1711
Reference: URL:http://www.frsirt.com/english/advisories/2007/1711
Reference: OSVDB:34389
Reference: URL:http://www.osvdb.org/34389
Reference: OVAL:oval:org.mitre.oval:def:1371
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1371
Reference: SECTRACK:1018015
Reference: URL:http://www.securitytracker.com/id?1018015
Reference: SECUNIA:25183
Reference: URL:http://secunia.com/advisories/25183
Reference: XF:exchange-utf-xss(33887)
Reference: URL:http://xforce.iss.net/xforce/xfdb/33887

Votes:

Name: CVE-2007-0221

Description:
Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."

Status: Candidate
Phase: Assigned (20070112)
Reference: IDEFENSE:20070508 Microsoft Exchange Server 2000 IMAP Literal Processing DoS Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=526
Reference: HP:HPSBST02214
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/468871/100/200/threaded
Reference: HP:SSRT071422
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/468871/100/200/threaded
Reference: MS:MS07-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx
Reference: CERT:TA07-128A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-128A.html
Reference: BID:23810
Reference: URL:http://www.securityfocus.com/bid/23810
Reference: FRSIRT:ADV-2007-1711
Reference: URL:http://www.frsirt.com/english/advisories/2007/1711
Reference: OSVDB:34392
Reference: URL:http://www.osvdb.org/34392
Reference: OVAL:oval:org.mitre.oval:def:2054
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2054
Reference: SECTRACK:1018015
Reference: URL:http://www.securitytracker.com/id?1018015
Reference: SECUNIA:25183
Reference: URL:http://secunia.com/advisories/25183
Reference: XF:exchange-imap-command-dos(33890)
Reference: URL:http://xforce.iss.net/xforce/xfdb/33890

Votes:

Name: CVE-2007-0222

Description:
Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined. Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293).

Status: Candidate
Phase: Assigned (20070112)
Reference: BUGTRAQ:20070115 SYMSA-2007-001: Oracle Application Server 10g - Directory Traversal
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457105/100/0/threaded
Reference: BUGTRAQ:20070131 Oracle 10g R2 Enterprise Manager Directory Traversal
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/458657/100/0/threaded
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html
Reference: BID:22027
Reference: URL:http://www.securityfocus.com/bid/22027
Reference: BID:22083
Reference: URL:http://www.securityfocus.com/bid/22083
Reference: SECTRACK:1017522
Reference: URL:http://securitytracker.com/id?1017522
Reference: SECUNIA:23794
Reference: URL:http://secunia.com/advisories/23794

Votes:

Name: CVE-2007-0223

Description:
SQL injection vulnerability in shared/code/cp_functions_downloads.php in Nicola Asuni All In One Control Panel (AIOCP) before 1.3.009 allows remote attackers to execute arbitrary SQL commands via the download_category parameter.

Status: Candidate
Phase: Assigned (20070112)
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=477845
Reference: SECUNIA:23726
Reference: URL:http://secunia.com/advisories/23726

Votes:

Name: CVE-2007-0224

Description:
SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginLastname parameter.

Status: Candidate
Phase: Assigned (20070112)
Reference: MILW0RM:3115
Reference: URL:http://milw0rm.com/exploits/3115
Reference: SECUNIA:23699
Reference: URL:http://secunia.com/advisories/23699
Reference: XF:vpasp-shopgift-sql-injection(31447)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31447

Votes:

Name: CVE-2007-0225

Description:
Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

Status: Candidate
Phase: Assigned (20070112)
Reference: MILW0RM:3115
Reference: URL:http://milw0rm.com/exploits/3115
Reference: SECUNIA:23699
Reference: URL:http://secunia.com/advisories/23699
Reference: XF:vpasp-shopcustadmin-xss(31449)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31449

Votes:

Name: CVE-2007-0226

Description:
SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to execute arbitrary SQL commands via the "by User" field (aka the TXbyuser parameter).

Status: Candidate
Phase: Assigned (20070112)
Reference: BUGTRAQ:20070125 uniForum <= v4 (wbsearch.aspx) Remote SQL Injection Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/458060/100/0/threaded
Reference: MILW0RM:3106
Reference: URL:http://milw0rm.com/exploits/3106
Reference: BID:21966
Reference: URL:http://www.securityfocus.com/bid/21966
Reference: SECUNIA:23827
Reference: URL:http://secunia.com/advisories/23827
Reference: XF:uniforum-wbsearch-sql-injection(31362)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31362

Votes:

Name: CVE-2007-0227

Description:
slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7.

Status: Candidate
Phase: Assigned (20070112)
Reference: BUGTRAQ:20070110 Re: slocate leaks filenames of protected directories
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456530/100/0/threaded
Reference: BUGTRAQ:20070110 slocate leaks filenames of protected directories
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456489/100/0/threaded
Reference: BUGTRAQ:20070111 Re: slocate leaks filenames of protected directories
Reference: URL:http://www.securityfocus.com/archive/1/456593/100/0/threaded
Reference: BUGTRAQ:20070112 Re: slocate leaks filenames of protected directories
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456739/100/0/threaded
Reference: UBUNTU:USN-425-1
Reference: URL:http://www.ubuntu.com/usn/usn-425-1
Reference: BID:21989
Reference: URL:http://www.securityfocus.com/bid/21989

Votes:

Name: CVE-2007-0228

Description:
The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) &LOGPATH& (6) &FWADELTA& (7) &FWALOG& (8) &SETSYNCHRONOUS& (9) &SETPRGFILE&, or (10) &SETREPLYPORT& string to TCP port 10618, which triggers a NULL pointer dereference.

Status: Candidate
Phase: Assigned (20070112)
Reference: FULLDISC:20070110 EIQ Networks Network Security Analyzer DoS Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0209.html
Reference: BID:21994
Reference: URL:http://www.securityfocus.com/bid/21994
Reference: FRSIRT:ADV-2007-0147
Reference: URL:http://www.frsirt.com/english/advisories/2007/0147
Reference: SECUNIA:23693
Reference: URL:http://secunia.com/advisories/23693
Reference: XF:eiq-datacollector-dos(31428)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31428

Votes:

Name: CVE-2007-0229

Description:
Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.

Status: Candidate
Phase: Assigned (20070112)
Reference: MLIST:[freebsd-security] 20070114 MOAB advisories
Reference: URL:http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html
Reference: MISC:http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.html
Reference: MISC:http://projects.info-pull.com/moab/MOAB-10-01-2007.html
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=305214
Reference: APPLE:APPLE-SA-2007-03-13
Reference: URL:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
Reference: CERT:TA07-072A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Reference: BID:21993
Reference: URL:http://www.securityfocus.com/bid/21993
Reference: FRSIRT:ADV-2007-0141
Reference: URL:http://www.frsirt.com/english/advisories/2007/0141
Reference: FRSIRT:ADV-2007-0930
Reference: URL:http://www.frsirt.com/english/advisories/2007/0930
Reference: OSVDB:32684
Reference: URL:http://www.osvdb.org/32684
Reference: SECTRACK:1017751
Reference: URL:http://www.securitytracker.com/id?1017751
Reference: SECUNIA:23703
Reference: URL:http://secunia.com/advisories/23703
Reference: SECUNIA:24479
Reference: URL:http://secunia.com/advisories/24479
Reference: XF:macos-ffsmountfs-bo(31409)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31409

Votes:

Name: CVE-2007-0230

Description:
** DISPUTED ** PHP remote file inclusion vulnerability in install.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the install_dir parameter. NOTE: CVE and third parties dispute this vulnerability because install_dir is defined before use.

Status: Candidate
Phase: Assigned (20070112)
Reference: BUGTRAQ:20070109 CS-Cart 1.3.3 (install.php) Remote File Include Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456527/100/0/threaded
Reference: VIM:20070110 [bogus] [ahmed_labib_hilmy at yahoo.com: CS-Cart 1.3.3 (install.php) Remote File Include Vulnerability] (fwd)
Reference: URL:http://www.attrition.org/pipermail/vim/2007-January/001223.html
Reference: XF:cscart-install-file-include(31408)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31408

Votes:

Name: CVE-2007-0231

Description:
Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field.

Status: Candidate
Phase: Assigned (20070112)
Reference: MISC:http://golem.ph.utexas.edu/~distler/blog/archives/001102.html
Reference: MISC:http://www.zackvision.com/weblog/2007/01/movabletype-security-bug.html
Reference: FRSIRT:ADV-2007-0142
Reference: URL:http://www.frsirt.com/english/advisories/2007/0142
Reference: SECUNIA:23669
Reference: URL:http://secunia.com/advisories/23669

Votes:

Name: CVE-2007-0232

Description:
PHP remote file inclusion vulnerability in routines/fieldValidation.php in Jshop Server 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the jssShopFileSystem parameter.

Status: Candidate
Phase: Assigned (20070112)
Reference: BUGTRAQ:20070110 Jshop Server 1.3
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456591/100/0/threaded
Reference: MILW0RM:3113
Reference: URL:http://milw0rm.com/exploits/3113
Reference: BID:21995
Reference: URL:http://www.securityfocus.com/bid/21995
Reference: SREASON:2146
Reference: URL:http://securityreason.com/securityalert/2146
Reference: XF:jshop-fieldvalidation-file-include(31425)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31425

Votes:

Name: CVE-2007-0233

Description:
wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in WordPress.

Status: Candidate
Phase: Assigned (20070112)
Reference: MILW0RM:3109
Reference: URL:http://milw0rm.com/exploits/3109
Reference: BID:21983
Reference: URL:http://www.securityfocus.com/bid/21983
Reference: XF:wordpress-tbid-sql-injection(31385)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31385

Votes:

Name: CVE-2007-0234

Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-0243. Reason: This candidate is a duplicate of CVE-2007-0243. Notes: All CVE users should reference CVE-2007-0243 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Status: Candidate
Phase: Assigned (20070116)

Votes:

Name: CVE-2007-0235

Description:
Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which triggers the overflow in gnome-system-monitor.

Status: Candidate
Phase: Assigned (20070116)
Reference: MISC:https://launchpad.net/bugs/79206
Reference: CONFIRM:http://bugzilla.gnome.org/show_bug.cgi?id=396477
Reference: CONFIRM:http://ftp.gnome.org/pub/gnome/sources/libgtop/2.14/libgtop-2.14.6.news
Reference: CONFIRM:https://issues.rpath.com/browse/RPL-972
Reference: DEBIAN:DSA-1255
Reference: URL:http://www.debian.org/security/2007/dsa-1255
Reference: GENTOO:GLSA-200701-17
Reference: URL:http://security.gentoo.org/glsa/glsa-200701-17.xml
Reference: MANDRIVA:MDKSA-2007:023
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:023
Reference: REDHAT:RHSA-2007:0765
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0765.html
Reference: UBUNTU:USN-407-1
Reference: URL:http://www.ubuntu.com/usn/usn-407-1
Reference: BID:22054
Reference: URL:http://www.securityfocus.com/bid/22054
Reference: FRSIRT:ADV-2007-0185
Reference: URL:http://www.frsirt.com/english/advisories/2007/0185
Reference: FRSIRT:ADV-2007-0187
Reference: URL:http://www.frsirt.com/english/advisories/2007/0187
Reference: SECTRACK:1018526
Reference: URL:http://www.securitytracker.com/id?1018526
Reference: SECUNIA:23736
Reference: URL:http://secunia.com/advisories/23736
Reference: SECUNIA:23777
Reference: URL:http://secunia.com/advisories/23777
Reference: SECUNIA:23814
Reference: URL:http://secunia.com/advisories/23814
Reference: SECUNIA:23840
Reference: URL:http://secunia.com/advisories/23840
Reference: SECUNIA:23872
Reference: URL:http://secunia.com/advisories/23872
Reference: SECUNIA:24015
Reference: URL:http://secunia.com/advisories/24015
Reference: SECUNIA:26367
Reference: URL:http://secunia.com/advisories/26367
Reference: XF:libgtop2-glibtopbo(31522)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31522

Votes:

Name: CVE-2007-0236

Description:
Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow.

Status: Candidate
Phase: Assigned (20070116)
Reference: MILW0RM:3130
Reference: URL:http://www.milw0rm.com/exploits/3130
Reference: MISC:http://projects.info-pull.com/moab/MOAB-14-01-2007.html
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=305214
Reference: APPLE:APPLE-SA-2007-03-13
Reference: URL:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
Reference: CERT:TA07-072A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Reference: BID:22041
Reference: URL:http://www.securityfocus.com/bid/22041
Reference: FRSIRT:ADV-2007-0191
Reference: URL:http://www.frsirt.com/english/advisories/2007/0191
Reference: FRSIRT:ADV-2007-0930
Reference: URL:http://www.frsirt.com/english/advisories/2007/0930
Reference: OSVDB:32687
Reference: URL:http://www.osvdb.org/32687
Reference: SECTRACK:1017513
Reference: URL:http://securitytracker.com/id?1017513
Reference: SECTRACK:1017751
Reference: URL:http://www.securitytracker.com/id?1017751
Reference: SECUNIA:23708
Reference: URL:http://secunia.com/advisories/23708
Reference: SECUNIA:24479
Reference: URL:http://secunia.com/advisories/24479

Votes:

Name: CVE-2007-0237

Description:
The ndeb-binary feature in Lookup (lookup-el) allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Status: Candidate
Phase: Assigned (20070116)
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=197306
Reference: DEBIAN:DSA-1269
Reference: URL:http://www.debian.org/security/2007/dsa-1269
Reference: GENTOO:GLSA-200712-07
Reference: URL:http://security.gentoo.org/glsa/glsa-200712-07.xml
Reference: BID:23026
Reference: URL:http://www.securityfocus.com/bid/23026
Reference: SECTRACK:1017792
Reference: URL:http://www.securitytracker.com/id?1017792
Reference: SECUNIA:24377
Reference: URL:http://secunia.com/advisories/24377
Reference: SECUNIA:24590
Reference: URL:http://secunia.com/advisories/24590
Reference: SECUNIA:28023
Reference: URL:http://secunia.com/advisories/28023
Reference: XF:lookup-ndebbinary-symlink(33052)
Reference: URL:http://xforce.iss.net/xforce/xfdb/33052

Votes:

Name: CVE-2007-0238

Description:
Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCalc parser in OpenOffice.org (OOo) Office Suite before 2.2, and 1.x before 1.1.5 Patch, allows user-assisted remote attackers to execute arbitrary code via a document with a long Note.

