cpe:/a:apple:quicktime:7.1.3 CVE-2007-0015 2007-01-01T18:28:00.000-05:00 2008-09-05T17:16:48.060-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-02T01:57:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#442497 CERT TA07-005A XF quicktime-rtsp-url-bo(31203) VUPEN ADV-2007-0001 SECUNIA 23540 BID 21829 MILW0RM 3064 SECTRACK 1017461 MISC http://projects.info-pull.com/moab/MOAB-01-01-2007.html MISC http://landonf.bikemonkey.org/code/macosx/MOAB_Day_1.20070102060815.15950.zadder.local.html OSVDB 31023 MISC http://secunia.com/blog/7/ MILW0RM 3064 APPLE APPLE-SA-2007-01-23 MISC http://isc.sans.org/diary.html?storyid=2094 CONFIRM http://docs.info.apple.com/article.html?artnum=304989 Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI. cpe:/a:videolan:vlc:0.8.6 CVE-2007-0017 2007-01-02T21:28:00.000-05:00 2008-11-15T01:38:20.610-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-03T08:21:00.000-05:00 ALLOWS_USER_ACCESS XF vlcmediaplayer-udp-format-string(31226) CONFIRM http://www.videolan.org/sa0701.html CONFIRM http://www.videolan.org/patches/vlc-0.8.6-MOAB-02-01-2007.patch MLIST [vlc-devel] 20070102 Security hole in VLC media player for Mac... VUPEN ADV-2007-0026 CONFIRM http://trac.videolan.org/vlc/changeset/18481 SECTRACK 1017464 SECUNIA 23592 MISC http://projects.info-pull.com/moab/MOAB-02-01-2007.html OSVDB 31163 MISC http://landonf.bikemonkey.org/code/macosx/MOAB_Day_2.20070103045559.6753.timor.html MISC http://applefun.blogspot.com/2007/01/moab-02-01-2007-vlc-media-player-udp.html BID 21852 SUSE SUSE-SA:2007:013 DEBIAN DSA-1252 GENTOO GLSA-200701-24 SECUNIA 23971 SECUNIA 23910 SECUNIA 23829 Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file. cpe:/a:netfarer:movieplay:4.76 CVE-2007-0016 2007-01-02T21:28:00.000-05:00 2008-11-15T00:00:00.000-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-03T08:19:00.000-05:00 ALLOWS_USER_ACCESS BID 21840 MILW0RM 4051 SECUNIA 22959 OSVDB 32547 Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers to execute arbitrary code via a long filename in a LST file. cpe:/a:adobe:acrobat:7.0.1::standard cpe:/a:adobe:acrobat:7.0.6::standard cpe:/a:adobe:acrobat:7.0.2::professional cpe:/a:adobe:acrobat:7.0.4::professional cpe:/a:adobe:acrobat_reader:6.0 cpe:/a:adobe:acrobat:7.0.3::standard cpe:/a:adobe:acrobat:7.0.7::professional cpe:/a:adobe:acrobat:7.0.8::standard cpe:/a:adobe:acrobat:7.0.3::professional cpe:/a:adobe:acrobat:7.0.7::standard cpe:/a:adobe:acrobat:7.0.8::professional cpe:/a:adobe:acrobat:7.0::professional cpe:/a:adobe:acrobat:7.0::standard cpe:/a:adobe:acrobat_reader:6.0.3 cpe:/a:adobe:acrobat_reader:6.0.4 cpe:/a:adobe:acrobat_3d cpe:/a:adobe:acrobat_reader:6.0.1 cpe:/a:adobe:acrobat_reader:6.0.2 cpe:/a:adobe:acrobat_reader:7.0.8 cpe:/a:adobe:acrobat:7.0.5::standard cpe:/a:adobe:acrobat:7.0.4::standard cpe:/a:adobe:acrobat_reader:7.0.4 cpe:/a:adobe:acrobat_reader:7.0.5 cpe:/a:adobe:acrobat_reader:7.0.6 cpe:/a:adobe:acrobat_reader:7.0.7 cpe:/a:adobe:acrobat:7.0.8::elements cpe:/a:adobe:acrobat_reader:7.0.1 cpe:/a:adobe:acrobat_reader:7.0.3 cpe:/a:adobe:acrobat_reader:7.0.2 cpe:/a:adobe:acrobat_reader:7.0 cpe:/a:adobe:acrobat:7.0.5::professional cpe:/a:adobe:acrobat:7.0.1::professional cpe:/a:adobe:acrobat:7.0.2::standard cpe:/a:adobe:acrobat_reader:6.0.5 cpe:/a:adobe:acrobat:7.0.6::professional CVE-2007-0048 2007-01-03T16:28:00.000-05:00 2009-10-21T00:54:19.390-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2007-01-03T17:12:00.000-05:00 CERT TA09-286B MISC http://www.wisec.it/vulns.php?page=9 XF adobe-acrobat-character-dos(31273) VUPEN ADV-2009-2898 BUGTRAQ 20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities VUPEN ADV-2007-0032 CONFIRM http://www.adobe.com/support/security/bulletins/apsb09-15.html CONFIRM http://www.adobe.com/support/security/bulletins/apsb07-01.html SECTRACK 1023007 SECTRACK 1017469 GENTOO GLSA-200701-16 SECUNIA 33754 SECUNIA 23882 SECUNIA 23812 OSVDB 31596 SUSE SUSE-SA:2007:011 CONFIRM http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html MISC http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf SREASON 2090 Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue." cpe:/a:adobe:acrobat_reader:7.0.8 CVE-2007-0047 2007-01-03T16:28:00.000-05:00 2008-09-05T17:16:53.107-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-03T17:10:00.000-05:00 ALLOWS_OTHER_ACCESS XF adobe-acrobat-xmlhttp-response-splitting(31291) VUPEN ADV-2007-0032 SECTRACK 1017469 SECUNIA 23882 SUSE SUSE-SA:2007:011 MISC http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. cpe:/a:adobe:acrobat_reader:7.0.8 CVE-2007-0046 2007-01-03T16:28:00.000-05:00 2008-09-05T17:16:52.950-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-03T17:08:00.000-05:00 ALLOWS_OTHER_ACCESS MISC http://www.wisec.it/vulns.php?page=9 BUGTRAQ 20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities MISC http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf REDHAT RHSA-2007:0017 XF adobe-acrobat-msvcrt-code-execution(31272) REDHAT RHSA-2007:0021 VUPEN ADV-2007-0957 VUPEN ADV-2007-0032 CONFIRM http://www.adobe.com/support/security/bulletins/apsb07-01.html SUNALERT 102847 SECTRACK 1017469 SREASON 2090 GENTOO GLSA-200701-16 SECUNIA 24533 SECUNIA 23882 SECUNIA 23877 SECUNIA 23812 SECUNIA 23691 SUSE SUSE-SA:2007:011 Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. cpe:/a:adobe:acrobat:7.0.1::standard cpe:/a:adobe:acrobat:7.0.6::standard cpe:/a:adobe:acrobat:7.0.2::professional cpe:/a:adobe:acrobat:7.0.4::professional cpe:/a:adobe:acrobat_reader:6.0 cpe:/a:adobe:acrobat:7.0.3::standard cpe:/a:adobe:acrobat:7.0.7::professional cpe:/a:adobe:acrobat:7.0.8::standard cpe:/a:adobe:acrobat:7.0.3::professional cpe:/a:adobe:acrobat:7.0.7::standard cpe:/a:adobe:acrobat:7.0.8::professional cpe:/a:adobe:acrobat:7.0::professional cpe:/a:adobe:acrobat:7.0::standard cpe:/a:adobe:acrobat_reader:6.0.3 cpe:/a:adobe:acrobat_reader:6.0.4 cpe:/a:adobe:acrobat_3d cpe:/a:adobe:acrobat_reader:6.0.1 cpe:/a:adobe:acrobat_reader:6.0.2 cpe:/a:adobe:acrobat_reader:7.0.8 cpe:/a:adobe:acrobat:7.0.5::standard cpe:/a:adobe:acrobat:7.0.4::standard cpe:/a:adobe:acrobat_reader:7.0.4 cpe:/a:adobe:acrobat_reader:7.0.5 cpe:/a:adobe:acrobat_reader:7.0.6 cpe:/a:adobe:acrobat_reader:7.0.7 cpe:/a:adobe:acrobat:7.0.8::elements cpe:/a:adobe:acrobat_reader:7.0.1 cpe:/a:adobe:acrobat_reader:7.0.3 cpe:/a:adobe:acrobat_reader:7.0.2 cpe:/a:adobe:acrobat_reader:7.0 cpe:/a:adobe:acrobat:7.0.5::professional cpe:/a:adobe:acrobat:7.0.1::professional cpe:/a:adobe:acrobat:7.0.2::standard cpe:/a:adobe:acrobat_reader:6.0.5 cpe:/a:adobe:acrobat:7.0.6::professional CVE-2007-0045 2007-01-03T16:28:00.000-05:00 2009-10-21T00:54:19.000-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2007-01-03T17:06:00.000-05:00 CERT TA09-286B CERT-VN VU#815960 MISC http://www.wisec.it/vulns.php?page=9 REDHAT RHSA-2007:0017 XF adobe-acrobat-pdf-xss(31271) VUPEN ADV-2009-2898 BID 21858 BUGTRAQ 20070104 Universal PDF XSS After Party BUGTRAQ 20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities BUGTRAQ 20070103 RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous BUGTRAQ 20070103 Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous BUGTRAQ 20070103 Re: Universal XSS with PDF files: highly dangerous BUGTRAQ 20070103 Universal XSS with PDF files: highly dangerous REDHAT RHSA-2007:0021 CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-02.html MISC http://www.gnucitizen.org/blog/universal-pdf-xss-after-party CONFIRM http://www.gnucitizen.org/blog/danger-danger-danger/ VUPEN ADV-2007-0957 VUPEN ADV-2007-0032 MISC http://www.disenchant.ch/blog/hacking-with-browser-plugins/34 CONFIRM http://www.adobe.com/support/security/bulletins/apsb09-15.html CONFIRM http://www.adobe.com/support/security/bulletins/apsb07-01.html CONFIRM http://www.adobe.com/support/security/advisories/apsa07-02.html CONFIRM http://www.adobe.com/support/security/advisories/apsa07-01.html SUNALERT 102847 SECTRACK 1023007 SECTRACK 1017469 GENTOO GLSA-200701-16 SECUNIA 33754 SECUNIA 24533 SECUNIA 23882 SECUNIA 23877 SECUNIA 23812 SECUNIA 23691 SECUNIA 23483 SUSE SUSE-SA:2007:011 CONFIRM http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html SLACKWARE SSA:2007-066-05 SREASON 2090 SECUNIA 24457 HP SSRT061181 Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)." cpe:/a:adobe:acrobat:7.0.1::standard cpe:/a:adobe:acrobat:7.0.6::standard cpe:/a:adobe:acrobat:7.0.2::professional cpe:/a:adobe:acrobat:7.0.4::professional cpe:/a:adobe:acrobat_reader:6.0 cpe:/a:adobe:acrobat:7.0.3::standard cpe:/a:adobe:acrobat:7.0.7::professional cpe:/a:adobe:acrobat:7.0.8::standard cpe:/a:adobe:acrobat:7.0.3::professional cpe:/a:adobe:acrobat:7.0.7::standard cpe:/a:adobe:acrobat:7.0.8::professional cpe:/a:adobe:acrobat:7.0::professional cpe:/a:adobe:acrobat:7.0::standard cpe:/a:adobe:acrobat_reader:6.0.3 cpe:/a:adobe:acrobat_reader:6.0.4 cpe:/a:adobe:acrobat_3d cpe:/a:adobe:acrobat_reader:6.0.1 