cpe:/o:redhat:enterprise_linux:4.0::linux_kernel_2.6.9

CVE-2007-0001

2007-03-02T16:18:00.000-05:00

2010-08-21T00:59:47.033-04:00

4.7

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-03-05T16:40:00.000-05:00

REDHAT RHSA-2007:0085 MISC http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223129 SECTRACK 1017705 BID 22737 SECUNIA 24300 OSVDB 33031 The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped.

cpe:/a:libwpd:libwpd_library:0.8.2 cpe:/a:libwpd:libwpd_library:0.8.6 cpe:/a:libwpd:libwpd_library:0.8.8 cpe:/a:libwpd:libwpd_library:0.8.7

CVE-2007-0002

2007-03-16T17:19:00.000-04:00

2011-09-09T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-03-19T08:14:00.000-04:00

ALLOWS_ADMIN_ACCESS

VUPEN ADV-2007-1339 VUPEN ADV-2007-1032 VUPEN ADV-2007-0976 UBUNTU USN-437-1 SECTRACK 1017789 BID 23006 BUGTRAQ 20070316 rPSA-2007-0057-1 libwpd REDHAT RHSA-2007:0055 MANDRIVA MDKSA-2007:064 MANDRIVA MDKSA-2007:063 GENTOO GLSA-200704-12 DEBIAN DSA-1270 DEBIAN DSA-1268 SUNALERT 102863 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=494122 SLACKWARE SSA-2007-085-02 GENTOO GLSA-200704-07 SECUNIA 24906 SECUNIA 24856 SECUNIA 24794 SECUNIA 24613 SECUNIA 24593 SECUNIA 24591 SECUNIA 24588 SECUNIA 24581 SECUNIA 24580 SECUNIA 24573 SECUNIA 24572 SECUNIA 24557 SECUNIA 24507 SECUNIA 24465 SUSE SUSE-SA:2007:023 IDEFENSE 20070316 Multiple Vendor libwpd Multiple Buffer Overflow Vulnerabilities FEDORA FEDORA-2007-350 Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. NOTE: the integer overflow has been split into CVE-2007-1466.

cpe:/o:andrew_morgan:linux_pam:0.99.7.0

CVE-2007-0003

2007-01-23T16:28:00.000-05:00

2011-03-07T21:48:10.923-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-01-23T16:53:00.000-05:00

ALLOWS_ADMIN_ACCESS

MLIST [pam-list] 20070123 Linux-PAM 0.99.7.1 released VUPEN ADV-2007-0323 MLIST [fedora-devel-list] 20070122 Re: rawhide report: 20070120 changes MLIST [fedora-devel-list] 20070122 Re: rawhide report: 20070120 changes OSVDB 32017 XF linuxpam-pamunix-security-bypass(31739) BID 22204 SUSE SUSE-SR:2007:003 SECUNIA 23858 pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.

cpe:/o:redhat:enterprise_linux:3.0

CVE-2007-0004

2007-09-18T15:17:00.000-04:00

2008-09-05T17:16:46.527-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2007-09-19T15:34:00.000-04:00

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=199715 The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the server would deny, and possibly obtain sensitive information about file permissions on the server, as demonstrated in a root_squash environment. NOTE: it is uncertain whether any scenarios involving this issue cross privilege boundaries.

cpe:/a:omnikey.aaitg:omnikey_cardman_4040

CVE-2007-0005

2007-03-09T19:19:00.000-05:00

2012-03-19T00:00:00.000-04:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-03-12T10:00:00.000-04:00

ALLOWS_ADMIN_ACCESS

CONFIRM http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.21-rc3 CONFIRM https://issues.rpath.com/browse/RPL-1035 XF kernel-cardman4040drivers-bo(32880) VUPEN ADV-2007-0872 UBUNTU USN-489-1 UBUNTU USN-486-1 BID 22870 BUGTRAQ 20070309 Buffer Overflow in Linux Drivers for Omnikey CardMan 4040 (CVE-2007-0005) BUGTRAQ 20070615 rPSA-2007-0124-1 kernel xen REDHAT RHSA-2007:0099 OSVDB 33023 MANDRIVA MDKSA-2007:078 DEBIAN DSA-1286 SECUNIA 26139 SECUNIA 26133 SECUNIA 25691 SECUNIA 25078 SECUNIA 24901 SECUNIA 24777 SECUNIA 24518 SECUNIA 24436 FEDORA FEDORA-2007-336 FEDORA FEDORA-2007-335 Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges.

cpe:/o:linux:linux_kernel:2.6.9:2.6.20 cpe:/o:linux:linux_kernel:2.6.20

CVE-2007-0006

2007-02-06T14:28:00.000-05:00

2010-09-15T00:00:00.000-04:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-02-06T17:25:00.000-05:00

CONFIRM https://issues.rpath.com/browse/RPL-1097 CONFIRM https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=227495 UBUNTU USN-451-1 BID 22539 BUGTRAQ 20070615 rPSA-2007-0124-1 kernel xen REDHAT RHSA-2007:0099 REDHAT RHSA-2007:0085 SUSE SUSE-SA:2007:021 MANDRIVA MDKSA-2007:060 MANDRIVA MDKSA-2007:047 SECUNIA 25691 SECUNIA 24752 SECUNIA 24547 SECUNIA 24482 SECUNIA 24429 SECUNIA 24300 SECUNIA 24259 SECUNIA 24109 CONFIRM http://bugzilla.kernel.org/show_bug.cgi?id=7727 The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion."

cpe:/a:gnucash:gnucash:2.0.4

CVE-2007-0007

2007-02-19T21:28:00.000-05:00

2011-03-07T21:48:11.297-05:00

3.6

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-02-20T14:38:00.000-05:00

SECUNIA 24225 CONFIRM https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223233 VUPEN ADV-2007-0653 XF gnucash-symlink(32558) BID 22610 MANDRIVA MDKSA-2007:046 CONFIRM http://sourceforge.net/project/shownotes.php?group_id=192&release_id=487446 SECUNIA 24317 SECUNIA 24226 FEDORA FEDORA-2007-256 gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files.

cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:firefox:1.4.1 cpe:/a:mozilla:firefox:0.9 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:network_security_services:3.11.4 cpe:/a:mozilla:firefox:0.6 cpe:/a:mozilla:firefox:0.10 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0:preview_release cpe:/a:mozilla:thunderbird:0.9 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:firefox:0.7.1 cpe:/a:mozilla:thunderbird:0.3 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:firefox:0.10.1 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:thunderbird:0.7.2 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:firefox:0.2 cpe:/a:mozilla:thunderbird:0.1 cpe:/a:mozilla:firefox:0.1 cpe:/a:mozilla:thunderbird:0.8 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:thunderbird:0.4 cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:0.4 cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:thunderbird:0.5 cpe:/a:mozilla:thunderbird:0.2 cpe:/a:mozilla:network_security_services:3.11.2 cpe:/a:mozilla:firefox:0.9.2 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:0.8 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:0.3 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:thunderbird:0.7 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:0.7 cpe:/a:mozilla:thunderbird:0.7.1 cpe:/a:mozilla:firefox:0.5 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:network_security_services:3.11.3 cpe:/a:mozilla:thunderbird:0.6 cpe:/a:mozilla:firefox:0.9.1 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:thunderbird:0.7.3 cpe:/a:mozilla:firefox:0.9.3 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:firefox:0.6.1 cpe:/a:mozilla:firefox:0.9:rc cpe:/a:mozilla:seamonkey:1.0.1

CVE-2007-0008

2007-02-26T15:28:00.000-05:00

2011-10-11T00:00:00.000-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-02-27T16:09:00.000-05:00

ALLOWS_OTHER_ACCESS

CERT-VN VU#377812 CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-06.html CONFIRM https://issues.rpath.com/browse/RPL-1103 CONFIRM https://issues.rpath.com/browse/RPL-1081 MISC https://bugzilla.mozilla.org/show_bug.cgi?id=364319 XF nss-mastersecret-bo(32666) VUPEN ADV-2007-2141 VUPEN ADV-2007-1165 VUPEN ADV-2007-0719 VUPEN ADV-2007-0718 UBUNTU USN-431-1 UBUNTU USN-428-1 SECTRACK 1017696 BID 22694 BUGTRAQ 20070303 rPSA-2007-0040-3 firefox thunderbird BUGTRAQ 20070226 rPSA-2007-0040-1 firefox REDHAT RHSA-2007:0108 REDHAT RHSA-2007:0097 REDHAT RHSA-2007:0079 REDHAT RHSA-2007:0078 OSVDB 32105 MANDRIVA MDKSA-2007:052 GENTOO GLSA-200703-22 DEBIAN DSA-1336 SUNALERT 102856 GENTOO GLSA-200703-18 SECUNIA 24703 SECUNIA 24650 SECUNIA 24562 SECUNIA 24522 SECUNIA 24410 SECUNIA 24395 SECUNIA 24389 SECUNIA 24384 SECUNIA 24343 SECUNIA 24333 SECUNIA 24328 SECUNIA 24320 SECUNIA 24293 SECUNIA 24290 SECUNIA 24287 SECUNIA 24277 SECUNIA 24253 SECUNIA 24252 SECUNIA 24238 SECUNIA 24205 REDHAT RHSA-2007:0077 SUSE SUSE-SA:2007:019 IDEFENSE 20070223 Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability HP HPSBUX02153 FEDORA FEDORA-2007-293 FEDORA FEDORA-2007-281 FEDORA FEDORA-2007-279 FEDORA FEDORA-2007-278 SGI 20070301-01-P SUSE SUSE-SA:2007:022 MANDRIVA MDKSA-2007:050 SUNALERT 102945 SLACKWARE SSA:2007-066-03 SLACKWARE SSA:2007-066-04 SLACKWARE SSA:2007-066-05 SECUNIA 25597 SECUNIA 25588 SECUNIA 24457 SECUNIA 24456 SECUNIA 24455 SECUNIA 24406 SECUNIA 24342 HP HPSBUX02153 FEDORA FEDORA-2007-309 FEDORA FEDORA-2007-308 SGI 20070202-01-P Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.

cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:network_security_services:3.11.4 cpe:/a:mozilla:firefox:2.0.0.1

CVE-2007-0009

2007-02-26T15:28:00.000-05:00

2011-03-07T00:00:00.000-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-02-27T16:16:00.000-05:00

ALLOWS_OTHER_ACCESS

CERT-VN VU#592796 CONFIRM https://issues.rpath.com/browse/RPL-1103 CONFIRM https://issues.rpath.com/browse/RPL-1081 MISC https://bugzilla.mozilla.org/show_bug.cgi?id=364323 XF nss-clientmasterkey-bo(32663) VUPEN ADV-2007-2141 VUPEN ADV-2007-1165 VUPEN ADV-2007-0719 VUPEN ADV-2007-0718 UBUNTU USN-431-1 UBUNTU USN-428-1 SECTRACK 1017696 BUGTRAQ 20070303 rPSA-2007-0040-3 firefox thunderbird BUGTRAQ 20070226 rPSA-2007-0040-1 firefox REDHAT RHSA-2007:0108 REDHAT RHSA-2007:0097 REDHAT RHSA-2007:0079 REDHAT RHSA-2007:0078 OSVDB 32106 CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-06.html MANDRIVA MDKSA-2007:052 MANDRIVA MDKSA-2007:050 GENTOO GLSA-200703-22 DEBIAN DSA-1336 SUNALERT 102945 SUNALERT 102856 SLACKWARE SSA:2007-066-03 SLACKWARE SSA:2007-066-04 SLACKWARE SSA:2007-066-05 GENTOO GLSA-200703-18 SECUNIA 24703 SECUNIA 24650 SECUNIA 24562 SECUNIA 24522 SECUNIA 24410 SECUNIA 24395 SECUNIA 24389 SECUNIA 24384 SECUNIA 24343 SECUNIA 24333 SECUNIA 24293 SECUNIA 24290 SECUNIA 24287 SECUNIA 24277 SECUNIA 24253 REDHAT RHSA-2007:0077 SUSE SUSE-SA:2007:019 IDEFENSE 20070223 Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability HP HPSBUX02153 FEDORA FEDORA-2007-309 FEDORA FEDORA-2007-308 FEDORA FEDORA-2007-279 FEDORA FEDORA-2007-278 SGI 20070301-01-P SGI 20070202-01-P SUSE SUSE-SA:2007:022 SECUNIA 25597 SECUNIA 25588 SECUNIA 24457 SECUNIA 24456 SECUNIA 24455 SECUNIA 24406 SECUNIA 24342 HP HPSBUX02153 Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.

cpe:/a:the_gimp_team:gimp_toolkit:2.4.12

CVE-2007-0010

2007-01-24T14:28:00.000-05:00

2011-03-07T21:48:11.737-05:00

2.1

LOCAL

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-24T15:03:00.000-05:00

CONFIRM https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218932 VUPEN ADV-2007-0331 REDHAT RHSA-2007:0019 OSVDB 31621 CONFIRM https://issues.rpath.com/browse/RPL-984 UBUNTU USN-415-1 BID 22209 SUSE SUSE-SR:2007:002 MANDRIVA MDKSA-2007:039 SECTRACK 1017552 SECUNIA 24095 SECUNIA 24010 SECUNIA 24006 SECUNIA 23984 SECUNIA 23935 SECUNIA 23933 SECUNIA 23884 DEBIAN DSA-1256 The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.

cpe:/a:citrix:access_gateway:4.5::standard cpe:/a:citrix:access_gateway:4.2 cpe:/a:citrix:access_gateway:4.0 cpe:/a:citrix:access_gateway:4.5::advanced

CVE-2007-0011

2007-11-05T12:46:00.000-05:00

2011-03-07T21:48:12.110-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2007-11-06T19:11:00.000-05:00

BID 24975 SECUNIA 26143 XF citrix-access-unspeci-information-disclosure(35510) VUPEN ADV-2007-2583 BUGTRAQ 20071022 Corsaire Security Advisory - Citrix Access Gateway session ID disclosure issue CONFIRM http://support.citrix.com/article/CTX113814 CONFIRM http://support.citrix.com/article/CTX112803 SECTRACK 1018435 OSVDB 45288 The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache.

cpe:/a:sun:jre:1.5.0:update9 cpe:/a:sun:jre:1.5.0:update10 cpe:/a:sun:jre:1.5.0:update7 cpe:/a:sun:jre:1.5.0:update11 cpe:/a:sun:jre:1.5.0:update12 cpe:/a:sun:jre:1.5.0:update8 cpe:/a:sun:jre:1.5.0:update13

CVE-2007-0012

2008-01-09T18:46:00.000-05:00

2008-09-05T17:16:47.747-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2008-01-10T10:59:00.000-05:00

XF sun-java-jpiexp32-dos(39549) BID 27185 BUGTRAQ 20080108 Corsaire Security Advisory: Sun J2RE DoS issue SREASON 3527 Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer crash) via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet is decoded and passed to the JVM.

cpe:/a:sun:chainkey_java_code_protection

CVE-2007-0014

2007-01-16T19:28:00.000-05:00

2008-11-15T00:00:00.000-05:00

4.4

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-17T11:27:00.000-05:00

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070112 Re: Corsaire Security Advisory: ChainKey Java Code Protection Bypass issue BUGTRAQ 20070112 Corsaire Security Advisory: ChainKey Java Code Protection Bypass issue OSVDB 33473 ChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM.

cpe:/a:apple:quicktime:7.1.3

CVE-2007-0015

2007-01-01T18:28:00.000-05:00

2011-03-07T21:48:12.453-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-02T01:57:00.000-05:00

ALLOWS_OTHER_ACCESS

CERT-VN VU#442497 CERT TA07-005A XF quicktime-rtsp-url-bo(31203) SECUNIA 23540 VUPEN ADV-2007-0001 BID 21829 SECTRACK 1017461 MISC http://projects.info-pull.com/moab/MOAB-01-01-2007.html MISC http://landonf.bikemonkey.org/code/macosx/MOAB_Day_1.20070102060815.15950.zadder.local.html OSVDB 31023 MISC http://secunia.com/blog/7/ MILW0RM 3064 APPLE APPLE-SA-2007-01-23 MISC http://isc.sans.org/diary.html?storyid=2094 CONFIRM http://docs.info.apple.com/article.html?artnum=304989 Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI.

cpe:/a:netfarer:movieplay:4.76

CVE-2007-0016

2007-01-02T21:28:00.000-05:00

2008-11-15T00:00:00.000-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-03T08:19:00.000-05:00

ALLOWS_USER_ACCESS

BID 21840 MILW0RM 4051 SECUNIA 22959 OSVDB 32547 Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers to execute arbitrary code via a long filename in a LST file.

cpe:/a:videolan:vlc_media_player:0.8.1 cpe:/a:videolan:vlc_media_player:0.7.0 cpe:/a:videolan:vlc_media_player:0.8.4 cpe:/a:videolan:vlc_media_player:0.8.4a cpe:/a:videolan:vlc_media_player:0.8.5 cpe:/a:videolan:vlc_media_player:0.7.1 cpe:/a:videolan:vlc_media_player:0.8.0 cpe:/a:videolan:vlc_media_player:0.7.2 cpe:/a:videolan:vlc_media_player:0.8.6 cpe:/a:videolan:vlc_media_player:0.8.2

CVE-2007-0017

2007-01-02T21:28:00.000-05:00

2012-01-27T00:31:09.673-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-03T08:21:00.000-05:00

ALLOWS_USER_ACCESS

CONFIRM http://www.videolan.org/patches/vlc-0.8.6-MOAB-02-01-2007.patch XF vlcmediaplayer-udp-format-string(31226) VUPEN ADV-2007-0026 CONFIRM http://www.videolan.org/sa0701.html MLIST [vlc-devel] 20070102 Security hole in VLC media player for Mac... BID 21852 SUSE SUSE-SA:2007:013 DEBIAN DSA-1252 CONFIRM http://trac.videolan.org/vlc/changeset/18481 SECTRACK 1017464 GENTOO GLSA-200701-24 SECUNIA 23971 SECUNIA 23910 SECUNIA 23829 SECUNIA 23592 MISC http://projects.info-pull.com/moab/MOAB-02-01-2007.html OSVDB 31163 MISC http://landonf.bikemonkey.org/code/macosx/MOAB_Day_2.20070103045559.6753.timor.html MISC http://applefun.blogspot.com/2007/01/moab-02-01-2007-vlc-media-player-udp.html Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.

cpe:/a:nextlevel_systems:audio_editor_gold:9.2.5_build_424 cpe:/a:j_hepple_products:fx_audio_editor:4.7.11 cpe:/a:digital_borneo:audio_mixer_and_editor:1.1.0 cpe:/a:mcfunsoft:ipod_music_converter:5.1 cpe:/a:cheetahburner:cheetah_cd_burner:3.56 cpe:/a:movavi:dvd_to_ipod:1.0 cpe:/a:cdburnerxp:cdburnerxp_pro:3.0.116 cpe:/a:j_hepple_products:fx_movie_splitter:6.4.7 cpe:/a:quikscribe:quikscribe_player:5.022.05 cpe:/a:nextlevel_systems:audio_studio_gold:7.0.1.1_build_500 cpe:/a:mcfunsoft:audio_recorder_for_free:6.1 cpe:/a:nctsoft_products:nctaudiostudio:2.7.1 cpe:/a:iaudiosoft.com:absolute_sound_recorder:3.4.5 cpe:/a:j_hepple_products:fx_video_converter:7.51.21 cpe:/a:iaudiosoft.com:absolute_mp3_splitter:2.5.4 cpe:/a:americanshareware:mp3_wav_converter:3.1.8 cpe:/a:magicvideosoftare:magic_audio_converter:8.2.6_build_719 cpe:/a:softdiv_softare:videozilla:2.5 cpe:/a:mystik_media_products:blaze_mediaconvert:3.4 cpe:/a:expstudio:audio_editor:4.0.2 cpe:/a:mcfunsoft:ipod_audio_studio:6.2.4 cpe:/a:softdiv_softare:snosh:1.4 cpe:/a:code-it_softare:wave_mp3_editor:10.1 cpe:/a:rmbsoft:audioconvert:3.1.0.125 cpe:/a:movavi:chiliburner:2.3 cpe:/a:nctsoft_products:nctaudioeditor:2.7.1 cpe:/a:dandans_digital_media_products:full_audio_converter:4.2 cpe:/a:xrlly_software:arial_sound_recorder:1.4.3 cpe:/a:softdiv_softare:mp3_to_wav_converter:3.0 cpe:/a:dandans_digital_media_products:easy_audio_editor:7.4 cpe:/a:movavi:splitmovie:1.4 cpe:/a:bearshare:bearshare:6.0.2.26789 cpe:/a:joshua_mediasoft:video_converter_plus:3.01 cpe:/a:dandans_digital_media_products:music_editing_master:5.2 cpe:/a:recordnrip:recordnrip:1.0 cpe:/a:mp3-soft:mp3_normalizer:1.03 cpe:/a:virtual_cd:virtual_cd_file_server:7.1.0.3 cpe:/a:sienzo:digital_music_mentor:2.6.0.3 cpe:/a:j_hepple_products:fx_movie_joiner:6.2.8 cpe:/a:altdo:mp3_record_and_edit_audio_master:1.2 cpe:/a:code-it_softare:abasic_editor:10.1 cpe:/a:nctsoft_products:nctdialogicvoice:2.7.1 cpe:/a:mystik_media_products:contextconvert_pro:3.1 cpe:/a:mcfunsoft:audio_studio:6.6.3_build_479 cpe:/a:imesh.com:imesh:7.0.2.26789 cpe:/a:movavi:suite:3.5 cpe:/a:mystik_media_products:audioedit_deluxe:4.10 cpe:/a:mcfunsoft:recording_to_ipod_solution:5.1 cpe:/a:magicvideosoftare:magic_audio_recorder:5.3.7 cpe:/a:roemer_software:easy_hi-q_recorder:2.0 cpe:/a:xrlly_software:arial_audio_converter:2.3.40 cpe:/a:xwaver.com:magic_music_studio_pro:7.0.2.1_build_500 cpe:/a:cheetahburner:cheetah_dvd_burner:1.79 cpe:/a:virtual_cd:virtual_cd:8.0.0.6 cpe:/a:xwaver.com:magic_audio_editor_pro:10.3.1_build_476 cpe:/a:virtual_cd:virtual_cd:6.0.0.7 cpe:/a:mcfunsoft:audio_editor:6.3.3_build_489 cpe:/a:roemer_software:free_hi-q_recorder:1.9 cpe:/a:j_hepple_products:fx_audio_tools:7.3.4 cpe:/a:j_hepple_products:fx_new_sound:5.1.1 cpe:/a:j_hepple_products:fx_audio_concat:1.2.0_beta cpe:/a:easy_ringtone_maker:easy_ringtone_maker:2.0.5 cpe:/a:joshua_mediasoft:audio_convertor_plus:2.2 cpe:/a:mystik_media_products:blaze_media_pro:7.0 cpe:/a:mediatox:aurora_media_workshop:3.3.25 cpe:/a:altdo:convert_mp3_master:1.1 cpe:/a:xrlly_software:text_to_speech_maker:1.3.8 cpe:/a:dandans_digital_media_products:visual_video_converter:4.4 cpe:/a:magicvideosoftare:magic_music_editor:5.2.2 cpe:/a:quikscribe:quikscribe_recorder:5.021.29 cpe:/a:rmbsoft:soundedit_pro:2.1 cpe:/a:movavi:videomessage:1.0 cpe:/a:movavi:convertmovie:4.4 cpe:/a:smart_media_systems:power_audio_editor:11.0.1 cpe:/a:iaudiosoft.com:absolute_video_to_audio_converter:2.7.9 cpe:/a:j_hepple_products:fx_movie_joiner_and_splitter:6.2.8 cpe:/a:softdiv_softare:ivideomax:3.9 cpe:/a:softdiv_softare:dexster:3.0 cpe:/a:audio_edit_magic:audio_edit_magic:9.2.3_389 cpe:/a:virtual_cd:virtual_cd:7.1.0.2 cpe:/a:roemer_software:easy_hi-q_converter:1.7 cpe:/a:nctsoft_products:nctaudiofile2 cpe:/a:j_hepple_products:fx_magic_music:5.7.7