Status: Candidate
Phase: Assigned (20070116)
Reference: BUGTRAQ:20070404 High Risk Vulnerability in OpenOffice
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/464724/100/0/threaded
Reference: MISC:http://www.ngssoftware.com/advisories/high-risk-vulnerabilities-in-the-openoffice-suite/
Reference: CONFIRM:https://issues.foresightlinux.org/browse/FL-211
Reference: CONFIRM:http://www.openoffice.org/security/CVE-2007-0238
Reference: CONFIRM:https://issues.rpath.com/browse/RPL-1118
Reference: DEBIAN:DSA-1270
Reference: URL:http://www.debian.org/security/2007/dsa-1270
Reference: GENTOO:GLSA-200704-12
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200704-12.xml
Reference: MANDRIVA:MDKSA-2007:073
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:073
Reference: REDHAT:RHSA-2007:0033
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0033.html
Reference: REDHAT:RHSA-2007:0069
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0069.html
Reference: SUNALERT:102794
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102794-1
Reference: SUSE:SUSE-SA:2007:023
Reference: URL:http://lists.suse.com/archive/suse-security-announce/2007-Mar/0007.html
Reference: UBUNTU:USN-444-1
Reference: URL:http://www.ubuntu.com/usn/usn-444-1
Reference: BID:23067
Reference: URL:http://www.securityfocus.com/bid/23067
Reference: FRSIRT:ADV-2007-1032
Reference: URL:http://www.frsirt.com/english/advisories/2007/1032
Reference: FRSIRT:ADV-2007-1117
Reference: URL:http://www.frsirt.com/english/advisories/2007/1117
Reference: SECTRACK:1017799
Reference: URL:http://www.securitytracker.com/id?1017799
Reference: SECUNIA:24465
Reference: URL:http://secunia.com/advisories/24465
Reference: SECUNIA:24550
Reference: URL:http://secunia.com/advisories/24550
Reference: SECUNIA:24646
Reference: URL:http://secunia.com/advisories/24646
Reference: SECUNIA:24647
Reference: URL:http://secunia.com/advisories/24647
Reference: SECUNIA:24676
Reference: URL:http://secunia.com/advisories/24676
Reference: SECUNIA:24810
Reference: URL:http://secunia.com/advisories/24810
Reference: SECUNIA:24906
Reference: URL:http://secunia.com/advisories/24906
Reference: SECUNIA:24588
Reference: URL:http://secunia.com/advisories/24588
Reference: SECUNIA:24613
Reference: URL:http://secunia.com/advisories/24613
Reference: XF:openoffice-starcalc-bo(33112)
Reference: URL:http://xforce.iss.net/xforce/xfdb/33112

Votes:

Name: CVE-2007-0239

Description:
OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.

Status: Candidate
Phase: Assigned (20070116)
Reference: CONFIRM:https://issues.foresightlinux.org/browse/FL-211
Reference: CONFIRM:https://issues.rpath.com/browse/RPL-1118
Reference: DEBIAN:DSA-1270
Reference: URL:http://www.debian.org/security/2007/dsa-1270
Reference: GENTOO:GLSA-200704-12
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200704-12.xml
Reference: MANDRIVA:MDKSA-2007:073
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:073
Reference: REDHAT:RHSA-2007:0033
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0033.html
Reference: REDHAT:RHSA-2007:0069
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0069.html
Reference: SUNALERT:102807
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102807-1
Reference: SUSE:SUSE-SA:2007:023
Reference: URL:http://lists.suse.com/archive/suse-security-announce/2007-Mar/0007.html
Reference: UBUNTU:USN-444-1
Reference: URL:http://www.ubuntu.com/usn/usn-444-1
Reference: BID:22812
Reference: URL:http://www.securityfocus.com/bid/22812
Reference: FRSIRT:ADV-2007-1032
Reference: URL:http://www.frsirt.com/english/advisories/2007/1032
Reference: FRSIRT:ADV-2007-1117
Reference: URL:http://www.frsirt.com/english/advisories/2007/1117
Reference: SECTRACK:1017799
Reference: URL:http://www.securitytracker.com/id?1017799
Reference: SECUNIA:24465
Reference: URL:http://secunia.com/advisories/24465
Reference: SECUNIA:24550
Reference: URL:http://secunia.com/advisories/24550
Reference: SECUNIA:24646
Reference: URL:http://secunia.com/advisories/24646
Reference: SECUNIA:24647
Reference: URL:http://secunia.com/advisories/24647
Reference: SECUNIA:24676
Reference: URL:http://secunia.com/advisories/24676
Reference: SECUNIA:24810
Reference: URL:http://secunia.com/advisories/24810
Reference: SECUNIA:24906
Reference: URL:http://secunia.com/advisories/24906
Reference: SECUNIA:24588
Reference: URL:http://secunia.com/advisories/24588
Reference: SECUNIA:24613
Reference: URL:http://secunia.com/advisories/24613
Reference: XF:openoffice-shell-command-execution(33113)
Reference: URL:http://xforce.iss.net/xforce/xfdb/33113

Votes:

Name: CVE-2007-0240

Description:
Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request.

Status: Candidate
Phase: Assigned (20070116)
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement/view
Reference: DEBIAN:DSA-1275
Reference: URL:http://www.debian.org/security/2007/dsa-1275
Reference: SUSE:SUSE-SR:2007:011
Reference: URL:http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html
Reference: BID:23084
Reference: URL:http://www.securityfocus.com/bid/23084
Reference: FRSIRT:ADV-2007-1041
Reference: URL:http://www.frsirt.com/english/advisories/2007/1041
Reference: SECUNIA:24017
Reference: URL:http://secunia.com/advisories/24017
Reference: SECUNIA:24713
Reference: URL:http://secunia.com/advisories/24713
Reference: SECUNIA:25239
Reference: URL:http://secunia.com/advisories/25239
Reference: XF:zope-unspecifiedget-xss(33187)
Reference: URL:http://xforce.iss.net/xforce/xfdb/33187

Votes:

Name: CVE-2007-0241

Status: Candidate
Phase: Assigned (20070116)

Votes:

Name: CVE-2007-0242

Description:
The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.

Status: Candidate
Phase: Assigned (20070116)
Reference: CONFIRM:http://www.nabble.com/Bug-417390:-CVE-2007-0242,--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html
Reference: CONFIRM:http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350
Reference: CONFIRM:http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html
Reference: CONFIRM:http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html
Reference: CONFIRM:https://issues.rpath.com/browse/RPL-1202
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm
Reference: DEBIAN:DSA-1292
Reference: URL:http://www.debian.org/security/2007/dsa-1292
Reference: FEDORA:FEDORA-2007-703
Reference: URL:http://fedoranews.org/updates/FEDORA-2007-703.shtml
Reference: MANDRIVA:MDKSA-2007:074
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:074
Reference: MANDRIVA:MDKSA-2007:075
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:075
Reference: MANDRIVA:MDKSA-2007:076
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:076
Reference: REDHAT:RHSA-2007:0909
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0909.html
Reference: REDHAT:RHSA-2007:0883
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0883.html
Reference: SGI:20070901-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc
Reference: SLACKWARE:SSA:2007-093-03
Reference: URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591
Reference: SUSE:SUSE-SR:2007:006
Reference: URL:http://www.novell.com/linux/security/advisories/2007_6_sr.html
Reference: UBUNTU:USN-452-1
Reference: URL:http://www.ubuntu.com/usn/usn-452-1
Reference: BID:23269
Reference: URL:http://www.securityfocus.com/bid/23269
Reference: FRSIRT:ADV-2007-1212
Reference: URL:http://www.frsirt.com/english/advisories/2007/1212
Reference: SECUNIA:24727
Reference: URL:http://secunia.com/advisories/24727
Reference: SECUNIA:24699
Reference: URL:http://secunia.com/advisories/24699
Reference: SECUNIA:24705
Reference: URL:http://secunia.com/advisories/24705
Reference: SECUNIA:24726
Reference: URL:http://secunia.com/advisories/24726
Reference: SECUNIA:24847
Reference: URL:http://secunia.com/advisories/24847
Reference: SECUNIA:24797
Reference: URL:http://secunia.com/advisories/24797
Reference: SECUNIA:24889
Reference: URL:http://secunia.com/advisories/24889
Reference: SECUNIA:24759
Reference: URL:http://secunia.com/advisories/24759
Reference: SECUNIA:25263
Reference: URL:http://secunia.com/advisories/25263
Reference: SECUNIA:26857
Reference: URL:http://secunia.com/advisories/26857
Reference: SECUNIA:26804
Reference: URL:http://secunia.com/advisories/26804
Reference: SECUNIA:27108
Reference: URL:http://secunia.com/advisories/27108
Reference: SECUNIA:27275
Reference: URL:http://secunia.com/advisories/27275
Reference: XF:qt-utf8-xss(33397)
Reference: URL:http://xforce.iss.net/xforce/xfdb/33397

Votes:

Name: CVE-2007-0243

Description:
Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.

Status: Candidate
Phase: Assigned (20070116)
Reference: BUGTRAQ:20070117 ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457159/100/0/threaded
Reference: BUGTRAQ:20070121 Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457638/100/0/threaded
Reference: MISC:http://www.zerodayinitiative.com/advisories/ZDI-07-005.html
Reference: MISC:http://docs.info.apple.com/article.html?artnum=307177
Reference: CONFIRM:http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html
Reference: CONFIRM:http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html
Reference: APPLE:APPLE-SA-2007-12-14
Reference: URL:http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
Reference: BEA:BEA07-172.00
Reference: URL:http://dev2dev.bea.com/pub/advisory/242
Reference: GENTOO:GLSA-200702-07
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200702-07.xml
Reference: GENTOO:GLSA-200702-08
Reference: URL:http://security.gentoo.org/glsa/glsa-200702-08.xml
Reference: HP:HPSBUX02196
Reference: URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579
Reference: HP:SSRT071318
Reference: URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579
Reference: REDHAT:RHSA-2007:0166
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0166.html
Reference: REDHAT:RHSA-2007:0167
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0167.html
Reference: REDHAT:RHSA-2007:0956
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0956.html
Reference: REDHAT:RHSA-2008:0261
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0261.html
Reference: SUNALERT:102760
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1
Reference: SUSE:SUSE-SA:2007:045
Reference: URL:http://www.novell.com/linux/security/advisories/2007_45_java.html
Reference: CERT:TA07-022A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-022A.html
Reference: CERT-VN:VU#388289
Reference: URL:http://www.kb.cert.org/vuls/id/388289
Reference: BID:22085
Reference: URL:http://www.securityfocus.com/bid/22085
Reference: FRSIRT:ADV-2007-0211
Reference: URL:http://www.frsirt.com/english/advisories/2007/0211
Reference: FRSIRT:ADV-2007-0936
Reference: URL:http://www.frsirt.com/english/advisories/2007/0936
Reference: FRSIRT:ADV-2007-1814
Reference: URL:http://www.frsirt.com/english/advisories/2007/1814
Reference: FRSIRT:ADV-2007-4224
Reference: URL:http://www.frsirt.com/english/advisories/2007/4224
Reference: SECTRACK:1017520
Reference: URL:http://securitytracker.com/id?1017520
Reference: SECUNIA:23757
Reference: URL:http://secunia.com/advisories/23757
Reference: SECUNIA:24202
Reference: URL:http://secunia.com/advisories/24202
Reference: SECUNIA:24189
Reference: URL:http://secunia.com/advisories/24189
Reference: SECUNIA:24468
Reference: URL:http://secunia.com/advisories/24468
Reference: SECUNIA:24993
Reference: URL:http://secunia.com/advisories/24993
Reference: SECUNIA:25283
Reference: URL:http://secunia.com/advisories/25283
Reference: SECUNIA:26049
Reference: URL:http://secunia.com/advisories/26049
Reference: SECUNIA:26119
Reference: URL:http://secunia.com/advisories/26119
Reference: SECUNIA:27203
Reference: URL:http://secunia.com/advisories/27203
Reference: SECUNIA:26645
Reference: URL:http://secunia.com/advisories/26645
Reference: SECUNIA:28115
Reference: URL:http://secunia.com/advisories/28115
Reference: SREASON:2158
Reference: URL:http://securityreason.com/securityalert/2158
Reference: XF:jre-gif-bo(31537)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31537

Votes:

Name: CVE-2007-0244

Description:
pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3.4 allows remote attackers to cause a denial of service (PPTP connection tear-down) via (1) GRE packets with out-of-order sequence numbers or (2) certain GRE packets that are processed using a wrong pointer and improperly dequeued.

Status: Candidate
Phase: Assigned (20070116)
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=501476&group_id=44827
Reference: DEBIAN:DSA-1288
Reference: URL:http://www.debian.org/security/2007/dsa-1288
Reference: GENTOO:GLSA-200705-18
Reference: URL:http://security.gentoo.org/glsa/glsa-200705-18.xml
Reference: SUSE:SUSE-SR:2007:010
Reference: URL:http://www.novell.com/linux/security/advisories/2007_10_sr.html
Reference: SUSE:SUSE-SR:2007:019
Reference: URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html
Reference: TRUSTIX:2007-0017
Reference: URL:http://www.trustix.org/errata/2007/0017/
Reference: UBUNTU:USN-459-1
Reference: URL:http://www.ubuntu.com/usn/usn-459-1
Reference: UBUNTU:USN-459-2
Reference: URL:http://www.ubuntu.com/usn/usn-459-2
Reference: BID:23886
Reference: URL:http://www.securityfocus.com/bid/23886
Reference: FRSIRT:ADV-2007-1743
Reference: URL:http://www.frsirt.com/english/advisories/2007/1743
Reference: SECTRACK:1018064
Reference: URL:http://www.securitytracker.com/id?1018064
Reference: SECUNIA:25220
Reference: URL:http://secunia.com/advisories/25220
Reference: SECUNIA:25255
Reference: URL:http://secunia.com/advisories/25255
Reference: SECUNIA:26987
Reference: URL:http://secunia.com/advisories/26987

Votes:

Name: CVE-2007-0245

Description:
Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten.