cpe:/a:adobe:acrobat_reader:6.0.2 cpe:/a:adobe:acrobat_reader:7.0.8 cpe:/a:adobe:acrobat:7.0.5::standard cpe:/a:adobe:acrobat:7.0.4::standard cpe:/a:adobe:acrobat_reader:7.0.4 cpe:/a:adobe:acrobat_reader:7.0.5 cpe:/a:adobe:acrobat_reader:7.0.6 cpe:/a:adobe:acrobat_reader:7.0.7 cpe:/a:adobe:acrobat:7.0.8::elements cpe:/a:adobe:acrobat_reader:7.0.1 cpe:/a:adobe:acrobat_reader:7.0.3 cpe:/a:adobe:acrobat_reader:7.0.2 cpe:/a:adobe:acrobat_reader:7.0 cpe:/a:adobe:acrobat:7.0.5::professional cpe:/a:adobe:acrobat:7.0.1::professional cpe:/a:adobe:acrobat:7.0.2::standard cpe:/a:adobe:acrobat_reader:6.0.5 cpe:/a:adobe:acrobat:7.0.6::professional CVE-2007-0044 2007-01-03T16:28:00.000-05:00 2008-09-05T17:16:52.497-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2007-01-03T17:04:00.000-05:00 MISC http://www.wisec.it/vulns.php?page=9 XF adobe-acrobat-pdf-csrf(31266) BID 21858 BUGTRAQ 20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities REDHAT RHSA-2008:0144 VUPEN ADV-2007-0032 SECTRACK 1017469 SREASON 2090 GENTOO GLSA-200701-16 SECUNIA 29065 SECUNIA 23882 SECUNIA 23812 SUSE SUSE-SA:2007:011 MISC http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding." cpe:/a:openpinboard:openpinboard:2.0 CVE-2007-0050 2007-01-04T06:28:00.000-05:00 2008-11-15T01:38:27.437-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-04T10:02:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20070103 OpenPinboard <= Remote File Include BUGTRAQ 20070103 Re: OpenPinboard <= Remote File Include OSVDB 33375 BUGTRAQ 20070106 Re: OpenPinboard <= Remote File Include ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the language parameter. NOTE: this issue has been disputed by the developer and a third party, since the variable is set before use. CVE analysis suggests that there is a small time window of risk before the installation is complete. cpe:/a:geckovich:tasktracker_pro:1.5 cpe:/a:geckovich:tasktracker:1.4 CVE-2007-0049 2007-01-04T06:28:00.000-05:00 2008-11-15T01:38:27.267-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-04T09:56:00.000-05:00 ALLOWS_OTHER_ACCESS XF tasktrackerpro-customize-auth-bypass(31235) BID 21847 SECUNIA 23564 OSVDB 31682 MILW0RM 3068 Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp. cpe:/a:apple:iphoto:6.0.5 CVE-2007-0051 2007-01-04T13:28:00.000-05:00 2008-11-15T01:38:27.640-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-04T13:49:00.000-05:00 ALLOWS_OTHER_ACCESS XF iphoto-xmltitle-format-string(31281) BID 21871 BUGTRAQ 20070104 DMA[2007-0104a] - 'iLife iPhoto Photocasing Format String Vulnerability' MILW0RM 3080 VUPEN ADV-2007-0057 MISC http://www.digitalmunition.com/DMA[2007-0104a].txt SECUNIA 23615 MISC http://projects.info-pull.com/moab/MOAB-04-01-2007.html OSVDB 31165 MILW0RM 3080 APPLE APPLE-SA-2007-03-13 CONFIRM http://docs.info.apple.com/article.html?artnum=305215 FULLDISC 20070104 DMA[2007-0104a] - 'iLife iPhoto Photocasing Format String Vulnerability' Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed. cpe:/a:fersch:formbankserver:1.9 CVE-2007-0055 2007-01-04T17:28:00.000-05:00 2008-11-15T01:38:28.453-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2007-01-04T18:24:00.000-05:00 MILW0RM 3063 VUPEN ADV-2007-0012 SECUNIA 23539 OSVDB 32545 XF formbankserver-name-directory-traversal(31214) MILW0RM 3063 Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in Formbankserver 1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:belchior_foundry:vcard_pro CVE-2007-0054 2007-01-04T17:28:00.000-05:00 2008-11-15T01:38:28.203-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-04T18:21:00.000-05:00 ALLOWS_OTHER_ACCESS BID 21844 BUGTRAQ 20070101 vBulletin vCard PRO XSS OSVDB 33359 XF vcard-gbrowse-xss(31182) Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior Foundry vCard PRO allows remote attackers to inject arbitrary web script or HTML via the sortby parameter. cpe:/a:asp_siteware:autodealer:2.0 CVE-2007-0053 2007-01-04T17:28:00.000-05:00 2008-11-15T01:38:28.017-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-04T18:18:00.000-05:00 ALLOWS_OTHER_ACCESS BID 21833 VUPEN ADV-2007-0016 SECUNIA 23572 OSVDB 32539 MILW0RM 3062 XF autodealer-detail-sql-injection(31219) SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the iPro parameter. cpe:/a:vizayn_haber:vizayn_haber CVE-2007-0052 2007-01-04T17:28:00.000-05:00 2008-11-15T01:38:27.877-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-04T18:15:00.000-05:00 ALLOWS_OTHER_ACCESS BID 21836 VUPEN ADV-2007-0015 SECUNIA 23576 OSVDB 31518 MILW0RM 3061 XF vicayn-haberdetay-sql-injection(31213) SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows remote attackers to execute arbitrary SQL commands via the id parameter. cpe:/a:ashopsoftware:ashop_deluxe:4.5 cpe:/a:ashopsoftware:ashop_administration_panel CVE-2007-0056 2007-01-04T17:28:00.000-05:00 2008-11-15T01:38:28.843-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-04T18:35:00.000-05:00 ALLOWS_OTHER_ACCESS BID 21845 BUGTRAQ 20070101 AShop Shopping Cart Multiple XSS Vulnerabilities OSVDB 32558 OSVDB 32557 OSVDB 32556 OSVDB 32555 OSVDB 32554 OSVDB 32553 XF ashop-multiple-scripts-xss(31178) VUPEN ADV-2007-0028 SREASON 2091 SECUNIA 23547 Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe 4.5 and AShop Administration Panel allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) ashop/catalogue.php and (b) ashop/basket.php, the (2) exp parameter to ashop/catalogue.php, the (3) searchstring parameter to (c) ashop/search.php, the (4) checkout and (5) action parameters to (d) ashop/shipping.php, the cat parameter to (f) cart-path/admin/editcatalogue.php, and the (7) resultpage parameter to (g) cart-path/admin/salesadmin.php. cpe:/o:cisco:clean_access:4.0.4.2 cpe:/o:cisco:clean_access:3.6.1.1 cpe:/o:cisco:clean_access:3.5.9 CVE-2007-0057 2007-01-04T17:28:00.000-05:00 2008-11-15T01:38:29.063-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2007-01-04T18:38:00.000-05:00 ALLOWS_ADMIN_ACCESS VUPEN ADV-2007-0030 CISCO 20070103 Multiple Vulnerabilities in Cisco Clean Access OSVDB 32578 SECTRACK 1017465 SECUNIA 23617 Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access. cpe:/o:cisco:clean_access:3.6.1.1 cpe:/o:cisco:clean_access:3.5.9 CVE-2007-0058 2007-01-04T17:28:00.000-05:00 2008-09-05T17:16:54.840-04:00 7.8 NETWORK LOW NONE COMPLETE NONE NONE http://nvd.nist.gov 2007-01-04T18:39:00.000-05:00 VUPEN ADV-2007-0030 CISCO 20070103 Multiple Vulnerabilities in Cisco Clean Access SECTRACK 1017465 SECUNIA 23556 OSVDB 32579 Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file. cpe:/a:apple:quicktime:7.1.3 cpe:/a:apple:quicktime:3 CVE-2007-0059 2007-01-04T19:28:00.000-05:00 2008-11-15T01:38:29.483-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-05T10:38:00.000-05:00 ALLOWS_USER_ACCESS CERT-VN VU#304064 MISC http://www.gnucitizen.org/blog/backdooring-quicktime-movies/ MISC http://projects.info-pull.com/moab/MOAB-03-01-2007.html OSVDB 31164 APPLE APPLE-SA-2007-03-05 CONFIRM http://docs.info.apple.com/article.html?artnum=305149 Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm. cpe:/a:aspbb:aspbb CVE-2007-0075 2007-01-05T06:28:00.000-05:00 2008-11-15T01:38:34.170-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-05T10:41:00.000-05:00 ALLOWS_USER_ACCESS XF aspbb-aspbb-info-disclosure(31230) BUGTRAQ 20070102 AspBB Remote Password Disclosure MISC http://www.aria-security.com/forum/showthread.php?t=82 OSVDB 33364 SREASON 2100 AspBB stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for db/aspbb.mdb. cpe:/a:2enetworx:openforum CVE-2007-0076 2007-01-05T06:28:00.000-05:00 2008-11-15T01:38:34.360-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-05T10:45:00.000-05:00 ALLOWS_OTHER_ACCESS XF openforum-openforum-password-disclosure(31209) BUGTRAQ 20070102 Openforum Remote password Disclosure MISC http://www.aria-security.com/forum/showthread.php?t=80 OSVDB 33366 SREASON 2099 Openforum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for openforum.mdb. cpe:/a:lblog:lblog CVE-2007-0077 2007-01-05T06:28:00.000-05:00 2008-11-15T01:38:34.577-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2007-01-05T10:48:00.000-05:00 XF lblog-newfolder-information-disclosure(31229) BUGTRAQ 20070102 lblog Remote Password Disclosure MISC http://www.aria-security.com/forum/showthread.php?t=79 SECTRACK 1017462 OSVDB 33367 SREASON 2098 lblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a certain file in admin/db/newFolder/. cpe:/a:battleblog:battleblog:1.0d CVE-2007-0078 2007-01-05T06:28:00.000-05:00 2008-11-15T01:38:34.813-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2007-01-05T10:52:00.000-05:00 XF battleblog-blankmaster-info-disclosure(31224) BUGTRAQ 20070101 BattleBlog Database Download Vulnerability MISC http://www.aria-security.com/forum/showthread.php?t=76 OSVDB 33360 SREASON 2097 BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb. cpe:/a:rblog:rblog