CVE-2007-0018

2007-01-24T16:28:00.000-05:00

2011-03-07T00:00:00.000-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-01-25T10:42:00.000-05:00

ALLOWS_ADMIN_ACCESS

CERT-VN VU#292713 VUPEN ADV-2007-0310 MISC http://secunia.com/secunia_research/2007-9/advisory/ MISC http://secunia.com/secunia_research/2007-8/advisory/ MISC http://secunia.com/secunia_research/2007-7/advisory/ MISC http://secunia.com/secunia_research/2007-6/advisory/ MISC http://secunia.com/secunia_research/2007-5/advisory/ MISC http://secunia.com/secunia_research/2007-4/advisory/ MISC http://secunia.com/secunia_research/2007-34/advisory/ MISC http://secunia.com/secunia_research/2007-33/advisory/ MISC http://secunia.com/secunia_research/2007-32/advisory/ MISC http://secunia.com/secunia_research/2007-31/advisory/ MISC http://secunia.com/secunia_research/2007-30/advisory/ MISC http://secunia.com/secunia_research/2007-3/advisory/ MISC http://secunia.com/secunia_research/2007-29/advisory/ MISC http://secunia.com/secunia_research/2007-28/advisory/ MISC http://secunia.com/secunia_research/2007-27/advisory/ MISC http://secunia.com/secunia_research/2007-26/advisory/ MISC http://secunia.com/secunia_research/2007-25/advisory/ MISC http://secunia.com/secunia_research/2007-24/advisory/ MISC http://secunia.com/secunia_research/2007-23/advisory/ MISC http://secunia.com/secunia_research/2007-22/advisory/ MISC http://secunia.com/secunia_research/2007-21/advisory/ MISC http://secunia.com/secunia_research/2007-20/advisory/ MISC http://secunia.com/secunia_research/2007-2/advisory/ MISC http://secunia.com/secunia_research/2007-19/advisory/ MISC http://secunia.com/secunia_research/2007-18/advisory/ MISC http://secunia.com/secunia_research/2007-17/advisory/ MISC http://secunia.com/secunia_research/2007-16/advisory/ MISC http://secunia.com/secunia_research/2007-15/advisory/ MISC http://secunia.com/secunia_research/2007-14/advisory/ MISC http://secunia.com/secunia_research/2007-13/advisory/ MISC http://secunia.com/secunia_research/2007-12/advisory/ MISC http://secunia.com/secunia_research/2007-11/advisory/ MISC http://secunia.com/secunia_research/2007-10/advisory/ MISC http://secunia.com/blog/6/ SECUNIA 30459 SECUNIA 30450 SECUNIA 30447 SECUNIA 30446 SECUNIA 30439 SECUNIA 30424 SECUNIA 30406 SECUNIA 23568 SECUNIA 23557 SECUNIA 23553 SECUNIA 23552 SECUNIA 23551 SECUNIA 23543 SECUNIA 23534 SECUNIA 23532 SECUNIA 23530 SECUNIA 23516 SECUNIA 23511 SECUNIA 23495 SECUNIA 23493 SECUNIA 23485 SECUNIA 23475 XF nctaudiofile2-multiple-bo(31707) BID 23892 BID 22196 BUGTRAQ 20070124 Re: Secunia Research: NCTsoft Products NCTAudioFile2 ActiveXControl Buffer Overflow BUGTRAQ 20070124 Secunia Research: Sienzo Digital Music Mentor NCTAudioFile2ActiveX Control Buffer Overflow BUGTRAQ 20070124 Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX ControlBuffer Overflow MISC http://secunia.com/secunia_research/2007-50/advisory/ SECUNIA 28407 SECUNIA 26101 SECUNIA 26100 SECUNIA 26046 SECUNIA 25993 SECUNIA 23795 SECUNIA 23753 SECUNIA 23745 SECUNIA 23565 SECUNIA 23562 SECUNIA 23561 SECUNIA 23560 SECUNIA 23558 SECUNIA 23554 SECUNIA 23550 SECUNIA 23548 SECUNIA 23546 SECUNIA 23544 SECUNIA 23542 SECUNIA 23541 SECUNIA 23536 SECUNIA 23535 SECUNIA 22922 Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; (28) MP3 WAV Converter; (29) BearShare 6.0.2.26789; and (30) Oracle Siebel SimBuilder and CRM 7.x.

cpe:/a:maxum_development_corporation:rumpus_ftp_server:5.1

CVE-2007-0019

2007-01-19T16:28:00.000-05:00

2011-03-07T21:48:13.297-05:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2007-01-21T22:55:00.000-05:00

ALLOWS_OTHER_ACCESS

XF rumpus-ftp-http-bo(31594) MISC http://projects.info-pull.com/moab/MOAB-18-01-2007.html OSVDB 32692 OSVDB 32689 XF rumpus-ftp-service-bo(31594) SECUNIA 23842 Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service.

cpe:/a:panic_transmit:panic_transmit:3.5.5

CVE-2007-0020

2007-01-23T20:28:00.000-05:00

2011-03-07T21:48:13.453-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-01-23T21:52:00.000-05:00

ALLOWS_ADMIN_ACCESS

VUPEN ADV-2007-0273 BID 22145 SECUNIA 23861 MISC http://projects.info-pull.com/moab/MOAB-19-01-2007.html OSVDB 32694 XF transmit-url-handler-bo(31673) MILW0RM 3160 Heap-based buffer overflow in the SFTP protocol handler for Panic Transmit (Transmit.app) up to 3.5.5 allows remote attackers to execute arbitrary code via a long ftps:// URL.

cpe:/a:apple:ichat:3.1.6

CVE-2007-0021

2007-01-22T19:28:00.000-05:00

2011-03-07T21:48:13.657-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-22T20:54:00.000-05:00

ALLOWS_USER_ACCESS

CERT TA07-047A CERT-VN VU#794752 VUPEN ADV-2007-0274 MISC http://projects.info-pull.com/moab/MOAB-20-01-2007.html OSVDB 32715 XF ichat-aim-format-string(31679) SECTRACK 1017661 BID 22146 SECUNIA 24198 APPLE APPLE-SA-2007-02-15 CONFIRM http://docs.info.apple.com/article.html?artnum=305102 Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI.

cpe:/o:apple:mac_os_x:10.4.8

CVE-2007-0022

2007-01-22T19:28:00.000-05:00

2011-03-07T21:48:13.783-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-01-22T20:57:00.000-05:00

ALLOWS_ADMIN_ACCESS

CERT TA07-109A XF macos-writeconfig-privilege-escalation(31677) VUPEN ADV-2007-1470 VUPEN ADV-2007-0074 SECTRACK 1017941 BID 22148 OSVDB 31605 SECUNIA 24966 SECUNIA 23793 MISC http://projects.info-pull.com/moab/MOAB-21-01-2007.html APPLE APPLE-SA-2007-04-19 CONFIRM http://docs.info.apple.com/article.html?artnum=305391 Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to gain privileges via a modified PATH that points to a malicious launchctl program.

cpe:/o:apple:mac_os_x:10.4.8

CVE-2007-0023

2007-01-23T20:28:00.000-05:00

2011-03-07T21:48:13.953-05:00

6.9

LOCAL

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-01-23T21:58:00.000-05:00

ALLOWS_ADMIN_ACCESS

CERT TA07-047A CERT-VN VU#315856 VUPEN ADV-2007-0074 MISC http://projects.info-pull.com/moab/MOAB-22-01-2007.html XF macos-inputmanager-privilege-escalation(31676) BID 22188 OSVDB 32695 SECTRACK 1017542 SECUNIA 24198 SECUNIA 23846 APPLE APPLE-SA-2007-02-15 CONFIRM http://docs.info.apple.com/article.html?artnum=305102 The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user.

cpe:/a:microsoft:ie:6.0:sp1 cpe:/a:microsoft:ie:7.0 cpe:/a:microsoft:ie:5.01:sp4

CVE-2007-0024

2007-01-09T18:28:00.000-05:00

2011-03-07T21:48:14.080-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-01-10T00:25:00.000-05:00

ALLOWS_ADMIN_ACCESS

CERT-VN VU#122084 CERT TA07-009A XF ie-vml-record-bo(31287) BID 21930 OSVDB 31250 MS MS07-004 MSKB 929969 SECTRACK 1017489 SECUNIA 23677 IDEFENSE 20070109 Microsoft Windows VML Element Integer Overflow Vulnerability VUPEN ADV-2007-0129 VUPEN ADV-2007-0105 HP SSRT071296 HP SSRT071296 BUGTRAQ 20070117 Re: MS07-004 VML Integer Overflow Exploit BUGTRAQ 20070116 MS07-004 VML Integer Overflow Exploit CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-009.htm Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."

cpe:/o:microsoft:windows_2003_server:xp_sp2 cpe:/a:microsoft:visual_studio_.net:2003:gold cpe:/o:microsoft:windows_2003_server:2000:sp4 cpe:/a:microsoft:visual_studio_.net:2000:sp1 cpe:/a:microsoft:visual_studio_.net:2000 cpe:/o:microsoft:windows_2003_server:2003:sp2

CVE-2007-0025

2007-02-13T15:28:00.000-05:00

2011-06-20T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-02-13T20:28:00.000-05:00

ALLOWS_ADMIN_ACCESS

CERT TA07-044A CERT-VN VU#932041 MS MS07-012 VUPEN ADV-2007-0581 SECTRACK 1017638 BID 22476 OSVDB 31887 SECUNIA 24150 The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.

cpe:/o:microsoft:windows_2000 cpe:/o:microsoft:windows_xp::sp2:tablet_pc cpe:/o:microsoft:windows_2003_server:sp1

CVE-2007-0026

2007-02-13T15:28:00.000-05:00

2011-03-07T21:48:14.283-05:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2007-02-13T20:35:00.000-05:00

ALLOWS_ADMIN_ACCESS

CERT TA07-044A CERT-VN VU#497756 MS MS07-011 VUPEN ADV-2007-0580 SECTRACK 1017637 BID 22483 OSVDB 31885 SECUNIA 24147 The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.

cpe:/a:microsoft:excel:2003 cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:excel:2002 cpe:/a:microsoft:excel:2000 cpe:/a:microsoft:office:v.x::mac cpe:/a:microsoft:works:2005 cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:works:2004 cpe:/a:microsoft:excel_viewer:2003 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2004::mac

CVE-2007-0027

2007-01-09T17:28:00.000-05:00

2011-03-07T21:48:14.393-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-01-10T07:23:00.000-05:00

ALLOWS_ADMIN_ACCESS

CERT TA07-009A CERT-VN VU#749964 BID 21856 MS MS07-002 SECTRACK 1017487 VUPEN ADV-2007-0103 HP HPSBST02184 HP HPSBST02184 OSVDB 31255 Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.

CVE-2007-0028

2007-01-09T18:28:00.000-05:00

2011-10-03T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-01-10T07:22:00.000-05:00

ALLOWS_ADMIN_ACCESS

CERT-VN VU#493185 CERT TA07-009A MS MS07-002 VUPEN ADV-2007-0103 BID 21952 HP HPSBST02184 HP SSRT071296 OSVDB 31249 MISC http://www.fortinet.com/FortiGuardCenter/advisory/FGA-2007-01.html MISC http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-30.html SECTRACK 1017485 SECUNIA 23676 Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.

CVE-2007-0029

2007-01-09T18:28:00.000-05:00

2011-03-07T21:48:14.627-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-01-10T07:22:00.000-05:00

ALLOWS_ADMIN_ACCESS

CERT TA07-009A MS MS07-002 VUPEN ADV-2007-0103 BID 21877 HP HPSBST02184 HP HPSBST02184 OSVDB 31256 SECTRACK 1017487 Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."

CVE-2007-0030

2007-01-09T18:28:00.000-05:00

2011-03-07T21:48:14.750-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-01-10T07:22:00.000-05:00

ALLOWS_ADMIN_ACCESS

CERT TA07-009A CERT-VN VU#302836 MS MS07-002 IDEFENSE 20070109 Microsoft Excel Invalid Column Heap Corruption Vulnerability VUPEN ADV-2007-0103 BID 21925 HP HPSBST02184 HP HPSBST02184 OSVDB 31257 SECTRACK 1017487 Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.

CVE-2007-0031

2007-01-09T18:28:00.000-05:00

2011-03-07T21:48:14.877-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-01-10T07:21:00.000-05:00

ALLOWS_ADMIN_ACCESS

CERT TA07-009A CERT-VN VU#625532 MS MS07-002 IDEFENSE 20070109 Microsoft Excel Long Palette Heap Overflow Vulnerability VUPEN ADV-2007-0103 BID 21922 HP SSRT071296 HP HPSBST02184 OSVDB 31258 SECTRACK 1017487 Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.

cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:outlook:2003 cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:outlook:2002 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:outlook:2000

CVE-2007-0033

2007-01-09T18:28:00.000-05:00

2011-03-07T21:48:15.063-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-01-10T07:24:00.000-05:00

ALLOWS_ADMIN_ACCESS

CERT TA07-009A CERT-VN VU#476900 MS MS07-003 VUPEN ADV-2007-0104 BID 21931 HP HPSBST02184 HP HPSBST02184 OSVDB 31252 SECTRACK 1017488 SECUNIA 23674 Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.

cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:outlook:2003 cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:outlook:2002 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:outlook:2000

CVE-2007-0034

2007-01-09T18:28:00.000-05:00

2011-09-27T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-01-10T07:25:00.000-05:00

ALLOWS_ADMIN_ACCESS

CERT TA07-009A CERT-VN VU#271860 MS MS07-003 VUPEN ADV-2007-0104 BID 21936 HP HPSBST02184 HP HPSBST02184 BUGTRAQ 20070111 Computer Terrorism (UK) :: Incident Response Centre - Microsoft Outlook Vulnerability OSVDB 31254 MISC http://www.computerterrorism.com/research/ct09-01-2007.htm SECTRACK 1017488 SECUNIA 23674 Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."

cpe:/a:microsoft:office:2003 cpe:/a:microsoft:works:2005 cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:works:2004 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:2002:sp3 cpe:/a:microsoft:works:2006

CVE-2007-0035

2007-05-08T18:19:00.000-04:00

2011-03-07T00:00:00.000-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-05-09T08:55:00.000-04:00

ALLOWS_ADMIN_ACCESS

CERT TA07-128A CERT-VN VU#260777 MS MS07-024 VUPEN ADV-2007-1709 SECTRACK 1018013 BID 23804 HP HPSBST02214 HP SSRT071422 OSVDB 34387 Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."

cpe:/o:microsoft:windows_2003_server:gold::itanium cpe:/o:microsoft:windows_2003_server:sp2::itanium cpe:/o:microsoft:windows_xp::gold:professional_x64 cpe:/o:microsoft:windows_2003_server:sp1::itanium cpe:/o:microsoft:windows_2003_server:sp2::x64 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_2003_server:gold::x64 cpe:/o:microsoft:windows_2003_server:sp2 cpe:/o:microsoft:windows_2003_server:gold cpe:/o:microsoft:windows_xp::sp2:professional_x64 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_vista::gold cpe:/o:microsoft:windows_2003_server:sp1 cpe:/o:microsoft:windows_vista::gold:x64

CVE-2007-0038

2007-03-30T16:19:00.000-04:00

2012-11-05T22:30:06.843-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-03-31T18:41:00.000-04:00

ALLOWS_ADMIN_ACCESS

CERT TA07-100A CERT TA07-093A CERT TA07-089A CERT-VN VU#191609 XF windows-ani-code-execution(33301) XF windows-ani-code-execution(33301) VUPEN ADV-2007-1215 HP SSRT071354 HP SSRT071354 BUGTRAQ 20070402 MS announces out-of-band patch for ANI 0day BUGTRAQ 20070402 More information on ZERT patch for ANI 0day BUGTRAQ 20070331 RE: [Full-disclosure] 0-day ANI vulnerability in Microsoft Windows(CVE-2007-0038) BUGTRAQ 20070331 Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) BUGTRAQ 20070330 Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) BUGTRAQ 20070330 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) OSVDB 33629 MS MS07-017 MISC http://www.determina.com/security_center/security_advisories/securityadvisory_0day_032907.asp SREASON 2542 SECUNIA 24659 MILW0RM 3634 FULLDISC 20070330 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.

cpe:/a:microsoft:exchange_server:2000:sp3 cpe:/a:microsoft:exchange_server:2003:sp2 cpe:/a:microsoft:exchange_server:2007 cpe:/a:microsoft:exchange_server:2003:sp1

CVE-2007-0039

2007-05-08T19:19:00.000-04:00

2011-03-07T00:00:00.000-05:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-05-09T11:15:00.000-04:00

CERT TA07-128A MS MS07-026 XF exchange-ical-dos(33888) VUPEN ADV-2007-1711 SECTRACK 1018015 BID 23808 HP HPSBST02214 HP HPSBST02214 BUGTRAQ 20070508 Exchange Calendar MODPROPS Denial of Service (CVE-2007-0039) OSVDB 34390 MISC http://www.determina.com/security.research/vulnerabilities/exchange-ical-modprops.html SECUNIA 25183 FULLDISC 20070509 Exchange Calendar MODPROPS Denial of Service (CVE-2007-0039) The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.

cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_2003_server::sp1 cpe:/o:microsoft:windows_2003_server:::x64 cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_2003_server::sp2:x64 cpe:/o:microsoft:windows_2003_server::sp1:itanium

CVE-2007-0040

2007-07-10T18:30:00.000-04:00

2012-10-30T22:26:47.873-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-07-12T20:38:00.000-04:00

ALLOWS_ADMIN_ACCESS

CERT TA07-191A CERT-VN VU#487905 MS MS07-039 VUPEN ADV-2007-2481 OSVDB 35960 SECTRACK 1018355 BID 24800 ISS 20070710 Microsoft Windows Active Directory Remote Code Execution SECUNIA 26002 HP SSRT071446 The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."

cpe:/a:microsoft:.net_framework:1.0 cpe:/a:microsoft:.net_framework:2.0 cpe:/a:microsoft:.net_framework:1.1

CVE-2007-0041

2007-07-10T18:30:00.000-04:00

2012-10-30T22:26:48.047-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-07-13T23:06:00.000-04:00

ALLOWS_ADMIN_ACCESS

CERT TA07-191A MS MS07-040 XF ms-dotnet-pe-loader-bo(34637) VUPEN ADV-2007-2482 SECTRACK 1018356 BID 24778 SECUNIA 26003 OSVDB 35954 HP SSRT071446 The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.

cpe:/a:microsoft:.net_framework:1.0 cpe:/a:microsoft:.net_framework:2.0 cpe:/a:microsoft:.net_framework:1.1

CVE-2007-0042

2007-07-10T18:30:00.000-04:00

2011-03-07T21:48:15.970-05:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov

2007-07-13T11:58:00.000-04:00

CERT TA07-191A VUPEN ADV-2007-2482 SECTRACK 1018356 MS MS07-040 MISC http://security-assessment.com/files/advisories/2007-07-11_Multiple_.NET_Null_Byte_Injection_Vulnerabilities.pdf SECUNIA 26003 HP SSRT071446 Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."

cpe:/a:microsoft:.net_framework:1.0 cpe:/a:microsoft:.net_framework:2.0 cpe:/a:microsoft:.net_framework:1.1

CVE-2007-0043

2007-07-10T18:30:00.000-04:00

2012-10-30T22:26:48.343-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-07-13T12:03:00.000-04:00

ALLOWS_ADMIN_ACCESS

CERT TA07-191A MS MS07-040 XF ms-dotnet-jit-bo(34639) VUPEN ADV-2007-2482 SECTRACK 1018356 BID 24811 SECUNIA 26003 OSVDB 35956 HP SSRT071446 The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".

cpe:/a:adobe:acrobat:7.0.1::standard cpe:/a:adobe:acrobat_reader:7.0.5 cpe:/a:adobe:acrobat:7.0.8::elements cpe:/a:adobe:acrobat:7.0::standard cpe:/a:adobe:acrobat_reader:6.0 cpe:/a:adobe:acrobat:7.0.2::professional cpe:/a:adobe:acrobat_reader:7.0.4 cpe:/a:adobe:acrobat:7.0.7::professional cpe:/a:adobe:acrobat_reader:7.0 cpe:/a:adobe:acrobat:7.0.7::standard cpe:/a:adobe:acrobat:7.0.4::professional cpe:/a:adobe:acrobat_reader:7.0.2 cpe:/a:adobe:acrobat:7.0.6::standard cpe:/a:adobe:acrobat:7.0::professional cpe:/a:adobe:acrobat_reader:6.0.2 cpe:/a:adobe:acrobat:7.0.4::standard cpe:/a:adobe:acrobat_reader:7.0.8 cpe:/a:adobe:acrobat:7.0.6::professional cpe:/a:adobe:acrobat_reader:6.0.1 cpe:/a:adobe:acrobat_reader:6.0.4 cpe:/a:adobe:acrobat:7.0.8::standard cpe:/a:adobe:acrobat:7.0.5::professional cpe:/a:adobe:acrobat_reader:6.0.3 cpe:/a:adobe:acrobat_reader:7.0.1 cpe:/a:adobe:acrobat_3d cpe:/a:adobe:acrobat:7.0.1::professional cpe:/a:adobe:acrobat:7.0.5::standard cpe:/a:adobe:acrobat_reader:7.0.7 cpe:/a:adobe:acrobat:7.0.3::professional cpe:/a:adobe:acrobat:7.0.8::professional cpe:/a:adobe:acrobat_reader:6.0.5 cpe:/a:adobe:acrobat_reader:7.0.3 cpe:/a:adobe:acrobat:7.0.3::standard cpe:/a:adobe:acrobat_reader:7.0.6 cpe:/a:adobe:acrobat:7.0.2::standard

CVE-2007-0044

2007-01-03T16:28:00.000-05:00

2011-03-07T21:48:16.203-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2007-01-03T17:04:00.000-05:00

MISC http://www.wisec.it/vulns.php?page=9 XF adobe-acrobat-pdf-csrf(31266) VUPEN ADV-2007-0032 BID 21858 BUGTRAQ 20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities REDHAT RHSA-2008:0144 SECTRACK 1017469 SREASON 2090 GENTOO GLSA-200701-16 SECUNIA 29065 SECUNIA 23882 SECUNIA 23812 SUSE SUSE-SA:2007:011 MISC http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."