Status: Candidate
Phase: Assigned (20070116)
Reference: BUGTRAQ:20070613 High risk vulnerability in OpenOffice RTF parser
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/471274/100/0/threaded
Reference: CONFIRM:http://sw.openoffice.org/source/browse/sw/sw/source/filter/rtf/swparrtf.cxx?rev=1.67
Reference: CONFIRM:https://issues.rpath.com/browse/RPL-1570
Reference: DEBIAN:DSA-1307
Reference: URL:http://www.debian.org/security/2007/dsa-1307
Reference: GENTOO:GLSA-200707-02
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200707-02.xml
Reference: MANDRIVA:MDKSA-2007:144
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:144
Reference: REDHAT:RHSA-2007:0406
Reference: URL:http://www.redhat.com/support/errata/RHSA-2007-0406.html
Reference: SGI:20070602-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
Reference: SUNALERT:102917
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102917-1
Reference: SUSE:SUSE-SA:2007:037
Reference: URL:http://www.novell.com/linux/security/advisories/2007_37_openoffice.html
Reference: UBUNTU:USN-482-1
Reference: URL:http://www.ubuntu.com/usn/usn-482-1
Reference: BID:24450
Reference: URL:http://www.securityfocus.com/bid/24450
Reference: FRSIRT:ADV-2007-2166
Reference: URL:http://www.frsirt.com/english/advisories/2007/2166
Reference: FRSIRT:ADV-2007-2229
Reference: URL:http://www.frsirt.com/english/advisories/2007/2229
Reference: SECTRACK:1018239
Reference: URL:http://www.securitytracker.com/id?1018239
Reference: SECUNIA:25648
Reference: URL:http://secunia.com/advisories/25648
Reference: SECUNIA:25650
Reference: URL:http://secunia.com/advisories/25650
Reference: SECUNIA:25673
Reference: URL:http://secunia.com/advisories/25673
Reference: SECUNIA:25705
Reference: URL:http://secunia.com/advisories/25705
Reference: SECUNIA:25862
Reference: URL:http://secunia.com/advisories/25862
Reference: SECUNIA:25894
Reference: URL:http://secunia.com/advisories/25894
Reference: SECUNIA:25905
Reference: URL:http://secunia.com/advisories/25905
Reference: SECUNIA:26010
Reference: URL:http://secunia.com/advisories/26010
Reference: SECUNIA:26022
Reference: URL:http://secunia.com/advisories/26022
Reference: SECUNIA:26476
Reference: URL:http://secunia.com/advisories/26476
Reference: XF:openoffice-rtf-bo(34843)
Reference: URL:http://xforce.iss.net/xforce/xfdb/34843

Votes:

Name: CVE-2007-0246

Description:
plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO.

Status: Candidate
Phase: Assigned (20070116)
Reference: CONFIRM:http://gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/plugins/scmcvs/www/cvsweb.php?root=gforge&r1=5849&r2=6038&pathrev=6038
Reference: DEBIAN:DSA-1297
Reference: URL:http://www.debian.org/security/2007/dsa-1297
Reference: BID:24141
Reference: URL:http://www.securityfocus.com/bid/24141
Reference: FRSIRT:ADV-2007-1942
Reference: URL:http://www.frsirt.com/english/advisories/2007/1942
Reference: SECUNIA:25395
Reference: URL:http://secunia.com/advisories/25395
Reference: SECUNIA:25416
Reference: URL:http://secunia.com/advisories/25416
Reference: XF:gforge-cvsweb-code-execution(34510)
Reference: URL:http://xforce.iss.net/xforce/xfdb/34510

Votes:

Name: CVE-2007-0247

Description:
squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.

Status: Candidate
Phase: Assigned (20070116)
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12
Reference: CONFIRM:http://www.squid-cache.org/bugs/show_bug.cgi?id=1857
Reference: FEDORA:FEDORA-2007-092
Reference: URL:http://fedoranews.org/cms/node/2442
Reference: GENTOO:GLSA-200701-22
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml
Reference: MANDRIVA:MDKSA-2007:026
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:026
Reference: SUSE:SUSE-SA:2007:012
Reference: URL:http://www.novell.com/linux/security/advisories/2007_12_squid.html
Reference: TRUSTIX:2007-0003
Reference: URL:http://www.trustix.org/errata/2007/0003/
Reference: UBUNTU:USN-414-1
Reference: URL:http://www.ubuntu.com/usn/usn-414-1
Reference: BID:22079
Reference: URL:http://www.securityfocus.com/bid/22079
Reference: FRSIRT:ADV-2007-0199
Reference: URL:http://www.frsirt.com/english/advisories/2007/0199
Reference: SECUNIA:23767
Reference: URL:http://secunia.com/advisories/23767
Reference: SECUNIA:23810
Reference: URL:http://secunia.com/advisories/23810
Reference: SECUNIA:23805
Reference: URL:http://secunia.com/advisories/23805
Reference: SECUNIA:23837
Reference: URL:http://secunia.com/advisories/23837
Reference: SECUNIA:23889
Reference: URL:http://secunia.com/advisories/23889
Reference: SECUNIA:23921
Reference: URL:http://secunia.com/advisories/23921
Reference: SECUNIA:23946
Reference: URL:http://secunia.com/advisories/23946
Reference: XF:squid-multiple-dos(31523)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31523

Votes:

Name: CVE-2007-0248

Description:
The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.

Status: Candidate
Phase: Assigned (20070116)
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12
Reference: CONFIRM:http://www.squid-cache.org/bugs/show_bug.cgi?id=1848
Reference: GENTOO:GLSA-200701-22
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml
Reference: MANDRIVA:MDKSA-2007:026
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:026
Reference: SUSE:SUSE-SA:2007:012
Reference: URL:http://www.novell.com/linux/security/advisories/2007_12_squid.html
Reference: UBUNTU:USN-414-1
Reference: URL:http://www.ubuntu.com/usn/usn-414-1
Reference: BID:22203
Reference: URL:http://www.securityfocus.com/bid/22203
Reference: FRSIRT:ADV-2007-0199
Reference: URL:http://www.frsirt.com/english/advisories/2007/0199
Reference: SECUNIA:23767
Reference: URL:http://secunia.com/advisories/23767
Reference: SECUNIA:23805
Reference: URL:http://secunia.com/advisories/23805
Reference: SECUNIA:23889
Reference: URL:http://secunia.com/advisories/23889
Reference: SECUNIA:23921
Reference: URL:http://secunia.com/advisories/23921
Reference: SECUNIA:23946
Reference: URL:http://secunia.com/advisories/23946
Reference: XF:squid-externalacl-dos(31525)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31525

Votes:

Name: CVE-2007-0249

Description:
Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites 3.0 allows remote attackers to inject arbitrary web script or HTML via the o parameter.

Status: Candidate
Phase: Assigned (20070116)
Reference: BUGTRAQ:20070111 Nwom topsites v3.0
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456636/100/0/threaded
Reference: BID:22012
Reference: URL:http://www.securityfocus.com/bid/22012
Reference: SREASON:2149
Reference: URL:http://securityreason.com/securityalert/2149

Votes:

Name: CVE-2007-0250

Description:
index.php in Nwom topsites 3.0 allows remote attackers to obtain potentially sensitive information via a ' (quote) character in the o parameter, which forces a SQL error.

Votes:

Name: CVE-2007-0251

Description:
Integer underflow in the DecodeGRE function in src/decode.c in Snort 2.6.1.2 allows remote attackers to trigger dereferencing of certain memory locations via crafted GRE packets, which may cause corruption of log files or writing of sensitive information into log files.

Status: Candidate
Phase: Assigned (20070116)
Reference: BUGTRAQ:20070111 Calyptix Security Advisory CX-2007-001 - Snort 2.6.1.2 Integer Underflow Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456598/100/0/threaded
Reference: MISC:http://labs.calyptix.com/advisories/CX-2007-01.txt
Reference: CONFIRM:http://www.snort.org/got_source/source.html
Reference: BID:22004
Reference: URL:http://www.securityfocus.com/bid/22004
Reference: FRSIRT:ADV-2007-0152
Reference: URL:http://www.frsirt.com/english/advisories/2007/0152
Reference: SECTRACK:1017507
Reference: URL:http://securitytracker.com/id?1017507
Reference: SREASON:2165
Reference: URL:http://securityreason.com/securityalert/2165

Votes:

Name: CVE-2007-0252

Description:
Unspecified vulnerability in easy-content filemanager allows remote attackers to upload or modify arbitrary files via unspecified vectors.

Status: Candidate
Phase: Assigned (20070116)
Reference: BUGTRAQ:20070111 easy-content filemanager
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456622/100/0/threaded

Votes:

Name: CVE-2007-0253

Description:
** DISPUTED ** Unspecified vulnerability in the grsecurity patch has unspecified impact and remote attack vectors, a different vulnerability than the expand_stack vulnerability from the Digital Armaments 20070110 pre-advisory. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven.

Status: Candidate
Phase: Assigned (20070116)
Reference: MISC:http://forums.grsecurity.net/viewtopic.php?t=1646
Reference: MISC:http://grsecurity.net/news.php#digitalfud
Reference: MISC:http://www.digitalarmaments.com/news_news.shtml

Votes:

Name: CVE-2007-0254

Description:
Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors.

Status: Candidate
Phase: Assigned (20070116)
Reference: BUGTRAQ:20070111 Xine-ui format string Vulnerabilties.
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456590/100/0/threaded
Reference: GENTOO:GLSA-200701-18
Reference: URL:http://security.gentoo.org/glsa/glsa-200701-18.xml
Reference: MANDRIVA:MDKSA-2007:027
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:027
Reference: MANDRIVA:MDKSA-2007:154
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:154
Reference: BID:22002
Reference: URL:http://www.securityfocus.com/bid/22002
Reference: SECUNIA:23709
Reference: URL:http://secunia.com/advisories/23709
Reference: SECUNIA:23891
Reference: URL:http://secunia.com/advisories/23891
Reference: SECUNIA:23931
Reference: URL:http://secunia.com/advisories/23931
Reference: XF:xineui-errorscreatewindow-format-string(31505)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31505

Votes:

Name: CVE-2007-0255

Description:
XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017.

Status: Candidate
Phase: Assigned (20070116)
Reference: BUGTRAQ:20070110 VLC Format String Vulnerability also in XINE
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456523/100/0/threaded
Reference: MANDRIVA:MDKSA-2007:027
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:027
Reference: MANDRIVA:MDKSA-2007:154
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:154
Reference: BID:22252
Reference: URL:http://www.securityfocus.com/bid/22252
Reference: SECUNIA:23931
Reference: URL:http://secunia.com/advisories/23931

Votes:

Name: CVE-2007-0256

Description:
VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.

Status: Candidate
Phase: Assigned (20070116)
Reference: MISC:http://downloads.securityfocus.com/vulnerabilities/exploits/22003.py
Reference: BID:22003
Reference: URL:http://www.securityfocus.com/bid/22003
Reference: XF:vlcmediaplayer-wmv-dos(31515)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31515

Votes:

Name: CVE-2007-0257

Description:
** DISPUTED ** Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code.

Status: Candidate
Phase: Assigned (20070116)
Reference: BUGTRAQ:20070111 Digital Armaments Security Pre-Advisory 11.01.2007: Grsecurity Kernel PaX - Local root vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456626/100/0/threaded
Reference: BUGTRAQ:20070112 Lies? [Was: Re: Digital Armaments Security Pre-Advisory11.01.2007: Grsecurity Kernel PaX - Local root vulnerability]
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456722/100/0/threaded
Reference: BUGTRAQ:20070120 Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457509/100/0/threaded
Reference: BUGTRAQ:20070309 Re: Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/462302/100/100/threaded
Reference: MISC:http://forums.grsecurity.net/viewtopic.php?t=1646
Reference: MISC:http://grsecurity.net/news.php#digitalfud
Reference: MISC:http://www.digitalarmaments.com/news_news.shtml
Reference: MISC:http://www.digitalarmaments.com/pre2007-00018659.html
Reference: BID:22014
Reference: URL:http://www.securityfocus.com/bid/22014
Reference: FRSIRT:ADV-2007-0155
Reference: URL:http://www.frsirt.com/english/advisories/2007/0155
Reference: SECTRACK:1017509
Reference: URL:http://securitytracker.com/id?1017509
Reference: SECUNIA:23713
Reference: URL:http://secunia.com/advisories/23713

Votes:

Name: CVE-2007-0258

Description:
Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo 2.0 and (2) Open Solution Quick.Cart 2.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: some of these details are obtained from third party information.

Status: Candidate
Phase: Assigned (20070116)
Reference: MISC:http://14house.blogspot.com/2007/01/fastilo-open-source-shopping-cart-vuln.html
Reference: BID:22007
Reference: URL:http://www.securityfocus.com/bid/22007
Reference: BID:21971
Reference: URL:http://www.securityfocus.com/bid/21971
Reference: FRSIRT:ADV-2007-0156
Reference: URL:http://www.frsirt.com/english/advisories/2007/0156
Reference: FRSIRT:ADV-2007-0157
Reference: URL:http://www.frsirt.com/english/advisories/2007/0157
Reference: SECUNIA:23733
Reference: URL:http://secunia.com/advisories/23733
Reference: SECUNIA:23738
Reference: URL:http://secunia.com/advisories/23738
Reference: XF:quickcart-p-xss(31475)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31475

Votes:

Name: CVE-2007-0259

Description:
Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to obtain sensitive information via a invalid cat parameter to boxx/knowledgebase.asp, which reveals the path in an error message.

Status: Candidate
Phase: Assigned (20070116)
Reference: BUGTRAQ:20070111 Ezboxx multiple vulnerabilities.
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456699/100/0/threaded
Reference: MISC:http://www.bugsec.com/articles.php?Security=20
Reference: FRSIRT:ADV-2007-0208
Reference: URL:http://www.frsirt.com/english/advisories/2007/0208

Votes:

Name: CVE-2007-0260

Description:
** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Naig 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the this_path parameter. NOTE: a reliable third party disputes this vulnerability because this_path is defined before use.