CVE-2007-0079 2007-01-05T06:28:00.000-05:00 2008-11-15T01:38:35.017-05:00 7.8 NETWORK LOW NONE COMPLETE NONE NONE http://nvd.nist.gov 2007-01-05T11:04:00.000-05:00 XF rblog-database-info-disclosure(31200) BUGTRAQ 20070101 rblog Database Download Vulnerability MISC http://www.aria-security.com/forum/showthread.php?t=77 SECUNIA 23538 OSVDB 32572 SREASON 2102 rblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/admin.mdb or (2) data/rblog.mdb. cpe:/a:freeradius:freeradius:1.1.3 CVE-2007-0080 2007-01-05T06:28:00.000-05:00 2008-11-15T01:38:36.517-05:00 6.6 LOCAL MEDIUM SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2007-01-05T10:58:00.000-05:00 ALLOWS_ADMIN_ACCESS XF freeradius-smbconnectserver-bo(31248) BUGTRAQ 20070102 FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution BUGTRAQ 20070103 Re: FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution MISC http://www.freeradius.org/security.html VIM 20070211 FreeRADIUS dispute of CVE-2007-0080 SECTRACK 1017463 OSVDB 32082 ** DISPUTED ** Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited "only to local administrators who have write access to the server configuration files." CVE concurs with the dispute. cpe:/a:sunbelt:sunbelt_kerio_personal_firewall:4.3.246 cpe:/a:sunbelt:sunbelt_kerio_personal_firewall:4.3.268 CVE-2007-0081 2007-01-05T06:28:00.000-05:00 2008-09-05T17:16:58.043-04:00 6.8 LOCAL LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2007-01-05T11:03:00.000-05:00 ALLOWS_ADMIN_ACCESS XF kerio-directory-code-execution(31232) BID 21828 BUGTRAQ 20070101 Kerio Fake 'iphlpapi' DLL injection Vulnerability MISC http://www.matousec.com/info/advisories/Kerio-Fake-iphlpapi-DLL-injection.php OSVDB 33356 SREASON 2095 Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and possibly other versions allows local users to provide a Trojan horse iphlpapi.dll to SKPF by placing it in the installation directory. cpe:/a:imgallery:imgallery:2.4 cpe:/a:imgallery:imgallery:2.5 CVE-2007-0082 2007-01-05T06:28:00.000-05:00 2008-09-05T17:16:58.200-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-05T11:04:00.000-05:00 ALLOWS_OTHER_ACCESS XF imgallery-start1-file-upload(31237) BID 21827 MILW0RM 3049 VUPEN ADV-2007-0010 MILW0RM 3049 users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts. cpe:/a:nuked-klan:nuked-klan:1.2 cpe:/a:nuked-klan:nuked-klan:1.2_beta cpe:/a:nuked-klan:nuked-klan:1.5_sp2 cpe:/a:nuked-klan:nuked-klan:1.5 cpe:/a:nuked-klan:nuked-klan:1.4 cpe:/a:nuked-klan:nuked-klan:1.3 cpe:/a:nuked-klan:nuked-klan:1.7 cpe:/a:nuked-klan:nuked-klan:1.3_beta CVE-2007-0083 2007-01-05T06:28:00.000-05:00 2008-11-15T01:38:37.203-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-05T11:06:00.000-05:00 ALLOWS_OTHER_ACCESS BID 21850 BUGTRAQ 20070102 Nuked Klan <= 1.7 Remote Cookie Disclosure Exploit OSVDB 33368 SREASON 2101 Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a getURL statement in a .swf file, as demonstrated by "Remote Cookie Disclosure." NOTE: it could be argued that this is an issue in Shockwave instead of Nuked Klan. cpe:/a:microsoft:message_compiler:1.00.5239 CVE-2007-0084 2007-01-05T06:28:00.000-05:00 2008-11-15T01:38:38.517-05:00 6.6 LOCAL MEDIUM SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2007-01-05T11:09:00.000-05:00 ALLOWS_ADMIN_ACCESS BUGTRAQ 20070102 Windows NT Message Compiler 1.00.5239 arbitrary code execution BUGTRAQ 20070103 Re: Windows NT Message Compiler 1.00.5239 arbitrary code execution OSVDB 37817 ** DISPUTED ** Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows local users to gain privileges via a long MC-filename. NOTE: this issue has been disputed by a reliable third party who states that the compiler is not a privileged program, so privilege boundaries cannot be crossed. cpe:/o:openbsd:openbsd:3.9 cpe:/o:openbsd:openbsd:4.0 CVE-2007-0085 2007-01-05T06:28:00.000-05:00 2008-09-05T17:16:58.667-04:00 6.0 LOCAL HIGH SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2007-01-05T11:15:00.000-05:00 ALLOWS_ADMIN_ACCESS OPENBSD [3.9] 017: SECURITY FIX: January 3, 2007 OPENBSD [4.0] 007: SECURITY FIX: January 3, 2007 SECTRACK 1017468 SECUNIA 23608 XF openbsd-vga-privilege-escalation(31276) VUPEN ADV-2007-0043 MLIST [openbsd-cvs] 20070103 CVS: cvs.openbsd.org: www MLIST [openbsd-cvs] 20070103 Re: CVS: cvs.openbsd.org: src MISC http://ilja.netric.org/files/Unusual%20bugs%2023c3.pdf OSVDB 32574 Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer reference. cpe:/a:apache:http_server CVE-2007-0086 2007-01-05T13:28:00.000-05:00 2008-11-15T01:38:39.170-05:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2007-01-05T14:39:00.000-05:00 BUGTRAQ 20070103 a cheesy Apache / IIS DoS vuln (+a question) BUGTRAQ 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) BUGTRAQ 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) BUGTRAQ 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) OSVDB 33456 ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal. cpe:/a:microsoft:internet_information_server CVE-2007-0087 2007-01-05T13:28:00.000-05:00 2008-11-15T01:38:39.453-05:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2007-01-05T14:43:00.000-05:00 BUGTRAQ 20070103 a cheesy Apache / IIS DoS vuln (+a question) BUGTRAQ 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) BUGTRAQ 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) BUGTRAQ 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) OSVDB 33457 ** DISPUTED ** Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal. cpe:/a:openmedia:openmedia CVE-2007-0088 2007-01-05T13:28:00.000-05:00 2008-11-15T01:38:39.627-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2007-01-05T14:45:00.000-05:00 XF openmedia-page-directory-traversal(31258) BUGTRAQ 20070102 openmedia local read file OSVDB 33371 OSVDB 33370 SREASON 2103 Multiple directory traversal vulnerabilities in openmedia allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) src parameter to page.php or the (2) format parameter to search_form.php. cpe:/a:jgbbs:jgbbs:3.0:beta_1 CVE-2007-0089 2007-01-05T13:28:00.000-05:00 2008-11-15T01:38:39.920-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-05T14:55:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20070103 jgbbs OSVDB 33376 MISC http://aria-security.com/forum/showthread.php?t=87 XF jgbbs-bbs-information-disclosure(31274) jgbbs stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/bbs.mdb. cpe:/a:fermentigrafici:wineglass CVE-2007-0090 2007-01-05T13:28:00.000-05:00 2008-11-15T01:38:40.170-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-05T14:57:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20070103 WineGlass "data.mdb" Remote Password Disclosure OSVDB 32575 MISC http://aria-security.com/forum/showthread.php?p=112 VUPEN ADV-2007-0037 SECUNIA 23594 WineGlass stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/data.mdb. cpe:/a:katy_whitton_web_development:newscmslite CVE-2007-0091 2007-01-05T13:28:00.000-05:00 2008-11-15T01:38:40.343-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-05T14:59:00.000-05:00 ALLOWS_OTHER_ACCESS XF newscmslite-newscms-info-disclosure(31222) MILW0RM 3066 OSVDB 37548 MILW0RM 3066 newsCMSlite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for newsCMS.mdb. cpe:/a:e-smart_cart:e-smart_cart:1.0 CVE-2007-0092 2007-01-05T13:28:00.000-05:00 2008-11-15T01:38:41.250-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-05T15:09:00.000-05:00 ALLOWS_OTHER_ACCESS MILW0RM 3074 SECUNIA 23610 OSVDB 31679 XF esmartcart-productdetail-sql-injection(31243) VUPEN ADV-2007-0036 MILW0RM 3074 SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter. cpe:/a:cms-center:simple_web_cms CVE-2007-0093 2007-01-05T13:28:00.000-05:00 2008-11-15T01:38:42.077-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-05T15:11:00.000-05:00 ALLOWS_OTHER_ACCESS XF swcms-page-sql-injection(31261) BUGTRAQ 20070103 Simple Web Content Management System SQL Injection Exploit MILW0RM 3076 VUPEN ADV-2007-0040 SECUNIA 23590 OSVDB 31657 MILW0RM 3076 MISC http://acid-root.new.fr/poc/18070102.txt SREASON 2106 SQL injection vulnerability in page.php in Simple Web Content Management System allows remote attackers to execute arbitrary SQL commands via the id parameter. cpe:/a:sven_moderow:sven_moderow_guestbook:0.3a CVE-2007-0094 2007-01-05T13:28:00.000-05:00 2008-11-15T01:38:42.327-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-05T15:13:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20070103 GuestBook v0.3a Remote Password Disclosure OSVDB 33363 MISC http://aria-security.com/forum/showthread.php?p=114 XF guestbook-gbook-information-disclosure(31245) SREASON 2105 Sven Moderow GuestBook 0.3a stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for (1) gbook97.mdb or (2) gbook.mdb in ~db/. cpe:/a:phpmyadmin:phpmyadmin:2.9.1.1 CVE-2007-0095 2007-01-05T13:28:00.000-05:00 2008-11-15T01:38:42.517-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2007-01-05T15:14:00.000-05:00 