CVE number Score Severity Description Loss Type
CVE-2007-0234 ** REJECT ** DO NOT USE THIS
CANDIDATE NUMBER. ConsultIDs: CVE-2007-
0243. Reason: This candidate is a duplicate of
CVE-2007-0243. Notes: All CVE users should
reference CVE-2007-0243 instead of this
candidate. All references and descriptions in
this candidate have been removed to prevent
0 Low accidental usage. AVAIL
CVE-2007-0253 ** DISPUTED ** Unspecified vulnerability in the
grsecurity patch has unspecified impact and
remote attack vectors, a different vulnerability
than the expand_stack vulnerability from the
Digital Armaments 20070110 pre-advisory.
NOTE: the grsecurity developer has disputed
this issue, stating that "the function they claim
the vulnerability to be in is a trivial function,
which can, and has been, easily checked for
any supposed vulnerabilities." The developer
also cites a past disclosure that was not proven.
7 High AVAIL
CVE-2007-0279 Multiple unspecified vulnerabilities in Oracle
HTTP Server 9.2.0.8 and Oracle E-Business
Suite and Applications 11.5.10CU2 have
unknown impact and attack vectors, aka (1)
OHS01, (2) OHS02, (3) OHS05, (4) OHS06,
7 High and (5) OHS07. AVAIL
CVE-2007-0292 Multiple unspecified vulnerabilities in Oracle
Enterprise Manager 10.1.0.5 have unknown
impact and attack vectors related to Oracle
Agent, aka (1) EM01 and (2) EM02. NOTE:
7 High EM05 might be related to CVE-2007-0222. AVAIL
CVE-2007-0295 Unspecified vulnerability in Oracle PeopleSoft
Enterprise and JD Edwards EnterpriseOne
8.22.13 and 8.47.11 has unknown impact and
attack vectors in PeopleTools, aka PSE01.
3.3 Low AVAIL
CVE-2007-0525 Multiple buffer overflows in Nickolas Grigoriadis
Mini Web server (MiniWebsvr) before 0.05 have
unknown impact and attack vectors.
7 High AVAIL
CVE-2007-0621 ** REJECT ** DO NOT USE THIS
CANDIDATE NUMBER. ConsultIDs: CVE-2006-
6456. Reason: This candidate is a duplicate of
CVE-2006-6456. It was assigned for a targeted
zero-day attack, but further analysis revealed it
was for an older issue. Notes: All CVE users
should reference CVE-2006-6456 instead of this
candidate. All references and descriptions in
this candidate have been removed to prevent
accidental usage.
0 Low AVAIL
CVE-2007-0818 ** REJECT ** DO NOT USE THIS
CANDIDATE NUMBER. ConsultIDs: CVE-2007-
0396. Reason: This candidate is a duplicate of
CVE-2007-0396. Notes: All CVE users should
reference CVE-2007-0396 instead of this
candidate. All references and descriptions in
this candidate have been removed to prevent
0 Low accidental usage. AVAIL
CVE-2007-0974 Multiple unspecified vulnerabilities in Ian
Bezanson DropBox before 0.0.4 beta have
unknown impact and attack vectors, possibly
7 High related to a variable extraction vulnerability. AVAIL
CVE-2007-1886 Integer overflow in the str_replace function in
PHP 4.4.5 and PHP 5.2.1 allows context-
dependent attackers to have an unknown
impact via a single character search string in
conjunction with a single character replacement
string, which causes an "off by one overflow."
5.6 Medium AVAIL
CVE-2007-2051 Buffer overflow in the parsecmd function in
bftpd before 1.8 has unknown impact and attack
2.3 Low vectors related to the confstr variable. AVAIL
CVE-2007-2436 ** REJECT ** DO NOT USE THIS
CANDIDATE NUMBER. ConsultIDs: CVE-2007-
1861. Reason: This candidate is a duplicate of
CVE-2007-1861. Notes: All CVE users should
reference CVE-2007-1861 instead of this
candidate. All references and descriptions in
this candidate have been removed to prevent
0 Low accidental usage. AVAIL
CVE-2007-2593 The Terminal Server in Microsoft Windows
2003 Server, when using TLS, allows remote
attackers to bypass SSL and self-signed
certificate requirements, downgrade the server
security, and possibly conduct man-in-the-
middle attacks via unspecified vectors, as
demonstrated using the Remote Desktop
Protocol (RDP) 6.0 client. NOTE: a third party
claims that the vendor may have fixed this in
7 High approximately 2006. AVAIL
CVE-2007-0054 Cross-site scripting (XSS) vulnerability in
gbrowse.php in Belchior Foundry vCard PRO
allows remote attackers to inject arbitrary web
7 High script or HTML via the sortby parameter. AVAIL
CVE-2007-0056 Multiple cross-site scripting (XSS)
vulnerabilities in AShop Deluxe 4.5 and AShop
Administration Panel allow remote attackers to
inject arbitrary web script or HTML via the (1)
cat parameter to (a) ashop/catalogue.php and
(b) ashop/basket.php, the (2) exp parameter to
ashop/catalogue.php, the (3) searchstring
parameter to (c) ashop/search.php, the (4)
checkout and (5) action parameters to (d)
ashop/shipping.php, the cat parameter to (f)
cart-path/admin/editcatalogue.php, and the (7)
resultpage parameter to (g) cart-
path/admin/salesadmin.php.
7 High AVAIL
CVE-2007-0083 Cross-site scripting (XSS) vulnerability in
Nuked Klan 1.7 and earlier allows remote
attackers to inject arbitrary web script or HTML
via a javascript: URI in a getURL statement in a
.swf file, as demonstrated by "Remote Cookie
Disclosure." NOTE: it could be argued that this
is an issue in Shockwave instead of Nuked
5.6 Medium Klan. AVAIL
CVE-2007-0106 Cross-site scripting (XSS) vulnerability in the
CSRF protection scheme in WordPress before
2.0.6 allows remote attackers to inject arbitrary
web script or HTML via a CSRF attack with an
invalid token and quote characters or HTML
tags in URL variable names, which are not
properly handled when WordPress generates a
new link to verify the request.
5.6 Medium AVAIL
CVE-2007-0110 Cross-site scripting (XSS) vulnerability in
nidp/idff/sso in Novell Access Manager Identity
Server before 3.0.0-1013 allows remote
attackers to inject arbitrary web script or HTML
via the IssueInstant parameter, which is not
properly handled in the resulting error message.
7 High AVAIL
CVE-2007-0119 Multiple cross-site scripting (XSS)
vulnerabilities in EditTag 1.2 allow remote
attackers to inject arbitrary web script or HTML
via the plain parameter to (1) mkpw_mp.cgi, (2)
7 High mkpw.pl, or (3) mkpw.cgi. AVAIL
CVE-2007-0121 Cross-site scripting (XSS) vulnerability in
search.asp in RI Blog 1.3 allows remote
attackers to inject arbitrary web script or HTML
7 High via the q parameter. AVAIL
CVE-2007-0136 Multiple cross-site scripting (XSS)
vulnerabilities in Drupal before 4.6.11, and 4.7
before 4.7.5, allow remote attackers to inject
arbitrary web script or HTML via unspecified
parameters in the (1) filter and (2) system
modules. NOTE: some of these details are
obtained from third party information.
5.6 Medium AVAIL
CVE-2007-0137 Cross-site scripting (XSS) vulnerability in
SimpleBoxes/SerendipityNZ Serene Bach
2.05R and earlier, and 2.08D and earlier in the
2.08 series; and (2) sb 1.13D and earlier, and
1.18R and earlier in the 1.18 series; allows
remote attackers to inject arbitrary web script or
5.6 Medium HTML via unspecified vectors. AVAIL
CVE-2007-0141 Cross-site scripting (XSS) vulnerability in
yald.php in Yet Another Link Directory 1.0
allows remote attackers to inject arbitrary web
script or HTML via the search parameter.
5.6 Medium AVAIL
CVE-2007-0144 Cross-site scripting (XSS) vulnerability in
search.asp in Digitizing Quote And Ordering
System 1.0 allows remote authenticated
attackers to inject arbitrary web script or HTML
7 High via the ordernum parameter. AVAIL
CVE-2007-0146 Multiple cross-site scripting (XSS)
vulnerabilities in Fix and Chips CMS 1.0 allow
remote attackers to inject arbitrary web script or
HTML via the (1) id parameter in (a) delete-
announce.php; the (2) Announcement form field
in (b) staff.php; the (3) Client Name, (4)
Business Name, (5) Street, (6) Address 2, (7)
Town/City, (8) Postcode, (9) Phone Number,
(10) Email Address and (11) Website Address
form fields in (c) new_customer.php; and
unspecified fields in (d) search.php and (e)
3.4 Low client-results.php. AVAIL
CVE-2007-0175 Cross-site scripting (XSS) vulnerability in
htsrv/login.php in b2evolution 1.8.6 allows
remote attackers to inject arbitrary web script or
HTML via scriptable attributes in the redirect_to
parameter. NOTE: The provenance of this
information is unknown; the details are obtained
solely from third party information.
7 High AVAIL
CVE-2007-0176 Cross-site scripting (XSS) vulnerability in
search/advanced_search.php in GForge 4.5.11
allows remote attackers to inject arbitrary web
script or HTML via the words parameter.
7 High AVAIL
CVE-2007-0177 Cross-site scripting (XSS) vulnerability in the
AJAX module in MediaWiki before 1.6.9, 1.7
before 1.7.2, 1.8 before 1.8.3, and 1.9 before
1.9.0rc2, when wgUseAjax is enabled, allows
remote attackers to inject arbitrary web script or
5.6 Medium HTML via unspecified vectors. AVAIL
CVE-2007-0183 Cross-site scripting (XSS) vulnerability in
/search in iPlanet Web Server 4.x allows remote
attackers to inject arbitrary web script or HTML
via the NS-max-records parameter. NOTE: The
provenance of this information is unknown; the
details are obtained solely from third party
5.6 Medium information. AVAIL
CVE-2007-0186 Multiple cross-site scripting (XSS)
vulnerabilities in F5 FirePass SSL VPN allow
remote attackers to inject arbitrary web script or
HTML via (1) the xcho parameter to
my.logon.php3; the (2) topblue, (3) midblue, (4)
wtopblue, and certain other Custom color
parameters in a per action to
vdesk/admincon/index.php; the (5) h321, (6)
h311, (7) h312, and certain other Front Door
custom text color parameters in a per action to
vdesk/admincon/index.php; the (8) ua
parameter in a bro action to
vdesk/admincon/index.php; the (9) app_param
and (10) app_name parameters to
webyfiers.php; (11) double eval functions; (12)
JavaScript contained in an
element; and (13) the
vhost parameter to my.activation.php. NOTE: it
is possible that this candidate overlaps CVE-
7 High 2006-3550. AVAIL
CVE-2007-0191 Cross-site scripting (XSS) vulnerability in
admin.php in MKPortal allows remote attackers
to inject arbitrary web script or HTML via two
certain fields in a contents_new operation in the
ad_contents section.
7 High AVAIL
CVE-2007-0204 Multiple cross-site scripting (XSS)
vulnerabilities in phpMyAdmin before 2.9.2-rc1
allow remote attackers to inject arbitrary web
script or HTML via unspecified vectors. NOTE:
some of these details are obtained from third
7 High party information, AVAIL
CVE-2007-0225 Cross-site scripting (XSS) vulnerability in
shopcustadmin.asp in VP-ASP Shopping Cart
6.09 and earlier allows remote attackers to
inject arbitrary web script or HTML via the msg
7 High parameter. AVAIL
CVE-2007-0231 Cross-site scripting (XSS) vulnerability in
Movable Type (MT) 3.33, when nofollow is
disabled and unmoderated comments are
enabled, allows remote attackers to inject
arbitrary web script or HTML via the Comments
5.6 Medium field. AVAIL
CVE-2007-0249 Cross-site scripting (XSS) vulnerability in
index.php in Nwom topsites 3.0 allows remote
attackers to inject arbitrary web script or HTML
7 High via the o parameter. AVAIL
CVE-2007-0258 Cross-site scripting (XSS) vulnerability in
index.php in (1) Fastilo 2.0 and (2) Open
Solution Quick.Cart 2.0 allows remote attackers
to inject arbitrary web script or HTML via the p
parameter. NOTE: some of these details are
obtained from third party information.
7 High AVAIL
CVE-2007-0265 Multiple cross-site scripting (XSS)
vulnerabilities in Ezboxx Portal System Beta
0.7.6 and earlier allow remote attackers to inject
arbitrary web script or HTML via (1) the pic
parameter to custom/piczoom.asp, (2) the
nocatname parameter to boxx/user-upload.asp,
or (3) the iid parameter to
5.6 Medium indexes/newscomments.asp. AVAIL
CVE-2007-0275 Cross-site scripting (XSS) vulnerability in
Oracle Reports Web Cartridge (RWCGI60) in
the Workflow Cartridge component, as used in
Oracle Database 9.2.0.8, 10.1.0.5, and
10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2,
and 10.1.2.2; Collaboration Suite 10.1.2; and
Oracle E-Business Suite and Applications
11.5.10CU2; allows remote authenticated users
to inject arbitrary HTML or web script via the
genuser parameter to rwcgi60, aka OWF01.
2.8 Low AVAIL
CVE-2007-0302 Multiple cross-site scripting (XSS)
vulnerabilities in InstantASP 4.1.0 allow remote
attackers to inject arbitrary web script or HTML
via the (1) SessionID parameter to (a)
Logon.aspx, and the (2) Username and (3)
Update parameters to (b) Members1.aspx.
5.6 Medium AVAIL
CVE-2007-0308 Cross-site scripting (XSS) vulnerability in Plain
Black WebGUI before 7.3.4 (beta) allows
remote attackers to inject arbitrary web script or
7 High HTML via Wiki Page titles. AVAIL
CVE-2007-0331 Cross-site scripting (XSS) vulnerability in
liens.php3 in liens_dynamiques 2.1 allows
remote attackers to inject arbitrary web script or
HTML by using the ajouter=1 query string and
7 High the add menu. AVAIL
CVE-2007-0341 Cross-site scripting (XSS) vulnerability in
phpMyAdmin 2.8.1 and earlier, when Microsoft
Internet Explorer 6 is used, allows remote
attackers to inject arbitrary web script or HTML
via a javascript: URI in a CSS style in the
convcharset parameter to the top-level URI, a
different vulnerability than CVE-2005-0992.
5.6 Medium AVAIL
CVE-2007-0353 Cross-site scripting (XSS) vulnerability in (1)
index.php and (2) login.php in myBloggie 2.1.5
allows remote attackers to inject arbitrary web
script or HTML via the PATH_INFO string.
7 High AVAIL
CVE-2007-0362 Cross-site scripting (XSS) vulnerability in the
RSS feed component in FreshReader before
1.0.07010600 allows remote attackers to inject
arbitrary web script or HTML via unspecified
vectors, possibly related to tag attributes.
7 High AVAIL
CVE-2007-0363 Cross-site scripting (XSS) vulnerability in admin-
search.php in (1) Openads for PostgreSQL (aka
phpPgAds) before 2.0.10 and (2) Openads (aka
phpAdsNew) before 2.0.10 allows remote
attackers to inject arbitrary web script or HTML
via unspecified parameters.
7 High AVAIL
CVE-2007-0364 Multiple cross-site scripting (XSS)
vulnerabilities in nicecoder.com INDEXU 5.3
and earlier allow remote attackers to inject
arbitrary web script or HTML via the (1)
error_msg parameter to (a)
suggest_category.php; the (2) u parameter to
(b) user_detail.php; the (3) friend_name, (4)
friend_email, (5) error_msg, (6) my_name, (7)
my_email, and (8) id parameters to (c)
tell_friend.php; the (9) error_msg, (10) email,
(11) name, and (12) subject parameters to (d)
sendmail.php; the (13) email, (14) error_msg,
and (15) username parameters to (e)
send_pwd.php; the (16) keyword parameter to
(f) search.php; the (17) error_msg, (18)
username, (19) password, (20) password2, and
(21) email parameters to (g) register.php; the
(22) url, (23) contact_name, and (24) email
parameters to (h) power_search.php; the (25)
path and (26) total parameters to (i) new.php;
the (27) query parameter to (j) modify.php; the
(28) error_msg parameter to (k) login.php; the
(29) error_msg and (30) email parameters to (l)
mailing_list.php; the (31) gateway parameter to
(m) upgrade.php; and another unspecified
7 High vector. AVAIL
CVE-2007-0365 Multiple cross-site scripting (XSS)
vulnerabilities in All In One Control Panel
(AIOCP) 1.3.009 and earlier allow remote
attackers to inject arbitrary web script or HTML
via unspecified vectors. NOTE: this is probably
a different vulnerability than CVE-2006-5830.
7 High AVAIL
CVE-2007-0376 Cross-site scripting (XSS) vulnerability in
Virtuemart 1.0.7 allows remote attackers to
inject arbitrary web script or HTML via
7 High unspecified vectors. AVAIL
CVE-2007-0379 Cross-site scripting (XSS) vulnerability in
DocMan 1.3 RC2 allows remote attackers to
inject arbitrary web script or HTML via
7 High unspecified vectors. AVAIL
CVE-2007-0384 Cross-site scripting (XSS) vulnerability in
preview in the reviews section in PostNuke
0.764 allows remote attackers to inject arbitrary
web script or HTML via unspecified vectors.
5.6 Medium AVAIL
CVE-2007-0390 Cross-site scripting (XSS) vulnerability in
index.php in sabros.us 1.7 allows remote
attackers to inject arbitrary web script or HTML
7 High via the tag parameter. AVAIL
CVE-2007-0398 Multiple cross-site scripting (XSS)
vulnerabilities in forum.php3 in Arnaud Guyonne
(aka Arnotic) a-forum allow remote attackers to
inject arbitrary web script or HTML via the (1)
7 High Sujet or (2) Pseudo field. AVAIL
CVE-2007-0399 Multiple cross-site scripting (XSS)
vulnerabilities in index.php in Simple Machines
Forum (SMF) 1.1 RC3 allow remote
authenticated users to inject arbitrary web script
or HTML via the (1) recipient or (2) BCC field
when selecting send in a pm action.
4.2 Medium AVAIL
CVE-2007-0400 Cross-site scripting (XSS) vulnerability in
admin/memberlist.php in Easebay Resources
Login Manager 3.0 allows remote attackers to
inject arbitrary web script or HTML via the
7 High keyword parameter. AVAIL
CVE-2007-0402 Cross-site scripting (XSS) vulnerability in
admin/edit_member.php in Easebay Resources
Paypal Subscription Manager allows remote
attackers to inject arbitrary web script or HTML
via the username parameter.
7 High AVAIL
CVE-2007-0407 Cross-site scripting (XSS) vulnerability in
Operation/User.pm in Plain Black WebGUI
before 7.3.5 (beta) allows remote attackers to
inject arbitrary web script or HTML via the
username parameter during anonymous
registration, a different vector than CVE-2007-
0308. NOTE: it is possible that a separate
7 High "WikiPage titles" issue was also fixed. AVAIL
CVE-2007-0477 Cross-site scripting (XSS) vulnerability in
Openads 2.0.x before 2.0.10, 2.3 before 2.3.31
(aka Max Media Manager before 0.3.31-alpha-
pr2), and phpAdsNew/phpPgAds before 2.0.9-
pr1 allows remote attackers to inject arbitrary
web script or HTML via (1) the keyword
parameter in admin-search.php and (2) affiliate-
search.php. NOTE: this issue may overlap CVE-
2007-0363.
7 High AVAIL
CVE-2007-0483 Multiple cross-site scripting (XSS)
vulnerabilities in Enthusiast 3.1 allow remote
attackers to inject arbitrary web script or HTML
via the URI for (1) show_owned.php or (2)
show_joined.php. NOTE: The provenance of
this information is unknown; the details are
obtained solely from third party information.
7 High AVAIL
CVE-2007-0514 Multiple cross-site scripting (XSS)
vulnerabilities in multiple Hitachi Web Server,
uCosminexus, and Cosminexus products
before 20070124 allow remote attackers to
inject arbitrary web script or HTML via (1) HTTP
7 High Expect headers or (2) image maps. AVAIL
CVE-2007-0526 Multiple cross-site scripting (XSS)
vulnerabilities in Bitweaver 1.3.1 allow remote
attackers to inject arbitrary web script or HTML
via the URL (PATH_INFO) to (1)
articles/edit.php, (2) articles/list.php, (3)
blogs/list_blogs.php, or (4) blogs/rankings.php.
2.3 Low AVAIL
CVE-2007-0537 The KDE HTML library (kdelibs), as used by
Konqueror 3.5.5, does not properly parse HTML
comments, which allows remote attackers to
conduct cross-site scripting (XSS) attacks and
bypass some XSS protection schemes by
embedding certain HTML tags within a
comment in a title tag, a related issue to CVE-
5.6 Medium 2007-0478. AVAIL
CVE-2007-0542 Cross-site scripting (XSS) vulnerability in
show.php in 212cafe Guestbook 4.00 beta
allows remote attackers to inject arbitrary web
7 High script or HTML via the user parameter. AVAIL
CVE-2007-0544 Cross-site scripting (XSS) vulnerability in
private.php in MyBB (aka MyBulletinBoard)
allows remote authenticated users to inject
arbitrary web script or HTML via the Subject
4.2 Medium field, a different vector than CVE-2006-2949. AVAIL
CVE-2007-0549 Cross-site scripting (XSS) vulnerability in
list3.php in 212cafeBoard 6.30 Beta allows
remote attackers to inject arbitrary web script or
7 High HTML via the user parameter. AVAIL
CVE-2007-0550 Cross-site scripting (XSS) vulnerability in
search.php in 212cafeBoard 0.08 Beta allows
remote attackers to inject arbitrary web script or
7 High HTML via keyword parameter. AVAIL
CVE-2007-0552 Cross-site scripting (XSS) vulnerability in
install/default/error404.html in Oh no! Not
another CMS (Onnac) 0.0.8.4 and earlier allows
remote attackers to inject arbitrary web script or
HTML via the error_url parameter.
7 High AVAIL
CVE-2007-0553 Multiple cross-site scripting (XSS)
vulnerabilities in index.inc.php in PHProxy
before 0.5 beta 2 allow remote attackers to
inject arbitrary web script or HTML via the (1)
data[realm] and (2) _url parameters, different
vectors than CVE-2004-2604. NOTE: some of
these details are obtained from third party
7 High information. AVAIL
CVE-2007-0565 CGI-Rescue Shopping Basket Professional
7.50 and earlier allows remote attackers to
inject arbitrary operating system commands via
7 High unspecified vectors. AVAIL
CVE-2007-0567 Cross-site scripting (XSS) vulnerability in
admin.php in Interactive-Scripts.Com PHP
Membership Manager 1.5 allows remote
attackers to inject arbitrary web script or HTML
7 High via the _p parameter. AVAIL
CVE-2007-0579 Unspecified vulnerability in the calendar
component in Horde Groupware Webmail
Edition before 1.0, and Groupware before 1.0,
allows remote attackers to include certain files
via unspecified vectors. NOTE: some of these
details are obtained from third party information.
5.6 Medium AVAIL
CVE-2007-0592 Cross-site scripting (XSS) vulnerability in
EzDatabase 2.1.3 allows remote attackers to
inject arbitrary web script or HTML via
unspecified vectors related to admin/login.php
and the Admin Panel Database.
5.6 Medium AVAIL
CVE-2007-0604 Cross-site scripting (XSS) vulnerability in
Movable Type (MT) before 3.34 allows remote
attackers to inject arbitrary web script or HTML
via unspecified vectors related to the
MTCommentPreviewIsStatic tag, which can
open the "comment entry screen," a different
vulnerability than CVE-2007-0231.
7 High AVAIL
CVE-2007-0610 Cross-site scripting (XSS) vulnerability in the
mailform feature in CMSimple 2.7 fix1 allows
remote attackers to inject arbitrary web script or
HTML via the sender parameter. NOTE: The
provenance of this information is unknown; the
details are obtained solely from third party
7 High information. AVAIL
CVE-2007-0611 Multiple cross-site scripting (XSS)
vulnerabilities in Free LAN In(tra|ter)net Portal
(FLIP) before 1.0-RC2 allow remote attackers to
inject arbitrary web script or HTML via
unspecified vectors in (1) inc.page.php and (2)
7 High inc.text.php. AVAIL
CVE-2007-0628 Multiple cross-site scripting (XSS)
vulnerabilities in Sun Java System Access
Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7
2005Q4 (7.0) before 20070129 allow remote
attackers to inject arbitrary web script or HTML
via the (1) goto or (2) gx-charset parameter.
NOTE: some of these details are obtained from
7 High third party information. AVAIL
CVE-2007-0649 Variable overwrite vulnerability in
interface/globals.php in OpenEMR 2.8.2 and
earlier allows remote attackers to overwrite
arbitrary program variables and conduct other
unauthorized activities, such as conduct (a)
remote file inclusion attacks via the srcdir
parameter in custom/import_xml.php or (b)
cross-site scripting (XSS) attacks via the rootdir
parameter in interface/login/login_frame.php,
via vectors associated with extract operations
on the (1) POST and (2) GET superglobal
arrays. NOTE: this issue was originally disputed
before the extract behavior was identified in
post-disclosure analysis. Also, the original
report identified "Open Conference Systems,"
but this was an error.
3.4 Low AVAIL
CVE-2007-0660 Cross-site scripting (XSS) vulnerability in the
IFrame module before 03.02.01 for DotNetNuke
(DNN) allows remote attackers to inject arbitrary
web script or HTML via unspecified vectors
related to "Pass through values."
7 High AVAIL
CVE-2007-0696 Cross-site scripting (XSS) vulnerability in error
messages in Free LAN In(tra|ter)net Portal
(FLIP) before 1.0-RC3 allows remote attackers
to inject arbitrary web script or HTML via
unspecified parameters, different vectors than
5.6 Medium CVE-2007-0611. AVAIL
CVE-2007-0763 Cross-site scripting (XSS) vulnerability in the
news comment functionality in F3Site 2.1 and
earlier allows remote attackers to inject arbitrary
web script or HTML via the Autor field.
7 High AVAIL
CVE-2007-0767 Cross-site scripting (XSS) vulnerability in the
core in Phorum before 5.1.18 allows remote
attackers to inject arbitrary web script or HTML
7 High via unspecified vectors. AVAIL
CVE-2007-0768 Multiple cross-site scripting (XSS)
vulnerabilities in the Contact Details functionality
in Yahoo! Messenger 8.1.0.209 and earlier
allow user-assisted remote attackers to inject
arbitrary web script or HTML via a javascript:
URI in the SRC attribute of an IMG element to
the (1) First Name, (2) Last Name, and (3)
Nickname fields. NOTE: some of these details
are obtained from third party information.
5.6 Medium AVAIL
CVE-2007-0769 ** DISPUTED ** Cross-site scripting (XSS)
vulnerability in register.php in Phorum 5.1.18
allows remote attackers to inject arbitrary web
script or HTML via unspecified vectors. NOTE:
the vendor disputes this vulnerability, stating
that "The characters are escaped properly."
7 High AVAIL
CVE-2007-0804 Directory traversal vulnerability in
admin/subpages.php in GGCMS 1.1.0 RC1 and
earlier allows remote attackers to inject arbitrary
PHP code into arbitrary files via ".." sequences
in the subpageName parameter, as
demonstrated by injecting PHP code into a
7 High template file. AVAIL
CVE-2007-0807 Cross-site scripting (XSS) vulnerability in
info.php in flashChat 4.7.8 allows remote
attackers to inject arbitrary web script or HTML
via a channel title (aka room name) that is not
properly handled by the "who's online" feature.
7 High AVAIL
CVE-2007-0834 Cross-site scripting (XSS) vulnerability in
FlashChat 4.7.8 allows remote attackers to
inject arbitrary web script or HTML via the user
name field when the user joins a chat room, a
different vulnerability than CVE-2007-0807.
NOTE: the provenance of this information is
unknown; the details are obtained solely from
7 High third party information. AVAIL
CVE-2007-0840 Cross-site scripting (XSS) vulnerability in
HLstats before 1.35 allows remote attackers to
inject arbitrary web script or HTML via
unspecified vectors in the search class. NOTE:
it is possible that this issue overlaps CVE-2006-
5.6 Medium 4543.3 or CVE-2006-4454. AVAIL
CVE-2007-0846 Cross-site scripting (XSS) vulnerability in
forum.php in Open Tibia Server CMS
(OTSCMS) 2.1.5 and earlier allows remote
attackers to inject arbitrary HTML or web script
5.6 Medium via the name parameter. AVAIL
CVE-2007-0852 Cross-site scripting (XSS) vulnerability in
DevTrack 6.x allows remote attackers to inject
arbitrary web script or HTML via the "Keyword
search" form field and unspecified other form
fields that populate a public saved query.
NOTE: the provenance of this information is
unknown; the details are obtained solely from
7 High third party information. AVAIL
CVE-2007-0871 Unrestricted file upload vulnerability in
eXtremePow eXtreme File Hosting allows
remote attackers to upload arbitrary PHP code
via a filename with a double extension such as
7 High (1) .rar.php or (2) .zip.php. AVAIL
CVE-2007-0873 nabopoll 1.1.2 allows remote attackers to
bypass authentication and access certain
administrative functionality via a direct request
for (1) config_edit.php, (2) template_edit.php, or
(3) survey_edit.php in admin/.
7 High AVAIL
CVE-2007-0874 Allons_voter 1.0 allows remote attackers to
bypass authentication and access certain
administrative functionality via a direct request
for (1) admin_ajouter.php or (2)
admin_supprimer.php. NOTE: this could be
leveraged to conduct cross-site scripting (XSS)
7 High attacks. AVAIL
CVE-2007-0885 Cross-site scripting (XSS) vulnerability in
jira/secure/BrowseProject.jspa in Rainbow with
the Zen (Rainbow.Zen) extension allows remote
attackers to inject arbitrary web script or HTML
7 High via the id parameter. AVAIL
CVE-2007-0896 Cross-site scripting (XSS) vulnerability in the
(1) Sage before 1.3.10, and (2) Sage++
extensions for Firefox, allows remote attackers
to inject arbitrary web script or HTML via a
"export
assertion failure in do_read; (2) a
PA_PSTREAM_DESCRIPTOR_LENGTH value
of 0 sent on TCP port 9875, which triggers a
length assertion failure in pa_memblock_new;
or (3) an empty packet on UDP port 9875,
which triggers a t assertion failure in
pa_sdp_parse; and allows remote authenticated
users to cause a denial of service (daemon
crash) via a crafted packet on TCP port 9875
that (4) triggers a maxlength assertion failure in
pa_memblockq_new, (5) triggers a size
assertion failure in pa_xmalloc, or (6) plays a
certain sound file.
3.3 Low AVAIL
CVE-2007-1826 Unspecified vulnerability in the IPSec Manager
Service for Cisco Unified CallManager (CUCM)
5.0 before 5.0(4a)SU1 and Cisco Unified
Presence Server (CUPS) 1.0 before 1.0(3)
allows remote attackers to cause a denial of
service (loss of cluster services) via a "specific
UDP packet" to UDP port 8500, aka bug ID
3.3 Low CSCsg60949. AVAIL
CVE-2007-1833 The Skinny Call Control Protocol (SCCP)
implementation in Cisco Unified CallManager
(CUCM) 3.3 before 3.3(5)SR2a, 4.1 before
4.1(3)SR4, 4.2 before 4.2(3)SR1, and 5.0
before 5.0(4a)SU1 allows remote attackers to
cause a denial of service (loss of voice
services) by sending crafted packets to the (1)
SCCP (2000/tcp) or (2) SCCPS (2443/tcp) port.
2.3 Low AVAIL
CVE-2007-1834 Cisco Unified CallManager (CUCM) 5.0 before
5.0(4a)SU1 and Cisco Unified Presence Server
(CUPS) 1.0 before 1.0(3) allow remote
attackers to cause a denial of service (loss of
voice services) via a flood of ICMP echo
requests, aka bug ID CSCsf12698.
3.3 Low AVAIL
CVE-2007-1841 The isakmp_info_recv function in
src/racoon/isakmp_inf.c in racoon in Ipsec-tools
before 0.6.7 allows remote attackers to cause a
denial of service (tunnel crash) via crafted (1)
DELETE (ISAKMP_NPTYPE_D) and (2)
NOTIFY (ISAKMP_NPTYPE_N) messages.
2.3 Low AVAIL
CVE-2007-1856 Vixie Cron before 4.1-r10 on Gentoo Linux is
installed with insecure permissions, which
allows local users to cause a denial of service
(cron failure) by creating hard links, which
results in a failed st_nlink check in database.c.