CVE-2007-0045

2007-01-03T16:28:00.000-05:00

2011-09-13T00:00:00.000-04:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2007-01-03T17:06:00.000-05:00

CERT TA09-286B CERT-VN VU#815960 MISC http://www.wisec.it/vulns.php?page=9 REDHAT RHSA-2007:0017 XF adobe-acrobat-pdf-xss(31271) VUPEN ADV-2009-2898 VUPEN ADV-2007-0957 VUPEN ADV-2007-0032 BID 21858 BUGTRAQ 20070104 Universal PDF XSS After Party BUGTRAQ 20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities BUGTRAQ 20070103 RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous BUGTRAQ 20070103 Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous BUGTRAQ 20070103 Re: Universal XSS with PDF files: highly dangerous BUGTRAQ 20070103 Universal XSS with PDF files: highly dangerous REDHAT RHSA-2007:0021 CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-02.html MISC http://www.gnucitizen.org/blog/universal-pdf-xss-after-party CONFIRM http://www.gnucitizen.org/blog/danger-danger-danger/ MISC http://www.disenchant.ch/blog/hacking-with-browser-plugins/34 CONFIRM http://www.adobe.com/support/security/bulletins/apsb09-15.html CONFIRM http://www.adobe.com/support/security/bulletins/apsb07-01.html CONFIRM http://www.adobe.com/support/security/advisories/apsa07-02.html CONFIRM http://www.adobe.com/support/security/advisories/apsa07-01.html SUNALERT 102847 SLACKWARE SSA:2007-066-05 SECTRACK 1023007 SECTRACK 1017469 SREASON 2090 GENTOO GLSA-200701-16 SECUNIA 33754 SECUNIA 24533 SECUNIA 24457 SECUNIA 23882 SECUNIA 23877 SECUNIA 23812 SECUNIA 23691 SECUNIA 23483 SUSE SUSE-SA:2007:011 HP HPSBUX02153 HP HPSBUX02153 CONFIRM http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."

cpe:/a:adobe:acrobat_reader:7.0.8

CVE-2007-0046

2007-01-03T16:28:00.000-05:00

2011-03-07T21:48:16.610-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-03T17:08:00.000-05:00

ALLOWS_OTHER_ACCESS

MISC http://www.wisec.it/vulns.php?page=9 VUPEN ADV-2007-0957 VUPEN ADV-2007-0032 BUGTRAQ 20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities MISC http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf REDHAT RHSA-2007:0017 XF adobe-acrobat-msvcrt-code-execution(31272) REDHAT RHSA-2007:0021 CONFIRM http://www.adobe.com/support/security/bulletins/apsb07-01.html SUNALERT 102847 SECTRACK 1017469 SREASON 2090 GENTOO GLSA-200701-16 SECUNIA 24533 SECUNIA 23882 SECUNIA 23877 SECUNIA 23812 SECUNIA 23691 SUSE SUSE-SA:2007:011 Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.

cpe:/a:adobe:acrobat_reader:7.0.8

CVE-2007-0047

2007-01-03T16:28:00.000-05:00

2011-03-07T21:48:16.737-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-03T17:10:00.000-05:00

ALLOWS_OTHER_ACCESS

XF adobe-acrobat-xmlhttp-response-splitting(31291) VUPEN ADV-2007-0032 SECTRACK 1017469 SECUNIA 23882 SUSE SUSE-SA:2007:011 MISC http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.

CVE-2007-0048

2007-01-03T16:28:00.000-05:00

2011-03-07T21:48:16.830-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-03T17:12:00.000-05:00

CERT TA09-286B MISC http://www.wisec.it/vulns.php?page=9 XF adobe-acrobat-character-dos(31273) VUPEN ADV-2009-2898 VUPEN ADV-2007-0032 BUGTRAQ 20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities CONFIRM http://www.adobe.com/support/security/bulletins/apsb09-15.html CONFIRM http://www.adobe.com/support/security/bulletins/apsb07-01.html SECTRACK 1023007 SECTRACK 1017469 GENTOO GLSA-200701-16 SECUNIA 33754 SECUNIA 23882 SECUNIA 23812 OSVDB 31596 SUSE SUSE-SA:2007:011 CONFIRM http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html MISC http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf SREASON 2090 Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue."

cpe:/a:geckovich:tasktracker_pro:1.5 cpe:/a:geckovich:tasktracker:1.4

CVE-2007-0049

2007-01-04T06:28:00.000-05:00

2008-11-15T01:38:27.267-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-04T09:56:00.000-05:00

ALLOWS_OTHER_ACCESS

XF tasktrackerpro-customize-auth-bypass(31235) BID 21847 SECUNIA 23564 OSVDB 31682 MILW0RM 3068 Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp.

cpe:/a:openpinboard:openpinboard:2.0

CVE-2007-0050

2007-01-04T06:28:00.000-05:00

2008-11-15T01:38:27.437-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-04T10:02:00.000-05:00

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070103 OpenPinboard <= Remote File Include BUGTRAQ 20070103 Re: OpenPinboard <= Remote File Include OSVDB 33375 BUGTRAQ 20070106 Re: OpenPinboard <= Remote File Include ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the language parameter. NOTE: this issue has been disputed by the developer and a third party, since the variable is set before use. CVE analysis suggests that there is a small time window of risk before the installation is complete.

cpe:/a:apple:iphoto:6.0.5

CVE-2007-0051

2007-01-04T13:28:00.000-05:00

2011-03-07T00:00:00.000-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-04T13:49:00.000-05:00

ALLOWS_OTHER_ACCESS

XF iphoto-xmltitle-format-string(31281) VUPEN ADV-2007-0057 BID 21871 BUGTRAQ 20070104 DMA[2007-0104a] - 'iLife iPhoto Photocasing Format String Vulnerability' MISC http://www.digitalmunition.com/DMA[2007-0104a].txt SECUNIA 23615 MISC http://projects.info-pull.com/moab/MOAB-04-01-2007.html OSVDB 31165 MILW0RM 3080 APPLE APPLE-SA-2007-03-13 CONFIRM http://docs.info.apple.com/article.html?artnum=305215 FULLDISC 20070104 DMA[2007-0104a] - 'iLife iPhoto Photocasing Format String Vulnerability' Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed.

cpe:/a:vizayn_haber:vizayn_haber

CVE-2007-0052

2007-01-04T17:28:00.000-05:00

2011-03-07T21:48:17.237-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-04T18:15:00.000-05:00

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0015 BID 21836 SECUNIA 23576 OSVDB 31518 MILW0RM 3061 XF vicayn-haberdetay-sql-injection(31213) SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows remote attackers to execute arbitrary SQL commands via the id parameter.

cpe:/a:asp_siteware:autodealer:2.0

CVE-2007-0053

2007-01-04T17:28:00.000-05:00

2011-03-07T21:48:17.347-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-04T18:18:00.000-05:00

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0016 BID 21833 SECUNIA 23572 OSVDB 32539 MILW0RM 3062 XF autodealer-detail-sql-injection(31219) SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the iPro parameter.

cpe:/a:belchior_foundry:vcard_pro

CVE-2007-0054

2007-01-04T17:28:00.000-05:00

2008-11-15T01:38:28.203-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-04T18:21:00.000-05:00

ALLOWS_OTHER_ACCESS

BID 21844 BUGTRAQ 20070101 vBulletin vCard PRO XSS OSVDB 33359 XF vcard-gbrowse-xss(31182) Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior Foundry vCard PRO allows remote attackers to inject arbitrary web script or HTML via the sortby parameter.

cpe:/a:fersch:formbankserver:1.9

CVE-2007-0055

2007-01-04T17:28:00.000-05:00

2011-03-07T21:48:17.533-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2007-01-04T18:24:00.000-05:00

VUPEN ADV-2007-0012 SECUNIA 23539 OSVDB 32545 XF formbankserver-name-directory-traversal(31214) MILW0RM 3063 Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in Formbankserver 1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:ashopsoftware:ashop_deluxe:4.5 cpe:/a:ashopsoftware:ashop_administration_panel

CVE-2007-0056

2007-01-04T17:28:00.000-05:00

2011-03-07T21:48:17.643-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-04T18:35:00.000-05:00

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0028 BID 21845 BUGTRAQ 20070101 AShop Shopping Cart Multiple XSS Vulnerabilities OSVDB 32558 OSVDB 32557 OSVDB 32556 OSVDB 32555 OSVDB 32554 OSVDB 32553 XF ashop-multiple-scripts-xss(31178) SREASON 2091 SECUNIA 23547 Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe 4.5 and AShop Administration Panel allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) ashop/catalogue.php and (b) ashop/basket.php, the (2) exp parameter to ashop/catalogue.php, the (3) searchstring parameter to (c) ashop/search.php, the (4) checkout and (5) action parameters to (d) ashop/shipping.php, the cat parameter to (f) cart-path/admin/editcatalogue.php, and the (7) resultpage parameter to (g) cart-path/admin/salesadmin.php.

cpe:/o:cisco:clean_access:3.5.9 cpe:/o:cisco:clean_access:3.6.1.1 cpe:/o:cisco:clean_access:4.0.4.2

CVE-2007-0057

2007-01-04T17:28:00.000-05:00

2011-03-07T21:48:17.750-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-01-04T18:38:00.000-05:00

ALLOWS_ADMIN_ACCESS

CISCO 20070103 Multiple Vulnerabilities in Cisco Clean Access VUPEN ADV-2007-0030 OSVDB 32578 SECTRACK 1017465 SECUNIA 23617 Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access.

cpe:/o:cisco:clean_access:3.5.9 cpe:/o:cisco:clean_access:3.6.1.1

CVE-2007-0058

2007-01-04T17:28:00.000-05:00

2011-03-07T21:48:17.860-05:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov

2007-01-04T18:39:00.000-05:00

VUPEN ADV-2007-0030 CISCO 20070103 Multiple Vulnerabilities in Cisco Clean Access SECTRACK 1017465 SECUNIA 23556 OSVDB 32579 Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file.

cpe:/a:apple:quicktime:3 cpe:/a:apple:quicktime:7.1.3

CVE-2007-0059

2007-01-04T19:28:00.000-05:00

2008-11-15T01:38:29.483-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-05T10:38:00.000-05:00

ALLOWS_USER_ACCESS

CERT-VN VU#304064 MISC http://www.gnucitizen.org/blog/backdooring-quicktime-movies/ MISC http://projects.info-pull.com/moab/MOAB-03-01-2007.html OSVDB 31164 APPLE APPLE-SA-2007-03-05 CONFIRM http://docs.info.apple.com/article.html?artnum=305149 Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.

cpe:/a:ca:brightstor_san_manager:11.5 cpe:/a:ca:unicenter_service_level_management:3.0.1 cpe:/a:ca:unicenter_management:4.0::lotus_notes_domino cpe:/a:ca:unicenter_network_and_systems_management:3.1 cpe:/a:ca:unicenter_application_performance_monitor:3.5 cpe:/a:ca:unicenter_tng:2.2:::jp cpe:/a:ca:unicenter_tng:2.2 cpe:/a:ca:etrust_admin:2.7 cpe:/a:ca:unicenter_enterprise_job_manager:1.0:sp1 cpe:/a:ca:unicenter_asset_management:3.2:sp2 cpe:/a:ca:unicenter_asset_management:3.2:sp1 cpe:/a:ca:unicenter_software_delivery:3.1:sp2 cpe:/a:ca:unicenter_management:4.1::microsoft_exchange cpe:/a:ca:unicenter_data_transport_option:2.0 cpe:/a:ca:unicenter_network_and_systems_management:3.0 cpe:/a:ca:unicenter_software_delivery:3.1:sp1 cpe:/a:ca:unicenter_management:4.0::microsoft_exchange cpe:/a:ca:unicenter_management:5.0::web_servers cpe:/a:ca:unicenter_nsm_wireless_network_management_option:3.0 cpe:/a:ca:unicenter_asset_management:3.1 cpe:/a:ca:etrust_admin:2.9 cpe:/a:ca:cleverpath_ecm:3.5 cpe:/a:ca:unicenter_application_performance_monitor:3.0 cpe:/a:ca:brightstor_portal:11.1 cpe:/a:ca:unicenter_asset_management:4.0 cpe:/a:ca:unicenter_asset_management:4.0:sp1 cpe:/a:ca:unicenter_software_delivery:3.0 cpe:/a:ca:unicenter_tng:2.1 cpe:/a:ca:unicenter_tng:2.4 cpe:/a:ca:unicenter_enterprise_job_manager:1.0:sp2 cpe:/a:ca:etrust_admin:2.1 cpe:/a:ca:cleverpath_aion:10.0 cpe:/a:ca:cleverpath_predictive_analysis_server:2.0 cpe:/a:ca:etrust_admin:8.0 cpe:/a:ca:unicenter_software_delivery:4.0:sp1 cpe:/a:ca:unicenter_service_level_management:3.0 cpe:/a:ca:advantage_data_transport:3.0 cpe:/a:ca:unicenter_remote_control:6.0 cpe:/a:ca:unicenter_management:5.0.1::web_servers cpe:/a:ca:etrust_admin:2.4 cpe:/a:ca:unicenter_jasmine:3.0 cpe:/a:ca:unicenter_service_level_management:3.0.2 cpe:/a:ca:unicenter_software_delivery:4.0 cpe:/a:ca:brightstor_san_manager:11.1 cpe:/a:ca:etrust_admin:8.1 cpe:/a:ca:cleverpath_olap:5.1 cpe:/a:ca:unicenter_service_level_management:3.5 cpe:/a:ca:cleverpath_predictive_analysis_server:3.0 cpe:/a:ca:unicenter_software_delivery:3.1 cpe:/a:ca:unicenter_tng:2.4.2 cpe:/a:ca:unicenter_remote_control:6.0:sp1 cpe:/a:ca:unicenter_asset_management:3.2

CVE-2007-0060

2007-07-25T20:30:00.000-04:00

2011-03-07T21:48:18.080-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-07-26T13:16:00.000-04:00

ALLOWS_ADMIN_ACCESS

XF systems-management-bo(32234) VUPEN ADV-2007-2638 BID 25051 ISS 20070724 CA Message Queuing Server (Cam.exe) Overflow CONFIRM http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.asp SECUNIA 26190 SECTRACK 1018449 BUGTRAQ 20070725 [CAID 35527]: CA Message Queuing (CAM / CAFT) Buffer Overflow Vulnerability CONFIRM http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149809 Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.

cpe:/a:vmware:player:2.0.1_build_55017 cpe:/a:vmware:workstation:5.5.1 cpe:/a:vmware:player:1.0 cpe:/a:vmware:workstation:5.5.3_build_34685 cpe:/a:vmware:player:1.0.5_build_56455 cpe:/a:vmware:workstation:6.0.1_build_55017 cpe:/a:vmware:workstation:5.5 cpe:/a:vmware:workstation:5.5.3 cpe:/a:vmware:workstation:5.5.5_build_56455 cpe:/a:vmware:server:1.0.4_build_56528 cpe:/a:vmware:ace:1.0 cpe:/a:vmware:workstation:6.0 cpe:/a:vmware:ace:1.0.3_build_54075 cpe:/a:vmware:ace:2.0.1_build_55017

CVE-2007-0061

2007-09-21T15:17:00.000-04:00

2011-03-07T21:48:18.187-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-09-24T10:49:00.000-04:00

ALLOWS_ADMIN_ACCESS

XF dhcp-malformed-packet-bo(33101) CONFIRM http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html CONFIRM http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html CONFIRM http://www.vmware.com/support/server/doc/releasenotes_server.html CONFIRM http://www.vmware.com/support/player2/doc/releasenotes_player2.html CONFIRM http://www.vmware.com/support/player/doc/releasenotes_player.html CONFIRM http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html CONFIRM http://www.vmware.com/support/ace/doc/releasenotes_ace.html VUPEN ADV-2007-3229 BID 25729 ISS 20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities UBUNTU USN-543-1 SECTRACK 1018717 GENTOO GLSA-200711-23 SECUNIA 27706 SECUNIA 27694 SECUNIA 26890 FULLDISC 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory."

cpe:/a:vmware:workstation:5.5.1 cpe:/a:vmware:ace:1.0.3 cpe:/a:vmware:workstation:3.4 cpe:/a:vmware:workstation:4.0.1 cpe:/a:vmware:workstation:5.5.3_build_34685 cpe:/a:vmware:workstation:5.5.4_build_44386 cpe:/a:vmware:workstation:5.5.4 cpe:/a:vmware:ace:2.0 cpe:/a:vmware:server:1.0.3 cpe:/a:vmware:workstation:5.5.0_build_13124 cpe:/a:vmware:workstation:4.0.2 cpe:/a:vmware:workstation:5.5.3_build_42958 cpe:/a:vmware:workstation:6.0 cpe:/a:vmware:player:2.0 cpe:/a:vmware:workstation:5.5.1_build_19175 cpe:/a:vmware:player:1.0.4 cpe:/a:vmware:vmware_workstation:6.0.1 cpe:/a:vmware:workstation:4.0 cpe:/a:vmware:workstation:4.5.2

CVE-2007-0062

2007-09-21T15:17:00.000-04:00

2011-03-07T00:00:00.000-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-09-24T11:12:00.000-04:00

ALLOWS_ADMIN_ACCESS

XF dhcp-param-overflow(33102) CONFIRM http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html CONFIRM http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html CONFIRM http://www.vmware.com/support/server/doc/releasenotes_server.html CONFIRM http://www.vmware.com/support/player2/doc/releasenotes_player2.html CONFIRM http://www.vmware.com/support/player/doc/releasenotes_player.html CONFIRM http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html CONFIRM http://www.vmware.com/support/ace/doc/releasenotes_ace.html BID 25729 ISS 20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=339561 VUPEN ADV-2007-3229 UBUNTU USN-543-1 SECTRACK 1018717 BUGTRAQ 20090312 rPSA-2009-0041-1 dhclient dhcp libdhcp4client MANDRIVA MDVSA-2009:153 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0041 GENTOO GLSA-200808-05 GENTOO GLSA-200711-23 SECUNIA 34263 SECUNIA 31396 SECUNIA 27706 SECUNIA 27694 SECUNIA 26890 SUSE SUSE-SR:2009:005 FULLDISC 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=227135 Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients.

cpe:/a:vmware:player:2.0.1_build_55017 cpe:/a:vmware:workstation:5.5.1 cpe:/a:vmware:workstation:5.5.3_build_34685 cpe:/a:vmware:player:1.0 cpe:/a:vmware:player:1.0.5_build_56455 cpe:/a:vmware:workstation:6.0.1_build_55017 cpe:/a:vmware:workstation:5.5.5_build_56455 cpe:/a:vmware:workstation:5.5.3 cpe:/a:vmware:workstation:5.5 cpe:/a:vmware:esx_server:2.5.3 cpe:/a:vmware:esx_server:2.0.2 cpe:/a:vmware:server:1.0.4_build_56528 cpe:/a:vmware:esx_server:3.0.0 cpe:/a:vmware:ace:1.0 cpe:/a:vmware:workstation:6.0 cpe:/a:vmware:esx_server:2.1.3 cpe:/a:vmware:ace:1.0.3_build_54075 cpe:/a:vmware:esx_server:2.5.4 cpe:/a:vmware:esx_server:3.0.1 cpe:/a:vmware:ace:2.0.1_build_55017

CVE-2007-0063

2007-09-21T15:17:00.000-04:00

2011-03-07T21:48:18.393-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-09-24T11:01:00.000-04:00

ALLOWS_ADMIN_ACCESS

XF dhcp-param-underflow(33103) CONFIRM http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html CONFIRM http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html CONFIRM http://www.vmware.com/support/server/doc/releasenotes_server.html CONFIRM http://www.vmware.com/support/player2/doc/releasenotes_player2.html CONFIRM http://www.vmware.com/support/player/doc/releasenotes_player.html CONFIRM http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html CONFIRM http://www.vmware.com/support/ace/doc/releasenotes_ace.html BID 25729 ISS 20070919 VMWare DHCP Server Remote Code Execution Vulnerabilities VUPEN ADV-2007-3229 UBUNTU USN-543-1 SECTRACK 1018717 GENTOO GLSA-200711-23 SECUNIA 27706 SECUNIA 27694 SECUNIA 26890 FULLDISC 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow.