XF phpmyadmin-darkblueorange-path-disclosure(31223) OSVDB 33257 FULLDISC 20070102 Inforamtion Discloser Vulnerabilities in phpMyAdmin FULLDISC 20070102 Inforamtion Discloser Vulnerabilities in "phpMyAdmin" MANDRIVA MDKSA-2007:199 SREASON 2104 phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message. cpe:/a:carbon_communities:carbon_communities:2.4d CVE-2007-0096 2007-01-05T13:28:00.000-05:00 2008-11-15T01:38:42.703-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-05T15:16:00.000-05:00 ALLOWS_OTHER_ACCESS XF carboncommunities-carbon2-info-disclosure(31253) VUPEN ADV-2007-0038 OSVDB 37549 MISC http://aria-security.com/forum/showthread.php?t=85 CarbonCommunities stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for DataBase/Carbon2.4d.mdb. cpe:/a:conexware:powerarchiver_2006:9.64.02 CVE-2007-0097 2007-01-05T13:28:00.000-05:00 2008-11-15T01:38:42.860-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2007-01-05T15:18:00.000-05:00 ALLOWS_ADMIN_ACCESS VUPEN ADV-2007-0041 MISC http://vuln.sg/powarc964-en.html SECUNIA 23559 OSVDB 32576 FULLDISC 20070104 [vuln.sg] PowerArchiver PAISO.DLL Buffer Overflow XF powerarchiver-loadtree-readheader-bo(31263) BUGTRAQ 20070104 [vuln.sg] PowerArchiver PAISO.DLL Buffer Overflow Vulnerability Multiple stack-based buffer overflows in the (1) LoadTree and (2) ReadHeader functions in PAISO.DLL 1.7.3.0 (1.7.3 beta) in ConeXware PowerArchiver 2006 9.64.02 allow user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories. cpe:/a:verliadmin:verliadmin:0.3 CVE-2007-0098 2007-01-05T13:28:00.000-05:00 2008-11-15T01:38:43.157-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-05T15:19:00.000-05:00 ALLOWS_OTHER_ACCESS MILW0RM 3075 VUPEN ADV-2007-0035 OSVDB 32352 XF verliadmin-language-file-include(31241) MILW0RM 3075 Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php. cpe:/a:microsoft:internet_explorer:6 cpe:/a:microsoft:xml_core_services:3.0 CVE-2007-0099 2007-01-08T15:28:00.000-05:00 2009-11-05T00:00:00.000-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2007-01-08T16:05:00.000-05:00 CERT TA08-316A BID 21872 MS MS08-069 VUPEN ADV-2008-3111 BUGTRAQ 20070104 Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws) BUGTRAQ 20070104 RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws) BUGTRAQ 20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws) SECTRACK 1021164 SECUNIA 23655 FULLDISC 20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws) OSVDB 32627 MISC http://isc.sans.org/diary.php?storyid=2004 FULLDISC 20070104 Re: Concurrency strikes MSIE (potentially exploitablemsxml3 flaws) Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability." cpe:/a:perforce:perforce_client CVE-2007-0100 2007-01-08T15:28:00.000-05:00 2008-11-15T01:38:43.593-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2007-01-08T16:10:00.000-05:00 ALLOWS_ADMIN_ACCESS BUGTRAQ 20070104 Perforce client: security hole by design OSVDB 33369 The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows remote attackers to overwrite arbitrary files by modifying the client config file on the server, or by operating a malicious server. cpe:/a:spine:spine:1.1 CVE-2007-0101 2007-01-08T15:28:00.000-05:00 2008-11-15T01:38:44.030-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-08T16:12:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2007-0042 MISC http://spine.sourceforge.net/changelog.html XF spine-unspecified-csrf(31283) SECUNIA 23537 OSVDB 32577 Cross-site request forgery (CSRF) vulnerability in SPINE allows remote attackers to perform unauthorized actions as administrators via unspecified vectors. NOTE: some of these details are obtained from third party information. cpe:/a:apple:preview:3.0.8 CVE-2007-0102 2007-01-08T19:28:00.000-05:00 2008-11-15T01:38:44.217-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T09:46:00.000-05:00 CERT TA07-072A BID 21910 XF multiple-vendor-pdf-code-execution(31364) SECTRACK 1017749 VUPEN ADV-2007-0930 SECUNIA 24479 MISC http://projects.info-pull.com/moab/MOAB-06-01-2007.html OSVDB 31221 CONFIRM http://docs.info.apple.com/article.html?artnum=305214 The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. cpe:/a:adobe:acrobat_reader:7.0.8 CVE-2007-0103 2007-01-08T19:28:00.000-05:00 2008-09-05T17:17:01.357-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T09:48:00.000-05:00 CERT TA07-072A XF multiple-vendor-pdf-code-execution(31364) SECTRACK 1017749 BID 21910 VUPEN ADV-2007-0930 SECUNIA 24479 MISC http://projects.info-pull.com/moab/MOAB-06-01-2007.html CONFIRM http://docs.info.apple.com/article.html?artnum=305214 The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. cpe:/o:kde:kde:3.2 cpe:/o:kde:kde:3.4.2 cpe:/o:kde:kde:3.4 cpe:/o:kde:kde:3.4.1 cpe:/o:kde:kde:3.3 cpe:/o:kde:kde:3.5 cpe:/o:kde:kde:3.4.3 cpe:/a:xpdf:xpdf:3.0_pl2 cpe:/o:kde:kde:3.2.1 cpe:/o:kde:kde:3.2.2 cpe:/a:xpdf:xpdf:3.0.1_pl1 cpe:/o:kde:kde:3.3.1 cpe:/a:xpdf:xpdf:3.0.1_pl2 cpe:/o:kde:kde:3.3.2 cpe:/a:xpdf:xpdf:3.0 cpe:/o:kde:kde:3.2.3 cpe:/a:xpdf:xpdf:3.0.1 CVE-2007-0104 2007-01-08T19:28:00.000-05:00 2008-09-05T17:17:01.510-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T09:49:00.000-05:00 CERT TA07-072A CONFIRM https://issues.rpath.com/browse/RPL-964 XF multiple-vendor-pdf-code-execution(31364) UBUNTU USN-410-2 UBUNTU USN-410-1 SECTRACK 1017749 BID 21910 BUGTRAQ 20070116 [KDE Security Advisory] kpdf/kword/xpdf denial of service vulnerability SUSE SUSE-SR:2007:003 MANDRIVA MDKSA-2007:024 MANDRIVA MDKSA-2007:022 MANDRIVA MDKSA-2007:021 MANDRIVA MDKSA-2007:020 MANDRIVA MDKSA-2007:019 MANDRIVA MDKSA-2007:018 CONFIRM http://www.kde.org/info/security/advisory-20070115-1.txt VUPEN ADV-2007-0930 VUPEN ADV-2007-0244 VUPEN ADV-2007-0212 VUPEN ADV-2007-0203 CONFIRM http://support.novell.com/techcenter/psdb/44d7cb9b669d58e0ce5aa5d7ab2c7c53.html SECTRACK 1017514 SECUNIA 24479 SECUNIA 24204 SECUNIA 23876 SECUNIA 23844 SECUNIA 23839 SECUNIA 23815 SECUNIA 23813 SECUNIA 23808 SECUNIA 23799 SECUNIA 23791 MISC http://projects.info-pull.com/moab/MOAB-06-01-2007.html MANDRIVA MDKSA-2007:024 MANDRIVA MDKSA-2007:021 MANDRIVA MDKSA-2007:019 CONFIRM http://docs.info.apple.com/article.html?artnum=305214 The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. cpe:/a:cisco:secure_access_control_server:4.0.1 CVE-2007-0105 2007-01-08T19:28:00.000-05:00 2008-09-05T17:17:01.700-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T09:54:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#744249 VUPEN ADV-2007-0068 SECUNIA 23629 XF cisco-acs-csadmin-bo(31323) BID 21900 CISCO 20070105 Multiple Vulnerabilities in Cisco Secure Access Control Server SECTRACK 1017475 OSVDB 32642 Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. cpe:/a:wordpress:wordpress:2.0.5 cpe:/a:wordpress:wordpress:2.0 cpe:/a:wordpress:wordpress:2.0.4 cpe:/a:wordpress:wordpress:2.0.3 cpe:/a:wordpress:wordpress:2.0.2 cpe:/a:wordpress:wordpress:2.0.1 CVE-2007-0106 2007-01-08T19:28:00.000-05:00 2008-11-15T01:38:45.170-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T09:56:00.000-05:00 ALLOWS_OTHER_ACCESS BID 21893 CONFIRM http://wordpress.org/development/2007/01/wordpress-206/ BUGTRAQ 20070105 Advisory 01/2007: WordPress CSRF Protection XSS Vulnerability MISC http://www.hardened-php.net/advisory_012007.140.html VUPEN ADV-2007-0061 SECUNIA 23595 OSVDB 33397 SREASON 2114 Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request. cpe:/a:wordpress:wordpress:2.0.5 CVE-2007-0107 2007-01-08T19:28:00.000-05:00 2008-11-15T01:38:46.827-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T09:57:00.000-05:00 ALLOWS_OTHER_ACCESS XF wordpress-mbstring-security-bypass(31297) BID 21907 BUGTRAQ 20070105 Advisory 02/2007: WordPress Trackback Charset Decoding SQL Injection Vulnerability OPENPKG OpenPKG-SA-2007.005 MISC http://www.hardened-php.net/advisory_022007.141.html VUPEN ADV-2007-0061 CONFIRM http://wordpress.org/development/2007/01/wordpress-206/ SECUNIA 23595 OSVDB 31579 SREASON 2112 GENTOO GLSA-200701-10 SECUNIA 23741 WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7. cpe:/a:novell:client:4.91:sp3 CVE-2007-0108 2007-01-08T19:28:00.000-05:00 2008-11-15T01:38:47.110-05:00 6.0 NETWORK MEDIUM SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T10:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF novell-profile-security-bypass(31343) BID 21886 VUPEN ADV-2007-0064 CONFIRM http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974970.htm SECTRACK 1017471 SECUNIA 23619 OSVDB 31358 nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles. cpe:/a:wordpress:wordpress:2.0.5 cpe:/a:wordpress:wordpress:2.0 cpe:/a:wordpress:wordpress:2.0.4 cpe:/a:wordpress:wordpress:2.0.3 cpe:/a:wordpress:wordpress:2.0.2 cpe:/a:wordpress:wordpress:2.0.1 CVE-2007-0109 2007-01-08T19:28:00.000-05:00 2008-11-15T01:38:47.813-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2007-01-09T09:59:00.000-05:00 XF