1.6 Low AVAIL
CVE-2007-1861 The nl_fib_lookup function in
net/ipv4/fib_frontend.c in Linux Kernel before
2.6.20.8 allows attackers to cause a denial of
service (kernel panic) via
NETLINK_FIB_LOOKUP replies, which trigger
3.3 Low infinite recursion and a stack overflow. AVAIL
CVE-2007-1869 lighttpd 1.4.12 and 1.4.13 allows remote
attackers to cause a denial of service (cpu and
resource consumption) by disconnecting while
lighttpd is parsing CRLF sequences, which
triggers an infinite loop and file descriptor
2.3 Low consumption. AVAIL
CVE-2007-1870 lighttpd before 1.4.14 allows attackers to cause
a denial of service (crash) via a request to a file
whose mtime is 0, which results in a NULL
3.3 Low pointer dereference. AVAIL
CVE-2007-1877 VMware Workstation before 5.5.4 allows
attackers to cause a denial of service against
the guest OS by causing the virtual machine
process (VMX) to store malformed configuration
3.3 Low information. AVAIL
CVE-2007-1911 Multiple unspecified vulnerabilities in Microsoft
Word 2007 allow remote attackers to cause a
denial of service (CPU consumption) via crafted
documents, as demonstrated by (1) file798-
1.doc and (2) file613-1.doc, possibly related to a
buffer overflow.
2.7 Low AVAIL
CVE-2007-1918 The RFC_SET_REG_SERVER_PROPERTY
function in the SAP RFC Library 6.40 and 7.00
before 20070109 implements an option for
exclusive access to an RFC server, which
allows remote attackers to cause a denial of
service (client lockout) via unspecified vectors.
NOTE: This information is based upon a vague
initial disclosure. Details will be updated after
the grace period has ended.
2.3 Low AVAIL
CVE-2007-1944 The Java Message Service (JMS) in IBM
WebSphere Application Server (WAS) before
6.1.0.7 allows attackers to cause a denial of
service via unknown vectors involving the
"double release [of] a bytebuffer input stream,"
2.3 Low possibly a double-free vulnerability. AVAIL
CVE-2007-1958 Buffer overflow in TinyMUX before 2.4 allows
attackers to cause a denial of service via
unspecified vectors related to "too many
substring matches in a regexp $-command."
NOTE: some of these details are obtained from
2.3 Low third party information. AVAIL
CVE-2007-1981 The safevoid_vsnprintf function in Metamod-P
1.19p29 and earlier on Windows allows remote
attackers to cause a denial of service (daemon
crash) via a long meta list command.
3.3 Low AVAIL
CVE-2007-1994 Unspecified vulnerability in the Address and
Routing Parameter Area (ARPA) transport
functionality in HP-UX B.11.00 allows local
users to cause a denial of service via unknown
vectors. NOTE: due to lack of vendor details, it
is not clear whether this is the same as CVE-
2.3 Low 2007-0916. AVAIL
CVE-2007-1995 bgpd/bgp_attr.c in Quagga 0.98.6 and earlier,
and 0.99.6 and earlier 0.99 versions, does not
validate length values in the MP_REACH_NLRI
and MP_UNREACH_NLRI attributes, which
allows remote attackers to cause a denial of
service (daemon crash or exit) via crafted
UPDATE messages that trigger an assertion
error or out of bounds read.
2.7 Low AVAIL
CVE-2007-2010 Double-free vulnerability in bftpd before 1.8
allows remote authenticated users to cause a
denial of service (daemon crash) via a (1) get or
2 Low (2) mget command. AVAIL
CVE-2007-2026 The gnu regular expression code in file 4.20
allows context-dependent attackers to cause a
denial of service (CPU consumption) via a
crafted document with a large number of line
feed characters, which is not well handled by
OS/2 REXX regular expressions that use
3.3 Low wildcards, as originally reported for AMaViS. AVAIL
CVE-2007-2028 Memory leak in freeRADIUS 1.1.5 and earlier
allows remote attackers to cause a denial of
service (memory consumption) via a large
number of EAP-TTLS tunnel connections using
malformed Diameter format attributes, which
causes the authentication request to be rejected
but does not reclaim VALUE_PAIR data
structures.
2.3 Low AVAIL
CVE-2007-2029 File descriptor leak in the PDF handler in Clam
AntiVirus (ClamAV) allows remote attackers to
cause a denial of service via a crafted PDF file.
3.3 Low AVAIL
CVE-2007-2037 Cisco Wireless LAN Controller (WLC) before
3.2.116.21, and 4.0.x before 4.0.155.0, allows
remote attackers on a local network to cause a
denial of service (device crash) via malformed
1.9 Low Ethernet traffic. AVAIL
CVE-2007-2038 The Network Processing Unit (NPU) in the
Cisco Wireless LAN Controller (WLC) before
3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x
allows remote attackers on a local wireless
network to cause a denial of service (loss of
packet forwarding) via (1) crafted SNAP
packets, (2) malformed 802.11 traffic, or (3)
packets with certain header length values, aka
3.3 Low Bug ID CSCsg36361. AVAIL
CVE-2007-2039 The Network Processing Unit (NPU) in the
Cisco Wireless LAN Controller (WLC) before
3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x
allows remote attackers on a local wireless
network to cause a denial of service (loss of
packet forwarding) via (1) crafted SNAP
packets, (2) malformed 802.11 traffic, or (3)
packets with certain header length values, aka
3.3 Low Bug IDs CSCsg15901 and CSCsh10841. AVAIL
CVE-2007-2045 Unspecified vulnerability in the IP
implementation in Sun Solaris 8 and 9 allows
remote attackers to cause a denial of service
(CPU consumption) via crafted IP packets,
probably related to fragmented packets with
2.3 Low duplicate or missing fragments. AVAIL
CVE-2007-2151 The administration server in McAfee e-
Business Server before 8.1.1 and 8.5.x before
8.5.2 allows remote attackers to cause a denial
of service (service crash) via a large length
value in a malformed authentication packet,
which triggers a heap over-read.
2.3 Low AVAIL
CVE-2007-2161 Microsoft Internet Explorer 7 allows remote
attackers to cause a denial of service (browser
hang) via JavaScript that matches a regular
expression against a long string, as
2.3 Low demonstrated using /(.)*/. AVAIL
CVE-2007-2162 (1) Mozilla Firefox 2.0.0.3 and (2) GNU
IceWeasel 2.0.0.3 allow remote attackers to
cause a denial of service (browser crash or
system hang) via JavaScript that matches a
regular expression against a long string, as
3.3 Low demonstrated using /(.)*/. AVAIL
CVE-2007-2163 Apple Safari allows remote attackers to cause
a denial of service (browser crash) via
JavaScript that matches a regular expression
against a long string, as demonstrated using
2.3 Low /(.)*/. AVAIL
CVE-2007-2164 Konqueror 3.5.5 release 45.4 allows remote
attackers to cause a denial of service (browser
crash or abort) via JavaScript that matches a
regular expression against a long string, as
2.3 Low demonstrated using /(.)*/. AVAIL
CVE-2007-2178 Multiple unspecified vulnerabilities in Objective
Development Sharity before 3.3 allow remote
attackers to cause a denial of service (daemon
crash) via unspecified vectors.
3.3 Low AVAIL
CVE-2007-2179 Multiple unspecified vulnerabilities in
IXceedCompression in XceddZipLib
(RaidenFTPD.dll) in RaidenFTPD 2.4 allow
remote attackers to cause a denial of service
(crash) via unspecified vectors involving the (1)
CalculateCrc, (2) Compress, and (3)
Uncompress functions, which result in a NULL
3.3 Low pointer dereference. AVAIL
CVE-2007-2180 Buffer overflow in Nullsoft Winamp 5.3 allows
user-assisted remote attackers to cause a
denial of service (crash) via a crafted WMV file.
2.7 Low AVAIL
CVE-2007-2186 Foxit Reader 2.0 allows remote attackers to
cause a denial of service (application crash) via
2.3 Low a crafted PDF document. AVAIL
CVE-2007-2195 aMSN (aka Alvaro's Messenger) 0.96 and
earlier allows remote attackers to cause a
denial of service (application crash) by sending
2.3 Low invalid data to TCP port 31337. AVAIL
CVE-2007-2210 A certain ActiveX control in askPopStp.dll in
Netsprint Ask IE Toolbar 1.1 allows remote
attackers to cause a denial of service (Internet
Explorer crash) via a long AddAllowed property
value, related to "improper memory handling,"
possibly a buffer overflow.
3.3 Low AVAIL
CVE-2007-2213 Unspecified vulnerability in the Initialize function
in NetscapeFTPHandler in WS_FTP Home and
Professional 2007 allows remote attackers to
cause a denial of service (NULL dereference
and application crash) via unspecified vectors
related to "improper arguments."
3.3 Low AVAIL
CVE-2007-2237 Microsoft Windows Graphics Device Interface
(GDI+, GdiPlus.dll) allows context-dependent
attackers to cause a denial of service (crash)
via an ICO file with an InfoHeader containing a
Height of zero, which triggers a divide-by-zero
2.7 Low error. AVAIL
CVE-2007-2241 Unspecified vulnerability in query.c in ISC BIND
9.4.0, and 9.5.0a1 through 9.5.0a3, when
recursion is enabled, allows remote attackers to
cause a denial of service (daemon exit) via a
sequence of queries processed by the
2.7 Low query_addsoa function. AVAIL
CVE-2007-2242 The IPv6 protocol allows remote attackers to
cause a denial of service via crafted IPv6 type 0
route headers (IPV6_RTHDR_TYPE_0) that
create network amplification between two
3.3 Low routers. AVAIL
CVE-2007-2246 Unspecified vulnerability in HP-UX B.11.00 and
B.11.11, when running sendmail 8.9.3 or 8.11.1;
and HP-UX B.11.23 when running sendmail
8.11.1; allows remote attackers to cause a
denial of service via unknown attack vectors.
NOTE: due to the lack of details from HP, it is
not known whether this issue is a duplicate of
another CVE such as CVE-2006-1173 or CVE-
3.3 Low 2006-4434. AVAIL
CVE-2007-2267 Unspecified vulnerability in Sun Cluster 3.1 and
Solaris Cluster 3.2 before 20070424 allows
remote authenticated users, operating from a
different cluster node, to cause a denial of
service (data corruption or send_mondo panic)
via unspecified vectors, as demonstrated by
EMC Symcli backup software 6.2.1.
2 Low AVAIL
CVE-2007-2270 The Linksys SPA941 VoIP Phone allows
remote attackers to cause a denial of service
(device reboot) via a 0377 (0xff) character in the
From header, and possibly certain other
3.3 Low locations, in a SIP INVITE request. AVAIL
CVE-2007-2274 The BitTorrent implementation in Opera 9.2
allows remote attackers to cause a denial of
service (CPU consumption and application
crash) via a malformed torrent file. NOTE: the
original disclosure refers to this to as a memory
3.3 Low leak, but it is not certain. AVAIL
CVE-2007-2276 ** DISPUTED ** 3Com TippingPoint IPS allows
remote attackers to cause a denial of service
(device hang) via a flood of packets on TCP
port 80 with sequentially increasing source
ports, related to a "badly written loop." NOTE:
the vendor disputes this issue, stating that the
product has "performed as expected with no
3.3 Low DoS emerging." AVAIL
CVE-2007-2294 The Manager Interface in Asterisk before
1.2.18 and 1.4.x before 1.4.3 allows remote
attackers to cause a denial of service (crash) by
using MD5 authentication to authenticate a user
that does not have a password defined in
manager.conf, resulting in a NULL pointer
3.3 Low dereference. AVAIL
CVE-2007-2297 The SIP channel driver (chan_sip) in Asterisk
before 1.2.18 and 1.4.x before 1.4.3 does not
properly parse SIP UDP packets that do not
contain a valid response code, which allows
remote attackers to cause a denial of service
3.3 Low (crash). AVAIL
CVE-2007-2315 MiniShare 1.5.4, and possibly earlier, allows
remote attackers to cause a denial of service
(application crash) via a flood of requests for
3.3 Low new connections. AVAIL
CVE-2007-2322 NMMediaServer.exe in Nero MediaHome
2.5.5.0 and CE 1.3.0.4 allows remote attackers
to cause a denial of service (NULL dereference
and application crash) via a crafted packet that
contains two CRLF sequences. NOTE: the
provenance of this information is unknown; the
details are obtained solely from third party
3.3 Low information. AVAIL
CVE-2007-2336 Unspecified vulnerability in InterVations
NaviCOPA Web Server 2.01 20070323 allows
remote attackers to cause a denial of service
(daemon crash) via crafted HTTP requests, as
demonstrated by long requests containing '\A'
characters, probably a different issue than CVE-
2006-5112 and CVE-2007-1733. NOTE: the
provenance of this information is unknown; the
details are obtained solely from third party
3.3 Low information. AVAIL
CVE-2007-2344 The BOOTPD component in Enterasys
NetSight Console 2.1 and NetSight Inventory
Manager 2.1, and possibly earlier, on Windows
allows remote attackers to cause a denial of
service (daemon crash) via a UDP packet that
contains an invalid "packet type" field.
3.3 Low AVAIL
CVE-2007-2367 Buffer overflow in wserve_console.exe in
Wserve HTTP Server (whttp) 4.6 allows remote
attackers to cause a denial of service (forced
application exit) via a long directory name in the
10 High URI. AVAIL
CVE-2007-2414 MyServer before 0.8.8 allows remote attackers
to cause a denial of service via unspecified
3.3 Low vectors. AVAIL
CVE-2007-2415 Pi3Web Web Server 2.0.3 PL1 allows remote
attackers to cause a denial of service
(application exit) via a long URI. NOTE: this
issue was originally reported as a crash, but the
vendor states that the impact is a "clean" exit in
which "the server I/O loop finishes and the
3.3 Low process exits normally." AVAIL
CVE-2007-2437 The X render (Xrender) extension in X.org X
Window System 7.0, 7.1, and 7.2, with Xserver
1.3.0 and earlier, allows remote authenticated
users to cause a denial of service (daemon
crash) via crafted values to the (1)
XRenderCompositeTrapezoids and (2)
XRenderAddTraps functions, which trigger a
2 Low divide-by-zero error. AVAIL
CVE-2007-2439 Caucho Resin Professional 3.1.0 and Caucho
Resin 3.1.0 and earlier for Windows allows
remote attackers to cause a denial of service
(device hang) and read data from a COM or
LPT device via a DOS device name with an
6.7 Medium arbitrary extension. AVAIL
CVE-2007-2445 The png_handle_tRNS function in pngrutil.c in
libpng before 1.0.25 and 1.2.x before 1.2.17
allows remote attackers to cause a denial of
service (application crash) via a grayscale PNG
image with a bad tRNS chunk CRC value.
2.3 Low AVAIL
CVE-2007-2455 Parallels allows local users to cause a denial of
service (virtual machine abort) via (1) certain
INT instructions, as demonstrated by INT 0xAA;
(2) an IRET instruction when an invalid address
is at the top of the stack; (3) a malformed
MOVNTI instruction, as demonstrated by using
a register as a destination; or a write operation
to (4) SEGR6 or (5) SEGR7.
3.3 Low AVAIL
CVE-2007-2461 The DHCP relay agent in Cisco Adaptive
Security Appliance (ASA) and PIX 7.2 allows
remote attackers to cause a denial of service
(dropped packets) via a DHCPREQUEST or
DHCPINFORM message that causes multiple
DHCPACK messages to be sent from DHCP
servers to the agent, which consumes the
memory allocated for a local buffer. NOTE: this
issue only occurs when multiple DHCP servers
3.3 Low are used. AVAIL
CVE-2007-2463 Unspecified vulnerability in Cisco Adaptive
Security Appliance (ASA) and PIX 7.1 before
7.1(2)49 and 7.2 before 7.2(2)17 allows remote
attackers to cause a denial of service (device
reload) via unknown vectors related to VPN
connection termination and password expiry.
3.3 Low AVAIL
CVE-2007-2464 Race condition in Cisco Adaptive Security
Appliance (ASA) and PIX 7.1 before 7.1(2)49
and 7.2 before 7.2(2)19, when using "clientless
SSL VPNs," allows remote attackers to cause a
denial of service (device reload) via "non-
2.7 Low standard SSL sessions." AVAIL
CVE-2007-2465 Unspecified vulnerability in Sun Solaris 9, when
Solaris Auditing (BSM) is enabled for file read,
write, attribute modify, create, or delete audit
classes, allows local users to cause a denial of
service (panic) via unknown vectors, possibly
related to the audit_savepath function.
1.9 Low AVAIL
CVE-2007-2466 Unspecified vulnerability in the LDAP Software
Development Kit (SDK) for C, as used in Sun
Java System Directory Server 5.2 up to Patch 4
and Sun ONE Directory Server 5.1, allows
remote attackers to cause a denial of service
(crash) via certain BER encodings.
3.3 Low AVAIL
CVE-2007-2467 ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and
possibly earlier versions and other products,
allows local users to cause a denial of service
(system crash) by sending malformed data to
the vsdatant device driver, which causes an
2.3 Low invalid memory access. AVAIL
CVE-2007-2468 Unspecified vulnerability in HP OpenVMS for
Integrity Servers 8.2-1 and 8.3 allows local
users to cause a denial of service (crash) via
2.3 Low "Program actions relating to exceptions." AVAIL
CVE-2007-2488 The IAX2 channel driver (chan_iax2) in
Asterisk before 20070504 does not properly null
terminate data, which allows remote attackers
to trigger loss of transmitted data, and possibly
obtain sensitive information (memory contents)
or cause a denial of service (application crash),
by sending a frame that lacks a 0 byte.
10 High AVAIL
CVE-2007-2490 Unspecified vulnerability in LiveData Server
before 5.00.62 allows remote attackers to cause
a denial of service (exit) via crafted Connection-
Oriented Transport Protocol (COTP) packets.
3.3 Low AVAIL
CVE-2007-2491 The PIIX4 power management subsystem in
EMC VMware Workstation 5.5.3.34685 and
VMware Server 1.0.1.29996 allows local users
to write to arbitrary memory locations via a
crafted poke to I/O port 0x1004, triggering a
denial of service (virtual machine crash) or
other unspecified impact, a related issue to CVE-
7 High 2007-1337. AVAIL
CVE-2007-2494 Multiple stack-based buffer overflows in the
PowerPointOCX ActiveX control in
PowerPointViewer.ocx 3.1.0.3 allow remote
attackers to cause a denial of service (Internet
Explorer 7 crash) via a long (1)
DoOleCommand, (2) FTPDownloadFile, (3)
FTPUploadFile, (4) HttpUploadFile, (5) Save,
(6) SaveWebFile, (7) HttpDownloadFile, (8)
Open, or (9) OpenWebFile property value.
NOTE: some of these details are obtained from
10 High third party information. AVAIL
CVE-2007-2496 The WordOCX ActiveX control in
WordViewer.ocx 3.2.0.5 allows remote
attackers to cause a denial of service (Internet
Explorer 7 crash) via a long (1)
DoOleCommand, (2) FTPDownloadFile, (3)
FTPUploadFile, (4) HttpUploadFile, (5)
GotoPage, (6) Save, (7) SaveWebFile, (8)
HttpDownloadFile, (9) Open, (10)
OpenWebFile, (11) SaveAs, or (12)
3.3 Low ShowWordStandardDialog property value. AVAIL
CVE-2007-2497 RealNetworks RealPlayer 10 Gold allows
remote attackers to cause a denial of service
(memory consumption) via a certain .ra file.
NOTE: this issue was referred to as a "memory
leak," but it is not clear if this is correct.
3.3 Low AVAIL
CVE-2007-2502 Unspecified vulnerability in HP ProCurve
9300m Series switches with software 08.0.01c
through 08.0.01j allows remote attackers to
cause a denial of service via unknown vectors,
a different switch series than CVE-2006-4015.
3.3 Low AVAIL
CVE-2007-2506 WebSpeed 3.x in OpenEdge 10.x in Progress
Software Progress 9.1e, and certain other 9.x
versions, allows remote attackers to cause a
denial of service (infinite loop and daemon
hang) via a messenger URL that invokes _edit.r
with no additional parameters, as demonstrated
by requests for cgiip.exe or wsisa.dll with
WService=wsbroker1/_edit.r in the
PATH_INFO.
3.3 Low AVAIL
CVE-2007-2525 Memory leak in the PPPoE socket
implementation in the Linux kernel before
2.6.21-git8 allows local users to cause a denial
of service (memory consumption) by creating a
socket using connect, and releasing it before
the PPPIOCGCHAN ioctl is initialized.
1.6 Low AVAIL
CVE-2007-2535 WinAce allows remote attackers to cause a
denial of service (infinite loop) via a ZOO
archive with a direntry structure that points to a
3.3 Low previous file. AVAIL
CVE-2007-2536 PicoZip allows remote attackers to cause a
denial of service (infinite loop) via a ZOO
archive with a direntry structure that points to a
3.3 Low previous file. AVAIL
CVE-2007-2565 Cdelia Software ImageProcessing allows user-
assisted remote attackers to cause a denial of
service (application crash) via a crafted BMP
2.7 Low file. AVAIL
CVE-2007-2566 The SaveBarCode function in the Taltech Tal
Bar Code ActiveX control allows remote
attackers to cause a denial of service (disk
consumption) by uploading multiple bar codes,
2.3 Low as demonstrated by a WSF package. AVAIL
CVE-2007-2583 The in_decimal::set function in
item_cmpfunc.cc in MySQL before 5.0.40, and
5.1 before 5.1.18-beta, allows context-
dependent attackers to cause a denial of
service (crash) via a crafted IF clause that
results in a divide-by-zero error and a NULL
1.4 Low pointer dereference. AVAIL
CVE-2007-2587 The IOS FTP Server in Cisco IOS 11.3 through
12.4 allows remote authenticated users to
cause a denial of service (IOS reload) via
unspecified vectors involving transferring files
2 Low (aka bug ID CSCse29244). AVAIL
CVE-2007-2603 Unspecified vulnerability in the Init function in
the Audio CD Ripper OCX
(AudioCDRipperOCX.ocx) 1.0 ActiveX control
allows remote attackers to cause a denial of
service (NULL dereference and Internet
3.3 Low Explorer crash) via unspecified vectors. AVAIL
CVE-2007-2604 Unspecified vulnerability in the FlexLabel
ActiveX control allows remote attackers to
cause a denial of service (unstable behavior)
via an improper initialization, as demonstrated
by a certain value of the Caption property.
3.3 Low AVAIL
CVE-2007-2605 Unspecified vulnerability in the GetPropertyById
function in ISoftomateObj in SoftomateLib in
BRUJULA4.NET.DLL in the Brujula Toolbar
(Brujula.net toolbar) allows attackers to cause a
denial of service (NULL dereference and
browser crash) via certain arguments.
2.7 Low AVAIL
CVE-2007-2623 Multiple buffer overflows in RControl.dll in
Remote Display Dev kit 1.2.1.0 allow remote
attackers to cause a denial of service (Internet
Explorer 7 crash) via (1) a long first argument to
the connect function or (2) a long InternalServer
property value, possibly involving ntdll.dll.
3.3 Low AVAIL
CVE-2007-2635 Unspecified vulnerability in Interchange before
5.4.2 allows remote attackers to cause an
unspecified denial of service (possibly server
hang) via crafted HTTP requests.
3.3 Low AVAIL
CVE-2007-2650 The OLE2 parser in Clam AntiVirus (ClamAV)
allows remote attackers to cause a denial of
service (resource consumption) via an OLE2 file
with (1) a large property size or (2) a loop in the
FAT file block chain that triggers an infinite loop,
as demonstrated via a crafted DOC file.
2.3 Low AVAIL
CVE-2007-2656 Stack-based buffer overflow in the Hewlett-
Packard (HP) Magview ActiveX control in
hpqvwocx.dll 1.0.0.309 allows remote attackers
to cause a denial of service (application crash)
and possibly have other impact via a long
argument to the DeleteProfile method.
3.3 Low AVAIL
CVE-2007-2657 Unspecified vulnerability in the PrecisionID
Barcode 1.3 ActiveX control in
PrecisionID_DataMatrix.DLL allows remote
attackers to cause a denial of service via a long
3.3 Low argument to the SaveBarCode method. AVAIL
CVE-2007-2658 Unspecified vulnerability in the ID Automation
Linear Barcode 1.6.0.5 ActiveX control in
IDAutomationLinear6.dll allows remote
attackers to cause a denial of service via a long
argument to the SaveEnhWMF method.
3.3 Low AVAIL
CVE-2007-2671 Mozilla Firefox 2.0.0.3 allows remote attackers
to cause a denial of service (application crash)
via a long hostname in an HREF attribute in an
A element, which triggers an out-of-bounds
2.7 Low memory access. AVAIL
CVE-2007-2697 The embedded LDAP server in BEA WebLogic
Express and WebLogic Server 7.0 through SP6,
8.1 through SP5, 9.0, and 9.1, when in certain
configurations, does not limit or audit failed
authentication attempts, which allows remote
attackers to more easily conduct brute-force
attacks against the administrator password, or
flood the server with login attempts and cause a
denial of service.
5.6 Medium AVAIL
CVE-2007-2704 BEA WebLogic Server 9.0 through 9.2 allows
remote attackers to cause a denial of service
(SSL port unavailability) by accessing a half-
2.7 Low closed SSL socket. AVAIL
CVE-2007-2721 The jpc_qcx_getcompparms function in
jpc/jpc_cs.c for the JasPer JPEG-2000 library
(libjasper) before 1.900 allows remote user-
assisted attackers to cause a denial of service
(crash) and possibly corrupt the heap via
malformed image files, as originally
1.9 Low demonstrated using imagemagick convert. AVAIL
CVE-2007-2722 Unspecified vulnerability in NewzCrawler 1.8
allows remote attackers to cause a denial of
service (application instability) via certain invalid
strings in the URL attribute of an ENCLOSURE
element, as demonstrated by a "%s" sequence,
a "%Y" sequence, a "%%" sequence, and an
3.3 Low "n," sequence. AVAIL
CVE-2007-2723 Media Player Classic 6.4.9.0 allows user-
assisted remote attackers to cause a denial of
service (web browser crash) via an "empty"
.MPA file, which triggers a divide-by-zero error.
2.7 Low AVAIL
CVE-2007-2726 BitsCast 0.13.0 allows remote attackers to
cause a denial of service (application crash) via
an RSS 2.0 feed item with certain invalid strings
in a pubDate element, as demonstrated by
repeated "../A" or "A/../" patterns.
3.3 Low AVAIL
CVE-2007-2756 The gdPngReadData function in libgd 2.0.34
allows user-assisted attackers to cause a denial
of service (CPU consumption) via a crafted
PNG image with truncated data, which causes
an infinite loop in the png_read_info function in
1.9 Low libpng. AVAIL
CVE-2007-2764 The embedded Linux kernel in certain Sun-
Brocade SilkWorm switches before 20070516
does not properly handle a situation in which a
non-root user creates a kernel process, which
allows attackers to cause a denial of service
(oops and device reboot) via unspecified
3.3 Low vectors. AVAIL
CVE-2007-2765 blockhosts.py in BlockHosts before 2.0.3 does
not properly parse daemon log files, which
allows remote attackers to add arbitrary deny
entries to the /etc/hosts.allow file and cause a
denial of service by adding arbitrary IP
addresses to a daemon log file, as
demonstrated by logging in through ssh using a
login name containing certain strings with an IP
address, which is not properly handled by a
regular expression, a related issue to CVE-2006-
2 Low 6301. AVAIL
CVE-2007-2772 (1) caloggerd.exe (camt70.dll) and (2)
mediasvr.exe (catirpc.dll and rwxdr.dll) in CA
BrightStor Backup 11.5.2.0 SP2 allow remote
attackers to cause a denial of service (NULL
dereference and application crash) via a crafted
3.3 Low RPC packet. AVAIL
CVE-2007-2784 Unspecified vulnerability in globus-job-manager
in Globus Toolkit 4.1.1 and earlier
(globus_nexus-6.6 and earlier) allows remote
attackers to cause a denial of service (resource
exhaustion and system crash) via certain
requests to temporary TCP ports for a GRAM2
3.3 Low job or its MPICH-G2 applications. AVAIL
CVE-2007-2786 Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5
and earlier allows remote attackers to cause a
denial of service (resource exhaustion) by
2.3 Low making many requests from a single client. AVAIL
CVE-2007-2789 The BMP image parser in Sun Java
Development Kit (JDK) before 1.5.0_11-b03,
and 1.6.x before 1.6.0_01-b06, on Unix/Linux
systems, allows remote attackers to trigger the
opening of arbitrary local files via a crafted BMP
file, which causes a denial of service (system
hang) in certain cases such as /dev/tty, and has
other unspecified impact.
2.7 Low AVAIL
CVE-2007-2796 Arris Cadant C3 CMTS allows remote attackers
to cause a denial of service (service
termination) via a malformed IP packet with an
3.3 Low invalid IP option. AVAIL
CVE-2007-2813 Cisco IOS 12.4 and earlier, when using the
crypto packages and SSL support is enabled,
allows remote attackers to cause a denial of
service via a malformed (1) ClientHello, (2)
ChangeCipherSpec, or (3) Finished message
3.3 Low during an SSL session. AVAIL
CVE-2007-2829 The 802.11 network stack in
net80211/ieee80211_input.c in MadWifi before
0.9.3.1 allows remote attackers to cause a
denial of service (system hang) via a crafted
length field in nested 802.3 Ethernet frames in
Fast Frame packets, which results in a NULL
2.3 Low pointer dereference. AVAIL
CVE-2007-2830 The ath_beacon_config function in if_ath.c in
MadWifi before 0.9.3.1 allows remote attackers
to cause a denial of service (system crash) via
crafted beacon interval information when
scanning for access points, which triggers a
2.3 Low divide-by-zero error. AVAIL
CVE-2007-2869 The form autocomplete feature in Mozilla
Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4,
and possibly earlier versions, allows remote
attackers to cause a denial of service
(persistent temporary CPU consumption) via a
large number of characters in a submitted form.
1.9 Low AVAIL
CVE-2007-2873 SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before
20070611, when running as root in unusual
configurations using vpopmail or virtual users,
allows local users to cause a denial of service
(corrupt arbitrary files) via a symlink attack on a
file that is used by spamd.
1.3 Low AVAIL
CVE-2007-2876 The sctp_new function in (1)
ip_conntrack_proto_sctp.c and (2)
nf_conntrack_proto_sctp.c in Netfilter in Linux
kernel 2.6 before 2.6.20.13, and 2.6.21.x before
2.6.21.4, allows remote attackers to cause a
denial of service by causing certain invalid
states that trigger a NULL pointer dereference.
2.3 Low AVAIL
CVE-2007-2878 The VFAT compat ioctls in the Linux kernel
before 2.6.21.2, when run on a 64-bit system,
allow local users to corrupt a kernel_dirent
struct and cause a denial of service (system
2.3 Low crash) via unknown vectors. AVAIL
CVE-2007-2882 Unspecified vulnerability in the NFS client
module in Sun Solaris 8 through 10 before
20070524, when operating as an NFS server,
allows remote attackers to cause a denial of
service (crash) via certain Access Control List
2.3 Low (acl) packets. AVAIL
CVE-2007-2885 The NotSafe function in the
MSVDTDatabaseDesigner7 ActiveX control in
VDT70.DLL in Microsoft Visual Database Tools
(MSVDT) Database Designer 7.0 allows remote
attackers to cause a denial of service (Internet
Explorer 6 crash) via a long argument.
1.9 Low AVAIL
CVE-2007-2886 Unspecified vulnerability in the Nortel CS 1000
M media card in Enterprise VoIP-Core-CS
1000E, 1000M, and 1000S 04.50W before
20070523 in Meridian/CS 1000 allows remote
attackers to cause a denial of service (card
2.3 Low hang) via unspecified vectors. AVAIL
CVE-2007-2894 The emulated floppy disk controller in Bochs
2.3 allows local users of the guest operating
system to cause a denial of service (virtual
machine crash) via unspecified vectors,
1.6 Low resulting in a divide-by-zero error. AVAIL
CVE-2007-2896 Race condition in the Symantec Enterprise
Security Manager (ESM) 6.5.3 managers and
agents on Windows before 20070524 allows
remote attackers to cause a denial of service
(CPU consumption and application hang) via
certain network scans to ESM ports.
1.9 Low AVAIL
CVE-2007-2903 Buffer overflow in the HelpPopup method in the
Microsoft Office 2000 Controllo UA di Microsoft
Office ActiveX control (OUACTRL.OCX) 1.0.1.9
allows remote attackers to cause a denial of
service (probably winhlp32.exe crash) via a long
first argument. NOTE: it is not clear whether this
issue crosses privilege boundaries.
2.3 Low AVAIL
CVE-2007-2906 Java Embedding Plugin 0.9.6.1 allows remote
attackers to cause a denial of service (browser
crash) via a Thread subclass that calls
2.3 Low super.run from its run method. AVAIL
CVE-2007-2964 The fsmsh.dll host module in F-Secure Policy
Manager Server 7.00 and earlier allows remote
attackers to cause a denial of service
(application crash) via NTFS reserved words in
2.3 Low filenames in URLs. AVAIL
CVE-2007-2972 The file parsing engine in Avira Antivir Antivirus
before 7.04.00.24 allows remote attackers to
cause a denial of service (application crash) via
a crafted UPX compressed file, which triggers a
divide-by-zero error.
3.3 Low AVAIL
CVE-2007-2973 Avira Antivir Antivirus before 7.03.00.09 allows
remote attackers to cause a denial of service
(infinite loop and CPU consumption) via a
3.3 Low malformed TAR archive. AVAIL
CVE-2007-2977 Buffer overflow in the receive function in
submit/submitcommon.c in the submit daemon
in DOMjudge before 2.0.0RC1 allows remote
attackers to cause a denial of service or have
other unspecified impact. NOTE: some of these
details are obtained from third party information.
3.3 Low AVAIL
CVE-2007-2989 The libike library in Sun Solaris 9 before
20070529 contains a logic error related to a
certain pointer, which allows remote attackers to
cause a denial of service (in.iked daemon
crash) by sending certain UDP packets with a
source port different from 500. NOTE: this issue
might overlap CVE-2006-2298.
3.3 Low AVAIL
CVE-2007-2990 Unspecified vulnerability in inetd in Sun Solaris
10 before 20070529 allows local users to cause
a denial of service (daemon termination) via
unspecified manipulations of the
/var/run/.inetd.uds Unix domain socket file.
2.3 Low AVAIL
CVE-2007-2998 The Pascal run-time library (PAS$RTL.EXE)
before 20070418 on OpenVMS for Integrity
Servers 8.3, and PAS$RTL.EXE before
20070419 on OpenVMS Alpha 8.3, does not
properly restore PC and PSL values, which
allows local users to cause a denial of service
(system crash) via certain Pascal code.
2.3 Low AVAIL
CVE-2007-3005 Unspecified vulnerability in the Sun Java
Runtime Environment in JDK and JRE 6, JDK
and JRE 5.0 Update 10 and earlier, SDK and
JRE 1.4.2_14 and earlier, and SDK and JRE
1.3.1_19 and earlier allows remote attackers to
cause a denial of service (JVM hang) via certain
untrusted applets or applications.
1.9 Low AVAIL
CVE-2007-3009 Format string vulnerability in the
MprLogToFile::logEvent function in Mbedthis
AppWeb 2.0.5-4, when the build supports
logging but the configuration disables logging,
allows remote attackers to cause a denial of
service (daemon crash) via format string
specifiers in the HTTP scheme, as
demonstrated by a "GET %n://localhost:80/"
1.9 Low request. AVAIL
CVE-2007-3025 Unspecified vulnerability in
libclamav/phishcheck.c in ClamAV before
0.90.3 and 0.91 before 0.91rc1, when running
on Solaris, allows remote attackers to cause a
denial of service (hang) via unknown vectors
related to the isURL function and regular
2.3 Low expressions. AVAIL
CVE-2007-3044 Unspecified vulnerability in the Map I/O Service
(xpwmap) in Hitachi XP/W on HI-UX/WE2
before 20070319, and XP/W on HP-UX before
20070405, allows remote attackers to cause a
denial of service via certain data to the service
2.3 Low port. AVAIL
CVE-2007-3045 Unspecified vulnerability in Hitachi
TP1/NET/OSI-TP-Extended on HI-UX/WE2
before 20070213, and on HP-UX before
20070314, allows remote attackers to cause a
2.3 Low denial of service via certain data to a port. AVAIL
CVE-2007-3046 Buffer overflow in Advanced Software
Production Line Vortex Library before 1.0.3
allows remote attackers to cause a denial of
service (listener crash) via unspecified vectors
related to the select I/O implementation and the
file set buffer. NOTE: some of these details are
obtained from third party information.
2.3 Low AVAIL
CVE-2007-3086 Unrestricted critical resource lock in Agnitum
Outpost Firewall PRO 4.0 1007.591.145 and
earlier allows local users to cause a denial of
service (system hang) by capturing the
2.3 Low outpost_ipc_hdr mutex. AVAIL
CVE-2007-3098 The SNMPc Server (crserv.exe) process in
Castle Rock Computing SNMPc before 7.0.19
allows remote attackers to cause a denial of
service (crash) via a crafted packet to port
2.3 Low 165/TCP. AVAIL
CVE-2007-3099 usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-
initiator-utils) before 2.0-865 checks the client's
UID on the listening AF_LOCAL socket instead
of the new connection, which allows remote
attackers to access the management interface
and cause a denial of service (iscsid exit or
iSCSI connection loss).
3.3 Low AVAIL
CVE-2007-3100 usr/log.c in iscsid in open-iscsi (iscsi-initiator-
utils) before 2.0-865 uses a semaphore with
insecure permissions (world-writable/world-
readable) for managing log messages using
shared memory, which allows local users to
cause a denial of service (hang) by grabbing the
2.3 Low semaphore. AVAIL
CVE-2007-3112 Cacti 0.8.6i, and possibly other versions, allows
remote authenticated users to cause a denial of
service (CPU consumption) via a large value of
the (1) graph_start or (2) graph_end parameter.
3.3 Low AVAIL
CVE-2007-3113 Cacti 0.8.6i, and possibly other versions, allows
remote authenticated users to cause a denial of
service (CPU consumption) via a large value of
the (1) graph_height or (2) graph_width
2 Low parameter. AVAIL
CVE-2007-3114 Memory leak in server/MaraDNS.c in MaraDNS
before 1.2.12.05, and 1.3.x before 1.3.03,
allows remote attackers to cause a denial of
service (memory consumption) via unspecified
2.3 Low vectors. AVAIL
CVE-2007-3115 Multiple memory leaks in server/MaraDNS.c in
MaraDNS before 1.2.12.06, and 1.3.x before
1.3.05, allow remote attackers to cause a denial
of service (memory consumption) via
3.3 Low unspecified vectors. AVAIL
CVE-2007-3116 Memory leak in server/MaraDNS.c in MaraDNS
1.2.12.06 and 1.3.05 allows remote attackers to
cause a denial of service (memory
consumption) via unspecified vectors.
2.3 Low AVAIL
CVE-2007-3123 unrar.c in libclamav in ClamAV before 0.90.3
and 0.91 before 0.91rc1 allows remote
attackers to cause a denial of service (core
dump) via a crafted RAR file with a modified
vm_codesize value, which triggers a heap-
2.3 Low based buffer overflow. AVAIL
CVE-2007-3126 Gimp 2.3.14 allows context-dependent
attackers to cause a denial of service (crash)
via an ICO file with an InfoHeader containing a
Height of zero, a similar issue to CVE-2007-
2.3 Low 2237. AVAIL
CVE-2007-3132 Multiple vulnerabilities in Symantec Ghost
Solution Suite 2.0.0 and earlier, with Ghost
8.0.992 and possibly other versions, allow
remote attackers to cause a denial of service
(client or server crash) via malformed requests
to the daemon port, 1346/udp or 1347/udp.
2.3 Low AVAIL
CVE-2007-3151 rpttop.htm in the web management interface in
Packeteer PacketShaper 7.3.0g2 and 7.5.0g1
allows remote attackers to cause a denial of
service (device reboot) via a request with empty
values of the OP.MEAS.DATAQUERY and
MEAS.TYPE parameters.
2.3 Low AVAIL
CVE-2007-3157 IPSecDrv.sys 10.4.0.12 in SafeNET High
Assurance Remote 1.4.0 Build 12, and
SoftRemote, allows remote attackers to cause a
denial of service (infinite loop and system hang)
via an invalid packet with certain bytes in an
option header, possibly related to the IPv6
2.3 Low support for IPSec. AVAIL
CVE-2007-3159 http.c in MiniWeb Http Server 0.8.x allows
remote attackers to cause a denial of service
(application crash) via a negative value in the
2.3 Low Content-Length HTTP header. AVAIL
CVE-2007-3162 Buffer overflow in the NotSafe function in the
idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in
Internet Download Accelerator (ida) 5.2 allows
remote attackers to cause a denial of service
(Internet Explorer crash) via a long argument.
2.3 Low AVAIL
CVE-2007-3185 Apple Safari for Windows public beta allows
remote attackers to cause a denial of service
(crash) via unspecified DHTML manipulations
that trigger memory corruption, as
3.3 Low demonstrated using Hamachi. AVAIL
CVE-2007-0347 The is_eow function in format.c in CVSTrac
before 2.0.1 does not properly check for the "'"
(quote) character, which allows remote
authenticated users to execute limited SQL
injection attacks and cause a denial of service
(database error) via a ' character in certain
1.9 Low messages, tickets, or Wiki entries. AVAIL
CVE-2007-2371 admin/index.php in Gregory Kokanosky
phpMyNewsletter 0.8 beta5 and earlier provides
access to configuration modification before
login, which allows remote attackers to cause a
denial of service (loss of configuration data),
and possibly perform direct static code injection,
via a saveGlobalconfig action.
10 High AVAIL
CVE-2007-0021 Format string vulnerability in Apple iChat 3.1.6
allows remote attackers to cause a denial of
service (null pointer dereference and application
crash) and possibly execute arbitrary code via
format string specifiers in an aim:// URI.
7 High AVAIL
CVE-2007-0148 Format string vulnerability in OmniGroup
OmniWeb 5.5.1 allows remote attackers to
cause a denial of service (application crash) or
execute arbitrary code via format string
5.6 Medium specifiers in the Javascript alert function. AVAIL
CVE-2007-0160 Stack-based buffer overflow in the LiveJournal
support (hooks/ljhook.cc) in CenterICQ 4.9.11
through 4.21.0, when using unofficial
LiveJournal servers, allows remote attackers to
cause a denial of service (crash) and possibly
execute arbitrary code by adding the victim as a
friend and using long (1) username and (2) real
7 High name strings. AVAIL
CVE-2007-0235 Stack-based buffer overflow in the
glibtop_get_proc_map_s function in libgtop
before 2.14.6 (libgtop2) allows local users to
cause a denial of service (crash) and possibly
execute arbitrary code via a process with a long
filename that is mapped in its address space,
which triggers the overflow in gnome-system-
7 High monitor. AVAIL
CVE-2007-0255 XINE 0.99.4 allows user-assisted remote
attackers to cause a denial of service
(application crash) and possibly execute
arbitrary code via a certain M3U file that
contains a long #EXTINF line and contains
format string specifiers in an invalid udp:// URI,
8 High possibly a variant of CVE-2007-0017. AVAIL
CVE-2007-0315 Multiple buffer overflows in FileZilla before
2.2.30a allow remote attackers to execute
arbitrary code or cause a denial of service
(application crash) via unspecified vectors
related to (1) Options.cpp when sotring settings
in the registry, and (2) the transfer queue
(QueueCtrl.cpp). NOTE: some of these details
are obtained from third party information.
8 High AVAIL
CVE-2007-0317 Format string vulnerability in the LogMessage
function in FileZilla before 3.0.0-beta5 allows
remote attackers to cause a denial of service
(application crash) and possibly execute
arbitrary code via crafted arguments. NOTE:
some of these details are obtained from third
7 High party information. AVAIL
CVE-2007-0330 Buffer overflow in wsbho2k0.dll, as used by
wsftpurl.exe, in Ipswitch WS_FTP 2007
Professional allows remote attackers to cause a
denial of service (application crash) and
possibly execute arbitrary code via a long ftp://
URL in an HTML document, and possibly other
7 High vectors. AVAIL
CVE-2007-0344 Multiple format string vulnerabilities in (1)
_invitedToRoom: and (2) _invitedToDirectChat:
in Colloquy 2.1 and earlier allow remote
attackers to cause a denial of service
(application crash) and possibly execute
arbitrary code via format string specifiers in the
channel name of an INVITE request, related to
the implementation of AlertSheet and AlertPanel
in Apple AppKit.
7 High AVAIL
CVE-2007-0455 Buffer overflow in the gdImageStringFTEx
function in gdft.c in GD Graphics Library 2.0.33
and earlier allows remote attackers to cause a
denial of service (application crash) and
possibly execute arbitrary code via a crafted
3.3 Low string with a JIS encoded font. AVAIL
CVE-2007-0462 The _GetSrcBits32ARGB function in Apple
QuickDraw, as used by Quicktime 7.1.3 and
other applications on Mac OS X 10.4.8 and
earlier, allows remote attackers to cause a
denial of service (application crash) and
possibly execute arbitrary code via a crafted
PICT image with a malformed Alpha RGB
(ARGB) record, which triggers memory
10 High corruption. AVAIL
CVE-2007-0463 Format string vulnerability in Apple Software
Update 2.0.5 on Mac OS X 10.4.8 allows
remote attackers to cause a denial of service
(application crash) or execute arbitrary code via
format string specifiers in (1) SWUTMP or (2)
SUCATALOG filenames, or using the (3)
application/x-apple.sucatalog+xml MIME type.
2.3 Low AVAIL
CVE-2007-0588 The InternalUnpackBits function in Apple
QuickDraw, as used by Quicktime 7.1.3 and
other applications on Mac OS X 10.4.8 and
earlier, allows remote attackers to cause a
denial of service (application crash) and
possibly execute arbitrary code via a crafted
PICT file that triggers memory corruption in the
_GetSrcBits32ARGB function. NOTE: this issue
2.7 Low might overlap CVE-2007-0462. AVAIL
CVE-2007-0643 Stack-based buffer overflow in Bloodshed Dev-
C++ 4.9.9.2 allows user-assisted remote
attackers to cause a denial of service
(application crash) and possibly execute
1.9 Low arbitrary code via a long line in a .cpp file. AVAIL
CVE-2007-0713 Heap-based buffer overflow in Apple
QuickTime before 7.1.5 allows remote user-
assisted attackers to cause a denial of service
(crash) and possibly execute arbitrary code via
a crafted QuickTime movie file.
3.7 Low AVAIL
CVE-2007-0715 Heap-based buffer overflow in Apple
QuickTime before 7.1.5 allows remote user-
assisted attackers to cause a denial of service
(crash) and possibly execute arbitrary code via
3.7 Low a crafted PICT file. AVAIL
CVE-2007-0716 Stack-based buffer overflow in Apple
QuickTime before 7.1.5 allows remote user-
assisted attackers to cause a denial of service
(crash) and possibly execute arbitrary code via
3.7 Low a crafted QTIF file. AVAIL
CVE-2007-0717 Integer overflow in Apple QuickTime before
7.1.5 allows remote user-assisted attackers to
cause a denial of service (crash) and possibly
execute arbitrary code via a crafted QTIF file.
3.7 Low AVAIL
CVE-2007-0718 Heap-based buffer overflow in Apple
QuickTime before 7.1.5 allows remote user-
assisted attackers to cause a denial of service
(crash) and possibly execute arbitrary code via
a QTIF file with a Video Sample Description
containing a Color table ID of 0, which triggers
memory corruption when QuickTime assumes
that a color table exists.
3.7 Low AVAIL
CVE-2007-0766 Stack-based buffer overflow in Remotesoft
.NET Explorer 2.0.1 allows user-assisted
remote attackers to cause a denial of service
(application crash) and possibly execute
8 High arbitrary code via a long line in a .cpp file. AVAIL
CVE-2007-0777 The JavaScript engine in Mozilla Firefox before
1.5.0.10 and 2.x before 2.0.0.2, Thunderbird
before 1.5.0.10, and SeaMonkey before 1.0.8
allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary
code via certain vectors that trigger memory
8 High corruption. AVAIL
CVE-2007-0796 Blue Coat Systems WinProxy 6.1a and 6.0 r1c,
and possibly earlier, allows remote attackers to
cause a denial of service (daemon crash) or
possibly execute arbitrary code via a long HTTP
CONNECT request, which triggers heap
7 High corruption. AVAIL
CVE-2007-0884 Buffer overflow in Roaring Penguin
MIMEDefang 2.59 and 2.60 allows remote
attackers to cause a denial of service
(application crash) and possibly execute
10 High arbitrary code via unspecified vectors. AVAIL
CVE-2007-0886 Heap-based buffer underflow in axigen 1.2.6
through 2.0.0b1 allows remote attackers to
cause a denial of service (application crash)
and possibly execute arbitrary code via certain
base64-encoded data on the pop3 port
(110/tcp), which triggers an integer overflow.
10 High AVAIL
CVE-2007-0931 Heap-based buffer overflow in the
management interfaces in (1) Aruba Mobility
Controllers 200, 800, 2400, and 6000 and (2)
Alcatel-Lucent OmniAccess Wireless 43xx and
6000 allows remote attackers to cause a denial
of service (process crash) and possibly execute
arbitrary code via long credential strings.
7 High AVAIL
CVE-2007-0933 Buffer overflow in the wireless driver 6.0.0.18
for D-Link DWL-G650+ (Rev. A1) on Windows
XP allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary
code via a beacon frame with a long TIM
3.3 Low Information Element. AVAIL
CVE-2007-1014 Stack-based buffer overflow in VicFTPS before
5.0 allows remote attackers to cause a denial of
service (application crash) and possibly execute
arbitrary code via a long CWD command.
10 High AVAIL
CVE-2007-1501 Stack-based buffer overflow in Avant Browser
11.0 build 26 allows remote attackers to cause
a denial of service (crash) and possibly execute
arbitrary code via a long Content-Type HTTP
8 High header. AVAIL
CVE-2007-1544 Integer overflow in the ProcAuWriteElement
function in server/dia/audispatch.c in Network
Audio System (NAS) before 1.8a SVN 237
allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary
code via a large max_samples value.
2.3 Low AVAIL
CVE-2007-1654 Buffer overflow in the
Ne7sshSftp::addOpenHandle function in
ne7ssh_sftp.cpp in NetSieben SSH Library
(ne7ssh) before 1.2.1 allows user-assisted
remote SFTP servers to cause a denial of
service (crash) or possibly execute arbitrary
code via multiple file transfers, related to
multiple open file handles in SFTP (1) put and
8 High (2) get operations. AVAIL
CVE-2007-1655 Buffer overflow in the fun_ladd function in
funmath.cpp in TinyMUX before 20070126
might allow remote attackers to cause a denial
of service (crash) or possibly execute arbitrary
code via unspecified vectors related to lists of
10 High numbers. AVAIL
CVE-2007-2053 Multiple stack-based buffer overflows in
AFFLIB before 2.2.6 allow remote attackers to
cause a denial of service (crash) or possibly
execute arbitrary code via (1) a long
LastModified value in an S3 XML response in
lib/s3.cpp; (2) a long (a) path or (b) bucket in an
S3 URL in lib/vnode_s3.cpp; or (3) a long (c)
EFW, (d) AFD, or (c) aimage file path. NOTE:
the aimage vector (3c) has since been recalled
from the researcher's original advisory, since
the code is not called in any version of AFFLIB.
10 High AVAIL
CVE-2007-2362 Multiple buffer overflows in MyDNS 1.1.0 allow
remote attackers to (1) cause a denial of
service (daemon crash) and possibly execute
arbitrary code via a certain update, which
triggers a heap-based buffer overflow in
update.c; and (2) cause a denial of service
(daemon crash) via unspecified vectors that
trigger an off-by-one stack-based buffer
6 Medium overflow in update.c. AVAIL
CVE-2007-2459 Buffer overflow in the read_4bit_bmp function
in bmp.c in Imager 0.56 and earlier allows
remote attackers to cause a denial of service
(application crash) and possibly execute
arbitrary code via 4-bit/pixel BMP files. NOTE:
the provenance of this information is unknown;
the details are obtained solely from third party
3.3 Low information. AVAIL
CVE-2007-2602 Buffer overflow in MIBEXTRA.EXE in Ipswitch
WhatsUp Gold 11 allows attackers to cause a
denial of service (application crash) or execute
arbitrary code via a long MIB filename
argument. NOTE: If there is not a common
scenario under which MIBEXTRA.EXE is called
with attacker-controlled command line
arguments, then perhaps this issue should not
be included in CVE.
3.3 Low AVAIL
CVE-2007-2645 Integer overflow in the
exif_data_load_data_entry function in exif-
data.c in libexif before 0.6.14 allows user-
assisted remote attackers to cause a denial of
service (crash) or possibly execute arbitrary
code via crafted EXIF data, involving the (1) doff
8 High or (2) s variable. AVAIL
CVE-2007-2741 Stack-based buffer overflow in Little CMS
(lmcs) before 1.15 allows remote attackers to
execute arbitrary code or cause a denial of
service (application crash) via a crafted ICC
10 High profile in a JPG file. AVAIL
CVE-2007-2831 Array index error in the (1)
ieee80211_ioctl_getwmmparams and (2)
ieee80211_ioctl_setwmmparams functions in
net80211/ieee80211_wireless.c in MadWifi
before 0.9.3.1 allow local users to cause a
denial of service (system crash), possibly obtain
kernel memory contents, and possibly execute
arbitrary code via a large negative array index
10 High value. AVAIL
CVE-2007-2919 Multiple stack-based buffer overflows in the
FViewerLoading ActiveX control
(FlipViewerX.dll) in E-Book Systems FlipViewer
before 4.1 allow remote attackers to cause a
denial of service (crash) or execute arbitrary
code via long (1) UID, (2) Opf, (3) PAGENO, (4)
LaunchMode, (5) SubID, (6) BookID, (7)
LibraryID, (8) SubURL, and (9) LoadOpf
8 High properties. AVAIL
CVE-2007-2946 Buffer overflow in a certain ActiveX control in
LeadTools Raster Dialog File_D Object
(LTRDFD14e.DLL) 14.5.0.44 allows remote
attackers to cause a denial of service (Internet
Explorer 7 crash) or execute arbitrary code via a
long DestinationPath property value.
10 High AVAIL
CVE-2007-3169 Buffer overflow in a certain ActiveX control in
the EDraw Office Viewer Component
(edrawofficeviewer.ocx) 4.0.5.20 allows remote
attackers to cause a denial of service (Internet
Explorer 7 crash) or execute arbitrary code via a
long first argument to the HttpDownloadFile
1.9 Low method. AVAIL
CVE-2007-0003 pam_unix.so in Linux-PAM 0.99.7.0 allows
context-dependent attackers to log into
accounts whose password hash, as stored in
/etc/passwd or /etc/shadow, has only two
7 High characters. AVAIL
CVE-2007-0007 gnucash 2.0.4 and earlier allows local users to
overwrite arbitrary files via a symlink attack on
the (1) gnucash.trace, (2) qof.trace, and (3)
qof.trace.[PID] temporary files.
3.3 Low AVAIL
CVE-2007-0022 Untrusted search path vulnerability in
writeconfig in Apple Mac OS X 10.4.8 allows
local users to gain privileges via a modified
PATH that points to a malicious launchctl
7 High program. AVAIL
CVE-2007-0023 The CFUserNotificationSendRequest function
in UserNotificationCenter.app in Apple Mac OS
X 10.4.8, when used in combination with
diskutil, allows local users to gain privileges via
a malicious InputManager in
Library/InputManagers in a user's home
directory, which is executed when Cocoa
applications attempt to notify the user.
5.6 Medium AVAIL
CVE-2007-0049 Geckovich TaskTracker Pro 1.5 and earlier
allows remote attackers to add administrative or
other accounts via an Add action with a
modified GroupID in a direct request to
7 High Customize.asp. AVAIL
CVE-2007-0057 Cisco Clean Access (CCA) 3.6.x through
3.6.4.2 and 4.0.x through 4.0.3.2 does not
properly configure or allow modification of a
shared secret authentication key, which causes
all devices to have the same shared sercet and
allows remote attackers to gain unauthorized
10 High access. AVAIL
CVE-2007-0081 Sunbelt Kerio Personal Firewall (SKPF) 4.3.268
and 4.3.246, and possibly other versions allows
local users to provide a Trojan horse iphlpapi.dll
to SKPF by placing it in the installation directory.
4.2 Medium AVAIL
CVE-2007-0084 ** DISPUTED ** Buffer overflow in the
Windows NT Message Compiler (MC)
1.00.5239 on Microsoft Windows XP allows
local users to gain privileges via a long MC-
filename. NOTE: this issue has been disputed
by a reliable third party who states that the
compiler is not a privileged program, so
3.4 Low privilege boundaries cannot be crossed. AVAIL
CVE-2007-0085 Unspecified vulnerability in
sys/dev/pci/vga_pci.c in the VGA graphics driver
for wscons in OpenBSD 3.9 and 4.0, when the
kernel is compiled with the PCIAGP option and
a non-AGP device is being used, allows local
users to gain privileges via unspecified vectors,
possibly related to agp_ioctl NULL pointer
3.4 Low reference. AVAIL
CVE-2007-0089 jgbbs stores sensitive information under the
web root with insufficient access control, which
allows remote attackers to download a
database containing passwords via a direct
7 High request for db/bbs.mdb. AVAIL
CVE-2007-0090 WineGlass stores sensitive information under
the web root with insufficient access control,
which allows remote attackers to download a
database containing passwords via a direct
7 High request for db/data.mdb. AVAIL
CVE-2007-0091 newsCMSlite stores sensitive information under
the web root with insufficient access control,
which allows remote attackers to download a
database containing passwords via a direct
7 High request for newsCMS.mdb. AVAIL
CVE-2007-0094 Sven Moderow GuestBook 0.3a stores
sensitive information under the web root with
insufficient access control, which allows remote
attackers to download a database containing
passwords via a direct request for (1)
7 High gbook97.mdb or (2) gbook.mdb in ~db/. AVAIL
CVE-2007-0096 CarbonCommunities stores sensitive
information under the web root with insufficient
access control, which allows remote attackers
to download a database containing passwords
via a direct request for
7 High DataBase/Carbon2.4d.mdb. AVAIL
CVE-2007-0100 The Perforce client does not restrict the set of
files that it overwrites upon receiving a request
from the server, which allows remote attackers
to overwrite arbitrary files by modifying the client
config file on the server, or by operating a
10 High malicious server. AVAIL
CVE-2007-0101 Cross-site request forgery (CSRF) vulnerability
in SPINE allows remote attackers to perform
unauthorized actions as administrators via
unspecified vectors. NOTE: some of these
details are obtained from third party information.
5.6 Medium AVAIL
CVE-2007-0108 nwgina.dll in Novell Client 4.91 SP3 for
Windows 2000/XP/2003 does not delete user
profiles during a Terminal Service or Citrix
session, which allows remote authenticated
3.4 Low users to invoke alternate user profiles. AVAIL
CVE-2007-0116 Digger Solutions Intranet Open Source (IOS)
stores sensitive information under the web root
with insufficient access control, which allows
remote attackers to download a database
containing passwords via a direct request for
7 High data/intranet.mdb. AVAIL
CVE-2007-0117 DiskManagementTool in the
DiskManagement.framework 92.29 on Mac OS
X 10.4.8 does not properly validate Bill of
Materials (BOM) files, which allows attackers to
gain privileges via a BOM file under
/Library/Receipts/, which triggers arbitrary file
permission changes upon execution of a diskutil
permission repair operation.
10 High AVAIL
CVE-2007-0131 JAMWiki before 0.5.0 does not properly check
permissions during moves of "read-only or
admin-only topics," which allows remote
attackers to make unauthorized changes to the
7 High wiki. AVAIL
CVE-2007-0139 Unspecified vulnerability in the DECnet-Plus
7.3-2 feature in DECnet/OSI 7.3-2 for
OpenVMS ALPHA, and the DECnet-Plus 7.3
feature in DECnet/OSI 7.3 for OpenVMS VAX,
allows attackers to obtain "unintended privileged
access to data and system resources" via
unspecified vectors, related to (1)
[SYSEXE]CTF$UI.EXE, (2)
[SYSMSG]CTF$MESSAGES.EXE, (3)
[SYSHLP]CTF$HELP.HLB, and (4)
7 High [SYSMGR]CTF$STARTUP.COM. AVAIL
CVE-2007-0149 EMembersPro 1.0 stores sensitive information
under the web root with insufficient access
control, which allows remote attackers to
download a database containing passwords via
a direct request for users.mdb.
7 High AVAIL
CVE-2007-0151 MitiSoft stores sensitive information under the
web root with insufficient access control, which
allows remote attackers to download a
database containing passwords via a direct
7 High request for access_MS/MitiSoft.mdb. AVAIL
CVE-2007-0152 OhhASP stores sensitive information under the
web root with insufficient access control, which
allows remote attackers to download a
database containing passwords via a direct
7 High request for db/OhhASP.mdb. AVAIL
CVE-2007-0153 AJLogin 3.5 stores sensitive information under
the web root with insufficient access control,
which allows remote attackers to download a
database containing passwords via a direct
7 High request for ajlogin.mdb. AVAIL
CVE-2007-0154 Webulas stores sensitive information under the
web root with insufficient access control, which
allows remote attackers to download a
database containing passwords via a direct
7 High request for db/db.mdb. AVAIL
CVE-2007-0155 HarikaOnline 2.0 stores sensitive information
under the web root with insufficient access
control, which allows remote attackers to
download a database containing passwords via
a direct request for harikaonline.mdb.
7 High AVAIL
CVE-2007-0156 M-Core stores the database under the web
document root, which allows remote attackers
to obtain sensitive information via a direct
7 High request to db/uyelik.mdb. AVAIL
CVE-2007-0159 Directory traversal vulnerability in the
GeoIP_update_database_general function in
libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows
remote malicious update servers (possibly only
update.maxmind.com) to overwrite arbitrary
files via a .. (dot dot) in the database filename,
which is returned by a request to
4.7 Medium app/update_getfilename. AVAIL
CVE-2007-0162 Unsanity Application Enhancer (APE) 2.0.2
installs with insecure permissions for the (1)
ApplicationEnhancer binary and the (2)
/Library/Frameworks/ApplicationEnhancer.fram
ework directory, which allows local users to gain
privileges by modifying or replacing the binary or
4.2 Medium library files. AVAIL
CVE-2007-0166 The jail rc.d script in FreeBSD 5.3 up to 6.2
does not verify pathnames when writing to
/var/log/console.log during a jail start-up, or
when file systems are mounted or unmounted,
which allows local root users to overwrite
arbitrary files, or mount/unmount files, outside
3.4 Low of the jail via a symlink attack. AVAIL
CVE-2007-0184 Getahead Direct Web Remoting (DWR) before
1.1.4 allows attackers to obtain unauthorized
access to public methods via a crafted request
that bypasses the include/exclude checks.
7 High AVAIL
CVE-2007-0187 F5 FirePass 5.4 through 5.5.2 and 6.0 allows
remote attackers to access restricted URLs via
(1) a trailing null byte, (2) multiple leading
slashes, (3) Unicode encoding, (4) URL-
encoded directory traversal or same-directory
characters, or (5) upper case letters in the
7 High domain name. AVAIL
CVE-2007-0188 F5 FirePass 5.4 through 5.5.1 does not
properly enforce host access restrictions when
a client uses a single integer (dword)
representation of an IP address ("dotless IP
address"), which allows remote authenticated
users to connect to the FirePass administrator
console and certain other network resources.
4.2 Medium AVAIL
CVE-2007-0192 Cross-site request forgery (CSRF) vulnerability
in the save_main operation in the ad_perms
section in admin.php in MKPortal allows remote
attackers to modify privilege settings, as
demonstrated using a getURL of admin.php
within a .swf file contained in an IFRAME
element, aka the "All Guests are Admin" attack.
7 High AVAIL
CVE-2007-0193 FON La Fonera routers do not properly limit
DNS service access by unauthenticated clients,
which allows remote attackers to tunnel traffic
via DNS requests for hosts that should not be
accessible before authentication.
7 High AVAIL
CVE-2007-0210 The Window Image Acquisition (WIA) Service
in Microsoft Windows XP SP2 allows local
users to gain privileges via unspecified vectors
involving an "unchecked buffer," probably a
7 High buffer overflow. AVAIL
CVE-2007-0211 The hardware detection functionality in the
Windows Shell in Microsoft Windows XP SP2
and Professional, and Server 2003 SP1 allows
local users to gain privileges via an unvalidated
parameter to a function related to the "detection
and registration of new hardware."
7 High AVAIL
CVE-2007-0237 The ndeb-binary feature in Lookup (lookup-el)
allows local users to overwrite arbitrary files via
4.9 Medium a symlink attack on temporary files. AVAIL
CVE-2007-0251 Integer underflow in the DecodeGRE function
in src/decode.c in Snort 2.6.1.2 allows remote
attackers to trigger dereferencing of certain
memory locations via crafted GRE packets,
which may cause corruption of log files or
writing of sensitive information into log files.
3.3 Low AVAIL
CVE-2007-0252 Unspecified vulnerability in easy-content
filemanager allows remote attackers to upload
or modify arbitrary files via unspecified vectors.
7 High AVAIL
CVE-2007-0257 ** DISPUTED ** Unspecified vulnerability in the
expand_stack function in grsecurity PaX allows
local users to gain privileges via unspecified
vectors. NOTE: the grsecurity developer has
disputed this issue, stating that "the function
they claim the vulnerability to be in is a trivial
function, which can, and has been, easily
checked for any supposed vulnerabilities." The
developer also cites a past disclosure that was
not proven. As of 20070120, the original
researcher has released demonstration code.
7 High AVAIL
CVE-2007-0261 snews.php in sNews 1.5.30 and earlier does
not properly exit when authentication fails,
which allows remote attackers to perform
unauthorized administrative actions, as
demonstrated by changing an administrative
password via the changeup task, and by
uploading PHP code via the imagefile
10 High parameter. AVAIL
CVE-2007-0271 Unspecified vulnerability in Oracle Database
9.0.1.5 and 9.2.0.7 has unknown impact and
attack vectors related to the Log Miner
component and sys.dbms_log_mnr privileges,
aka DB04. NOTE: Oracle has not disputed a
reliable researcher claim that this is a buffer
overflow in the ADD_LOGFILE procedure for
the SYS.DBMS_LOGMNR package that allows
2.8 Low code execution. AVAIL
CVE-2007-0272 Unspecified vulnerability in Oracle Database
8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has
unknown impact and attack vectors related to
the Oracle Spatial component and mdsys.md
privileges, aka DB05. NOTE: Oracle has not
disputed a reliable researcher report that claims
this is for multiple buffer overflows and other
issues in unspecified public procedures.
4 Medium AVAIL
CVE-2007-0274 Multiple unspecified vulnerabilities in Oracle
Database 9.2.0.7 and 10.1.0.5 have unknown
impact and attack vectors related to (1) Export
and sys.dbms_logrep_util (DB08), and (2)
Oracle Streams and
sys.dbms_capture_adm_internal privileges
(DB09). NOTE: Oracle has not disputed reliable
researcher claims that DB08 is for a buffer
overflow in the GET_OBJECT_NAME
procedure in the DBMS_LOGREP_UTIL
package, and DB09 is for buffer overflows in the
CREATE_CAPTURE, ALTER_CAPTURE, and
ABORT_TABLE_INSTANTIATION procedures
in SYS.DBMS_CAPTURE_ADM_INTERNAL.
1.4 Low AVAIL
CVE-2007-0280 Unspecified vulnerability in Oracle HTTP
Server 9.0.1.5, Application Server 9.0.4.3,
10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and
Collaboration Suite 9.0.4.2 and 10.1.2; has
unknown impact and attack vectors related to
the Oracle Process Mgmt & Notification
component, aka OPMN01. NOTE: as of
20070123, Oracle has not disputed claims by a
reliable researcher that OPMN01 is for a buffer
overflow in Oracle Notification Service (ONS).
4.7 Medium AVAIL
CVE-2007-0313 Unspecified vulnerability in GONICUS System
Administration (GOsa) before 2.5.8 allows
remote authenticated users to modify certain
settings, including the admin password, via
6 Medium crafted POST requests. AVAIL
CVE-2007-0332 (1) admin/adminlien.php3 and (2)
admin/modif.php3 in liens_dynamiques 2.1 do
not require authentication, which allows remote
attackers to perform unauthorized
7 High administrative actions using a direct request. AVAIL
CVE-2007-0333 Agnitum Outpost Firewall PRO 4.0 allows local
users to bypass access restrictions and insert
Trojan horse drivers into the product's
installation directory by creating links using
FileLinkInformation requests with the
ZwSetInformationFile function, as demonstrated
7 High by modifying SandBox.sys. AVAIL
CVE-2007-0334 Unspecified vulnerability in the SIP module in
InGate Firewall and SIParator before 4.5.1
allows remote attackers to conduct replay
attacks on the authentication mechanism via
7 High unknown vectors. AVAIL
CVE-2007-0336 Undercover.app/Contents/Resources/uc in
Rixstep Undercover allows local users to
overwrite arbitrary files, probably related to a
3.9 Low race condition. AVAIL
CVE-2007-0345 The (1) Activity
Monitor.app/Contents/Resources/pmTool, (2)
Keychain
Access.app/Contents/Resources/kcproxy, and
(3) ODBC
Administrator.app/Contents/Resources/iodbcad
mintool programs in /Applications/Utilities/ in
Mac OS X 10.4.8 have weak permissions
(writable by admin group), which allows local
admin users to gain root privileges by modifying
a program and then performing permissions
4.2 Medium repair via diskutil. AVAIL
CVE-2007-0351 Microsoft Windows XP and Windows Server
2003 do not properly handle user logoff, which
might allow local users to gain the privileges of
a previous system user, possibly related to user
profile unload failure. NOTE: it is not clear
whether this is an issue in Windows itself, or an
interaction with another product. The issue
might involve ZoneAlarm not being able to
terminate processes when it cannot prompt the
5.6 Medium user. AVAIL
CVE-2007-0366 Untrusted search path vulnerability in Rumpus
5.1 and earlier allows local users to gain
privileges via a modified PATH that points to a
4.9 Medium malicious ipfw program. AVAIL
CVE-2007-0367 Rumpus 5.1 and earlier has weak permissions
for certain files and directories under
/usr/local/Rumpus, including the configuration
file, which allows local users to have an
unknown impact by creating, modifying, or
4.9 Medium deleting files. AVAIL
CVE-2007-0392 IBM AIX 5.3 does not properly verify the status
of file descriptors before setuid execution, which
allows local users to gain privileges by closing
file descriptor 0, 1, or 2 and then invoking a
setuid program, a variant of CVE-2002-0572.
4.9 Medium AVAIL
CVE-2007-0393 Sun Solaris 9 does not properly verify the
status of file descriptors before setuid
execution, which allows local users to gain
privileges by closing file descriptor 0, 1, or 2 and
then invoking a setuid program, a variant of
4.9 Medium CVE-2002-0572. AVAIL
CVE-2007-0394 HP HP-UX B11.11 does not properly verify the
status of file descriptors before setuid
execution, which allows local users to gain
privileges by closing file descriptor 0, 1, or 2 and
then invoking a setuid program, a variant of
4.9 Medium CVE-2002-0572. AVAIL
CVE-2007-0405 The LazyUser class in the
AuthenticationMiddleware for Django 0.95 does
not properly cache the user name across
requests, which allows remote authenticated
users to gain the privileges of a different user.
4.2 Medium AVAIL
CVE-2007-0408 BEA Weblogic Server 8.1 through 8.1 SP4
does not properly validate client certificates
when reusing cached connections, which allows
remote attackers to obtain access via an
7 High untrusted X.509 certificate. AVAIL
CVE-2007-0411 BEA WebLogic Server 8.1 through 8.1 SP5,
9.0, 9.1, and 9.2 Gold, when WS-Security is
used, does not properly validate certificates,
which allows remote attackers to conduct a man-
5.6 Medium in-the-middle (MITM) attack. AVAIL
CVE-2007-0416 The WSEE runtime (WS-Security runtime) in
BEA WebLogic Server 9.0 and 9.1 does not
verify credentials when decrypting client
messages, which allows remote attackers to
7 High bypass application security. AVAIL
CVE-2007-0417 BEA WebLogic Server 7.0 through 7.0 SP7, 8.1
through 8.1 SP5, 9.0, and 9.1, when using the
WebLogic Server 6.1 compatibility realm, allows
attackers to execute certain EJB container
persistence operations with an administrative
10 High identity. AVAIL
CVE-2007-0418 BEA WebLogic Server 7.0 through 7.0 SP6, 8.1
through 8.1 SP5, 9.0, and 9.1 does not enforce
a security policy that declares permissions for
EJB methods that have array parameters, which
allows remote attackers to obtain unauthorized
access to these methods.
7 High AVAIL
CVE-2007-0423 BEA WebLogic Portal 9.2 does not properly
handle when an administrator deletes
entitlements for a role, which causes other role
entitlements to be "inadvertently affected,"
3.9 Low which has an unknown impact. AVAIL
CVE-2007-0425 Unspecified vulnerability in BEA WebLogic
Platform and Server 8.1 through 8.1 SP5, and
JRockit 1.4.2 R4.5 and earlier, allows attackers
to gain privileges via unspecified vectors,
related to an "overflow condition," probably a
7 High buffer overflow. AVAIL
CVE-2007-0426 BEA WebLogic Portal 9.2, when running in a
WebLogic Server clustered environment using
WebLogic Portal entitlements, does not properly
propagate entitlement policy changes if the
changes are made on a managed server while
the Administrative Server is unavailable, which
might allow attackers to bypass intended
5.6 Medium restrictions. AVAIL
CVE-2007-0432 BEA AquaLogic Service Bus 2.0, 2.1, and 2.5
does not properly reject malformed request
messages to a proxy service, which might allow
remote attackers to bypass authorization
policies and route requests to back-end
services or conduct other unauthorized
7 High activities. AVAIL
CVE-2007-0433 Unspecified vulnerability in BEA AquaLogic
Enterprise Security 2.0 through 2.0 SP2, 2.1
through 2.1 SP1, and 2.2, when using Active
Directory LDAP for authentication, allows
remote authenticated users to access the
server even after the account has been
4.2 Medium disabled. AVAIL
CVE-2007-0434 BEA AquaLogic Enterprise Security 2.0 through
2.0 SP2, 2.1 through 2.1 SP1, and 2.2 does not
properly set the severity level of audit events
when the system load is high, which might
make it easier for attackers to avoid detection.
4.9 Medium AVAIL
CVE-2007-0435 T-Com Speedport 500V routers with firmware
1.31 allow remote attackers to bypass
authentication and reconfigure the device via a
LOGINKEY=TECOM cookie value.
7 High AVAIL
CVE-2007-0436 Barron McCann X-Kryptor Driver
BMS1446HRR (Xgntr BMS1351 Install
BMS1472) in X-Kryptor Secure Client does not
drop privileges when launching an Explorer
window in response to a help command, which
allows local users to gain LocalSystem
privileges via interactive use of Explorer.
7 High AVAIL
CVE-2007-0448 The fopen function in PHP 5.2.0 does not
properly handle invalid URI handlers, which
allows context-dependent attackers to bypass
safe_mode restrictions and read arbitrary files
via a file path specified with an invalid URI, as
demonstrated via the srpath URI.
10 High AVAIL
CVE-2007-0470 Multiple unspecified vulnerabilities in tip in Sun
Solaris 8, 9, and 10 allow local users to gain
uucp account privileges via unspecified vectors.
7 High AVAIL
CVE-2007-0471 sre/params.php in the Integrity Clientless
Security (ICS) component in Check Point
Connectra NGX R62 3.x and earlier before
Security Hotfix 5, and possibly VPN-1 NGX
R62, allows remote attackers to bypass security
requirements via a crafted Report parameter,
which returns a valid ICSCookie authentication
7 High token. AVAIL
CVE-2007-0472 Multiple race conditions in Smb4K before 0.8.0
allow local users to (1) modify arbitrary files via
unspecified manipulations of Smb4K's lock file,
which is not properly handled by the
remove_lock_file function in
core/smb4kfileio.cpp, and (2) add lines to the
sudoers file via a symlink attack on temporary
files, which isn't properly handled by the
writeFile function in core/smb4kfileio.cpp.
3.9 Low AVAIL
CVE-2007-0474 Smb4K before 0.8.0 allow local users, when
present on the Smb4K sudoers list, to kill
arbitrary processes, related to a "design issue
2.6 Low with smb4k_kill." AVAIL
CVE-2007-0475 Multiple stack-based buffer overflows in
utilities/smb4k_*.cpp in Smb4K before 0.8.0
allow local users, when present on the Smb4K
sudoers list, to gain privileges via unspecified
vectors related to the args variable and
unspecified other variables, in conjunction with
3.9 Low the sudo configuration. AVAIL
CVE-2007-0476 The gencert.sh script, when installing
OpenLDAP before 2.1.30-r10, 2.2.x before
2.2.28-r7, and 2.3.x before 2.3.30-r2 as an
ebuild in Gentoo Linux, does not create
temporary directories in /tmp securely during
emerge, which allows local users to overwrite
4.9 Medium arbitrary files via a symlink attack. AVAIL
CVE-2007-0482 cgi-bin/main in Sun Ray Server Software 2.0
and 3.0 before 20070123 allows local users to
obtain the utadmin password by reading a web
server's log file, or by conducting a different,
4.9 Medium unspecified local attack. AVAIL
CVE-2007-0517 Scriptsez Random PHP Quote 1.0 stores
sensitive information under the web root with
insufficient access control, which allows remote
attackers to obtain password information via a
7 High direct request for pwd.txt. AVAIL
CVE-2007-0518 Scriptsez Smart PHP Subscriber (aka
subscribe) stores sensitive information under
the web root with insufficient access control,
which allows remote attackers to obtain
encoded passwords via a direct request for
7 High pwd.txt. AVAIL
CVE-2007-0528 The admin web console implemented by the
Centrality Communications (aka Aredfox)
PA168 chipset and firmware 1.54 and earlier, as
provided by various IP phones, does not require
passwords or authentication tokens when using
HTTP, which allows remote attackers to
connect to existing superuser sessions and
obtain sensitive information (passwords and
6 Medium configuration data). AVAIL
CVE-2007-0536 The chroot helper in rMake for rPath Linux 1
does not drop supplemental groups, which
causes packages to be installed with insecure
permissions and might allow local users to gain
7 High privileges. AVAIL
CVE-2007-0557 rMake before 1.0.4 drops root privileges in a
way that retains the original supplemental
groups, which might allow attackers to gain
privileges via a crafted recipe file, a different
7 High vulnerability than CVE-2007-0536. AVAIL
CVE-2007-0585 include/debug.php in Webfwlog 0.92 and
earlier, when register_globals is enabled, allows
remote attackers to obtain source code of files
via the conffile parameter. NOTE: some of
these details are obtained from third party
information. It is likely that this issue can be
exploited to conduct directory traversal attacks.
8 High AVAIL
CVE-2007-0599 Variable overwrite vulnerability in
common/config.php in Aztek Forum 4.00 allows
remote attackers to overwrite arbitrary program
variables and conduct other unauthorized
activities, such as copying arbitrary files using
index/common_actions.php, via vectors
associated with extract operations on the (1)
POST, (2) GET, (3) COOKIE, and (4) SERVER
superglobal arrays.
7 High AVAIL
CVE-2007-0601 common/safety.php in Aztek Forum 4.00 allows
remote attackers to enter certain data
containing %22 sequences (URL encoded
double quotes) and other potentially dangerous
manipulations by sending a cookie, which
bypasses the blacklist matching against the
GET and PUT superglobal arrays.
7 High AVAIL
CVE-2007-0602 Buffer overflow in libvsapi.so in the VSAPI
library in Trend Micro VirusWall 3.81 for Linux,
as used by IScan.BASE/vscan, allows local
users to gain privileges via a long command line
argument, a different vulnerability than CVE-
5.6 Medium 2005-0533. AVAIL
CVE-2007-0603 PGP Desktop before 9.5.1 does not validate
data objects received over the (1) \pipe\pgpserv
named pipe for PGPServ.exe or the (2)
\pipe\pgpsdkserv named pipe for
PGPsdkServ.exe, which allows remote
authenticated users to gain privileges by
sending a data object representing an absolute
pointer, which causes code execution at the
4.8 Medium corresponding address. AVAIL
CVE-2007-0629 The www_purgeList method in Plain Black
WebGUI before 7.3.8 does not properly check
user permissions, which allows attackers to
delete unauthorized assets. NOTE: some of
these details are obtained from third party
4.7 Medium information. AVAIL
CVE-2007-0652 Cross-site request forgery (CSRF) vulnerability
in MailEnable Professional before 2.37 allows
remote attackers to modify arbitrary
configurations and perform unauthorized
actions as arbitrary users via a link or IMG tag.
5.6 Medium AVAIL
CVE-2007-0657 Unspecified vulnerability in Nexuiz 2.2.2 allows
remote attackers to read and overwrite arbitrary
files via the gamedir command.
7 High AVAIL
CVE-2007-0675 ** DISPUTED ** The Speech Recognition
feature of Windows Vista allows user-assisted
remote attackers to delete arbitrary files, and
conduct other unauthorized activities, via a web
page with an embedded sound object that
contains voice commands to an enabled
microphone, allowing for interaction with
Windows Explorer. NOTE: the vendor disputes
the severity of this issue, stating that "there is
little if any need to worry about the effects of this
issue on your new Windows Vista installation."
Since little user interaction is required, and the
relevant operating environment is common,
CVE considers this a vulnerability.
5.6 Medium AVAIL
CVE-2007-0681 profile.php in ExtCalendar 2 and earlier allows
remote attackers to change the passwords of
arbitrary users without providing the original
password, and possibly perform other
unauthorized actions, via modified values to
7 High register.php. AVAIL
CVE-2007-0697 index2.php in ACGVannu 1.3 and earlier allows
remote attackers to change the password or
profile of a user via a modified id parameter,
related to templates/modif.html. NOTE: some of
these details are obtained from third party
4.7 Medium information. AVAIL
CVE-2007-0705 Cross-zone scripting vulnerability in Sleipnir
2.49 and earlier, and Portable Sleipnir 2.45 and
earlier, allows remote attackers to bypass Web
content zone restrictions via certain script
contained in RSS data. NOTE: some of these
details are obtained from third party information.
7 High AVAIL
CVE-2007-0706 Cross-zone scripting vulnerability in Darksky
RSS bar for Internet Explorer before 1.29, RSS
bar for Sleipnir before 1.29, and RSS bar for
unDonut before 1.29 allows remote attackers to
bypass Web content zone restrictions via
certain script contained in RSS data. NOTE:
some of these details are obtained from third
7 High party information. AVAIL
CVE-2007-0737 The Login Window in Apple Mac OS X 10.3.9
through 10.4.9 does not properly check certain
environment variables, which allows local users
to gain privileges via unspecified vectors.
4.9 Medium AVAIL
CVE-2007-0760 EQdkp 1.3.1 and earlier authenticates
administrative requests by verifying that the
HTTP Referer header specifies an admin/ URL,
which allows remote attackers to read or modify
account names and passwords via a spoofed
10 High Referer. AVAIL
CVE-2007-0792 The mod_perl initialization script in Bugzilla
2.23.3 does not set the Bugzilla Apache
configuration to allow .htaccess permissions to
override file permissions, which allows remote
attackers to obtain the database username and
password via a direct request for the localconfig
7 High file. AVAIL
CVE-2007-0806 Les News 2.2 allows remote attackers to
bypass authentication and gain administrative
access via a direct request for
adminews/index_fr.php3, and possibly the
adminews index documents for other
7 High localizations. AVAIL
CVE-2007-0819 HP Network Node Manager (NNM) Remote
Console 7.50 assigns Everyone Full Control
permission for the %PROGRAMFILES%\HP
OpenView directory tree, which allows local
users to gain privileges via a Trojan horse
executable file or ActiveX component, or a
modified bin\ovtrcsvc.exe for the HP Open View
7 High Shared Trace Service. AVAIL
CVE-2007-0829 avast! Server Edition before 4.7.726 does not
demand a password in a certain intended
context, even when a password has been set,
which allows local users to bypass
3.9 Low authentication requirements. AVAIL
CVE-2007-0845 admin/index.php in Advanced Poll 2.0.0
through 2.0.5-dev allows remote attackers to
bypass authentication and gain administrator
privileges by obtaining a valid session identifier
7 High and setting the uid parameter to 1. AVAIL
CVE-2007-0849 scripts/cronscript.php in SysCP 1.2.15 and
earlier does not properly quote pathnames in
user home directories, which allows local users
to gain privileges by placing shell
metacharacters in a directory name, and then
using the control panel to protect this directory,
a different vulnerability than CVE-2005-2568.
7 High AVAIL
CVE-2007-0889 Kiwi CatTools before 3.2.0 beta uses weak
encryption ("reversible encoding") for
passwords, account names, and IP addresses
in kiwidb-cattools.kdb, which might allow local
users to gain sensitive information by decrypting
the file. NOTE: this issue could be leveraged
with a directory traversal vulnerability for a
remote attack vector.
4.9 Medium AVAIL
CVE-2007-0895 Race condition in recursive directory deletion
with the (1) -r or (2) -R option in rm in Solaris 8
through 10 before 20070208 allows local users
to delete files and directories as the user
running rm by moving a low-level directory to a
higher level as it is being deleted, which causes
rm to chdir to a ".." directory that is higher than
expected, possibly up to the root file system, a
related issue to CVE-2002-0435.
2.6 Low AVAIL
CVE-2007-0898 Directory traversal vulnerability in clamd in
Clam AntiVirus ClamAV before 0.90 allows
remote attackers to overwrite arbitrary files via a
.. (dot dot) in the id MIME header parameter in a
4.7 Medium multi-part message. AVAIL
CVE-2007-0912 Cross-Site Request Forgery (CSRF)
vulnerability in admin/admin.adm.php in Jportal
2.3.1, and possibly earlier, allows remote
attackers to perform privileged actions as
administrators by tricking the admin into
accessing a URL with modified arguments to
8 High admin/admin.adm.php. AVAIL
CVE-2007-0915 Distributed SLS daemon (SLSd) on HP-UX
B.11.11 allows remote attackers to overwrite
arbitrary files and gain privileges via a crafted
10 High RPC request. AVAIL
CVE-2007-0921 Portal Search allows remote attackers to
redirect a URL to an arbitrary web site by
placing the URL in the query string to the top-
6.7 Medium level URI. AVAIL
CVE-2007-0924 Till Gerken phpPolls 1.0.3 allows remote
attackers to bypass authentication and perform
certain administrative actions via a direct
request to phpPollAdmin.php3. NOTE: this
7 High issue might subsume CVE-2006-3764. AVAIL
CVE-2007-0926 The dologin function in guestbook.php in
KvGuestbook 1.0 Beta allows remote attackers
to gain administrative privileges, probably via
modified $mysql['pass'] and $gbpass variables.
7 High AVAIL
CVE-2007-0930 Variable extract vulnerability in Apache Stats
before 0.0.3beta allows attackers to modify
arbitrary variables and conduct attacks via
unknown vectors involving the use of PHP's
7 High extract function. AVAIL
CVE-2007-0932 The (1) Aruba Mobility Controllers 200, 600,
2400, and 6000 and (2) Alcatel-Lucent
OmniAccess Wireless 43xx and 6000 do not
properly implement authentication and privilege
assignment for the guest account, which allows
remote attackers to access administrative
7 High interfaces or the WLAN. AVAIL
CVE-2007-0960 Unspecified vulnerability in Cisco PIX 500 and
ASA 5500 Series Security Appliances 7.2.2,
when configured to use the LOCAL
authentication method, allows remote
authenticated users to gain privileges via
6 Medium unspecified vectors. AVAIL
CVE-2007-0968 Unspecified vulnerability in Cisco Firewall
Services Module (FWSM) before 2.3(4.7) and
3.x before 3.1(3.1) causes the access control
entries (ACE) in an ACL to be improperly
evaluated, which allows remote authenticated
users to bypass intended certain ACL
4.8 Medium protections. AVAIL
CVE-2007-0972 Unrestricted file upload vulnerability in
modules/emoticons.php in Jupiter CMS 1.1.5
allows remote attackers to upload arbitrary files
by modifying the HTTP request to send an
image content type, and to omit is_guest and
is_user parameters. NOTE: this issue might be
7 High related to CVE-2006-4875. AVAIL
CVE-2007-0973 Multiple cross-site scripting (XSS)
vulnerabilities in index.php in Jupiter CMS 1.1.5
allow remote attackers to inject arbitrary web
script or HTML via the Referer HTTP header
and certain other HTTP headers, which are
displayed without proper sanitization when an
administrator performs a Logged Guest action.
7 High AVAIL
CVE-2007-0975 Variable extraction vulnerability in Ian
Bezanson Apache Stats before 0.0.3 beta
allows attackers to overwrite critical variables,
with unknown impact, when the extract function
is used on the _REQUEST superglobal array.
2.3 Low AVAIL
CVE-2007-0978 Buffer overflow in swcons in IBM AIX 5.3 allows
local users to gain privileges via long input data.
7 High AVAIL
CVE-2007-0981 Mozilla based browsers, including Firefox
before 1.5.0.10 and 2.x before 2.0.0.2, and
SeaMonkey before 1.0.8, allow remote
attackers to bypass the same origin policy, steal
cookies, and conduct other attacks by writing a
URI with a null byte to the hostname
(location.hostname) DOM property, due to
interactions with DNS resolver code.
7 High AVAIL
CVE-2007-1040 Directory traversal vulnerability in archives.php
in Xpression News (X-News) 1.0.1 allows
remote attackers to include arbitrary files or
obtain sensitive information via a .. (dot dot) in
the xnews-template parameter.
7 High AVAIL
CVE-2007-1047 Unspecified vulnerability in Distributed
Checksum Clearinghouse (DCC) before 1.3.51
allows remote attackers to delete or add hosts
7 High in /var/dcc/maps. AVAIL
CVE-2007-1099 dbclient in Dropbear SSH client before 0.49
does not sufficiently warn the user when it
detects a hostkey mismatch, which might allow
remote attackers to conduct man-in-the-middle
7 High attacks. AVAIL
CVE-2007-1112 Kaspersky Anti-Virus 6.0 and Internet Security
6.0 exposes unsafe methods in the (a)
AXKLPROD60Lib.KAV60Info (AxKLProd60.dll)
and (b) AXKLSYSINFOLib.SysInfo
(AxKLSysInfo.dll) ActiveX controls, which allows
remote attackers to "download" or delete
arbitrary files via crafted arguments to the (1)
DeleteFile, (2) StartBatchUploading, (3)
StartStrBatchUploading, or (4) StartUploading
methods.
10 High AVAIL
CVE-2007-1129 Multiple unrestricted file upload vulnerabilities
in MTCMS 3.2 allow remote attackers to upload
and execute files via (1) an avatar upload in an
add_down action, or (2) an add_link action.
7 High AVAIL
CVE-2007-1150 Unrestricted file upload vulnerability in
LoveCMS 1.4 allows remote authenticated
administrators to upload arbitrary files to
2.2 Low /modules/content/pictures/tmp/. AVAIL
CVE-2007-1178 WebAPP before 0.9.9.5 does not check access
in certain contexts related to (1) Calendar
Administration, (2) Instant Messages
Administration, and (3) the Image Uploader,
which has unknown impact and attack vectors.
7 High AVAIL
CVE-2007-1183 WebAPP before 0.9.9.5 allows remote
authenticated users to spoof another user's
Real Name via whitespace, which has unknown
7 High impact and attack vectors. AVAIL
CVE-2007-1188 WebAPP before 0.9.9.5 allows remote
attackers to submit Search form input that is not
checked for (1) composition or (2) length, which
has unknown impact, possibly related to "search
7 High form hijacking". AVAIL
CVE-2007-1256 Mozilla Firefox 2.0.0.2 allows remote attackers
to spoof the address bar, favicons, and
document source, and perform updates in the
context of arbitrary websites, by repeatedly
setting document.location in the onunload
attribute when linking to another website, a
5.6 Medium variant of CVE-2007-1092. AVAIL
CVE-2007-1309 Novell Access Management 3 SSLVPN Server
allows remote authenticated users to bypass
VPN restrictions by making policy.txt read-only,
disconnecting, then manually modifying
6 Medium policy.txt. AVAIL
CVE-2007-1359 Interpretation conflict in ModSecurity
(mod_security) 2.1.0 and earlier allows remote
attackers to bypass request rules via
application/x-www-form-urlencoded POST data
that contains an ASCIIZ (0x00) byte, which
mod_security treats as a terminator even
though it is still processed as normal data by
some HTTP parsers including PHP 5.2.0, and
possibly parsers in Perl, and Python.
5.6 Medium AVAIL
CVE-2007-1384 Directory traversal vulnerability in torrent.cpp in
KTorrent before 2.1.2 allows remote attackers
to overwrite arbitrary files via ".." sequences in a
4.7 Medium torrent filename. AVAIL
CVE-2007-1396 The import_request_variables function in PHP
4.0.7 through 4.4.6, and 5.x before 5.2.2, when
called without a prefix, does not prevent the (1)
GET, (2) POST, (3) COOKIE, (4) FILES, (5)
SERVER, (6) SESSION, and other superglobals
from being overwritten, which allows remote
attackers to spoof source IP address and
Referer data, and have other unspecified
impact. NOTE: it could be argued that this is a
design limitation of PHP and that only the
misuse of this feature, i.e. implementation bugs
in applications, should be included in CVE.
However, it has been fixed by the vendor.
10 High AVAIL
CVE-2007-1444 netserver in netperf 2.4.3 allows local users to
overwrite arbitrary files via a symlink attack on
3.9 Low /tmp/netperf.debug. AVAIL
CVE-2007-1451 GuppY 4.0 allows remote attackers to delete
arbitrary files via a direct request to
install/install.php, then selecting "Installation
propre" (cleanup.php) and then "Suppression
4.7 Medium des fichiers d'installation" (delete.php). AVAIL
CVE-2007-1497 nf_conntrack in netfilter in the Linux kernel
before 2.6.20.3 does not set nfctinfo during
reassembly of fragmented packets, which
leaves the default value as
IP_CT_ESTABLISHED and might allow remote
attackers to bypass certain rulesets using IPv6
7 High fragments. AVAIL
CVE-2007-1500 The Linux Security Auditing Tool (LSAT) allows
local users to overwrite arbitrary files via a
symlink attack on temporary files, as
2.9 Low demonstrated using /tmp/lsat1.lsat. AVAIL
CVE-2007-1535 Microsoft Windows Vista establishes a Teredo
address without user action upon connection to
the Internet, contrary to documentation that
Teredo is inactive without user action, which
increases the attack surface and allows remote
attackers to communicate via Teredo.
7 High AVAIL
CVE-2007-1562 The FTP protocol implementation in Mozilla
Firefox before 1.5.0.11 and 2.x before 2.0.0.3
allows remote attackers to force the client to
connect to other servers, perform a proxied port
scan, or obtain sensitive information by
specifying an alternate server address in an
5.6 Medium FTP PASV response. AVAIL
CVE-2007-1563 The FTP protocol implementation in Opera
9.10 allows remote attackers to allows remote
servers to force the client to connect to other
servers, perform a proxied port scan, or obtain
sensitive information by specifying an alternate
server address in an FTP PASV response.
5.6 Medium AVAIL
CVE-2007-1564 The FTP protocol implementation in Konqueror
3.5.5 allows remote servers to force the client to
connect to other servers, perform a proxied port
scan, or obtain sensitive information by
specifying an alternate server address in an
FTP PASV response.
5.6 Medium AVAIL
CVE-2007-1599 wp-login.php in WordPress allows remote
attackers to redirect authenticated users to
other websites and potentially obtain sensitive
information via the redirect_to parameter.
4.2 Medium AVAIL
CVE-2007-1692 The default configuration of Microsoft Windows
uses the Web Proxy Autodiscovery Protocol
(WPAD) without static WPAD entries, which
might allow remote attackers to intercept web
traffic by registering a proxy server using WINS
or DNS, then responding to WPAD requests, as
demonstrated using Internet Explorer. NOTE: it
could be argued that if an attacker already has
control over WINS/DNS, then web traffic could
already be intercepted by modifying WINS or
DNS records, so this would not cross privilege
boundaries and would not be a vulnerability. It
has also been reported that DHCP is an
alternate attack vector.
7 High AVAIL
CVE-2007-1745 The chm_decompress_stream function in
libclamav/chmunpack.c in Clam AntiVirus
(ClamAV) before 0.90.2 leaks file descriptors,
which has unknown impact and attack vectors
involving a crafted CHM file, a different
vulnerability than CVE-2007-0897. NOTE: some
of these details are obtained from third party
2.7 Low information. AVAIL
CVE-2007-1799 Directory traversal vulnerability in torrent.cpp in
KTorrent before 2.1.3 only checks for the ".."
string, which allows remote attackers to
overwrite arbitrary files via modified ".."
sequences in a torrent filename, as
demonstrated by "../" sequences, due to an
4.7 Medium incomplete fix for CVE-2007-1384. AVAIL
CVE-2007-1800 Cisco Secure ACS does not require
authentication when Cisco Trust Agent (CTA)
transmits posture information, which might allow
remote attackers to gain network access via a
spoofed Network Endpoint Assessment
posture, aka "NACATTACK." NOTE: this attack
might be limited to authenticated users and
7 High devices. AVAIL
CVE-2007-1831 web-app.org WebAPP before 0.9.9.6 allows
remote authenticated users to open files and
write "wrong data" via a crafted
3.4 Low QUERY_STRING. AVAIL
CVE-2007-1879 The StartUploading function in KL.SysInfo
ActiveX control (AxKLSysInfo.dll) in Kaspersky
Anti-Virus 6.0 and Internet Security 6.0 before
Maintenance Pack 2 build 6.0.2.614 allows
remote attackers to read arbitrary files by
triggering an outbound anonymous FTP session
that invokes the PUT command. NOTE: this
issue might be related to CVE-2007-1112.
8 High AVAIL
CVE-2007-1949 Session fixation vulnerability in WebBlizzard
CMS allows remote attackers to hijack web
7 High sessions by setting a PHPSESSID cookie. AVAIL
CVE-2007-1951 Session fixation vulnerability in onelook obo
Shop allows remote attackers to hijack web
7 High sessions by setting a PHPSESSID cookie. AVAIL
CVE-2007-1952 Session fixation vulnerability in onelook
onebyone CMS allows remote attackers to
hijack web sessions by setting a PHPSESSID
7 High cookie. AVAIL
CVE-2007-1953 Session fixation vulnerability in onelook courts
on-line allows remote attackers to hijack web
sessions by setting a PHPSESSID cookie.
7 High AVAIL
CVE-2007-2017 siteadmin/useredit.php in AlstraSoft Video
Share Enterprise does not check authentication,
which allows remote attackers to obtain or
modify user information via a direct request.
7 High AVAIL
CVE-2007-2023 USB20.dll in Secustick USB flash drive
decouples the authorization and file access
routines, which allows local users to bypass
authentication requirements by altering the
7 High return value of the VerifyPassWord function. AVAIL
CVE-2007-2058 Directory traversal vulnerability in Acubix
PicoZip 4.02 allows user-assisted remote
attackers to overwrite arbitrary files via a .. (dot
dot) sequence in the file path in an (1) GZ, (2)
TAR, (3) RAR, (4) JAR, or (5) ZIP archive.
5.6 Medium AVAIL
CVE-2007-2063 SSH Tectia Server for IBM z/OS before 5.4.0,
when _BPX_BATCH_UMASK is missing from
the environment, creates HFS files with
insecure permissions, which allows local users
to read or modify these files and have other
3.9 Low unknown impact. AVAIL
CVE-2007-2074 Certain programs in containers in ScramDisk 4
Linux before 1.0-1 execute with SUID
permissions, which allows local users to gain
4.9 Medium privileges via mounted containers. AVAIL
CVE-2007-2138 Untrusted search path vulnerability in
PostgreSQL before 7.3.19, 7.4.x before 7.4.17,
8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x
before 8.2.4 allows remote authenticated users,
when permitted to call a SECURITY DEFINER
function, to gain the privileges of the function
owner, related to "search_path settings."
3.4 Low AVAIL
CVE-2007-2170 The APPLSYS.FND_DM_NODES package in
Oracle E-Business Suite does not check for
valid sessions, which allows remote attackers to
delete arbitrary nodes. NOTE: due to lack of
details from Oracle, it is not clear whether this
issue is related to other CVE identifiers such as
CVE-2007-2126, CVE-2007-2127, or CVE-2007-
6.7 Medium 2128. AVAIL
CVE-2007-2188 eXtremail 2.1.1 and earlier does not verify the
ID field (aka transaction id) in DNS responses,
which makes it easier for remote attackers to
10 High conduct DNS spoofing. AVAIL
CVE-2007-2200 Directory traversal vulnerability in
navigator/navigator_ok.php in Pagode 0.5.8
allows remote attackers to read and possibly
delete arbitrary files via a .. (dot dot) in the
10 High asolute parameter. AVAIL
CVE-2007-2221 Unspecified vulnerability in the mdsauth.dll
COM object in Microsoft Windows Media Server
in the Microsoft Internet Explorer 5.01 SP4 on
Windows 2000 SP4; 6 SP1 on Windows 2000
SP4; 6 and 7 on Windows XP SP2, or Windows
Server 2003 SP1 or SP2; or 7 on Windows
Vista allows remote attackers to overwrite
arbitrary files via unspecified vectors, aka the
"Arbitrary File Rewrite Vulnerability."
8 High AVAIL
CVE-2007-2385 The Yahoo! UI framework exchanges data
using JavaScript Object Notation (JSON)
without an associated protection scheme, which
allows remote attackers to obtain the data via a
web page that retrieves the data through a URL
in the SRC attribute of a SCRIPT element and
captures the data using other JavaScript code,
aka "JavaScript Hijacking."
2.3 Low AVAIL
CVE-2007-2453 The random number feature in Linux kernel 2.6
before 2.6.20.13, and 2.6.21.x before 2.6.21.4,
(1) does not properly seed pools when there is
no entropy, or (2) uses an incorrect cast when
extracting entropy, which might cause the
random number generator to provide the same
values after reboots on systems without an
entropy source.
4.9 Medium AVAIL
CVE-2007-2480 The _udp_lib_get_port function in
net/ipv4/udp.c in Linux kernel 2.6.21 and earlier
does not prevent a bind to a port with a local
address when there is already a bind to that port
with a wildcard local address, which might allow
local users to intercept local traffic for daemons
or other applications.
4.9 Medium AVAIL
CVE-2007-2578 Unspecified vulnerability in
search/list/action_search/index.php in ACP3 4.0
beta 3 allows remote attackers to have
unknown impact, relating to "Cookie
Manipulation", via the form[search_term]
7 High parameter. AVAIL
CVE-2007-2606 Multiple buffer overflows in Firebird 2.1 allow
attackers to trigger memory corruption and
possibly have other unspecified impact via
certain input processed by (1)
config\ConfigFile.cpp or (2)
msgs\check_msgs.epp. NOTE: if ConfigFile.cpp
reads a configuration file with restrictive
permissions, then the ConfigFile.cpp vector may
not cross privilege boundaries and perhaps
should not be included in CVE.
3.3 Low AVAIL
CVE-2007-2644 A certain ActiveX control in Morovia Barcode
ActiveX Professional 3.3.1304 allows remote
attackers to overwrite arbitrary files by calling
6.7 Medium the Save method with an arbitrary filename. AVAIL
CVE-2007-2654 xfs_fsr in xfsdump creates a temporary
directory with insecure permissions, which
allows local users to read or overwrite arbitrary
3.9 Low files on xfs filesystems. AVAIL
CVE-2007-2688 The Cisco Intrusion Prevention System (IPS)
and IOS with Firewall/IPS Feature Set do not
properly handle certain full-width and half-width
Unicode character encodings, which might allow
remote attackers to evade detection of HTTP
3.3 Low traffic. AVAIL
CVE-2007-2689 Check Point Web Intelligence does not properly
handle certain full-width and half-width Unicode
character encodings, which might allow remote
attackers to evade detection of HTTP traffic.
3.3 Low AVAIL
CVE-2007-2690 Multiple IBM ISS Proventia Series products,
including the A, G, and M series, do not properly
handle certain full-width and half-width Unicode
character encodings, which might allow remote
attackers to evade detection of HTTP traffic.
3.3 Low AVAIL
CVE-2007-2691 MySQL before 4.1.23, 5.0.x before 5.0.42, and
5.1.x before 5.1.18 does not require the DROP
privilege for RENAME TABLE statements,
which allows remote authenticated users to
rename arbitrary tables.
2.2 Low AVAIL
CVE-2007-2725 The DB Software Laboratory DeWizardX
(DEWizardAX.ocx) ActiveX control allows
remote attackers to overwrite arbitrary files via
7 High the SaveToFile function. AVAIL
CVE-2007-2791 Unspecified vulnerability in the Secure Shell
(SSH) in HP Tru64 UNIX 5.1B-4 and 5.1B-3
allows remote attackers to identify valid users
via unspecified vectors, probably related to
timing attacks and
10 High AuthInteractiveFailureRandomTimeout. AVAIL
CVE-2007-2843 Cross-domain vulnerability in Apple Safari 2.0.4
allows remote attackers to access restricted
information from other domains via Javascript,
as demonstrated by a js script that accesses
the location information of cross-domain web
pages, probably involving setTimeout and timed
10 High events. AVAIL
CVE-2007-3053 Session fixation vulnerability in Calimero.CMS
3.3.1232 and earlier allows remote attackers to
hijack web sessions by setting the PHPSESSID
7 High parameter. AVAIL
CVE-2007-0882 Argument injection vulnerability in the telnet
daemon (in.telnetd) in Solaris 10 and 11
(SunOS 5.10 and 5.11) misinterprets certain
client "-f" sequences as valid requests for the
login program to skip authentication, which
allows remote attackers to log into certain
accounts, as demonstrated by the bin account.
10 High AVAIL
Categories: code injection
denial of service
gain of priveleges/access control
unknown
Vulnerability Type References Interactions Interaction description
INPUT | http://www.securityfocus.com/archive/1/archive/1/457159/100/0/threaded | http://www.kb.cert.org/vul
1
http://forums.grsecurity.net/viewtopic.php?t=1646 | http://www.digitalarmaments.com/news_news.shtml | http://grsecurity.net/n
?
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert
?
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert
?
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert
INPUT | 1 Specially crafted request
http://sourceforge.net/project/shownotes.php?release_id=479480&group_id=187000 | http://www.frs
INPUT |
DESIGN | ?
http://sourceforge.net/forum/forum.php?forum_id=660819 | http://www.frsirt.com/english/advisories/2
search string = single character, replace string
INPUT | 2 = single character
http://www.php-security.org/MOPB/MOPB-39-2007.html |
INPUT | 1
http://sourceforge.net/project/shownotes.php?release_id=500238&group_id=32077 | http://www.frsir
INPUT |
INPUT | ACCESS | 1 SSL bypassed
http://www.securityfocus.com/archive/1/archive/1/468049/100/0/threaded | http://www.securityfocus.
HTML or web script injected by the sortby
INPUT | 1 parameter
http://www.securityfocus.com/archive/1/archive/1/455615/100/0/threaded | http://www.securityfocus.
Arbitrary code injected via (1) cat parameter to
(a) ashop/catalogue.php and (b)
ashop/basket.php, the (2) exp parameter to
ashop/catalogue.php, the (3) searchstring
parameter to (c) ashop/search.php, the (4)
checkout and (5) action parameters to (d)
ashop/shipping.php, the cat parameter to (f)
cart-path/admin/editcatalogue.php, and the (7)
resultpage parameter to (g) cart-
INPUT | ? path/admin/salesadmin.php.
http://www.securityfocus.com/archive/1/archive/1/455629/100/0/threaded | http://www.securityfocus.
INPUT | 1 Invalid URI in getURL
http://www.securityfocus.com/archive/1/archive/1/455726/100/0/threaded | http://www.securityfocus.
Invalid tokens and qoute characters or HTML
INPUT | 1 tages in URL variable names
http://www.securityfocus.com/archive/1/archive/1/456048/100/0/threaded | http://www.hardened-php
Web script or HTML injected vi IssueInstant
INPUT | 1 Parameter
https://secure-support.novell.com/KanisaPlatform/Publishing/143/3615264_f.SAL_Public.html | http:/
crafted parameter to mkpw_mp.cgi, mkpw.pl,
INPUT | 1 or mkpw.cgi
http://www.securityfocus.com/archive/1/archive/1/456055/100/0/threaded | http://www.securityfocus.
INPUT | 1 crafted g parameter to search.asp
http://www.securityfocus.com/archive/1/archive/1/456052/100/0/threaded | http://www.securityfocus.
INPUT | 2
http://marc.theaimsgroup.com/?l=full-disclosure&m=116799778408115&w=2 | http://drupal.org/node
INPUT | 1
http://jvn.jp/jp/JVN%2365500885/index.html | http://serenebach.net/log/sb119R.html | http://sereneba
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/456122/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.milw0rm.com/exploits/3089 | http://secunia.com/advisories/23652 | http://xforce.iss.net/xf
INPUT | ?
http://www.securityfocus.com/archive/1/archive/1/456121/100/0/threaded | http://www.frsirt.com/engl
INPUT | 1
http://secunia.com/advisories/23656 | http://www.securityfocus.com/bid/21953 | http://xforce.iss.net/x
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/456296/100/0/threaded | http://www.eazel.es/advis
INPUT | 2 wgUseAjax = true, other params unspecified
http://sourceforge.net/forum/forum.php?forum_id=652721 | http://svn.wikimedia.org/svnroot/mediaw
INPUT | http://www.securityfocus.com/bid/21977 | http://secunia.com/advisories/23605 |
INPUT | ?
http://www.mnin.org/advisories/2007_firepass.pdf | https://tech.f5.com/home/solutions/sol6919.html
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/456042/100/100/threaded | http://xforce.iss.net/xfo
INPUT | ?
http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0 | http://www.frsirt.com/english/a
INPUT | 1
http://www.milw0rm.com/exploits/3115 | http://secunia.com/advisories/23699 | http://xforce.iss.net/xf
(1) nofollow disabled AND (2) unmoderated
INPUT | CONFIG | 2 comments enabled
http://golem.ph.utexas.edu/~distler/blog/archives/001102.html | http://www.zackvision.com/weblog/2
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/456636/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://14house.blogspot.com/2007/01/fastilo-open-source-shopping-cart-vuln.html | http://www.secur
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/456699/100/0/threaded | http://www.bugsec.com/a
1
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert
INPUT | 2
http://www.securityfocus.com/archive/1/archive/1/456970/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.plainblack.com/getwebgui/advisories/webgui-7_3_4-beta-released#BUeIjcWiQasypsJxD-
INPUT | 2 (1) ajouter=1 querery string and (2) add menu
http://www.securityfocus.com/archive/1/archive/1/456986/100/0/threaded | http://www.securityfocus.
URI of script or HTML in convcharset
INPUT | 1 parameter
http://www.securityfocus.com/archive/1/archive/1/456726/100/0/threaded | http://www.securityfocus.
web script or HTML injected via the
INPUT | 1 PATH_INFO string.
http://www.securityfocus.com/archive/1/archive/1/457206/100/0/threaded | http://mywebland.com/for
INPUT | 1 Scripts inserted into vectors
http://jvn.jp/jp/JVN%2395249468/index.html | http://manual.freshreader.com/archives/2007/01/20070
INPUT | 1 Scripts inserted into vectors
http://sourceforge.net/project/shownotes.php?group_id=11386&release_id=479424 | http://sourcefor
web script or HTML inserted via the (1)
error_msg parameter to (a)
suggest_category.php; the (2) u parameter to
(b) user_detail.php; the (3) friend_name, (4)
friend_email, (5) error_msg, (6) my_name, (7)
my_email, and (8) id parameters to (c)
tell_friend.php; the (9) error_msg, (10) email,
(11) name, and (12) subject parameters to (d)
sendmail.php; the (13) email, (14) error_msg,
and (15) username parameters to (e)
send_pwd.php; the (16) keyword parameter to
(f) search.php; the (17) error_msg, (18)
username, (19) password, (20) password2, and
(21) email parameters to (g) register.php; the
(22) url, (23) contact_name, and (24) email
parameters to (h) power_search.php; the (25)
path and (26) total parameters to (i) new.php;
the (27) query parameter to (j) modify.php; the
(28) error_msg parameter to (k) login.php; the
(29) error_msg and (30) email parameters to (l)
mailing_list.php; the (31) gateway parameter to
INPUT | ? (m) upgrade.php; and another unspecified
http://www.securityfocus.com/archive/1/archive/1/457079/100/0/threaded | http://www.securityfocus.
INPUT | ? Scripts inserted into vectors
http://sourceforge.net/project/shownotes.php?release_id=478370 | http://www.frsirt.com/english/advi
INPUT | 1 Scripts inserted into vectors
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://virtuemart.svn.sourc
INPUT | 1 Scripts inserted into vectors
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advi
1
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advisories/festival.txt | http://no
INPUT | 1 Scripts inserted into tag parameter
http://www.securityfocus.com/archive/1/archive/1/457331/100/0/threaded | http://www.securityfocus.
Scripts or HTML injected via (1)Suject or (2)
INPUT | 1 Pseudo fields
http://www.securityfocus.com/archive/1/archive/1/457503/100/0/threaded | http://www.attrition.org/pip
Scripts or HTML injected via recipient or BCC
INPUT | 1 fields
http://www.securityfocus.com/archive/1/archive/1/457508/100/0/threaded | http://aria-security.com/fo
Scripts or HTML injected via keyword
INPUT | 1 parameter
http://www.securityfocus.com/archive/1/archive/1/457505/100/0/threaded | http://xforce.iss.net/xforce
Scripts or HTML injected via username
INPUT | 1 parameter
http://www.securityfocus.com/archive/1/archive/1/457506/100/0/threaded | http://xforce.iss.net/xforce
(1) Scripts or HTML injected via username
parameter and (2) anonymous registration is
INPUT | 2 being done
http://www.plainblack.com/bugs/tracker/security-update-cross-site-scripting-vulnerability | http://www
1
http://forum.openads.org/index.php?showtopic=503412651 | http://jvn.jp/jp/JVN%2307274813/index.html | https://developer.op
URI of script or HTML in (1) show_owned.php
INPUT | 1 or (2) | http://www.securityfocus.com/bid/22180 | http://xforce.iss.net/x
http://secunia.com/advisories/23865show_joined.php
Web script or HTML injected via (1) HTTP
INPUT | 1 Expect headers or (2) image maps
http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html | http://www.frsirt.com/engli
Web scripts or HTML injected via URL in
INPUT | 1 PATH_INFO parameter
http://www.securityfocus.com/archive/1/archive/1/457695/100/0/threaded | http://xforce.iss.net/xforce
INPUT | 1 HTML embedded in comment tags
http://www.securityfocus.com/archive/1/archive/1/457924/100/0/threaded | http://www.kde.org/info/se
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/457660/100/0/threaded | http://xforce.iss.net/xforce
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/457929/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/457611/100/0/threaded | http://xforce.iss.net/xforce
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/457611/100/0/threaded | http://xforce.iss.net/xforce
INPUT | 1
http://onnac.svn.sourceforge.net/viewvc/onnac/trunk/install/default/error404.html?view=log | http://so
INPUT | 2
http://sourceforge.net/project/shownotes.php?release_id=479999&group_id=110693 | http://www.frs
1
http://jvn.jp/jp/JVN%2382258242/index.html | http://secunia.com/advisories/23909 | http://www.securityfocus.com/bid/22245 |
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/458226/100/0/threaded | http://www.securityfocus.
INPUT | http://lists.horde.org/archives/announce/2007/000308.html | http://lists.horde.org/archives/announce/
INPUT | http://www.securityfocus.com/archive/1/archive/1/458062/100/0/threaded | http://www.securityfocus.
1
http://www.sixapart.com/movabletype/beta/distros/MT-3.34-beta-Release-Notes.html |
INPUT | 1
http://secunia.com/advisories/23951 | http://www.securityfocus.com/bid/22250 | http://xforce.iss.net/x
2
http://sourceforge.net/project/shownotes.php?release_id=480714&group_id=98260 | http://www.frsirt.com/english/advisories/2
INPUT | 1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102621-1 | http://www.securityfocus.co
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/458306/100/0/threaded | http://www.securityfocus.
INPUT | http://www.dotnetnuke.com/Default.aspx?tabid=825&EntryID=1278 | http://www.frsirt.com/english/ad
INPUT | http://sourceforge.net/project/shownotes.php?release_id=481131&group_id=98260 | http://www.frsir
INPUT | 1
http://www.milw0rm.com/exploits/3255 | http://www.securityfocus.com/bid/22379 | http://milw0rm.com
|
http://www.phorum.org/phorum5/read.php?12,1197571 http://www.frsirt.com/english/advisories/2007/0410 |
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/458225/100/0/threaded | http://www.securityfocus.
INPUT | http://www.securityfocus.com/archive/1/archive/1/458461/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.milw0rm.com/exploits/3271 | http://www.securityfocus.com/bid/22412 | http://www.frsirt.co
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/459160/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://secunia.com/advisories/24071 | http://xforce.iss.net/xforce/xfdb/32417 |
INPUT | http://sourceforge.net/project/shownotes.php?release_id=484226 | http://www.securityfocus.com/bid
INPUT | 1
http://www.milw0rm.com/exploits/3283 | http://www.securityfocus.com/bid/22450 | http://milw0rm.com
INPUT | 1
http://secunia.com/advisories/23217 | http://www.securityfocus.com/bid/22460 |
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/459562/100/0/threaded | http://www.securityfocus.
ACCESS | 1
http://www.securityfocus.com/archive/1/archive/1/459655/100/0/threaded | http://forums.avenir-geop
ACCESS | 1
http://www.securityfocus.com/archive/1/archive/1/459652/100/0/threaded | http://forums.avenir-geop
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/459590/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://jvn.jp/jp/JVN%2384430861/index.html | http://mozdev.org/bugs/show_bug.cgi?id=16320 | http:
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/459979/100/0/threaded | http://www.securityfocus.
(1) Inject script via the t and yr paramerters and
the sho parameter and (2) the m parameter is
INPUT | 2 out of range
http://www.securityfocus.com/bid/22536 | http://secunia.com/advisories/24125 | http://xforce.iss.net/x
INPUT | ?
http://www.securityfocus.com/archive/1/archive/1/460078/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://downloads.securityfocus.com/vulnerabilities/exploits/22719.html | http://www.securityfocus.com
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/463820/100/0/threaded | http://www.securityfocus.
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/464041/100/0/threaded |
URLs in object or iframe HTML tags not
INPUT | DESIGN | 1 checked for phishing
http://www.securityfocus.com/archive/1/archive/1/464041/100/0/threaded |
INPUT | 1
http://jvn.jp/jp/JVN%2340511721/index.html | http://www.securityfocus.com/bid/23207 | http://www.fr
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/468316/100/0/threaded |
INPUT | http://jvn.jp/jp/JVN%2392832583/index.html | http://www.evalue.jp/support/security/IPA_92832583.a
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/469087/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://pridels-team.blogspot.com/2007/05/parodia-xss-vuln.html | http://www.securityfocus.com/bid/2
INPUT | 1
http://pridels-team.blogspot.com/2007/05/track-xss-vuln.html | http://www.securityfocus.com/bid/240
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/469291/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://marc.info/?l=full-disclosure&m=117987658110713&w=2 | http://www.securityfocus.com/bid/24
http://www-1.ibm.com/support/docview.wss?uid=isg1IY95526 | http://www-1.ibm.com/support/docview.wss?uid=isg1IY95637 |
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/470446/100/0/threaded | http://archives.neohapsis
DESIGN | 1
http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev=HEAD&content-type=text/vnd.viewcvs-markup
(1) CRLF injection vulnerability in Adobe
Acrobat Reader and (2) Microsoft.XMLHTTP
INPUT | CONFIG | 1 ActiveX object allow arbitrary HTTP headers
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf | http://www.frs
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/456699/100/0/threaded | http://www.bugsec.com/a
?
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.red-database-security.co
INPUT | DESIGN | 1 Arbitrary | http://milw0rm.com/exploits/3153 | http://xforce.iss.net/xforc
http://www.milw0rm.com/exploits/3153 code uploaded as image form banner
INPUT | 1
http://retrogod.altervista.org/guppy_4516_cmd.html | http://www.milw0rm.com/exploits/3221 | http://s
INPUT | 1
http://www.milw0rm.com/exploits/3288 | http://www.securityfocus.com/bid/22470 | http://milw0rm.com
INPUT | 1
http://www.milw0rm.com/exploits/3287 | http://www.securityfocus.com/bid/22469 | http://milw0rm.com
(1) inject HTTP headers into url parameter and
INPUT | 2 (2) pagename parameter begins with "FILE:"
http://marc.theaimsgroup.com/?l=full-disclosure&m=117121596803908&w=2 | http://www.securityfoc
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/466906/100/0/threaded | http://www.wisec.it/vulns.
INPUT | http://www.securityfocus.com/archive/1/archive/1/463596/100/0/threaded | http://us2.php.net/release
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/468644/100/0/threaded | http://www.netvigilance.co
INPUT | 1 URL length > N
http://projects.info-pull.com/moab/MOAB-01-01-2007.html | http://www.milw0rm.com/exploits/3064 |
INPUT | 1 filename length > N
http://www.securityfocus.com/bid/21840 | http://secunia.com/advisories/22959 |
INPUT | 1 Invalid URI in M3U file
http://projects.info-pull.com/moab/MOAB-02-01-2007.html | http://secunia.com/advisories/23592 | ht
INPUT | 1 Stack buffer overflow
http://secunia.com/secunia_research/2007-2/advisory/ | http://secunia.com/secunia_research/2007-3
INPUT | 1 heap based buffer overflow
http://projects.info-pull.com/moab/MOAB-18-01-2007.html | http://secunia.com/advisories/23842 | ht
INPUT | 1 URL length > N
http://projects.info-pull.com/moab/MOAB-19-01-2007.html | http://www.milw0rm.com/exploits/3160 |
EXCEP | 1
http://www.microsoft.com/technet/security/Bulletin/MS07-012.mspx | http://www.kb.cert.org/vuls/id/93
EXCEP | 1
http://www.microsoft.com/technet/security/Bulletin/MS07-011.mspx | http://www.kb.cert.org/vuls/id/49
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/455801/100/0/threaded | http://events.ccc.de/cong
(1) Arbitrary code executed in language
parameter and (2) Variable must not have been
INPUT | DESIGN | 2 set since installation
http://www.securityfocus.com/archive/1/archive/1/455795/100/0/threaded | http://www.securityfocus.
crafted format string specifiers in RSS iPhoto
INPUT | 1 feed title
http://projects.info-pull.com/moab/MOAB-04-01-2007.html | http://www.securityfocus.com/archive/1/a
INPUT | 1 HREFTrack contains automatic action tag
http://projects.info-pull.com/moab/MOAB-03-01-2007.html | http://www.gnucitizen.org/blog/backdoor
EXCEP | 1
http://www.milw0rm.com/exploits/3049 | http://www.securityfocus.com/bid/21827 | http://www.frsirt.co
INPUT | 1 Stack-based buffer overflow
http://marc.theaimsgroup.com/?l=full-disclosure&m=116791509125050&w=2 | http://vuln.sg/powarc9
CONFIG | 1
http://www.milw0rm.com/exploits/3075 | http://www.frsirt.com/english/advisories/2007/0035 | http://xf
INPUT | 1 Code executed by craffted GET request
http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml | http://www.securityfocus.com
INPUT | 1 crafted image file
http://blog.trendmicro.com/flaw-in-3rd-party-app-weakens-windows-mobile/ | http://www.trendmicro.c
INPUT | 1 .phtml extension used to disguise .php files
http://www.securityfocus.com/archive/1/archive/1/456045/100/0/threaded | http://xforce.iss.net/xforce
INPUT | 1 crafted JPG files allow arbitrary code to run
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=457 | http://www.opera.com/suppo
Unvalidated obeject created which can execute
INPUT | DESIGN | 1 arbitrary JavaScript
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458 | http://www.opera.com/suppo
register_globals = true, current_path =
INPUT | 2 malicious URL
http://www.attrition.org/pipermail/vim/2007-January/001219.html | http://securityreason.com/exploital
INPUT | 1
http://milw0rm.com/exploits/3090 | http://www.frsirt.com/english/advisories/2007/0078 | http://secunia
INPUT | 1
http://securitytracker.com/id?1017477 | http://xforce.iss.net/xforce/xfdb/31328 |
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/456212/100/0/threaded | http://www.frsirt.com/engl
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/456259/100/0/threaded | http://secway.org/advisor
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/456386/100/0/threaded | http://www.attrition.org/pip
INPUT | 1
http://www.zerodayinitiative.com/advisories/ZDI-07-002.html | http://supportconnectw.ca.com/public/
INPUT | 1
http://www.zerodayinitiative.com/advisories/ZDI-07-003.html | http://www.zerodayinitiative.com/advis
INPUT | 1
http://www.milw0rm.com/exploits/3097 | http://www.securityfocus.com/bid/21917 | http://xforce.iss.ne
INPUT | 1
http://www.milw0rm.com/exploits/3096 | http://www.securityfocus.com/bid/21916 | http://xforce.iss.ne
INPUT | 1
http://www.milw0rm.com/exploits/3093 | http://www.securityfocus.com/bid/21918 | http://xforce.iss.ne
register_globals = true, magic_quotes = false,
INPUT | 3 page parameter contains ..'s
http://www.milw0rm.com/exploits/3091 | http://www.securityfocus.com/bid/21914 | http://xforce.iss.ne
INPUT | 1
http://marc.theaimsgroup.com/?l=full-disclosure&m=116832852700467&w=2 | http://secway.org/adv
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/456404/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://vuln.sg/efcommander575-en.html | http://secunia.com/advisories/23659 | http://www.securityfo
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/456264/100/0/threaded | http://milw0rm.com/explo
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/456389/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/456251/100/0/threaded | http://www.attrition.org/pip
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/456439/100/0/threaded | http://www.securityfocus.
EXCEP | 1
http://projects.info-pull.com/moab/MOAB-09-01-2007.html | http://www.securityfocus.com/archive/1/a
INPUT | 1
http://www.milw0rm.com/exploits/3108 | http://www.attrition.org/pipermail/vim/2007-January/001233.
INPUT | 1
http://www.ranum.com/security/computer_security/editorials/codetools/ | http://www.securityfocus.co
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/456527/100/0/threaded | http://www.attrition.org/pip
INPUT | 1
http://www.milw0rm.com/exploits/3113 | http://www.securityfocus.com/bid/21995 | http://www.securit
numeric parameter_1 = hash(alphanumeric
INPUT | DESIGN | 1 parm_2)
http://www.milw0rm.com/exploits/3109 | http://www.securityfocus.com/bid/21983 | http://xforce.iss.ne
INPUT | http://www.securityfocus.com/archive/1/archive/1/456590/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/456744/100/0/threaded | http://www.attrition.org/pip
INPUT | 2 register_globals = true, PollDir = malicious | http://attrition.org/piperma
http://www.securityfocus.com/archive/1/archive/1/456697/100/0/threadedURL
INPUT | 1
http://milw0rm.com/exploits/3118 | http://www.securityfocus.com/bid/22021 | http://www.frsirt.com/en
INPUT | 1
http://milw0rm.com/exploits/3123 | http://www.securityfocus.com/bid/22040 | http://www.frsirt.com/en
INPUT | 1
http://milw0rm.com/exploits/3121 | http://www.securityfocus.com/bid/22038 | http://www.frsirt.com/en
INPUT | 1
http://www.milw0rm.com/exploits/3114 | http://www.securityfocus.com/bid/22017 | http://xforce.iss.ne
INPUT | http://www.securityfocus.com/archive/1/archive/1/460197/100/0/threaded | http://www.lizardtech.com
a ".." in the language pack parameter in (1)
INPUT | 1 jax_petitionbook.php or (2) smileys.php.
http://www.securityfocus.com/archive/1/archive/1/456981/100/0/threaded | http://www.securityfocus.
INPUT | 1 ".." in the http://www.securityfocus.com/bid/22065 | http://milw0rm.com
http://www.milw0rm.com/exploits/3134 |skinnn parameter
INPUT | 1 USER command with format specifiers > |
http://milw0rm.com/exploits/3128 | http://secunia.com/advisories/23731 N
Crafted .cnt file that in which lines begin with an
INPUT | 1 integer followed by a space and a long string.
http://www.securityfocus.com/archive/1/archive/1/457210/100/0/threaded | http://www.anspi.pl/~pork
INPUT | 1 registration request with invalid attr-list field.
http://projects.info-pull.com/moab/MOAB-17-01-2007.html | http://www.milw0rm.com/exploits/3151 |
INPUT | 1 URL of code in setup_folder parameter
http://www.milw0rm.com/exploits/3147 | http://www.attrition.org/pipermail/vim/2007-January/001247.
INPUT | 1 URL of code in file parameter
http://www.milw0rm.com/exploits/3150 | http://www.frsirt.com/english/advisories/2007/0229 | http://w
INPUT | 1 URL of code in chem parameter
http://www.milw0rm.com/exploits/3145 | http://www.frsirt.com/english/advisories/2007/0231 | http://m
INPUT | 1 MBSE_ROOT length > N
http://www.mbse.eu/mbse/mbsebbs/index.html | http://www.milw0rm.com/exploits/3154 | http://www.
EXCEP | 1
http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051883.html | http://www.bitdefender.co
INPUT | 1 URL of code in inc_dir parameter
http://www.milw0rm.com/exploits/3152 | http://www.securityfocus.com/bid/22108 | http://milw0rm.com
INPUT | 1 Argument strings http://secunia.com/advisories/23826 | http://www.se
http://code.djangoproject.com/changeset/3592 |not qouted
INPUT | 1 HLP field in OPTION sections > N
http://www.securityfocus.com/archive/1/archive/1/457436/100/0/threaded | http://www.anspi.pl/~pork
?
http://www.securityfocus.com/archive/1/archive/1/456623/100/100/threaded | http://securitytracker.com/id?1017504 | http://www
(1) EnumPrinters argument lengths > N and (2)
INPUT | 2 OpenPrinter arugment lengths > M
http://www.zerodayinitiative.com/advisories/ZDI-07-006.html | http://support.citrix.com/article/CTX11
INPUT | 1 server_ip_name length > N
http://www.zerodayinitiative.com/advisories/ZDI-07-007.html | http://h20000.www2.hp.com/bizsuppor
Crafted packeds to TCP port (1) 1900 or (2)
INPUT | 1 2200
http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp | http://www.s
INPUT | ENV | 1 Buffer overflow in nss_windbind.so
http://www.securityfocus.com/archive/1/archive/1/459168/100/0/threaded | http://www.securityfocus.
Code injected in format string specifiers via(1)
PKG, (2) DISTZ, or (3) MPKG package
INPUT | 1 filename.
http://projects.info-pull.com/moab/MOAB-26-01-2007.html | http://www.securityfocus.com/bid/22272
DESIGN | 1
http://projects.info-pull.com/moab/MOAB-27-01-2007.html | http://www.securityfocus.com/bid/22286
INPUT | 1 1 TYPELIB MOVEABLE PURE length > N
http://www.securityfocus.com/archive/1/archive/1/457646/100/0/threaded | http://www.anspi.pl/~pork
DESIGN | 1
http://rubyforge.org/frs/shownotes.php?release_id=9074 | http://www.frsirt.com/english/advisories/20
PHP injected via URL in WEBCHATPATH
INPUT | 1 parameter
http://www.milw0rm.com/exploits/3169 | http://xforce.iss.net/xforce/xfdb/31624 | http://milw0rm.com/e
PHP injected via URL in (1)phpAds_geoPlugi
parameter or (2) filename parameter or (3)
INPUT | 1 phpAds_config[my_footer] parameter
http://www.securityfocus.com/archive/1/archive/1/457670/100/0/threaded | http://www.securityfocus.
INPUT | 1 PHP injected via URL in fpath variable
http://www.securityfocus.com/archive/1/archive/1/457643/100/0/threaded | http://www.securityfocus.
PHP injected via URL in
INPUT | 1 mosConfig_absolute_path parameter
http://milw0rm.com/exploits/3175 | http://www.frsirt.com/english/advisories/2007/0285 | http://secunia
PHP injected via URL in my_ms[root]
INPUT | 1 parameter
http://www.frsirt.com/english/advisories/2007/0269 | http://secunia.com/advisories/23850 |
INPUT | 1 PHP injected via URL in racine parameter
http://milw0rm.com/exploits/3161 | http://www.frsirt.com/english/advisories/2007/0263 | http://secunia
PHP injected via URL in g_strRootDir
INPUT | 1 parameter
http://www.milw0rm.com/exploits/3163 | http://www.frsirt.com/english/advisories/2007/0268 | http://m
INPUT | 1 PHP injected via URL in maindir parameter
http://echo.or.id/adv/adv62-y3dips-2007.txt | http://www.frsirt.com/english/advisories/2007/0265 | http
INPUT | 1 PHP injected via URL in my[root] parameter
http://www.milw0rm.com/exploits/3165 | http://milw0rm.com/exploits/3165 |
PHP injected via URL in env[inc_path]
INPUT | 1 parameter
http://www.milw0rm.com/exploits/3164 | http://www.frsirt.com/english/advisories/2007/0267 | http://m
PHP injected via URL in include_path
INPUT | 1 parameter
http://milw0rm.com/exploits/3162 | http://www.frsirt.com/english/advisories/2007/0264 | http://secunia
INPUT | 1 PHP injected via URL in gen parameter
http://www.milw0rm.com/exploits/3171 | http://www.frsirt.com/english/advisories/2007/0271 | http://m
1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102728-1 | http://www.frsirt.com/english/advisories/2007/0287 | h
ACCESS | 1
http://drupal.org/node/112146 | http://www.frsirt.com/english/advisories/2007/0312 | http://www.secur
PHP injected via URL in
INPUT | 1 BBC_LANGUAGE_PATH parameter
http://www.milw0rm.com/exploits/3183 | http://www.frsirt.com/english/advisories/2007/0318 | http://se
URL set in path parameter to (1) (1) dom.php,
(2) dtd.php, or (3) parser.php in include/ allows
INPUT | CONFIG | 1 for arbitrarty execution of PHP code
http://www.milw0rm.com/exploits/3184 | http://secunia.com/advisories/23875 | http://milw0rm.com/ex
PHP injected via URL in include_path
INPUT | 1 parameter
http://www.securityfocus.com/archive/1/archive/1/457870/100/0/threaded | http://www.securityfocus.
INPUT | 1 PHP injected via URL in lang_file parameter
http://14house.blogspot.com/2007/01/freewebshoporg-remote-file-inclusion.html | http://www.freewe
INPUT | 2
http://www.securityfocus.com/archive/1/archive/1/457668/100/0/threaded | http://xforce.iss.net/xforce
INPUT | 1
http://www.milw0rm.com/exploits/3191 | http://www.frsirt.com/english/advisories/2007/0339 | http://m
INPUT | 1
http://www.milw0rm.com/exploits/3185 | http://www.frsirt.com/english/advisories/2007/0342 | http://m
INPUT | 1
http://www.milw0rm.com/exploits/3192 | http://www.securityfocus.com/archive/1/archive/1/458059/10
INPUT | 1
http://www.milw0rm.com/exploits/3201 | http://www.securityfocus.com/bid/22257 | http://www.frsirt.co
INPUT | 1
http://www.milw0rm.com/exploits/3202 | http://www.securityfocus.com/bid/22259 | http://www.frsirt.co
INPUT | 1
http://www.milw0rm.com/exploits/3212 | http://www.frsirt.com/english/advisories/2007/0386 | http://m
INPUT | DESIGN | 1 Arbitrary | http://www.frsirt.com/english/advisories/2007/0390 | http://m
http://www.milw0rm.com/exploits/3207 PHP code can be exectuted
INPUT | 1
http://milw0rm.com/exploits/3205 | http://www.attrition.org/pipermail/vim/2007-January/001257.html |
INPUT | DESIGN | 1 Arbitrary PHP code can be exectuted
http://seclists.org/bugtraq/2007/Jan/0643.html | http://milw0rm.com/exploits/3209 | http://www.xt-scri
INPUT | 1
http://milw0rm.com/exploits/3206 | http://www.securityfocus.com/bid/22278 | http://www.frsirt.com/en
INPUT | 1
http://milw0rm.com/exploits/3215 | http://www.securityfocus.com/bid/22285 | http://secunia.com/advi
INPUT | 1
http://www.milw0rm.com/exploits/3214 | http://www.securityfocus.com/bid/22283 | http://milw0rm.com
INPUT | 1
http://www.milw0rm.com/exploits/3217 | http://www.securityfocus.com/bid/22287 | http://www.frsirt.co
INPUT | 1
http://www.milw0rm.com/exploits/3198 | http://milw0rm.com/exploits/3198 | http://www.securityfocus.
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/458076/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=468 | http://morte.jedrea.com/~jed
ACCESS | 1
http://drupal.org/node/113935 | http://www.frsirt.com/english/advisories/2007/0406 | http://secunia.co
INPUT | 1
http://www.milw0rm.com/exploits/3228 | http://www.securityfocus.com/bid/22313 | http://milw0rm.com
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/458582/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.milw0rm.com/exploits/3225 | http://www.securityfocus.com/bid/22324 | http://xforce.iss.ne
INPUT | 1
http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c | http://www.securityfocus.com/bid
INPUT | 1
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=225491 | http://www.securityfocus.com/bid/238
INPUT | 1
http://www.milw0rm.com/exploits/3231 | http://www.securityfocus.com/bid/22320 | http://www.frsirt.co
INPUT | 1
http://www.milw0rm.com/exploits/3236 | http://www.securityfocus.com/bid/22333 | http://milw0rm.com
Arbitrary commands my be executed via format
INPUT | DESIGN | 1 string specifiers
http://www.securityfocus.com/archive/1/archive/1/458293/100/0/threaded | http://www.securityfocus.
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/458774/100/0/threaded | http://www.securityfocus.
1
http://www.securityfocus.com/archive/1/archive/1/458464/100/0/threaded | http://www.frsirt.com/english/advisories/2007/0407 |
?
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2007-0669 | http://www.kb.cert.org/vuls/id/584436 | http://www.openpkg.c
INPUT | 1
http://www-1.ibm.com/support/docview.wss?uid=isg1IY94301 | http://secunia.com/advisories/23995
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/458681/100/0/threaded | http://echo.or.id/adv/adv6
INPUT | 1
http://www.milw0rm.com/exploits/3238 | http://www.securityfocus.com/bid/22345 | http://milw0rm.com
INPUT | 1
http://www.milw0rm.com/exploits/3235 | http://www.xoron.info/bugs/phpbbtweaked.txt | http://www.se
INPUT | 1
http://www.milw0rm.com/exploits/3240 | http://secunia.com/advisories/24012 | http://milw0rm.com/ex
INPUT | 1
http://www.milw0rm.com/exploits/3242 | http://www.xoron.info/bugs/omegaboard-html.txt | http://www
INPUT | 1
http://www.milw0rm.com/exploits/3243 | http://www.xoron.info/bugs/ceruleanportalsystem-html.txt | h
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/458805/100/0/threaded | http://www.attrition.org/pip
INPUT | 1
http://www.milw0rm.com/exploits/3247 | http://www.attrition.org/pipermail/vim/2007-February/001266
INPUT | 1
http://www.attrition.org/exploits/3246 | http://www.attrition.org/pipermail/vim/2007-February/001264.h
INPUT | 1
http://www.milw0rm.com/exploits/3249 | http://www.attrition.org/pipermail/vim/2007-February/001267
INPUT | 1
http://www.milw0rm.com/exploits/2329 | http://www.attrition.org/pipermail/vim/2007-February/001265
INPUT | 1
http://www.gomplayer.com/forum/viewtopic.html?t=221 | http://secunia.com/advisories/23994 | http:/
INPUT | 1
http://www.milw0rm.com/exploits/3251 | http://www.attrition.org/pipermail/vim/2007-February/001272
INPUT | 1
http://www.securityfocus.com/bid/22374 | http://xforce.iss.net/xforce/xfdb/32273 |
INPUT | 1
http://www.milw0rm.com/exploits/3258 | http://www.xoron.info/bugs/ezconvert.txt | http://www.attrition
INPUT | 1
http://www.milw0rm.com/exploits/3259 | http://www.attrition.org/pipermail/vim/2007-February/001279
INPUT | 1
http://www.milw0rm.com/exploits/3255 | http://milw0rm.com/exploits/3255 | http://xforce.iss.net/xforc
INPUT | http://www.securityfocus.com/archive/1/archive/1/459507/100/0/threaded | https://issues.rpath.com/b
INPUT | 1
http://www.milw0rm.com/exploits/3266 | http://www.securityfocus.com/bid/22385 | http://www.frsirt.co
INPUT | 1
http://www.simpleinvoices.org/index.php?news=25 | http://secunia.com/advisories/24040 | http://www
INPUT | 1
http://secunia.com/advisories/24051 | http://www.securityfocus.com/bid/22390 | http://xforce.iss.net/x
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/459149/100/0/threaded |
INPUT | 2
http://www.securityfocus.com/archive/1/archive/1/459147/100/0/threaded | http://xforce.iss.net/xforce
INPUT | 1
http://www.milw0rm.com/exploits/3268 | http://www.securityfocus.com/bid/22391 | http://milw0rm.com
INPUT | http://sourceforge.net/project/shownotes.php?release_id=483468 | http://www.securityfocus.com/bid
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/459191/100/0/threaded | http://xforce.iss.net/xforce
INPUT | 1
http://www.milw0rm.com/exploits/3270 | http://milw0rm.com/exploits/3270 | http://www.securityfocus.
INPUT | 1
http://www.milw0rm.com/exploits/3267 | http://milw0rm.com/exploits/3267 | http://www.securityfocus.
INPUT | 1
http://www.securityfocus.com/bid/22381 |
INPUT | 1
http://www.milw0rm.com/exploits/3275 | http://www.securityfocus.com/bid/22430 | http://milw0rm.com
INPUT | 1
http://www.milw0rm.com/exploits/3279 | http://lists.grok.org.uk/pipermail/full-disclosure/2007-Februa
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/459290/100/0/threaded | http://www.securityfocus.
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/458581/100/100/threaded | http://www.securityfocu
INPUT | 1
http://www.securityfocus.com/bid/22406 | http://secunia.com/advisories/24019 | http://xforce.iss.net/x
INPUT | 1
http://www.milw0rm.com/exploits/3280 | http://www.attrition.org/pipermail/vim/2007-February/001297
INPUT | 2
http://www.milw0rm.com/exploits/3281 | http://www.attrition.org/pipermail/vim/2007-February/001292
INPUT | 1
http://www.milw0rm.com/exploits/3284 | http://www.attrition.org/pipermail/vim/2007-February/001299
INPUT | http://www.securityfocus.com/archive/1/archive/1/459397/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/459409/100/0/threaded | http://www.securityfocus.
INPUT | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=472 | http://www.securityfocus.com
ACCESS | ?
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=469 | http://esupport.trendmicro.c
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/458312/100/100/threaded | http://www.securityfocu
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/458064/100/200/threaded | http://www.securityfocu
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/458559/100/100/threaded | http://www.securityfocu
INPUT | 1
http://www.attrition.org/pipermail/vim/2007-January/001241.html | http://securitytracker.com/id?1017
?
http://www.securityfocus.com/archive/1/archive/1/459497/100/0/threaded | http://securitytracker.com/id?1017614 | http://www.s
INPUT | 1
http://www.milw0rm.com/exploits/3285 | http://www.securityfocus.com/bid/22467 | http://milw0rm.com
INPUT | 1
http://www.securityfocus.com/bid/22501 | http://www.frsirt.com/english/advisories/2007/0665 | http://x
INPUT | 1
http://echo.or.id/adv/adv64-y3dips-2007.txt | http://www.milw0rm.com/exploits/3292 | http://secunia.c
INPUT | 1
http://advisories.echo.or.id/adv/adv65-K-159-2007.txt | http://www.frsirt.com/english/advisories/2007/
http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2007-021312-5133-99&tabid=2 |
INPUT | 1
http://www.milw0rm.com/exploits/3296 | http://www.securityfocus.com/bid/22530 | http://www.securit
INPUT | 1
http://www.securityfocus.com/bid/22553 | http://secunia.com/advisories/23999 | http://xforce.iss.net/x
INPUT | 1
http://www.milw0rm.com/exploits/3307 | http://www.securityfocus.com/bid/22558 | http://xforce.iss.ne
EXCEP | 1
http://www.milw0rm.com/exploits/3297 | http://xforce.iss.net/xforce/xfdb/32453 | http://milw0rm.com/e
INPUT | 2
http://www.milw0rm.com/exploits/3314 | http://cazalet.org/category/zebrafeeds | http://cazalet.org/zeb
INPUT | 1
http://milw0rm.com/exploits/3328 | http://www.securityfocus.com/bid/22605 | http://www.frsirt.com/en
INPUT | 1
http://security-protocols.com/sp-x39-advisory.php | http://www.securityfocus.com/bid/22630 | http://d
INPUT | 1
http://www.milw0rm.com/exploits/3373 | http://www.securityfocus.com/bid/22713 | http://www.frsirt.co
INPUT | 1
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=502 | http://lists.freedesktop.org/a
INPUT | EXCEP | 1 Illegal characters in session identifier
http://www.php-security.org/MOPB/MOPB-23-2007.html | http://www.frsirt.com/english/advisories/20
INPUT | 1
http://www.milw0rm.com/exploits/3576 | http://www.securityfocus.com/archive/1/archive/1/463843/10
INPUT | ?
http://vil.nai.com/vil/content/v_141860.htm | http://www.avertlabs.com/research/blog/?p=230 | http://w
search string = single character, replace string
INPUT | 2 = very long
http://www.php-security.org/MOPB/MOPB-39-2007.html | http://www.php.net/releases/5_2_1.php | h
INPUT | 1
http://www.php-security.org/MOPB/MOPB-41-2007.html | http://www.sqlite.org/cvstrac/rlog?f=sqlite/s
INPUT | 1
http://www.php-security.org/MOPB/MOPB-43-2007.html | http://www.securityfocus.com/bid/23236 |
DESIGN | ACCESS | 1
http://www.securityfocus.com/archive/1/archive/1/466223/100/0/threaded | http://www.zerodayinitiativ
INPUT | http://www.securityfocus.com/archive/1/archive/1/467041/100/0/threaded | http://www.vsecurity.com
INPUT | 1
http://www.milw0rm.com/exploits/3747 | http://www.securityfocus.com/bid/23505 | http://www.frsirt.co
INPUT | http://www.securityfocus.com/archive/1/archive/1/466222/100/0/threaded | http://www.zerodayinitiativ
INPUT | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=506 | http://www.enterasys.com/p
INPUT | http://lists.apple.com/archives/security-announce/2007/May/msg00004.html |
INPUT | http://lists.apple.com/archives/security-announce/2007/May/msg00004.html |
INPUT | http://www.hitachi-support.com/security_e/vuls_e/HS07-009_e/index-e.html | http://www.securityfocu
INPUT | 2 register_globals = true, wpPATH contains ..
http://www.securityfocus.com/archive/1/archive/1/467362/100/0/threaded | http://www.milw0rm.com/
INPUT | EXCEP | 1 GLOBALS parameter contains ".."
http://www.securityfocus.com/archive/1/archive/1/466564/100/100/threaded | http://www.attrition.org/
INPUT | 1
http://www.milw0rm.com/exploits/3864 | http://www.frsirt.com/english/advisories/2007/1679 | http://xf
EXCEP | 1
http://www.opendap.org/security.html | http://www.kb.cert.org/vuls/id/659148 | http://www.securityfoc
INPUT | 1
http://milw0rm.com/exploits/3934 | http://secunia.com/advisories/25282 | http://xforce.iss.net/xforce/x
INPUT | 1
http://seclists.org/fulldisclosure/2007/May/0378.html | http://archives.neohapsis.com/archives/fulldisc
INPUT | 1 arbitrary commands executed via id parameter
http://milw0rm.com/exploits/3061 | http://www.securityfocus.com/bid/21836 | http://www.frsirt.com/en
arbitrary commands executed via iPro
INPUT | 1 parameter
http://milw0rm.com/exploits/3062 | http://www.securityfocus.com/bid/21833 | http://www.frsirt.com/en
Commands can be executed via product_id
INPUT | 1 parameter
http://www.milw0rm.com/exploits/3074 | http://secunia.com/advisories/23610 | http://www.frsirt.com/e
INPUT | 1 Commands can be executed via id parameter
http://www.securityfocus.com/archive/1/archive/1/455814/100/0/threaded | http://acid-root.new.fr/poc
INPUT | 1 mbstring is enabled1
http://www.securityfocus.com/archive/1/archive/1/456049/100/0/threaded | http://www.hardened-php
INPUT | 1 parameter to catid
http://www.securityfocus.com/archive/1/archive/1/456272/100/0/threaded | http://www.securityfocus.
ACCESS | 1
http://www.securityfocus.com/archive/1/archive/1/456051/100/0/threaded | http://www.attrition.org/pip
execution of arbitrary commands in several php
INPUT | 1 files
http://www.securityfocus.com/archive/1/archive/1/456051/100/0/threaded | http://acid-root.new.fr/poc
INPUT | 1 book_id parameter to info_book.asp invalid
http://milw0rm.com/exploits/3081 | http://www.frsirt.com/english/advisories/2007/0053 | http://secunia
INPUT | 1
http://www.milw0rm.com/exploits/3073 | http://xforce.iss.net/xforce/xfdb/31242 | http://www.frsirt.com
INPUT | 1
http://www.milw0rm.com/exploits/3082 | http://www.securityfocus.com/bid/21873 | http://www.frsirt.co
INPUT | 1
http://www.milw0rm.com/exploits/3083 | http://packetstormsecurity.nl/0701-exploits/igshop10-multipl
INPUT | 1
http://www.frsirt.com/english/advisories/2007/0056 |
INPUT | 2
http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt | http://www.milw0rm.com/exploits/3
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/456068/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/456127/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/456384/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.milw0rm.com/exploits/3105 | http://www.securityfocus.com/bid/21963 | http://xforce.iss.ne
INPUT | 1
http://sourceforge.net/project/shownotes.php?release_id=477845 | http://secunia.com/advisories/237
INPUT | 1
http://www.milw0rm.com/exploits/3115 | http://secunia.com/advisories/23699 | http://xforce.iss.net/xf
INPUT | 1
http://www.milw0rm.com/exploits/3106 | http://www.securityfocus.com/bid/21966 | http://xforce.iss.ne
INPUT | 1
http://www.milw0rm.com/exploits/3120 | http://www.frsirt.com/english/advisories/2007/0175 | http://se
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/456894/100/0/threaded | http://www.milw0rm.com/
INPUT | 1
http://milw0rm.com/exploits/3122 | http://www.securityfocus.com/bid/22039 | http://www.frsirt.com/en
register_globals = true, magic_quotes_gpc =
false, cat parameter = arbitrary malicious
INPUT | 3 command
http://www.securityfocus.com/archive/1/archive/1/456787/100/0/threaded | http://www.neosecuritytea
magic_quotes = false, xuser_name or did
INPUT | 2 parameters = arbitrary SQL command
http://www.securityfocus.com/archive/1/456742 | http://www.securityfocus.com/archive/1/456741 | ht
INPUT | 1 ps parameter contains SQL commands
http://www.securityfocus.com/archive/1/archive/1/457071/100/0/threaded | http://www.attrition.org/pip
INPUT | 1 Commands executed via board parameter
http://www.milw0rm.com/exploits/3124 | http://secunia.com/advisories/23735 | http://milw0rm.com/ex
INPUT | 1 Commands executed via us parameter
http://www.attrition.org/pipermail/vim/2007-January/001244.html | http://www.frsirt.com/english/advis
Commands executable via (1) ps, (2) us, (3) f,
INPUT | 1 or (4) code parameter.
http://www.frsirt.com/english/advisories/2007/0221 | http://xforce.iss.net/xforce/xfdb/31533 |
INPUT | 1 Exectute | http://www.tv-kritik.net/mgb/index.php
http://www.milw0rm.com/exploits/3141 arbitrary commands via id parameter | http://www.attrition.o
INPUT | 1 SQL commands executed via comment forum
http://www.milw0rm.com/exploits/3153 | http://milw0rm.com/exploits/3153 | http://xforce.iss.net/xforc
SQL commands executed via comment forum
(1) the active parameter in
admin/modules/modules.php; the (2) ad_class,
(3) imageurl, (4) clickurl, (5) ad_code, or (6)
position parameter in
modules/Advertising/admin/index.php; or
unspecified vectors in the (7) advertising, (8)
INPUT | 1 weblinks, or (9) reviews section.
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advi
SQL commands executed via (1) the
searchword parameter in certain files; the
where parameter in (2)
plugins/search/content.php or (3)
plugins/search/weblinks.php; the text
parameter in (4) plugins/search/contacts.php,
(5) plugins/search/categories.php, or (6)
plugins/search/sections.php; or (7) the email
INPUT | 1 parameter in database/table/user.php,
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advi
(1) SQL commands executed via id parameter
INPUT | 2 and (2) content editing is being cancellled
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advi
SQL Commands injected via (1) the id
parameter in kernel/group.php in core, (2) the
lid parameter in class/table_broken.php in the
Weblinks module, and other unspecified
INPUT | 1 vectors.
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advi
INPUT | ? SQL commans injected via vectors
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advi
INPUT | ? SQL commands executed via parameters
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.atutor.ca/atuto
INPUT | 1 SQL commands executed via the id parameter
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advi
SQL commands executed via the catid
INPUT | 1 parameter
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advi
SQL commands executed via the boardids[1]
INPUT | 1 parameter
http://www.milw0rm.com/exploits/3143 | http://www.milw0rm.com/exploits/3144 | http://xforce.iss.net
INPUT | 1 SQL commands injected via init_row parameter
http://www.securityfocus.com/archive/1/archive/1/457505/100/0/threaded |
SQL commands injected via keyword
INPUT | 1 parameter
http://www.securityfocus.com/archive/1/archive/1/457506/100/0/threaded | http://xforce.iss.net/xforce
INPUT | 1 SQL commands executable via cat parameter
http://secunia.com/advisories/23865 | http://www.securityfocus.com/bid/22180 | http://xforce.iss.net/x
SQL commands executable via (1) id or (2)
INPUT | 1 galleryID
http://www.frsirt.com/english/advisories/2007/0270 | http://xforce.iss.net/xforce/xfdb/31632 |
SQL commands executable via picID
INPUT | 1 parameter
http://www.milw0rm.com/exploits/3172 | http://www.frsirt.com/english/advisories/2007/0270 | http://m
INPUT | 1 Arbitrary | http://www.frsirt.com/english/advisories/2007/0300 | http://se
http://www.milw0rm.com/exploits/3180 code executed via poll_id parameter
ACCESS | 1
http://drupal.org/node/112145 | http://www.frsirt.com/english/advisories/2007/0313 | http://secunia.co
INPUT | 1 SQL commands executed via bid parameter
http://www.securityfocus.com/archive/1/archive/1/457667/100/0/threaded | http://xforce.iss.net/xforce
SQL commands executed via
INPUT | 1 REMEMBER_KEY parameter
http://www.securityfocus.com/archive/1/archive/1/457684/100/0/threaded | http://secunia.com/adviso
INPUT | 1 PHP injected via poll_id parameter
http://www.frsirt.com/english/advisories/2007/0300 | http://secunia.com/advisories/23834 |
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/458061/100/0/threaded | http://milw0rm.com/explo
INPUT | 1
http://www.milw0rm.com/exploits/3186 | http://www.securityfocus.com/archive/1/archive/1/458058/10
INPUT | 1
http://www.milw0rm.com/exploits/3187 | http://www.securityfocus.com/archive/1/archive/1/458057/10
INPUT | 1
http://milw0rm.com/exploits/3216 | http://www.securityfocus.com/bid/22284 | http://secunia.com/advi
INPUT | 1
http://www.securityfocus.com/bid/22282 |
INPUT | 2
http://www.securityfocus.com/archive/1/archive/1/458303/100/0/threaded | http://forums.avenir-geop
INPUT | 1
http://www.milw0rm.com/exploits/3210 | http://www.securityfocus.com/bid/22280 | http://milw0rm.com
INPUT | 1
http://www.milw0rm.com/exploits/3197 | http://milw0rm.com/exploits/3197 |
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/458076/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/458063/100/0/threaded | http://www.milw0rm.com/
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/458438/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.frsirt.com/english/advisories/2007/0395 |
INPUT | 1
http://www.milw0rm.com/exploits/3227 | http://www.securityfocus.com/bid/22314 | http://milw0rm.com
INPUT | 1
http://www.frsirt.com/english/advisories/2007/0341 |
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/458495/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.frsirt.com/english/advisories/2007/0424 |
INPUT | 1
http://www.milw0rm.com/exploits/3234 | http://www.securityfocus.com/bid/22338 | http://xforce.iss.ne
INPUT | 1
http://www.milw0rm.com/exploits/3233 | http://www.securityfocus.com/bid/22347 | http://milw0rm.com
INPUT | 1
http://www.milw0rm.com/exploits/3232 | http://www.securityfocus.com/bid/22335 | http://xforce.iss.ne
INPUT | 1
http://www.milw0rm.com/exploits/3241 | http://milw0rm.com/exploits/3241 | http://www.frsirt.com/eng
INPUT | http://sourceforge.net/project/shownotes.php?release_id=481131&group_id=98260 | http://www.attri
INPUT | 1
http://www.frsirt.com/english/advisories/2007/0388 |
INPUT | 1
http://www.zion-security.com/text/Sql_Vulnerability_EasymoBlog%232.txt | http://www.zion-security.c
INPUT | 1
http://www.milw0rm.com/exploits/3256 | http://www.securityfocus.com/bid/22373 | http://xforce.iss.ne
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/458495/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.milw0rm.com/exploits/3261 | http://www.securityfocus.com/bid/22384 | http://www.frsirt.co
1
http://mamboxchange.com/frs/shownotes.php?release_id=6232 | http://www.frsirt.com/english/advisories/2007/0480 | http://se
INPUT | http://www.securityfocus.com/archive/1/archive/1/459151/100/0/threaded | http://www.securityfocus.
INPUT | http://www.securityfocus.com/archive/1/archive/1/459027/100/0/threaded | http://www.hackerscenter
INPUT | 1
http://www.milw0rm.com/exploits/3262 | http://milw0rm.com/exploits/3262 | http://www.securityfocus.
INPUT | 1
http://www.milw0rm.com/exploits/3278 | http://milw0rm.com/exploits/3278 | http://www.securityfocus.
INPUT | 1
http://www.milw0rm.com/exploits/3283 | http://www.securityfocus.com/bid/22450 | http://milw0rm.com
INPUT | 1
http://secunia.com/advisories/23217 | http://www.securityfocus.com/bid/22460 | http://xforce.iss.net/x
ACCESS | ?
http://www.securityfocus.com/archive/1/archive/1/459649/100/0/threaded | http://forums.avenir-geop
INPUT | 1
http://www.milw0rm.com/exploits/3286 | http://www.frsirt.com/english/advisories/2007/0540 | http://xf
INPUT | 1
http://www.milw0rm.com/exploits/3295 | http://www.securityfocus.com/bid/22532 | http://xforce.iss.ne
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/459979/100/0/threaded | http://www.securityfocus.
INPUT | ?
http://www.securityfocus.com/archive/1/archive/1/460078/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/460076/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.milw0rm.com/exploits/3327 | http://www.securityfocus.com/bid/22602 | http://www.frsirt.co
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/461158/100/0/threaded | http://www.milw0rm.com/
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/465076/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.zerodayinitiative.com/advisories/ZDI-07-005.html | http://sunsolve.sun.com/search/docum
INPUT | http://www.ghisler.com/whatsnew.htm | http://www.securityfocus.com/bid/22033 |
INPUT | 1
http://taviso.decsystem.org/virtsec.pdf | http://www.debian.org/security/2007/dsa-1284 | http://www.s
INPUT | 1
http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00650.html | http://lists.gnu.org/archive/htm
1
http://www.red-database-security.com/advisory/oracle_discoverer_servlet.html | http://www.oracle.com/technology/deploy/secu
vger.kernel.org/msg08270.html |
http://www.securityfocus.com/bid/23447 |
http://www.redhat.com/support/errata/RHSA-
2007-0347.html |
INPUT | 1 http://secunia.com/advisories/25288 |
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.21-rc6 | http://www.mail-archive.com/g
EXCEP | 1
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223129 | http://www.redhat.com/support/errata/R
DESIGN | ?
http://bugzilla.kernel.org/show_bug.cgi?id=7727 | https://bugzilla.redhat.com/bugzilla/show_bug.cgi?
INPUT | 1 Malformed imagefile
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218932 | http://www.redhat.com/support/errata
INPUT | EXCEP | 2 length MODPROPS_2 > length MODPROPS_1
http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx | http://www.securityfocus.com/bi
hash character sequence > N appended to
INPUT | 1 PDF URL
http://www.securityfocus.com/archive/1/archive/1/455801/100/0/threaded | http://events.ccc.de/cong
EXCEP | ?
http://www-1.ibm.com/support/docview.wss?uid=swg21257251 | http://www.securityfocus.com/bid/24
(1) Window size > N and (2) range header that
EXCEP | 2 specifies multiple copies of the same fragment
http://www.securityfocus.com/archive/1/archive/1/455833/100/0/threaded | http://www.securityfocus.
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/455833/100/0/threaded | http://www.securityfocus.
IFRAME in a web page contains many nested
XML tags, document rendering interrupted by
RACE | 2 asynchronous events such as timers
http://www.securityfocus.com/archive/1/archive/1/455965/100/0/threaded | http://www.securityfocus.
PDF file with a (1) crafted catalog dictionary or
(2) a crafted Pages attribute that references an
INPUT | 1 invalid page tree node.
http://projects.info-pull.com/moab/MOAB-06-01-2007.html | http://www.securityfocus.com/bid/21910
DESIGN | 1
http://www.securityfocus.com/bid/21910 | http://projects.info-pull.com/moab/MOAB-06-01-2007.html
PDF file with a (1) crafted catalog dictionary or
(2) a crafted Pages attribute that references an
INPUT | 1 invalid page tree node.
http://www.securityfocus.com/bid/21910 | http://projects.info-pull.com/moab/MOAB-06-01-2007.html
traffic class argument length > N or POLICY
INPUT | 1 parameter length > N
http://www.securityfocus.com/archive/1/archive/1/456267/100/0/threaded | http://www.securityfocus.
EXCEP | 1
http://www.milw0rm.com/exploits/3078 | http://www.securityfocus.com/bid/21898 | http://xforce.iss.ne
INPUT | ? unspecified
http://www.securityfocus.com/archive/1/archive/1/456056/100/0/threaded | http://drupal.org/node/104
INPUT | 1
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=459 | http://secunia.com/advisorie
PATH_INFO starts with AbfrageForm or
EingabeForm, Name = malicious requests
INPUT | 2 contaning many instances of /../
http://secunia.com/advisories/23539 | http://xforce.iss.net/xforce/xfdb/31216 |
INPUT | 1
http://mailman.webdav.org/pipermail/neon/2007-January/002362.html | http://bugs.debian.org/cgi-bin
INPUT | 1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102713-1 | http://www.securityfocus.co
EXCEP | 1
http://getahead.ltd.uk/dwr/changelog | http://www.securityfocus.com/bid/21955 | http://www.frsirt.com
INPUT | http://www.cisco.com/warp/public/707/cisco-sa-20070110-jtapi.shtml | http://www.securityfocus.com/
INPUT | 1
http://www.cisco.com/warp/public/707/cisco-sa-20070110-dlsw.shtml | http://www.securityfocus.com
INPUT | EXCEP | 1 IMAP command containing crafted literal
http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx | http://www.securityfocus.com/bi
EXCEP | 1
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0209.html | http://www.securityfocus.c
INPUT | 1
http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.html | http://projects.info-pul
EXCEP | 1
http://sourceforge.net/project/shownotes.php?release_id=501476&group_id=44827 | http://www.deb
INPUT | 1
http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12 | http:/
EXCEP | 1
http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12 | http:/
1
http://downloads.securityfocus.com/vulnerabilities/exploits/22003.py | http://www.securityfocus.com/bid/22003 | http://xforce.iss
EXCEP | 1
http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html | http://projects.info-pull
?
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert
DESIGN | 1
http://projects.info-pull.com/moab/MOAB-11-01-2007.html | http://secunia.com/advisories/23725 | ht
EXCEP | 1
http://www.milw0rm.com/exploits/3126 | http://www.securityfocus.com/bid/22046 | http://milw0rm.com
INPUT | 1
http://secunia.com/advisories/23742 | http://www.frsirt.com/english/advisories/2007/0171 | http://proje
EXCEP | 1
http://security-protocols.com/sp-x41-advisory.php | http://www.securityfocus.com/bid/22059 |
INPUT | 1 ICMP6 Echo request cause inifinite loops
http://www.openbsd.org/errata39.html#icmp6 | http://www.openbsd.org/errata.html#icmp6 | http://ww
EXCEP | 1
http://www.milw0rm.com/exploits/3142 | http://www.securityfocus.com/bid/22092 | http://milw0rm.com
?
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00838612 | http://secunia.com/advisories/23802 | http://www.securityfocus
DESIGN | 1
http://www.milw0rm.com/exploits/3155 | http://www.securityfocus.com/bid/22110 | http://milw0rm.com
?
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00837319 | http://www.securityfocus.com/bid/2
INPUT | 1 HOME length > N
http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=476891 | http://xinehq.de/
|
http://dev2dev.bea.com/pub/advisory/204 ? http://www.frsirt.com/english/advisories/2007/0213 | http://securitytracker.com/id?10
EXCEP | 1
http://dev2dev.bea.com/pub/advisory/208 | http://www.frsirt.com/english/advisories/2007/0213 | http:
EXCEP | 1
http://dev2dev.bea.com/pub/advisory/213 | http://www.frsirt.com/english/advisories/2007/0213 | http:
INPUT | 1 Malformed | http://www.frsirt.com/english/advisories/2007/0213 | http:
http://dev2dev.bea.com/pub/advisory/215headers
INPUT | 1 Socket Connection manipulated
http://dev2dev.bea.com/pub/advisory/217 | http://www.frsirt.com/english/advisories/2007/0213 | http:
INPUT | EXCEP | 1 Request that triggers errors
http://dev2dev.bea.com/pub/advisory/219 | http://www.frsirt.com/english/advisories/2007/0213 | http:
INPUT | 1 Crafted FTP command
http://www.securityfocus.com/archive/1/archive/1/457454/100/0/threaded | http://lists.grok.org.uk/pip
EXCEP | 1
http://www.milw0rm.com/exploits/3157 | http://www.securityfocus.com/bid/22133 | http://xforce.iss.ne
INPUT | 1 mappingCount > N
http://www.securityfocus.com/archive/1/archive/1/457466/100/0/threaded | http://www.frsirt.com/engl
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/457406/100/0/threaded | http://archives.neohapsis
INPUT | 1 URL length > N
http://svn.apache.org/repos/asf/spamassassin/branches/3.1/build/announcements/3.1.8.txt | http://fe
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/459167/100/0/threaded | http://www.securityfocus.
http://www.wireshark.org/security/wnpa-sec-2007-01.html | http://www.securityfocus.com/bid/22352 | http://www.frsirt.com/engl
http://www.wireshark.org/security/wnpa-sec-2007-01.html | http://www.securityfocus.com/bid/22352 | http://www.frsirt.com/engl
INPUT | 1 vectors targeted for attack
http://www.wireshark.org/security/wnpa-sec-2007-01.html | http://www.securityfocus.com/bid/22352
INPUT | 1 fragmented HTTP packets
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1200 | http://www.wireshark.org/security/wnpa-s
OTHER | ?
http://www.novell.com/linux/security/advisories/2007_01_sr.html |
DESIGN | 1
http://projects.info-pull.com/moab/MOAB-25-01-2007.html | http://www.milw0rm.com/exploits/3200 |
EXCEP | 1
http://www.cisco.com/en/US/products/products_security_advisory09186a00807cb0e4.shtml | http://w
EXCEP | 1
http://www.cisco.com/en/US/products/products_security_advisory09186a00807cb0fd.shtml | http://w
INPUT | 1 show arp length > N
http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051856.html | http://xforce.iss.net/xforc
INPUT | 1 Crafted DNS request
http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052018.html | http://marc.theaimsgroup
1
http://marc.theaimsgroup.com/?l=bind-announce&m=116968519300764&w=2 | http://www.isc.org/index.pl?/sw/bind/view/?rele
EXCEP | 1
http://www.hitachi-support.com/security_e/vuls_e/HS06-021_e/01-e.html | http://www.frsirt.com/engli
OTHER | 1
http://www.hitachi-support.com/security_e/vuls_e/HS06-023_e/01-e.html | http://www.frsirt.com/engli
Files repeatedly pushed to phone over
INPUT | DESIGN | 1 Bluetooth
http://www.securityfocus.com/archive/1/archive/1/457768/100/0/threaded | http://www.securityfocus.
Files repeatedly pushed to phone over
INPUT | DESIGN | 1 Bluetooth
http://www.securityfocus.com/archive/1/archive/1/457768/100/0/threaded | http://www.securityfocus.
Files repeatedly pushed to phone over
INPUT | DESIGN | 1 Bluetooth
http://www.securityfocus.com/archive/1/archive/1/457768/100/0/threaded | http://www.securityfocus.
Files repeatedly pushed to phone over
INPUT | DESIGN | 1 Bluetooth
http://www.securityfocus.com/archive/1/archive/1/457768/100/0/threaded | http://www.securityfocus.
INPUT | 1 Crafted HTTP request
http://www.securityfocus.com/archive/1/archive/1/457758/100/0/threaded | http://www.securityfocus.
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/457999/100/0/threaded | http://www.securityfocus.
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/458003/100/0/threaded | http://www.securityfocus.
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/458003/100/0/threaded | http://www.securityfocus.
EXCEP | 1
http://www.milw0rm.com/exploits/3182 | http://secunia.com/advisories/23901 | http://xforce.iss.net/xf
1
http://www.postgresql.org/support/security | http://www.ubuntulinux.org/support/documentation/usn/usn-417-1 | http://www.frsir
INPUT | 1
http://www.postgresql.org/support/security | http://www.ubuntulinux.org/support/documentation/usn/u
INPUT | DESIGN | 1 Crafted .avi file clicked on by user
http://www.milw0rm.com/exploits/3190 | http://milw0rm.com/exploits/3190 |
INPUT | 1
http://securityresponse.symantec.com/avcenter/security/Content/2007.01.24c.html | http://www.frsirt
EXCEP | 1
http://sourceforge.net/project/shownotes.php?group_id=135704&release_id=478747 | http://www.mp
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/458443/100/0/threaded | http://lists.grok.org.uk/pip
DESIGN | 1
http://projects.info-pull.com/moab/MOAB-29-01-2007.html | http://www.securityfocus.com/bid/22304
1
http://projects.info-pull.com/moab/MOAB-29-01-2007.html | http://www.securityfocus.com/bid/22304 | http://docs.info.apple.com
EXCEP | ?
http://www.hitachi-support.com/security_e/vuls_e/HS06-019_e/01-e.html | http://www.securityfocus.c
DESIGN | ACCESS | 1
http://www.nomachine.com/news_read.php?idnews=190 | http://www.nomachine.com/tr/view.php?id
?
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102697-1 | http://www.kb.cert.org/vuls/id/967236 | http://www.sec
Improperly formatted format string specifiers
that are unhandled when calling NSLog and
INPUT | EXCEP | 1 NSBeginAlertSheet Apple http://www.securityfocus.com/bid/22326 | h
http://www.digitalmunition.com/MOAB-30-01-2007.html |AppKit.
INPUT | 1
http://www.digitalmunition.com/MOAB-30-01-2007.html | http://www.securityfocus.com/bid/22326 | h
Improperly formatted format string specifiers
that are unhandled when calling NSLog and
INPUT | EXCEP | 1 NSBeginAlertSheet Apple http://www.securityfocus.com/bid/22326 | h
http://www.digitalmunition.com/MOAB-30-01-2007.html |AppKit.
INPUT | 1
http://www.digitalmunition.com/MOAB-30-01-2007.html | http://www.securityfocus.com/bid/22326 | h
CONFIG | 1
http://www.cisco.com/warp/public/707/cisco-air-20070131-sip.shtml | http://www.cisco.com/warp/pub
ACCESS | 1
http://lz1.intel.com/psirt/advisory.aspx?intelid=INTEL-SA-00012&languageid=en-fr | http://www.frsirt.
DESIGN | ?
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102699-1 | http://www.securityfocus.co
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/458653/100/0/threaded | http://supportconnectw.ca
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/458650/100/0/threaded | http://supportconnectw.ca
EXCEP | 1
http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws/ | http://www.securityfocus.
INPUT | http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws/ | http://www.securityfocus.
DESIGN | 1
http://www.milw0rm.com/exploits/3224 | http://milw0rm.com/exploits/3224 |
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/458773/100/0/threaded | http://www.matousec.com
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/458773/100/0/threaded | http://www.matousec.com
DESIGN | EXCEP | 1
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html | https://bugzilla.redhat.c
EXCEP | 1
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html | http://docs.info.apple.c
DESIGN | ?
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html |
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/458907/100/0/threaded | http://www.securityfocus.
DESIGN | ?
http://www.redhat.com/support/errata/RHSA-2007-0169.html | http://www.securityfocus.com/bid/237
INPUT | http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.1 | http://www.frsirt.com/english/advisories/
HTML document contains JavaScript loop with
INPUT | DESIGN | 1 empty body
http://www.milw0rm.com/exploits/3272 | http://www.powerhacker.net/exploit/IE_NULL_CRASH.html
DESIGN | 1
http://milw0rm.com/exploits/3248 | http://www.securityfocus.com/bid/22365 | http://www.frsirt.com/en
INPUT | http://www.milw0rm.com/exploits/3276 | http://www.securityfocus.com/bid/22433 | http://milw0rm.com
(1) hostname in HOST: header = self AND (2)
INPUT | DESIGN | 2 port number = [particualr port on host?]
http://marc.theaimsgroup.com/?l=bugtraq&m=117086856902907&w=2 | http://marc.theaimsgroup.co
DESIGN | EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/459847/100/0/threaded | http://msdn2.microsoft.co
http://www.securityfocus.com/bid/22407 |
1
http://www.avertlabs.com/research/blog/?p=199 | http://www.avertlabs.com/research/blog/?p=206 | http://www.microsoft.com/t
http://www.securityfocus.com/bid/22497 |
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/459571/100/0/threaded | http://www.securityfocus.
EXCEP | 1
http://marc.theaimsgroup.com/?l=full-disclosure&m=117094708423302&w=2 | http://www.milw0rm.c
EXCEP | 1
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=475 | http://www.securityfocus.com
1
http://www.php.net/ChangeLog-5.php#5.2.1 | http://www.php.net/releases/5_2_1.php | http://www.securityfocus.com/bid/22496
1
http://marc.theaimsgroup.com/?l=php-dev&m=117104930526516&w=2 | http://marc.theaimsgroup.com/?l=php-dev&m=11710
RACE | ?
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102796-1 | http://www.securityfocus.co
EXCEP | ?
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00863839 | http://www.securityfocus.com
EXCEP | 1
http://www.cisco.com/en/US/products/products_security_advisory09186a00807e0a5b.shtml | http://w
INPUT | 1
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052427.html | http://secunia.com/advis
DESIGN | 1
http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml | http://w
(1) Malformed SIP packets and (2) inspect sip
INPUT | 2 option enabled
http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml | http://w
(1) Inspect http enabled and (2) malformed
INPUT | 2 HTTP traffic
http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml | http://w
2 (1) In debug level and (2) crafted packets
http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml | http://www.frsirt.com/english/adv
(1) aaa authentication match or aaa
authentication include is enabled and (2)
INPUT | 2 malformed HTTPS request
http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml | http://w
(1) aaa authentication match or aaa
authentication include is enabled and (2) HTTP
INPUT | 2 request length > N
http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml | http://w
(1) HTTPS server enabled and (2) malformed
INPUT | 2 HTTPS traffic
http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml | http://w
INPUT | 1
http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml | http://w
INPUT | 1
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228858 | http://www.php.net/releases/5_2_1.php
INPUT | 1
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=484 | http://supportconnectw.ca.co
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/460544/100/0/threaded | http://www.securityfocus.
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/460530/100/0/threaded | http://monkey.org/~provo
INPUT | 1
http://www.securityfocus.com/bid/22619 | http://www.frsirt.com/english/advisories/2007/0664 | http://x
INPUT | 1
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554 | http://www.securityfocus.c
INPUT | 1
http://www.milw0rm.com/exploits/3341 | http://www.securityfocus.com/bid/22634 |
INPUT | 1
http://www.milw0rm.com/exploits/3343 | http://www.securityfocus.com/bid/22637 | http://xforce.iss.ne
(1)filename > N in response to LIST command
INPUT | 2 and (2) long response to CWD command
http://www.milw0rm.com/exploits/3341 | http://www.securityfocus.com/bid/22634 | http://xforce.iss.ne
INPUT | 1
http://www.milw0rm.com/exploits/3347 | http://www.securityfocus.com/bid/22640 | http://xforce.iss.ne
EXCEP | 1
http://securityvulns.com/Qdocument170.html | http://securityvulns.com/news/Microsoft/Windows/Exp
RACE | 1
http://www.securityfocus.com/archive/1/archive/1/461024/100/0/threaded | http://www.securityfocus.
INPUT | EXCEP | 1 search string beginning with ".*"
http://www.wanfear.com/pipermail/scrymud/2007q1/001157.html | http://scrymud.net/downloads/Cha
INPUT | 1
http://www.securityfocus.com/data/vulnerabilities/exploits/22645.html | http://www.securityfocus.com
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/460762/100/0/threaded | http://www.securityfocus.
INPUT | ?
http://www.microsoft.com/technet/security/Bulletin/ms07-017.mspx | http://xforce.iss.net/xforce/xfdb/
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/461373/100/0/threaded | http://securityvulns.com/n
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/461373/100/0/threaded | http://securityvulns.com/Q
DESIGN | 1
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=485 | http://www.securityfocus.com
DESIGN | 1
http://www.php-security.org/MOPB/MOPB-03-2007.html | http://www.redhat.com/support/errata/RHS
EXCEP | 1
http://www.milw0rm.com/exploits/3392 | http://www.securityfocus.com/bid/22776 | http://xforce.iss.ne
EXCEP | 1
http://asterisk.org/node/48319 | http://asterisk.org/node/48320 | http://www.kb.cert.org/vuls/id/228032
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/461897/100/0/threaded | http://lists.grok.org.uk/pip
EXCEP | ?
http://www.cyberguard.info/snapgear/releases.html | http://www.securityfocus.com/bid/22835 | http://
INPUT | 1
http://www.php-security.org/MOPB/MOPB-02-2007.html | http://sourceforge.net/tracker/index.php?fu
(1) request contains invalid HMAC algorithm
INPUT | EXCEP | 2 specification AND (2) no cipher algorithm
http://marc.theaimsgroup.com/?l=full-disclosure&m=117320823618036&w=2 | http://www.securityfoc
INPUT | 1
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554 | http://xforce.iss.net/xforce
DESIGN | 1
http://www.milw0rm.com/exploits/3419 | http://www.kb.cert.org/vuls/id/194944 | http://www.securitytra
INPUT | 1
http://www.gossamer-threads.com/lists/modperl/modperl/92739 | http://svn.apache.org/repos/asf/per
INPUT | 1
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.5 | https://bugzilla.redhat.com/bugzilla
INPUT | EXCEP | 1 cookie path length > N
http://www.mozilla.org/security/announce/2007/mfsa2007-14.html |
EXCEP | 1
http://www.securityfocus.com/data/vulnerabilities/exploits/22856.html | http://www.securityfocus.com
option name = IPV6_RTHDR, option length = 0
EXCEP | 2 or option value is | http://www.kernel.org/pub/linux/kernel/v2.6/Change
http://bugzilla.kernel.org/show_bug.cgi?id=8155invalid
configured for inline use, ip_conntrack module
not loaded, UDP packets from
send_morefrag_packet and
EXCEP | 3 send_overlap_packet
http://www.milw0rm.com/exploits/3434 | http://www.securityfocus.com/bid/22872 | http://www.snort.o
EXCEP | 1
http://www.milw0rm.com/exploits/3432 | http://secunia.com/advisories/24452 | http://xforce.iss.net/xf
(1) information_schema table selected AND (2)
INPUT | EXCEP | 2 ORDER BY selected
http://www.securityfocus.com/archive/1/archive/1/462339/100/0/threaded | http://www.sec-consult.co
EXCEP | ?
http://sourceforge.net/project/shownotes.php?group_id=85523&release_id=492572 | http://www.frsir
INPUT | ?
http://www.pennmush.org/archives/pennmush-announce/2007/000137.html | http://www.securityfocu
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/462589/100/0/threaded | http://www.frsirt.com/engl
DESIGN | 1
http://supportconnectw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp | http://www3.c
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/462926/100/0/threaded | http://www.matousec.com
INPUT | EXCEP | 1 cch argument value > N
http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0063.html | http://www.securityfocus.com
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/462792/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.3 | http://www.securityfocus.com/bid/2
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/462793/100/0/threaded | http://www.symantec.com
INPUT | DESIGN | 1 gratuitous ARP packet
http://www.securityfocus.com/archive/1/archive/1/462793/100/0/threaded | http://www.symantec.com
ACCESS | 1
http://www.securityfocus.com/archive/1/archive/1/463208/100/0/threaded | http://www.reversemode.
INPUT | ?
http://www.securityfocus.com/bid/23047 | http://www.frsirt.com/english/advisories/2007/1023 | http://s
INPUT | EXCEP | 1 client ID does not exist
http://aluigi.altervista.org/adv/nasbugs-adv.txt | http://www.securityfocus.com/bid/23017 | http://www.
num_action value > N OR inputNum parameter
INPUT | EXCEP | 1 >N
http://aluigi.altervista.org/adv/nasbugs-adv.txt | http://www.securityfocus.com/bid/23017 | http://www.
EXCEP | 1
http://aluigi.altervista.org/adv/nasbugs-adv.txt | http://www.securityfocus.com/bid/23017 | http://www.
INPUT | 1
http://www.squid-cache.org/Advisories/SQUID-2007_1.txt | http://www.squid-cache.org/Versions/v2/2
EXCEP | 1
http://marc.theaimsgroup.com/?l=full-disclosure&m=117432783011737&w=2 | http://www.securityfoc
EXCEP | 1
http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf |
EXCEP | 1
http://www.milw0rm.com/exploits/3523 | http://www.securityfocus.com/bid/23049 | http://xforce.iss.ne
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/463238/100/0/threaded | http://www.securityfocus.
ACCESS | 1
http://www.truecrypt.org/docs/?s=version-history | http://www.securityfocus.com/bid/23128 | http://ww
INPUT | 1
http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/053099.html | http://www.frsirt.com/englis
EXCEP | 1
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=488 | http://esupport.trendmicro.c
DESIGN | 1
http://marc.info/?l=linux-netdev&m=117406721731891&w=2 | http://git.kernel.org/?p=linux/kernel/git
INPUT | 1
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=539 | http://www.symantec.com/a
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/463434/100/0/threaded | http://voipsa.org/pipermai
EXCEP | 1
http://www.milw0rm.com/exploits/3547 | http://www.securityfocus.com/bid/23101 | http://xforce.iss.ne
INPUT | 1
http://sourceforge.net/project/shownotes.php?release_id=495646&group_id=173277 |
EXCEP | 1
http://glowworm.us/history/release_1_5_3_b4.html |
INPUT | 1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414045 | https://bugzilla.redhat.com/bugzilla/show_
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/467646/100/0/threaded | http://www.securityfocus.
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/467646/100/0/threaded | http://www.securityfocus.
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/467646/100/0/threaded | http://www.securityfocus.
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/467646/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/467646/100/0/threaded | http://www.securityfocus.
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/467289/100/200/threaded | http://voip.null.ro/cgi-bi
1
http://www.securityfocus.com/archive/1/archive/1/463847/100/0/threaded | http://xforce.iss.net/xforce/xfdb/33503 |
OTHER | 1
http://www.securityfocus.com/archive/1/archive/1/463934/100/0/threaded | http://www.securityfocus.
INPUT | ACCESS | 1 No upper bounds of optlen value
http://www.securityfocus.com/archive/1/archive/1/463969/100/0/threaded | http://www.securitytracke
INPUT | 1
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=494 | http://www-1.ibm.com/suppo
INPUT | 1
http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0077.html | http://securityvulns.com/news
?
http://archives.neohapsis.com/archives/bugtraq/2007-03/0392.html | http://xforce.iss.net/xforce/xfdb/33309 |
EXCEP | 1
http://marc.info/?l=full-disclosure&m=117502315312302&w=2 | http://www.securityfocus.com/bid/23
EXCEP | 1
http://aluigi.altervista.org/adv/pulsex-adv.txt | http://aluigi.org/poc/pulsex.zip | http://xforce.iss.net/xfor
?
http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml | http://www.securityfocus.com/bid/23181 | http://securityt
INPUT | 1
http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml | http://www.securityfocus.com/
EXCEP | 1
http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml | http://www.securityfocus.com/
INPUT | 1
http://sourceforge.net/mailarchive/message.php?msg_name=20070406123739.GA1546%40zen.inc
ACCESS | CONFIG | 1
http://security.gentoo.org/glsa/glsa-200704-11.xml | http://www.securityfocus.com/bid/23520 | http://w
INPUT | 1
https://issues.rpath.com/browse/RPL-1309 | http://secunia.com/advisories/25083 | http://kernel.org/p
DESIGN | EXCEP | 1
http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_01.txt | http://www.frsirt.com/english/adviso
EXCEP | 1
http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_02.txt | http://www.frsirt.com/english/adviso
DESIGN | CONFIG | 1
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554 | http://secunia.com/adviso
INPUT | http://www.milw0rm.com/exploits/3690 |
1
http://www.securityfocus.com/archive/1/archive/1/464685/100/0/threaded | http://www.cybsec.com/vuln/CYBSEC-Security_Adv
DESIGN | 1
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951#6107 | http://www.frsirt.com
INPUT | http://www.tinymux.org/changes.txt | http://www.frsirt.com/english/advisories/2007/1213 |
INPUT | 1
http://sourceforge.net/forum/forum.php?forum_id=681753 | http://sourceforge.net/project/shownotes
1
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00944467 | http://www.securityfocus.com/bid/2
INPUT | 1
http://bugzilla.quagga.net/show_bug.cgi?id=354 | http://bugzilla.quagga.net/show_bug.cgi?id=355 | h
OTHER | 1
http://bftpd.sourceforge.net/downloads/CHANGELOG | http://secunia.com/advisories/24864 | http://b
INPUT | EXCEP | 1 number of line feeds > N
http://sourceforge.net/mailarchive/forum.php?thread_name=755AF709E5B77E6EA58479D5%40fox
EXCEP | 1
http://www.freeradius.org/security.html | http://frontal2.mandriva.com/security/advisories?name=MDK
EXCEP | 1
http://www.debian.org/security/2007/dsa-1281 | http://www.securityfocus.com/bid/23656 | http://secu
INPUT | http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml | http://www.securityfocus.com/b
EXCEP | 1
http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml | http://www.securityfocus.com/b
INPUT | http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml | http://www.securityfocus.com/b
INPUT | DESIGN | 1 Crafted IP packets sent to user
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102866-1 | http://www.frsirt.com/englis
EXCEP | 1
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=516 | https://knowledge.mcafee.co
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/466017/100/0/threaded | http://www.securityfocus.
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/466017/100/0/threaded | http://www.securityfocus.
INPUT | http://www.securityfocus.com/archive/1/archive/1/466017/100/0/threaded | http://www.securityfocus.
INPUT | http://www.securityfocus.com/archive/1/archive/1/466017/100/0/threaded | http://www.securityfocus.
1
http://www.obdev.at/products/sharity/releasenotes.html | http://www.securityfocus.com/bid/23572 | http://secunia.com/advisorie
EXCEP | ?
http://www.securityfocus.com/archive/1/archive/1/466319/100/0/threaded | http://www.securityfocus.
INPUT | http://www.securityfocus.com/archive/1/archive/1/466291/100/0/threaded | http://www.securityfocus.
EXCEP | 1
http://www.milw0rm.com/exploits/3770 | http://www.securityfocus.com/bid/23576 | http://xforce.iss.ne
INPUT | 1
http://www.securityfocus.com/data/vulnerabilities/exploits/23583.c | http://www.securityfocus.com/bid
INPUT | EXCEP | 1 AddAllowed value > N
http://www.securityfocus.com/archive/1/archive/1/466022/100/100/threaded | http://www.securityfocu
INPUT | EXCEP | http://www.securityfocus.com/archive/1/archive/1/466576/100/0/threaded | http://www.securityfocus.
INPUT | DESIGN | EXCEP | 1 height = 0
http://www.csis.dk/dk/forside/GdiPlus.pdf | http://www.kb.cert.org/vuls/id/290961 | http://www.security
EXCEP | 1
http://www.isc.org/index.pl?/sw/bind/bind-security.php | http://www.frsirt.com/english/advisories/2007
IPV6_RTHDR_TYPE_0 set to create network
INPUT | DESIGN | 1 amplification between 2 routers
http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf | http://openbsd.org/errata39.html#022_rou
?
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00841370 | http://www.securit
?
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102874-1 | http://www.frsirt.com/english/advisories/2007/1530 | h
EXCEP | 1
http://www.milw0rm.com/exploits/3791 | http://www.milw0rm.com/exploits/3792 | http://www.securityf
EXCEP | 1
http://www.milw0rm.com/exploits/3784 |
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/466784/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/466911/100/0/threaded | http://www.asterisk.org/fil
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/466882/100/0/threaded | http://bugs.digium.com/vi
EXCEP | 1
http://sourceforge.net/forum/forum.php?forum_id=685448 | http://sourceforge.net/project/shownotes
INPUT | http://secunia.com/advisories/24724 | http://www.securityfocus.com/bid/23640 |
INPUT | http://secunia.com/advisories/25049 | http://xforce.iss.net/xforce/xfdb/33903 |
EXCEP | 1
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=506 | http://www.enterasys.com/p
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/464819/100/0/threaded | http://www.securityfocus.
INPUT | http://sourceforge.net/project/shownotes.php?release_id=504709&group_id=63119 | http://www.mys
INPUT | 1
http://sourceforge.net/forum/forum.php?thread_id=1725156&forum_id=131392 | http://www.securityf
EXCEP | 1
http://www.rapid7.com/advisories/R7-0027.jsp | http://www.securitytracker.com/id?1017984 | http://x
INPUT | EXCEP | 1 DOS device name with arbitrary extension
http://www.rapid7.com/advisories/R7-0028.jsp | http://www.caucho.com/resin-3.1/changes/changes.
INPUT | http://sourceforge.net/project/shownotes.php?release_id=508653&group_id=5624 | http://sourceforg
EXCEP | 1
http://taviso.decsystem.org/virtsec.pdf |
INPUT | http://www.cisco.com/en/US/products/products_security_response09186a0080833172.html | http://w
?
http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml | http://www.securityfocus.com/bid
RACE | 1
http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml | http://w
1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102900-1 | http://www.securityfocus.com/bid/23751 | http://www.
EXCEP | 1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102895-1 | http://www.securityfocus.co
INPUT | http://www.securityfocus.com/archive/1/archive/1/467269/100/0/threaded | http://www.matousec.com
1
ftp://ftp.itrc.hp.com/openvms_patches/i64/V8.2-1/VMS821I_SYS-V0400.txt | ftp://ftp.itrc.hp.com/openvms_patches/i64/V8.3/VM
EXCEP | 1
http://ftp.digium.com/pub/asa/ASA-2007-013.pdf | http://www.securityfocus.com/bid/23824 | http://ww
INPUT | EXCEP | 1 Crafted COTP packets
http://www.kb.cert.org/vuls/id/MIMG-6Q3NFD | http://www.kb.cert.org/vuls/id/711420 | http://www.sec
INPUT | http://taviso.decsystem.org/virtsec.pdf |
length > N for (1) DoOleCommand, (2)
FTPDownloadFile, (3) FTPUploadFile, (4)
HttpUploadFile, (5) Save, (6) SaveWebFile, (7)
HttpDownloadFile, (8) Open, or (9)
INPUT | EXCEP | 1 OpenWebFile property value.
http://www.milw0rm.com/exploits/3826 | http://moaxb.blogspot.com/2007/05/moaxb-01-powerpointvi
length > N for (1) DoOleCommand, (2)
FTPDownloadFile, (3) FTPUploadFile, (4)
HttpUploadFile, (5) GotoPage, (6) Save, (7)
SaveWebFile, (8) HttpDownloadFile, (9) Open,
(10) OpenWebFile, (11) SaveAs, or (12)
INPUT | EXCEP | 1 ShowWordStandardDialog property value.
http://moaxb.blogspot.com/2007/05/moaxb-03-wordviewerocx-32-multiple_03.html | http://www.secu
INPUT | EXCEP | 1 Certain .ra file used by Real Player 10 Gold
http://www.milw0rm.com/exploits/3819 | http://www.securityfocus.com/bid/23712 |
DESIGN | 1
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01034753 | http://ww
(1) messenger URL contains _edit.r AND (2)
INPUT | EXCEP | 2 parameters list for _edit.r empty
http://www.securityfocus.com/archive/1/archive/1/467375/100/0/threaded | http://www.securityfocus.
create socket, release it before PPIOCGCHAN
OTHER | 2 ioctl is initalized
http://kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.21-git8.log | http://secunia.com/advisories
INPUT | http://www.securityfocus.com/archive/1/archive/1/467646/100/0/threaded | http://www.securityfocus.
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/467646/100/0/threaded | http://www.securityfocus.
INPUT | EXCEP | 1 Crafted BMP files used in ImageProcessing
http://www.securityfocus.com/archive/1/archive/1/466754/100/100/threaded | http://www.securityfocu
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/467822/100/0/threaded | http://secunia.com/adviso
EXCEP | 1
http://bugs.mysql.com/bug.php?id=27513 | http://security.gentoo.org/glsa/glsa-200705-11.xml | http:/
1
http://www.cisco.com/en/US/products/products_security_advisory09186a00808399d0.shtml | http://www.securityfocus.com/bid
INPUT | EXCEP | http://www.securityfocus.com/archive/1/archive/1/468070/100/0/threaded | http://www.securityfocus.
EXCEP | CONFIG | 1
http://www.securityfocus.com/archive/1/archive/1/468070/100/0/threaded |
User access webpage that passes invalid
INPUT | EXCEP | 1 argument to GetPropertyByID() function
http://www.securityfocus.com/archive/1/archive/1/468070/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.milw0rm.com/exploits/3891 | http://moaxb.blogspot.com/2007/05/moaxb-10-rcontroldll-v-
INPUT | EXCEP | 1 Crafted POST request cause server to | http://www.frsirt.com/english/a
http://ftp.icdevgroup.org/interchange/5.4/ANNOUNCEMENT-5.4.2.txt hang
INPUT | 1
http://lurker.clamav.net/message/20070418.111144.0df6c5d3.en.html | http://article.gmane.org/gma
INPUT | 1
http://www.milw0rm.com/exploits/3898 | http://www.securityfocus.com/bid/23941 | http://xforce.iss.ne
INPUT | 1
http://www.milw0rm.com/exploits/3910 | http://moaxb.blogspot.com/2007/05/moaxb-12-precisionid-b
INPUT | 1
http://www.milw0rm.com/exploits/3917 | http://moaxb.blogspot.com/2007/05/moaxb-13-id-automatio
INPUT | 1
http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/062773.html | http://www.critical.lt/research
CONFIG | 1
http://dev2dev.bea.com/pub/advisory/229 | http://www.frsirt.com/english/advisories/2007/1815 | http:
EXCEP | 1
http://dev2dev.bea.com/pub/advisory/237 | http://www.frsirt.com/english/advisories/2007/1815 | http:
INPUT | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413033 | http://bugs.debian.org/cgi-bin/bugreport.c
INPUT | 1
http://www.milw0rm.com/exploits/3930 | http://www.securityfocus.com/bid/23994 |
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/468626/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.milw0rm.com/exploits/3929 | http://www.securityfocus.com/bid/23993 |
DESIGN | 1
http://bugs.libgd.org/?do=details&task_id=86 |
EXCEP | 1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102752-1 | http://www.securityfocus.co
This may be 1 if the presence of an IP address
is all that is needed, or 2 or more if some other
INPUT | EXCEP | condition is required in |
http://www.aczoom.com/tools/blockhosts/CHANGES the login name
1?
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/468784/100/0/threaded | http://milw0rm.com/explo
1
http://www.globus.org/mail_archive/security-announce/2007/05/msg00000.html | http://bugzilla.globus.org/globus/show_bug.cg
EXCEP | http://lists.ratbox.org/pipermail/ircd-ratbox/2007-May/000759.html | http://www.openpkg.com/security
http://scary.beasts.org/security/CESA-2006-004.html |1http://www.securityfocus.com/bid/24004 | http://www.frsirt.com/english/a
EXCEP | 1
http://www.zerodayinitiative.com/advisories/ZDI-07-036.html |
OTHER | 1
http://www.cisco.com/en/US/products/products_security_advisory09186a0080847c49.shtml |
EXCEP | 1
http://madwifi.org/ticket/1335 | http://madwifi.org/wiki/Security |
EXCEP | 1
http://madwifi.org/ticket/1270 | http://madwifi.org/wiki/Security |
EXCEP | 1
http://www.mozilla.org/security/announce/2007/mfsa2007-13.html |
INPUT | http://spamassassin.apache.org/advisories/cve-2007-2873.txt |
EXCEP | 1
http://marc.info/?l=linux-kernel&m=118128610219959&w=2 | http://marc.info/?l=linux-kernel&m=118
INPUT | EXCEP | 1 corrupt kernel_dirent
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.2 | http://www.securityfocus.com/bid/2
ACCESS | 1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102911-1 | http://www.securityfocus.co
INPUT | 1
http://downloads.securityfocus.com/vulnerabilities/exploits/24127.html | http://www.securityfocus.com
http://www.securityfocus.com/bid/24131 | http://www.frsirt.com/english/advisories/2007/1927 | http://xforce.iss.net/xforce/xfdb/3
http://www.frsirt.com/english/advisories/2007/1936 | 1
RACE | 1
http://securityresponse.symantec.com/avcenter/security/Content/2007.05.24a.html | http://securityres
INPUT | 1
http://moaxb.blogspot.com/2007/05/moaxb-23-microsoft-office-2000.html | http://www.shinnai.altervi
DESIGN | 1
http://sourceforge.net/project/shownotes.php?group_id=107955&release_id=501861 |
INPUT | 1
http://www.f-secure.com/security/fsc-2007-4.shtml | http://www.frsirt.com/english/advisories/2007/19
EXCEP | 1
http://marc.info/?l=full-disclosure&m=118040810718045&w=2 | http://www.nruns.com/advisories/%5
EXCEP | 1
http://forum.antivir-pe.de/thread.php?threadid=22528 | http://www.securityfocus.com/bid/24187 | http
INPUT | http://sourceforge.net/project/shownotes.php?release_id=511778 | http://svn.a-eskwadraat.nl/wsvn/D
EXCEP | 1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102745-1 | http://www.securityfocus.co
ACCESS | 1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102921-1 | http://www.securityfocus.co
EXCEP | 1
http://mail.openvms.org:8100/Lists/alerts/Message/504.html | http://mail.openvms.org:8100/Lists/ale
1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1 |
INPUT | 1
http://www.appwebserver.org/forum/viewtopic.php?t=969 |
1
http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html | http://kolab.org/security/kolab-vendor-notice-15.txt |
1
http://www.hitachi-support.com/security_e/vuls_e/HS07-013_e/index-e.html | http://www.frsirt.com/english/advisories/2007/202
1
http://www.hitachi-support.com/security_e/vuls_e/HS07-012_e/index-e.html | http://www.frsirt.com/english/advisories/2007/202
INPUT | http://lists.aspl.es/pipermail/vortex/2007-May/000152.html | http://secunia.com/advisories/25442 |
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/470278/100/0/threaded | http://www.matousec.com
EXCEP | 1
http://www.milw0rm.com/exploits/4033 | http://www.securityfocus.com/bid/24292 | http://secunia.com
DESIGN | 1
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243719 | http://svn.berlios.de/viewcvs/open-iscs
DESIGN | 1
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243719 | http://svn.berlios.de/viewcvs/open-iscs
INPUT | 1
http://mdessus.free.fr/?p=15 | http://bugs.cacti.net/view.php?id=955 | http://svn.cacti.net/cgi-bin/view
INPUT | 1
http://mdessus.free.fr/?p=15 | http://bugs.cacti.net/view.php?id=955 | http://svn.cacti.net/cgi-bin/view
OTHER | ?
http://superb-west.dl.sourceforge.net/sourceforge/maradns/maradns-1.2.12.05.tar.gz | http://www.m
DESIGN | 1
http://superb-west.dl.sourceforge.net/sourceforge/maradns/maradns-1.2.12.06.tar.gz | http://www.m
OTHER | ?
http://maradns.blogspot.com/search/label/MaraDNS |
INPUT | 1
http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html | http://svn.clamav.net/svn/cla
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/470751/100/0/threaded |
EXCEP | 1
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=540 | http://www.securityfocus.com
OP.MEAS.DATAQUERY is empty and (2)
EXCEP | 2 MEAS.TYPE is empty
http://www.securityfocus.com/archive/1/archive/1/470835/100/0/threaded | http://www.securityfocus.
EXCEP | 1
http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063859.html | http://www.digit-labs.org/file
EXCEP | 1
http://www.milw0rm.com/exploits/4046 | http://www.securityfocus.com/bid/24375 | http://secunia.com
INPUT | 1
http://www.milw0rm.com/exploits/4056 | http://www.securityfocus.com/bid/24400 |
INPUT | http://aviv.raffon.net/2007/06/11/AppleSafariForWindowsOutWithACrash.aspx |
INPUT | 1 character in mesasges, tickets, or Wikis.
http://www.securityfocus.com/archive/1/archive/1/458455/100/0/threaded | http://lists.grok.org.uk/pip
INPUT | ACCESS | 1 Configuration can be modified before login
http://www.milw0rm.com/exploits/3671 | http://www.securityfocus.com/bid/23342 |
INPUT | 1 format string specifiers in aim:// URI
http://projects.info-pull.com/moab/MOAB-20-01-2007.html | http://www.frsirt.com/english/advisories/2
INPUT | 1
http://projects.info-pull.com/moab/MOAB-07-01-2007.html | http://www.omnigroup.com/applications/
INPUT | 2 username and real_name are long
http://www.securityfocus.com/archive/1/archive/1/456255/100/0/threaded | http://www.securityfocus.
INPUT | 1
https://launchpad.net/bugs/79206 | http://bugzilla.gnome.org/show_bug.cgi?id=396477 | http://ftp.gno
INPUT | 2 long #EXTINF and invalid udp:// URI in M3U http://frontal2.mandriva.c
http://www.securityfocus.com/archive/1/archive/1/456523/100/0/threaded | file
INPUT | http://sourceforge.net/project/shownotes.php?release_id=475423&group_id=21558 | http://www.secu
INPUT | http://sourceforge.net/project/shownotes.php?release_id=477793&group_id=21558 | http://www.secu
INPUT | 1 ftp:// URI > N
http://www.securityfocus.com/archive/1/archive/1/456755/100/0/threaded | http://www.securityfocus.
Code executed in format string specifiers in
INPUT | 1 INVITE request
http://projects.info-pull.com/moab/MOAB-16-01-2007.html | http://www.securityfocus.com/bid/22086
INPUT | 2 (1) A JIS ecoded font and (2) | http://www.frsirt.com/english/advisories
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607crafted string
INPUT | 1 PICT image with malformed | http://www.securityfocus.com/bid/22207
http://projects.info-pull.com/moab/MOAB-23-01-2007.html ARGB record
Code injected in format string specifiers via (1)
SWUTMP or (2) SUCATALOG filenames, or
using the (3) application/x-apple.sucatalog+xml
INPUT | 1 MIME type.
http://projects.info-pull.com/moab/MOAB-24-01-2007.html | http://www.frsirt.com/english/advisories/2
INPUT | 1
http://security-protocols.com/sp-x43-advisory.php | http://www.securityfocus.com/bid/22228 | http://d
INPUT | 1
http://www.milw0rm.com/exploits/3229 | http://www.securityfocus.com/bid/22315 | http://milw0rm.com
INPUT | 1
http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html | http://docs.info.apple.c
INPUT | 1
http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html | http://docs.info.apple.c
INPUT | 1
http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html | http://docs.info.apple.c
INPUT | 1
http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html | http://docs.info.apple.c
INPUT | 1
http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html | http://docs.info.apple.c
INPUT | http://www.milw0rm.com/exploits/3254 | http://www.securityfocus.com/bid/22377 | http://milw0rm.com
INPUT | http://www.mozilla.org/security/announce/2007/mfsa2007-01.html | http://www.securityfocus.com/arc
INPUT | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=471 | http://www.frsirt.com/english
INPUT | 1
http://lists.roaringpenguin.com/pipermail/mimedefang/2007-February/032011.html | http://secunia.co
EXCEP | 1
http://marc.theaimsgroup.com/?l=full-disclosure&m=117094708423302&w=2 | http://www.milw0rm.c
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/459928/100/0/threaded | http://lists.grok.org.uk/pip
INPUT | 1
http://www.blackhat.com/presentations/bh-europe-07/Butti/Presentation/bh-eu-07-Butti.pdf |
INPUT | 1
http://www.milw0rm.com/exploits/3331 | http://vicftps.50webs.com/ | http://www.securityfocus.com/bi
INPUT | 1
http://www.milw0rm.com/exploits/3514 | http://www.securityfocus.com/bid/23002 | http://xforce.iss.ne
EXCEP | 1
http://aluigi.altervista.org/adv/nasbugs-adv.txt | http://www.securityfocus.com/bid/23017 | http://www.
INPUT | 1
http://netsieben.com/files/CHANGELOG |
INPUT | 1
http://code.google.com/p/tinymux/issues/detail?id=282&can=2&q= | http://www.tinymux.org/changes
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/467038/100/0/threaded | http://www.vsecurity.com
INPUT | http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/054024.html | http://www.digit-labs.org/files
INPUT | http://www.frsirt.com/english/advisories/2007/1587 | http://xforce.iss.net/xforce/xfdb/34010 |
INPUT | EXCEP | 1 MIB filename argument length > N
http://www.securityfocus.com/archive/1/archive/1/468070/100/0/threaded |
INPUT | 1
http://sourceforge.net/tracker/index.php?func=detail&aid=1716196&group_id=12272&atid=112272 |
INPUT | 1
http://scary.beasts.org/security/CESA-2007-001.html | http://www.securityfocus.com/bid/24001 | http
EXCEP | 1
http://madwifi.org/ticket/1334 | http://madwifi.org/wiki/Security |
INPUT | 1
http://www.kb.cert.org/vuls/id/449089 | http://www.securityfocus.com/bid/24328 | http://www.frsirt.com
INPUT | 1
http://www.milw0rm.com/exploits/3986 | http://moaxb.blogspot.com/2007/05/moaxb-25-leadtools-ras
INPUT | 1
http://www.milw0rm.com/exploits/4009 | http://moaxb.blogspot.com/2007/05/moaxb-29-edraw-office
DESIGN | ACCESS | 1 password hash length = 2
http://www.redhat.com/archives/fedora-devel-list/2007-January/msg01271.html | http://www.redhat.c
OTHER | 1
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223233 | http://secunia.com/advisories/24225 |
INPUT | 1 modified path points to launchctl program
http://projects.info-pull.com/moab/MOAB-21-01-2007.html | http://www.osvdb.org/31605 | http://secu
(!)CFUserNotficationSend request function
INPUT | 2 used and (2) DiskUtil used
http://projects.info-pull.com/moab/MOAB-22-01-2007.html | http://docs.info.apple.com/article.html?a
ACCESS | 1
http://milw0rm.com/exploits/3068 | http://www.securityfocus.com/bid/21847 | http://secunia.com/advi
DESIGN | 1
http://www.cisco.com/warp/public/707/cisco-sa-20070103-CleanAccess.shtml | http://www.frsirt.com
Malicous program creates fake iphlpapi.dll in
INPUT | DESIGN | 1 SKPF instillation directory
http://www.securityfocus.com/archive/1/archive/1/455624/100/0/threaded | http://www.matousec.com
INPUT | 1 filename length > N
http://www.securityfocus.com/archive/1/archive/1/455729/100/0/threaded | http://www.securityfocus.
1
http://marc.theaimsgroup.com/?l=openbsd-cvs&m=116781980706409&w=2 | http://ilja.netric.org/files/Unusual%20bugs%2023
DESIGN | ACCESS | 1
http://www.securityfocus.com/archive/1/archive/1/455832/100/0/threaded | http://aria-security.com/fo
DESIGN | ACCESS | 1
http://www.securityfocus.com/archive/1/archive/1/455807/100/0/threaded | http://aria-security.com/fo
DESIGN | ACCESS | 1
http://www.milw0rm.com/exploits/3066 | http://xforce.iss.net/xforce/xfdb/31222 | http://milw0rm.com/e
DESIGN | ACCESS | 1
http://www.securityfocus.com/archive/1/archive/1/455788/100/0/threaded | http://aria-security.com/fo
ACCESS | 1
http://aria-security.com/forum/showthread.php?t=85 | http://www.frsirt.com/english/advisories/2007/0
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/455977/100/0/threaded |
INPUT | 1 Specially crafted HTML request
http://spine.sourceforge.net/changelog.html | http://www.frsirt.com/english/advisories/2007/0042 | htt
DESIGN | 1
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974970.htm | http://www.securityfocus.com/b
DESIGN | ACCESS | 1
http://www.securityfocus.com/archive/1/archive/1/456047/100/0/threaded | http://xforce.iss.net/xforce
INPUT | 1 crafted BOM file
http://projects.info-pull.com/moab/MOAB-05-01-2007.html | http://www.securityfocus.com/bid/21899
ACCESS | 1
http://sourceforge.net/project/shownotes.php?group_id=171441&release_id=475663 | http://secunia
1
ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/AXP_DNVOSIMUP01-V0703-2.txt | ftp://ftp.itrc.hp.com/openvms_patches/
DESIGN | ACCESS | 1
http://www.securityfocus.com/archive/1/archive/1/456228/100/0/threaded | http://xforce.iss.net/xforce
ACCESS | 1
http://www.securityfocus.com/archive/1/archive/1/456230/100/0/threaded | http://xforce.iss.net/xforce
DESIGN | ACCESS | 1
http://www.securityfocus.com/archive/1/archive/1/456117/100/0/threaded | http://64.38.62.221/ariase
DESIGN | ACCESS | 1
http://www.securityfocus.com/archive/1/archive/1/456226/100/0/threaded | http://xforce.iss.net/xforce
DESIGN | ACCESS | 1
http://www.securityfocus.com/archive/1/archive/1/456239/100/0/threaded | http://xforce.iss.net/xforce
DESIGN | ACCESS | 1
http://www.securityfocus.com/archive/1/archive/1/456238/100/0/threaded | http://xforce.iss.net/xforce
DESIGN | ACCESS | 1
http://www.securityfocus.com/archive/1/archive/1/456235/100/0/threaded | http://xforce.iss.net/xforce
INPUT | 1
http://arctic.org/~dean/patches/GeoIP-1.4.0-update-vulnerability.patch | http://frontal2.mandriva.com
ACCESS | 1
http://landonf.bikemonkey.org/code/macosx/MOAB_Day_8.20070109002959.18582.timor.html | http
DESIGN | ?
http://security.freebsd.org/advisories/FreeBSD-SA-07:01.jail.asc | http://www.securityfocus.com/bid/2
ACCESS | 1
http://getahead.ltd.uk/dwr/changelog | http://www.securityfocus.com/bid/21955 | http://www.frsirt.com
INPUT | 1
http://www.mnin.org/advisories/2007_firepass.pdf | https://tech.f5.com/home/solutions/sol6924.html
ACCESS | 1
http://www.mnin.org/advisories/2007_firepass.pdf | https://tech.f5.com/home/solutions/sol6922.html
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/455894/100/100/threaded |
DESIGN | ACCESS | 1
http://www.securityfocus.com/archive/1/archive/1/456128/100/0/threaded | http://www.securityfocus.
INPUT | http://www.microsoft.com/technet/security/Bulletin/MS07-007.mspx | http://www.securityfocus.com/b
INPUT | 1
http://www.microsoft.com/technet/security/Bulletin/MS07-006.mspx | http://www.kb.cert.org/vuls/id/24
INPUT | DESIGN | 1 ndeb binary feature allows overwrite
http://www.debian.org/security/2007/dsa-1269 | http://secunia.com/advisories/24377 | http://secunia.
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/456598/100/0/threaded | http://labs.calyptix.com/ad
?
http://www.securityfocus.com/archive/1/archive/1/456622/100/0/threaded |
1
http://www.securityfocus.com/archive/1/archive/1/456626/100/0/threaded | http://forums.grsecurity.net/viewtopic.php?t=1646 | h
DESIGN | 1
http://www.milw0rm.com/exploits/3116 | http://www.securityfocus.com/bid/22025 | http://secunia.com
1
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert
1
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert
?
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert
1
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert
INPUT | 1
http://oss.gonicus.de/pipermail/gosa/2007-January/002650.html | http://www.frsirt.com/english/advis
INPUT | 1 Admisnitrative actions through direct request
http://www.securityfocus.com/archive/1/archive/1/456986/100/0/threaded | http://www.securityfocus.
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/456973/100/0/threaded | http://www.matousec.com
ACCESS | ?
http://www.ingate.com/relnote-451.php | http://www.securityfocus.com/bid/22080 | http://secunia.com
DESIGN | RACE | 1
http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051793.html | http://www.securityfocus.
ACCESS | ?
http://projects.info-pull.com/moab/MOAB-15-01-2007.html | http://www.milw0rm.com/exploits/3136 |
DESIGN | RACE | 1
http://www.securityfocus.com/archive/1/archive/1/457217/100/0/threaded | http://www.securityfocus.
(1) Modified path and (2) malicious ipfw
INPUT | 2 program
http://projects.info-pull.com/moab/MOAB-18-01-2007.html | http://secunia.com/advisories/23842 | ht
DESIGN | ?
http://projects.info-pull.com/moab/MOAB-18-01-2007.html | http://secunia.com/advisories/23842 |
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/457279/100/0/threaded | http://www.securityfocus.
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/457279/100/0/threaded | http://www.securityfocus.
EXCEP | 1
http://www.securityfocus.com/archive/1/archive/1/457279/100/0/threaded | http://www.securityfocus.
INPUT | 1 user name not chached
http://code.djangoproject.com/changeset/3754 | http://secunia.com/advisories/23826 | http://www.se
(1) Does not validate client certificates and (2)
DESIGN | ACCESS | 2 reusing chached connections
http://dev2dev.bea.com/pub/advisory/202 | http://www.frsirt.com/english/advisories/2007/0213 | http:
OTHER | 1
http://dev2dev.bea.com/pub/advisory/205 | http://www.frsirt.com/english/advisories/2007/0213 | http:
ACCESS | 1
http://dev2dev.bea.com/pub/advisory/210 | http://www.frsirt.com/english/advisories/2007/0213 | http:
ACCESS | ?
http://dev2dev.bea.com/pub/advisory/211 | http://www.frsirt.com/english/advisories/2007/0213 | http:
ACCESS | 1
http://dev2dev.bea.com/pub/advisory/212 | http://www.frsirt.com/english/advisories/2007/0213 | http:
DESIGN | 1
http://dev2dev.bea.com/pub/advisory/218 | http://www.frsirt.com/english/advisories/2007/0213 | http:
INPUT | 1 Overflow allows privledges
http://dev2dev.bea.com/pub/advisory/222 | http://www.frsirt.com/english/advisories/2007/0213 | http:
DESIGN | ACCESS | ?
http://dev2dev.bea.com/pub/advisory/223 | http://www.frsirt.com/english/advisories/2007/0213 | http:
ACCESS | 1
http://dev2dev.bea.com/pub/advisory/224 | http://securitytracker.com/id?1017523 | http://secunia.com
DESIGN | 1
http://dev2dev.bea.com/pub/advisory/221 | http://securitytracker.com/id?1017524 | http://secunia.com
DESIGN | ACCESS | ?
http://dev2dev.bea.com/pub/advisory/220 | http://secunia.com/advisories/23786 |
ACCESS | 1
http://www.securityfocus.com/archive/1/archive/1/457453/100/0/threaded | http://www.securityfocus.
1
http://jvn.jp/niscc/NISCC-462660/index.html | http://www.cpni.gov.uk/Products/advisories/default.aspx?id=al-20070129-0107.xm
fopen function does not handled invalid URI
INPUT | ACCESS | 1 handlers
http://marc.info/?l=full-disclosure&m=116977186211191&w=2 | http://securityreason.com/achieveme
?
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102773-1 | http://www.securityfocus.com/bid/22190 | http://www.
INPUT | 1 Crafted report parameter
http://www.securityfocus.com/archive/1/archive/1/457683/100/0/threaded | http://www.securityfocus.
RACE | 1
https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html | http://developer.ber
DESIGN | ?
https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html | http://developer.ber
writeFile() function creates incorrect permisions
INPUT | 1 on files
https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html | http://developer.ber
DESIGN | 1
http://security.gentoo.org/glsa/glsa-200701-19.xml | http://secunia.com/advisories/23881 | http://www
ACCESS | ?
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102779-1 | http://www.securityfocus.co
DESIGN | ACCESS | 1
http://www.securityfocus.com/archive/1/archive/1/457825/100/0/threaded | http://secunia.com/adviso
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/457852/100/0/threaded | http://secunia.com/adviso
DESIGN | ACCESS | 1
http://www.securityfocus.com/archive/1/archive/1/457868/100/0/threaded | http://www.procheckup.co
DESIGN | 1
https://issues.rpath.com/browse/RPL-987 | http://lists.rpath.com/pipermail/security-announce/2007-J
INPUT | DESIGN | 1 Root privledges
https://issues.rpath.com/browse/RPL-1002 | are dropped
register_globals = true, conffile parameter
INPUT | 2 malicious
http://www.milw0rm.com/exploits/3222 | http://www.frsirt.com/english/advisories/2007/0399 | http://m
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/458076/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/458076/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/458111/100/0/threaded | http://www.devtarget.org/
Data Object is sent representing an absolute
INPUT | DESIGN | 1 pointer
http://www.securityfocus.com/archive/1/archive/1/458137/100/0/threaded | http://www.ngssoftware.c
ACCESS | 1
http://sourceforge.net/project/shownotes.php?group_id=51417&release_id=481584 | http://www.plain
INPUT | http://www.securityfocus.com/archive/1/archive/1/460063/100/0/threaded | http://secunia.com/secun
INPUT | 1
http://www.alientrap.org/devwiki/index.php?n=Nexuiz.Patch | http://www.frsirt.com/english/advisories
INPUT | http://lists.immunitysec.com/pipermail/dailydave/2007-January/004003.html | http://lists.immunitysec
INPUT | http://www.milw0rm.com/exploits/3239 | http://milw0rm.com/exploits/3239 | http://xforce.iss.net/xforc
INPUT | 1
http://www.milw0rm.com/exploits/3208 | http://www.securityfocus.com/bid/22279 | http://www.frsirt.co
ENV | 1
http://jvn.jp/jp/JVN%2393700808/index.html | http://www.fenrir.co.jp/press/20070126_2.html | http://w
INPUT | http://jvn.jp/jp/JVN%2393700808/index.html | http://www.fenrir.co.jp/press/20070126_2.html | http://w
ENV | http://docs.info.apple.com/article.html?artnum=305391 | http://lists.apple.com/archives/Security-anno
ACCESS | 1
http://www.milw0rm.com/exploits/3252 | http://www.securityfocus.com/bid/20805 | http://milw0rm.com
ACCESS | ?
http://www.securityfocus.com/archive/1/archive/1/459025/100/0/threaded | http://www.bugzilla.org/se
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/459186/100/0/threaded | http://forums.avenir-geop
DESIGN | ACCESS | ?
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0174.html | http://securityvulns.com/n
ACCESS | 1
http://www.avast.com/eng/avast-4-server-revision-history.html | http://www.securityfocus.com/bid/22
INPUT | DESIGN | ACCESS | 2 (1) session ID valid AND (2) UID = 1
http://www.milw0rm.com/exploits/3282 | http://www.securityfocus.com/bid/22451 | http://milw0rm.com
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/459397/100/0/threaded | http://www.securityfocus.
DESIGN | ?
http://www.securityfocus.com/archive/1/archive/1/459500/100/0/threaded | http://secunia.com/adviso
run rm on a low level directory, move low level
RACE | 2 directory higher as it is being deleted
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102782-1 | http://www.frsirt.com/englis
INPUT | 1
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=476 | http://www.securityfocus.com
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/459827/100/0/threaded | http://xforce.iss.net/xforce
ACCESS | 1
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00862809 | http://www.securityfocus.com
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/459794/100/0/threaded | http://www.securityfocus.
INPUT | ACCESS | 1 Authentication bypassed by direct request
http://www.securityfocus.com/archive/1/archive/1/459789/100/0/threaded | http://www.securityfocus.
$mysql['pass'] and $gbpass variables modified
INPUT | ACCESS | 2? to allow administrative privledges
http://www.securityfocus.com/archive/1/archive/1/459799/100/0/threaded |
DESIGN | ?
http://sourceforge.net/forum/forum.php?forum_id=660919 | http://www.securityfocus.com/bid/22388
CONFIG | 1
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052382.html | http://www.kb.cert.org/v
(1) Configured to use LOCAL authentication
method and (2) privlidges gained by
CONFIG | 2 unspecified vectors
http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml | http://w
1
http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml | http://www.frsirt.com/english/adv
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/460076/100/0/threaded | http://www.securityfocus.
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/460076/100/0/threaded | http://www.securityfocus.
DESIGN | 1
http://sourceforge.net/forum/forum.php?forum_id=660919 | http://superb-east.dl.sourceforge.net/sou
INPUT | 1
http://www-1.ibm.com/support/docview.wss?uid=isg1IY94901 | http://secunia.com/advisories/24154
INPUT | 1
http://www.securityfocus.com/archive/1/460217/100/0/threaded | http://lcamtuf.dione.cc/ffhostname.h
INPUT | 1
http://www.milw0rm.com/exploits/3332 | http://www.securityfocus.com/bid/22609 | http://www.frsirt.co
ACCESS | ?
http://www.rhyolite.com/anti-spam/dcc/CHANGES | http://www.securityfocus.com/bid/22622 | http://w
DESIGN | 1
http://matt.ucc.asn.au/dropbear/CHANGES | http://www.securityfocus.com/bid/22761 | http://www.frs
DESIGN | 1
http://www.zerodayinitiative.com/advisories/ZDI-07-014.html | http://www.kaspersky.com/technews?i
INPUT | ?
http://www.securityfocus.com/bid/22690 | http://www.securityfocus.com/archive/1/archive/1/461330/1
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/460917/100/0/threaded | http://www.securityfocus.
http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250 | http://www.securityfocus.com/bid/22563 | http://www.frsirt
http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250 | http://www.securityfocus.com/bid/22563 | http://www.frsirt
INPUT | 1
http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250 | http://www.securityfocus.com/b
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/461437/100/0/threaded | http://marc.theaimsgroup
ACCESS | ?
https://secure-support.novell.com/KanisaPlatform/Publishing/648/3429077_f.SAL_Public.html | http:/
INPUT | 1
http://www.php-security.org/MOPB/BONUS-12-2007.html | http://www.securityfocus.com/bid/22831 |
INPUT | 1
http://lists.kde.org/?l=kde-announce&m=117346514411140&w=2 | http://ktorrent.org/forum/viewtopic
DESIGN | 1
http://www.securityfocus.com/archive/1/archive/1/462263/100/0/threaded | http://www.securityfocus.
RACE | 1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413658 | http://www.securityfocus.com/bid/22925 |
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/462584/100/0/threaded | http://forums.avenir-geop
DESIGN | 1
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.3 | http://secunia.com/advisories/2449
DESIGN | ACCESS | 1
http://bugs.gentoo.org/show_bug.cgi?id=159542 | http://security.gentoo.org/glsa/glsa-200703-20.xm
DESIGN | CONFIG | 1
http://www.securityfocus.com/archive/1/archive/1/462793/100/0/threaded | http://www.symantec.com
Clients can be forced to connect to other
INPUT | DESIGN | 1 servers or preform a port scan
http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf | https://bugzilla.mozilla.org/show_
Clients can be forced to connect to other
INPUT | DESIGN | 1 servers or preform a port scan
http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf | http://www.securityfocus.com/bid
Clients can be forced to connect to other
INPUT | DESIGN | 1 servers or preform a port scan
http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf | http://www.ubuntu.com/usn/usn-
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/463291/100/0/threaded | http://www.metaeye.org/a
CONFIG | 1
http://archives.neohapsis.com/archives/isn/2007-q1/0418.html | http://news.com.com/Windows+wea
INPUT | 1
http://sourceforge.net/project/shownotes.php?release_id=500765 | http://www.securityfocus.com/bid
INPUT | 1
http://bugs.kde.org/show_bug.cgi?id=143637 | https://bugs.gentoo.org/show_bug.cgi?id=170303 | ht
ACCESS | 1
http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Dror | http://www.cisco.com/en
INPUT | 1
http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=252 | http://www.web-app.org/cgi-bin
DESIGN | 1
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=504 | http://www.kaspersky.com/te
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/464959/100/0/threaded | http://www.majorsecurity.
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/464886/100/0/threaded | http://www.majorsecurity.
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/464884/100/0/threaded | http://www.majorsecurity.
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/464887/100/0/threaded | http://www.majorsecurity.
INPUT | ACCESS | 1 Authentication bypassed by direct request
http://pridels.blogspot.com/2007/03/alstrasoft-video-share-enterprise.html | http://www.securityfocus.
DESIGN | ACCESS | 1
http://tweakers.net/reviews/682 | http://tweakers.net/reviews/683 |
INPUT | 1
http://www.bugtraq.ir/articles/advisory/picozip_directory_traversal/9 | http://www.securityfocus.com/b
DESIGN | 1
http://www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txt | http://www.se
DESIGN | 1
http://sourceforge.net/tracker/index.php?func=detail&aid=1696777&group_id=101952&atid=630783
(1)SECURITY_DEFINER fucntion can be
INPUT | ACCESS | 2 called and (2)authenticated user
http://www.postgresql.org/about/news.791 | http://www.postgresql.org/support/security.html | http://se
ACCESS | 1
http://www.securityfocus.com/archive/1/archive/1/466214/100/0/threaded | http://www.oracle.com/tec
ACCESS | 1
http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0569.html | http://www.securityfocus.c
INPUT | 1
http://www.milw0rm.com/exploits/3783 | http://www.securityfocus.com/bid/23617 | http://www.frsirt.co
INPUT | http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx | http://www.securityfocus.com/bi
INPUT | http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf |
DESIGN | 1
http://marc.info/?l=linux-kernel&m=118128610219959&w=2 | http://marc.info/?l=linux-kernel&m=118
(1) Port X has a bind with wild card local adress
and (2) binding is not prevented to that local
DESIGN | 2 address
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=de34ed91c4ffa4727964a83
1
http://www.securityfocus.com/archive/1/archive/1/467746/100/0/threaded | http://www.securityfocus.com/bid/23834 |
Input exceeds bound of buffer in either
config\ConfigFile.cpp or
INPUT | EXCEP | 1 \msgs\check_msgs.epp
http://www.securityfocus.com/archive/1/archive/1/468070/100/0/threaded |
DESIGN | 1
http://www.milw0rm.com/exploits/3899 | http://moaxb.blogspot.com/2007/05/morovia-barcode-active
RACE | 1
http://www.novell.com/linux/security/advisories/2007_10_sr.html | http://www.securityfocus.com/bid/2
DESIGN | 1
http://www.gamasec.net/english/gs07-01.html | http://www.cisco.com/en/US/products/products_secu
DESIGN | 1
http://www.gamasec.net/english/gs07-01.html | http://www.kb.cert.org/vuls/id/739224 | http://www.se
DESIGN | 1
http://www.gamasec.net/english/gs07-01.html | http://www.kb.cert.org/vuls/id/739224 | http://www.se
DESIGN | 1
http://bugs.mysql.com/bug.php?id=27515 | http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.htm
DESIGN | 1
http://moaxb.blogspot.com/2007/05/moaxb-15-db-software-laboratory.html | http://shinnai.altervista.o
DESIGN | 1
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c010
OTHER | ?
http://www.businessinfo.co.uk/labs/googlesnoop/snoop.html | http://www.thespanner.co.uk/2007/05/
INPUT | 1
http://www.securityfocus.com/archive/1/archive/1/470272/100/0/threaded | http://www.majorsecurity.
ACCESS | 1
http://isc.sans.org/diary.html?storyid=2220 | http://www.milw0rm.com/exploits/3293 | http://www.secu
1
2
3
0
Category
0
0
0
0
0
0
0
0
0
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
Unknown 1 way 2 way 3 way Total
152 798 55 3 1008
Cumulative 798 853 856
0.932243 0.996495 1
2007 798 55 3
2006 1620 95 25
Total 2418 150 28
Cumulative 2418 2568 2596
0.931433 0.989214 1
T 1
1 0.931
2 0.989 0.9
3 1
4 1 0.8
5 1
6 1 0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
1
NVD 2007 data
1
0.9
0.8
0.7
0.6
0.5 NVD 2007 data
0.4
0.3
0.2
0.1
0
1 way 2 way 3 way
NVD 2006, 2007
NVD 2006, 2007
2 3 4 5 6