cpe:/a:microsoft:windows_media_format_runtime:11 cpe:/a:microsoft:windows_media_services:9.1 cpe:/a:microsoft:windows_media_format_runtime:9.5 cpe:/a:microsoft:windows_media_format_runtime:7.1 cpe:/a:microsoft:windows_media_format_runtime:9 cpe:/a:microsoft:windows_media_format_runtime:9.5::x64

CVE-2007-0064

2007-12-11T19:46:00.000-05:00

2011-03-15T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-12-11T19:57:00.000-05:00

ALLOWS_ADMIN_ACCESS

CERT TA07-345A CERT-VN VU#319385 MS MS07-068 VUPEN ADV-2007-4183 SECTRACK 1019074 BID 26776 HP SSRT071506 HP SSRT071506 SECUNIA 28034 Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.

cpe:/a:microsoft:visual_basic:6.0:sp6 cpe:/a:microsoft:office:::mac%2Bos

CVE-2007-0065

2008-02-12T18:00:00.000-05:00

2011-03-07T21:48:18.610-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2008-02-12T18:22:00.000-05:00

ALLOWS_ADMIN_ACCESS

CERT TA08-043C MS MS08-008 VUPEN ADV-2008-0510 HP SSRT080016 SECTRACK 1019373 BID 27661 SECUNIA 28902 HP SSRT080016 Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.

cpe:/o:microsoft:windows_server_2003:::x64 cpe:/o:microsoft:windows_2003_server::sp2 cpe:/a:microsoft:home_server cpe:/o:microsoft:windows_2003_server::sp1 cpe:/a:microsoft:small_business_server:2003::sp1 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_xp:-:sp1:x64 cpe:/o:microsoft:windows_2003_server::sp2:standard cpe:/o:microsoft:windows_xp:-:sp2:x64 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_2003_server::gold:itanium

CVE-2007-0066

2008-01-08T15:46:00.000-05:00

2011-03-28T00:00:00.000-04:00

7.1

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2008-01-09T11:42:00.000-05:00

CERT TA08-008A MS MS08-001 SECUNIA 28297 XF win-tcpip-icmp-dos(39254) VUPEN ADV-2008-0069 BID 27139 HP SSRT080003 HP HPSBST02304 ISS 20070108 Multiple (3) Microsoft Windows TCP/IP Remote Code Execution and DoS Vulnerabilities SECTRACK 1019166 MISC http://blogs.technet.com/swi/archive/2008/01/08/ms08-001-part-2-the-case-of-the-moderate-icmp-mitigations.aspx The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."

cpe:/a:ibm:lotus_domino_web_server:6.0.3 cpe:/a:ibm:lotus_domino_web_server:6.0.4 cpe:/a:ibm:lotus_domino_web_server:6.5.3 cpe:/a:ibm:lotus_domino_web_server:6.5.2 cpe:/a:ibm:lotus_domino_web_server:6.0.1 cpe:/a:ibm:lotus_domino_web_server:7.0 cpe:/a:ibm:lotus_domino_web_server:7.0.2 cpe:/a:ibm:lotus_domino_web_server:6.0.5 cpe:/a:ibm:lotus_domino_web_server:6.0.2_cf2 cpe:/a:ibm:lotus_domino_web_server:6.5.0 cpe:/a:ibm:lotus_domino_web_server:7.0.2::fp1 cpe:/a:ibm:lotus_domino_web_server:6.5.4::fp1 cpe:/a:ibm:lotus_domino_web_server:6.0 cpe:/a:ibm:lotus_domino_web_server:6.5.4::fp2 cpe:/a:ibm:lotus_domino_web_server:6.0.2 cpe:/a:ibm:lotus_domino_web_server:6.5.4 cpe:/a:ibm:lotus_domino_web_server:7.0.1 cpe:/a:ibm:lotus_domino_web_server:6.5.5::fp1 cpe:/a:ibm:lotus_domino_web_server:6.5.1 cpe:/a:ibm:lotus_domino_web_server:6.5.5::fp2 cpe:/a:ibm:lotus_domino_web_server:6.5.5

CVE-2007-0067

2007-06-06T06:30:00.000-04:00

2011-03-07T21:48:18.970-05:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-06-06T14:43:00.000-04:00

BID 24307 CONFIRM http://www-1.ibm.com/support/docview.wss?uid=swg21257251 SECUNIA 25542 XF domino-unspecified-dos(34689) VUPEN ADV-2007-2046 OSVDB 35766 SECTRACK 1018189 Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x before 6.5.6, and 7.0.x before 7.0.3 allows remote attackers to cause a denial of service (daemon crash) via requests for URLs that reference certain files.

cpe:/a:ibm:lotus_domino:7.0.1 cpe:/a:ibm:lotus_domino:7.0 cpe:/a:ibm:lotus_domino:7.0.2

CVE-2007-0068

2007-06-06T17:30:00.000-04:00

2011-03-07T21:48:19.063-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-06-07T16:36:00.000-04:00

ALLOWS_ADMIN_ACCESS

VUPEN ADV-2007-2063 BID 24322 CONFIRM http://www-1.ibm.com/support/docview.wss?uid=swg21258784 SECUNIA 25520 OSVDB 35765 XF domino-signature-privilege-escalation(34718) IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database.

cpe:/o:microsoft:windows_vista cpe:/o:microsoft:windows_2003_server cpe:/o:microsoft:windows_xp::sp2

CVE-2007-0069

2008-01-08T15:46:00.000-05:00

2011-03-28T00:00:00.000-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2008-01-09T11:47:00.000-05:00

CERT TA08-008A CERT-VN VU#115083 MS MS08-001 SECUNIA 28297 XF win-ssm-mld-bo(39453) XF win-ssm-igmp-bo(39452) VUPEN ADV-2008-0069 BID 27100 HP HPSBST02304 HP HPSBST02304 ISS 20070108 Multiple (3) Microsoft Windows TCP/IP Remote Code Execution and DoS Vulnerabilities SECTRACK 1019166 MISC http://blogs.technet.com/swi/archive/2008/01/08/ms08-001-part-3-the-case-of-the-igmp-network-critical.aspx Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."

cpe:/a:adobe:flex:3.0 cpe:/a:adobe:flash_player:8.0::pro cpe:/a:adobe:flash_player:9.0.16 cpe:/a:adobe:flash_player:9.0.31 cpe:/a:adobe:flash_player:8.0 cpe:/a:adobe:flash_player:8.0.24.0 cpe:/a:adobe:flash_player:9.0.47.0 cpe:/a:adobe:flash_player:7.0.1 cpe:/a:adobe:flash_player:7.0.63 cpe:/a:adobe:flash_player:8.0.34.0 cpe:/a:adobe:flash_player:8.0::basic cpe:/a:adobe:flash_player:7.1.1 cpe:/a:adobe:flash_player:7.2 cpe:/a:adobe:flash_player:9.0.28.0 cpe:/a:adobe:flash_player:9.0.114.0 cpe:/a:adobe:flash_player:9.0.31.0 cpe:/a:adobe:flash_player:8.0.35.0 cpe:/a:adobe:air:1.0 cpe:/a:adobe:flash_player:7.0.25 cpe:/a:adobe:flash_player:7.0 cpe:/a:adobe:flash_player:9.0.48.0 cpe:/a:adobe:flash_player:9.0.20 cpe:/a:adobe:flash_player:7.1 cpe:/a:adobe:flash_player:9.0.112.0 cpe:/a:adobe:flash_player:9 cpe:/a:adobe:flash_player:9.0.20.0 cpe:/a:adobe:flash_player:9.0.45.0 cpe:/a:adobe:flash_player:8.0.39.0 cpe:/a:adobe:flash_player:9.0.115.0

CVE-2007-0071

2008-04-09T17:05:00.000-04:00

2011-03-07T00:00:00.000-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2008-04-10T10:29:00.000-04:00

ALLOWS_ADMIN_ACCESS

CERT TA08-150A CERT TA08-149A CERT TA08-100A CERT-VN VU#395473 CERT-VN VU#159523 XF multimedia-file-integer-overflow(37277) MISC http://www.zerodayinitiative.com/advisories/ZDI-08-032/ VUPEN ADV-2008-1724 VUPEN ADV-2008-1697 VUPEN ADV-2008-1662 SECTRACK 1019811 BID 29386 BID 28695 REDHAT RHSA-2008:0221 OSVDB 44282 MISC http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/ ISS 20080408 Adobe Flash Player Invalid Pointer Vulnerability GENTOO GLSA-200804-21 CONFIRM http://www.adobe.com/support/security/bulletins/apsb08-11.html SUNALERT 238305 SECUNIA 30507 SECUNIA 30430 SECUNIA 30404 SECUNIA 29865 SECUNIA 29763 SUSE SUSE-SA:2008:022 APPLE APPLE-SA-2008-05-28 MISC http://isc.sans.org/diary.html?storyid=4465 MISC http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf MISC http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.

cpe:/a:trend_micro:serverprotect:5.58 cpe:/a:trend_micro:serverprotect:5.7

CVE-2007-0072

2008-11-17T18:30:00.313-05:00

2012-10-30T22:26:53.670-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2008-11-18T11:20:00.000-05:00

CERT-VN VU#768681 XF application-rpc-read-bo(38760) VUPEN ADV-2008-3127 BID 32261 ISS 20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3) SECUNIA 32618 MISC http://blogs.iss.net/archive/trend.html Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a read operation over RPC.

cpe:/a:trend_micro:serverprotect:5.58 cpe:/a:trend_micro:serverprotect:5.7

CVE-2007-0073

2008-11-17T18:30:00.343-05:00

2012-10-30T22:26:53.857-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2008-11-18T11:24:00.000-05:00

ALLOWS_ADMIN_ACCESS

CERT-VN VU#768681 XF application-rpc-file-read-bo(39050) VUPEN ADV-2008-3127 BID 32261 ISS 20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3) SECUNIA 32618 MISC http://blogs.iss.net/archive/trend.html Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a file read operation over RPC.

cpe:/a:trend_micro:serverprotect:5.58 cpe:/a:trend_micro:serverprotect:5.7

CVE-2007-0074

2008-11-17T18:30:00.360-05:00

2012-10-30T22:26:54.030-04:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2008-11-18T11:25:00.000-05:00

CERT-VN VU#768681 XF application-rpc-folder-read-bo(39051) VUPEN ADV-2008-3127 BID 32261 ISS 20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3) SECUNIA 32618 MISC http://blogs.iss.net/archive/trend.html Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a folder read operation over RPC.

cpe:/a:aspbb:aspbb

CVE-2007-0075

2007-01-05T06:28:00.000-05:00

2008-11-15T01:38:34.170-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-05T10:41:00.000-05:00

ALLOWS_USER_ACCESS

XF aspbb-aspbb-info-disclosure(31230) BUGTRAQ 20070102 AspBB Remote Password Disclosure MISC http://www.aria-security.com/forum/showthread.php?t=82 OSVDB 33364 SREASON 2100 AspBB stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for db/aspbb.mdb.

cpe:/a:2enetworx:openforum

CVE-2007-0076

2007-01-05T06:28:00.000-05:00

2008-11-15T01:38:34.360-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-05T10:45:00.000-05:00

ALLOWS_OTHER_ACCESS

XF openforum-openforum-password-disclosure(31209) BUGTRAQ 20070102 Openforum Remote password Disclosure MISC http://www.aria-security.com/forum/showthread.php?t=80 OSVDB 33366 SREASON 2099 Openforum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for openforum.mdb.

cpe:/a:lblog:lblog

CVE-2007-0077

2007-01-05T06:28:00.000-05:00

2008-11-15T01:38:34.577-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2007-01-05T10:48:00.000-05:00

XF lblog-newfolder-information-disclosure(31229) BUGTRAQ 20070102 lblog Remote Password Disclosure MISC http://www.aria-security.com/forum/showthread.php?t=79 SECTRACK 1017462 OSVDB 33367 SREASON 2098 lblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a certain file in admin/db/newFolder/.

cpe:/a:battleblog:battleblog:1.0d

CVE-2007-0078

2007-01-05T06:28:00.000-05:00

2008-11-15T01:38:34.813-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2007-01-05T10:52:00.000-05:00

XF battleblog-blankmaster-info-disclosure(31224) BUGTRAQ 20070101 BattleBlog Database Download Vulnerability MISC http://www.aria-security.com/forum/showthread.php?t=76 OSVDB 33360 SREASON 2097 BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb.

cpe:/a:rblog:rblog

CVE-2007-0079

2007-01-05T06:28:00.000-05:00

2008-11-15T01:38:35.017-05:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov

2007-01-05T11:04:00.000-05:00

XF rblog-database-info-disclosure(31200) BUGTRAQ 20070101 rblog Database Download Vulnerability MISC http://www.aria-security.com/forum/showthread.php?t=77 SECUNIA 23538 OSVDB 32572 SREASON 2102 rblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/admin.mdb or (2) data/rblog.mdb.

cpe:/a:freeradius:freeradius:1.1.3

CVE-2007-0080

2007-01-05T06:28:00.000-05:00

2008-11-15T01:38:36.517-05:00

6.6

LOCAL

MEDIUM

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

2007-01-05T10:58:00.000-05:00

ALLOWS_ADMIN_ACCESS

XF freeradius-smbconnectserver-bo(31248) BUGTRAQ 20070102 FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution BUGTRAQ 20070103 Re: FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution MISC http://www.freeradius.org/security.html VIM 20070211 FreeRADIUS dispute of CVE-2007-0080 SECTRACK 1017463 OSVDB 32082 ** DISPUTED ** Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited "only to local administrators who have write access to the server configuration files." CVE concurs with the dispute.

cpe:/a:sunbelt:sunbelt_kerio_personal_firewall:4.3.246 cpe:/a:sunbelt:sunbelt_kerio_personal_firewall:4.3.268

CVE-2007-0081

2007-01-05T06:28:00.000-05:00

2008-09-05T17:16:58.043-04:00

6.8

LOCAL

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

2007-01-05T11:03:00.000-05:00

ALLOWS_ADMIN_ACCESS

XF kerio-directory-code-execution(31232) BID 21828 BUGTRAQ 20070101 Kerio Fake 'iphlpapi' DLL injection Vulnerability MISC http://www.matousec.com/info/advisories/Kerio-Fake-iphlpapi-DLL-injection.php OSVDB 33356 SREASON 2095 Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and possibly other versions allows local users to provide a Trojan horse iphlpapi.dll to SKPF by placing it in the installation directory.

cpe:/a:imgallery:imgallery:2.4 cpe:/a:imgallery:imgallery:2.5

CVE-2007-0082

2007-01-05T06:28:00.000-05:00

2011-03-07T21:48:31.610-05:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2007-01-05T11:04:00.000-05:00

ALLOWS_OTHER_ACCESS

XF imgallery-start1-file-upload(31237) VUPEN ADV-2007-0010 BID 21827 MILW0RM 3049 users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts.

cpe:/a:nuked-klan:nuked-klan:1.3 cpe:/a:nuked-klan:nuked-klan:1.2_beta cpe:/a:nuked-klan:nuked-klan:1.4 cpe:/a:nuked-klan:nuked-klan:1.2 cpe:/a:nuked-klan:nuked-klan:1.5 cpe:/a:nuked-klan:nuked-klan:1.3_beta cpe:/a:nuked-klan:nuked-klan:1.7 cpe:/a:nuked-klan:nuked-klan:1.5_sp2

CVE-2007-0083

2007-01-05T06:28:00.000-05:00

2008-11-15T01:38:37.203-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-05T11:06:00.000-05:00

ALLOWS_OTHER_ACCESS

BID 21850 BUGTRAQ 20070102 Nuked Klan <= 1.7 Remote Cookie Disclosure Exploit OSVDB 33368 SREASON 2101 Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a getURL statement in a .swf file, as demonstrated by "Remote Cookie Disclosure." NOTE: it could be argued that this is an issue in Shockwave instead of Nuked Klan.

cpe:/a:microsoft:message_compiler:1.00.5239

CVE-2007-0084

2007-01-05T06:28:00.000-05:00

2008-11-15T01:38:38.517-05:00

6.6

LOCAL

MEDIUM

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

2007-01-05T11:09:00.000-05:00

ALLOWS_ADMIN_ACCESS

BUGTRAQ 20070102 Windows NT Message Compiler 1.00.5239 arbitrary code execution BUGTRAQ 20070103 Re: Windows NT Message Compiler 1.00.5239 arbitrary code execution OSVDB 37817 ** DISPUTED ** Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows local users to gain privileges via a long MC-filename. NOTE: this issue has been disputed by a reliable third party who states that the compiler is not a privileged program, so privilege boundaries cannot be crossed.

cpe:/o:openbsd:openbsd:4.0 cpe:/o:openbsd:openbsd:3.9

CVE-2007-0085

2007-01-05T06:28:00.000-05:00

2011-03-07T21:48:34.127-05:00

6.0

LOCAL

HIGH

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

2007-01-05T11:15:00.000-05:00

ALLOWS_ADMIN_ACCESS

OPENBSD [3.9] 017: SECURITY FIX: January 3, 2007 OPENBSD [4.0] 007: SECURITY FIX: January 3, 2007 SECTRACK 1017468 SECUNIA 23608 XF openbsd-vga-privilege-escalation(31276) VUPEN ADV-2007-0043 MLIST [openbsd-cvs] 20070103 CVS: cvs.openbsd.org: www MLIST [openbsd-cvs] 20070103 Re: CVS: cvs.openbsd.org: src MISC http://ilja.netric.org/files/Unusual%20bugs%2023c3.pdf OSVDB 32574 Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer reference.

cpe:/a:apache:http_server

CVE-2007-0086

2007-01-05T13:28:00.000-05:00

2008-11-15T01:38:39.170-05:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-01-05T14:39:00.000-05:00

BUGTRAQ 20070103 a cheesy Apache / IIS DoS vuln (+a question) BUGTRAQ 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) BUGTRAQ 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) BUGTRAQ 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) OSVDB 33456 ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.

cpe:/a:microsoft:internet_information_server

CVE-2007-0087

2007-01-05T13:28:00.000-05:00

2008-11-15T01:38:39.453-05:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-01-05T14:43:00.000-05:00

BUGTRAQ 20070103 a cheesy Apache / IIS DoS vuln (+a question) BUGTRAQ 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) BUGTRAQ 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) BUGTRAQ 20070104 Re: a cheesy Apache / IIS DoS vuln (+a question) OSVDB 33457 ** DISPUTED ** Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.

cpe:/a:openmedia:openmedia

CVE-2007-0088

2007-01-05T13:28:00.000-05:00

2008-11-15T01:38:39.627-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2007-01-05T14:45:00.000-05:00

XF openmedia-page-directory-traversal(31258) BUGTRAQ 20070102 openmedia local read file OSVDB 33371 OSVDB 33370 SREASON 2103 Multiple directory traversal vulnerabilities in openmedia allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) src parameter to page.php or the (2) format parameter to search_form.php.

cpe:/a:jgbbs:jgbbs:3.0:beta_1

CVE-2007-0089

2007-01-05T13:28:00.000-05:00

2008-11-15T01:38:39.920-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-05T14:55:00.000-05:00

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070103 jgbbs OSVDB 33376 MISC http://aria-security.com/forum/showthread.php?t=87 XF jgbbs-bbs-information-disclosure(31274) jgbbs stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/bbs.mdb.

cpe:/a:fermentigrafici:wineglass

CVE-2007-0090

2007-01-05T13:28:00.000-05:00

2011-03-07T21:48:46.533-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-05T14:57:00.000-05:00

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0037 BUGTRAQ 20070103 WineGlass "data.mdb" Remote Password Disclosure OSVDB 32575 MISC http://aria-security.com/forum/showthread.php?p=112 SECUNIA 23594 WineGlass stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/data.mdb.

cpe:/a:katy_whitton_web_development:newscmslite

CVE-2007-0091

2007-01-05T13:28:00.000-05:00

2011-03-07T21:48:46.610-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-05T14:59:00.000-05:00

ALLOWS_OTHER_ACCESS

XF newscmslite-newscms-info-disclosure(31222) OSVDB 37548 MILW0RM 3066 newsCMSlite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for newsCMS.mdb.

cpe:/a:e-smart_cart:e-smart_cart:1.0

CVE-2007-0092

2007-01-05T13:28:00.000-05:00

2011-03-07T21:48:46.703-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-05T15:09:00.000-05:00

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0036 SECUNIA 23610 OSVDB 31679 XF esmartcart-productdetail-sql-injection(31243) MILW0RM 3074 SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter.

cpe:/a:cms-center:simple_web_cms

CVE-2007-0093

2007-01-05T13:28:00.000-05:00

2011-03-07T21:48:46.813-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-05T15:11:00.000-05:00

ALLOWS_OTHER_ACCESS

XF swcms-page-sql-injection(31261) VUPEN ADV-2007-0040 BUGTRAQ 20070103 Simple Web Content Management System SQL Injection Exploit SECUNIA 23590 OSVDB 31657 MILW0RM 3076 MISC http://acid-root.new.fr/poc/18070102.txt SREASON 2106 SQL injection vulnerability in page.php in Simple Web Content Management System allows remote attackers to execute arbitrary SQL commands via the id parameter.

cpe:/a:sven_moderow:sven_moderow_guestbook:0.3a

CVE-2007-0094

2007-01-05T13:28:00.000-05:00

2008-11-15T01:38:42.327-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-05T15:13:00.000-05:00

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070103 GuestBook v0.3a Remote Password Disclosure OSVDB 33363 MISC http://aria-security.com/forum/showthread.php?p=114 XF guestbook-gbook-information-disclosure(31245) SREASON 2105 Sven Moderow GuestBook 0.3a stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for (1) gbook97.mdb or (2) gbook.mdb in ~db/.

cpe:/a:phpmyadmin:phpmyadmin:2.9.1.1

CVE-2007-0095

2007-01-05T13:28:00.000-05:00

2008-11-15T01:38:42.517-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2007-01-05T15:14:00.000-05:00

XF phpmyadmin-darkblueorange-path-disclosure(31223) OSVDB 33257 FULLDISC 20070102 Inforamtion Discloser Vulnerabilities in phpMyAdmin FULLDISC 20070102 Inforamtion Discloser Vulnerabilities in "phpMyAdmin" MANDRIVA MDKSA-2007:199 SREASON 2104 phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.

cpe:/a:carbon_communities:carbon_communities:2.4d

CVE-2007-0096

2007-01-05T13:28:00.000-05:00

2011-03-07T21:48:47.110-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-05T15:16:00.000-05:00

ALLOWS_OTHER_ACCESS

XF carboncommunities-carbon2-info-disclosure(31253) VUPEN ADV-2007-0038 OSVDB 37549 MISC http://aria-security.com/forum/showthread.php?t=85 CarbonCommunities stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for DataBase/Carbon2.4d.mdb.

cpe:/a:conexware:powerarchiver_2006:9.64.02

CVE-2007-0097

2007-01-05T13:28:00.000-05:00

2011-03-07T21:48:47.203-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-01-05T15:18:00.000-05:00

ALLOWS_ADMIN_ACCESS

MISC http://vuln.sg/powarc964-en.html SECUNIA 23559 VUPEN ADV-2007-0041 OSVDB 32576 FULLDISC 20070104 [vuln.sg] PowerArchiver PAISO.DLL Buffer Overflow XF powerarchiver-loadtree-readheader-bo(31263) BUGTRAQ 20070104 [vuln.sg] PowerArchiver PAISO.DLL Buffer Overflow Vulnerability Multiple stack-based buffer overflows in the (1) LoadTree and (2) ReadHeader functions in PAISO.DLL 1.7.3.0 (1.7.3 beta) in ConeXware PowerArchiver 2006 9.64.02 allow user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories.

cpe:/a:verliadmin:verliadmin:0.3

CVE-2007-0098

2007-01-05T13:28:00.000-05:00

2011-03-07T21:48:47.297-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-05T15:19:00.000-05:00

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0035 OSVDB 32352 XF verliadmin-language-file-include(31241) MILW0RM 3075 Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.

cpe:/a:microsoft:xml_core_services:3.0 cpe:/a:microsoft:internet_explorer:6

CVE-2007-0099

2007-01-08T15:28:00.000-05:00

2012-10-30T22:27:00.513-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-01-08T16:05:00.000-05:00

CERT TA08-316A BID 21872 MS MS08-069 VUPEN ADV-2008-3111 BUGTRAQ 20070104 Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws) BUGTRAQ 20070104 RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws) BUGTRAQ 20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws) SECTRACK 1021164 SECUNIA 23655 FULLDISC 20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws) OSVDB 32627 HP SSRT080164 HP HPSBST02386 MISC http://isc.sans.org/diary.php?storyid=2004 FULLDISC 20070104 Re: Concurrency strikes MSIE (potentially exploitablemsxml3 flaws) Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability."

cpe:/a:perforce:perforce_client

CVE-2007-0100

2007-01-08T15:28:00.000-05:00

2008-11-15T01:38:43.593-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-01-08T16:10:00.000-05:00

ALLOWS_ADMIN_ACCESS

BUGTRAQ 20070104 Perforce client: security hole by design OSVDB 33369 The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows remote attackers to overwrite arbitrary files by modifying the client config file on the server, or by operating a malicious server.

cpe:/a:spine:spine:1.1

CVE-2007-0101

2007-01-08T15:28:00.000-05:00

2011-03-07T21:48:47.737-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-08T16:12:00.000-05:00

ALLOWS_OTHER_ACCESS

MISC http://spine.sourceforge.net/changelog.html XF spine-unspecified-csrf(31283) VUPEN ADV-2007-0042 SECUNIA 23537 OSVDB 32577 Cross-site request forgery (CSRF) vulnerability in SPINE allows remote attackers to perform unauthorized actions as administrators via unspecified vectors. NOTE: some of these details are obtained from third party information.

cpe:/a:apple:preview:3.0.8

CVE-2007-0102

2007-01-08T19:28:00.000-05:00

2011-03-07T21:48:47.860-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T09:46:00.000-05:00

CERT TA07-072A BID 21910 XF multiple-vendor-pdf-code-execution(31364) VUPEN ADV-2007-0930 SECTRACK 1017749 SECUNIA 24479 MISC http://projects.info-pull.com/moab/MOAB-06-01-2007.html OSVDB 31221 CONFIRM http://docs.info.apple.com/article.html?artnum=305214 The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

cpe:/a:adobe:acrobat_reader:7.0.8

CVE-2007-0103

2007-01-08T19:28:00.000-05:00

2011-03-07T21:48:47.953-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T09:48:00.000-05:00

CERT TA07-072A XF multiple-vendor-pdf-code-execution(31364) VUPEN ADV-2007-0930 SECTRACK 1017749 BID 21910 SECUNIA 24479 MISC http://projects.info-pull.com/moab/MOAB-06-01-2007.html CONFIRM http://docs.info.apple.com/article.html?artnum=305214 The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

cpe:/o:kde:kde:3.3.2 cpe:/o:kde:kde:3.2 cpe:/o:kde:kde:3.2.3 cpe:/o:kde:kde:3.5 cpe:/o:kde:kde:3.2.2 cpe:/a:xpdf:xpdf:3.0.1_pl1 cpe:/o:kde:kde:3.4.3 cpe:/o:kde:kde:3.4.1 cpe:/o:kde:kde:3.4 cpe:/o:kde:kde:3.3.1 cpe:/o:kde:kde:3.2.1 cpe:/a:xpdf:xpdf:3.0.1 cpe:/o:kde:kde:3.3 cpe:/a:xpdf:xpdf:3.0 cpe:/a:xpdf:xpdf:3.0_pl2 cpe:/a:xpdf:xpdf:3.0.1_pl2 cpe:/o:kde:kde:3.4.2

CVE-2007-0104

2007-01-08T19:28:00.000-05:00

2011-07-18T00:00:00.000-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T09:49:00.000-05:00

CERT TA07-072A CONFIRM https://issues.rpath.com/browse/RPL-964 XF multiple-vendor-pdf-code-execution(31364) VUPEN ADV-2007-0930 VUPEN ADV-2007-0244 VUPEN ADV-2007-0212 VUPEN ADV-2007-0203 UBUNTU USN-410-2 UBUNTU USN-410-1 SECTRACK 1017749 BID 21910 BUGTRAQ 20070116 [KDE Security Advisory] kpdf/kword/xpdf denial of service vulnerability SUSE SUSE-SR:2007:003 MANDRIVA MDKSA-2007:024 MANDRIVA MDKSA-2007:022 MANDRIVA MDKSA-2007:021 MANDRIVA MDKSA-2007:020 MANDRIVA MDKSA-2007:019 MANDRIVA MDKSA-2007:018 CONFIRM http://www.kde.org/info/security/advisory-20070115-1.txt CONFIRM http://support.novell.com/techcenter/psdb/44d7cb9b669d58e0ce5aa5d7ab2c7c53.html SECTRACK 1017514 SECUNIA 24479 SECUNIA 24204 SECUNIA 23876 SECUNIA 23844 SECUNIA 23839 SECUNIA 23815 SECUNIA 23813 SECUNIA 23808 SECUNIA 23799 SECUNIA 23791 MISC http://projects.info-pull.com/moab/MOAB-06-01-2007.html CONFIRM http://docs.info.apple.com/article.html?artnum=305214 The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

cpe:/a:cisco:secure_access_control_server:4.0.1

CVE-2007-0105

2007-01-08T19:28:00.000-05:00

2011-03-07T21:48:48.250-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T09:54:00.000-05:00

ALLOWS_OTHER_ACCESS

CERT-VN VU#744249 SECUNIA 23629 XF cisco-acs-csadmin-bo(31323) VUPEN ADV-2007-0068 BID 21900 CISCO 20070105 Multiple Vulnerabilities in Cisco Secure Access Control Server SECTRACK 1017475 OSVDB 32642 Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.

cpe:/a:wordpress:wordpress:2.0.5 cpe:/a:wordpress:wordpress:2.0.4 cpe:/a:wordpress:wordpress:2.0.1 cpe:/a:wordpress:wordpress:2.0.2 cpe:/a:wordpress:wordpress:2.0.3 cpe:/a:wordpress:wordpress:2.0

CVE-2007-0106

2007-01-08T19:28:00.000-05:00

2011-03-07T21:48:48.377-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T09:56:00.000-05:00

ALLOWS_OTHER_ACCESS

BID 21893 CONFIRM http://wordpress.org/development/2007/01/wordpress-206/ VUPEN ADV-2007-0061 BUGTRAQ 20070105 Advisory 01/2007: WordPress CSRF Protection XSS Vulnerability MISC http://www.hardened-php.net/advisory_012007.140.html SECUNIA 23595 OSVDB 33397 SREASON 2114 Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request.

cpe:/a:wordpress:wordpress:2.0.5

CVE-2007-0107

2007-01-08T19:28:00.000-05:00

2011-03-07T21:48:48.500-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T09:57:00.000-05:00

ALLOWS_OTHER_ACCESS

XF wordpress-mbstring-security-bypass(31297) BID 21907 BUGTRAQ 20070105 Advisory 02/2007: WordPress Trackback Charset Decoding SQL Injection Vulnerability OPENPKG OpenPKG-SA-2007.005 MISC http://www.hardened-php.net/advisory_022007.141.html CONFIRM http://wordpress.org/development/2007/01/wordpress-206/ SECUNIA 23595 VUPEN ADV-2007-0061 OSVDB 31579 SREASON 2112 GENTOO GLSA-200701-10 SECUNIA 23741 WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.

cpe:/a:novell:client:4.91:sp3

CVE-2007-0108

2007-01-08T19:28:00.000-05:00

2011-03-07T21:48:48.597-05:00

6.0

NETWORK

MEDIUM

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2007-01-09T10:00:00.000-05:00

ALLOWS_OTHER_ACCESS

XF novell-profile-security-bypass(31343) VUPEN ADV-2007-0064 BID 21886 CONFIRM http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974970.htm SECTRACK 1017471 SECUNIA 23619 OSVDB 31358 nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles.

cpe:/a:wordpress:wordpress:2.0.5 cpe:/a:wordpress:wordpress:2.0.4 cpe:/a:wordpress:wordpress:2.0.1 cpe:/a:wordpress:wordpress:2.0.2 cpe:/a:wordpress:wordpress:2.0.3 cpe:/a:wordpress:wordpress:2.0

CVE-2007-0109

2007-01-08T19:28:00.000-05:00

2011-03-07T21:48:48.703-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2007-01-09T09:59:00.000-05:00

XF wordpress-account-enumeration(31262) VUPEN ADV-2007-0062 BUGTRAQ 20070103 Wordpress <= 2.x dictionnary & Bruteforce attack SECUNIA 23621 OSVDB 31577 SREASON 2113 GENTOO GLSA-200701-10 SECUNIA 23741 wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.

cpe:/a:novell:access_manager_identity_server:3

CVE-2007-0110

2007-01-08T19:28:00.000-05:00

2011-03-07T21:48:48.813-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T10:02:00.000-05:00

ALLOWS_OTHER_ACCESS

CONFIRM https://secure-support.novell.com/KanisaPlatform/Publishing/143/3615264_f.SAL_Public.html VUPEN ADV-2007-0073 BID 21921 SECUNIA 23654 OSVDB 31359 SECTRACK 1017483 Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message.

cpe:/a:resco:photo_viewer:6.11 cpe:/a:resco:photo_viewer:4.11

CVE-2007-0111

2007-01-08T19:28:00.000-05:00

2011-03-07T21:48:48.953-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T10:04:00.000-05:00

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0072 MISC http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+Resco+Photo+Viewer+6%2E01+Enabling+Code+Injection+and+Arbitrary+Code+Execution BID 21920 SECUNIA 23658 OSVDB 32644 MISC http://blog.trendmicro.com/flaw-in-3rd-party-app-weakens-windows-mobile/ Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as used in mobile devices running Windows Mobile 5.0, 2003, and 2003SE, allows remote attackers to execute arbitrary code via a crafted PNG image.

cpe:/a:createauction:createauction

CVE-2007-0112

2007-01-08T19:28:00.000-05:00

2008-11-15T01:38:49.127-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T10:08:00.000-05:00

ALLOWS_OTHER_ACCESS

XF createauction-cats-sql-injection(31356) BID 21929 BUGTRAQ 20070107 createauction (cats.asp) Remote SQL Injection Vulnerability OSVDB 33406 SREASON 2111 SQL injection vulnerability in cats.asp in createauction allows remote attackers to execute arbitrary SQL commands via the catid parameter.

cpe:/a:packeteer:packetwise:8.0

CVE-2007-0113

2007-01-08T19:28:00.000-05:00

2011-03-07T21:48:49.157-05:00

6.8

NETWORK

LOW

SINGLE_INSTANCE

NONE

COMPLETE

http://nvd.nist.gov

2007-01-09T10:16:00.000-05:00

XF packetshaper-argument-dos(31357) VUPEN ADV-2007-0098 BID 21933 BUGTRAQ 20070108 Packeteer PacketWise CLI overflow DoS SECUNIA 23685 OSVDB 31656 SREASON 2110 Buffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote authenticated users to cause a denial of service (reset or reboot) via (1) a long traffic class argument to the "class show" command or (2) a long POLICY parameter value in clastree.htm.

cpe:/a:sun:java_system_content_delivery_server:5.0::solaris cpe:/a:sun:java_system_content_delivery_server:5.0:pu1:solaris

CVE-2007-0114

2007-01-08T19:28:00.000-05:00

2011-03-07T21:48:49.267-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2007-01-09T10:11:00.000-05:00

SUNALERT 102764 SECUNIA 23630 XF sun-java-cds-info-disclosure(31345) VUPEN ADV-2007-0076 BID 21908 OSVDB 32645 Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote attackers to obtain sensitive information regarding "content details" via unspecified vectors.

cpe:/a:coppermine:coppermine_photo_gallery:1.4.10

CVE-2007-0115

2007-01-08T21:28:00.000-05:00

2008-11-15T01:38:49.983-05:00

6.0

NETWORK

MEDIUM

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2007-01-09T10:13:00.000-05:00

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070105 Coppermine Photo Gallery <= 1.4.10 SQL Injection Exploit VIM 20070108 Source verify - Coppermine Photo Gallery <= 1.4.10 code injection OSVDB 33383 MISC http://acid-root.new.fr/poc/19070104.txt SREASON 2107 Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php.

cpe:/a:digger_solutions:intranet_open_source

CVE-2007-0116

2007-01-08T21:28:00.000-05:00

2008-11-15T01:38:50.627-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T10:15:00.000-05:00

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070105 Intranet Open Source Remote Password Disclosure "intranet.mdb" OSVDB 33379 XF intranet-intranet-info-disclosure(31308) SREASON 2109 Digger Solutions Intranet Open Source (IOS) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for data/intranet.mdb.

cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x_server:10.4.8

CVE-2007-0117

2007-01-08T21:28:00.000-05:00

2011-03-07T21:48:49.470-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-01-09T10:20:00.000-05:00

ALLOWS_ADMIN_ACCESS

VUPEN ADV-2007-0074 BID 21899 MISC http://projects.info-pull.com/moab/MOAB-05-01-2007.html OSVDB 31167 SECUNIA 23653 DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.

cpe:/a:edittag:edittag:1.2

CVE-2007-0118

2007-01-08T21:28:00.000-05:00

2008-11-15T01:38:51.000-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2007-01-09T10:26:00.000-05:00

BID 21890 BUGTRAQ 20070105 Multiple bugs in EditTag OSVDB 33396 OSVDB 33395 OSVDB 33394 OSVDB 33393 SECUNIA 7950 Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to (1) edittag.cgi, (2) edittag.pl, (3) edittag_mp.cgi, or (4) edittag_mp.pl.

cpe:/a:edittag:edittag:1.2

CVE-2007-0119

2007-01-08T21:28:00.000-05:00

2008-11-15T01:38:51.267-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T10:27:00.000-05:00

ALLOWS_OTHER_ACCESS

BID 21891 BUGTRAQ 20070105 Multiple bugs in EditTag OSVDB 33392 OSVDB 33391 OSVDB 33390 SECUNIA 7950 Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.cgi.

cpe:/a:acunetix:web_vulnerability_scanner:4.0_build_2006-07-17

CVE-2007-0120

2007-01-08T21:28:00.000-05:00

2011-03-07T21:48:50.033-05:00

1.9

LOCAL

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T10:28:00.000-05:00

XF acunetix-content-length-dos(31279) BID 21898 OSVDB 37580 MILW0RM 3078 Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values.

cpe:/a:michael_romedahl:ri_blog:1.3

CVE-2007-0121

2007-01-08T21:28:00.000-05:00

2011-03-07T21:48:50.110-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T10:41:00.000-05:00

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0083 BID 21880 BUGTRAQ 20070105 RI Blog 1.3 XSS Vuln. OSVDB 31637 XF riblog-search-xss(31317) SREASON 2108 SECUNIA 23657 Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

cpe:/a:coppermine:coppermine_photo_gallery:1.1 cpe:/a:coppermine:coppermine_photo_gallery:1.2.2_b cpe:/a:coppermine:coppermine_photo_gallery:1.2.1 cpe:/a:coppermine:coppermine_photo_gallery:1.3.2 cpe:/a:coppermine:coppermine_photo_gallery:1.0 cpe:/a:coppermine:coppermine_photo_gallery:1.2 cpe:/a:coppermine:coppermine_photo_gallery:1.4.10 cpe:/a:coppermine:coppermine_photo_gallery:1.3.3 cpe:/a:coppermine:coppermine_photo_gallery:1.3 cpe:/a:coppermine:coppermine_photo_gallery:1.3.4 cpe:/a:coppermine:coppermine_photo_gallery:1.4.9 cpe:/a:coppermine:coppermine_photo_gallery:1.2.2_b-nuke cpe:/a:coppermine:coppermine_photo_gallery:1.1_beta_2 cpe:/a:coppermine:coppermine_photo_gallery:1.4.4 cpe:/a:coppermine:coppermine_photo_gallery:1.0_rc3

CVE-2007-0122

2007-01-08T21:28:00.000-05:00

2008-11-15T01:38:52.017-05:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2007-01-10T00:34:00.000-05:00

ALLOWS_OTHER_ACCESS

BID 21894 BUGTRAQ 20070105 Coppermine Photo Gallery <= 1.4.10 SQL Injection Exploit OSVDB 35856 OSVDB 35855 OSVDB 35854 OSVDB 35853 OSVDB 35852 MISC http://acid-root.new.fr/poc/19070104.txt SREASON 2123 SECUNIA 25846 MILW0RM 3085 Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.

cpe:/a:uber_uploader:uber_uploader:4.2

CVE-2007-0123

2007-01-08T21:28:00.000-05:00

2008-09-05T17:17:04.447-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T11:06:00.000-05:00

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070105 Uber Uploader 4.2 Arbitrary File Upload Vulnerability XF uber-uploader-phtml-file-upload(31303) SREASON 2116 Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations.

cpe:/a:drupal:drupal:4.7.2 cpe:/a:drupal:drupal:4.6.1 cpe:/a:drupal:drupal:4.6.9 cpe:/a:drupal:drupal:4.7.0 cpe:/a:drupal:drupal:4.6.10 cpe:/a:drupal:drupal:4.6 cpe:/a:drupal:drupal:4.7.3 cpe:/a:drupal:drupal:4.6.4 cpe:/a:drupal:drupal:4.6.6 cpe:/a:drupal:drupal:4.6.8 cpe:/a:drupal:drupal:4.6.0 cpe:/a:drupal:drupal:4.6.7 cpe:/a:drupal:drupal:4.7.4 cpe:/a:drupal:drupal:4.6.3 cpe:/a:drupal:drupal:4.7 cpe:/a:drupal:drupal:4.7.1 cpe:/a:drupal:drupal:4.6.2 cpe:/a:drupal:drupal:4.6.5

CVE-2007-0124

2007-01-08T21:28:00.000-05:00

2011-03-07T21:48:50.347-05:00

3.5

NETWORK

MEDIUM

SINGLE_INSTANCE

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T11:08:00.000-05:00

BID 21895 BUGTRAQ 20070105 [DRUPAL-SA-2007-002] Drupal 4.6.11 / 4.7.5 fixes DoS issue SECUNIA 23586 CONFIRM http://drupal.org/node/104238 VUPEN ADV-2007-0051 OSVDB 32131 SREASON 2115 Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist.

cpe:/a:kaspersky_lab:kaspersky_antivirus_engine:5.5.10::linux cpe:/a:kaspersky_lab:kaspersky_antivirus_engine:6.0::windows

CVE-2007-0125

2007-01-08T21:28:00.000-05:00

2011-03-07T21:48:50.437-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T11:10:00.000-05:00

XF kaspersky-antivirus-pe-dos(31315) VUPEN ADV-2007-0067 BID 21901 SECTRACK 1017476 SECUNIA 23575 OSVDB 32588 IDEFENSE 20070105 Kaspersky Antivirus Scan Engine PE File Denial of Service Vulnerability Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file.

cpe:/a:opera:opera_browser:9.02

CVE-2007-0126

2007-01-08T21:28:00.000-05:00

2011-03-07T00:00:00.000-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-01-09T11:13:00.000-05:00

CONFIRM http://www.opera.com/support/search/supsearch.dml?index=852 XF opera-jpeg-dht-bo(31305) VUPEN ADV-2007-0060 GENTOO GLSA-200701-08 SECTRACK 1017473 SECUNIA 23771 SECUNIA 23739 SECUNIA 23613 OSVDB 31574 SUSE SUSE-SA:2007:009 IDEFENSE 20070105 Opera Software Opera Web Browser JPG Image DHT Marker Heap Corruption Vulnerability Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table (DHT) marker.

cpe:/a:opera:opera_browser:9.02 cpe:/a:opera:opera_browser:4.02 cpe:/a:opera:opera_browser:3.00:beta cpe:/a:opera:opera_browser:4.00:beta5 cpe:/a:opera:opera_browser:5.0:beta2 cpe:/a:opera:opera_browser:6.03 cpe:/a:opera:opera_browser:2.12 cpe:/a:opera:opera_browser:8.53 cpe:/a:opera:opera_browser:3.10 cpe:/a:opera:opera_browser:3.62:beta cpe:/a:opera:opera_browser:4.00:beta3 cpe:/a:opera:opera_browser:9.0:beta2 cpe:/a:opera:opera_browser:7.60 cpe:/a:opera:opera_browser:5.12 cpe:/a:opera:opera_browser:5.0:beta5 cpe:/a:opera:opera_browser:7.11 cpe:/a:opera:opera_browser:2.10:beta3 cpe:/a:opera:opera_browser:6.0:beta2 cpe:/a:opera:opera_browser:6.06 cpe:/a:opera:opera_browser:5.0:beta4 cpe:/a:opera:opera_browser:6.12 cpe:/a:opera:opera_browser:4.00:beta4 cpe:/a:opera:opera_browser:5.11 cpe:/a:opera:opera_browser:8.54 cpe:/a:opera:opera_browser:7.52 cpe:/a:opera:opera_browser:5.0:beta6 cpe:/a:opera:opera_browser:8.01 cpe:/a:opera:opera_browser:7.23 cpe:/a:opera:opera_browser:6.1:beta1 cpe:/a:opera:opera_browser:7.22 cpe:/a:opera:opera_browser:6.01 cpe:/a:opera:opera_browser:9.0:beta1 cpe:/a:opera:opera_browser:7.0 cpe:/a:opera:opera_browser:6.05 cpe:/a:opera:opera_browser:8.0:beta3 cpe:/a:opera:opera_browser:6.1 cpe:/a:opera:opera_browser:3.00 cpe:/a:opera:opera_browser:4.00:beta2 cpe:/a:opera:opera_browser:7.21 cpe:/a:opera:opera_browser:3.50 cpe:/a:opera:opera_browser:5.10 cpe:/a:opera:opera_browser:7.11:beta2 cpe:/a:opera:opera_browser:7.03 cpe:/a:opera:opera_browser:6.11 cpe:/a:opera:opera_browser:5.0:beta7 cpe:/a:opera:opera_browser:3.21 cpe:/a:opera:opera_browser:4.00 cpe:/a:opera:opera_browser:7.0:beta1_v2 cpe:/a:opera:opera_browser:8.0 cpe:/a:opera:opera_browser:7.54:update1 cpe:/a:opera:opera_browser:7.54:update2 cpe:/a:opera:opera_browser:8.51 cpe:/a:opera:opera_browser:7.10:beta1 cpe:/a:opera:opera_browser:3.62 cpe:/a:opera:opera_browser:5.0 cpe:/a:opera:opera_browser:6.0:beta1 cpe:/a:opera:opera_browser:8.02 cpe:/a:opera:opera_browser:4.01 cpe:/a:opera:opera_browser:5.02 cpe:/a:opera:opera_browser:6.0 cpe:/a:opera:opera_browser:2.10:beta1 cpe:/a:opera:opera_browser:6.0:tp2 cpe:/a:opera:opera_browser:7.01 cpe:/a:opera:opera_browser:6.04 cpe:/a:opera:opera_browser:5.0:beta8 cpe:/a:opera:opera_browser:6.02 cpe:/a:opera:opera_browser:7.53 cpe:/a:opera:opera_browser:4.00:beta6 cpe:/a:opera:opera_browser:8.50 cpe:/a:opera:opera_browser:9.01 cpe:/a:opera:opera_browser:3.51 cpe:/a:opera:opera_browser:9.0 cpe:/a:opera:opera_browser:2.10:beta2 cpe:/a:opera:opera_browser:6.0:tp1 cpe:/a:opera:opera_browser:5.0:beta3 cpe:/a:opera:opera_browser:8.0:beta1 cpe:/a:opera:opera_browser:7.51 cpe:/a:opera:opera_browser:2.10 cpe:/a:opera:opera_browser:3.61 cpe:/a:opera:opera_browser:8.52 cpe:/a:opera:opera_browser:7.20:beta7 cpe:/a:opera:opera_browser:7.0:beta2 cpe:/a:opera:opera_browser:6.0:tp3 cpe:/a:opera:opera_browser:7.10 cpe:/a:opera:opera_browser:7.54 cpe:/a:opera:opera_browser:1.00 cpe:/a:opera:opera_browser:2.00 cpe:/a:opera:opera_browser:7.50:beta1 cpe:/a:opera:opera_browser:7.50 cpe:/a:opera:opera_browser:8.0:beta2 cpe:/a:opera:opera_browser:7.20 cpe:/a:opera:opera_browser:7.0:beta1 cpe:/a:opera:opera_browser:7.02 cpe:/a:opera:opera_browser:3.60

CVE-2007-0127

2006-11-16T00:00:00.000-05:00

2007-01-08T21:28:00.000-05:00

2011-03-07T00:00:00.000-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-01-09T17:35:00.000-05:00

SECUNIA 23613 IDEFENSE 20070105 Opera Software Opera Web Browser createSVGTransformFromMatrix Object Typecasting Vulnerability VUPEN ADV-2007-0060 CONFIRM http://www.opera.com/support/search/supsearch.dml?index=851 GENTOO GLSA-200701-08 SECTRACK 1017473 SECUNIA 23771 SECUNIA 23739 OSVDB 31575 SUSE SUSE-SA:2007:009 The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call.

cpe:/a:digiappz:digirez:3.4

CVE-2007-0128

2007-01-09T06:28:00.000-05:00

2011-03-07T21:48:50.737-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T13:20:00.000-05:00

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0053 SECUNIA 23606 OSVDB 31677 MILW0RM 3081 SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter.

cpe:/a:locazo:locazolist_classifieds:2.01a_beta5

CVE-2007-0129

2007-01-09T06:28:00.000-05:00

2011-03-07T21:48:50.830-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T13:21:00.000-05:00

ALLOWS_OTHER_ACCESS

XF locazolist-main-sql-injection(31242) VUPEN ADV-2007-0052 OSVDB 35813 MILW0RM 3073 SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatID parameter.

cpe:/a:igeneric:ig_calendar:1.0

CVE-2007-0130

2007-01-09T06:28:00.000-05:00

2011-03-07T21:48:50.937-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T13:26:00.000-05:00

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0055 BID 21873 SECUNIA 23602 OSVDB 31678 XF igcalendar-user-sql-injection(31300) BUGTRAQ 20070105 IG Calendar SQL Injection MILW0RM 3082 SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

cpe:/a:jamwiki:jamwiki:0.4.3

CVE-2007-0131

2007-01-09T06:28:00.000-05:00

2008-11-15T01:38:54.280-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T13:31:00.000-05:00

ALLOWS_OTHER_ACCESS

CONFIRM http://sourceforge.net/project/shownotes.php?group_id=171441&release_id=475663 SECUNIA 23634 OSVDB 32581 XF jamwiki-permission-security-bypass(31296) BID 21879 JAMWiki before 0.5.0 does not properly check permissions during moves of "read-only or admin-only topics," which allows remote attackers to make unauthorized changes to the wiki.

cpe:/a:igeneric:ig_shop:1.4

CVE-2007-0132

2007-01-09T06:28:00.000-05:00

2011-03-07T21:48:51.110-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T13:33:00.000-05:00

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0056 SECUNIA 23604 MISC http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt OSVDB 33385 XF igshop-compareproduct-sql-injection(31299) BID 21874 BUGTRAQ 20070105 IG Shop remote code execution MILW0RM 3083 SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.

cpe:/a:igeneric:ig_shop:1.4

CVE-2007-0133

2007-01-09T06:28:00.000-05:00

2011-03-07T21:48:51.220-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T13:38:00.000-05:00

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0056 OSVDB 33386 Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter.

cpe:/a:igeneric:ig_shop:1.0 cpe:/a:igeneric:ig_shop:1.4

CVE-2007-0134

2007-01-09T06:28:00.000-05:00

2011-09-13T00:00:00.000-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T13:41:00.000-05:00

ALLOWS_OTHER_ACCESS

XF igshop-cartpage-code-execution(31301) VUPEN ADV-2007-0056 BID 21875 BUGTRAQ 20070619 iG Shop 1.4 eval Inclusion Vulnerability BUGTRAQ 20070105 IG Shop remote code execution VIM 20070618 Dup: iG Shop 1.4 (page.php) Remote Code Execution Exploit SECUNIA 23604 MISC http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt OSVDB 33388 OSVDB 33387 MILW0RM 3083 Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4.

cpe:/a:aratix:aratix:0.2.2_beta_11

CVE-2007-0135

2007-01-09T06:28:00.000-05:00

2011-03-07T21:48:51.407-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T13:45:00.000-05:00

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0054 VIM 20070108 Source verify of Aratix RFI MISC http://securityreason.com/exploitalert/1698 OSVDB 33405 XF aratix-init-file-include(31282) MILW0RM 3079 PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the current_path parameter.

cpe:/a:drupal:drupal:4.7.4 cpe:/a:drupal:drupal:4.6.10

CVE-2007-0136

2007-01-09T06:28:00.000-05:00

2011-03-07T21:48:51.517-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T13:50:00.000-05:00

ALLOWS_OTHER_ACCESS

CONFIRM http://drupal.org/node/104233 VUPEN ADV-2007-0050 OSVDB 32140 OSVDB 32139 FULLDISC 20070105 [DRUPAL-SA-2007-001] Drupal 4.6.11 / 4.7.5 fixes XF drupal-core-unspecified-xss(31311) BUGTRAQ 20070105 [DRUPAL-SA-2007-001] Drupal 4.6.11 / 4.7.5 fixes XSS issue CONFIRM http://drupal.org/files/sa-2007-001/advisory.txt Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information.

cpe:/a:serendipitynz:serene_bach:1.18r cpe:/a:serendipitynz:serene_bach:2.05r cpe:/a:serendipitynz:serene_bach:2.08d cpe:/a:serendipitynz:serene_bach_sb:1.13d

CVE-2007-0137

2007-01-09T06:28:00.000-05:00

2011-03-07T21:48:51.627-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T13:56:00.000-05:00

ALLOWS_OTHER_ACCESS

SECUNIA 23623 VUPEN ADV-2007-0065 CONFIRM http://serenebach.net/log/sb209R.html CONFIRM http://serenebach.net/log/sb119R.html OSVDB 32580 JVN JVN#65500885 XF serene-bach-unspecified-xss(31302) BID 21884 SECTRACK 1017470 Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ Serene Bach 2.05R and earlier, and 2.08D and earlier in the 2.08 series; and (2) sb 1.13D and earlier, and 1.18R and earlier in the 1.18 series; allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

cpe:/a:fersch:formbankserver:1.9

CVE-2007-0138

2007-01-09T06:28:00.000-05:00

2008-11-15T01:38:57.420-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T13:53:00.000-05:00

XF formbankserver-formbank-dos(31216) SECUNIA 23539 OSVDB 32546 formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with (1) AbfrageForm or (2) EingabeForm, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:hp:openvms:7.3::openvms_vax cpe:/a:hp:openvms:7.3_2::openvms_vax

CVE-2007-0139

2007-01-09T06:28:00.000-05:00

2011-03-07T21:48:51.847-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-10T07:09:00.000-05:00

ALLOWS_USER_ACCESS

SECUNIA 23636 CONFIRM ftp://ftp.itrc.hp.com/openvms_patches/vax/V7.3/VAX_DNVOSIMUP01-V0703.txt CONFIRM ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/AXP_DNVOSIMUP01-V0703-2.txt VUPEN ADV-2007-0063 OSVDB 32586 OSVDB 32585 OSVDB 32584 OSVDB 32583 Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain "unintended privileged access to data and system resources" via unspecified vectors, related to (1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.HLB, and (4) [SYSMGR]CTF$STARTUP.COM.

cpe:/a:kolayindir_download:kolayindir_download

CVE-2007-0140

2007-01-09T13:28:00.000-05:00

2011-03-07T21:48:51.953-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T14:02:00.000-05:00

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0079 BID 21889 BUGTRAQ 20070105 Kolayindir Download (Yenionline) (tr) SqL Injection Vuln. SECUNIA 23645 OSVDB 31625 XF kolayindirdownload-down-sql-injection(31320) SREASON 2122 SQL injection vulnerability in down.asp in Kolayindir Download (Yenionline) allows remote attackers to execute arbitrary SQL commands via the id parameter.

cpe:/a:yet_another_link_directory:yet_another_link_directory:1.0

CVE-2007-0141

2007-01-09T13:28:00.000-05:00

2011-03-07T21:48:52.047-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T14:06:00.000-05:00

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0082 BID 21904 BUGTRAQ 20070106 Yet Another Link Directory v1.0 SECUNIA 23646 OSVDB 31626 XF yald-yald-xss(31322) SREASON 2121 Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

cpe:/a:shopstorenow:e-commerce_shopping_cart

CVE-2007-0142

2007-01-09T13:28:00.000-05:00

2011-03-07T21:48:52.157-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T14:08:00.000-05:00

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0080 BID 21905 BUGTRAQ 20070106 shopstorenow (orange.asp) sql injection SECUNIA 23642 OSVDB 31665 XF shopstorenow-orange-sql-injection(31313) SREASON 2120 SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the CatID parameter.

cpe:/a:nune:news_script:2.0_pre2

CVE-2007-0143

2007-01-09T13:28:00.000-05:00

2011-03-07T21:48:52.250-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T14:20:00.000-05:00

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0078 SECUNIA 23635 OSVDB 31209 OSVDB 31208 MILW0RM 3090 XF nune-index-archives-file-include(31312) BUGTRAQ 20070107 NUNE News Script (custom_admin_path) Remote File Include Vulnerablity Multiple PHP remote file inclusion vulnerabilities in NUNE News Script 2.0pre2 allow remote attackers to execute arbitrary PHP code via a URL in the custom_admin_path parameter to (1) index.php or (2) archives.php.

cpe:/a:digitizing_quote_and_ordering_system:digitizing_quote_and_ordering_system:1.0

CVE-2007-0144

2007-01-09T13:28:00.000-05:00

2011-03-07T21:48:52.360-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T14:23:00.000-05:00

ALLOWS_OTHER_ACCESS

SECUNIA 23652 OSVDB 31690 XF qos-search-xss(31321) MILW0RM 3089 Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter.

cpe:/a:bingo_news:bingo_news:3.01

CVE-2007-0145

2007-01-09T13:28:00.000-05:00

2008-11-15T01:38:59.267-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T14:26:00.000-05:00

ALLOWS_OTHER_ACCESS

SECTRACK 1017477 OSVDB 35898 XF bingo-bnsmrep1-file-include(31328) PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP News (BP News) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter, a different vector than CVE-2006-4648 and CVE-2006-4649.

cpe:/a:fix_and_chips_computer_services:fix_and_chips_cms:1.0

CVE-2007-0146

2007-01-09T13:28:00.000-05:00

2011-03-07T21:48:52.533-05:00

6.0

NETWORK

MEDIUM

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2007-01-09T14:30:00.000-05:00

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0081 BUGTRAQ 20070106 Fix & Chips CMS v1.0 SECUNIA 23625 XF fixandchips-multiple-scripts-xss(31319) OSVDB 32650 OSVDB 32649 OSVDB 32648 OSVDB 32647 OSVDB 32646 SREASON 2119 Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6) Address 2, (7) Town/City, (8) Postcode, (9) Phone Number, (10) Email Address and (11) Website Address form fields in (c) new_customer.php; and unspecified fields in (d) search.php and (e) client-results.php.

cpe:/a:cuyahoga:cuyahoga:1.0.0

CVE-2007-0147

2007-01-09T13:28:00.000-05:00

2008-11-15T01:38:59.813-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2007-01-09T14:32:00.000-05:00

CONFIRM http://www.cuyahoga-project.org/10/section.aspx/61 SECUNIA 23662 CONFIRM http://cuyahoga.svn.sourceforge.net/viewvc/cuyahoga?view=rev&revision=551 OSVDB 32643 BID 21927 Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles.

cpe:/a:omnigroup:omniweb:5.5.1

CVE-2007-0148

2007-01-09T13:28:00.000-05:00

2011-03-07T21:48:52.750-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T14:34:00.000-05:00

ALLOWS_USER_ACCESS

CONFIRM http://www.omnigroup.com/applications/omniweb/releasenotes/ SECUNIA 23624 VUPEN ADV-2007-0075 MISC http://projects.info-pull.com/moab/MOAB-07-01-2007.html OSVDB 31222 XF omniweb-alert-format-string(31324) BID 21911 BUGTRAQ 20070111 DMA[2007-0107a] OmniWeb Javascript Alert Format String Vulnerabiity and DMA[2007-0109a] Apple Finder Disk Image Volume Label Overflow / DoS MISC http://www.digitalmunition.com/DMA%5B2007-0107a%5D.txt MILW0RM 3098 CONFIRM http://blog.omnigroup.com/2007/01/07/omniweb-552-now-available-and-more-secure/ Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function.

cpe:/a:ememberspro:ememberspro:1.0

CVE-2007-0149

2007-01-09T13:28:00.000-05:00

2008-11-15T01:39:00.547-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T14:37:00.000-05:00

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070107 EMembersPro 1.0 Remote Password Disclosure Vulnerability OSVDB 33403 XF ememberspro-users-info-disclosure(31329) SREASON 2118 EMembersPro 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for users.mdb.

cpe:/a:dayfox_designs:dayfox_blog:4

CVE-2007-0150

2007-01-09T13:28:00.000-05:00

2011-03-07T21:48:52.907-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T14:39:00.000-05:00

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0099 BUGTRAQ 20070107 Dayfox Blog Remote File Include Vuln. OSVDB 31259 XF dayfoxblog-index-file-include(31336) SREASON 2117 SECUNIA 23661 Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters.

cpe:/a:mitisoft:mitisoft

CVE-2007-0151

2007-01-09T13:28:00.000-05:00

2008-11-15T01:39:01.000-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T15:45:00.000-05:00

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070107 MitiSoft Remote Password Disclosure Vulnerability OSVDB 33409 XF mitisoft-mitisoft-info-disclosure(31341) MitiSoft stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for access_MS/MitiSoft.mdb.

cpe:/a:ohhasp:ohhasp

CVE-2007-0152

2007-01-09T13:28:00.000-05:00

2008-11-15T01:39:01.170-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T15:47:00.000-05:00

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070106 ohhASP Remote Password Disclosure OSVDB 33381 MISC http://64.38.62.221/ariasecucom/forum/showthread.php?t=89 XF ohhasp-ohhasp-info-disclosure(31342) OhhASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/OhhASP.mdb.

cpe:/a:adam_jarret:ajlogin:3.5

CVE-2007-0153

2007-01-09T13:28:00.000-05:00

2008-11-15T01:39:01.390-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T15:48:00.000-05:00

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070107 AJLogin v3.5 Remote Password Disclosure Vulnerability OSVDB 33404 XF ajlogin-ajlogin-info-disclosure(31331) SREASON 2127 AJLogin 3.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for ajlogin.mdb.

cpe:/a:webulas:webulas

CVE-2007-0154

2007-01-09T13:28:00.000-05:00

2008-11-15T01:39:01.797-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T15:49:00.000-05:00

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070107 Webulas Remote Password Disclosure Vulnerability OSVDB 33401 XF webulas-db-info-disclosure(31338) SREASON 2126 Webulas stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/db.mdb.

cpe:/a:harikaonline:harikaonline:2.0

CVE-2007-0155

2007-01-09T13:28:00.000-05:00

2008-11-15T01:39:02.000-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T15:49:00.000-05:00

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070107 HarikaOnline v2.0 Remote Password Disclosure Vulnerability OSVDB 33410 XF harikaonline-harikaonline-info-disclosure(31339) SREASON 2125 HarikaOnline 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for harikaonline.mdb.

cpe:/a:m-core:m-core

CVE-2007-0156

2007-01-09T13:28:00.000-05:00

2008-11-15T01:39:02.360-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-09T15:50:00.000-05:00

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070107 M-Core Remote Password Disclosure Vulnerability OSVDB 33402 XF mcore-uyelik-info-disclosure(31340) SREASON 2124 M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb.

cpe:/a:neon:neon:0.26.2 cpe:/a:neon:neon:0.26.1 cpe:/a:neon:neon:0.26.0

CVE-2007-0157

2007-01-09T16:28:00.000-05:00

2011-03-07T21:48:53.487-05:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-01-09T16:38:00.000-05:00

VUPEN ADV-2007-0362 VUPEN ADV-2007-0172 OSVDB 39247 MLIST [neon] 20070107 invalid chars cause sigserv in neon CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404723 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi/neon26_0.26.2-3_to_mdx1.diff?bug=404723;msg=5;att=2 CONFIRM http://www.webdav.org/cadaver/ BID 22035 SUSE SUSE-SR:2007:002 MANDRIVA MDKSA-2007:013 SECUNIA 23984 SECUNIA 23763 SECUNIA 23751 MLIST [cadaver] 20070123 release 0.22.5 Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index.

cpe:/a:geoip:geoip:1.4.0

CVE-2007-0159

2007-01-09T19:28:00.000-05:00

2011-03-07T21:48:53.610-05:00

6.4

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-10T09:30:00.000-05:00

MISC http://arctic.org/~dean/patches/GeoIP-1.4.0-update-vulnerability.patch VUPEN ADV-2007-0118 VUPEN ADV-2007-0117 OSVDB 31618 XF geoip-geoipupdate-directory-traversal(31383) UBUNTU USN-412-1 BID 21959 MANDRIVA MDKSA-2007:004 SECUNIA 23906 SECUNIA 23880 Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the database filename, which is returned by a request to app/update_getfilename.

cpe:/a:centericq:centericq:4.14 cpe:/a:centericq:centericq:4.13 cpe:/a:centericq:centericq:4.20 cpe:/a:centericq:centericq:4.12 cpe:/a:centericq:centericq:4.21 cpe:/a:centericq:centericq:4.9.12 cpe:/a:centericq:centericq:4.9.11

CVE-2007-0160

2007-01-09T19:28:00.000-05:00

2011-08-01T00:00:00.000-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-10T09:38:00.000-05:00

ALLOWS_OTHER_ACCESS

XF centericq-username-bo(31330) VUPEN ADV-2007-0306 BID 21932 BUGTRAQ 20070107 TK53 Advisory #1: CenterICQ remote DoS buffer overflow in LiveJournal handling GENTOO GLSA-200701-20 SECTRACK 1017545 SREASON 2129 OSVDB 33408 Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings.

cpe:/a:hp:pml_driver_hpz12 cpe:/h:hp:psc_2200 cpe:/h:hp:psc_2100 cpe:/h:hp:psc_2510_photosmart cpe:/h:hp:officejet_k cpe:/h:hp:psc_900 cpe:/h:hp:officejet_d cpe:/h:hp:officejet_4100 cpe:/h:hp:officejet_7100 cpe:/h:hp:officejet_6100 cpe:/h:hp:psc_2400_photosmart_all-in-one cpe:/h:hp:officejet_5500 cpe:/h:hp:psc_1100 cpe:/h:hp:psc_700 cpe:/h:hp:psc_1300 cpe:/h:hp:psc_1200 cpe:/h:hp:psc_1210_all-in-one cpe:/h:hp:officejet_g cpe:/h:hp:color_laserjet_4650 cpe:/h:hp:psc_2500_photosmart_all-in-one cpe:/h:hp:officejet_5100

CVE-2007-0161

2006-05-29T00:00:00.000-04:00

2007-01-09T19:28:00.000-05:00

2011-03-07T21:48:53.830-05:00

4.1

LOCAL

MEDIUM

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2007-01-10T09:41:00.000-05:00

ALLOWS_USER_ACCESS

VUPEN ADV-2007-0094 BID 21935 BUGTRAQ 20070108 HP Multiple Products PML Driver Local Privilege Escalation MISC http://secway.org/advisory/AD20070108.txt SECUNIA 23663 OSVDB 32654 XF pml-driver-config-privilege-escalation(31361) SREASON 2128 The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023.

cpe:/a:unsanity:application_enhancer:2.0.2

CVE-2007-0162

2007-01-09T19:28:00.000-05:00

2008-11-15T01:39:04.187-05:00

6.8

LOCAL

LOW

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

2007-01-10T09:47:00.000-05:00

ALLOWS_ADMIN_ACCESS

MISC http://projects.info-pull.com/moab/MOAB-08-01-2007.html OSVDB 32661 MISC http://landonf.bikemonkey.org/code/macosx/MOAB_Day_8.20070109002959.18582.timor.html XF ape-appenhancer-privilege-escalation(31349) BID 21951 SECUNIA 23649 Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing the binary or library files.

cpe:/a:securekit:securekit_steganography:1.8 cpe:/a:securekit:securekit_steganography:1.7.1

CVE-2007-0163

2007-01-09T19:28:00.000-05:00

2008-11-15T01:39:04.420-05:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov

2007-01-10T09:44:00.000-05:00

BUGTRAQ 20070106 Cracking Steganography Application in less than ONE minute SECUNIA 23639 OSVDB 31244 MISC http://homepage.mac.com/adonismac/Advisory/steg/steganography.html XF steganography-password-security-bypass(31378) BUGTRAQ 20070107 A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version) SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information.

cpe:/a:camouflage:camouflage:1.2.1

CVE-2007-0164

2007-01-09T19:28:00.000-05:00

2008-11-15T01:39:04.780-05:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov

2007-01-10T09:46:00.000-05:00

BID 21939 SECUNIA 23578 OSVDB 32651 MISC http://homepage.mac.com/adonismac/Advisory/steg/camouflage.html XF camouflage-password-security-bypass(31375) BUGTRAQ 20070107 A Major design Bug in Camouflage 1.2.1 (latest) Camouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing certain bytes of the JPEG image with alternate password information.

cpe:/o:sun:solaris:9.0::sparc cpe:/o:sun:solaris:8.0

CVE-2007-0165

2007-01-09T19:28:00.000-05:00

2011-03-07T21:48:54.250-05:00

7.8

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-01-10T09:48:00.000-05:00

SUNALERT 102713 VUPEN ADV-2007-0110 OSVDB 31576 XF solaris-rpcbind-dos(31366) BID 21964 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-036.htm SECTRACK 1017492 SECUNIA 24056 SECUNIA 23700 Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.

cpe:/o:freebsd:freebsd:6.2 cpe:/o:freebsd:freebsd:5.3

CVE-2007-0166

2007-01-11T15:28:00.000-05:00

2008-11-15T01:39:05.280-05:00

6.6

LOCAL

MEDIUM

SINGLE_INSTANCE

COMPLETE

http://nvd.nist.gov

2007-01-12T09:22:00.000-05:00

ALLOWS_ADMIN_ACCESS

FREEBSD FreeBSD-SA-07:01 OSVDB 32726 BID 22011 SECTRACK 1017505 SECUNIA 23730 The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack.

cpe:/a:ppc_search_engine:ppc_search_engine:1.61 cpe:/a:wgs-ppc:wgs-ppc

CVE-2007-0167

2007-01-09T20:28:00.000-05:00

2011-03-07T21:48:54.423-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-10T09:54:00.000-05:00

ALLOWS_OTHER_ACCESS

BID 21961 BUGTRAQ 20070109 ppc engine Multiple file inclusion VIM 20070109 "ppc engine" is WGS-PPC XF demoppc-inc-file-include(31355) OSVDB 33454 OSVDB 33453 OSVDB 33452 OSVDB 33451 OSVDB 33450 OSVDB 33449 OSVDB 33448 OSVDB 33447 OSVDB 33446 OSVDB 33445 OSVDB 33444 SREASON 2134 MILW0RM 3104 Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with other aliases, allow remote attackers to execute arbitrary PHP code via a URL in the INC parameter in (1) config_admin.php, (2) config_main.php, (3) config_member.php, and (4) mysql_config.php in config/; (5) admin.php and (6) index.php in admini/; (7) paypalipn/ipnprocess.php; (8) index.php and (9) registration.php in members/; and (10) ppcbannerclick.php and (11) ppcclick.php in main/.

cpe:/a:ca:business_protection_suite:2.0 cpe:/a:ca:brightstor_enterprise_backup:10.5 cpe:/a:ca:brightstor_arcserve_backup:11.5 cpe:/a:ca:brightstor_arcserve_backup:9.01

CVE-2007-0168

2007-01-11T17:28:00.000-05:00

2011-03-07T21:48:56.767-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-12T09:26:00.000-05:00

ALLOWS_OTHER_ACCESS

CERT-VN VU#662400 CONFIRM http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp MISC http://www.zerodayinitiative.com/advisories/ZDI-07-002.html VUPEN ADV-2007-0154 OSVDB 31327 XF brightstor-tapeengine-code-execution(31442) BID 22010 BUGTRAQ 20070111 ZDI-07-002: CA BrightStor ARCserve Backup Tape Engine Code Execution Vulnerability BUGTRAQ 20070111 [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities BUGTRAQ 20070111 LS-20061002 - Computer Associates BrightStor ARCserve Backup Remote Code Execution Vulnerability MISC http://www.lssec.com/advisories/LS-20061002.pdf SECTRACK 1017506 SECUNIA 23648 MISC http://livesploit.com/advisories/LS-20061002.pdf The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed.

cpe:/a:ca:business_protection_suite:2.0 cpe:/a:ca:brightstor_enterprise_backup:10.5 cpe:/a:ca:brightstor_arcserve_backup:11.5 cpe:/a:ca:brightstor_arcserve_backup:9.01

CVE-2007-0169

2007-01-11T17:28:00.000-05:00

2011-03-07T00:00:00.000-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-12T09:29:00.000-05:00

ALLOWS_OTHER_ACCESS

CERT-VN VU#180336 CERT-VN VU#151032 CONFIRM http://supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp XF brightstor-messageengine-rpc-bo(31443) XF brightstor-tapeengine-rpc-bo(31433) MISC http://www.zerodayinitiative.com/advisories/ZDI-07-004.html MISC http://www.zerodayinitiative.com/advisories/ZDI-07-003.html VUPEN ADV-2007-0154 BID 22006 BID 22005 BUGTRAQ 20070111 ZDI-07-003: CA BrightStor ARCserve Backup Message Engine Buffer Overflow Vulnerability BUGTRAQ 20070111 ZDI-07-004: CA BrightStor ARCserve Backup Tape Engine Buffer Overflow Vulnerability BUGTRAQ 20070111 [CAID 34955, 34956, 34957, 34958, 34959, 34817]: CA BrightStor ARCserve Backup Multiple Overflow Vulnerabilities SECTRACK 1017506 SECUNIA 23648 OSVDB 31327 IDEFENSE 20070111 Computer Associates BrightStor ARCserve Backup RPC Engine PFC Request Buffer Overflow Vulnerability Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service, or opnum (3) 0xCF in the Tape Engine service.

cpe:/a:allmyphp:allmyvisitors:0.4.0

CVE-2007-0170

2007-01-10T19:28:00.000-05:00

2011-03-07T21:48:56.953-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-11T08:00:00.000-05:00

ALLOWS_OTHER_ACCESS

XF allmyvisitors-index-file-include(31316) BID 21917 OSVDB 35904 MILW0RM 3097 PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMV_serverpath parameter.

cpe:/a:voice_of_web:allmylinks:0.4 cpe:/a:voice_of_web:allmylinks:0.5 cpe:/a:voice_of_web:allmylinks:0.4.3 cpe:/a:voice_of_web:allmylinks:0.4.1 cpe:/a:voice_of_web:allmylinks:0.4.9 cpe:/a:voice_of_web:allmylinks:0.4.4

CVE-2007-0171

2007-01-10T19:28:00.000-05:00

2011-03-07T21:48:57.017-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-11T10:01:00.000-05:00

ALLOWS_OTHER_ACCESS

XF allmylinks-index-file-include(31314) BID 21916 OSVDB 35909 MILW0RM 3096 PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter.

cpe:/a:voice_of_web:allmyguests:0.3

CVE-2007-0172

2007-01-10T19:28:00.000-05:00

2011-03-07T21:48:57.110-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-11T10:15:00.000-05:00

ALLOWS_OTHER_ACCESS

XF allmyguests-multiple-file-include(31310) BID 21918 OSVDB 35923 OSVDB 35921 OSVDB 35919 OSVDB 35917 OSVDB 35916 OSVDB 35915 MILW0RM 3093 Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and (2) signin.php; and possibly via a URL in unspecified parameters to (3) include/submit.inc.php, (4) admin/index.php, (5) include/cm_submit.inc.php, and (6) index.php.

cpe:/a:l2j:statistik_script:0.09

CVE-2007-0173

2007-01-10T19:28:00.000-05:00

2011-03-07T21:48:57.187-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-11T10:45:00.000-05:00

ALLOWS_OTHER_ACCESS

XF l2j-statistik-index-file-include(31309) VUPEN ADV-2007-0097 BID 21914 OSVDB 35914 MILW0RM 3091 Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.

cpe:/a:sina:sina:uc2006

CVE-2007-0174

2007-01-10T19:28:00.000-05:00

2011-03-07T21:48:57.297-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-11T10:53:00.000-05:00

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0093 MISC http://secway.org/advisory/ad20070109EN.txt SECUNIA 23638 OSVDB 32659 FULLDISC 20070109 Sina UC ActiveX Multiple Remote Stack Overflow XF sinauc-senddownloadfile-bo(31350) XF sinauc-sendchatroomopt-bo(31348) BID 21958 BUGTRAQ 20070109 Sina UC ActiveX Multiple Remote Stack Overflow Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ActiveX Control in Sina UC2006 and earlier allow remote attackers to execute arbitrary code via a long string in the (1) astrVerion parameter to the SendChatRoomOpt function or (2) the astrDownDir parameter to the SendDownLoadFile function.

cpe:/a:b2evolution:b2evolution:1.8.6 cpe:/a:b2evolution:b2evolution:1.8.5 cpe:/a:b2evolution:b2evolution:1.8.2

CVE-2007-0175

2007-01-10T19:28:00.000-05:00

2008-11-15T01:39:08.547-05:00

4.3

NETWORK

MEDIUM

NONE

PARTIAL

NONE

http://nvd.nist.gov

2007-01-11T11:05:00.000-05:00

XF b2evolution-login-xss(31368) BID 21953 DEBIAN DSA-1568 SECUNIA 30093 SECUNIA 23656 OSVDB 32027 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=410568 Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter.

cpe:/a:gforge:gforge:4.5.11

CVE-2007-0176

2007-01-10T19:28:00.000-05:00

2008-11-15T01:39:09.640-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-11T11:14:00.000-05:00

BID 21946 BUGTRAQ 20070108 GForge Cross Site Scripting vulnerability MISC http://www.eazel.es/advisory006-gforge-cross-site-scripting-vulnerability.html SECTRACK 1017482 SECUNIA 23675 OSVDB 31248 XF gforge-words-xss(31346) DEBIAN DSA-1475 SREASON 2133 SECUNIA 28598 Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter.

cpe:/a:mediawiki:mediawiki:1.6.0 cpe:/a:mediawiki:mediawiki:1.6.3 cpe:/a:mediawiki:mediawiki:1.7.1 cpe:/a:mediawiki:mediawiki:1.8.1 cpe:/a:mediawiki:mediawiki:1.6.4 cpe:/a:mediawiki:mediawiki:1.7.0 cpe:/a:mediawiki:mediawiki:1.8.2 cpe:/a:mediawiki:mediawiki:1.6.1 cpe:/a:mediawiki:mediawiki:1.8.0 cpe:/a:mediawiki:mediawiki:1.9.0:rc2 cpe:/a:mediawiki:mediawiki:1.6.5_r14348 cpe:/a:mediawiki:mediawiki:1.6.2 cpe:/a:mediawiki:mediawiki:1.6.6 cpe:/a:mediawiki:mediawiki:1.6.5

CVE-2007-0177

2007-01-10T19:28:00.000-05:00

2011-03-07T21:48:57.563-05:00

5.1

NETWORK

HIGH

NONE

PARTIAL

http://nvd.nist.gov

2007-01-11T11:53:00.000-05:00

ALLOWS_OTHER_ACCESS

BID 21956 CONFIRM http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_9_0RC2/phase3/RELEASE-NOTES CONFIRM http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_8_3/phase3/RELEASE-NOTES CONFIRM http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_7_2/phase3/RELEASE-NOTES CONFIRM http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_6_9/phase3/RELEASE-NOTES CONFIRM http://sourceforge.net/forum/forum.php?forum_id=652721 VUPEN ADV-2007-0096 SECUNIA 23647 OSVDB 31525 XF mediawiki-ajax-unspecified-xss(31359) SUSE SUSE-SR:2007:006 SECUNIA 24889 Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

cpe:/a:php_web_scripts:easy_banner_pro:2.8

CVE-2007-0178

2007-01-10T19:28:00.000-05:00

2008-11-15T01:39:10.467-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-11T11:55:00.000-05:00

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070108 Easy Banner Pro Version 2.8 <= Remote File Inclusion OSVDB 33455 XF easybannerpro-info-file-include(31374) BID 21967 SREASON 2132 PHP remote file inclusion vulnerability in info.php in Easy Banner Pro 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter.

cpe:/a:phpkit:phpkit:1.6.1:rc2

CVE-2007-0179

2007-01-10T19:28:00.000-05:00

2008-11-15T01:39:11.063-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-11T12:00:00.000-05:00

ALLOWS_OTHER_ACCESS

BID 21962 BUGTRAQ 20070109 Re: PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit OSVDB 31266 SREASON 2131 SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter.

cpe:/a:ef_software:ef_commander:5.75

CVE-2007-0180

2007-01-10T19:28:00.000-05:00

2008-11-15T01:39:11.687-05:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2007-01-11T12:04:00.000-05:00

ALLOWS_ADMIN_ACCESS

MISC http://vuln.sg/efcommander575-en.html SECUNIA 23659 OSVDB 32660 XF efcommander-iso-pathname-bo(31365) BID 21969 Stack-based buffer overflow in EF Commander 5.75 allows user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories, which produces a large filename that triggers the overflow.

cpe:/a:scriptaty:magic_photo_storage_website

CVE-2007-0181

2007-01-10T21:28:00.000-05:00

2011-03-07T21:48:58.157-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-11T12:28:00.000-05:00

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0136 BUGTRAQ 20070108 magic photo storage website Remote File Inclusion XF magicphotostorage-config-file-include(31347) BID 21965 SECUNIA 23687 MILW0RM 3100 PHP remote file inclusion vulnerability in include/common_function.php in magic photo storage website allows remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter.

cpe:/a:scriptaty:magic_photo_storage_website

CVE-2007-0182

2007-01-12T00:04:00.000-05:00

2008-09-05T17:17:13.307-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-12T10:07:00.000-05:00

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070108 magic photo storage website Multiple Remote File Inclusion BID 21965 OSVDB 33439 OSVDB 33438 OSVDB 33437 OSVDB 33436 OSVDB 33435 OSVDB 33434 OSVDB 33433 OSVDB 33432 OSVDB 33431 OSVDB 33430 OSVDB 33429 OSVDB 33428 OSVDB 33427 OSVDB 33426 OSVDB 33425 OSVDB 33423 OSVDB 33422 OSVDB 33421 OSVDB 33420 OSVDB 33419 OSVDB 33418 OSVDB 33417 OSVDB 33416 OSVDB 33415 OSVDB 33414 OSVDB 33413 OSVDB 33412 OSVDB 33411 OSVDB 32668 SREASON 2136 Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5) admin_paypal_email.php, (6) approve_member.php, (7) delete_member.php, (8) index.php, (9) list_members.php, (10) membership_pricing.php, or (11) send_email.php in admin/; (12) config.php or (13) db_config.php in include/; or (14) add_category.php, (15) add_news.php, (16) change_catalog_template.php, (17) couple_milestone.php, (18) couple_profile.php, (19) delete_category.php, (20) index.php, (21) login.php, (22) logout.php, (23) register.php, (24) upload_photo.php, (25) user_catelog_password.php, (26) user_email.php, (27) user_extend.php, or (28) user_membership_password.php in user/. NOTE: the include/common_function.php vector is already covered by another candidate from the same date.

cpe:/a:sun:iplanet_web_server:4.1:sp1 cpe:/a:sun:iplanet_web_server:4.1:sp1:enterprise cpe:/a:sun:iplanet_web_server:4.1:sp8 cpe:/a:sun:iplanet_web_server:4.1:sp2 cpe:/a:sun:iplanet_web_server:4.1:sp2:enterprise cpe:/a:sun:iplanet_web_server:4.1:sp10 cpe:/a:sun:iplanet_web_server:4.1:sp7:enterprise cpe:/a:sun:iplanet_web_server:4.1:sp9:enterprise cpe:/a:sun:iplanet_web_server:4.1:sp9 cpe:/a:sun:iplanet_web_server:4.1:sp5:enterprise cpe:/a:sun:iplanet_web_server:4.1:sp5 cpe:/a:sun:iplanet_web_server:4.1:sp3 cpe:/a:sun:iplanet_web_server:4.1:sp3:enterprise cpe:/a:sun:iplanet_web_server:4.1:sp8:enterprise cpe:/a:sun:iplanet_web_server:4.1:sp6 cpe:/a:sun:iplanet_web_server:4.1 cpe:/a:sun:iplanet_web_server:4.1:sp7 cpe:/a:sun:iplanet_web_server:4.1:sp10:enterprise cpe:/a:sun:iplanet_web_server:4.1:sp4:enterprise cpe:/a:sun:iplanet_web_server:4.1:sp6:enterprise cpe:/a:sun:iplanet_web_server:4.1:sp4

CVE-2007-0183

2007-01-12T00:04:00.000-05:00

2008-11-15T01:39:12.127-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-12T10:33:00.000-05:00

ALLOWS_OTHER_ACCESS

BID 21977 SECUNIA 23605 OSVDB 32662 Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

cpe:/a:getahead:direct_web_remoting:1.1.0 cpe:/a:getahead:direct_web_remoting:1.0 cpe:/a:getahead:direct_web_remoting:0.7 cpe:/a:getahead:direct_web_remoting:1.1.3 cpe:/a:getahead:direct_web_remoting:1.1.2 cpe:/a:getahead:direct_web_remoting:0.8 cpe:/a:getahead:direct_web_remoting:1.1.1 cpe:/a:getahead:direct_web_remoting:0.9

CVE-2007-0184

2007-01-12T00:04:00.000-05:00

2011-03-07T21:48:58.423-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-12T13:32:00.000-05:00

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0095 BID 21955 SECUNIA 23641 OSVDB 32657 SUSE SUSE-SR:2009:004 CONFIRM http://getahead.ltd.uk/dwr/changelog XF dwr-include-exclude-security-bypass(31377) Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.

CVE-2007-0185

2007-01-12T00:04:00.000-05:00

2011-03-07T21:48:58.500-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-12T13:34:00.000-05:00

SECUNIA 23641 VUPEN ADV-2007-0095 BID 21955 OSVDB 32658 SUSE SUSE-SR:2009:004 CONFIRM http://getahead.ltd.uk/dwr/changelog XF dwr-servlet-engine-dos(31382) Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to cause a denial of service (memory exhaustion and servlet outage) via unknown vectors related to a large number of calls in a batch.

cpe:/h:f5:firepass_4100

CVE-2007-0186

2007-01-12T00:04:00.000-05:00

2008-09-05T17:17:14.010-04:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-12T14:53:00.000-05:00

ALLOWS_OTHER_ACCESS

CONFIRM https://tech.f5.com/home/solutions/sol6920.html CONFIRM https://tech.f5.com/home/solutions/sol6919.html BID 21957 MISC http://www.mnin.org/advisories/2007_firepass.pdf SECUNIA 23643 SECUNIA 23627 FULLDISC 20070106 NNL-Labs & MNIN - F5 FirePass Security Advisory OSVDB 32743 OSVDB 32742 OSVDB 32741 OSVDB 32740 OSVDB 32739 OSVDB 32738 OSVDB 32737 Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an <FP_DO_NOT_TOUCH> element; and (13) the vhost parameter to my.activation.php. NOTE: it is possible that this candidate overlaps CVE-2006-3550.

cpe:/h:f5:firepass:5.5.1 cpe:/h:f5:firepass:5.4.4 cpe:/h:f5:firepass:5.4.3 cpe:/h:f5:firepass:5.4.5 cpe:/h:f5:firepass:5.4.7 cpe:/h:f5:firepass:5.5.2 cpe:/h:f5:firepass:5.4.6 cpe:/h:f5:firepass:5.4 cpe:/h:f5:firepass:5.4.9 cpe:/h:f5:firepass:5.4.8 cpe:/h:f5:firepass:5.4.2 cpe:/h:f5:firepass:5.5 cpe:/h:f5:firepass:6.0 cpe:/h:f5:firepass:5.4.1

CVE-2007-0187

2007-01-12T00:04:00.000-05:00

2008-11-15T01:39:13.937-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-12T14:59:00.000-05:00

ALLOWS_OTHER_ACCESS

CONFIRM https://tech.f5.com/home/solutions/sol6924.html BID 21957 MISC http://www.mnin.org/advisories/2007_firepass.pdf OSVDB 39167 FULLDISC 20070105 NNL-Labs & MNIN - F5 FirePass Security Advisory CONFIRM https://tech.f5.com/home/solutions/sol6916.html SECUNIA 23640 SECUNIA 23626 FULLDISC 20070106 NNL-Labs & MNIN - F5 FirePass Security Advisory F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name.

CVE-2007-0188

2007-01-12T00:04:00.000-05:00

2008-09-05T17:17:14.387-04:00

6.5

NETWORK

LOW

SINGLE_INSTANCE

PARTIAL

http://nvd.nist.gov

2007-01-12T15:25:00.000-05:00

ALLOWS_OTHER_ACCESS

CONFIRM https://tech.f5.com/home/solutions/sol6922.html BID 21957 MISC http://www.mnin.org/advisories/2007_firepass.pdf OSVDB 32734 SECUNIA 23640 FULLDISC 20070106 NNL-Labs & MNIN - F5 FirePass Security Advisory F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources.

cpe:/a:geobb:georgian_bulletin_board

CVE-2007-0189

2007-01-12T00:04:00.000-05:00

2008-11-15T01:39:14.280-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-12T15:31:00.000-05:00

ALLOWS_OTHER_ACCESS

XF geobb-index-file-include(31335) BUGTRAQ 20070107 GeoBB Georgian Bulletin Board Remote File Include Vuln. VIM 20070110 Dispute of GeoBB RFI OSVDB 33440 SREASON 2141 ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. NOTE: CVE disputes this issue, since GeoBB 1.0 sets $action to a whitelisted value.

cpe:/a:edit-x:ecommerce

CVE-2007-0190

2007-01-12T00:04:00.000-05:00

2011-03-07T21:48:59.000-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-12T15:36:00.000-05:00

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0158 BUGTRAQ 20070109 edit-x ecommerce (include_dir) Remote File include XF editx-editaddress-file-include(31384) BID 21974 SREASON 2139 PHP remote file inclusion vulnerability in edit_address.php in edit-x ecommerce allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter.

cpe:/a:mkportal:mkportal

CVE-2007-0191

2007-01-12T00:04:00.000-05:00

2008-11-15T01:39:14.670-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-12T15:37:00.000-05:00

ALLOWS_OTHER_ACCESS

XF mkportal-admin-xss(31304) BUGTRAQ 20070105 MkPortal Admin XSS OSVDB 33399 SREASON 2138 Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contents_new operation in the ad_contents section.

cpe:/a:mkportal:mkportal

CVE-2007-0192

2007-01-12T00:04:00.000-05:00

2008-11-15T01:39:14.890-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-12T15:43:00.000-05:00

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070104 MkPortal "All Guests are Admin" Exploit OSVDB 33400 SREASON 2137 Cross-site request forgery (CSRF) vulnerability in the save_main operation in the ad_perms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka the "All Guests are Admin" attack.

cpe:/a:fon:la_fonera

CVE-2007-0193

2007-01-12T00:04:00.000-05:00

2008-11-15T01:39:15.093-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-12T15:50:00.000-05:00

ALLOWS_OTHER_ACCESS

BUGTRAQ 20070107 Re: FON Router allows anonymous web access BUGTRAQ 20070106 FON Router allows anonymous web access OSVDB 33441 FON La Fonera routers do not properly limit DNS service access by unauthenticated clients, which allows remote attackers to tunnel traffic via DNS requests for hosts that should not be accessible before authentication.

cpe:/a:mkportal:mkportal:1.1_rc1

CVE-2007-0194

2007-01-12T00:04:00.000-05:00

2008-11-15T01:39:15.250-05:00

7.8

NETWORK

LOW

NONE

COMPLETE

NONE

http://nvd.nist.gov

2007-01-12T15:50:00.000-05:00

BUGTRAQ 20070108 MKPortal Full Path Disclosure OSVDB 33407 XF mkportal-admin-path-disclosure(31333) admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensitive information via a direct request with an MK_PATH=1 query string, which reveals the path in an error message.

cpe:/h:f5:firepass:5.5.1 cpe:/h:f5:firepass:5.4.4 cpe:/h:f5:firepass:5.4.9 cpe:/h:f5:firepass:5.4 cpe:/h:f5:firepass:5.4.8 cpe:/h:f5:firepass:5.4.3 cpe:/h:f5:firepass:5.4.5 cpe:/h:f5:firepass:5.4.2 cpe:/h:f5:firepass:5.5 cpe:/h:f5:firepass:5.4.7 cpe:/h:f5:firepass:6.0 cpe:/h:f5:firepass:5.4.6 cpe:/h:f5:firepass:5.4.1

CVE-2007-0195

2007-01-12T00:04:00.000-05:00

2008-09-05T17:17:15.480-04:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2007-01-12T15:52:00.000-05:00

CONFIRM https://tech.f5.com/home/solutions/sol6923.html BID 21957 MISC http://www.mnin.org/advisories/2007_firepass.pdf OSVDB 32736 SECUNIA 23627 FULLDISC 20070106 NNL-Labs & MNIN - F5 FirePass Security Advisory my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account.

cpe:/a:motionborg:motionborg_web_real_estate:2.1

CVE-2007-0196

2007-01-11T06:28:00.000-05:00

2011-08-08T00:00:00.000-04:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-11T12:30:00.000-05:00

ALLOWS_OTHER_ACCESS

XF motionborg-admincheckuser-sql-injection(31360) VUPEN ADV-2007-0143 BID 21963 SECUNIA 23531 OSVDB 32718 MILW0RM 3105 SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other parameters. NOTE: some details were obtained from third party information.

cpe:/o:apple:mac_os_x:10.4.8 cpe:/o:apple:mac_os_x:10.4.6

CVE-2007-0197

2007-01-11T06:28:00.000-05:00

2011-03-07T21:48:59.797-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-11T12:45:00.000-05:00

ALLOWS_USER_ACCESS

CERT TA07-047A CERT-VN VU#240880 XF macos-finder-dos(31410) VUPEN ADV-2007-0140 SECTRACK 1017662 BID 21980 BUGTRAQ 20070111 DMA[2007-0107a] OmniWeb Javascript Alert Format String Vulnerabiity and DMA[2007-0109a] Apple Finder Disk Image Volume Label Overflow / DoS OSVDB 32714 MISC http://www.digitalmunition.com/DMA%5B2007-0109a%5D.txt SECUNIA 24198 MISC http://projects.info-pull.com/moab/MOAB-09-01-2007.html APPLE APPLE-SA-2007-02-15 CONFIRM http://docs.info.apple.com/article.html?artnum=305102 Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption.

cpe:/a:cisco:unified_contact_center_hosted:7.1 cpe:/a:cisco:ip_contact_center_hosted:5.0 cpe:/a:cisco:ip_contact_center_hosted:7.1 cpe:/a:cisco:unified_contact_center_enterprise:5.0 cpe:/a:cisco:unified_contact_center_enterprise:7.1 cpe:/a:cisco:ip_contact_center_enterprise:7.1 cpe:/a:cisco:ip_contact_center_enterprise:5.0 cpe:/a:cisco:unified_contact_center_hosted:5.0

CVE-2007-0198

2007-01-11T06:28:00.000-05:00

2011-03-07T21:48:59.893-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-11T13:22:00.000-05:00

CISCO 20070110 Cisco Unified Contact Center and IP Contact Center JTapi Gateway Vulnerability VUPEN ADV-2007-0138 BID 21988 OSVDB 32682 SECTRACK 1017499 SECUNIA 23710 The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote attackers to cause a denial of service (repeated process restart) via a certain TCP session on the JTapi server port.

cpe:/o:cisco:ios:12.4 cpe:/o:cisco:ios:11.0

CVE-2007-0199

2007-01-11T06:28:00.000-05:00

2011-03-07T21:48:59.987-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-11T13:28:00.000-05:00

CISCO 20070110 DLSw Vulnerability VUPEN ADV-2007-0139 OSVDB 32683 BID 21990 SECTRACK 1017498 SECUNIA 23697 The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange."

cpe:/a:geoffrey_golliher:axiom_photo_news_gallery:0.8.6

CVE-2007-0200

2007-01-11T06:28:00.000-05:00

2011-03-07T21:49:00.047-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-11T13:32:00.000-05:00

ALLOWS_OTHER_ACCESS

VUPEN ADV-2007-0107 VIM 20070110 source verify - Axiom RFI OSVDB 32716 XF axiom-template-file-include(31372) BID 21972 SECUNIA 23715 MILW0RM 3108 PHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Gallery (axiompng) 0.8.6 allows remote attackers to execute arbitrary PHP code via a URL in the baseAxiomPath parameter.

cpe:/a:tis:internet_firewall_toolkit:2.1

CVE-2007-0201

2007-01-11T06:28:00.000-05:00

2008-11-15T01:39:17.017-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-01-11T13:36:00.000-05:00

ALLOWS_ADMIN_ACCESS

XF tisfwtk-ftpgw-bo(31363) BID 21960 MISC http://www.ranum.com/security/computer_security/editorials/codetools/ SECTRACK 1017481 OSVDB 35967 Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows remote attackers to execute arbitrary code via a long destination hostname (dest).

cpe:/a:alexphpteam:alex_guestbook:4.0.1 cpe:/a:alexphpteam:alex_guestbook:3.13 cpe:/a:alexphpteam:alex_guestbook:4.0.2 cpe:/a:alexphpteam:alex_guestbook:3.12

CVE-2007-0202

2007-01-11T06:28:00.000-05:00

2011-03-07T21:49:00.283-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-11T13:37:00.000-05:00

ALLOWS_OTHER_ACCESS

XF @lexguestbook-index-sql-injection(31393) VUPEN ADV-2007-0137 BID 21926 BUGTRAQ 20070107 @lex Guestbook <= 4.0.2 Remote Command Execution Exploit SECUNIA 23637 OSVDB 31707 MISC http://acid-root.new.fr/poc/20070107.txt SREASON 2135 MILW0RM 3103 SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lang parameter.

cpe:/a:phpmyadmin:phpmyadmin:2.9.1.1

CVE-2007-0203

2007-01-11T06:28:00.000-05:00

2011-03-07T21:49:00.393-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-01-11T13:40:00.000-05:00

CONFIRM http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0 SECUNIA 23702 VUPEN ADV-2007-0125 OSVDB 32666 BID 21987 MANDRIVA MDKSA-2007:199 Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.

cpe:/a:phpmyadmin:phpmyadmin:2.9.1.1

CVE-2007-0204

2007-01-11T06:28:00.000-05:00

2011-03-07T21:49:00.470-05:00

6.8

NETWORK

MEDIUM

NONE

PARTIAL

http://nvd.nist.gov

2007-01-11T13:42:00.000-05:00

ALLOWS_OTHER_ACCESS

SECUNIA 23702 VUPEN ADV-2007-0125 MISC http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0 OSVDB 32667 XF phpmyadmin-unspecified-xss(31387) BID 21987 MANDRIVA MDKSA-2007:199 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.

cpe:/a:alexphpteam:alex_guestbook:4.0.1 cpe:/a:alexphpteam:alex_guestbook:3.13 cpe:/a:alexphpteam:alex_guestbook:4.0.2 cpe:/a:alexphpteam:alex_guestbook:3.12

CVE-2007-0205

2007-01-11T17:28:00.000-05:00

2011-03-07T21:49:00.563-05:00

7.5

NETWORK

LOW

NONE

PARTIAL

http://nvd.nist.gov

2007-01-12T09:32:00.000-05:00

ALLOWS_OTHER_ACCESS

XF @lexguestbook-livreinclude-file-include(31397) BID 21926 BUGTRAQ 20070107 @lex Guestbook <= 4.0.2 Remote Command Execution Exploit SREASON 2135 OSVDB 31709 OSVDB 31708 MILW0RM 3103 MISC http://acid-root.new.fr/poc/20070107.txt Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the lang directory, then referencing that file via the lang parameter to index.php, which passes a sanity check in livre_include.php.

cpe:/a:hp:openview_network_node_manager:6.2::hp_ux_10.x cpe:/a:hp:openview_network_node_manager:6.41::solaris cpe:/a:hp:openview_network_node_manager:6.2 cpe:/a:hp:openview_network_node_manager:7.50::linux cpe:/a:hp:openview_network_node_manager:6.2::hp_ux_11.x cpe:/a:hp:openview_network_node_manager:7.0.1 cpe:/a:hp:openview_network_node_manager:6.4 cpe:/a:hp:openview_network_node_manager:7.0.1::windows_2000_xp cpe:/a:hp:openview_network_node_manager:7.0.1::solaris cpe:/a:hp:openview_network_node_manager:7.50 cpe:/a:hp:openview_network_node_manager:6.4::hp_ux_11.x cpe:/a:hp:openview_network_node_manager:7.50::windows_2000_xp cpe:/a:hp:openview_network_node_manager:6.4::nt_4.x_windows_2000 cpe:/a:hp:openview_network_node_manager:7.50::solaris cpe:/a:hp:openview_network_node_manager:6.2::solaris cpe:/a:hp:openview_network_node_manager:7.0.1::hp_ux_11.x cpe:/a:hp:openview_network_node_manager:7.0.1::linux cpe:/a:hp:openview_network_node_manager:6.4::solaris cpe:/a:hp:openview_network_node_manager:7.50::hp_ux_11.x cpe:/a:hp:openview_network_node_manager:6.41 cpe:/a:hp:openview_network_node_manager:6.2::nt_4.x_windows_2000

CVE-2007-0206

2007-01-11T20:28:00.000-05:00

2011-03-07T21:49:00.643-05:00

5.0

NETWORK

LOW

NONE

PARTIAL

NONE

http://nvd.nist.gov

2007-01-12T09:48:00.000-05:00

VUPEN ADV-2007-0153 BID 22009 HP SSRT061174 HP HPSBMA02175 OSVDB 32729 SECTRACK 1017503 SREASON 2140 Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to read arbitrary files via unknown vectors.

cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:word:2003 cpe:/a:microsoft:word_viewer:2003 cpe:/a:microsoft:works:2005 cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:word:2002 cpe:/a:microsoft:works:2004 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:works:2006 cpe:/a:microsoft:word:2000

CVE-2007-0208

2007-02-13T16:28:00.000-05:00

2011-03-07T00:00:00.000-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-02-14T11:46:00.000-05:00

ALLOWS_ADMIN_ACCESS

CERT TA07-044A MS MS07-014 VUPEN ADV-2007-0583 SECTRACK 1017639 BID 22477 OSVDB 34385 Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.

cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:works:2005 cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:works:2004 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:works:2006

CVE-2007-0209

2007-02-13T16:28:00.000-05:00

2011-03-07T00:00:00.000-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-02-14T12:40:00.000-05:00

ALLOWS_ADMIN_ACCESS

CERT TA07-044A VUPEN ADV-2007-0583 SECTRACK 1017639 BID 22482 MS MS07-014 OSVDB 34386 Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.

cpe:/o:microsoft:windows_xp::sp2:tablet_pc

CVE-2007-0210

2007-02-13T15:28:00.000-05:00

2011-03-07T21:49:00.923-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-02-13T20:39:00.000-05:00

ALLOWS_ADMIN_ACCESS

CERT TA07-044A MS MS07-007 VUPEN ADV-2007-0576 SECTRACK 1017634 BID 22499 OSVDB 31889 SECUNIA 24132 The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow.

cpe:/o:microsoft:windows_xp::sp2:tablet_pc cpe:/o:microsoft:windows_2003_server:sp1 cpe:/o:microsoft:windows_xp::gold:professional

CVE-2007-0211

2007-02-13T15:28:00.000-05:00

2011-03-07T21:49:01.033-05:00

7.2

LOCAL

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-02-13T21:47:00.000-05:00

ALLOWS_ADMIN_ACCESS

CERT TA07-044A CERT-VN VU#240796 MS MS07-006 VUPEN ADV-2007-0575 SECTRACK 1017633 BID 22481 OSVDB 31890 SECUNIA 24126 The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."

cpe:/a:microsoft:exchange_server:2000:sp3 cpe:/a:microsoft:exchange_server:2003:sp2 cpe:/a:microsoft:exchange_server:2007 cpe:/a:microsoft:exchange_server:2003:sp1

CVE-2007-0213

2007-05-08T19:19:00.000-04:00

2011-03-07T21:49:01.127-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-05-09T11:25:00.000-04:00

ALLOWS_ADMIN_ACCESS

CERT TA07-128A CERT-VN VU#343145 MS MS07-026 VUPEN ADV-2007-1711 HP SSRT071422 XF exchange-mime-base64-code-execution(33889) SECTRACK 1018015 BID 23809 HP HPSBST02214 OSVDB 34391 SECUNIA 25183 Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.

cpe:/o:microsoft:windows_2003_server:itanium cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_2003_server:sp1::itanium cpe:/o:microsoft:windows_2003_server:sp1 cpe:/o:microsoft:windows_2003_server:64-bit cpe:/o:microsoft:windows_xp:::64-bit cpe:/o:microsoft:windows_2003_server cpe:/o:microsoft:windows_xp::sp2

CVE-2007-0214

2007-02-13T15:28:00.000-05:00

2011-03-07T21:49:01.220-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-02-13T21:50:00.000-05:00

ALLOWS_ADMIN_ACCESS

CERT-VN VU#563756 CERT TA07-044A MS MS07-008 VUPEN ADV-2007-0577 SECTRACK 1017635 BID 22478 OSVDB 31884 SECUNIA 24136 The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.

cpe:/a:microsoft:office:2007 cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:excel:2003 cpe:/a:microsoft:excel:2002 cpe:/a:microsoft:excel:2000 cpe:/a:microsoft:excel:2007 cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:excel_viewer:2003 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2004::mac

CVE-2007-0215

2007-05-08T18:19:00.000-04:00

2011-03-07T21:49:01.313-05:00

7.6

NETWORK

HIGH

NONE

COMPLETE

http://nvd.nist.gov

2007-05-09T10:35:00.000-04:00

ALLOWS_ADMIN_ACCESS

CERT TA07-128A MISC http://www.zerodayinitiative.com/advisories/ZDI-07-026.html MS MS07-023 VUPEN ADV-2007-1708 HP SSRT071422 XF excel-biff-file-bo(33913) SECTRACK 1018012 BID 23760 HP SSRT071422 BUGTRAQ 20070508 ZDI-07-026: Microsoft Excel BIFF File Format Named Graph Record Parsing Stack Overflow Vulnerability OSVDB 34393 SECUNIA 25150 Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.

cpe:/a:microsoft:works:8.0 cpe:/a:microsoft:works:2005 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2003:sp3

CVE-2007-0216

2008-02-12T18:00:00.000-05:00

2011-03-07T00:00:00.000-05:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2008-02-13T10:41:00.000-05:00

ALLOWS_ADMIN_ACCESS

CERT TA08-043C MS MS08-011 VUPEN ADV-2008-0513 SECTRACK 1019386 BID 27657 SECUNIA 28904 HP SSRT080016 HP HPSBST02314 IDEFENSE 20080208 Microsoft Office Works Converter Heap Overflow Vulnerability wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."

cpe:/a:microsoft:ie:6.0:sp1 cpe:/a:microsoft:ie:5.01:sp4 cpe:/a:microsoft:ie:6.0

CVE-2007-0217

2007-02-13T17:28:00.000-05:00

2011-03-07T21:49:01.517-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-02-14T13:14:00.000-05:00

ALLOWS_ADMIN_ACCESS

CERT-VN VU#613564 CERT TA07-044A MS MS07-016 VUPEN ADV-2007-0584 SECTRACK 1017642 BID 22489 OSVDB 31892 SECUNIA 24156 IDEFENSE 20070213 Microsoft 'wininet.dll' FTP Reply Null Termination Heap Corruption Vulnerability BUGTRAQ 20070309 MS07-016 FTP Response DOS PoC The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.

cpe:/a:microsoft:ie:6 cpe:/a:microsoft:ie:6:sp1 cpe:/a:microsoft:ie:7.0 cpe:/a:microsoft:ie:5.01:sp4

CVE-2007-0218

2007-06-12T15:30:00.000-04:00

2012-10-30T22:27:22.263-04:00

9.3

NETWORK

MEDIUM

NONE

COMPLETE

http://nvd.nist.gov

2007-06-13T11:33:00.000-04:00

ALLOWS_ADMIN_ACCESS

CERT TA07-163A MS MS07-033 XF webbrowser-object-code-execution(32106) VUPEN ADV-2007-2153 BID 24372 HP HPSBST02231 HP HPSBST02231 SECTRACK 1018235 SECUNIA 25627 OSVDB 35348 IDEFENSE 20070612 Microsoft License Manager and urlmon.dll COM Object Interaction Invalid Memory Access Vulnerability Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function.

cpe:/a:microsoft:ie:6.0:sp1 cpe:/a:microsoft:ie:7.0 cpe:/a:microsoft:ie:5.01:sp4 cpe:/a:microsoft:ie:6.0

CVE-2007-0219

2007-02-13T18:28:00.000-05:00

2011-03-07T21:49:01.703-05:00

10.0

NETWORK

LOW

NONE

COMPLETE

http://nvd.nist.gov

2007-02-14T13:15:00.000-05:00

ALLOWS_ADMIN_ACCESS

CERT-VN VU#771788 CERT TA07-044A MS MS07-016 XF ie-com-activex-code-execution(32427) VUPEN ADV-2007-0584 SECTRACK 1017643 BID 22504 OSVDB 31895 OSVDB 31894 OSVDB 31893 SECUNIA 24156 Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a diffe