wordpress-account-enumeration(31262) BUGTRAQ 20070103 Wordpress <= 2.x dictionnary & Bruteforce attack VUPEN ADV-2007-0062 SECUNIA 23621 OSVDB 31577 SREASON 2113 GENTOO GLSA-200701-10 SECUNIA 23741 wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks. cpe:/a:novell:access_manager_identity_server:3 CVE-2007-0110 2007-01-08T19:28:00.000-05:00 2008-11-15T01:38:48.250-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T10:02:00.000-05:00 ALLOWS_OTHER_ACCESS CONFIRM https://secure-support.novell.com/KanisaPlatform/Publishing/143/3615264_f.SAL_Public.html BID 21921 VUPEN ADV-2007-0073 SECUNIA 23654 OSVDB 31359 SECTRACK 1017483 Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message. cpe:/a:resco:photo_viewer:6.11 cpe:/a:resco:photo_viewer:4.11 CVE-2007-0111 2007-01-08T19:28:00.000-05:00 2008-11-15T01:38:48.953-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T10:04:00.000-05:00 ALLOWS_OTHER_ACCESS MISC http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+Resco+Photo+Viewer+6%2E01+Enabling+Code+Injection+and+Arbitrary+Code+Execution BID 21920 VUPEN ADV-2007-0072 SECUNIA 23658 OSVDB 32644 MISC http://blog.trendmicro.com/flaw-in-3rd-party-app-weakens-windows-mobile/ Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as used in mobile devices running Windows Mobile 5.0, 2003, and 2003SE, allows remote attackers to execute arbitrary code via a crafted PNG image. cpe:/a:createauction:createauction CVE-2007-0112 2007-01-08T19:28:00.000-05:00 2008-11-15T01:38:49.127-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T10:08:00.000-05:00 ALLOWS_OTHER_ACCESS XF createauction-cats-sql-injection(31356) BID 21929 BUGTRAQ 20070107 createauction (cats.asp) Remote SQL Injection Vulnerability OSVDB 33406 SREASON 2111 SQL injection vulnerability in cats.asp in createauction allows remote attackers to execute arbitrary SQL commands via the catid parameter. cpe:/a:packeteer:packetwise:8.0 CVE-2007-0113 2007-01-08T19:28:00.000-05:00 2008-11-15T01:38:49.360-05:00 6.8 NETWORK LOW SINGLE_INSTANCE NONE NONE COMPLETE http://nvd.nist.gov 2007-01-09T10:16:00.000-05:00 XF packetshaper-argument-dos(31357) BID 21933 BUGTRAQ 20070108 Packeteer PacketWise CLI overflow DoS VUPEN ADV-2007-0098 SECUNIA 23685 OSVDB 31656 SREASON 2110 Buffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote authenticated users to cause a denial of service (reset or reboot) via (1) a long traffic class argument to the "class show" command or (2) a long POLICY parameter value in clastree.htm. cpe:/a:sun:java_system_content_delivery_server:5.0:pu1:solaris cpe:/a:sun:java_system_content_delivery_server:5.0::solaris CVE-2007-0114 2007-01-08T19:28:00.000-05:00 2008-11-15T01:38:49.577-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2007-01-09T10:11:00.000-05:00 VUPEN ADV-2007-0076 SUNALERT 102764 SECUNIA 23630 XF sun-java-cds-info-disclosure(31345) BID 21908 OSVDB 32645 Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote attackers to obtain sensitive information regarding "content details" via unspecified vectors. cpe:/a:coppermine:coppermine_photo_gallery:1.4.10 CVE-2007-0115 2007-01-08T21:28:00.000-05:00 2008-11-15T01:38:49.983-05:00 6.0 NETWORK MEDIUM SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T10:13:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20070105 Coppermine Photo Gallery <= 1.4.10 SQL Injection Exploit VIM 20070108 Source verify - Coppermine Photo Gallery <= 1.4.10 code injection OSVDB 33383 MISC http://acid-root.new.fr/poc/19070104.txt SREASON 2107 Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php. cpe:/a:digger_solutions:intranet_open_source CVE-2007-0116 2007-01-08T21:28:00.000-05:00 2008-11-15T01:38:50.627-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T10:15:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20070105 Intranet Open Source Remote Password Disclosure "intranet.mdb" OSVDB 33379 XF intranet-intranet-info-disclosure(31308) SREASON 2109 Digger Solutions Intranet Open Source (IOS) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for data/intranet.mdb. cpe:/o:apple:mac_os_x_server:10.4.8 cpe:/o:apple:mac_os_x:10.4.8 CVE-2007-0117 2007-01-08T21:28:00.000-05:00 2008-11-15T01:38:50.797-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2007-01-09T10:20:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 21899 MISC http://projects.info-pull.com/moab/MOAB-05-01-2007.html OSVDB 31167 VUPEN ADV-2007-0074 SECUNIA 23653 DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation. cpe:/a:edittag:edittag:1.2 CVE-2007-0118 2007-01-08T21:28:00.000-05:00 2008-11-15T01:38:51.000-05:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2007-01-09T10:26:00.000-05:00 BID 21890 BUGTRAQ 20070105 Multiple bugs in EditTag OSVDB 33396 OSVDB 33395 OSVDB 33394 OSVDB 33393 SECUNIA 7950 Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to (1) edittag.cgi, (2) edittag.pl, (3) edittag_mp.cgi, or (4) edittag_mp.pl. cpe:/a:edittag:edittag:1.2 CVE-2007-0119 2007-01-08T21:28:00.000-05:00 2008-11-15T01:38:51.267-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T10:27:00.000-05:00 ALLOWS_OTHER_ACCESS BID 21891 BUGTRAQ 20070105 Multiple bugs in EditTag OSVDB 33392 OSVDB 33391 OSVDB 33390 SECUNIA 7950 Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.cgi. cpe:/a:acunetix:web_vulnerability_scanner:4.0_build_2006-07-17 CVE-2007-0120 2007-01-08T21:28:00.000-05:00 2008-11-15T01:38:51.530-05:00 1.9 LOCAL MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov 2007-01-09T10:28:00.000-05:00 XF acunetix-content-length-dos(31279) BID 21898 MILW0RM 3078 OSVDB 37580 MILW0RM 3078 Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values. cpe:/a:michael_romedahl:ri_blog:1.3 CVE-2007-0121 2007-01-08T21:28:00.000-05:00 2008-11-15T01:38:51.877-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T10:41:00.000-05:00 ALLOWS_OTHER_ACCESS BID 21880 BUGTRAQ 20070105 RI Blog 1.3 XSS Vuln. OSVDB 31637 XF riblog-search-xss(31317) VUPEN ADV-2007-0083 SREASON 2108 SECUNIA 23657 Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter. cpe:/a:coppermine:coppermine_photo_gallery:1.3 cpe:/a:coppermine:coppermine_photo_gallery:1.1_beta_2 cpe:/a:coppermine:coppermine_photo_gallery:1.2 cpe:/a:coppermine:coppermine_photo_gallery:1.1 cpe:/a:coppermine:coppermine_photo_gallery:1.3.2 cpe:/a:coppermine:coppermine_photo_gallery:1.3.3 cpe:/a:coppermine:coppermine_photo_gallery:1.3.4 cpe:/a:coppermine:coppermine_photo_gallery:1.0 cpe:/a:coppermine:coppermine_photo_gallery:1.2.2_b cpe:/a:coppermine:coppermine_photo_gallery:1.4.4 cpe:/a:coppermine:coppermine_photo_gallery:1.0_rc3 cpe:/a:coppermine:coppermine_photo_gallery:1.4.9 cpe:/a:coppermine:coppermine_photo_gallery:1.2.1 cpe:/a:coppermine:coppermine_photo_gallery:1.4.10 cpe:/a:coppermine:coppermine_photo_gallery:1.2.2_b-nuke CVE-2007-0122 2007-01-08T21:28:00.000-05:00 2008-11-15T01:38:52.017-05:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-10T00:34:00.000-05:00 ALLOWS_OTHER_ACCESS BID 21894 BUGTRAQ 20070105 Coppermine Photo Gallery <= 1.4.10 SQL Injection Exploit OSVDB 35856 OSVDB 35855 OSVDB 35854 OSVDB 35853 OSVDB 35852 MISC http://acid-root.new.fr/poc/19070104.txt SREASON 2123 SECUNIA 25846 MILW0RM 3085 Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions. cpe:/a:uber_uploader:uber_uploader:4.2 CVE-2007-0123 2007-01-08T21:28:00.000-05:00 2008-09-05T17:17:04.447-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T11:06:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20070105 Uber Uploader 4.2 Arbitrary File Upload Vulnerability XF uber-uploader-phtml-file-upload(31303) SREASON 2116 Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations. cpe:/a:drupal:drupal:4.7.2 cpe:/a:drupal:drupal:4.6 cpe:/a:drupal:drupal:4.6.7 cpe:/a:drupal:drupal:4.7.1 cpe:/a:drupal:drupal:4.6.6 cpe:/a:drupal:drupal:4.7 cpe:/a:drupal:drupal:4.7.0 cpe:/a:drupal:drupal:4.6.5 cpe:/a:drupal:drupal:4.6.4 cpe:/a:drupal:drupal:4.6.9 cpe:/a:drupal:drupal:4.6.8 cpe:/a:drupal:drupal:4.6.3 cpe:/a:drupal:drupal:4.6.2 cpe:/a:drupal:drupal:4.7.4 cpe:/a:drupal:drupal:4.6.1 cpe:/a:drupal:drupal:4.7.3 cpe:/a:drupal:drupal:4.6.0 cpe:/a:drupal:drupal:4.6.10 CVE-2007-0124 2007-01-08T21:28:00.000-05:00 2008-11-15T01:38:52.327-05:00 3.5 NETWORK MEDIUM SINGLE_INSTANCE NONE NONE PARTIAL http://nvd.nist.gov 2007-01-09T11:08:00.000-05:00 BID 21895 BUGTRAQ 20070105 [DRUPAL-SA-2007-002] Drupal 4.6.11 / 4.7.5 fixes DoS issue VUPEN ADV-2007-0051 SECUNIA 23586 CONFIRM http://drupal.org/node/104238 OSVDB 32131 SREASON 2115 Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist. cpe:/a:kaspersky_lab:kaspersky_antivirus_engine:5.5.10::linux cpe:/a:kaspersky_lab:kaspersky_antivirus_engine:6.0::windows CVE-2007-0125 2007-01-08T21:28:00.000-05:00 2008-11-15T01:38:52.547-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2007-01-09T11:10:00.000-05:00 XF kaspersky-antivirus-pe-dos(31315) BID 21901 VUPEN ADV-2007-0067 SECTRACK 1017476 SECUNIA 23575 