Status: Candidate
Phase: Assigned (20070116)
Reference: BUGTRAQ:20070112 Naig <= 0.5.2 (this_path) Remote File Include Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456744/100/0/threaded
Reference: BUGTRAQ:20070113 Re: Naig <= 0.5.2 (this_path) Remote File Include Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456785/100/0/threaded
Reference: VIM:20070112 Fwd: Naig <= 0.5.2 (this_path) Remote File Include Vulnerability
Reference: URL:http://www.attrition.org/pipermail/vim/2007-January/001239.html
Reference: SREASON:2145
Reference: URL:http://securityreason.com/securityalert/2145

Votes:

Name: CVE-2007-0261

Description:
snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.

Status: Candidate
Phase: Assigned (20070116)
Reference: MILW0RM:3116
Reference: URL:http://milw0rm.com/exploits/3116
Reference: BID:22025
Reference: URL:http://www.securityfocus.com/bid/22025
Reference: SECUNIA:23746
Reference: URL:http://secunia.com/advisories/23746
Reference: XF:snews-image-file-upload(31535)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31535

Votes:

Name: CVE-2007-0262

Description:
WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as the table prefix.

Status: Candidate
Phase: Assigned (20070116)
Reference: BUGTRAQ:20070112 Wordpress disclosure of Table Prefix Weakness
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456731/100/0/threaded

Votes:

Name: CVE-2007-0263

Description:
Unspecified vulnerability in Total Commander before 6.5.6 allows user-assisted remote attackers to delete arbitrary files and corrupt a filesystem via a crafted RAR file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Status: Candidate
Phase: Assigned (20070116)
Reference: MISC:http://www.ghisler.com/whatsnew.htm
Reference: BID:22033
Reference: URL:http://www.securityfocus.com/bid/22033

Votes:

Name: CVE-2007-0264

Description:
Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument. NOTE: this issue may cross privilege boundaries if an application automatically invokes Winzip32.exe for untrusted input filenames, as in the case of a file upload application. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Status: Candidate
Phase: Assigned (20070116)
Reference: BID:22020
Reference: URL:http://www.securityfocus.com/bid/22020

Votes:

Name: CVE-2007-0265

Description:
Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal System Beta 0.7.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pic parameter to custom/piczoom.asp, (2) the nocatname parameter to boxx/user-upload.asp, or (3) the iid parameter to indexes/newscomments.asp.

Votes:

Name: CVE-2007-0266

Description:
SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the iid parameter.

Votes:

Name: CVE-2007-0267

Description:
The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel panic) and possibly corrupt other filesystems by mounting a crafted UNIX File System (UFS) DMG image that contains a corrupted directory entry (struct direct), related to the ufs_dirbad function. NOTE: a third party states that the FreeBSD issue does not cross privilege boundaries.

Status: Candidate
Phase: Assigned (20070116)
Reference: MLIST:[freebsd-security] 20070114 MOAB advisories
Reference: URL:http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html
Reference: MISC:http://projects.info-pull.com/moab/MOAB-12-01-2007.html
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=305214
Reference: APPLE:APPLE-SA-2007-03-13
Reference: URL:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
Reference: CERT:TA07-072A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Reference: BID:22036
Reference: URL:http://www.securityfocus.com/bid/22036
Reference: FRSIRT:ADV-2007-0171
Reference: URL:http://www.frsirt.com/english/advisories/2007/0171
Reference: FRSIRT:ADV-2007-0930
Reference: URL:http://www.frsirt.com/english/advisories/2007/0930
Reference: OSVDB:32686
Reference: URL:http://www.osvdb.org/32686
Reference: SECTRACK:1017751
Reference: URL:http://www.securitytracker.com/id?1017751
Reference: SECUNIA:23721
Reference: URL:http://secunia.com/advisories/23721
Reference: SECUNIA:24479
Reference: URL:http://secunia.com/advisories/24479

Votes:

Name: CVE-2007-0268

Description:
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package.

Status: Candidate
Phase: Assigned (20070116)
Reference: BUGTRAQ:20070129 Re: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/458475/100/100/threaded
Reference: BUGTRAQ:20070124 Oracle Buffer Overflow in DBMS_REPCAT_UNTRUSTED.UNREGISTER_SNAPSHOT
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/458005/100/0/threaded
Reference: MISC:http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html
Reference: CERT:TA07-017A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-017A.html
Reference: CERT-VN:VU#221788
Reference: URL:http://www.kb.cert.org/vuls/id/221788
Reference: BID:22083
Reference: URL:http://www.securityfocus.com/bid/22083
Reference: SECTRACK:1017522
Reference: URL:http://securitytracker.com/id?1017522
Reference: SECUNIA:23794
Reference: URL:http://secunia.com/advisories/23794
Reference: XF:oracle-cpu-jan2007(31541)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31541

Votes:

Name: CVE-2007-0269

Description:
Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02.

Status: Candidate
Phase: Assigned (20070116)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html
Reference: CERT:TA07-017A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-017A.html
Reference: BID:22083
Reference: URL:http://www.securityfocus.com/bid/22083
Reference: SECTRACK:1017522
Reference: URL:http://securitytracker.com/id?1017522
Reference: SECUNIA:23794
Reference: URL:http://secunia.com/advisories/23794
Reference: XF:oracle-cpu-jan2007(31541)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31541

Votes:

Name: CVE-2007-0270

Description:
Buffer overflow in SYS.DBMS_DRS in Oracle Database 9.2.0.7 and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via the GET_PROPERTY function in SYS.DBMS_DRS, aka DB03.

Status: Candidate
Phase: Assigned (20070116)
Reference: BUGTRAQ:20070124 Oracle Buffer Overflow in DBMS_DRS.GET_PROPERTY
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/458036/100/0/threaded
Reference: BUGTRAQ:20070718 Oracle Database Buffer overflow vulnerabilities in procedure DBMS_DRS.GET_PROPERTY (DB03)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/474050/100/0/threaded
Reference: MISC:http://www.appsecinc.com/resources/alerts/oracle/2007-04.shtml
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html
Reference: CERT:TA07-017A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-017A.html
Reference: BID:22083
Reference: URL:http://www.securityfocus.com/bid/22083
Reference: SECTRACK:1017522
Reference: URL:http://securitytracker.com/id?1017522
Reference: SECUNIA:23794
Reference: URL:http://secunia.com/advisories/23794
Reference: XF:oracle-cpu-jan2007(31541)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31541

Votes:

Name: CVE-2007-0271

Description:
Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors related to the Log Miner component and sys.dbms_log_mnr privileges, aka DB04. NOTE: Oracle has not disputed a reliable researcher claim that this is a buffer overflow in the ADD_LOGFILE procedure for the SYS.DBMS_LOGMNR package that allows code execution.

Status: Candidate
Phase: Assigned (20070116)
Reference: BUGTRAQ:20070129 Re: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/458475/100/100/threaded
Reference: BUGTRAQ:20070124 Oracle Buffer Overflow in DBMS_LOGMNR.ADD_LOGFILE
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/458006/100/0/threaded
Reference: MISC:http://www.appsecinc.com/resources/alerts/oracle/2007-01.shtml
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html
Reference: CERT:TA07-017A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-017A.html
Reference: BID:22083
Reference: URL:http://www.securityfocus.com/bid/22083
Reference: SECTRACK:1017522
Reference: URL:http://securitytracker.com/id?1017522
Reference: SECUNIA:23794
Reference: URL:http://secunia.com/advisories/23794
Reference: XF:oracle-cpu-jan2007(31541)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31541

Votes:

Name: CVE-2007-0272

Description:
Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via unspecified vectors involving certain public procedures, aka DB05.

Status: Candidate
Phase: Assigned (20070116)
Reference: BUGTRAQ:20070124 Oracle Multiple Buffer Overflows and DoS attacks in public procedures of MDSYS.MD
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/458038/100/0/threaded
Reference: BUGTRAQ:20070718 Oracle Database Buffer overflows and Denial of service vulnerabilities in public procedures of MDSYS.MD (DB12)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/474047/100/0/threaded
Reference: MISC:http://www.appsecinc.com/resources/alerts/oracle/2007-05.shtml
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html
Reference: CERT:TA07-017A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-017A.html
Reference: BID:22083
Reference: URL:http://www.securityfocus.com/bid/22083
Reference: SECTRACK:1017522
Reference: URL:http://securitytracker.com/id?1017522
Reference: SECUNIA:23794
Reference: URL:http://secunia.com/advisories/23794
Reference: XF:oracle-cpu-jan2007(31541)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31541

Votes:

Name: CVE-2007-0273

Description:
Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that DB06 is for multiple cross-site scripting (XSS) vulnerabilities.

Status: Candidate
Phase: Assigned (20070116)
Reference: MISC:http://www.red-database-security.com/advisory/oracle_xmldb_css2.html
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html
Reference: CERT:TA07-017A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-017A.html
Reference: BID:22083
Reference: URL:http://www.securityfocus.com/bid/22083
Reference: SECTRACK:1017522
Reference: URL:http://securitytracker.com/id?1017522
Reference: SECUNIA:23794
Reference: URL:http://secunia.com/advisories/23794
Reference: XF:oracle-cpu-jan2007(31541)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31541

Votes:

Name: CVE-2007-0274

Description:
Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09). NOTE: Oracle has not disputed reliable researcher claims that DB08 is for a buffer overflow in the GET_OBJECT_NAME procedure in the DBMS_LOGREP_UTIL package, and DB09 is for buffer overflows in the CREATE_CAPTURE, ALTER_CAPTURE, and ABORT_TABLE_INSTANTIATION procedures in SYS.DBMS_CAPTURE_ADM_INTERNAL.

Status: Candidate
Phase: Assigned (20070116)
Reference: BUGTRAQ:20070125 Re: Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/458126/100/0/threaded
Reference: BUGTRAQ:20070125 Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/458112/100/100/threaded
Reference: BUGTRAQ:20070129 Re: Re: Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/458475/100/100/threaded
Reference: BUGTRAQ:20070124 Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/458037/100/0/threaded
Reference: BUGTRAQ:20070124 Oracle Buffer Overflows in DBMS_CAPTURE_ADM_INTERNAL
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/458041/100/0/threaded
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html
Reference: CERT:TA07-017A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-017A.html
Reference: BID:22083
Reference: URL:http://www.securityfocus.com/bid/22083
Reference: SECTRACK:1017522
Reference: URL:http://securitytracker.com/id?1017522
Reference: SECUNIA:23794
Reference: URL:http://secunia.com/advisories/23794
Reference: XF:oracle-cpu-jan2007(31541)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31541

Votes:

Name: CVE-2007-0275

Description:
Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01.

Status: Candidate
Phase: Assigned (20070116)
Reference: BUGTRAQ:20070117 [ISecAuditors Security Advisories] Oracle Reports Web Cartridge (RWCGI60) vulnerable to XSS
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457193/100/0/threaded
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html
Reference: CERT:TA07-017A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-017A.html
Reference: BID:22083
Reference: URL:http://www.securityfocus.com/bid/22083
Reference: SECTRACK:1017522
Reference: URL:http://securitytracker.com/id?1017522
Reference: SECUNIA:23794
Reference: URL:http://secunia.com/advisories/23794
Reference: XF:oracle-cpu-jan2007(31541)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31541

Votes:

Name: CVE-2007-0276

Description:
Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16).

Votes:

Name: CVE-2007-0277

Description:
Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has unknown impact and attack vectors related to the Export component and expdp or impdp, aka DB11.

Votes:

Name: CVE-2007-0278

Description:
Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14).

Votes:

Name: CVE-2007-0279

Description:
Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07.

Votes:

Name: CVE-2007-0280

Description:
Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that OPMN01 is for a buffer overflow in Oracle Notification Service (ONS).

Status: Candidate
Phase: Assigned (20070116)
Reference: MISC:http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html
Reference: CERT:TA07-017A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-017A.html
Reference: BID:22083
Reference: URL:http://www.securityfocus.com/bid/22083
Reference: SECTRACK:1017522
Reference: URL:http://securitytracker.com/id?1017522
Reference: SECUNIA:23794
Reference: URL:http://secunia.com/advisories/23794
Reference: XF:oracle-cpu-jan2007(31541)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31541

Votes:

Name: CVE-2007-0281

Description:
Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04.

Votes:

Name: CVE-2007-0282

Description:
Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02.

Votes:

Name: CVE-2007-0283

Description:
Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to Oracle Containers for J2EE, aka OC4J02.

Votes:

Name: CVE-2007-0284

Description:
Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J03 and (2) OC4J04.

Votes:

Name: CVE-2007-0285

Description:
Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 9.0.4.2 and 10.1.2; and E-Business Suite and Applications 11.5.10CU2 has unknown impact and attack vectors related to Oracle Reports Developer, aka REP01.

Votes:

Name: CVE-2007-0286

Description:
Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, has unknown impact and attack vectors related to Containers for J2EE, aka OC4J07.

Votes:

Name: CVE-2007-0287

Description:
Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to Containers for J2EE, aka OC4J08.

Votes:

Name: CVE-2007-0288

Description:
Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01.

Votes:

Name: CVE-2007-0289

Description:
Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J01, (2) OC4J05, and (3) OC4J06.

Votes:

Name: CVE-2007-0290

Description:
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors related to (1) Application Object Library (APPS01), (2) Human Resources (APPS03), (3) Payables (APPS04), (4) Trading Community Architecture (APPS05), and (5) Web Applications Desktop Integrator (APPS06).

Votes:

Name: CVE-2007-0291

Description:
Unspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and attack vectors related to Oracle Exchange, aka APPS02.

Votes:

Name: CVE-2007-0292

Description:
Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 have unknown impact and attack vectors related to Oracle Agent, aka (1) EM01 and (2) EM02. NOTE: EM05 might be related to CVE-2007-0222.

Votes:

Name: CVE-2007-0293

Description:
Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors related to (1) Oracle Agent (EM03) and (2) EM04 and (3) EM05 in Enterprise Manager Console. NOTE: EM05 might be related to CVE-2007-0222.

Votes:

Name: CVE-2007-0294

Description:
Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has unknown impact and attack vectors related to Database Cloning & Data Guard Management, aka EM06.

Votes:

Name: CVE-2007-0295

Description:
Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13 and 8.47.11 has unknown impact and attack vectors in PeopleTools, aka PSE01.

Votes:

Name: CVE-2007-0296

Description:
Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13, 8.47.11, and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE02.

Votes:

Name: CVE-2007-0297

Description:
Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.11 and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE03.

Votes:

Name: CVE-2007-0298

Description:
PHP remote file inclusion vulnerability in show.php in LunarPoll, when register_globals is enabled, allows remote attackers execute arbitrary PHP code via a URL in the PollDir parameter.

Status: Candidate
Phase: Assigned (20070116)
Reference: BUGTRAQ:20070112 LunarPoll (PollDir) Remote File Include Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456697/100/0/threaded
Reference: MILW0RM:3117
Reference: URL:http://milw0rm.com/exploits/3117
Reference: VIM:20070112 Source Verify of LunarPoll PollDir RFI
Reference: URL:http://attrition.org/pipermail/vim/2007-January/001236.html
Reference: BID:22024
Reference: URL:http://www.securityfocus.com/bid/22024
Reference: FRSIRT:ADV-2007-0177
Reference: URL:http://www.frsirt.com/english/advisories/2007/0177
Reference: SECTRACK:1017510
Reference: URL:http://securitytracker.com/id?1017510
Reference: SECUNIA:23760
Reference: URL:http://secunia.com/advisories/23760
Reference: SREASON:2152
Reference: URL:http://securityreason.com/securityalert/2152
Reference: XF:lunarpoll-show-file-include(31472)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31472

Votes:

Name: CVE-2007-0299

Description:
Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference.

Status: Candidate
Phase: Assigned (20070116)
Reference: MISC:http://projects.info-pull.com/moab/MOAB-11-01-2007.html
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=305214
Reference: APPLE:APPLE-SA-2007-03-13
Reference: URL:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
Reference: CERT:TA07-072A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Reference: CERT-VN:VU#515792
Reference: URL:http://www.kb.cert.org/vuls/id/515792
Reference: FRSIRT:ADV-2007-0930
Reference: URL:http://www.frsirt.com/english/advisories/2007/0930
Reference: OSVDB:31653
Reference: URL:http://www.osvdb.org/31653
Reference: SECTRACK:1017751
Reference: URL:http://www.securitytracker.com/id?1017751
Reference: SECUNIA:23725
Reference: URL:http://secunia.com/advisories/23725
Reference: SECUNIA:24479
Reference: URL:http://secunia.com/advisories/24479

Votes:

Name: CVE-2007-0300

Description:
PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.

Status: Candidate
Phase: Assigned (20070117)
Reference: MILW0RM:3118
Reference: URL:http://milw0rm.com/exploits/3118
Reference: BID:22021
Reference: URL:http://www.securityfocus.com/bid/22021
Reference: FRSIRT:ADV-2007-0176
Reference: URL:http://www.frsirt.com/english/advisories/2007/0176
Reference: SECUNIA:23722
Reference: URL:http://secunia.com/advisories/23722

Votes:

Name: CVE-2007-0301

Description:
PHP remote file inclusion vulnerability in _admin/admin_menu.php in FdWeB Espace Membre 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

Status: Candidate
Phase: Assigned (20070117)
Reference: MILW0RM:3123
Reference: URL:http://milw0rm.com/exploits/3123
Reference: BID:22040
Reference: URL:http://www.securityfocus.com/bid/22040
Reference: FRSIRT:ADV-2007-0178
Reference: URL:http://www.frsirt.com/english/advisories/2007/0178
Reference: SECUNIA:23743
Reference: URL:http://secunia.com/advisories/23743

Votes:

Name: CVE-2007-0302

Description:
Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx.

Status: Candidate
Phase: Assigned (20070117)
Reference: BUGTRAQ:20070115 InstantForum.NET Multiple Cross-Site Scripting Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456970/100/0/threaded
Reference: BID:22052
Reference: URL:http://www.securityfocus.com/bid/22052
Reference: FRSIRT:ADV-2007-0227
Reference: URL:http://www.frsirt.com/english/advisories/2007/0227
Reference: SECUNIA:23787
Reference: URL:http://secunia.com/advisories/23787
Reference: SREASON:2164
Reference: URL:http://securityreason.com/securityalert/2164
Reference: XF:instantforum-multiple-scripts-xss(31521)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31521

Votes:

Name: CVE-2007-0303

Description:
Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have unknown impact and attack vectors related to "Potential security bugs."

Status: Candidate
Phase: Assigned (20070117)
Reference: CONFIRM:http://www.pancake.org/zina-changelog-12
Reference: BID:22049
Reference: URL:http://www.securityfocus.com/bid/22049
Reference: FRSIRT:ADV-2007-0181
Reference: URL:http://www.frsirt.com/english/advisories/2007/0181

Votes:

Name: CVE-2007-0304

Description:
SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Status: Candidate
Phase: Assigned (20070117)
Reference: MILW0RM:3120
Reference: URL:http://milw0rm.com/exploits/3120
Reference: FRSIRT:ADV-2007-0175
Reference: URL:http://www.frsirt.com/english/advisories/2007/0175
Reference: SECUNIA:23756
Reference: URL:http://secunia.com/advisories/23756

Votes:

Name: CVE-2007-0305

Description:
SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon Sistemi 4.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Status: Candidate
Phase: Assigned (20070117)
Reference: BUGTRAQ:20070115 Okul Web Otomasyon Sistemi (etkinlikbak.asp) SQL Injection Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456894/100/0/threaded
Reference: MILW0RM:3135
Reference: URL:http://milw0rm.com/exploits/3135
Reference: BID:22060
Reference: URL:http://www.securityfocus.com/bid/22060
Reference: FRSIRT:ADV-2007-0206
Reference: URL:http://www.frsirt.com/english/advisories/2007/0206
Reference: SECUNIA:23755
Reference: URL:http://secunia.com/advisories/23755
Reference: SREASON:2151
Reference: URL:http://securityreason.com/securityalert/2151

Votes:

Name: CVE-2007-0306

Description:
SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Status: Candidate
Phase: Assigned (20070117)
Reference: MILW0RM:3122
Reference: URL:http://milw0rm.com/exploits/3122
Reference: BID:22039
Reference: URL:http://www.securityfocus.com/bid/22039
Reference: FRSIRT:ADV-2007-0179
Reference: URL:http://www.frsirt.com/english/advisories/2007/0179
Reference: SECUNIA:23744
Reference: URL:http://secunia.com/advisories/23744

Votes:

Name: CVE-2007-0307

Description:
PHP remote file inclusion vulnerability in include/common.php in Poplar Gedcom Viewer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[rootPath] parameter.

Status: Candidate
Phase: Assigned (20070117)
Reference: MILW0RM:3121
Reference: URL:http://milw0rm.com/exploits/3121
Reference: BID:22038
Reference: URL:http://www.securityfocus.com/bid/22038
Reference: FRSIRT:ADV-2007-0174
Reference: URL:http://www.frsirt.com/english/advisories/2007/0174
Reference: SECUNIA:23761
Reference: URL:http://secunia.com/advisories/23761

Votes:

Name: CVE-2007-0308

Description:
Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.3.4 (beta) allows remote attackers to inject arbitrary web script or HTML via Wiki Page titles.

Status: Candidate
Phase: Assigned (20070117)
Reference: CONFIRM:http://www.plainblack.com/getwebgui/advisories/webgui-7_3_4-beta-released#BUeIjcWiQasypsJxD-YwgQ
Reference: BID:22051
Reference: URL:http://www.securityfocus.com/bid/22051
Reference: SECUNIA:23718
Reference: URL:http://secunia.com/advisories/23718

Votes:

Name: CVE-2007-0309

Description:
SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter.

Status: Candidate
Phase: Assigned (20070117)
Reference: BUGTRAQ:20070113 PHP-Nuke <= 7.9 Old-Articles Block "cat" SQL Injection vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456787/100/0/threaded
Reference: MISC:http://www.neosecurityteam.net/advisories/PHP-Nuke--7.9-Old-Articles-Block-cat-SQL-Injection-vulnerability-31.html
Reference: BID:22037
Reference: URL:http://www.securityfocus.com/bid/22037
Reference: SECTRACK:1017511
Reference: URL:http://securitytracker.com/id?1017511
Reference: SECUNIA:23748
Reference: URL:http://secunia.com/advisories/23748
Reference: SREASON:2153
Reference: URL:http://securityreason.com/securityalert/2153
Reference: XF:phpnuke-blockoldarticles-sql-injection(31482)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31482

Votes:

Name: CVE-2007-0310

Description:
BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names.

Status: Candidate
Phase: Assigned (20070117)
Reference: BUGTRAQ:20070115 Remedy Action Request System 5.01.02 - User Enumeration
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456949/100/0/threaded
Reference: BUGTRAQ:20070116 Re: Remedy Action Request System 5.01.02 - User Enumeration
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457078/100/0/threaded
Reference: MISC:http://www.alighieri.org/advisories/advisory-remedy50102.txt
Reference: BID:22066
Reference: URL:http://www.securityfocus.com/bid/22066
Reference: FRSIRT:ADV-2007-0204
Reference: URL:http://www.frsirt.com/english/advisories/2007/0204
Reference: SECTRACK:1017515
Reference: URL:http://securitytracker.com/id?1017515
Reference: SECUNIA:23775
Reference: URL:http://secunia.com/advisories/23775
Reference: SREASON:2162
Reference: URL:http://securityreason.com/securityalert/2162
Reference: XF:rars-login-information-disclosure(31527)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31527

Votes:

Name: CVE-2007-0311

Description:
Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier allow remote attackers to cause a denial of service (application crash) via a long SITE ADMIN command.

Status: Candidate
Phase: Assigned (20070117)
Reference: MILW0RM:3126
Reference: URL:http://milw0rm.com/exploits/3126
Reference: BID:22046
Reference: URL:http://www.securityfocus.com/bid/22046
Reference: XF:wftpd-admn-dos(31517)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31517

Votes:

Name: CVE-2007-0312

Description:
wcSimple Poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password hashes via a direct request for password.txt.

Status: Candidate
Phase: Assigned (20070117)
Reference: BUGTRAQ:20070114 wcSimple Poll (password.txt) Remote Password Disclosure Vulnerablity
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456982/100/0/threaded
Reference: SREASON:2157
Reference: URL:http://securityreason.com/securityalert/2157

Votes:

Name: CVE-2007-0313

Description:
Unspecified vulnerability in GONICUS System Administration (GOsa) before 2.5.8 allows remote authenticated users to modify certain settings, including the admin password, via crafted POST requests.

Status: Candidate
Phase: Assigned (20070117)
Reference: MLIST:[gosa] 20070115 GOsa 2.5.8 released (security fixes!)
Reference: URL:http://oss.gonicus.de/pipermail/gosa/2007-January/002650.html
Reference: FRSIRT:ADV-2007-0207
Reference: URL:http://www.frsirt.com/english/advisories/2007/0207
Reference: SECUNIA:23749
Reference: URL:http://secunia.com/advisories/23749
Reference: XF:gosa-unspecified-data-manipulation(31516)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31516

Votes:

Name: CVE-2007-0314

Description:
Multiple PHP remote file inclusion vulnerabilities in Article System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_DIR parameter to (1) forms.php, (2) issue_edit.php, (3) client.php, and (4) classes.php.

Status: Candidate
Phase: Assigned (20070117)
Reference: MILW0RM:3114
Reference: URL:http://milw0rm.com/exploits/3114
Reference: BID:22017
Reference: URL:http://www.securityfocus.com/bid/22017
Reference: XF:article-system-includedir-file-include(31446)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31446

Votes:

Name: CVE-2007-0315

Description:
Multiple buffer overflows in FileZilla before 2.2.30a allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors related to (1) Options.cpp when sotring settings in the registry, and (2) the transfer queue (QueueCtrl.cpp). NOTE: some of these details are obtained from third party information.

Status: Candidate
Phase: Assigned (20070117)
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=475423&group_id=21558
Reference: BID:22057
Reference: URL:http://www.securityfocus.com/bid/22057
Reference: FRSIRT:ADV-2007-0183
Reference: URL:http://www.frsirt.com/english/advisories/2007/0183
Reference: XF:filezilla-options-queuectrl-bo(31500)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31500

Votes:

Name: CVE-2007-0316

Description:
Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.010 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) xuser_name parameter to shared/code/cp_authorization.php, and the (2) did parameter to public/code/cp_downloads.php, different vectors than CVE-2007-0223.

Status: Candidate
Phase: Assigned (20070117)
Reference: BUGTRAQ:20070112 AIOCP Login Bypass Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/456742
Reference: BUGTRAQ:20070112 AIOCP SQL Injection Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/456741
Reference: BID:22032
Reference: URL:http://www.securityfocus.com/bid/22032
Reference: FRSIRT:ADV-2007-0190
Reference: URL:http://www.frsirt.com/english/advisories/2007/0190
Reference: SECUNIA:23740
Reference: URL:http://secunia.com/advisories/23740
Reference: SREASON:2166
Reference: URL:http://securityreason.com/securityalert/2166

Votes:

Name: CVE-2007-0317

Description:
Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments. NOTE: some of these details are obtained from third party information.

Status: Candidate
Phase: Assigned (20070117)
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=477793&group_id=21558
Reference: BID:22063
Reference: URL:http://www.securityfocus.com/bid/22063
Reference: FRSIRT:ADV-2007-0182
Reference: URL:http://www.frsirt.com/english/advisories/2007/0182
Reference: XF:filezilla-logmessage-format-string(31497)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31497

Votes:

Name: CVE-2007-0318

Description:
The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal.

Status: Candidate
Phase: Assigned (20070117)
Reference: MISC:http://projects.info-pull.com/moab/MOAB-13-01-2007.html
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=305214
Reference: APPLE:APPLE-SA-2007-03-13
Reference: URL:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
Reference: CERT:TA07-072A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Reference: FRSIRT:ADV-2007-0171
Reference: URL:http://www.frsirt.com/english/advisories/2007/0171
Reference: FRSIRT:ADV-2007-0930
Reference: URL:http://www.frsirt.com/english/advisories/2007/0930
Reference: OSVDB:32685
Reference: URL:http://www.osvdb.org/32685
Reference: SECTRACK:1017759
Reference: URL:http://www.securitytracker.com/id?1017759
Reference: SECUNIA:23742
Reference: URL:http://secunia.com/advisories/23742
Reference: SECUNIA:24479
Reference: URL:http://secunia.com/advisories/24479

Votes:

Name: CVE-2007-0319

Description:
Multiple stack-based buffer overflows in the Motive ActiveEmailTest.EmailData (ActiveUtils EmailData) ActiveX control in ActiveUtils.dll in Motive Service Activation Manager 5.1 and Self Service Manager 5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors.

Status: Candidate
Phase: Assigned (20070117)
Reference: CONFIRM:http://www.motive.com/securitybulletin_08122007.asp
Reference: MS:MS07-045
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms07-045.mspx
Reference: CERT-VN:VU#747233
Reference: URL:http://www.kb.cert.org/vuls/id/747233
Reference: BID:25312
Reference: URL:http://www.securityfocus.com/bid/25312
Reference: FRSIRT:ADV-2007-2881
Reference: URL:http://www.frsirt.com/english/advisories/2007/2881
Reference: SECTRACK:1018571
Reference: URL:http://securitytracker.com/id?1018571
Reference: SECUNIA:26481
Reference: URL:http://secunia.com/advisories/26481

Votes:

Name: CVE-2007-0320

Description:
Multiple buffer overflows in (a) an ActiveX control (iftw.dll) and (b) Netscape plug-in (npiftw32.dll) for Macrovision (formerly InstallShield) InstallFromTheWeb allow remote attackers to execute arbitrary code via crafted HTML documents.

Status: Candidate
Phase: Assigned (20070117)
Reference: MISC:http://www.kb.cert.org/vuls/id/MAPG-6UQUDP
Reference: CERT-VN:VU#181041
Reference: URL:http://www.kb.cert.org/vuls/id/181041
Reference: FRSIRT:ADV-2007-0705
Reference: URL:http://www.frsirt.com/english/advisories/2007/0705
Reference: SECUNIA:24285
Reference: URL:http://secunia.com/advisories/24285
Reference: XF:InstallshieldInstallfromtheweb-activex-bo(32645)
Reference: URL:http://xforce.iss.net/xforce/xfdb/32645

Votes:

Name: CVE-2007-0321

Description:
Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield Update Service) allows remote attackers to execute arbitrary code via the Download method.

Status: Candidate
Phase: Assigned (20070117)
Reference: CONFIRM:http://www.kb.cert.org/vuls/id/MAPG-6UERNR
Reference: CONFIRM:http://support.installshield.com/kb/view.asp?articleid=Q113020
Reference: CERT-VN:VU#847993
Reference: URL:http://www.kb.cert.org/vuls/id/847993
Reference: FRSIRT:ADV-2007-0706
Reference: URL:http://www.frsirt.com/english/advisories/2007/0706
Reference: SECUNIA:24270
Reference: URL:http://secunia.com/advisories/24270
Reference: XF:macrovision-updateservice-activex-bo(32678)
Reference: URL:http://xforce.iss.net/xforce/xfdb/32678

Votes:

Name: CVE-2007-0322

Description:
Multiple stack-based buffer overflows in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to execute arbitrary code via unspecified vectors.

Status: Candidate
Phase: Assigned (20070117)
Reference: CERT-VN:VU#907481
Reference: URL:http://www.kb.cert.org/vuls/id/907481
Reference: BID:25544
Reference: URL:http://www.securityfocus.com/bid/25544
Reference: SECUNIA:26659
Reference: URL:http://secunia.com/advisories/26659
Reference: XF:quickbooks-activex-bo(36462)
Reference: URL:http://xforce.iss.net/xforce/xfdb/36462

Votes:

Name: CVE-2007-0323

Description:
Buffer overflow in the SetLanguage function in Research In Motion (RIM) TeamOn Import Object ActiveX control (TOImport.dll) allows remote attackers to execute arbitrary code via unspecified vectors.

Status: Candidate
Phase: Assigned (20070117)
Reference: CONFIRM:http://www.blackberry.com/btsc/articles/74/KB13142_f.SAL_Public.html
Reference: HP:HPSBST02214
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/468871/100/200/threaded
Reference: HP:SSRT071422
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/468871/100/200/threaded
Reference: MS:MS07-027
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/MS07-027.mspx
Reference: CERT:TA07-128A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-128A.html
Reference: CERT-VN:VU#869641
Reference: URL:http://www.kb.cert.org/vuls/id/869641
Reference: BID:23331
Reference: URL:http://www.securityfocus.com/bid/23331
Reference: FRSIRT:ADV-2007-1716
Reference: URL:http://www.frsirt.com/english/advisories/2007/1716
Reference: SECUNIA:25218
Reference: URL:http://secunia.com/advisories/25218
Reference: XF:rim-toimport-activex-bo(34182)
Reference: URL:http://xforce.iss.net/xforce/xfdb/34182

Votes:

Name: CVE-2007-0324

Description:
Multiple buffer overflows in the LizardTech DjVu Browser Plug-in before 6.1.1 allow remote attackers to execute arbitrary code via unspecified vectors.

Status: Candidate
Phase: Assigned (20070117)
Reference: BUGTRAQ:20070215 Lizardtech DjVu Browser Plug-in - Multiple Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/460197/100/0/threaded
Reference: MISC:http://www.lizardtech.com/products/doc/djvupluginrelease.php
Reference: CERT-VN:VU#522393
Reference: URL:http://www.kb.cert.org/vuls/id/522393
Reference: BID:22569
Reference: URL:http://www.securityfocus.com/bid/22569
Reference: FRSIRT:ADV-2007-0618
Reference: URL:http://www.frsirt.com/english/advisories/2007/0618
Reference: SECUNIA:24149
Reference: URL:http://secunia.com/advisories/24149
Reference: SREASON:2259
Reference: URL:http://securityreason.com/securityalert/2259
Reference: XF:djvu-browser-multiple-bo(32510)
Reference: URL:http://xforce.iss.net/xforce/xfdb/32510

Votes:

Name: CVE-2007-0325

Description:
Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI.dll, as used in OfficeScan 7.0 before Build 1344, OfficeScan 7.3 before Build 1241, and Client / Server / Messaging Security 3.0 before Build 1197, allow remote attackers to execute arbitrary code via a crafted HTML document.

Status: Candidate
Phase: Assigned (20070117)
Reference: CONFIRM:http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034288
Reference: CONFIRM:http://www.trendmicro.com/ftp/documentation/readme/osce_70_win_en_securitypatch_1344_readme.txt
Reference: CERT-VN:VU#784369
Reference: URL:http://www.kb.cert.org/vuls/id/784369
Reference: BID:22585
Reference: URL:http://www.securityfocus.com/bid/22585
Reference: FRSIRT:ADV-2007-0638
Reference: URL:http://www.frsirt.com/english/advisories/2007/0638
Reference: SECTRACK:1017664
Reference: URL:http://www.securitytracker.com/id?1017664
Reference: SECUNIA:24193
Reference: URL:http://secunia.com/advisories/24193

Votes:

Name: CVE-2007-0326

Description:
Multiple stack-based buffer overflows in the PhotoChannel Networks PNI Digital Media Photo Upload Plugin ActiveX control before 2.0.0.10, as used by multiple retailers, allow remote attackers to execute arbitrary code via unspecified vectors.

Status: Candidate
Phase: Assigned (20070117)
Reference: CERT-VN:VU#854769
Reference: URL:http://www.kb.cert.org/vuls/id/854769
Reference: BID:25685
Reference: URL:http://www.securityfocus.com/bid/25685
Reference: FRSIRT:ADV-2007-3181
Reference: URL:http://www.frsirt.com/english/advisories/2007/3181
Reference: SECTRACK:1018701
Reference: URL:http://www.securitytracker.com/id?1018701
Reference: SECUNIA:26830
Reference: URL:http://secunia.com/advisories/26830
Reference: XF:photochannel-photo-upload-bo(36643)
Reference: URL:http://xforce.iss.net/xforce/xfdb/36643

Votes:

Name: CVE-2007-0327

Status: Candidate
Phase: Assigned (20070117)

Votes:

Name: CVE-2007-0328

Description:
The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method.

Status: Candidate
Phase: Assigned (20070117)
Reference: CERT-VN:VU#524681
Reference: URL:http://www.kb.cert.org/vuls/id/524681
Reference: CONFIRM:http://support.installshield.com/kb/view.asp?articleid=Q113020
Reference: FRSIRT:ADV-2007-2017
Reference: URL:http://www.frsirt.com/english/advisories/2007/2017
Reference: SECUNIA:25501
Reference: URL:http://secunia.com/advisories/25501
Reference: XF:macrovision-dwupdate-command-execution(34660)
Reference: URL:http://xforce.iss.net/xforce/xfdb/34660

Votes:

Name: CVE-2007-0329

Description:
download.php in Joonas Viljanen JV2 Folder Gallery allows remote attackers to read sensitive files via a relative pathname in the file parameter, as demonstrated by config/gallerysetup.php. NOTE: this issue might be resultant from a directory traversal vulnerability.

Status: Candidate
Phase: Assigned (20070117)
Reference: MILW0RM:3125
Reference: URL:http://milw0rm.com/exploits/3125
Reference: FRSIRT:ADV-2007-0180
Reference: URL:http://www.frsirt.com/english/advisories/2007/0180
Reference: SECUNIA:23724
Reference: URL:http://secunia.com/advisories/23724

Votes:

Name: CVE-2007-0330

Description:
Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors.

Status: Candidate
Phase: Assigned (20070117)
Reference: BUGTRAQ:20070112 Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456755/100/0/threaded
Reference: BUGTRAQ:20070114 Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456901/100/0/threaded
Reference: BUGTRAQ:20070116 Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457097/100/0/threaded
Reference: BID:22062
Reference: URL:http://www.securityfocus.com/bid/22062
Reference: SREASON:2160
Reference: URL:http://securityreason.com/securityalert/2160

Votes:

Name: CVE-2007-0331

Description:
Cross-site scripting (XSS) vulnerability in liens.php3 in liens_dynamiques 2.1 allows remote attackers to inject arbitrary web script or HTML by using the ajouter=1 query string and the add menu.

Status: Candidate
Phase: Assigned (20070117)
Reference: BUGTRAQ:20070114 liens_dynamiques xss and admin authentification
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456986/100/0/threaded
Reference: BID:22070
Reference: URL:http://www.securityfocus.com/bid/22070
Reference: XF:liensdynamiques-liens-xss(31528)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31528

Votes:

Name: CVE-2007-0332

Description:
(1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques 2.1 do not require authentication, which allows remote attackers to perform unauthorized administrative actions using a direct request.

Status: Candidate
Phase: Assigned (20070117)
Reference: BUGTRAQ:20070114 liens_dynamiques xss and admin authentification
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456986/100/0/threaded
Reference: BID:22068
Reference: URL:http://www.securityfocus.com/bid/22068

Votes:

Name: CVE-2007-0333

Description:
Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product's installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated by modifying SandBox.sys.

Status: Candidate
Phase: Assigned (20070117)
Reference: BUGTRAQ:20070115 Outpost Bypassing Self-Protection using file links Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456973/100/0/threaded
Reference: MISC:http://www.matousec.com/info/advisories/Outpost-Bypassing-Self-Protection-using-file-links.php
Reference: BID:22069
Reference: URL:http://www.securityfocus.com/bid/22069
Reference: SREASON:2163
Reference: URL:http://securityreason.com/securityalert/2163
Reference: XF:outpostfirewall-zwset-privilege-escalation(31529)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31529

Votes:

Name: CVE-2007-0334

Description:
Unspecified vulnerability in the SIP module in InGate Firewall and SIParator before 4.5.1 allows remote attackers to conduct replay attacks on the authentication mechanism via unknown vectors.

Status: Candidate
Phase: Assigned (20070117)
Reference: CONFIRM:http://www.ingate.com/relnote-451.php
Reference: BID:22080
Reference: URL:http://www.securityfocus.com/bid/22080
Reference: FRSIRT:ADV-2007-0209
Reference: URL:http://www.frsirt.com/english/advisories/2007/0209
Reference: SECUNIA:23737
Reference: URL:http://secunia.com/advisories/23737
Reference: XF:ingate-sip-security-bypass(31546)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31546

Votes:

Name: CVE-2007-0335

Description:
Multiple directory traversal vulnerabilities in Jax Petition Book 1.0.3.06 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the languagepack parameter to (1) jax_petitionbook.php or (2) smileys.php.

Status: Candidate
Phase: Assigned (20070117)
Reference: BUGTRAQ:20070114 Jax Petition Book (languagepack) Remote File Include Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456981/100/0/threaded
Reference: BUGTRAQ:20070115 Re: Jax Petition Book (languagepack) Remote File Include Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456989/100/0/threaded
Reference: BUGTRAQ:20070116 Re: Jax Petition Book (languagepack) Remote File Include Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457077/100/0/threaded
Reference: BID:22072
Reference: URL:http://www.securityfocus.com/bid/22072
Reference: FRSIRT:ADV-2007-0220
Reference: URL:http://www.frsirt.com/english/advisories/2007/0220
Reference: SECUNIA:23784
Reference: URL:http://secunia.com/advisories/23784
Reference: SREASON:2161
Reference: URL:http://securityreason.com/securityalert/2161
Reference: XF:petitionbook-language-file-include(31543)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31543

Votes:

Name: CVE-2007-0336

Description:
Undercover.app/Contents/Resources/uc in Rixstep Undercover allows local users to overwrite arbitrary files, probably related to a race condition.

Status: Candidate
Phase: Assigned (20070117)
Reference: FULLDISC:20070115 Rixstep aren't as leet as they thought they were
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051793.html
Reference: BID:22071
Reference: URL:http://www.securityfocus.com/bid/22071

Votes:

Name: CVE-2007-0337

Description:
Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skinnn parameter, as demonstrated by invoking kg.php with a postek parameter containing PHP code, which is injected into a file in the kg directory, and then included by sesskglogadmin.php.

Status: Candidate
Phase: Assigned (20070117)
Reference: MILW0RM:3134
Reference: URL:http://milw0rm.com/exploits/3134
Reference: BID:22065
Reference: URL:http://www.securityfocus.com/bid/22065
Reference: FRSIRT:ADV-2007-0228
Reference: URL:http://www.frsirt.com/english/advisories/2007/0228
Reference: SECUNIA:23768
Reference: URL:http://secunia.com/advisories/23768
Reference: XF:kgb-sesskglogadmin-file-include(31508)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31508

Votes:

Name: CVE-2007-0338

Description:
Heap-based buffer overflow in Dream FTP Server allows remote attackers to execute arbitrary code via a USER command with a large number of format string specifiers, which triggers the overflow during processing of the Server Log.

Status: Candidate
Phase: Assigned (20070117)
Reference: MILW0RM:3128
Reference: URL:http://milw0rm.com/exploits/3128
Reference: SECUNIA:23731
Reference: URL:http://secunia.com/advisories/23731

Votes:

Name: CVE-2007-0339

Description:
SQL injection vulnerability in index.php (aka the login form) in Scriptme SMe FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the Password field (ps parameter). NOTE: some of these details are obtained from third party information.

Status: Candidate
Phase: Assigned (20070117)
Reference: BUGTRAQ:20070116 [x0n3-h4ck] SmE FileMailer 1.21 Remote Sql Injextion Exploit
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457071/100/0/threaded
Reference: VIM:20070117 Source VERIFY of SMe FileMailer 1.21 SQL injection
Reference: URL:http://www.attrition.org/pipermail/vim/2007-January/001244.html
Reference: SECUNIA:23766
Reference: URL:http://secunia.com/advisories/23766
Reference: SREASON:2154
Reference: URL:http://securityreason.com/securityalert/2154

Votes:

Name: CVE-2007-0340

Description:
SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84-php5 and earlier allows remote attackers to execute arbitrary SQL commands via the board[styleid] parameter to index.php.

Status: Candidate
Phase: Assigned (20070117)
Reference: MILW0RM:3124
Reference: URL:http://milw0rm.com/exploits/3124
Reference: SECUNIA:23735
Reference: URL:http://secunia.com/advisories/23735

Votes:

Name: CVE-2007-0341

Description:
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.

Status: Candidate
Phase: Assigned (20070117)
Reference: BUGTRAQ:20070112 Re: xss in phpmyadmin <= 2.8.1
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456726/100/0/threaded
Reference: BUGTRAQ:20070112 xss in phpmyadmin <= 2.8.1
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/456698/100/0/threaded
Reference: MISC:http://www.virtuax.be/advisories/Advisory1-12012007.txt

Votes:

Name: CVE-2007-0342

Description:
WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019.

Status: Candidate
Phase: Assigned (20070117)
Reference: MISC:http://security-protocols.com/sp-x41-advisory.php
Reference: BID:22059
Reference: URL:http://www.securityfocus.com/bid/22059

Votes:

Name: CVE-2007-0343

Description:
OpenBSD before 20070116 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via certain IPv6 ICMP (aka ICMP6) echo request packets.

Status: Candidate
Phase: Assigned (20070117)
Reference: OPENBSD:[3.9] 018: RELIABILITY FIX: January 16, 2007
Reference: URL:http://www.openbsd.org/errata39.html#icmp6
Reference: OPENBSD:[4.0] 008: RELIABILITY FIX: January 16, 2007
Reference: URL:http://www.openbsd.org/errata.html#icmp6
Reference: BID:22087
Reference: URL:http://www.securityfocus.com/bid/22087
Reference: OSVDB:32935
Reference: URL:http://www.osvdb.org/32935
Reference: SECTRACK:1017518
Reference: URL:http://securitytracker.com/id?1017518
Reference: SECUNIA:23830
Reference: URL:http://secunia.com/advisories/23830

Votes:

Name: CVE-2007-0344

Description:
Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the channel name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit.

Status: Candidate
Phase: Assigned (20070117)
Reference: MISC:http://projects.info-pull.com/moab/MOAB-16-01-2007.html
Reference: MILW0RM:3139
Reference: URL:http://milw0rm.com/exploits/3139
Reference: BID:22086
Reference: URL:http://www.securityfocus.com/bid/22086
Reference: FRSIRT:ADV-2007-0238
Reference: URL:http://www.frsirt.com/english/advisories/2007/0238
Reference: OSVDB:32688
Reference: URL:http://www.osvdb.org/32688
Reference: SECUNIA:23801
Reference: URL:http://secunia.com/advisories/23801

Votes:

Name: CVE-2007-0345

Description:
The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil.

Status: Candidate
Phase: Assigned (20070117)
Reference: MISC:http://projects.info-pull.com/moab/MOAB-15-01-2007.html
Reference: MILW0RM:3136
Reference: URL:http://milw0rm.com/exploits/3136
Reference: OSVDB:32700
Reference: URL:http://www.osvdb.org/32700
Reference: OSVDB:32701
Reference: URL:http://www.osvdb.org/32701
Reference: OSVDB:32702
Reference: URL:http://www.osvdb.org/32702
Reference: XF:macosx-applications-privilege-escalation(31530)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31530

Votes:

Name: CVE-2007-0346

Description:
SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the us parameter.

Status: Candidate
Phase: Assigned (20070117)
Reference: VIM:20070117 Source VERIFY of SMe FileMailer 1.21 SQL injection
Reference: URL:http://www.attrition.org/pipermail/vim/2007-January/001244.html
Reference: FRSIRT:ADV-2007-0221
Reference: URL:http://www.frsirt.com/english/advisories/2007/0221
Reference: XF:smefilemailer-login-sql-injection(31533)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31533

Votes:

Name: CVE-2007-0347

Description:
The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries.

Status: Candidate
Phase: Assigned (20070118)
Reference: BUGTRAQ:20070129 CVSTrac 2.0.0 Denial of Service (DoS) vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/458455/100/0/threaded
Reference: FULLDISC:20070129 CVSTrac 2.0.0 Denial of Service (DoS) vulnerability
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052058.html
Reference: MISC:http://www.cvstrac.org/cvstrac/tktview?tn=683
Reference: CONFIRM:http://www.cvstrac.org/cvstrac/chngview?cn=850
Reference: OPENPKG:OpenPKG-SA-2007.008
Reference: URL:http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.008.html
Reference: BID:22296
Reference: URL:http://www.securityfocus.com/bid/22296
Reference: FRSIRT:ADV-2007-0398
Reference: URL:http://www.frsirt.com/english/advisories/2007/0398
Reference: SECUNIA:23940
Reference: URL:http://secunia.com/advisories/23940
Reference: SREASON:2192
Reference: URL:http://securityreason.com/securityalert/2192

Votes:

Name: CVE-2007-0348

Description:
Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in (1) InterActual Player 2.60.12.0717, (2) Roxio CinePlayer 3.2, (3) WinDVD 7.0.27.172, and possibly other products, allows remote attackers to execute arbitrary code via a long ApplicationType property.

Status: Candidate
Phase: Assigned (20070118)
Reference: BUGTRAQ:20070321 Secunia Research: InterActual Player / CinePlayer IASystemInfo.dllActiveX Control Buffer Overflow
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/463405/100/0/threaded
Reference: MISC:http://secunia.com/secunia_research/2007-37/advisory/
Reference: CERT-VN:VU#922969
Reference: URL:http://www.kb.cert.org/vuls/id/922969
Reference: BID:23071
Reference: URL:http://www.securityfocus.com/bid/23071
Reference: FRSIRT:ADV-2007-1042
Reference: URL:http://www.frsirt.com/english/advisories/2007/1042
Reference: FRSIRT:ADV-2007-1043
Reference: URL:http://www.frsirt.com/english/advisories/2007/1043
Reference: SECUNIA:23032
Reference: URL:http://secunia.com/advisories/23032
Reference: SECUNIA:23075
Reference: URL:http://secunia.com/advisories/23075
Reference: SECUNIA:24556
Reference: URL:http://secunia.com/advisories/24556
Reference: XF:interactual-iasysteminfo-bo(33186)
Reference: URL:http://xforce.iss.net/xforce/xfdb/33186

Votes:

Name: CVE-2007-0349

Description:
Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. (dot dot) in the gateway parameter.

Status: Candidate
Phase: Assigned (20070118)
Reference: BUGTRAQ:20070116 vulnerability script indexu all versions
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457079/100/0/threaded
Reference: XF:indexu-upgrade-file-include(31539)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31539

Votes:

Name: CVE-2007-0350

Description:
Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4) code parameter. NOTE: the us vector in index.php is already covered by CVE-2007-0346. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Status: Candidate
Phase: Assigned (20070118)
Reference: FRSIRT:ADV-2007-0221
Reference: URL:http://www.frsirt.com/english/advisories/2007/0221
Reference: XF:smefilemailer-login-sql-injection(31533)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31533

Votes:

Name: CVE-2007-0351

Description:
Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.

Status: Candidate
Phase: Assigned (20070118)
Reference: BUGTRAQ:20070117 Re: Windows logoff bug possible security vulnerability and exploit.
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457217/100/0/threaded
Reference: BUGTRAQ:20070117 Windows logoff bug possible security vulnerability and exploit.
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457167/100/0/threaded
Reference: BUGTRAQ:20070118 Re: Windows logoff bug possible security vulnerability and exploit.
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457340/100/0/threaded
Reference: BUGTRAQ:20070123 Re: Windows logoff bug possible security vulnerability and exploit.
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457807/100/200/threaded
Reference: BUGTRAQ:20070211 Windows logoff bug solution possibly.
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/459838/100/0/threaded

Votes:

Name: CVE-2007-0352

Description:
Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string.

Status: Candidate
Phase: Assigned (20070118)
Reference: BUGTRAQ:20070117 Microsoft Help Workshop .CNT contents files buffer overflow vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457210/100/0/threaded
Reference: MISC:http://www.anspi.pl/~porkythepig/visualization/cnt-expl1.cpp
Reference: MILW0RM:3149
Reference: URL:http://milw0rm.com/exploits/3149
Reference: BID:22100
Reference: URL:http://www.securityfocus.com/bid/22100
Reference: SECTRACK:1017530
Reference: URL:http://securitytracker.com/id?1017530
Reference: SECUNIA:23862
Reference: URL:http://secunia.com/advisories/23862
Reference: SREASON:2156
Reference: URL:http://securityreason.com/securityalert/2156
Reference: XF:ms-help-workshop-cnt-bo(31555)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31555

Votes:

Name: CVE-2007-0353

Description:
Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string.

Status: Candidate
Phase: Assigned (20070118)
Reference: BUGTRAQ:20070117 [x0n3-h4ck] myBloggie 2.1.5 XSS exploit
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457206/100/0/threaded
Reference: MISC:http://mywebland.com/forums/showtopic.php?t=1224
Reference: BID:22097
Reference: URL:http://www.securityfocus.com/bid/22097
Reference: SECTRACK:1017531
Reference: URL:http://securitytracker.com/id?1017531
Reference: SREASON:2155
Reference: URL:http://securityreason.com/securityalert/2155
Reference: XF:mybloggie-indexlogin-xss(31554)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31554

Votes:

Name: CVE-2007-0354

Description:
SQL injection vulnerability in email.php in MGB OpenSource Guestbook 0.5.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Status: Candidate
Phase: Assigned (20070118)
Reference: MILW0RM:3141
Reference: URL:http://milw0rm.com/exploits/3141
Reference: CONFIRM:http://www.tv-kritik.net/mgb/index.php
Reference: VIM:20070118 vendor ACK for MGB Guestbook issue
Reference: URL:http://www.attrition.org/pipermail/vim/2007-January/001246.html
Reference: BID:22094
Reference: URL:http://www.securityfocus.com/bid/22094
Reference: FRSIRT:ADV-2007-0232
Reference: URL:http://www.frsirt.com/english/advisories/2007/0232
Reference: SECUNIA:23825
Reference: URL:http://secunia.com/advisories/23825
Reference: XF:mgb-email-sql-injection(31551)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31551

Votes:

Name: CVE-2007-0355

Description:
Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field.

Status: Candidate
Phase: Assigned (20070118)
Reference: MISC:http://projects.info-pull.com/moab/MOAB-17-01-2007.html
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=307430
Reference: APPLE:APPLE-SA-2008-02-11
Reference: URL:http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html
Reference: MILW0RM:3151
Reference: URL:http://milw0rm.com/exploits/3151
Reference: CERT:TA08-043B
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-043B.html
Reference: BID:22101
Reference: URL:http://www.securityfocus.com/bid/22101
Reference: FRSIRT:ADV-2007-0239
Reference: URL:http://www.frsirt.com/english/advisories/2007/0239
Reference: OSVDB:32693
Reference: URL:http://www.osvdb.org/32693
Reference: SECTRACK:1017533
Reference: URL:http://securitytracker.com/id?1017533
Reference: SECTRACK:1019359
Reference: URL:http://securitytracker.com/id?1019359
Reference: SECUNIA:23796
Reference: URL:http://secunia.com/advisories/23796
Reference: XF:macos-slpd-bo(31562)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31562

Votes:

Name: CVE-2007-0356

Description:
The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value.

Status: Candidate
Phase: Assigned (20070118)
Reference: MILW0RM:3142
Reference: URL:http://milw0rm.com/exploits/3142
Reference: BID:22092
Reference: URL:http://www.securityfocus.com/bid/22092
Reference: XF:ie-ccrp-dos(31549)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31549

Votes:

Name: CVE-2007-0357

Description:
Directory traversal vulnerability in the AVM IGD CTRL Service in Fritz!DSL 02.02.29 allows remote attackers to read arbitrary files via ..%5C (URL-encoded dot dot backslash) sequences in a URI requested from the AR7 webserver.

Status: Candidate
Phase: Assigned (20070118)
Reference: FULLDISC:20070117 Flaw in AVM UPNP service for windows
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051844.html
Reference: BID:22093
Reference: URL:http://www.securityfocus.com/bid/22093
Reference: FRSIRT:ADV-2007-0236
Reference: URL:http://www.frsirt.com/english/advisories/2007/0236
Reference: SECUNIA:23774
Reference: URL:http://secunia.com/advisories/23774
Reference: SREASON:2159
Reference: URL:http://securityreason.com/securityalert/2159
Reference: XF:fritz-avm-directory-traversal(31556)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31556

Votes:

Name: CVE-2007-0358

Description:
Unspecified vulnerability in the FTP server implementation in HP Jetdirect firmware x.20.nn through x.24.nn allows remote attackers to cause a denial of service via unknown vectors.

Status: Candidate
Phase: Assigned (20070118)
Reference: HP:HPSBPI02185
Reference: URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00838612
Reference: HP:SSRT071290
Reference: URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00838612
Reference: BID:22105
Reference: URL:http://www.securityfocus.com/bid/22105
Reference: FRSIRT:ADV-2007-0233
Reference: URL:http://www.frsirt.com/english/advisories/2007/0233
Reference: SECTRACK:1017532
Reference: URL:http://securitytracker.com/id?1017532
Reference: SECUNIA:23802
Reference: URL:http://secunia.com/advisories/23802
Reference: XF:hp-jetdirect-unspecified-dos(31589)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31589

Votes:

Name: CVE-2007-0359

Description:
PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter.

Status: Candidate
Phase: Assigned (20070118)
Reference: MILW0RM:3147
Reference: URL:http://milw0rm.com/exploits/3147
Reference: VIM:20070118 source verify: Uberghey CMS 0.3.1 RFI
Reference: URL:http://www.attrition.org/pipermail/vim/2007-January/001247.html
Reference: BID:22098
Reference: URL:http://www.securityfocus.com/bid/22098
Reference: FRSIRT:ADV-2007-0230
Reference: URL:http://www.frsirt.com/english/advisories/2007/0230
Reference: XF:uberghey-frontpage-file-include(31553)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31553

Votes:

Name: CVE-2007-0360

Description:
PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.

Status: Candidate
Phase: Assigned (20070118)
Reference: BUGTRAQ:20070211 Oreon1.2.x Series Exploit Coded
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/459811/100/0/threaded
Reference: MILW0RM:3150
Reference: URL:http://milw0rm.com/exploits/3150
Reference: BID:22107
Reference: URL:http://www.securityfocus.com/bid/22107
Reference: FRSIRT:ADV-2007-0229
Reference: URL:http://www.frsirt.com/english/advisories/2007/0229
Reference: XF:oreon-index-file-include(31568)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31568

Votes:

Name: CVE-2007-0361

Description:
PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter.

Status: Candidate
Phase: Assigned (20070118)
Reference: MILW0RM:3145
Reference: URL:http://milw0rm.com/exploits/3145
Reference: BID:22099
Reference: URL:http://www.securityfocus.com/bid/22099
Reference: FRSIRT:ADV-2007-0231
Reference: URL:http://www.frsirt.com/english/advisories/2007/0231
Reference: XF:phpmyphorum-frame-file-include(31552)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31552

Votes:

Name: CVE-2007-0362

Description:
Cross-site scripting (XSS) vulnerability in the RSS feed component in FreshReader before 1.0.07010600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to tag attributes.

Status: Candidate
Phase: Assigned (20070118)
Reference: MISC:http://jvn.jp/jp/JVN%2395249468/index.html
Reference: CONFIRM:http://manual.freshreader.com/archives/2007/01/20070118_javasc.html
Reference: BID:22106
Reference: URL:http://www.securityfocus.com/bid/22106
Reference: FRSIRT:ADV-2007-0241
Reference: URL:http://www.frsirt.com/english/advisories/2007/0241
Reference: SECUNIA:23806
Reference: URL:http://secunia.com/advisories/23806
Reference: XF:freshreader-rssfeed-xss(31566)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31566

Votes:

Name: CVE-2007-0363

Description:
Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and (2) Openads (aka phpAdsNew) before 2.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Status: Candidate
Phase: Assigned (20070118)
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?group_id=11386&release_id=479424
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?group_id=36679&release_id=479426
Reference: BID:22124
Reference: URL:http://www.securityfocus.com/bid/22124
Reference: FRSIRT:ADV-2007-0240
Reference: URL:http://www.frsirt.com/english/advisories/2007/0240
Reference: SECUNIA:23720
Reference: URL:http://secunia.com/advisories/23720
Reference: XF:openads-unspecified-xss(31570)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31570

Votes:

Name: CVE-2007-0364

Description:
Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to (a) suggest_category.php; the (2) u parameter to (b) user_detail.php; the (3) friend_name, (4) friend_email, (5) error_msg, (6) my_name, (7) my_email, and (8) id parameters to (c) tell_friend.php; the (9) error_msg, (10) email, (11) name, and (12) subject parameters to (d) sendmail.php; the (13) email, (14) error_msg, and (15) username parameters to (e) send_pwd.php; the (16) keyword parameter to (f) search.php; the (17) error_msg, (18) username, (19) password, (20) password2, and (21) email parameters to (g) register.php; the (22) url, (23) contact_name, and (24) email parameters to (h) power_search.php; the (25) path and (26) total parameters to (i) new.php; the (27) query parameter to (j) modify.php; the (28) error_msg parameter to (k) login.php; the (29) error_msg and (30) email parameters to (l) mailing_list.php; the (31) gateway parameter to (m) upgrade.php; and another unspecified vector.

Status: Candidate
Phase: Assigned (20070119)
Reference: BUGTRAQ:20070116 vulnerability script indexu all versions
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/457079/100/0/threaded
Reference: BID:22084
Reference: URL:http://www.securityfocus.com/bid/22084
Reference: FRSIRT:ADV-2007-0222
Reference: URL:http://www.frsirt.com/english/advisories/2007/0222
Reference: OSVDB:32838
Reference: URL:http://www.osvdb.org/32838
Reference: OSVDB:32840
Reference: URL:http://www.osvdb.org/32840
Reference: OSVDB:32841
Reference: URL:http://www.osvdb.org/32841
Reference: OSVDB:32842
Reference: URL:http://www.osvdb.org/32842
Reference: OSVDB:32843
Reference: URL:http://www.osvdb.org/32843
Reference: OSVDB:32844
Reference: URL:http://www.osvdb.org/32844
Reference: OSVDB:32845
Reference: URL:http://www.osvdb.org/32845
Reference: OSVDB:32846
Reference: URL:http://www.osvdb.org/32846
Reference: OSVDB:32847
Reference: URL:http://www.osvdb.org/32847
Reference: OSVDB:32848
Reference: URL:http://www.osvdb.org/32848
Reference: OSVDB:32849
Reference: URL:http://www.osvdb.org/32849
Reference: OSVDB:32850
Reference: URL:http://www.osvdb.org/32850
Reference: OSVDB:32851
Reference: URL:http://www.osvdb.org/32851
Reference: SECUNIA:23764
Reference: URL:http://secunia.com/advisories/23764
Reference: XF:indexu-multiple-scripts-xss(31538)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31538

Votes:

Name: CVE-2007-0365

Description:
Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.009 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably a different vulnerability than CVE-2006-5830.

Status: Candidate
Phase: Assigned (20070119)
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=478370
Reference: FRSIRT:ADV-2007-0189
Reference: URL:http://www.frsirt.com/english/advisories/2007/0189
Reference: SECUNIA:23732
Reference: URL:http://secunia.com/advisories/23732
Reference: XF:aiocp-unspecified-xss(31486)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31486

Votes:

Name: CVE-2007-0366

Description:
Untrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a malicious ipfw program.

Status: Candidate
Phase: Assigned (20070119)
Reference: MISC:http://projects.info-pull.com/moab/MOAB-18-01-2007.html
Reference: SECUNIA:23842
Reference: URL:http://secunia.com/advisories/23842
Reference: XF:rumpus-ipfw-privilege-escalation(31597)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31597

Votes:

Name: CVE-2007-0367

Description:
Rumpus 5.1 and earlier has weak permissions for certain files and directories under /usr/local/Rumpus, including the configuration file, which allows local users to have an unknown impact by creating, modifying, or deleting files.

Votes:

Name: CVE-2007-0368

Description:
Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local users to execute arbitrary code via a long string in the MBSE_ROOT environment variable.

Status: Candidate
Phase: Assigned (20070119)
Reference: FULLDISC:20070118 mbsebbs 0.70.0 & below local root exploit
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051859.html
Reference: MISC:http://www.mbse.eu/mbse/mbsebbs/index.html
Reference: MILW0RM:3154
Reference: URL:http://milw0rm.com/exploits/3154
Reference: BID:22112
Reference: URL:http://www.securityfocus.com/bid/22112
Reference: XF:mbsebbs-mbuseradd-bo(31639)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31639

Votes:

Name: CVE-2007-0369

Description:
SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows remote attackers to execute arbitrary SQL commands via the comment forum.

Status: Candidate
Phase: Assigned (20070119)
Reference: MILW0RM:3153
Reference: URL:http://milw0rm.com/exploits/3153
Reference: XF:phpbp-comment-sql-injection(31622)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31622

Votes:

Name: CVE-2007-0370

Description:
Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an image_form parameter specifying a multiple-extension filename such as .jpg.vil.gif.php, which is stored in upload/banners/ under a different name, and executable via a direct request. NOTE: a separate SQL injection issue could be leveraged to make this vulnerability reachable by remote unauthenticated attackers.

Status: Candidate
Phase: Assigned (20070119)
Reference: MILW0RM:3153
Reference: URL:http://milw0rm.com/exploits/3153
Reference: XF:phpbp-banner-file-upload(31619)
Reference: URL:http://xforce.iss.net/xforce/xfdb/31619

Votes:

Name: CVE-2007-0371

Description:
A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP_BDc.SelectedFolder property value.

Status: Candidate
Phase: Assigned (20070119)
Reference: MILW0RM:3155
Reference: URL:http://milw0rm.com/exploits/3155
Reference: BID:22110
Reference: URL:http://www.securityfocus.com/bid/22110

Votes:

Name: CVE-2007-0372

Description:
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in modules/Advertising/admin/index.php; or unspecified vectors in the (7) advertising, (8) weblinks, or (9) reviews section.

Status: Candidate
Phase: Assigned (20070119)
Reference: BUGTRAQ:20070204 Sql injection bugs in PHP-Nuke
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/459174/100/0/threaded
Reference: FULLDISC:20070118 The vulnerabilities festival !
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html
Reference: MISC:http://www.hackers.ir/advisories/festival.txt
Reference: BID:22116
Reference: URL:http://www.securityfocus.com/bid/22116

Votes:

Name: CVE-2007-0373

Description:
Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter in (4) plugins/search/contacts.php, (5) plugins/search/categories.php, or (6) plugins/search/sections.php; or (7) the email parameter in database/table/user.php, which is not properly handled by the check function.

Status: Candidate
Phase: Assigned (20070119)
Reference: BUGTRAQ:20070204 Sql injection bugs in Joomla and Mambo
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded
Reference: FULLDISC:20070118 The vulnerabilities festival !
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html
Reference: MISC:http://www.hackers.ir/advisories/festival.txt
Reference: BID:22122
Reference: URL:http://www.securityfocus.com/bid/22122

Votes:

Name: CVE-2007-0374

Description:
SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.

Status: Candidate
Phase: Assigned (20070119)
Reference: BUGTRAQ:20070204 Sql injection bugs in Joomla and Mambo
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded
Reference: FULLDISC:20070118 The vulnerabilities festival !
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html
Reference: MISC:http://www.hackers.ir/advisories/festival.txt
Reference: BID:19734
Reference: URL:http://www.securityfocus.com/bid/19734

Votes:

Name: CVE-2007-0375

Description:
Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script.

Votes:

Name: CVE-2007-0376

Description:
Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Status: Candidate
Phase: Assigned (20070119)
Reference: BUGTRAQ:20070204 Sql injection bugs in Virtuemart and Letterman
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/459195/100/0/threaded
Reference: FULLDISC:20070118 The vulnerabilities festival !
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html
Reference: MISC:http://virtuemart.svn.sourceforge.net/viewvc/*checkout*/virtuemart/branches/virtuemart-1_0_0/virtuemart/CHANGELOG.php?revision=607
Reference: MISC:http://www.hackers.ir/advisories/festival.txt
Reference: BID:22123
Reference: URL:http://www.securityfocus.com/bid/22123
Reference: SECUNIA:24058
Reference: URL:http://secunia.com/advisories/24058

Votes:

Name: CVE-2007-0377

Description:
Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors.

Status: Candidate
Phase: Assigned (20070119)
Reference: BUGTRAQ:20070204 Sql injection bugs in Xoops 2.0.16 + Weblinks module
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/459150/100/0/threaded
Reference: FULLDISC:20070118 The vulnerabilities festival !
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html
Reference: MISC:http://www.hackers.ir/advisories/festival.txt
Reference: BID:22399
Reference: URL:http://www.securityfocus.com/bid/22399

Votes:

Name: CVE-2007-0378

Description:
Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow attackers to execute arbitrary SQL commands via unspecified vectors.

Votes:

Name: CVE-2007-0379

Description:
Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Votes:

Name: CVE-2007-0380

Description:
DocMan 1.3 RC2 allows remote attackers to obtain sensitive information (the full path) via unspecified vectors.

Votes:

Name: CVE-2007-0381

Description:
Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these issues.

Status: Candidate
Phase: Assigned (20070119)
Reference: FULLDISC:20070118 The vulnerabilities festival !
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html
Reference: MISC:http://www.atutor.ca/atutor/mantis/changelog_page.php
Reference: MISC:http://www.hackers.ir/advisories/festival.txt

Votes:

Name: CVE-2007-0382

Description:
Multiple SQL injection vulnerabilities in letterman.class.php in the Letterman 1.2.3 (com_letterman) component for Joomla! before 1.0.12 allow remote attackers to execute arbitrary SQL commands via the id parameter, related to the (1) lm_sendMail, (2) saveNewsletter, and (3) cancelNewsletter functions.

Votes:

Name: CVE-2007-0383

Description:
** DISPUTED ** WDaemon 9.5.4 allows remote attackers to access the /WorldClient.dll URI on TCP port 3000, which has unknown impact. NOTE: The researcher reports that the vendor response was "this is not a security bug."

Votes:

Name: CVE-2007-0384

Description:
Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Status: Candidate
Phase: Assigned (20070119)
Reference: FULLDISC:20070118 The vulnerabilities festival !
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html
Reference: MISC:http://www.hackers.ir/advisories/festival.txt
Reference: CONFIRM:http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/?root=postnuke
Reference: BID:22119