OSVDB 32588 IDEFENSE 20070105 Kaspersky Antivirus Scan Engine PE File Denial of Service Vulnerability Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file. cpe:/a:opera_software:opera:9.02 CVE-2007-0126 2007-01-08T21:28:00.000-05:00 2008-11-15T01:38:52.750-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2007-01-09T11:13:00.000-05:00 CONFIRM http://www.opera.com/support/search/supsearch.dml?index=852 VUPEN ADV-2007-0060 XF opera-jpeg-dht-bo(31305) GENTOO GLSA-200701-08 SECTRACK 1017473 SECUNIA 23771 SECUNIA 23739 SECUNIA 23613 OSVDB 31574 SUSE SUSE-SA:2007:009 IDEFENSE 20070105 Opera Software Opera Web Browser JPG Image DHT Marker Heap Corruption Vulnerability Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table (DHT) marker. cpe:/a:opera_software:opera:9.01 cpe:/a:opera_software:opera:9.02 cpe:/a:opera_software:opera:9.0 CVE-2007-0127 2006-11-16T00:00:00.000-05:00 2007-01-08T21:28:00.000-05:00 2008-11-15T01:38:53.233-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2007-01-09T17:35:00.000-05:00 VUPEN ADV-2007-0060 SECUNIA 23613 IDEFENSE 20070105 Opera Software Opera Web Browser createSVGTransformFromMatrix Object Typecasting Vulnerability CONFIRM http://www.opera.com/support/search/supsearch.dml?index=851 GENTOO GLSA-200701-08 SECTRACK 1017473 SECUNIA 23771 SECUNIA 23739 OSVDB 31575 SUSE SUSE-SA:2007:009 The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call. cpe:/a:digiappz:digirez:3.4 CVE-2007-0128 2007-01-09T06:28:00.000-05:00 2008-11-15T01:38:53.453-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T13:20:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2007-0053 SECUNIA 23606 OSVDB 31677 MILW0RM 3081 SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter. cpe:/a:locazo:locazolist_classifieds:2.01a_beta5 CVE-2007-0129 2007-01-09T06:28:00.000-05:00 2008-11-15T01:38:53.627-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T13:21:00.000-05:00 ALLOWS_OTHER_ACCESS XF locazolist-main-sql-injection(31242) MILW0RM 3073 OSVDB 35813 VUPEN ADV-2007-0052 MILW0RM 3073 SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatID parameter. cpe:/a:igeneric:ig_calendar:1.0 CVE-2007-0130 2007-01-09T06:28:00.000-05:00 2008-11-15T01:38:54.140-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T13:26:00.000-05:00 ALLOWS_OTHER_ACCESS BID 21873 MILW0RM 3082 VUPEN ADV-2007-0055 SECUNIA 23602 OSVDB 31678 XF igcalendar-user-sql-injection(31300) BUGTRAQ 20070105 IG Calendar SQL Injection MILW0RM 3082 SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. cpe:/a:jamwiki:jamwiki:0.4.3 CVE-2007-0131 2007-01-09T06:28:00.000-05:00 2008-11-15T01:38:54.280-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T13:31:00.000-05:00 ALLOWS_OTHER_ACCESS CONFIRM http://sourceforge.net/project/shownotes.php?group_id=171441&release_id=475663 SECUNIA 23634 OSVDB 32581 XF jamwiki-permission-security-bypass(31296) BID 21879 JAMWiki before 0.5.0 does not properly check permissions during moves of "read-only or admin-only topics," which allows remote attackers to make unauthorized changes to the wiki. cpe:/a:igeneric:ig_shop:1.4 CVE-2007-0132 2007-01-09T06:28:00.000-05:00 2008-11-15T01:38:54.877-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T13:33:00.000-05:00 ALLOWS_OTHER_ACCESS MILW0RM 3083 VUPEN ADV-2007-0056 SECUNIA 23604 MISC http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt OSVDB 33385 XF igshop-compareproduct-sql-injection(31299) BID 21874 BUGTRAQ 20070105 IG Shop remote code execution MILW0RM 3083 SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. cpe:/a:igeneric:ig_shop:1.4 CVE-2007-0133 2007-01-09T06:28:00.000-05:00 2008-11-15T01:38:55.077-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T13:38:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2007-0056 OSVDB 33386 Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter. cpe:/a:igeneric:ig_shop:1.4 cpe:/a:igeneric:ig_shop:1.0 CVE-2007-0134 2007-01-09T06:28:00.000-05:00 2008-11-15T01:38:56.127-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T13:41:00.000-05:00 ALLOWS_OTHER_ACCESS XF igshop-cartpage-code-execution(31301) BID 21875 BUGTRAQ 20070619 iG Shop 1.4 eval Inclusion Vulnerability BUGTRAQ 20070105 IG Shop remote code execution MILW0RM 3083 VUPEN ADV-2007-0056 VIM 20070618 Dup: iG Shop 1.4 (page.php) Remote Code Execution Exploit SECUNIA 23604 MISC http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt OSVDB 33388 OSVDB 33387 MILW0RM 3083 Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4. cpe:/a:aratix:aratix:0.2.2_beta_11 CVE-2007-0135 2007-01-09T06:28:00.000-05:00 2008-11-15T01:38:56.297-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T13:45:00.000-05:00 ALLOWS_OTHER_ACCESS MILW0RM 3079 VUPEN ADV-2007-0054 VIM 20070108 Source verify of Aratix RFI MISC http://securityreason.com/exploitalert/1698 OSVDB 33405 XF aratix-init-file-include(31282) MILW0RM 3079 PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the current_path parameter. cpe:/a:drupal:drupal:4.6.10 cpe:/a:drupal:drupal:4.7.4 CVE-2007-0136 2007-01-09T06:28:00.000-05:00 2008-11-15T01:38:56.563-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T13:50:00.000-05:00 ALLOWS_OTHER_ACCESS CONFIRM http://drupal.org/node/104233 VUPEN ADV-2007-0050 OSVDB 32140 OSVDB 32139 FULLDISC 20070105 [DRUPAL-SA-2007-001] Drupal 4.6.11 / 4.7.5 fixes XF drupal-core-unspecified-xss(31311) BUGTRAQ 20070105 [DRUPAL-SA-2007-001] Drupal 4.6.11 / 4.7.5 fixes XSS issue CONFIRM http://drupal.org/files/sa-2007-001/advisory.txt Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information. cpe:/a:serendipitynz:serene_bach_sb:1.13d cpe:/a:serendipitynz:serene_bach:2.08d cpe:/a:serendipitynz:serene_bach:2.05r cpe:/a:serendipitynz:serene_bach:1.18r CVE-2007-0137 2007-01-09T06:28:00.000-05:00 2008-11-15T01:38:57.170-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T13:56:00.000-05:00 ALLOWS_OTHER_ACCESS SECUNIA 23623 CONFIRM http://serenebach.net/log/sb209R.html CONFIRM http://serenebach.net/log/sb119R.html OSVDB 32580 JVN JVN#65500885 XF serene-bach-unspecified-xss(31302) BID 21884 VUPEN ADV-2007-0065 SECTRACK 1017470 Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ Serene Bach 2.05R and earlier, and 2.08D and earlier in the 2.08 series; and (2) sb 1.13D and earlier, and 1.18R and earlier in the 1.18 series; allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. cpe:/a:fersch:formbankserver:1.9 CVE-2007-0138 2007-01-09T06:28:00.000-05:00 2008-11-15T01:38:57.420-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2007-01-09T13:53:00.000-05:00 XF formbankserver-formbank-dos(31216) SECUNIA 23539 OSVDB 32546 formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with (1) AbfrageForm or (2) EingabeForm, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:hp:openvms:7.3_2::openvms_vax cpe:/a:hp:openvms:7.3::openvms_vax CVE-2007-0139 2007-01-09T06:28:00.000-05:00 2008-11-15T01:38:57.733-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-10T07:09:00.000-05:00 ALLOWS_USER_ACCESS SECUNIA 23636 CONFIRM ftp://ftp.itrc.hp.com/openvms_patches/vax/V7.3/VAX_DNVOSIMUP01-V0703.txt CONFIRM ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/AXP_DNVOSIMUP01-V0703-2.txt OSVDB 32586 OSVDB 32585 OSVDB 32584 OSVDB 32583 VUPEN ADV-2007-0063 Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain "unintended privileged access to data and system resources" via unspecified vectors, related to (1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.HLB, and (4) [SYSMGR]CTF$STARTUP.COM. cpe:/a:kolayindir_download:kolayindir_download CVE-2007-0140 2007-01-09T13:28:00.000-05:00 2008-11-15T01:38:58.267-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T14:02:00.000-05:00 ALLOWS_OTHER_ACCESS BID 21889 BUGTRAQ 20070105 Kolayindir Download (Yenionline) (tr) SqL Injection Vuln. VUPEN ADV-2007-0079 SECUNIA 23645 OSVDB 31625 XF kolayindirdownload-down-sql-injection(31320) SREASON 2122 SQL injection vulnerability in down.asp in Kolayindir Download (Yenionline) allows remote attackers to execute arbitrary SQL commands via the id parameter. cpe:/a:yet_another_link_directory:yet_another_link_directory:1.0 CVE-2007-0141 2007-01-09T13:28:00.000-05:00 2008-11-15T01:38:58.467-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T14:06:00.000-05:00 ALLOWS_OTHER_ACCESS BID 21904 BUGTRAQ 20070106 Yet Another Link Directory v1.0 VUPEN ADV-2007-0082 SECUNIA 23646 OSVDB 31626 XF yald-yald-xss(31322) SREASON 2121 Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. cpe:/a:shopstorenow:e-commerce_shopping_cart CVE-2007-0142 2007-01-09T13:28:00.000-05:00 2008-11-15T01:38:58.657-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T14:08:00.000-05:00 ALLOWS_OTHER_ACCESS BID 21905 BUGTRAQ 20070106 shopstorenow (orange.asp) sql injection VUPEN ADV-2007-0080 SECUNIA 23642 OSVDB 31665 XF shopstorenow-orange-sql-injection(31313) SREASON 2120 SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the CatID parameter. cpe:/a:nune:news_script:2.0_pre2 CVE-2007-0143 2007-01-09T13:28:00.000-05:00 2008-11-15T01:38:58.827-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T14:20:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2007-0078 SECUNIA 23635 OSVDB 31209 OSVDB 31208 MILW0RM 3090 XF nune-index-archives-file-include(31312) BUGTRAQ 20070107 NUNE News Script (custom_admin_path) Remote File Include Vulnerablity Multiple PHP remote file inclusion vulnerabilities in NUNE News Script 2.0pre2 allow remote attackers to execute arbitrary PHP code via a URL in the custom_admin_path parameter to (1) index.php or (2) archives.php. cpe:/a:digitizing_quote_and_ordering_system:digitizing_quote_and_ordering_system:1.0 CVE-2007-0144 2007-01-09T13:28:00.000-05:00 2008-11-15T01:38:59.000-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T14:23:00.000-05:00 ALLOWS_OTHER_ACCESS MILW0RM 3089 SECUNIA 23652 OSVDB 31690 XF qos-search-xss(31321) MILW0RM 3089 Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter. cpe:/a:bingo_news:bingo_news:3.01 CVE-2007-0145 2007-01-09T13:28:00.000-05:00 2008-11-15T01:38:59.267-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T14:26:00.000-05:00 ALLOWS_OTHER_ACCESS SECTRACK 1017477 OSVDB 35898 XF bingo-bnsmrep1-file-include(31328) PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP News (BP News) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter, a different vector than CVE-2006-4648 and CVE-2006-4649. cpe:/a:fix_and_chips_computer_services:fix_and_chips_cms:1.0 CVE-2007-0146 2007-01-09T13:28:00.000-05:00 2008-09-05T17:17:07.900-04:00 6.0 NETWORK MEDIUM SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T14:30:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20070106 Fix & Chips CMS v1.0 VUPEN ADV-2007-0081 SECUNIA 23625 XF fixandchips-multiple-scripts-xss(31319) OSVDB 32650 OSVDB 32649 OSVDB 32648 OSVDB 32647 OSVDB 32646 SREASON 2119 Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6) Address 2, (7) Town/City, (8) Postcode, (9) Phone Number, (10) Email Address and (11) Website Address form fields in (c) new_customer.php; and unspecified fields in (d) search.php and (e) client-results.php. cpe:/a:cuyahoga:cuyahoga:1.0.0 CVE-2007-0147 2007-01-09T13:28:00.000-05:00 2008-11-15T01:38:59.813-05:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2007-01-09T14:32:00.000-05:00 CONFIRM http://www.cuyahoga-project.org/10/section.aspx/61 SECUNIA 23662 CONFIRM http://cuyahoga.svn.sourceforge.net/viewvc/cuyahoga?view=rev&revision=551 OSVDB 32643 BID 21927 Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles. cpe:/a:omnigroup:omniweb:5.5.1 CVE-2007-0148 2007-01-09T13:28:00.000-05:00 2008-11-15T01:39:00.420-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T14:34:00.000-05:00 ALLOWS_USER_ACCESS CONFIRM http://www.omnigroup.com/applications/omniweb/releasenotes/ VUPEN ADV-2007-0075 SECUNIA 23624 MISC http://projects.info-pull.com/moab/MOAB-07-01-2007.html OSVDB 31222 XF omniweb-alert-format-string(31324) BID 21911 BUGTRAQ 20070111 DMA[2007-0107a] OmniWeb Javascript Alert Format String Vulnerabiity and DMA[2007-0109a] Apple Finder Disk Image Volume Label Overflow / DoS MILW0RM 3098 MISC http://www.digitalmunition.com/DMA%5B2007-0107a%5D.txt MILW0RM 3098 CONFIRM http://blog.omnigroup.com/2007/01/07/omniweb-552-now-available-and-more-secure/ Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function. cpe:/a:ememberspro:ememberspro:1.0 CVE-2007-0149 2007-01-09T13:28:00.000-05:00 2008-11-15T01:39:00.547-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T14:37:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20070107 EMembersPro 1.0 Remote Password Disclosure Vulnerability OSVDB 33403 XF ememberspro-users-info-disclosure(31329) SREASON 2118 EMembersPro 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for users.mdb. cpe:/a:dayfox_designs:dayfox_blog:4 CVE-2007-0150 2007-01-09T13:28:00.000-05:00 2008-11-15T01:39:00.717-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T14:39:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20070107 Dayfox Blog Remote File Include Vuln. OSVDB 31259 XF dayfoxblog-index-file-include(31336) VUPEN ADV-2007-0099 SREASON 2117 SECUNIA 23661 Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters. cpe:/a:mitisoft:mitisoft CVE-2007-0151 2007-01-09T13:28:00.000-05:00 2008-11-15T01:39:01.000-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T15:45:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20070107 MitiSoft Remote Password Disclosure Vulnerability OSVDB 33409 XF mitisoft-mitisoft-info-disclosure(31341) MitiSoft stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for access_MS/MitiSoft.mdb. cpe:/a:ohhasp:ohhasp CVE-2007-0152 2007-01-09T13:28:00.000-05:00 2008-11-15T01:39:01.170-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T15:47:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20070106 ohhASP Remote Password Disclosure OSVDB 33381 MISC http://64.38.62.221/ariasecucom/forum/showthread.php?t=89 XF ohhasp-ohhasp-info-disclosure(31342) OhhASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/OhhASP.mdb. cpe:/a:adam_jarret:ajlogin:3.5 CVE-2007-0153 2007-01-09T13:28:00.000-05:00 2008-11-15T01:39:01.390-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T15:48:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20070107 AJLogin v3.5 Remote Password Disclosure Vulnerability OSVDB 33404 XF ajlogin-ajlogin-info-disclosure(31331) SREASON 2127 AJLogin 3.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for ajlogin.mdb. cpe:/a:webulas:webulas CVE-2007-0154 2007-01-09T13:28:00.000-05:00 2008-11-15T01:39:01.797-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T15:49:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20070107 Webulas Remote Password Disclosure Vulnerability OSVDB 33401 XF webulas-db-info-disclosure(31338) SREASON 2126 Webulas stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/db.mdb. cpe:/a:harikaonline:harikaonline:2.0 CVE-2007-0155 2007-01-09T13:28:00.000-05:00 2008-11-15T01:39:02.000-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T15:49:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20070107 HarikaOnline v2.0 Remote Password Disclosure Vulnerability OSVDB 33410 XF harikaonline-harikaonline-info-disclosure(31339) SREASON 2125 HarikaOnline 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for harikaonline.mdb. cpe:/a:m-core:m-core CVE-2007-0156 2007-01-09T13:28:00.000-05:00 2008-11-15T01:39:02.360-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-09T15:50:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20070107 M-Core Remote Password Disclosure Vulnerability OSVDB 33402 XF mcore-uyelik-info-disclosure(31340) SREASON 2124 M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb. cpe:/a:neon:neon:0.26.2 cpe:/a:neon:neon:0.26.1 cpe:/a:neon:neon:0.26.0 CVE-2007-0157 2007-01-09T16:28:00.000-05:00 2008-11-15T01:39:03.453-05:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2007-01-09T16:38:00.000-05:00 OSVDB 39247 MLIST [neon] 20070107 invalid chars cause sigserv in neon CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi/neon26_0.26.2-3_to_mdx1.diff?bug=404723;msg=5;att=2 CONFIRM http://www.webdav.org/cadaver/ BID 22035 SUSE SUSE-SR:2007:002 MANDRIVA MDKSA-2007:013 VUPEN ADV-2007-0362 VUPEN ADV-2007-0172 SECUNIA 23984 SECUNIA 23763 SECUNIA 23751 MLIST [cadaver] 20070123 release 0.22.5 Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index. cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:works:2004 cpe:/a:microsoft:works:2005 cpe:/a:microsoft:excel:2003 cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:office:v.x::mac cpe:/a:microsoft:excel_viewer:2003 cpe:/a:microsoft:excel:2002 cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:excel:2000 CVE-2007-0027 2007-01-09T17:28:00.000-05:00 2008-09-05T17:16:50.107-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2007-01-10T07:23:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA07-009A CERT-VN VU#749964 BID 21856 MS MS07-002 VUPEN ADV-2007-0103 SECTRACK 1017487 HP HPSBST02184 OSVDB 31255 Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption. cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:works:2004 cpe:/a:microsoft:works:2005 cpe:/a:microsoft:excel:2003 cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:office:v.x::mac cpe:/a:microsoft:excel_viewer:2003 cpe:/a:microsoft:excel:2002 cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:excel:2000 CVE-2007-0028 2007-01-09T18:28:00.000-05:00 2008-09-05T17:16:50.277-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2007-01-10T07:22:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#493185 CERT TA07-009A MS MS07-002 VUPEN ADV-2007-0103 BID 21952 HP SSRT071296 OSVDB 31249 MISC http://www.fortinet.com/FortiGuardCenter/advisory/FGA-2007-01.html MISC http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-30.html SECTRACK 1017485 SECUNIA 23676 Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used. cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:works:2004 cpe:/a:microsoft:works:2005 cpe:/a:microsoft:excel:2003 cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:office:v.x::mac cpe:/a:microsoft:excel_viewer:2003 cpe:/a:microsoft:excel:2002 cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:excel:2000 CVE-2007-0029 2007-01-09T18:28:00.000-05:00 2008-09-05T17:16:50.467-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2007-01-10T07:22:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA07-009A MS MS07-002 BID 21877 HP SSRT071296 OSVDB 31256 VUPEN ADV-2007-0103 SECTRACK 1017487 Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability." cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:works:2004 cpe:/a:microsoft:works:2005 cpe:/a:microsoft:excel:2003 cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:office:v.x::mac cpe:/a:microsoft:excel_viewer:2003 cpe:/a:microsoft:excel:2002 cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:excel:2000 CVE-2007-0030 2007-01-09T18:28:00.000-05:00 2008-09-05T17:16:50.653-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2007-01-10T07:22:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA07-009A CERT-VN VU#302836 MS MS07-002 IDEFENSE 20070109 Microsoft Excel Invalid Column Heap Corruption Vulnerability BID 21925 HP SSRT071296 OSVDB 31257 VUPEN ADV-2007-0103 SECTRACK 1017487 Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory. cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:works:2004 cpe:/a:microsoft:works:2005 cpe:/a:microsoft:excel:2003 cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:office:v.x::mac cpe:/a:microsoft:excel_viewer:2003 cpe:/a:microsoft:excel:2002 cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:excel:2000 CVE-2007-0031 2007-01-09T18:28:00.000-05:00 2008-09-05T17:16:50.823-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2007-01-10T07:21:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA07-009A CERT-VN VU#625532 MS MS07-002 IDEFENSE 20070109 Microsoft Excel Long Palette Heap Overflow Vulnerability BID 21922 HP HPSBST02184 OSVDB 31258 VUPEN ADV-2007-0103 SECTRACK 1017487 Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries. cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:outlook:2003 cpe:/a:microsoft:outlook:2002 cpe:/a:microsoft:outlook:2000 cpe:/a:microsoft:office:2000:sp3 CVE-2007-0033 2007-01-09T18:28:00.000-05:00 2008-09-05T17:16:51.013-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2007-01-10T07:24:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA07-009A CERT-VN VU#476900 MS MS07-003 BID 21931 HP HPSBST02184 OSVDB 31252 VUPEN ADV-2007-0104 SECTRACK 1017488 SECUNIA 23674 Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file. cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:outlook:2003 cpe:/a:microsoft:outlook:2002 cpe:/a:microsoft:outlook:2000 cpe:/a:microsoft:office:2000:sp3 CVE-2007-0034 2007-01-09T18:28:00.000-05:00 2008-09-05T17:16:51.183-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2007-01-10T07:25:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA07-009A CERT-VN VU#271860 MS MS07-003 BID 21936 HP SSRT071296 BUGTRAQ 20070111 Computer Terrorism (UK) :: Incident Response Centre - Microsoft Outlook Vulnerability OSVDB 31254 VUPEN ADV-2007-0104 MISC http://www.computerterrorism.com/research/ct09-01-2007.htm SECTRACK 1017488 SECUNIA 23674 Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability." cpe:/a:microsoft:ie:7.0 cpe:/a:microsoft:ie:6.0:sp1 cpe:/a:microsoft:ie:5.01:sp4 CVE-2007-0024 2007-01-09T18:28:00.000-05:00 2009-04-23T01:17:35.593-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2007-01-10T00:25:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#122084 CERT TA07-009A XF ie-vml-record-bo(31287) BID 21930 OSVDB 31250 MS MS07-004 VUPEN ADV-2007-0105 MSKB 929969 SECTRACK 1017489 SECUNIA 23677 IDEFENSE 20070109 Microsoft Windows VML Element Integer Overflow Vulnerability HP HPSBST02184 HP HPSBST02184 BUGTRAQ 20070117 Re: MS07-004 VML Integer Overflow Exploit BUGTRAQ 20070116 MS07-004 VML Integer Overflow Exploit VUPEN ADV-2007-0129 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability." cpe:/a:geoip:geoip:1.4.0 CVE-2007-0159 2007-01-09T19:28:00.000-05:00 2008-11-15T01:39:03.750-05:00 6.4 NETWORK LOW NONE NONE PARTIAL PARTIAL http://nvd.nist.gov 2007-01-10T09:30:00.000-05:00 MANDRIVA MDKSA-2007:004 MISC http://arctic.org/~dean/patches/GeoIP-1.4.0-update-vulnerability.patch OSVDB 31618 XF geoip-geoipupdate-directory-traversal(31383) UBUNTU USN-412-1 BID 21959 MANDRIVA MDKSA-2007:004 VUPEN ADV-2007-0118 VUPEN ADV-2007-0117 SECUNIA 23906 SECUNIA 23880 Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the database filename, which is returned by a request to app/update_getfilename. cpe:/a:centericq:centericq:4.14 cpe:/a:centericq:centericq:4.9.12 cpe:/a:centericq:centericq:4.13 cpe:/a:centericq:centericq:4.9.11 cpe:/a:centericq:centericq:4.12 cpe:/a:centericq:centericq:4.21 cpe:/a:centericq:centericq:4.20 CVE-2007-0160 2007-01-09T19:28:00.000-05:00 2008-11-15T00:00:00.000-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-10T09:38:00.000-05:00 ALLOWS_OTHER_ACCESS XF centericq-username-bo(31330) BID 21932 BUGTRAQ 20070107 TK53 Advisory #1: CenterICQ remote DoS buffer overflow in LiveJournal handling GENTOO GLSA-200701-20 VUPEN ADV-2007-0306 SECTRACK 1017545 SREASON 2129 OSVDB 33408 Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings. cpe:/h:hp:psc_2200 cpe:/h:hp:psc_1210_all-in-one cpe:/h:hp:psc_2100 cpe:/h:hp:officejet_6100 cpe:/h:hp:psc_2400_photosmart_all-in-one cpe:/h:hp:psc_900 cpe:/h:hp:psc_2510_photosmart cpe:/a:hp:pml_driver_hpz12 cpe:/h:hp:officejet_g cpe:/h:hp:psc_1300 cpe:/h:hp:officejet_d cpe:/h:hp:officejet_k cpe:/h:hp:psc_1100 cpe:/h:hp:psc_700 cpe:/h:hp:psc_1200 cpe:/h:hp:psc_2500_photosmart_all-in-one cpe:/h:hp:officejet_5500 cpe:/h:hp:officejet_7100 cpe:/h:hp:officejet_4100 cpe:/h:hp:officejet_5100 cpe:/h:hp:color_laserjet_4650 CVE-2007-0161 2006-05-29T00:00:00.000-04:00 2007-01-09T19:28:00.000-05:00 2008-11-15T01:39:04.063-05:00 4.1 LOCAL MEDIUM SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-10T09:41:00.000-05:00 ALLOWS_USER_ACCESS BID 21935 BUGTRAQ 20070108 HP Multiple Products PML Driver Local Privilege Escalation VUPEN ADV-2007-0094 MISC http://secway.org/advisory/AD20070108.txt SECUNIA 23663 OSVDB 32654 XF pml-driver-config-privilege-escalation(31361) SREASON 2128 The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023. cpe:/a:unsanity:application_enhancer:2.0.2 CVE-2007-0162 2007-01-09T19:28:00.000-05:00 2008-11-15T01:39:04.187-05:00 6.8 LOCAL LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2007-01-10T09:47:00.000-05:00 ALLOWS_ADMIN_ACCESS MISC http://projects.info-pull.com/moab/MOAB-08-01-2007.html OSVDB 32661 MISC http://landonf.bikemonkey.org/code/macosx/MOAB_Day_8.20070109002959.18582.timor.html XF ape-appenhancer-privilege-escalation(31349) BID 21951 SECUNIA 23649 Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing the binary or library files. cpe:/a:securekit:securekit_steganography:1.8 cpe:/a:securekit:securekit_steganography:1.7.1 CVE-2007-0163 2007-01-09T19:28:00.000-05:00 2008-11-15T01:39:04.420-05:00 7.8 NETWORK LOW NONE COMPLETE NONE NONE http://nvd.nist.gov 2007-01-10T09:44:00.000-05:00 BUGTRAQ 20070106 Cracking Steganography Application in less than ONE minute SECUNIA 23639 OSVDB 31244 MISC http://homepage.mac.com/adonismac/Advisory/steg/steganography.html XF steganography-password-security-bypass(31378) BUGTRAQ 20070107 A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version) SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information. cpe:/a:camouflage:camouflage:1.2.1 CVE-2007-0164 2007-01-09T19:28:00.000-05:00 2008-11-15T01:39:04.780-05:00 7.8 NETWORK LOW NONE COMPLETE NONE NONE http://nvd.nist.gov 2007-01-10T09:46:00.000-05:00 BID 21939 SECUNIA 23578 OSVDB 32651 MISC http://homepage.mac.com/adonismac/Advisory/steg/camouflage.html XF camouflage-password-security-bypass(31375) BUGTRAQ 20070107 A Major design Bug in Camouflage 1.2.1 (latest) Camouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing certain bytes of the JPEG image with alternate password information. cpe:/o:sun:solaris:8.0 cpe:/o:sun:solaris:9.0::sparc CVE-2007-0165 2007-01-09T19:28:00.000-05:00 2009-03-04T01:10:26.547-05:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2007-01-10T09:48:00.000-05:00 SUNALERT 102713 OSVDB 31576 XF solaris-rpcbind-dos(31366) BID 21964 VUPEN ADV-2007-0110 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-036.htm SECTRACK 1017492 SECUNIA 24056 SECUNIA 23700 Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind. cpe:/a:wgs-ppc:wgs-ppc cpe:/a:ppc_search_engine:ppc_search_engine:1.61 CVE-2007-0167 2007-01-09T20:28:00.000-05:00 2008-09-05T17:17:10.980-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL<