NVD2007

Document Sample
NVD2007 Powered By Docstoc
					CVE number      Score       Severity Description                                          Loss Type
CVE-2007-0234                         ** REJECT ** DO NOT USE THIS
                                     CANDIDATE NUMBER. ConsultIDs: CVE-2007-
                                     0243. Reason: This candidate is a duplicate of
                                     CVE-2007-0243. Notes: All CVE users should
                                     reference CVE-2007-0243 instead of this
                                     candidate. All references and descriptions in
                                     this candidate have been removed to prevent
                        0   Low      accidental usage.                                    AVAIL
CVE-2007-0253                         ** DISPUTED ** Unspecified vulnerability in the
                                     grsecurity patch has unspecified impact and
                                     remote attack vectors, a different vulnerability
                                     than the expand_stack vulnerability from the
                                     Digital Armaments 20070110 pre-advisory.
                                     NOTE: the grsecurity developer has disputed
                                     this issue, stating that "the function they claim
                                     the vulnerability to be in is a trivial function,
                                     which can, and has been, easily checked for
                                     any supposed vulnerabilities." The developer
                                     also cites a past disclosure that was not proven.
                        7   High                                                          AVAIL
CVE-2007-0279                         Multiple unspecified vulnerabilities in Oracle
                                     HTTP Server 9.2.0.8 and Oracle E-Business
                                     Suite and Applications 11.5.10CU2 have
                                     unknown impact and attack vectors, aka (1)
                                     OHS01, (2) OHS02, (3) OHS05, (4) OHS06,
                        7   High     and (5) OHS07.                                       AVAIL
CVE-2007-0292                         Multiple unspecified vulnerabilities in Oracle
                                     Enterprise Manager 10.1.0.5 have unknown
                                     impact and attack vectors related to Oracle
                                     Agent, aka (1) EM01 and (2) EM02. NOTE:
                        7   High     EM05 might be related to CVE-2007-0222.              AVAIL
CVE-2007-0295                         Unspecified vulnerability in Oracle PeopleSoft
                                     Enterprise and JD Edwards EnterpriseOne
                                     8.22.13 and 8.47.11 has unknown impact and
                                     attack vectors in PeopleTools, aka PSE01.
                   3.3      Low                                                           AVAIL
CVE-2007-0525                         Multiple buffer overflows in Nickolas Grigoriadis
                                     Mini Web server (MiniWebsvr) before 0.05 have
                                     unknown impact and attack vectors.
                        7   High                                                          AVAIL
CVE-2007-0621                 ** REJECT ** DO NOT USE THIS
                             CANDIDATE NUMBER. ConsultIDs: CVE-2006-
                             6456. Reason: This candidate is a duplicate of
                             CVE-2006-6456. It was assigned for a targeted
                             zero-day attack, but further analysis revealed it
                             was for an older issue. Notes: All CVE users
                             should reference CVE-2006-6456 instead of this
                             candidate. All references and descriptions in
                             this candidate have been removed to prevent
                             accidental usage.
                 0 Low                                                      AVAIL
CVE-2007-0818               ** REJECT ** DO NOT USE THIS
                           CANDIDATE NUMBER. ConsultIDs: CVE-2007-
                           0396. Reason: This candidate is a duplicate of
                           CVE-2007-0396. Notes: All CVE users should
                           reference CVE-2007-0396 instead of this
                           candidate. All references and descriptions in
                           this candidate have been removed to prevent
                  0 Low    accidental usage.                                AVAIL
CVE-2007-0974               Multiple unspecified vulnerabilities in Ian
                           Bezanson DropBox before 0.0.4 beta have
                           unknown impact and attack vectors, possibly
                  7 High   related to a variable extraction vulnerability.  AVAIL
CVE-2007-1886               Integer overflow in the str_replace function in
                           PHP 4.4.5 and PHP 5.2.1 allows context-
                           dependent attackers to have an unknown
                           impact via a single character search string in
                           conjunction with a single character replacement
                           string, which causes an "off by one overflow."
                5.6 Medium                                                  AVAIL
CVE-2007-2051               Buffer overflow in the parsecmd function in
                           bftpd before 1.8 has unknown impact and attack
                2.3 Low    vectors related to the confstr variable.         AVAIL
CVE-2007-2436               ** REJECT ** DO NOT USE THIS
                           CANDIDATE NUMBER. ConsultIDs: CVE-2007-
                           1861. Reason: This candidate is a duplicate of
                           CVE-2007-1861. Notes: All CVE users should
                           reference CVE-2007-1861 instead of this
                           candidate. All references and descriptions in
                           this candidate have been removed to prevent
                  0 Low    accidental usage.                                AVAIL
CVE-2007-2593               The Terminal Server in Microsoft Windows
                           2003 Server, when using TLS, allows remote
                           attackers to bypass SSL and self-signed
                           certificate requirements, downgrade the server
                           security, and possibly conduct man-in-the-
                           middle attacks via unspecified vectors, as
                           demonstrated using the Remote Desktop
                           Protocol (RDP) 6.0 client. NOTE: a third party
                           claims that the vendor may have fixed this in
                  7 High   approximately 2006.                              AVAIL
CVE-2007-0054                   Cross-site scripting (XSS) vulnerability in
                               gbrowse.php in Belchior Foundry vCard PRO
                               allows remote attackers to inject arbitrary web
                 7 High        script or HTML via the sortby parameter.          AVAIL
CVE-2007-0056                   Multiple cross-site scripting (XSS)
                               vulnerabilities in AShop Deluxe 4.5 and AShop
                               Administration Panel allow remote attackers to
                               inject arbitrary web script or HTML via the (1)
                               cat parameter to (a) ashop/catalogue.php and
                               (b) ashop/basket.php, the (2) exp parameter to
                               ashop/catalogue.php, the (3) searchstring
                               parameter to (c) ashop/search.php, the (4)
                               checkout and (5) action parameters to (d)
                               ashop/shipping.php, the cat parameter to (f)
                               cart-path/admin/editcatalogue.php, and the (7)
                               resultpage parameter to (g) cart-
                               path/admin/salesadmin.php.
                 7 High                                                        AVAIL
CVE-2007-0083                 Cross-site scripting (XSS) vulnerability in
                             Nuked Klan 1.7 and earlier allows remote
                             attackers to inject arbitrary web script or HTML
                             via a javascript: URI in a getURL statement in a
                             .swf file, as demonstrated by "Remote Cookie
                             Disclosure." NOTE: it could be argued that this
                             is an issue in Shockwave instead of Nuked
                5.6   Medium Klan.                                             AVAIL
CVE-2007-0106                 Cross-site scripting (XSS) vulnerability in the
                             CSRF protection scheme in WordPress before
                             2.0.6 allows remote attackers to inject arbitrary
                             web script or HTML via a CSRF attack with an
                             invalid token and quote characters or HTML
                             tags in URL variable names, which are not
                             properly handled when WordPress generates a
                             new link to verify the request.
                5.6   Medium                                                   AVAIL
CVE-2007-0110                 Cross-site scripting (XSS) vulnerability in
                             nidp/idff/sso in Novell Access Manager Identity
                             Server before 3.0.0-1013 allows remote
                             attackers to inject arbitrary web script or HTML
                             via the IssueInstant parameter, which is not
                             properly handled in the resulting error message.
                 7    High                                                     AVAIL
CVE-2007-0119                 Multiple cross-site scripting (XSS)
                             vulnerabilities in EditTag 1.2 allow remote
                             attackers to inject arbitrary web script or HTML
                             via the plain parameter to (1) mkpw_mp.cgi, (2)
                 7    High   mkpw.pl, or (3) mkpw.cgi.                         AVAIL
CVE-2007-0121                 Cross-site scripting (XSS) vulnerability in
                             search.asp in RI Blog 1.3 allows remote
                             attackers to inject arbitrary web script or HTML
                 7    High   via the q parameter.                              AVAIL
CVE-2007-0136                   Multiple cross-site scripting (XSS)
                               vulnerabilities in Drupal before 4.6.11, and 4.7
                               before 4.7.5, allow remote attackers to inject
                               arbitrary web script or HTML via unspecified
                               parameters in the (1) filter and (2) system
                               modules. NOTE: some of these details are
                               obtained from third party information.
                5.6 Medium                                                      AVAIL
CVE-2007-0137                 Cross-site scripting (XSS) vulnerability in
                             SimpleBoxes/SerendipityNZ Serene Bach
                             2.05R and earlier, and 2.08D and earlier in the
                             2.08 series; and (2) sb 1.13D and earlier, and
                             1.18R and earlier in the 1.18 series; allows
                             remote attackers to inject arbitrary web script or
                5.6   Medium HTML via unspecified vectors.                      AVAIL
CVE-2007-0141                 Cross-site scripting (XSS) vulnerability in
                             yald.php in Yet Another Link Directory 1.0
                             allows remote attackers to inject arbitrary web
                             script or HTML via the search parameter.
                5.6   Medium                                                    AVAIL
CVE-2007-0144                 Cross-site scripting (XSS) vulnerability in
                             search.asp in Digitizing Quote And Ordering
                             System 1.0 allows remote authenticated
                             attackers to inject arbitrary web script or HTML
                 7    High   via the ordernum parameter.                        AVAIL
CVE-2007-0146                 Multiple cross-site scripting (XSS)
                             vulnerabilities in Fix and Chips CMS 1.0 allow
                             remote attackers to inject arbitrary web script or
                             HTML via the (1) id parameter in (a) delete-
                             announce.php; the (2) Announcement form field
                             in (b) staff.php; the (3) Client Name, (4)
                             Business Name, (5) Street, (6) Address 2, (7)
                             Town/City, (8) Postcode, (9) Phone Number,
                             (10) Email Address and (11) Website Address
                             form fields in (c) new_customer.php; and
                             unspecified fields in (d) search.php and (e)
                3.4   Low    client-results.php.                                AVAIL
CVE-2007-0175                 Cross-site scripting (XSS) vulnerability in
                             htsrv/login.php in b2evolution 1.8.6 allows
                             remote attackers to inject arbitrary web script or
                             HTML via scriptable attributes in the redirect_to
                             parameter. NOTE: The provenance of this
                             information is unknown; the details are obtained
                             solely from third party information.
                 7    High                                                      AVAIL
CVE-2007-0176                 Cross-site scripting (XSS) vulnerability in
                             search/advanced_search.php in GForge 4.5.11
                             allows remote attackers to inject arbitrary web
                             script or HTML via the words parameter.
                 7    High                                                      AVAIL
CVE-2007-0177               Cross-site scripting (XSS) vulnerability in the
                           AJAX module in MediaWiki before 1.6.9, 1.7
                           before 1.7.2, 1.8 before 1.8.3, and 1.9 before
                           1.9.0rc2, when wgUseAjax is enabled, allows
                           remote attackers to inject arbitrary web script or
                5.6 Medium HTML via unspecified vectors.                      AVAIL
CVE-2007-0183               Cross-site scripting (XSS) vulnerability in
                           /search in iPlanet Web Server 4.x allows remote
                           attackers to inject arbitrary web script or HTML
                           via the NS-max-records parameter. NOTE: The
                           provenance of this information is unknown; the
                           details are obtained solely from third party
                5.6 Medium information.                                       AVAIL
CVE-2007-0186               Multiple cross-site scripting (XSS)
                           vulnerabilities in F5 FirePass SSL VPN allow
                           remote attackers to inject arbitrary web script or
                           HTML via (1) the xcho parameter to
                           my.logon.php3; the (2) topblue, (3) midblue, (4)
                           wtopblue, and certain other Custom color
                           parameters in a per action to
                           vdesk/admincon/index.php; the (5) h321, (6)
                           h311, (7) h312, and certain other Front Door
                           custom text color parameters in a per action to
                           vdesk/admincon/index.php; the (8) ua
                           parameter in a bro action to
                           vdesk/admincon/index.php; the (9) app_param
                           and (10) app_name parameters to
                           webyfiers.php; (11) double eval functions; (12)
                           JavaScript contained in an
                           <FP_DO_NOT_TOUCH> element; and (13) the
                           vhost parameter to my.activation.php. NOTE: it
                           is possible that this candidate overlaps CVE-
                  7 High   2006-3550.                                         AVAIL
CVE-2007-0191               Cross-site scripting (XSS) vulnerability in
                           admin.php in MKPortal allows remote attackers
                           to inject arbitrary web script or HTML via two
                           certain fields in a contents_new operation in the
                           ad_contents section.
                  7 High                                                      AVAIL
CVE-2007-0204               Multiple cross-site scripting (XSS)
                           vulnerabilities in phpMyAdmin before 2.9.2-rc1
                           allow remote attackers to inject arbitrary web
                           script or HTML via unspecified vectors. NOTE:
                           some of these details are obtained from third
                  7 High   party information,                                 AVAIL
CVE-2007-0225               Cross-site scripting (XSS) vulnerability in
                           shopcustadmin.asp in VP-ASP Shopping Cart
                           6.09 and earlier allows remote attackers to
                           inject arbitrary web script or HTML via the msg
                  7 High   parameter.                                         AVAIL
CVE-2007-0231               Cross-site scripting (XSS) vulnerability in
                           Movable Type (MT) 3.33, when nofollow is
                           disabled and unmoderated comments are
                           enabled, allows remote attackers to inject
                           arbitrary web script or HTML via the Comments
                5.6 Medium field.                                             AVAIL
CVE-2007-0249               Cross-site scripting (XSS) vulnerability in
                           index.php in Nwom topsites 3.0 allows remote
                           attackers to inject arbitrary web script or HTML
                  7 High   via the o parameter.                               AVAIL
CVE-2007-0258               Cross-site scripting (XSS) vulnerability in
                           index.php in (1) Fastilo 2.0 and (2) Open
                           Solution Quick.Cart 2.0 allows remote attackers
                           to inject arbitrary web script or HTML via the p
                           parameter. NOTE: some of these details are
                           obtained from third party information.
                  7 High                                                      AVAIL
CVE-2007-0265               Multiple cross-site scripting (XSS)
                           vulnerabilities in Ezboxx Portal System Beta
                           0.7.6 and earlier allow remote attackers to inject
                           arbitrary web script or HTML via (1) the pic
                           parameter to custom/piczoom.asp, (2) the
                           nocatname parameter to boxx/user-upload.asp,
                           or (3) the iid parameter to
                5.6 Medium indexes/newscomments.asp.                          AVAIL
CVE-2007-0275               Cross-site scripting (XSS) vulnerability in
                           Oracle Reports Web Cartridge (RWCGI60) in
                           the Workflow Cartridge component, as used in
                           Oracle Database 9.2.0.8, 10.1.0.5, and
                           10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2,
                           and 10.1.2.2; Collaboration Suite 10.1.2; and
                           Oracle E-Business Suite and Applications
                           11.5.10CU2; allows remote authenticated users
                           to inject arbitrary HTML or web script via the
                           genuser parameter to rwcgi60, aka OWF01.
                2.8 Low                                                       AVAIL
CVE-2007-0302               Multiple cross-site scripting (XSS)
                           vulnerabilities in InstantASP 4.1.0 allow remote
                           attackers to inject arbitrary web script or HTML
                           via the (1) SessionID parameter to (a)
                           Logon.aspx, and the (2) Username and (3)
                           Update parameters to (b) Members1.aspx.
                5.6 Medium                                                    AVAIL
CVE-2007-0308               Cross-site scripting (XSS) vulnerability in Plain
                           Black WebGUI before 7.3.4 (beta) allows
                           remote attackers to inject arbitrary web script or
                  7 High   HTML via Wiki Page titles.                         AVAIL
CVE-2007-0331               Cross-site scripting (XSS) vulnerability in
                           liens.php3 in liens_dynamiques 2.1 allows
                           remote attackers to inject arbitrary web script or
                           HTML by using the ajouter=1 query string and
                  7 High   the add menu.                                      AVAIL
CVE-2007-0341                 Cross-site scripting (XSS) vulnerability in
                             phpMyAdmin 2.8.1 and earlier, when Microsoft
                             Internet Explorer 6 is used, allows remote
                             attackers to inject arbitrary web script or HTML
                             via a javascript: URI in a CSS style in the
                             convcharset parameter to the top-level URI, a
                             different vulnerability than CVE-2005-0992.
                5.6 Medium                                                         AVAIL
CVE-2007-0353                 Cross-site scripting (XSS) vulnerability in (1)
                             index.php and (2) login.php in myBloggie 2.1.5
                             allows remote attackers to inject arbitrary web
                             script or HTML via the PATH_INFO string.
                 7 High                                                            AVAIL
CVE-2007-0362                 Cross-site scripting (XSS) vulnerability in the
                             RSS feed component in FreshReader before
                             1.0.07010600 allows remote attackers to inject
                             arbitrary web script or HTML via unspecified
                             vectors, possibly related to tag attributes.
                 7 High                                                            AVAIL
CVE-2007-0363                 Cross-site scripting (XSS) vulnerability in admin-
                             search.php in (1) Openads for PostgreSQL (aka
                             phpPgAds) before 2.0.10 and (2) Openads (aka
                             phpAdsNew) before 2.0.10 allows remote
                             attackers to inject arbitrary web script or HTML
                             via unspecified parameters.
                 7 High                                                      AVAIL
CVE-2007-0364                 Multiple cross-site scripting (XSS)
                             vulnerabilities in nicecoder.com INDEXU 5.3
                             and earlier allow remote attackers to inject
                             arbitrary web script or HTML via the (1)
                             error_msg parameter to (a)
                             suggest_category.php; the (2) u parameter to
                             (b) user_detail.php; the (3) friend_name, (4)
                             friend_email, (5) error_msg, (6) my_name, (7)
                             my_email, and (8) id parameters to (c)
                             tell_friend.php; the (9) error_msg, (10) email,
                             (11) name, and (12) subject parameters to (d)
                             sendmail.php; the (13) email, (14) error_msg,
                             and (15) username parameters to (e)
                             send_pwd.php; the (16) keyword parameter to
                             (f) search.php; the (17) error_msg, (18)
                             username, (19) password, (20) password2, and
                             (21) email parameters to (g) register.php; the
                             (22) url, (23) contact_name, and (24) email
                             parameters to (h) power_search.php; the (25)
                             path and (26) total parameters to (i) new.php;
                             the (27) query parameter to (j) modify.php; the
                             (28) error_msg parameter to (k) login.php; the
                             (29) error_msg and (30) email parameters to (l)
                             mailing_list.php; the (31) gateway parameter to
                             (m) upgrade.php; and another unspecified
                 7 High      vector.                                         AVAIL
CVE-2007-0365                 Multiple cross-site scripting (XSS)
                             vulnerabilities in All In One Control Panel
                             (AIOCP) 1.3.009 and earlier allow remote
                             attackers to inject arbitrary web script or HTML
                             via unspecified vectors. NOTE: this is probably
                             a different vulnerability than CVE-2006-5830.
                 7 High                                                          AVAIL
CVE-2007-0376                 Cross-site scripting (XSS) vulnerability in
                             Virtuemart 1.0.7 allows remote attackers to
                             inject arbitrary web script or HTML via
                 7 High      unspecified vectors.                                AVAIL
CVE-2007-0379                 Cross-site scripting (XSS) vulnerability in
                             DocMan 1.3 RC2 allows remote attackers to
                             inject arbitrary web script or HTML via
                 7 High      unspecified vectors.                                AVAIL
CVE-2007-0384                 Cross-site scripting (XSS) vulnerability in
                             preview in the reviews section in PostNuke
                             0.764 allows remote attackers to inject arbitrary
                             web script or HTML via unspecified vectors.
                5.6 Medium                                                    AVAIL
CVE-2007-0390               Cross-site scripting (XSS) vulnerability in
                           index.php in sabros.us 1.7 allows remote
                           attackers to inject arbitrary web script or HTML
                  7 High   via the tag parameter.                             AVAIL
CVE-2007-0398               Multiple cross-site scripting (XSS)
                           vulnerabilities in forum.php3 in Arnaud Guyonne
                           (aka Arnotic) a-forum allow remote attackers to
                           inject arbitrary web script or HTML via the (1)
                  7 High   Sujet or (2) Pseudo field.                         AVAIL
CVE-2007-0399               Multiple cross-site scripting (XSS)
                           vulnerabilities in index.php in Simple Machines
                           Forum (SMF) 1.1 RC3 allow remote
                           authenticated users to inject arbitrary web script
                           or HTML via the (1) recipient or (2) BCC field
                           when selecting send in a pm action.
                4.2 Medium                                                    AVAIL
CVE-2007-0400               Cross-site scripting (XSS) vulnerability in
                           admin/memberlist.php in Easebay Resources
                           Login Manager 3.0 allows remote attackers to
                           inject arbitrary web script or HTML via the
                  7 High   keyword parameter.                                 AVAIL
CVE-2007-0402               Cross-site scripting (XSS) vulnerability in
                           admin/edit_member.php in Easebay Resources
                           Paypal Subscription Manager allows remote
                           attackers to inject arbitrary web script or HTML
                           via the username parameter.
                  7 High                                                      AVAIL
CVE-2007-0407               Cross-site scripting (XSS) vulnerability in
                           Operation/User.pm in Plain Black WebGUI
                           before 7.3.5 (beta) allows remote attackers to
                           inject arbitrary web script or HTML via the
                           username parameter during anonymous
                           registration, a different vector than CVE-2007-
                           0308. NOTE: it is possible that a separate
                  7 High   "WikiPage titles" issue was also fixed.          AVAIL
CVE-2007-0477               Cross-site scripting (XSS) vulnerability in
                           Openads 2.0.x before 2.0.10, 2.3 before 2.3.31
                           (aka Max Media Manager before 0.3.31-alpha-
                           pr2), and phpAdsNew/phpPgAds before 2.0.9-
                           pr1 allows remote attackers to inject arbitrary
                           web script or HTML via (1) the keyword
                           parameter in admin-search.php and (2) affiliate-
                           search.php. NOTE: this issue may overlap CVE-
                           2007-0363.
                  7 High                                                    AVAIL
CVE-2007-0483               Multiple cross-site scripting (XSS)
                           vulnerabilities in Enthusiast 3.1 allow remote
                           attackers to inject arbitrary web script or HTML
                           via the URI for (1) show_owned.php or (2)
                           show_joined.php. NOTE: The provenance of
                           this information is unknown; the details are
                           obtained solely from third party information.
                  7 High                                                    AVAIL
CVE-2007-0514               Multiple cross-site scripting (XSS)
                           vulnerabilities in multiple Hitachi Web Server,
                           uCosminexus, and Cosminexus products
                           before 20070124 allow remote attackers to
                           inject arbitrary web script or HTML via (1) HTTP
                  7 High   Expect headers or (2) image maps.                AVAIL
CVE-2007-0526               Multiple cross-site scripting (XSS)
                           vulnerabilities in Bitweaver 1.3.1 allow remote
                           attackers to inject arbitrary web script or HTML
                           via the URL (PATH_INFO) to (1)
                           articles/edit.php, (2) articles/list.php, (3)
                           blogs/list_blogs.php, or (4) blogs/rankings.php.
                2.3 Low                                                     AVAIL
CVE-2007-0537               The KDE HTML library (kdelibs), as used by
                           Konqueror 3.5.5, does not properly parse HTML
                           comments, which allows remote attackers to
                           conduct cross-site scripting (XSS) attacks and
                           bypass some XSS protection schemes by
                           embedding certain HTML tags within a
                           comment in a title tag, a related issue to CVE-
                5.6 Medium 2007-0478.                                       AVAIL
CVE-2007-0542               Cross-site scripting (XSS) vulnerability in
                           show.php in 212cafe Guestbook 4.00 beta
                           allows remote attackers to inject arbitrary web
                  7 High   script or HTML via the user parameter.           AVAIL
CVE-2007-0544               Cross-site scripting (XSS) vulnerability in
                           private.php in MyBB (aka MyBulletinBoard)
                           allows remote authenticated users to inject
                           arbitrary web script or HTML via the Subject
                4.2 Medium field, a different vector than CVE-2006-2949.      AVAIL
CVE-2007-0549               Cross-site scripting (XSS) vulnerability in
                           list3.php in 212cafeBoard 6.30 Beta allows
                           remote attackers to inject arbitrary web script or
                  7 High   HTML via the user parameter.                       AVAIL
CVE-2007-0550               Cross-site scripting (XSS) vulnerability in
                           search.php in 212cafeBoard 0.08 Beta allows
                           remote attackers to inject arbitrary web script or
                  7 High   HTML via keyword parameter.                        AVAIL
CVE-2007-0552               Cross-site scripting (XSS) vulnerability in
                           install/default/error404.html in Oh no! Not
                           another CMS (Onnac) 0.0.8.4 and earlier allows
                           remote attackers to inject arbitrary web script or
                           HTML via the error_url parameter.
                  7 High                                                      AVAIL
CVE-2007-0553               Multiple cross-site scripting (XSS)
                           vulnerabilities in index.inc.php in PHProxy
                           before 0.5 beta 2 allow remote attackers to
                           inject arbitrary web script or HTML via the (1)
                           data[realm] and (2) _url parameters, different
                           vectors than CVE-2004-2604. NOTE: some of
                           these details are obtained from third party
                  7 High   information.                                       AVAIL
CVE-2007-0565               CGI-Rescue Shopping Basket Professional
                           7.50 and earlier allows remote attackers to
                           inject arbitrary operating system commands via
                  7 High   unspecified vectors.                               AVAIL
CVE-2007-0567               Cross-site scripting (XSS) vulnerability in
                           admin.php in Interactive-Scripts.Com PHP
                           Membership Manager 1.5 allows remote
                           attackers to inject arbitrary web script or HTML
                  7 High   via the _p parameter.                              AVAIL
CVE-2007-0579               Unspecified vulnerability in the calendar
                           component in Horde Groupware Webmail
                           Edition before 1.0, and Groupware before 1.0,
                           allows remote attackers to include certain files
                           via unspecified vectors. NOTE: some of these
                           details are obtained from third party information.
                5.6 Medium                                                    AVAIL
CVE-2007-0592               Cross-site scripting (XSS) vulnerability in
                           EzDatabase 2.1.3 allows remote attackers to
                           inject arbitrary web script or HTML via
                           unspecified vectors related to admin/login.php
                           and the Admin Panel Database.
                5.6 Medium                                                    AVAIL
CVE-2007-0604              Cross-site scripting (XSS) vulnerability in
                          Movable Type (MT) before 3.34 allows remote
                          attackers to inject arbitrary web script or HTML
                          via unspecified vectors related to the
                          MTCommentPreviewIsStatic tag, which can
                          open the "comment entry screen," a different
                          vulnerability than CVE-2007-0231.
                 7 High                                                      AVAIL
CVE-2007-0610              Cross-site scripting (XSS) vulnerability in the
                          mailform feature in CMSimple 2.7 fix1 allows
                          remote attackers to inject arbitrary web script or
                          HTML via the sender parameter. NOTE: The
                          provenance of this information is unknown; the
                          details are obtained solely from third party
                 7 High   information.                                       AVAIL
CVE-2007-0611              Multiple cross-site scripting (XSS)
                          vulnerabilities in Free LAN In(tra|ter)net Portal
                          (FLIP) before 1.0-RC2 allow remote attackers to
                          inject arbitrary web script or HTML via
                          unspecified vectors in (1) inc.page.php and (2)
                 7 High   inc.text.php.                                      AVAIL
CVE-2007-0628              Multiple cross-site scripting (XSS)
                          vulnerabilities in Sun Java System Access
                          Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7
                          2005Q4 (7.0) before 20070129 allow remote
                          attackers to inject arbitrary web script or HTML
                          via the (1) goto or (2) gx-charset parameter.
                          NOTE: some of these details are obtained from
                 7 High   third party information.                           AVAIL
CVE-2007-0649              Variable overwrite vulnerability in
                          interface/globals.php in OpenEMR 2.8.2 and
                          earlier allows remote attackers to overwrite
                          arbitrary program variables and conduct other
                          unauthorized activities, such as conduct (a)
                          remote file inclusion attacks via the srcdir
                          parameter in custom/import_xml.php or (b)
                          cross-site scripting (XSS) attacks via the rootdir
                          parameter in interface/login/login_frame.php,
                          via vectors associated with extract operations
                          on the (1) POST and (2) GET superglobal
                          arrays. NOTE: this issue was originally disputed
                          before the extract behavior was identified in
                          post-disclosure analysis. Also, the original
                          report identified "Open Conference Systems,"
                          but this was an error.
                3.4 Low                                                      AVAIL
CVE-2007-0660              Cross-site scripting (XSS) vulnerability in the
                          IFrame module before 03.02.01 for DotNetNuke
                          (DNN) allows remote attackers to inject arbitrary
                          web script or HTML via unspecified vectors
                          related to "Pass through values."
                 7 High                                                      AVAIL
CVE-2007-0696                 Cross-site scripting (XSS) vulnerability in error
                             messages in Free LAN In(tra|ter)net Portal
                             (FLIP) before 1.0-RC3 allows remote attackers
                             to inject arbitrary web script or HTML via
                             unspecified parameters, different vectors than
                5.6   Medium CVE-2007-0611.                                       AVAIL
CVE-2007-0763                 Cross-site scripting (XSS) vulnerability in the
                             news comment functionality in F3Site 2.1 and
                             earlier allows remote attackers to inject arbitrary
                             web script or HTML via the Autor field.
                 7    High                                                        AVAIL
CVE-2007-0767                 Cross-site scripting (XSS) vulnerability in the
                             core in Phorum before 5.1.18 allows remote
                             attackers to inject arbitrary web script or HTML
                 7    High   via unspecified vectors.                             AVAIL
CVE-2007-0768                 Multiple cross-site scripting (XSS)
                             vulnerabilities in the Contact Details functionality
                             in Yahoo! Messenger 8.1.0.209 and earlier
                             allow user-assisted remote attackers to inject
                             arbitrary web script or HTML via a javascript:
                             URI in the SRC attribute of an IMG element to
                             the (1) First Name, (2) Last Name, and (3)
                             Nickname fields. NOTE: some of these details
                             are obtained from third party information.
                5.6   Medium                                                      AVAIL
CVE-2007-0769                 ** DISPUTED ** Cross-site scripting (XSS)
                             vulnerability in register.php in Phorum 5.1.18
                             allows remote attackers to inject arbitrary web
                             script or HTML via unspecified vectors. NOTE:
                             the vendor disputes this vulnerability, stating
                             that "The characters are escaped properly."
                 7    High                                                        AVAIL
CVE-2007-0804                 Directory traversal vulnerability in
                             admin/subpages.php in GGCMS 1.1.0 RC1 and
                             earlier allows remote attackers to inject arbitrary
                             PHP code into arbitrary files via ".." sequences
                             in the subpageName parameter, as
                             demonstrated by injecting PHP code into a
                 7    High   template file.                                       AVAIL
CVE-2007-0807                 Cross-site scripting (XSS) vulnerability in
                             info.php in flashChat 4.7.8 allows remote
                             attackers to inject arbitrary web script or HTML
                             via a channel title (aka room name) that is not
                             properly handled by the "who's online" feature.
                 7    High                                                        AVAIL
CVE-2007-0834               Cross-site scripting (XSS) vulnerability in
                           FlashChat 4.7.8 allows remote attackers to
                           inject arbitrary web script or HTML via the user
                           name field when the user joins a chat room, a
                           different vulnerability than CVE-2007-0807.
                           NOTE: the provenance of this information is
                           unknown; the details are obtained solely from
                  7 High   third party information.                             AVAIL
CVE-2007-0840               Cross-site scripting (XSS) vulnerability in
                           HLstats before 1.35 allows remote attackers to
                           inject arbitrary web script or HTML via
                           unspecified vectors in the search class. NOTE:
                           it is possible that this issue overlaps CVE-2006-
                5.6 Medium 4543.3 or CVE-2006-4454.                             AVAIL
CVE-2007-0846               Cross-site scripting (XSS) vulnerability in
                           forum.php in Open Tibia Server CMS
                           (OTSCMS) 2.1.5 and earlier allows remote
                           attackers to inject arbitrary HTML or web script
                5.6 Medium via the name parameter.                              AVAIL
CVE-2007-0852               Cross-site scripting (XSS) vulnerability in
                           DevTrack 6.x allows remote attackers to inject
                           arbitrary web script or HTML via the "Keyword
                           search" form field and unspecified other form
                           fields that populate a public saved query.
                           NOTE: the provenance of this information is
                           unknown; the details are obtained solely from
                  7 High   third party information.                             AVAIL
CVE-2007-0871               Unrestricted file upload vulnerability in
                           eXtremePow eXtreme File Hosting allows
                           remote attackers to upload arbitrary PHP code
                           via a filename with a double extension such as
                  7 High   (1) .rar.php or (2) .zip.php.                        AVAIL
CVE-2007-0873               nabopoll 1.1.2 allows remote attackers to
                           bypass authentication and access certain
                           administrative functionality via a direct request
                           for (1) config_edit.php, (2) template_edit.php, or
                           (3) survey_edit.php in admin/.
                  7 High                                                        AVAIL
CVE-2007-0874               Allons_voter 1.0 allows remote attackers to
                           bypass authentication and access certain
                           administrative functionality via a direct request
                           for (1) admin_ajouter.php or (2)
                           admin_supprimer.php. NOTE: this could be
                           leveraged to conduct cross-site scripting (XSS)
                  7 High   attacks.                                             AVAIL
CVE-2007-0885               Cross-site scripting (XSS) vulnerability in
                           jira/secure/BrowseProject.jspa in Rainbow with
                           the Zen (Rainbow.Zen) extension allows remote
                           attackers to inject arbitrary web script or HTML
                  7 High   via the id parameter.                                AVAIL
CVE-2007-0896             Cross-site scripting (XSS) vulnerability in the
                         (1) Sage before 1.3.10, and (2) Sage++
                         extensions for Firefox, allows remote attackers
                         to inject arbitrary web script or HTML via a
                         "<SCRIPT/=''SRC='" sequence in an RSS feed,
                         a different vulnerability than CVE-2006-4712.
                7 High                                                        AVAIL
CVE-2007-0950             Cross-site scripting (XSS) vulnerability in
                         listmain.asp in Fullaspsite ASP Hosting Site
                         allows remote attackers to inject arbitrary web
                7 High   script or HTML via the cat parameter.                AVAIL
CVE-2007-0952             Multiple cross-site scripting (XSS)
                         vulnerabilities in Scriptsez.net Virtual Calendar
                         allow remote attackers to inject arbitrary web
                         script or HTML via the (1) t and (2) yr
                         parameters, and the (3) sho parameter when
                         the m parameter is outside the intended range.
                7 High                                                        AVAIL
CVE-2007-0969             Multiple cross-site scripting (XSS)
                         vulnerabilities in WebTester 5.0.20060927 and
                         earlier allow remote attackers to inject arbitrary
                         web script or HTML via unspecified vectors
                         related to POST parameters to multiple files.
                7 High                                                        AVAIL
CVE-2007-1240             Multiple cross-site scripting (XSS)
                         vulnerabilities in Docebo CMS 3.0.3 through
                         3.0.5 allow remote attackers to inject arbitrary
                         web script or HTML via (1) the searchkey
                         parameter to index.php, or the (2) sn or (3) ri
                         parameter to modules/htmlframechat/index.php.
                         NOTE: the provenance of this information is
                         unknown; the details are obtained solely from
                         third party information.
                7 High                                                     AVAIL
CVE-2007-1714             Cross-site scripting (XSS) vulnerability in
                         index.php in CcCounter 2.0 allows remote
                         attackers to inject arbitrary web script or HTML
                7 High   via dir parameter.                                AVAIL
CVE-2007-1736             Mozilla Firefox 2.0.0.3 does not check URLs
                         embedded in (1) object or (2) iframe HTML tags
                         against the phishing site blacklist, which allows
                         remote attackers to bypass phishing protection.
                7 High                                                     AVAIL
CVE-2007-1737             Opera 9.10 does not check URLs embedded in
                         (1) object or (2) iframe HTML tags against the
                         phishing site blacklist, which allows remote
                         attackers to bypass phishing protection.
                7 High                                                     AVAIL
CVE-2007-1802             Cross-site scripting (XSS) vulnerability in
                         MailDwarf 3.01 and earlier allows remote
                         attackers to inject arbitrary web script or HTML
                7 High   via unspecified vectors.                          AVAIL
CVE-2007-2724              Cross-site scripting (XSS) vulnerability in
                          all_photos.html in fotolog allows remote
                          attackers to inject arbitrary web script or HTML
                2.3 Low   via the user parameter.                               AVAIL
CVE-2007-2811              Cross-site scripting (XSS) vulnerability in OSK
                          Advance-Flow 4.41 and earlier allows remote
                          attackers to inject arbitrary web script or HTML
                2.3 Low   via unspecified vectors.                              AVAIL
CVE-2007-2812              Cross-site scripting (XSS) vulnerability in
                          hlstats.php in HLstats 1.35, and possibly earlier,
                          allows remote attackers to inject arbitrary web
                          script or HTML via (1) the PATH_INFO or (2)
                2.3 Low   the action parameter.                                 AVAIL
CVE-2007-2818              Cross-site scripting (XSS) vulnerability in
                          cand_login.asp in CactuSoft Parodia 6.4 and
                          earlier allows remote attackers to inject arbitrary
                          web script or HTML via the strJobIDs
                2.3 Low   parameter.                                            AVAIL
CVE-2007-2819              Cross-site scripting (XSS) vulnerability in
                          reportItem.do in Track+ 3.3.2 and earlier allows
                          remote attackers to inject arbitrary web script or
                2.3 Low   HTML via the projId parameter.                        AVAIL
CVE-2007-2847              Multiple cross-site scripting (XSS)
                          vulnerabilities in hlstats.php in HLstats 1.35, and
                          possibly earlier, allow remote attackers to inject
                          arbitrary web script or HTML via the (1)
                          authusername or (2) authpassword parameter,
                          different vectors than CVE-2007-0840 and CVE-
                10 High   2007-2812.                                            AVAIL
CVE-2007-2865              Cross-site scripting (XSS) vulnerability in
                          sqledit.php in phpPgAdmin 4.1.1 allows remote
                          attackers to inject arbitrary web script or HTML
                 8 High   via the server parameter.                             AVAIL
CVE-2007-2995              Unspecified vulnerability in sysmgt.websm.rte
                          in IBM AIX 5.2.0 and 5.3.0 has unknown impact
                          and attack vectors.
                1.9 Low                                                         AVAIL
CVE-2007-3089              Mozilla Firefox does not prevent use of
                          document.write to replace an IFRAME (1)
                          during the load stage or (2) in the case of an
                          about:blank frame, which allows remote
                          attackers to display arbitrary HTML or execute
                          certain JavaScript code, as demonstrated by
                          code that intercepts keystroke values from
                          window.event, aka the "promiscuous IFRAME
                          access bug," a related issue to CVE-2006-4568.
                10 High                                                         AVAIL
CVE-2007-3152              c-ares before 1.4.0 uses a predictable seed for
                          the random number generator for the DNS
                          Transaction ID field, which might allow remote
                          attackers to spoof DNS responses by guessing
                 7 High   the field value.                                      AVAIL
CVE-2007-0047                   CRLF injection vulnerability in Adobe Acrobat
                               Reader Plugin before 8.0.0, when used with the
                               Microsoft.XMLHTTP ActiveX object in Internet
                               Explorer, allows remote attackers to inject
                               arbitrary HTTP headers and conduct HTTP
                               response splitting attacks via CRLF sequences
                               in the javascript: URI in the (1) FDF, (2) XML, or
                               (3) XFDF AJAX request parameters.
                5.6 Medium                                                          AVAIL
CVE-2007-0266                 SQL injection vulnerability in
                             boxx/ShowAppendix.asp in Ezboxx Portal
                             System Beta 0.7.6 and earlier allows remote
                             attackers to inject arbitrary web script or HTML
                 7    High   via the iid parameter.                                 AVAIL
CVE-2007-0268                 Multiple unspecified vulnerabilities in Oracle
                             Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have
                             unknown impact and attack vectors related to
                             (1) the Advanced Queuing component and
                             sys.dbms_aqsys.dbms_aq privileges (DB01),
                             (2) Advanced Replication and
                             sys.dbms_repcat_untrusted (DB07), and (3)
                             Oracle Text and ctxload (DB15). NOTE: Oracle
                             has not publicly claims by reliable researchers
                             that DB01 is for SQL injection in the
                             SYS.DBMS_AQ_INV package, and DB07 is for
                             a buffer overflow in the
                             UNREGISTER_SNAPSHOT procedure in the
                4.2   Medium DBMS_REPCAT_UNTRUSTED package.                         AVAIL
CVE-2007-0370                 Unrestricted file upload vulnerability in
                             index.php in phpBP RC3 (2.204) and earlier
                             allows remote administrators to inject arbitrary
                             PHP code into an upload/banners/ file via a
                             banners add operation that uploads the PHP
                             code through an image_form parameter
                             specifying a multiple-extension filename such
                             as .jpg.vil.gif.php, which is stored in
                             upload/banners/ under a different name, and
                             executable via a direct request. NOTE: a
                             separate SQL injection issue could be
                             leveraged to make this vulnerability reachable
                             by remote unauthenticated attackers.
                 7    High                                                          AVAIL
CVE-2007-0639                 Multiple static code injection vulnerabilities in
                             error.php in GuppY 4.5.16 and earlier allow
                             remote attackers to inject arbitrary PHP code
                             into a .inc file in the data/ directory via (1) a
                             REMOTE_ADDR cookie or (2) a cookie
                             specifying an element of the msg array with an
                             error number in the first dimension and 0 in the
                             second dimension, as demonstrated by
                 7    High   msg[999][0].                                           AVAIL
CVE-2007-0864               SQL injection vulnerability in register.php in
                           LushiWarPlaner 1.0 allows remote attackers to
                           inject arbitrary SQL commands via the id
                  7 High   parameter.                                        AVAIL
CVE-2007-0865               SQL injection vulnerability in comments.php in
                           LushiNews 1.01 and earlier allows remote
                           authenticated users to inject arbitrary SQL
                  7 High   commands via the id parameter.                    AVAIL
CVE-2007-0892               CRLF injection vulnerability in phpMyVisites
                           before 2.2 allows remote attackers to inject
                           arbitrary HTTP headers and conduct HTTP
                           response splitting attacks via CRLF sequences
                           in the url parameter, when the pagename
                  7 High   parameter begins with "FILE:".                    AVAIL
CVE-2007-2291               CRLF injection vulnerability in the Digest
                           Authentication support for Microsoft Internet
                           Explorer 7.0.5730.11 allows remote attackers to
                           conduct HTTP response splitting attacks via a
                           LF (%0a) in the username attribute.
                  7 High                                                     AVAIL
CVE-2007-2509               CRLF injection vulnerability in the ftp_putcmd
                           function in PHP before 4.4.7, and 5.x before
                           5.2.2 allows remote attackers to inject arbitrary
                           FTP commands via CRLF sequences in the
                           parameters to earlier FTP commands.
                  7 High                                                     AVAIL
CVE-2007-2731               CRLF injection vulnerability in formmail.php in
                           Jetbox CMS 2.1 might allow remote attackers to
                           inject arbitrary e-mail headers via LF (%0A)
                           sequences in the subject parameter, a related
                           issue to CVE-2007-1898.
                3.7 Low                                                      AVAIL
CVE-2007-0015               Buffer overflow in Apple QuickTime 7.1.3
                           allows remote attackers to execute arbitrary
                5.6 Medium code via a long rtsp:// URI.                      AVAIL
CVE-2007-0016               Stack-based buffer overflow in MoviePlay 4.76
                           allows remote attackers to execute arbitrary
                           code via a long filename in a LST file. NOTE:
                           The provenance of this information is unknown;
                           the details are obtained solely from third party
                  7 High   information.                                      AVAIL
CVE-2007-0017                 Multiple format string vulnerabilities in (1) the
                             cdio_log_handler function in
                             modules/access/cdda/access.c in the CDDA
                             (libcdda_plugin) plugin, and the (2)
                             cdio_log_handler and (3) vcd_log_handler
                             functions in modules/access/vcdx/access.c in
                             the VCDX (libvcdx_plugin) plugin, in VideoLAN
                             VLC 0.7.0 through 0.8.6 allow user-assisted
                             remote attackers to execute arbitrary code via
                             format string specifiers in an invalid URI, as
                             demonstrated by a udp://-- URI in an M3U file.
                5.6 Medium                                                  AVAIL
CVE-2007-0018               Stack-based buffer overflow in the
                           NCTAudioFile2.AudioFile ActiveX control
                           (NCTAudioFile2.dll), as used by multiple
                           products, allows remote attackers to execute
                           arbitrary code via a long argument to the
                           SetFormatLikeSample function. NOTE: the
                           products include (1) NCTsoft NCTAudioStudio,
                           NCTAudioEditor, and NCTDialogicVoice; (2)
                           Magic Audio Recorder, Music Editor, and Audio
                           Converter; (3) Aurora Media Workshop; DB
                           Audio Mixer And Editor; (4) J. Hepple Products
                           including Fx Audio Editor and others; (5)
                           EXPStudio Audio Editor; (6) iMesh; (7)
                           Quikscribe; (8) RMBSoft AudioConvert and
                           SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-
                           it Software Wave MP3 Editor and aBasic Editor;
                           (11) Movavi VideoMessage, DVD to iPod, and
                           others; (12) SoftDiv Software Dexster,
                           iVideoMAX, and others; (13) Sienzo Digital
                           Music Mentor (DMM); (14) MP3 Normalizer;
                           (15) Roemer Software FREE and Easy Hi-Q
                           Recorder, and Easy Hi-Q Converter; (16) Audio
                           Edit Magic; (17) Joshua Video and Audio
                           Converter; (18) Virtual CD; (19) Cheetah CD
                           and DVD Burner; (20) Mystik Media AudioEdit
                           Deluxe, Blaze Media, and others; (21) Power
                           Audio Editor; (22) DanDans Digital Media Full
                  8 High   Audio Converter, Music Editing Master, and       AVAIL
CVE-2007-0019               Multiple heap-based buffer overflows in
                           rumpusd in Rumpus 5.1 and earlier (1) allow
                           remote authenticated users to execute arbitrary
                           code via a long LIST command and other
                           unspecified requests to the FTP service, and (2)
                           allow remote attackers to execute arbitrary code
                           via unspecified requests to the HTTP service.
                4.2 Medium                                                  AVAIL
CVE-2007-0020                   Heap-based buffer overflow in the SFTP
                               protocol handler for Panic Transmit
                               (Transmit.app) up to 3.5.5 allows remote
                               attackers to execute arbitrary code via a long
                 8 High        ftps:// URL.                                      AVAIL
CVE-2007-0025                   The MFC component in Microsoft Windows
                               2000 SP4, XP SP2, and 2003 SP1 and Visual
                               Studio .NET 2000, 2002 SP1, 2003, and 2003
                               SP1 allows user-assisted remote attackers to
                               execute arbitrary code via an RTF file with a
                               malformed OLE object that triggers memory
                               corruption. NOTE: this might be due to a stack-
                               based buffer overflow in the the
                               AfxOleSetEditMenu function in MFC42u.dll.
                 8 High                                                         AVAIL
CVE-2007-0026                 The OLE Dialog component in Microsoft
                             Windows 2000 SP4, XP SP2, and 2003 SP1
                             allows user-assisted remote attackers to
                             execute arbitrary code via an RTF file with a
                             malformed OLE object that triggers memory
                 8    High   corruption.                                        AVAIL
CVE-2007-0046                 Double free vulnerability in the Adobe Acrobat
                             Reader Plugin before 8.0.0, as used in Mozilla
                             Firefox 1.5.0.7, allows remote attackers to
                             execute arbitrary code by causing an error via a
                             javascript: URI call to document.write in the (1)
                             FDF, (2) XML, or (3) XFDF AJAX request
                 7    High   parameters.                                        AVAIL
CVE-2007-0050                 ** DISPUTED ** PHP remote file inclusion
                             vulnerability in index.php in OpenPinboard 2.0
                             allows remote attackers to execute arbitrary
                             PHP code via a URL in the language
                             parameter. NOTE: this issue has been disputed
                             by the developer and a third party, since the
                             variable is set before use. CVE analysis
                             suggests that there is a small time window of
                             risk before the installation is complete.
                 7    High                                                      AVAIL
CVE-2007-0051                 Format string vulnerability in Apple iPhoto 6.0.5
                             (316), and other versions before 6.0.6, allows
                             remote user-assisted attackers to execute
                             arbitrary code via a crafted photocast with
                             format string specifiers in the title of an RSS
                5.6   Medium iPhoto feed.                                       AVAIL
CVE-2007-0059                   Cross-zone scripting vulnerability in Apple
                               Quicktime 3 to 7.1.3 allows remote user-
                               assisted attackers to execute arbitrary code and
                               list filesystem contents via a QuickTime movie
                               (.MOV) with an HREF Track (HREFTrack) that
                               contains an automatic action tag with a local
                               URI, which is executed in a local zone during
                               preview, as exploited by a MySpace worm.
                5.6 Medium                                                         AVAIL
CVE-2007-0082                 users_adm/start1.php in IMGallery 2.5 and
                             earlier does not properly handle files with
                             multiple extensions, which allows remote
                             authenticated users to upload and execute
                4.2   Medium arbitrary PHP scripts.                                AVAIL
CVE-2007-0097                 Multiple stack-based buffer overflows in the (1)
                             LoadTree and (2) ReadHeader functions in
                             PAISO.DLL 1.7.3.0 (1.7.3 beta) in ConeXware
                             PowerArchiver 2006 9.64.02 allow user-
                             assisted attackers to execute arbitrary code via
                             a crafted ISO file containing a file within several
                             nested directories.
                 8    High                                                         AVAIL
CVE-2007-0098                 Directory traversal vulnerability in language.php
                             in VerliAdmin 0.3 and earlier, when
                             magic_quotes_gpc is disabled, allows remote
                             attackers to include and execute arbitrary local
                             files via a .. (dot dot) in the lang cookie, as
                             demonstrated by injecting PHP sequences into
                             an Apache HTTP Server log file, which is then
                             included by language.php.
                5.6   Medium                                                       AVAIL
CVE-2007-0105                 Stack-based buffer overflow in the CSAdmin
                             service in Cisco Secure Access Control Server
                             (ACS) for Windows before 4.1 and ACS
                             Solution Engine before 4.1 allows remote
                             attackers to execute arbitrary code via a crafted
                 7    High   HTTP GET request.                                     AVAIL
CVE-2007-0111                 Buffer overflow in Resco Photo Viewer for
                             PocketPC 4.11 and 6.01, as used in mobile
                             devices running Windows Mobile 5.0, 2003, and
                             2003SE, allows remote attackers to execute
                             arbitrary code via a crafted PNG image.
                5.6   Medium                                                       AVAIL
CVE-2007-0123                 Unrestricted file upload vulnerability in Uber
                             Uploader 4.2 allows remote attackers to upload
                             and execute arbitrary PHP scripts by naming
                             them with a .phtml extension, which bypasses
                             the .php extension check but is still executable
                             on some server configurations.
                5.6   Medium                                                       AVAIL
CVE-2007-0126               Heap-based buffer overflow in Opera 9.02
                           allows remote attackers to execute arbitrary
                           code via a JPEG file with an invalid number of
                           index bytes in the Define Huffman Table (DHT)
                5.6 Medium marker.                                           AVAIL
CVE-2007-0127               The Javascript SVG support in Opera before
                           9.10 does not properly validate object types in a
                           createSVGTransformFromMatrix request, which
                           allows remote attackers to execute arbitrary
                           code via JavaScript code that uses an invalid
                           object in this request that causes a controlled
                           pointer to be referenced during the virtual
                  7 High   function call.                                    AVAIL
CVE-2007-0135               PHP remote file inclusion vulnerability in
                           inc/init.inc.php in Aratix 0.2.2 beta 11 and
                           earlier, when register_globals is enabled, allows
                           remote attackers to execute arbitrary PHP code
                           via a URL in the current_path parameter.
                5.6 Medium                                                   AVAIL
CVE-2007-0143               Multiple PHP remote file inclusion
                           vulnerabilities in NUNE News Script 2.0pre2
                           allow remote attackers to execute arbitrary PHP
                           code via a URL in the custom_admin_path
                           parameter to (1) index.php or (2) archives.php.
                5.6 Medium                                                   AVAIL
CVE-2007-0145               PHP remote file inclusion vulnerability in
                           bn_smrep1.php in BinGoPHP News (BP News)
                           3.01 allows remote attackers to execute
                           arbitrary PHP code via a URL in the bnrep
                           parameter, a different vector than CVE-2006-
                  7 High   4648 and CVE-2006-4649.                           AVAIL
CVE-2007-0150               Multiple PHP remote file inclusion
                           vulnerabilities in index.php in Dayfox Blog allow
                           remote attackers to execute arbitrary PHP code
                           via a URL in the (1) page, (2) subject, and (3) q
                  7 High   parameters.                                       AVAIL
CVE-2007-0161               The PML Driver HPZ12 (HPZipm12.exe) in the
                           HP all-in-one drivers, as used by multiple HP
                           products, uses insecure
                           SERVICE_CHANGE_CONFIG DACL
                           permissions, which allows local users to gain
                           privileges and execute arbitrary programs, as
                           demonstrated by modifying the binpath
                           argument, a related issue to CVE-2006-0023.
                2.3 Low                                                      AVAIL
CVE-2007-0167             Multiple PHP file inclusion vulnerabilities in
                         WGS-PPC (aka PPC Search Engine), as
                         distributed with other aliases, allow remote
                         attackers to execute arbitrary PHP code via a
                         URL in the INC parameter in (1)
                         config_admin.php, (2) config_main.php, (3)
                         config_member.php, and (4) mysql_config.php
                         in config/; (5) admin.php and (6) index.php in
                         admini/; (7) paypalipn/ipnprocess.php; (8)
                         index.php and (9) registration.php in members/;
                         and (10) ppcbannerclick.php and (11)
                         ppcclick.php in main/.
                7 High                                                      AVAIL
CVE-2007-0168             The Tape Engine service in Computer
                         Associates (CA) BrightStor ARCserve Backup
                         9.01 through 11.5, Enterprise Backup 10.5, and
                         CA Server/Business Protection Suite r2 allows
                         remote attackers to execute arbitrary code via
                         certain data in opnum 0xBF in an RPC request,
                         which is directly executed.
                7 High                                                      AVAIL
CVE-2007-0169             Multiple buffer overflows in Computer
                         Associates (CA) BrightStor ARCserve Backup
                         9.01 through 11.5, Enterprise Backup 10.5, and
                         CA Server/Business Protection Suite r2 allow
                         remote attackers to execute arbitrary code via
                         RPC requests with crafted data for opnums (1)
                         0x2F and (2) 0x75 in the (a) Message Engine
                         RPC service, or opnum (3) 0xCF in the Tape
                         Engine service.
                7 High                                                      AVAIL
CVE-2007-0170             PHP remote file inclusion vulnerability in
                         index.php in AllMyVisitors 0.4.0 allows remote
                         attackers to execute arbitrary PHP code via a
                         URL in the AMV_serverpath parameter.
                7 High                                                      AVAIL
CVE-2007-0171             PHP remote file inclusion vulnerability in
                         index.php in AllMyLinks 0.5.0 and earlier allows
                         remote attackers to execute arbitrary PHP code
                         via a URL in the AML_opensite parameter.
                7 High                                                      AVAIL
CVE-2007-0172             Multiple PHP remote file inclusion
                         vulnerabilities in AllMyGuests 0.3.0 and earlier
                         allow remote attackers to execute arbitrary PHP
                         code via a URL in the AMG_serverpath
                         parameter to (1) comments.php and (2)
                         signin.php; and possibly via a URL in
                         unspecified parameters to (3)
                         include/submit.inc.php, (4) admin/index.php, (5)
                         include/cm_submit.inc.php, and (6) index.php.

                7 High                                                      AVAIL
CVE-2007-0173                 Directory traversal vulnerability in index.php in
                             L2J Statistik Script 0.09 and earlier, when
                             register_globals is enabled and magic_quotes is
                             disabled, allows remote attackers to include and
                             execute arbitrary local files via a .. (dot dot) in
                             the page parameter, as demonstrated by
                             injecting PHP sequences into an Apache HTTP
                             Server log file, which is then included by
                             index.php.
                5.6 Medium                                                         AVAIL
CVE-2007-0174                 Multiple stack-based multiple buffer overflows
                             in the BRWOSSRE2UC.dll ActiveX Control in
                             Sina UC2006 and earlier allow remote attackers
                             to execute arbitrary code via a long string in the
                             (1) astrVerion parameter to the
                             SendChatRoomOpt function or (2) the
                             astrDownDir parameter to the
                 7 High      SendDownLoadFile function.                            AVAIL
CVE-2007-0178                 PHP remote file inclusion vulnerability in
                             info.php in Easy Banner Pro 2.8 allows remote
                             attackers to execute arbitrary PHP code via a
                 7 High      URL in the s[phppath] parameter.                      AVAIL
CVE-2007-0180                 Stack-based buffer overflow in EF Commander
                             5.75 allows user-assisted attackers to execute
                             arbitrary code via a crafted ISO file containing a
                             file within several nested directories, which
                             produces a large filename that triggers the
                 8 High      overflow.                                             AVAIL
CVE-2007-0181                 PHP remote file inclusion vulnerability in
                             include/common_function.php in magic photo
                             storage website allows remote attackers to
                             execute arbitrary PHP code via a URL in the
                 7 High      _config[site_path] parameter.                         AVAIL
CVE-2007-0182                 Multiple PHP remote file inclusion
                             vulnerabilities in magic photo storage website
                             allow remote attackers to execute arbitrary PHP
                             code via a URL in the _config[site_path]
                             parameter to (1) admin_password.php, (2)
                             add_welcome_text.php, (3) admin_email.php,
                             (4) add_templates.php, (5)
                             admin_paypal_email.php, (6)
                             approve_member.php, (7) delete_member.php,
                             (8) index.php, (9) list_members.php, (10)
                             membership_pricing.php, or (11)
                             send_email.php in admin/; (12) config.php or
                             (13) db_config.php in include/; or (14)
                             add_category.php, (15) add_news.php, (16)
                             change_catalog_template.php, (17)
                             couple_milestone.php, (18) couple_profile.php,
                             (19) delete_category.php, (20) index.php, (21)
                             login.php, (22) logout.php, (23) register.php,
                             (24) upload_photo.php, (25)
                             user_catelog_password.php, (26)
                             user_email.php, (27) user_extend.php, or (28)
                             user_membership_password.php in user/.
                             NOTE: the include/common_function.php vector
                             is already covered by another candidate from
                             the same date.



                 7 High                                                     AVAIL
CVE-2007-0189               ** DISPUTED ** PHP remote file inclusion
                           vulnerability in index.php in GeoBB Georgian
                           Bulletin Board allows remote attackers to
                           execute arbitrary PHP code via a URL in the
                           action parameter. NOTE: CVE disputes this
                           issue, since GeoBB 1.0 sets $action to a
                  7 High   whitelisted value.                               AVAIL
CVE-2007-0190               PHP remote file inclusion vulnerability in
                           edit_address.php in edit-x ecommerce allows
                           remote attackers to execute arbitrary PHP code
                           via a URL in the include_dir parameter.
                  7 High                                                    AVAIL
CVE-2007-0197               Finder 10.4.6 on Apple Mac OS X 10.4.8 allows
                           user-assisted remote attackers to cause a
                           denial of service and possibly execute arbitrary
                           code via a long volume name in a DMG disk
                           image, which results in memory corruption.
                5.6 Medium                                                  AVAIL
CVE-2007-0200                   PHP remote file inclusion vulnerability in
                               template.php in Geoffrey Golliher Axiom
                               Photo/News Gallery (axiompng) 0.8.6 allows
                               remote attackers to execute arbitrary PHP code
                               via a URL in the baseAxiomPath parameter.
                 7 High                                                         AVAIL
CVE-2007-0201                 Buffer overflow in the cmd_usr function in ftp-
                             gw in TIS Internet Firewall Toolkit (FWTK)
                             allows remote attackers to execute arbitrary
                10    High   code via a long destination hostname (dest).      AVAIL
CVE-2007-0230                 ** DISPUTED ** PHP remote file inclusion
                             vulnerability in install.php in CS-Cart 1.3.3
                             allows remote attackers to execute arbitrary
                             PHP code via a URL in the install_dir
                             parameter. NOTE: CVE and third parties
                             dispute this vulnerability because install_dir is
                 7    High   defined before use.                               AVAIL
CVE-2007-0232                 PHP remote file inclusion vulnerability in
                             routines/fieldValidation.php in Jshop Server 1.3
                             allows remote attackers to execute arbitrary
                             PHP code via a URL in the jssShopFileSystem
                 7    High   parameter.                                        AVAIL
CVE-2007-0233                 wp-trackback.php in WordPress 2.0.6 and
                             earlier does not properly unset variables when
                             the input data includes a numeric parameter
                             with a value matching an alphanumeric
                             parameter's hash value, which allows remote
                             attackers to execute arbitrary SQL commands
                             via the tb_id parameter. NOTE: it could be
                             argued that this vulnerability is due to a bug in
                             the unset PHP command (CVE-2006-3017) and
                             the proper fix should be in PHP; if so, then this
                             should not be treated as a vulnerability in
                             WordPress.
                 7    High                                                     AVAIL
CVE-2007-0254                 Format string vulnerability in the
                             errors_create_window function in errors.c in
                             xine-ui allows attackers to execute arbitrary
                10    High   code via unknown vectors.                         AVAIL
CVE-2007-0260                 ** DISPUTED ** PHP remote file inclusion
                             vulnerability in index.php in Naig 0.5.2 and
                             earlier allows remote attackers to execute
                             arbitrary PHP code via a URL in the this_path
                             parameter. NOTE: a reliable third party disputes
                             this vulnerability because this_path is defined
                 7    High   before use.                                       AVAIL
CVE-2007-0298                 PHP remote file inclusion vulnerability in
                             show.php in LunarPoll, when register_globals is
                             enabled, allows remote attackers execute
                             arbitrary PHP code via a URL in the PollDir
                5.6   Medium parameter.                                        AVAIL
CVE-2007-0300                  PHP remote file inclusion vulnerability in i-
                              accueil.php in TLM CMS 1.1 and earlier allows
                              remote attackers to execute arbitrary PHP code
                              via a URL in the chemin parameter.
                5.6 Medium                                                      AVAIL
CVE-2007-0301               PHP remote file inclusion vulnerability in
                           _admin/admin_menu.php in FdWeB Espace
                           Membre 2.1 and earlier allows remote attackers
                           to execute arbitrary PHP code via a URL in the
                5.6 Medium path parameter.                                        AVAIL
CVE-2007-0307               PHP remote file inclusion vulnerability in
                           include/common.php in Poplar Gedcom Viewer
                           2.0 and earlier allows remote attackers to
                           execute arbitrary PHP code via a URL in the
                  7 High   env[rootPath] parameter.                               AVAIL
CVE-2007-0314               Multiple PHP remote file inclusion
                           vulnerabilities in Article System 1.0 allow remote
                           attackers to execute arbitrary PHP code via a
                           URL in the INCLUDE_DIR parameter to (1)
                           forms.php, (2) issue_edit.php, (3) client.php,
                           and (4) classes.php.
                  7 High                                                          AVAIL
CVE-2007-0324               Multiple buffer overflows in the LizardTech
                           DjVu Browser Plug-in before 6.1.1 allow remote
                           attackers to execute arbitrary code via
                  7 High   unspecified vectors.                                   AVAIL
CVE-2007-0335               Multiple directory traversal vulnerabilities in Jax
                           Petition Book 1.0.3.06 allow remote attackers to
                           include and execute arbitrary local files via a ..
                           (dot dot) in the languagepack parameter to (1)
                           jax_petitionbook.php or (2) smileys.php.
                5.6 Medium                                                        AVAIL
CVE-2007-0337               Directory traversal vulnerability in
                           sesskglogadmin.php in KGB 1.9 and earlier
                           allows remote attackers to include and execute
                           arbitrary local files via a .. (dot dot) in the skinnn
                           parameter, as demonstrated by invoking kg.php
                           with a postek parameter containing PHP code,
                           which is injected into a file in the kg directory,
                           and then included by sesskglogadmin.php.
                  7 High                                                          AVAIL
CVE-2007-0338               Heap-based buffer overflow in Dream FTP
                           Server allows remote attackers to execute
                           arbitrary code via a USER command with a
                           large number of format string specifiers, which
                           triggers the overflow during processing of the
                  7 High   Server Log.                                            AVAIL
CVE-2007-0352              Stack-based buffer overflow in Microsoft Help
                          Workshop 4.03.0002 allows user-assisted
                          remote attackers to execute arbitrary code via a
                          crafted .cnt file composed of lines that begin
                          with an integer followed by a space and a long
                 8 High   string.                                           AVAIL
CVE-2007-0355              Buffer overflow in the Apple Minimal SLP v2
                          Service Agent (slpd) in Mac OS X 10.4.8 and
                          earlier allows local users, and possibly remote
                          attackers, to gain privileges and possibly
                          execute arbitrary code via a registration request
                          with an invalid attr-list field.
                 7 High                                                     AVAIL
CVE-2007-0359              PHP remote file inclusion vulnerability in
                          frontpage.php in Uberghey CMS 0.3.1 allows
                          remote attackers to execute arbitrary PHP code
                          via a URL in the setup_folder parameter.
                 7 High                                                     AVAIL
CVE-2007-0360              PHP remote file inclusion vulnerability in
                          lang/index.php in Oreon 1.2.3 RC4 and earlier
                          allows remote attackers to execute arbitrary
                          PHP code via a URL in the file parameter.
                 7 High                                                     AVAIL
CVE-2007-0361              PHP remote file inclusion vulnerability in
                          mep/frame.php in PHPMyphorum 1.5a allows
                          remote attackers to execute arbitrary PHP code
                 7 High   via a URL in the chem parameter.                  AVAIL
CVE-2007-0368              Stack-based buffer overflow in mbse-bbs 0.70
                          and earlier allows local users to execute
                          arbitrary code via a long string in the
                10 High   MBSE_ROOT environment variable.                   AVAIL
CVE-2007-0391              Format string vulnerability in the log creation
                          functionality of BitDefender Client Professional
                          Plus 8.02 allows attackers to execute arbitrary
                          code via certain scan job settings.
                 7 High                                                     AVAIL
CVE-2007-0395              PHP remote file inclusion vulnerability in
                          libraries/grab_globals.lib.php in ComVironment
                          4.0 allows remote attackers to execute arbitrary
                          PHP code via a URL in the inc_dir parameter.
                 7 High                                                     AVAIL
CVE-2007-0404              bin/compile-messages.py in Django 0.95 does
                          not quote argument strings before invoking the
                          msgfmt program through the os.system
                          function, which allows attackers to execute
                          arbitrary commands via shell metacharacters in
                 7 High   a (1) .po or (2) .mo file.                        AVAIL
CVE-2007-0427                 Stack-based buffer overflow in Microsoft Help
                             Workshop 4.03.0002 allows user-assisted
                             remote attackers to execute arbitrary code via a
                             help project (.HPJ) file with a long HLP field in
                             the OPTIONS section.
                 8 High                                                          AVAIL
CVE-2007-0441               Unspecified vulnerability in HP OpenView
                           Network Node Manager (OV NNM) 6.20, 6.4x,
                           7.01, and 7.50 allows remote attackers to
                           execute arbitrary commands via unknown
                5.6 Medium vectors.                                             AVAIL
CVE-2007-0444               Stack-based buffer overflow in the print
                           provider library (cpprov.dll) in Citrix Presentation
                           Server 4.0, MetaFrame Presentation Server 3.0,
                           and MetaFrame XP 1.0 allows local users and
                           remote attackers to execute arbitrary code via
                           long arguments to the (1) EnumPrintersW and
                           (2) OpenPrinter functions.
                  7 High                                                        AVAIL
CVE-2007-0446               Stack-based buffer overflow in magentproc.exe
                           for Hewlett-Packard Mercury LoadRunner Agent
                           8.0 and 8.1, Performance Center Agent 8.0 and
                           8.1, and Monitor over Firewall 8.1 allows remote
                           attackers to execute arbitrary code via a packet
                           with a long server_ip_name field to TCP port
                           54345, which triggers the overflow in mchan.dll.

                10 High                                                          AVAIL
CVE-2007-0449                 Multiple buffer overflows in LGSERVER.EXE in
                             CA BrightStor ARCserve Backup for Laptops
                             and Desktops r11.0 through r11.1 SP1, Mobile
                             Backup r4.0, Desktop and Business Protection
                             Suite r2, and Desktop Management Suite
                             (DMS) r11.0 and r11.1 allow remote attackers
                             to execute arbitrary code via crafted packets to
                             TCP port (1) 1900 or (2) 2200.
                10 High                                                      AVAIL
CVE-2007-0453               Buffer overflow in the nss_winbind.so.1 library
                           in Samba 3.0.21 through 3.0.23d, as used in the
                           winbindd daemon on Solaris, allows attackers to
                           execute arbitrary code via the (1)
                           gethostbyname and (2) getipnodebyname
                4.9 Medium functions.                                        AVAIL
CVE-2007-0465               Format string vulnerability in Apple Installer
                           2.1.5 on Mac OS X 10.4.8 allows user-assisted
                           remote attackers to execute arbitrary code via
                           format string specifiers in a (1) PKG, (2) DISTZ,
                           or (3) MPKG package filename.
                  8 High                                                     AVAIL
CVE-2007-0466                   Telestream Flip4Mac Windows Media
                               Components for Quicktime 2.1.0.33 allows
                               remote attackers to execute arbitrary code via a
                               crafted ASF_File_Properties_Object size field in
                               a WMV file, which triggers memory corruption.
                10 High                                                           AVAIL
CVE-2007-0468                   Stack-based buffer overflow in rcdll.dll in
                               msdev.exe in Visual C++ (MSVC) in Microsoft
                               Visual Studio 6.0 SP6 allows user-assisted
                               remote attackers to execute arbitrary code via a
                               long file path in the "1 TYPELIB MOVEABLE
                               PURE" option in an RC file.
                5.6 Medium                                                        AVAIL
CVE-2007-0469                 The extract_files function in installer.rb in
                             RubyGems before 0.9.1 does not check
                             whether files exist before overwriting them,
                             which allows user-assisted remote attackers to
                             overwrite arbitrary files, cause a denial of
                             service, or execute arbitrary code via crafted
                 8    High   GEM packages.                                        AVAIL
CVE-2007-0485                 PHP remote file inclusion vulnerability in
                             defines.php in WebChat 0.77 allows remote
                             attackers to execute arbitrary PHP code via a
                 7    High   URL in the WEBCHATPATH parameter.                    AVAIL
CVE-2007-0486                 ** DISPUTED ** Multiple PHP remote file
                             inclusion vulnerabilities in Openads (aka
                             phpAdsNew) 2.0.7 allow remote attackers to
                             execute arbitrary PHP code via a URL in the (1)
                             phpAds_geoPlugin parameter to libraries/lib-
                             remotehost.inc, the (2) filename parameter to
                             admin/report-index, or the (3)
                             phpAds_config[my_footer] parameter to
                             admin/lib-gui.inc. NOTE: the vendor has
                             disputed this issue, stating that the relevant
                 7    High   variables are used within function definitions.      AVAIL
CVE-2007-0487                 ** DISPUTED ** PHP remote file inclusion
                             vulnerability in index.php in FreeForum 0.9.0
                             allows remote attackers to execute arbitrary
                             PHP code via a URL in the fpath parameter.
                             NOTE: this issue has been disputed by third
                             party researchers, stating that fpath variable is
                 7    High   initialized before being used.                       AVAIL
CVE-2007-0489                 PHP remote file inclusion vulnerability in
                             includes/functions.visohotlink.php in VisoHotlink
                             1.01 and possibly earlier allows remote
                             attackers to execute arbitrary PHP code via a
                             URL in the mosConfig_absolute_path
                5.6   Medium parameter.                                           AVAIL
CVE-2007-0491                   PHP remote file inclusion vulnerability in up.php
                               in Sky GUNNING MySpeach 3.0.6 and earlier
                               allows remote attackers to execute arbitrary
                               PHP code via a URL in the my_ms[root]
                               parameter, a different vector than CVE-2006-
                               4630. NOTE: Some of these details are
                               obtained from third party information.
                5.6 Medium                                                      AVAIL
CVE-2007-0495                 PHP remote file inclusion vulnerability in
                             include/config.inc.php in PhpSherpa allows
                             remote attackers to execute arbitrary PHP code
                10    High   via a URL in the racine parameter.                 AVAIL
CVE-2007-0496                 PHP remote file inclusion vulnerability in
                             lib/nl/nl.php in Neon Labs Website (nlws) 3.2
                             and earlier allows remote attackers to execute
                             arbitrary PHP code via a URL in the
                10    High   g_strRootDir parameter.                            AVAIL
CVE-2007-0497                 PHP remote file inclusion vulnerability in
                             upload/top.php in Upload-Service 1.0, when
                             register_globals is enabled, allows remote
                             attackers to execute arbitrary PHP code via a
                5.6   Medium URL in the maindir parameter.                      AVAIL
CVE-2007-0498                 PHP remote file inclusion vulnerability in up.php
                             in MySpeach 2.1 beta and possibly earlier
                             allows remote attackers to execute arbitrary
                             PHP code via a URL in the my[root] parameter.
                 7    High                                                      AVAIL
CVE-2007-0499                 PHP remote file inclusion vulnerability in
                             config.php in Sangwan Kim phpIndexPage 1.0.1
                             and earlier allows remote attackers to execute
                             arbitrary PHP code via a URL in the
                 7    High   env[inc_path] parameter.                           AVAIL
CVE-2007-0500                 PHP remote file inclusion vulnerability in
                             include/includes.php in Bradabra 2.0.5 and
                             earlier allows remote attackers to execute
                             arbitrary PHP code via a URL in the
                 7    High   include_path parameter.                            AVAIL
CVE-2007-0501                 PHP remote file inclusion vulnerability in
                             index.php in Mafia Scum Tools 2.0.0 in Matthew
                             Wardrop Advanced Random Generators (adv-
                             random-gen) allows remote attackers to
                             execute arbitrary PHP code via a URL in the
                 7    High   gen parameter.                                     AVAIL
CVE-2007-0503                 Unspecified vulnerability in kcms_calibrate in
                             Sun Solaris 8 and 9 before 20071122 allows
                             local users to execute arbitrary commands via
                5.6   Medium unknown vectors.                                   AVAIL
CVE-2007-0505                 Unrestricted file upload vulnerability in the
                             Project issue tracking 4.7.0 through 5.x before
                             20070123, a module for Drupal, allows remote
                             authenticated users to execute arbitrary code by
                             attaching a file with executable or multiple
                             extensions to a project issue.
                4.8 Medium                                                      AVAIL
CVE-2007-0508               PHP remote file inclusion vulnerability in
                           lib/selectlang.php in BBClone 0.31 allows
                           remote attackers to execute arbitrary PHP code
                           via a URL in the BBC_LANGUAGE_PATH
                  7 High   parameter.                                           AVAIL
CVE-2007-0511               Multiple PHP remote file inclusion
                           vulnerabilities in phpXMLDOM (phpXD) 0.3 and
                           earlier allow remote attackers to execute
                           arbitrary PHP code via a URL in the path
                           parameter to (1) dom.php, (2) dtd.php, or (3)
                5.6 Medium parser.php in include/.                              AVAIL
CVE-2007-0530               ** DISPUTED ** Multiple PHP remote file
                           inclusion vulnerabilities in Advanced Guestbook
                           2.4.2 allow remote attackers to execute arbitrary
                           PHP code via a URL in the include_path
                           parameter to (1) index.php, (2) addentry.php, or
                           (3) picture.php, a different set of vectors than
                           CVE-2006-5804. NOTE: this issue has been
                           disputed by third party researchers, stating that
                           the include_path variable is instantiated before
                  7 High   use.                                                 AVAIL
CVE-2007-0531               PHP remote file inclusion vulnerability in
                           includes/login.php in FreeWebShop 2.2.3 and
                           2.2.4 before 20070123 allows remote attackers
                           to execute arbitrary PHP code via a URL in the
                  7 High   lang_file parameter.                                 AVAIL
CVE-2007-0551               Multiple PHP remote file inclusion
                           vulnerabilities in cmsimple/cms.php in
                           CMSimple 2.7 allow remote attackers to
                           execute arbitrary PHP code via a URL in the (1)
                           pth[file][config] and (2) pth[file][image]
                  7 High   parameters.                                          AVAIL
CVE-2007-0558               PHP remote file inclusion vulnerability in
                           modules/mail/main.php in Inter7 vHostAdmin
                           1.0 allows remote attackers to execute arbitrary
                           PHP code via a URL in the MODULES_DIR
                  7 High   parameter.                                           AVAIL
CVE-2007-0559               PHP remote file inclusion vulnerability in
                           config.php in RPW 1.0.2 allows remote
                           attackers to execute arbitrary PHP code via a
                  7 High   URL in the sql_language parameter.                   AVAIL
CVE-2007-0561                  Multiple PHP remote file inclusion
                              vulnerabilities in Xero Portal 1.2 allow remote
                              attackers to execute arbitrary PHP code via a
                              URL in the phpbb_root_path parameter to (1)
                              admin_linkdb.php, (2) admin_forum_prune.php,
                              (3) admin_extensions.php, (4)
                              admin_board.php, (5) admin_attachments.php,
                              or (6) admin_users.php in admin/.
                 7 High                                                          AVAIL
CVE-2007-0568                  PHP remote file inclusion vulnerability in
                              system/lib/package.php in MyPHPCommander
                              2.0 allows remote attackers to execute arbitrary
                              PHP code via a URL in the gl_root parameter.
                 7 High                                                      AVAIL
CVE-2007-0570                 PHP remote file inclusion vulnerability in
                             ains_main.php in Johannes Gijsbers (aka
                             Taradino) Ad Fundum Integratable News Script
                             (AINS) 0.02b allows remote attackers to
                             execute arbitrary PHP code via a URL in the
                 7    High   ains_path parameter.                            AVAIL
CVE-2007-0571                 PHP remote file inclusion vulnerability in
                             include/lib/lib_head.php in phpMyReports 3.0.11
                             and earlier allows remote attackers to execute
                             arbitrary PHP code via a URL in the
                 7    High   cfgPathModule parameter.                        AVAIL
CVE-2007-0572                 PHP remote file inclusion vulnerability in
                             include/irc/phpIRC.php in Drunken:Golem
                             Gaming Portal 0.5.1 Alpha 2 and earlier allows
                             remote attackers to execute arbitrary PHP code
                             via a URL in the phpbb_root_path parameter.
                 7    High                                                   AVAIL
CVE-2007-0573                 PHP remote file inclusion vulnerability in
                             includes/config.inc.php in nsGalPHP 0.41 and
                             earlier allows remote attackers to execute
                             arbitrary PHP code via a URL in the racineTBS
                 7    High   parameter.                                      AVAIL
CVE-2007-0576                 PHP remote file inclusion vulnerability in
                             xt_counter.php in Xt-Stats 2.3.x up to 2.4.0.b3
                             allows remote attackers to execute arbitrary
                             PHP code via a URL in the server_base_dir
                 7    High   parameter.                                      AVAIL
CVE-2007-0577                 PHP remote file inclusion vulnerability in
                             function.inc.php in ACGVclick 0.2.0 and earlier
                             allows remote attackers to execute arbitrary
                             PHP code via a URL in the path parameter.
                 7    High                                                   AVAIL
CVE-2007-0580                 PHP remote file inclusion vulnerability in
                             menu.php in Foro Domus 2.10 allows remote
                             attackers to execute arbitrary PHP code via a
                5.6   Medium URL in the sesion_idioma parameter.             AVAIL
CVE-2007-0581                 PHP remote file inclusion vulnerability in
                             functions.php in EclipseBB 0.5.0 Lite allows
                             remote attackers to execute arbitrary PHP code
                             via a URL in the phpbb_root_path parameter.
                 7 High                                                        AVAIL
CVE-2007-0584                 PHP remote file inclusion vulnerability in
                             membres/membreManager.php in PhP Generic
                             Library & Framework for comm (g-neric) allows
                             remote attackers to execute arbitrary PHP code
                             via a URL in the include_path parameter.
                 7 High                                                        AVAIL
CVE-2007-0591               PHP remote file inclusion vulnerability in
                           configure.php in Vu Le An Virtual Path
                           (VirtualPath) 1.0 allows remote attackers to
                           execute arbitrary PHP code via a URL in the
                  7 High   phpbb_root_path parameter.                          AVAIL
CVE-2007-0596               PHP remote file inclusion vulnerability in
                           index/main.php in Aztek Forum 4.00 allows
                           remote authenticated administrators to execute
                           arbitrary PHP code via a URL in the PF[top_url]
                3.4 Low    parameter.                                          AVAIL
CVE-2007-0619               chmlib before 0.39 allows user-assisted remote
                           attackers to execute arbitrary code via a crafted
                           page block length in a CHM file, which triggers
                  8 High   memory corruption.                                  AVAIL
CVE-2007-0626               The comment_form_add_preview function in
                           comment.module in Drupal before 4.7.6, and
                           5.x before 5.1, and vbDrupal, allows remote
                           attackers with "post comments" privileges and
                           access to multiple input filters to execute
                           arbitrary code by previewing comments, which
                           are not processed by "normal form validation
                5.6 Medium routines."                                          AVAIL
CVE-2007-0633               PHP remote file inclusion vulnerability in
                           include/themes/themefunc.php in MyNews 4.2.2
                           and earlier allows remote attackers to execute
                           arbitrary PHP code via a URL in the
                  7 High   myNewsConf[path][sys][index] parameter.             AVAIL
CVE-2007-0635               Multiple PHP remote file inclusion
                           vulnerabilities in EncapsCMS 0.3.6 allow remote
                           attackers to execute arbitrary PHP code via a
                           URL in the (1) config[path] parameter to (a)
                           common_foot.php or (b) blogs.php, or (2) the
                           config[theme] parameter to (c)
                  7 High   admin/gallery_head.php.                             AVAIL
CVE-2007-0637                  Directory traversal vulnerability in
                              zd_numer.php in Galeria Zdjec 3.0 and earlier
                              allows remote attackers to include and execute
                              arbitrary local files via a .. (dot dot) in the galeria
                              parameter, as demonstrated by injecting PHP
                              sequences into an Apache HTTP Server log file,
                              which is then included by zd_numer.php.
                 7 High                                                                 AVAIL
CVE-2007-0641               Buffer overflow in the EnumPrintersA function
                           in dapcnfsd.dll 0.6.4.0 in Shaffer Solutions
                           (SSC) DiskAccess NFS Client allows remote
                           attackers to execute arbitrary code via a long
                           argument, an issue similar to CVE-2006-5854
                  7 High   and CVE-2007-0444.                                           AVAIL
CVE-2007-0650               Buffer overflow in the open_sty function in
                           mkind.c for makeindex 2.14 in teTeX might
                           allow user-assisted remote attackers to
                           overwrite files and possibly execute arbitrary
                           code via a long filename. NOTE: other
                           overflows exist but might not be exploitable,
                           such as a heap-based overflow in the check_idx
                5.6 Medium function.                                                    AVAIL
CVE-2007-0656               PHP remote file inclusion vulnerability in
                           includes/functions.php in phpBB2-MODificat
                           0.2.0 and earlier allows remote attackers to
                           execute arbitrary PHP code via a URL in the
                  7 High   phpbb_root_path parameter.                                   AVAIL
CVE-2007-0662               PHP remote file inclusion vulnerability in
                           includes/usercp_viewprofile.php in Hailboards
                           1.2.0 allows remote attackers to execute
                           arbitrary PHP code via a URL in the
                  7 High   phpbb_root_path parameter.                                   AVAIL
CVE-2007-0665               Format string vulnerability in the SCP module in
                           Ipswitch WS_FTP 2007 Professional might
                           allow remote attackers to execute arbitrary
                           commands via format string specifiers in the
                           filename, related to the SHELL WS_FTP script
                5.6 Medium command.                                                     AVAIL
CVE-2007-0666               Ipswitch WS_FTP Server 5.04 allows FTP site
                           administrators to execute arbitrary code on the
                           system via a long input string to the (1)
                           iFTPAddU or (2) iFTPAddH file, or to a (3)
                5.6 Medium edition module.                                              AVAIL
CVE-2007-0667               The redirect function in Form.pm for (1)
                           LedgerSMB before 1.1.5 and (2) SQL-Ledger
                           allows remote authenticated users to execute
                           arbitrary code via redirects, related to callbacks,
                           a different issue than CVE-2006-5872.
                4.2 Medium                                                              AVAIL
CVE-2007-0669               Unspecified vulnerability in Twiki 4.0.0 through
                           4.1.0 allows local users to execute arbitrary Perl
                           code via unknown vectors related to CGI
                4.9 Medium session files.                                     AVAIL
CVE-2007-0670               Buffer overflow in bos.rte.libc in IBM AIX 5.2
                           and 5.3 allows local users to execute arbitrary
                           code via the "r-commands", possibly including
                           (1) rdist, (2) rsh, (3) rcp, (4) rsync, and (5)
                  7 High   rlogin.                                            AVAIL
CVE-2007-0677               PHP remote file inclusion vulnerability in
                           fw/class.Quick_Config_Browser.php in Cadre
                           PHP Framework 20020724 allows remote
                           attackers to execute arbitrary PHP code via a
                           URL in the GLOBALS[config][framework_path]
                           parameter.
                  7 High                                                      AVAIL
CVE-2007-0679               PHP remote file inclusion vulnerability in
                           lang/leslangues.php in Nicolas Grandjean
                           PHPMyRing 4.1.3b and earlier allows remote
                           attackers to execute arbitrary PHP code via a
                  7 High   URL in the fichier parameter.                      AVAIL
CVE-2007-0680               PHP remote file inclusion vulnerability in
                           includes/functions.php in Phpbb Tweaked 3 and
                           earlier allows remote attackers to execute
                           arbitrary PHP code via a URL in the
                  7 High   phpbb_root_path parameter.                         AVAIL
CVE-2007-0682               PHP remote file inclusion vulnerability in
                           theme/include_mode/template.php in JV2
                           Folder Gallery 3.0.2 and earlier allows remote
                           attackers to execute arbitrary PHP code via a
                           URL in the galleryfilesdir parameter.
                  7 High                                                      AVAIL
CVE-2007-0683               PHP remote file inclusion vulnerability in
                           includes/functions.php in Omegaboard 1.0beta4
                           and earlier allows remote attackers to execute
                           arbitrary PHP code via a URL in the
                  7 High   phpbb_root_path parameter.                         AVAIL
CVE-2007-0684               PHP remote file inclusion vulnerability in
                           portal.php in Cerulean Portal System 0.7b
                           allows remote attackers to execute arbitrary
                           PHP code via a URL in the phpbb_root_path
                  7 High   parameter.                                         AVAIL
CVE-2007-0699               PHP remote file inclusion vulnerability in
                           includes/includes.php in Guernion Sylvain
                           Portail Web Php (aka Gsylvain35 Portail Web,
                           PwP) allows remote attackers to execute
                           arbitrary PHP code via a URL in the site_path
                  7 High   parameter.                                         AVAIL
CVE-2007-0701               PHP remote file inclusion vulnerability in
                           inc/common.inc.php in Epistemon 1.0 allows
                           remote attackers to execute arbitrary PHP code
                  7 High   via a URL in the inc_path parameter.               AVAIL
CVE-2007-0702                 Multiple PHP remote file inclusion
                             vulnerabilities in phpEventMan 1.0.2 allow
                             remote attackers to execute arbitrary PHP code
                             via a URL in the level parameter to (1)
                             Shared/controller/text.ctrl.php or (2)
                 7    High   UserMan/controller/common.function.php.             AVAIL
CVE-2007-0703                 PHP remote file inclusion vulnerability in
                             library/StageLoader.php in WebBuilder 2.0 and
                             earlier allows remote attackers to execute
                             arbitrary PHP code via a URL in the
                 7    High   GLOBALS[core][module_path] parameter.               AVAIL
CVE-2007-0704                 PHP remote file inclusion vulnerability in
                             install.php in Somery 0.4.6 allows remote
                             attackers to execute arbitrary PHP code via a
                             URL in the skindir parameter, a different vector
                             than CVE-2006-4669. NOTE: the
                             documentation says to remove install.php after
                 7    High   installation.                                       AVAIL
CVE-2007-0707                 Stack-based buffer overflow in GOM Player
                             2.0.12.3375 allows user-assisted remote
                             attackers to execute arbitrary code via a .ASX
                             file with a long URI in the "ref href" tag. NOTE:
                             The provenance of this information is unknown;
                             the details are obtained solely from third party
                5.6   Medium information.                                        AVAIL
CVE-2007-0757                 PHP remote file inclusion vulnerability in
                             index.php in Miguel Nunes Call of Duty 2
                             (CoD2) DreamStats System 4.2 and earlier
                             allows remote attackers to execute arbitrary
                             PHP code via a URL in the rootpath parameter.
                 7    High                                                       AVAIL
CVE-2007-0758                 PHP remote file inclusion vulnerability in
                             lang.php in PHPProbid 5.24 allows remote
                             attackers to execute arbitrary PHP code via a
                             URL in the SRC attribute of an HTML element
                             in the lang parameter. NOTE: The provenance
                             of this information is unknown; the details are
                             obtained solely from third party information.
                 7    High                                                       AVAIL
CVE-2007-0761                 PHP remote file inclusion vulnerability in
                             config.php in phpBB ezBoard converter
                             (ezconvert) 0.2 allows remote attackers to
                             execute arbitrary PHP code via a URL in the
                 7    High   ezconvert_dir parameter.                            AVAIL
CVE-2007-0762                 PHP remote file inclusion vulnerability in
                             includes/functions.php in phpBB++ Build 100
                             allows remote attackers to execute arbitrary
                             PHP code via a URL in the phpbb_root_path
                 7    High   parameter.                                          AVAIL
CVE-2007-0764               Unrestricted file upload vulnerability in F3Site
                           2.1 and earlier allows remote authenticated
                           administrators to upload and execute arbitrary
                           PHP scripts via GIF86 header in a file in the uplf
                           parameter, which can be later accessed via a
                           relative pathname in the dir parameter in
                4.2 Medium adm.php.                                           AVAIL
CVE-2007-0770               Buffer overflow in GraphicsMagick and
                           ImageMagick allows user-assisted remote
                           attackers to cause a denial of service and
                           possibly execute arbitrary code via a PALM
                           image that is not properly handled by the
                           ReadPALMImage function in coders/palm.c.
                           NOTE: this issue is due to an incomplete patch
                  8 High   for CVE-2006-5456.                                 AVAIL
CVE-2007-0785               PHP remote file inclusion vulnerability in
                           previewtheme.php in Flipsource Flip 2.01-final
                           1.0 and earlier allows remote attackers to
                           execute arbitrary PHP code via a URL in the
                  7 High   inc_path parameter.                                AVAIL
CVE-2007-0787               PHP remote file inclusion vulnerability in
                           controller.php in Simple Invoices before
                           20070202 allows remote attackers to execute
                           arbitrary PHP code via a URL in the (1) module
                           or (2) view parameter. NOTE: some of these
                           details are obtained from third party information.
                5.6 Medium                                                    AVAIL
CVE-2007-0790               Heap-based buffer overflow in SmartFTP
                           2.0.1002 allows remote FTP servers to execute
                           arbitrary code via a large banner. NOTE: The
                           provenance of this information is unknown; the
                           details are obtained solely from third party
                  7 High   information.                                       AVAIL
CVE-2007-0793               PHP remote file inclusion vulnerability in
                           inc/common.php in GlobalMegaCorp dvddb 0.6
                           allows remote attackers to execute arbitrary
                           PHP code via a URL in the config parameter.
                  7 High                                                      AVAIL
CVE-2007-0795               Multiple PHP remote file inclusion
                           vulnerabilities in Wap Portal Server 1.x allow
                           remote attackers to execute arbitrary PHP code
                           via a URL in the language parameter to (1)
                  7 High   index.php and (2) admin/index.php.                 AVAIL
CVE-2007-0797               PHP remote file inclusion vulnerability in
                           theme/settings.php in bluevirus-design SMA-DB
                           0.3.9 and earlier allows remote attackers to
                           execute arbitrary PHP code via a URL in the
                  7 High   pfad_z parameter.                                  AVAIL
CVE-2007-0803               Multiple buffer overflows in STLport before
                           5.0.3 allow remote attackers to execute arbitrary
                           code via unspecified vectors relating to (1) "print
                           floats" and (2) a missing null termination in the
                5.6 Medium "rope constructor."                                   AVAIL
CVE-2007-0808               PHP remote file inclusion vulnerability in Mina
                           Ajans Script allows remote attackers to execute
                           arbitrary PHP code via a URL in the syf
                  7 High   parameter to an unspecified PHP script.               AVAIL
CVE-2007-0809               PHP remote file inclusion vulnerability in
                           includes/class_template.php in Categories
                           hierarchy (aka CH or mod-CH) 2.1.2 in
                           ptirhiikmods allows remote attackers to execute
                           arbitrary PHP code via a URL in the
                  7 High   phpbb_root_path parameter.                            AVAIL
CVE-2007-0810               PHP remote file inclusion vulnerability in
                           MVCnPHP/BaseView.php in GeekLog 2 and
                           earlier allows remote attackers to execute
                           arbitrary PHP code via a URL in the
                           glConf[path_libraries] parameter. NOTE: this
                           might be a vulnerability in MVCnPHP rather
                  7 High   than a vulnerability in GeekLog.                      AVAIL
CVE-2007-0820               Multiple PHP remote file inclusion
                           vulnerabilities in Cedric CLAIRE PortailPhp 2
                           allow remote attackers to execute arbitrary PHP
                           code via a URL in the chemin parameter to (1)
                           mod_news/index.php, (2)
                           mod_news/goodies.php, or (3)
                           mod_search/index.php. NOTE: The provenance
                           of this information is unknown; the details are
                           obtained solely from third party information.
                  7 High                                                         AVAIL
CVE-2007-0824               PHP remote file inclusion vulnerability in
                           inhalt.php in LightRO CMS 1.0 allows remote
                           attackers to execute arbitrary PHP code via a
                  7 High   URL in the dateien[news] parameter.                   AVAIL
CVE-2007-0827               The Alibaba Alipay PTA Module ActiveX control
                           (PTA.DLL) allows remote attackers to execute
                           arbitrary code via a JavaScript function that
                           invokes the Remove method with an invalid
                           index argument, which is used as an offset for a
                  7 High   function call.                                        AVAIL
CVE-2007-0828               PHP remote file inclusion vulnerability in
                           affichearticles.php3 in MySQLNewsEngine
                           allows remote attackers to execute arbitrary
                           PHP code via a URL in the newsenginedir
                  7 High   parameter.                                            AVAIL
CVE-2007-0831                ** DISPUTED ** Multiple PHP remote file
                            inclusion vulnerabilities in Atsphp 5.0.1 allow
                            remote attackers to execute arbitrary PHP code
                            via a URL in the CONF[path] parameter to (1)
                            index.php, (2) sources/usercp.php, or (3)
                            sources/admin.php. NOTE: Another researcher
                            has disputed this vulnerability, noting that
                            CONF[path] is defined before use in index.php,
                            that CONF[path] inclusion cannot occur through
                            a direct request to other affected files, and that
                            usercp.php is a typo of user_cp.php.
                 7 High                                                    AVAIL
CVE-2007-0835               admin.php in Coppermine Photo Gallery
                           1.4.10, and possibly earlier, allows remote
                           authenticated users to execute arbitrary shell
                           commands via shell metacharacters (";"
                           semicolon) in the "Command line options for
                           ImageMagick" form field, when used as an
                           option to ImageMagick's convert command.
                           NOTE: The provenance of this information is
                           unknown; the details are obtained solely from
                4.2 Medium third party information.                        AVAIL
CVE-2007-0837               PHP remote file inclusion vulnerability in
                           examples/inc/top.inc.php in AgerMenu 0.03 and
                           earlier allows remote attackers to execute
                           arbitrary PHP code via a URL in the rootdir
                  7 High   parameter.                                      AVAIL
CVE-2007-0839               Multiple PHP remote file inclusion
                           vulnerabilities in index/index_album.php in
                           Valarsoft WebMatic 2.6 allow remote attackers
                           to execute arbitrary PHP code via a URL in the
                           (1) P_LIB and (2) P_INDEX parameters.
                  7 High                                                   AVAIL
CVE-2007-0848               PHP remote file inclusion vulnerability in
                           classes/class_mail.inc.php in Maian Recipe 1.0
                           allows remote attackers to execute arbitrary
                           PHP code via a URL in the path_to_folder
                  7 High   parameter.                                      AVAIL
CVE-2007-0850               scripts/cronscript.php in SysCP 1.2.15 and
                           earlier includes and executes arbitrary PHP
                           scripts that are referenced by the
                           panel_cronscript table in the SysCP database,
                           which allows attackers with database write
                           privileges to execute arbitrary code by
                           constructing a PHP file and adding its filename
                  7 High   to this table.                                  AVAIL
CVE-2007-0854                 Remote file inclusion vulnerability in
                             scripts2/objcache in cPanel WebHost Manager
                             (WHM) allows remote attackers to execute
                             arbitrary code via a URL in the obj parameter.
                             NOTE: a third party claims that this issue is not
                             file inclusion because the contents are not
                             parsed, but the attack can be used to overwrite
                             files in /var/cpanel/objcache or provide
                             unexpected web page contents.
                 7 High                                                       AVAIL
CVE-2007-0855               Stack-based buffer overflow in RARLabs
                           Unrar, as packaged in WinRAR and possibly
                           other products, allows user-assisted remote
                           attackers to execute arbitrary code via a crafted,
                5.6 Medium password-protected archive.                        AVAIL
CVE-2007-0856               TmComm.sys 1.5.0.1052 in the Trend Micro
                           Anti-Rootkit Common Module (RCM), with the
                           VsapiNI.sys 3.320.0.1003 scan engine, as used
                           in Trend Micro PC-cillin Internet Security 2007,
                           Antivirus 2007, Anti-Spyware for SMB 3.2 SP1,
                           Anti-Spyware for Consumer 3.5, Anti-Spyware
                           for Enterprise 3.0 SP2, Client / Server /
                           Messaging Security for SMB 3.5, Damage
                           Cleanup Services 3.2, and possibly other
                           products, assigns Everyone write permission for
                           the \\.\TmComm DOS device interface, which
                           allows local users to access privileged IOCTLs
                           and execute arbitrary code or overwrite arbitrary
                           memory in the kernel context.

                 7 High                                                          AVAIL
CVE-2007-0860                 ** DISPUTED ** Multiple PHP remote file
                             inclusion vulnerabilities in local Calendar
                             System 1.1 allow remote attackers to execute
                             arbitrary PHP code via a URL in the (1)
                             TEMPLATE_DIR parameter to (a)
                             showinvoices.php, (b) showmonth.php, (c)
                             showevents.php, (d) retrieveinvoice.php, (e)
                             modifyitem.php, and (f) lookup_userid.php; or
                             the LIBDIR parameter to (g) editevent.php, (h)
                             resetpassword.php, (i) signup.php,
                             showmonth.php, (j) showday.php,
                             showevents.php, and lookup_userid.php.
                             NOTE: this issue has been disputed by a third
                             party, who states that the associated variables
                 7 High      are set in config.php before use.                   AVAIL
CVE-2007-0861               ** DISPUTED ** PHP remote file inclusion
                           vulnerability in modules/mail/index.php in
                           phpCOIN RC-1 and earlier allows remote
                           attackers to execute arbitrary PHP code via a
                           URL in the _CCFG['_PKG_PATH_MDLS']
                           parameter. NOTE: this issue has been disputed
                           by a reliable third party, who states that a fatal
                           error occurs before the relevant code is
                  7 High   reached.                                           AVAIL
CVE-2007-0862               ** DISPUTED ** PHP remote file inclusion
                           vulnerability in index.php in gnopaste 0.5.3 and
                           earlier allows remote attackers to execute
                           arbitrary PHP code via the GNP_REAL_PATH
                           parameter. NOTE: CVE and a third party
                           dispute this issue, since GNP_REAL_PATH is a
                           constant, not a variable.
                  7 High                                                      AVAIL
CVE-2007-0863               ** DISPUTED ** PHP remote file inclusion
                           vulnerability in Trevorchan 0.7 and earlier allows
                           remote attackers to execute arbitrary code via
                           the tc_config[rootdir] parameter to (1)
                           upgrade.php, (2) paint_save.php, (3) menu.php,
                           (4) manage.php, and (5) banned.php. NOTE:
                           his issue has been disputed by reliable third
                           parties, who state that the variable is set before
                           use in config.php.
                 10 High                                                      AVAIL
CVE-2007-0866               Unspecified vulnerability in HP OpenView
                           Storage Data Protector on HP-UX B.11.00,
                           B.11.11, or B.11.23 allows local users to
                4.2 Medium execute arbitrary code via unknown vectors.        AVAIL
CVE-2007-0867               PHP remote file inclusion vulnerability in
                           classes/menu.php in Site-Assistant 0990 and
                           earlier allows remote attackers to execute
                           arbitrary PHP code via a URL in the
                  7 High   paths[version] parameter.                          AVAIL
CVE-2007-0879               Buffer overflow in SmidgeonSoft PEBrowse
                           Professional 8.2.1.0 allows user-assisted
                           remote attackers to execute arbitrary code via
                           certain executable files in PE format. NOTE: the
                           provenance of this information is unknown; the
                           details are obtained solely from third party
                  8 High   information.                                       AVAIL
CVE-2007-0881               PHP remote file inclusion vulnerability in the
                           Seitenschutz plugin for OPENi-CMS 1.0 allows
                           remote attackers to execute arbitrary PHP code
                           via a URL in the (1) config[oi_dir] and possibly
                           (2) config[openi_dir] parameters to open-
                           admin/plugins/site_protection/index.php. NOTE:
                           vector 2 might be the same as CVE-2006-4750.

                5.6 Medium                                                  AVAIL
CVE-2007-0900                   Multiple PHP remote file inclusion
                               vulnerabilities in TagIt! Tagboard 2.1.B Build 2
                               and earlier, when register_globals is enabled,
                               allow remote attackers to execute arbitrary PHP
                               code via a URL in the (1) configpath parameter
                               to (a) tagviewer.php, (b) tag_process.php, and
                               (c) CONFIG/errmsg.inc.php; and (d)
                               addTagmin.php, (e) ban_watch.php, (f)
                               delTagmin.php, (g) delTag.php, (h)
                               editTagmin.php, (i) editTag.php, (j)
                               manageTagmins.php, and (k) verify.php in
                               tagmin/; the (2) adminpath parameter to (l)
                               tagviewer.php, (m) tag_process.php, and (n)
                               tagmin/index.php; and the (3) admin parameter
                               to (o) readconf.php, (p) updateconf.php, (q)
                               updatefilter.php, and (r) wordfilter.php in
                               tagmin/; different vectors than CVE-2006-5249.

                 7 High                                                        AVAIL
CVE-2007-0913                 Unspecified vulnerability in Microsoft
                             Powerpoint allows remote user-assisted
                             attackers to execute arbitrary code via unknown
                             attack vectors, as exploited by
                             Trojan.PPDropper.G. NOTE: as of 20070213, it
                             is not clear whether this is the same issue as
                             CVE-2006-5296, CVE-2006-4694, CVE-2006-
                 8    High   3876, CVE-2006-3877, or older issues.             AVAIL
CVE-2007-0927                 Heap-based buffer overflow in uTorrent 1.6
                             allows remote attackers to execute arbitrary
                             code via a torrent file with a crafted announce
                 7    High   header.                                           AVAIL
CVE-2007-0949                 Stack-based buffer overflow in iTinySoft Studio
                             Total Video Player 1.03, and possibly earlier,
                             allows remote attackers to execute arbitrary
                             code via a M3U playlist file that contains a long
                             file name. NOTE: the provenance of this
                             information is unknown; the details are obtained
                             solely from third party information.
                10    High                                                     AVAIL
CVE-2007-0976                 Buffer overflow in the ActSoft DVD-Tools
                             ActiveX control (dvdtools.ocx) allows remote
                             attackers to execute arbitrary code via a long
                10    High   DVD_TOOLS.OpenDVD property value.                 AVAIL
CVE-2007-0983                 PHP remote file inclusion vulnerability in
                             _admin/nav.php in AT Contenator 1.0 and
                             earlier allows remote attackers to execute
                             arbitrary PHP code via a URL in the
                4.8   Medium Root_To_Script parameter.                         AVAIL
CVE-2007-1010               Multiple PHP remote file inclusion
                           vulnerabilities in ZebraFeeds 1.0, when
                           register_globals is enabled, allow remote
                           attackers to execute arbitrary PHP code via a
                           URL in the zf_path parameter to (1)
                           aggregator.php and (2) controller.php in
                5.6 Medium newsfeeds/includes/.                                  AVAIL
CVE-2007-1011               PHP remote file inclusion vulnerability in
                           functions_inc.php in VS-Gastebuch 1.5.3 and
                           earlier allows remote attackers to execute
                           arbitrary PHP code via a URL in the gb_pfad
                  7 High   parameter.                                            AVAIL
CVE-2007-1071               Integer overflow in the gifGetBandProc function
                           in ImageIO in Apple Mac OS X 10.4.8 allows
                           remote attackers to cause a denial of service
                           (segmentation fault) and possibly execute
                           arbitrary code via a crafted GIF image that
                           triggers the overflow during decompression.
                           NOTE: this is a different issue than CVE-2006-
                           3502 and CVE-2006-3503.
                3.3 Low                                                          AVAIL
CVE-2007-1106               PHP remote file inclusion vulnerability in
                           includes/functions_nomoketos_rules.php in the
                           NoMoKeTos Rules 0.0.1 module for phpBB
                           allows remote attackers to execute arbitrary
                           PHP code via a URL in the phpbb_root_path
                5.6 Medium parameter.                                            AVAIL
CVE-2007-1352               Integer overflow in the FontFileInitTable
                           function in X.Org libXfont before 20070403
                           allows remote authenticated users to execute
                           arbitrary code via a long first line in the fonts.dir
                           file, which results in a heap overflow.
                2.2 Low                                                          AVAIL
CVE-2007-1522               Double free vulnerability in the session
                           extension in PHP 5.2.0 and 5.2.1 allows context-
                           dependent attackers to execute arbitrary code
                           via illegal characters in a session identifier,
                           which is rejected by an internal session storage
                           module, which calls the session identifier
                           generator with an improper environment,
                           leading to code execution when the generator is
                           interrupted, as demonstrated by triggering a
                           memory limit violation or certain PHP errors.
                5.6 Medium                                                       AVAIL
CVE-2007-1709               Buffer overflow in the
                           confirm_phpdoc_compiled function in the
                           phpDOC extension (PECL phpDOC) in PHP
                           5.2.1 allows context-dependent attackers to
                           execute arbitrary code via a long argument
                2.9 Low    string.                                               AVAIL
CVE-2007-1765             Unspecified vulnerability in Microsoft Windows
                         2000 SP4 through Vista allows remote attackers
                         to execute arbitrary code or cause a denial of
                         service (persistent reboot) via a malformed ANI
                         file, which results in memory corruption when
                         processing cursors, animated cursors, and
                         icons, a similar issue to CVE-2005-0416, as
                         originally demonstrated using Internet Explorer
                         6 and 7. NOTE: this issue might be a duplicate
                         of CVE-2007-0038; if so, then use CVE-2007-
                         0038 instead of this identifier.
                8 High                                                      AVAIL
CVE-2007-1885             Integer overflow in the str_replace function in
                         PHP 4 before 4.4.5 and PHP 5 before 5.2.1
                         allows context-dependent attackers to execute
                         arbitrary code via a single character search
                         string in conjunction with a long replacement
                         string, which overflows a 32 bit length counter.
                         NOTE: this is probably the same issue as CVE-
                7 High   2007-0906.6.                                       AVAIL
CVE-2007-1888             Buffer overflow in the sqlite_decode_binary
                         function in src/encode.c in SQLite 2, as used by
                         PHP 4.x through 5.x and other applications,
                         allows context-dependent attackers to execute
                         arbitrary code via an empty value of the in
                         parameter. NOTE: some PHP installations use
                         a bundled version of sqlite without this
                         vulnerability. The SQLite developer has argued
                         that this issue could be due to a misuse of the
                         sqlite_decode_binary() API.
                7 High                                                      AVAIL
CVE-2007-1890             Integer overflow in the msg_receive function in
                         PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on
                         FreeBSD and possibly other platforms, allows
                         context-dependent attackers to execute
                         arbitrary code via certain maxsize values, as
                         demonstrated by 0xffffffff.
                7 High                                                      AVAIL
CVE-2007-1972             ** DISPUTED ** PatrolAgent.exe in BMC
                         Performance Manager does not require
                         authentication for requests to modify
                         configuration files, which allows remote
                         attackers to execute arbitrary code via a request
                         on TCP port 3181 for modification of the
                         masterAgentName and masterAgentStartLine
                         SNMP parameters. NOTE: the vendor disputes
                         this vulnerability, stating that it does not exist
                         when the system is properly configured.
                7 High                                                      AVAIL
CVE-2007-2055                  AFFLIB 2.2.8 and earlier allows attackers to
                              execute arbitrary commands via shell
                              metacharacters involving (1) certain command
                              line parameters in tools/afconvert.cpp and (2)
                              arguments to the get_parameter function in
                              aimage/ident.cpp. NOTE: it is unknown if the
                              get_parameter vector (2) is ever called.
                 7 High                                                          AVAIL
CVE-2007-2069               Directory traversal vulnerability in
                           scr/soustab.php in openMairie 1.11 and earlier
                           allows remote attackers to include and execute
                           arbitrary local files via a .. (dot dot) in the
                  7 High   dsn[phptype] parameter.                               AVAIL
CVE-2007-2136               Stack-based buffer overflow in
                           bgs_sdservice.exe in BMC Patrol PerformAgent
                           allows remote attackers to execute arbitrary
                           code by connecting to TCP port 10128 and
                           sending certain XDR data, which is not properly
                  7 High   parsed.                                               AVAIL
CVE-2007-2343               Stack-based buffer overflow in the TFTPD
                           component in Enterasys NetSight Console 2.1
                           and NetSight Inventory Manager 2.1, and
                           possibly earlier, allows remote attackers to
                           execute arbitrary code via crafted request
                  7 High   packets that contain long file names.                 AVAIL
CVE-2007-2386               Buffer overflow in mDNSResponder in Apple
                           Mac OS X 10.4 up to 10.4.9 allows remote
                           attackers to cause a denial of service
                           (application termination) or execute arbitrary
                           code via a crafted UPnP Internet Gateway
                6.7 Medium Device (IGD) packet.                                  AVAIL
CVE-2007-2390               Buffer overflow in iChat in Apple Mac OS X
                           10.3.9 and 10.4.9 allows remote attackers to
                           cause a denial of service (application
                           termination) and possibly execute arbitrary code
                           via a crafted UPnP Internet Gateway Device
                 10 High   (IGD) packet.                                         AVAIL
CVE-2007-2421               Buffer overflow in Hitachi Groupmax Mobile
                           Option for Mobile-Phone 07-00 through 07-30, 5
                           for i-mode 05-11 through 05-23, and 6 for
                           EZweb 06-00 through 06-04 allows remote
                           attackers to execute arbitrary code via
                  7 High   unspecified vectors.                                  AVAIL
CVE-2007-2482               Directory traversal vulnerability in wordtube-
                           button.php in the wordTube 1.43 and earlier
                           plugin for WordPress, when register_globals is
                           enabled, allows remote attackers to include and
                           execute arbitrary local files via a .. (dot dot) in
                5.6 Medium the wpPATH parameter.                                 AVAIL
CVE-2007-2503              ** DISPUTED ** Directory traversal vulnerability
                          in turbulence.php in PHP Turbulence 0.0.1
                          alpha allows remote attackers to include and
                          execute arbitrary local files via a .. (dot dot) in
                          the GLOBALS[tcore] parameter. NOTE: this
                          vulnerability is disputed by CVE and a reliable
                          third party because a direct request to
                          user/turbulence.php triggers a fatal error before
                          inclusion.
                10 High                                                       AVAIL
CVE-2007-2569              Multiple PHP remote file inclusion
                          vulnerabilities in Friendly 1.0d1 and earlier allow
                          remote attackers to execute arbitrary PHP code
                          via a URL in the friendly_path parameter to (1)
                          core/data/yaml.inc.php, or _load.php in (2)
                          core/data/, (3) core/display/, or (4)
                 7 High   core/support/.                                      AVAIL
CVE-2007-2769              BES before 3.5.0 in OPeNDAP 4 (Hydrax)
                          before 1.2.1 does not properly handle
                          compressed files, which allows remote
                          attackers to upload arbitrary files or execute
                          arbitrary commands via a crafted compressed
                 7 High   file.                                               AVAIL
CVE-2007-2770              Stack-based buffer overflow in Eudora 7.1
                          allows user-assisted, remote SMTP servers to
                          execute arbitrary code via a long SMTP reply.
                          NOTE: the user must click through a warning
                          about a possible buffer overflow exploit to
                 8 High   trigger this issue.                                 AVAIL
CVE-2007-2897              Microsoft Internet Information Services (IIS) 6.0
                          allows remote attackers to cause a denial of
                          service (server instability or device hang), and
                          possibly obtain sensitive information (device
                          communication traffic); and might allow
                          attackers with physical access to execute
                          arbitrary code after connecting a data stream to
                          a device COM port; via requests for a URI
                          containing a '/' immediately before and after the
                          name of a DOS device, as demonstrated by the
                          /AUX/.aspx URI, which bypasses a blacklist for
                          DOS device requests.
                 7 High                                                       AVAIL
CVE-2007-0052              SQL injection vulnerability in haberdetay.asp in
                          Vizayn Haber allows remote attackers to
                          execute arbitrary SQL commands via the id
                 7 High   parameter.                                          AVAIL
CVE-2007-0053              SQL injection vulnerability in detail.asp in ASP
                          SiteWare autoDealer 2.0 and earlier allows
                          remote attackers to execute arbitrary SQL
                 7 High   commands via the iPro parameter.                    AVAIL
CVE-2007-0092                 SQL injection vulnerability in productdetail.asp
                             in E-SMARTCART 1.0 allows remote attackers
                             to execute arbitrary SQL commands via the
                             product_id parameter.
                 7 High                                                          AVAIL
CVE-2007-0093               SQL injection vulnerability in page.php in
                           Simple Web Content Management System
                           allows remote attackers to execute arbitrary
                  7 High   SQL commands via the id parameter.                 AVAIL
CVE-2007-0107               WordPress before 2.0.6, when mbstring is
                           enabled for PHP, decodes alternate character
                           sets after escaping the SQL query, which allows
                           remote attackers to bypass SQL injection
                           protection schemes and execute arbitrary SQL
                           commands via multibyte charsets, as
                           demonstrated using UTF-7.
                5.6 Medium                                                    AVAIL
CVE-2007-0112               SQL injection vulnerability in cats.asp in
                           createauction allows remote attackers to
                           execute arbitrary SQL commands via the catid
                  7 High   parameter.                                         AVAIL
CVE-2007-0115               Static code injection vulnerability in
                           Coppermine Photo Gallery 1.4.10 and earlier
                           allows remote authenticated administrators to
                           execute arbitrary PHP code via the Username
                           to login.php, which is injected into an error
                           message in security.log.php, which can then be
                3.4 Low    accessed using viewlog.php.                        AVAIL
CVE-2007-0122               Multiple SQL injection vulnerabilities in
                           Coppermine Photo Gallery 1.4.10 and earlier
                           allow remote authenticated administrators to
                           execute arbitrary SQL commands via (1) the cat
                           parameter to albmgr.php, and possibly (2) the
                           gid parameter to usermgr.php; (3) the start
                           parameter to db_ecard.php; and the albumid
                           parameter to unspecified files, related to the (4)
                           filename_to_title and (5) del_titles functions.
                4.2 Medium                                                    AVAIL
CVE-2007-0128               SQL injection vulnerability in info_book.asp in
                           Digirez 3.4 and earlier allows remote attackers
                           to execute arbitrary SQL commands via the
                  7 High   book_id parameter.                                 AVAIL
CVE-2007-0129               SQL injection vulnerability in main.asp in
                           LocazoList 2.01a beta5 and earlier allows
                           remote attackers to execute arbitrary SQL
                  7 High   commands via the subcatID parameter.               AVAIL
CVE-2007-0130               SQL injection vulnerability in user.php in
                           iGeneric iG Calendar 1.0 allows remote
                           attackers to execute arbitrary SQL commands
                  7 High   via the id parameter.                              AVAIL
CVE-2007-0132             SQL injection vulnerability in
                         compare_product.php in iGeneric iG Shop 1.4
                         allows remote attackers to execute arbitrary
                         SQL commands via the id parameter.
                7 High                                                          AVAIL
CVE-2007-0133             Multiple SQL injection vulnerabilities in
                         display_review.php in iGeneric iG Shop 1.4 and
                         earlier allow remote attackers to execute
                         arbitrary SQL commands via the (1) id or (2)
                7 High   user_login_cookie parameter.                           AVAIL
CVE-2007-0134             Multiple eval injection vulnerabilities in iGeneric
                         iG Shop 1.0 allow remote attackers to execute
                         arbitrary code via the action parameter, which is
                         supplied to an eval function call in (1) cart.php
                7 High   and (2) page.php.                                      AVAIL
CVE-2007-0140             SQL injection vulnerability in down.asp in
                         Kolayindir Download (Yenionline) allows remote
                         attackers to execute arbitrary SQL commands
                7 High   via the id parameter.                                  AVAIL
CVE-2007-0142             SQL injection vulnerability in orange.asp in
                         ShopStoreNow E-commerce Shopping Cart
                         allows remote attackers to execute arbitrary
                7 High   SQL commands via the CatID parameter.                  AVAIL
CVE-2007-0179             SQL injection vulnerability in comment.php in
                         PHPKIT 1.6.1 R2 allows remote attackers to
                         execute arbitrary SQL commands via the subid
                7 High   parameter.                                             AVAIL
CVE-2007-0196             SQL injection vulnerability in
                         admin_check_user.asp in Motionborg Web
                         Real Estate 2.1 and earlier allows remote
                         attackers to execute arbitrary SQL commands
                         via the username field (txtUserName
                         parameter) and possibly other parameters.
                         NOTE: some details were obtained from third
                7 High   party information.                                     AVAIL
CVE-2007-0223             SQL injection vulnerability in
                         shared/code/cp_functions_downloads.php in
                         Nicola Asuni All In One Control Panel (AIOCP)
                         before 1.3.009 allows remote attackers to
                         execute arbitrary SQL commands via the
                         download_category parameter.
                7 High                                                    AVAIL
CVE-2007-0224             SQL injection vulnerability in
                         shopgiftregsearch.asp in VP-ASP Shopping
                         Cart 6.09 and earlier allows remote attackers to
                         execute arbitrary SQL commands via the
                7 High   LoginLastname parameter.                         AVAIL
CVE-2007-0226             SQL injection vulnerability in wbsearch.aspx in
                         uniForum 4 and earlier allows remote attackers
                         to execute arbitrary SQL commands via the "by
                         User" field (aka the TXbyuser parameter).
                7 High                                                    AVAIL
CVE-2007-0304             SQL injection vulnerability in duyuru.asp in
                         MiNT Haber Sistemi 2.7 allows remote
                         attackers to execute arbitrary SQL commands
                7 High   via the id parameter.                                AVAIL
CVE-2007-0305             SQL injection vulnerability in etkinlikbak.asp in
                         Okul Web Otomasyon Sistemi 4.0.1 allows
                         remote attackers to execute arbitrary SQL
                7 High   commands via the id parameter.                       AVAIL
CVE-2007-0306             SQL injection vulnerability in visu_user.asp in
                         Digiappz DigiAffiliate 1.4 and earlier allows
                         remote attackers to execute arbitrary SQL
                7 High   commands via the id parameter.                       AVAIL
CVE-2007-0309             SQL injection vulnerability in blocks/block-
                         Old_Articles.php in Francisco Burzi PHP-Nuke
                         7.9 and earlier, when register_globals is
                         enabled and magic_quotes_gpc is disabled,
                         allows remote attackers to execute arbitrary
                         SQL commands via the cat parameter.
                7 High                                                        AVAIL
CVE-2007-0316             Multiple SQL injection vulnerabilities in All In
                         One Control Panel (AIOCP) 1.3.010 and earlier,
                         when magic_quotes_gpc is disabled, allow
                         remote attackers to execute arbitrary SQL
                         commands via the (1) xuser_name parameter
                         to shared/code/cp_authorization.php, and the
                         (2) did parameter to
                         public/code/cp_downloads.php, different vectors
                         than CVE-2007-0223.
                7 High                                                        AVAIL
CVE-2007-0339             SQL injection vulnerability in index.php (aka the
                         login form) in Scriptme SMe FileMailer 1.21
                         allows remote attackers to execute arbitrary
                         SQL commands via the Password field (ps
                         parameter). NOTE: some of these details are
                         obtained from third party information.
                7 High                                                      AVAIL
CVE-2007-0340             SQL injection vulnerability in inc/header.inc.php
                         in ThWboard 3.0b2.84-php5 and earlier allows
                         remote attackers to execute arbitrary SQL
                         commands via the board[styleid] parameter to
                7 High   index.php.                                         AVAIL
CVE-2007-0346             SQL injection vulnerability in index.php in SmE
                         FileMailer 1.21 allows remote attackers to
                         execute arbitrary SQL commands via the us
                7 High   parameter.                                         AVAIL
CVE-2007-0350                 Multiple SQL injection vulnerabilities in (a)
                             index.php and (b) dl.php in SmE FileMailer 1.21
                             and earlier allow remote attackers to execute
                             arbitrary SQL commands via the (1) ps, (2) us,
                             (3) f, or (4) code parameter. NOTE: the us
                             vector in index.php is already covered by CVE-
                             2007-0346. NOTE: The provenance of this
                             information is unknown; the details are obtained
                             solely from third party information.
                 7 High                                                         AVAIL
CVE-2007-0354                 SQL injection vulnerability in email.php in MGB
                             OpenSource Guestbook 0.5.4.5 and earlier
                             allows remote attackers to execute arbitrary
                             SQL commands via the id parameter.
                 7 High                                                         AVAIL
CVE-2007-0369                 SQL injection vulnerability in phpBP RC3
                             (2.204) and earlier allows remote attackers to
                             execute arbitrary SQL commands via the
                 7 High      comment forum.                                     AVAIL
CVE-2007-0372                 Multiple SQL injection vulnerabilities in
                             Francisco Burzi PHP-Nuke 7.9 allow remote
                             attackers to execute arbitrary SQL commands
                             via (1) the active parameter in
                             admin/modules/modules.php; the (2) ad_class,
                             (3) imageurl, (4) clickurl, (5) ad_code, or (6)
                             position parameter in
                             modules/Advertising/admin/index.php; or
                             unspecified vectors in the (7) advertising, (8)
                 7 High      weblinks, or (9) reviews section.                  AVAIL
CVE-2007-0373                 Multiple SQL injection vulnerabilities in Joomla!
                             1.5.0 Beta allow remote attackers to execute
                             arbitrary SQL commands via (1) the searchword
                             parameter in certain files; the where parameter
                             in (2) plugins/search/content.php or (3)
                             plugins/search/weblinks.php; the text parameter
                             in (4) plugins/search/contacts.php, (5)
                             plugins/search/categories.php, or (6)
                             plugins/search/sections.php; or (7) the email
                             parameter in database/table/user.php, which is
                             not properly handled by the check function.


                5.6 Medium                                                      AVAIL
CVE-2007-0374                 SQL injection vulnerability in (1) Joomla! 1.0.11
                             and 1.5 Beta, and (2) Mambo 4.6.1, allows
                             remote attackers to execute arbitrary SQL
                             commands via the id parameter when
                 7 High      cancelling content editing.                        AVAIL
CVE-2007-0377             Multiple SQL injection vulnerabilities in Xoops
                         2.0.16 allow remote attackers to execute
                         arbitrary SQL commands via (1) the id
                         parameter in kernel/group.php in core, (2) the
                         lid parameter in class/table_broken.php in the
                         Weblinks module, and other unspecified
                7 High   vectors.                                          AVAIL
CVE-2007-0378             Multiple SQL injection vulnerabilities in DocMan
                         1.3 RC2 allow attackers to execute arbitrary
                         SQL commands via unspecified vectors.
                7 High                                                     AVAIL
CVE-2007-0381             Multiple SQL injection vulnerabilities in ATutor
                         1.5.3.2 allow remote attackers to execute
                         arbitrary SQL commands via unspecified
                         parameters. NOTE: CVE analysis suggests that
                         the vendor fixed these issues.
                7 High                                                     AVAIL
CVE-2007-0382             Multiple SQL injection vulnerabilities in
                         letterman.class.php in the Letterman 1.2.3
                         (com_letterman) component for Joomla! before
                         1.0.12 allow remote attackers to execute
                         arbitrary SQL commands via the id parameter,
                         related to the (1) lm_sendMail, (2)
                         saveNewsletter, and (3) cancelNewsletter
                7 High   functions.                                        AVAIL
CVE-2007-0387             SQL injection vulnerability in
                         models/category.php in the Weblinks
                         component for Joomla! SVN 20070118
                         (com_weblinks) allows remote attackers to
                         execute arbitrary SQL commands via the catid
                7 High   parameter.                                        AVAIL
CVE-2007-0388             SQL injection vulnerability in search.php in
                         Woltlab Burning Board (wBB) 1.0.2 and earlier,
                         and 2.3.6 and earlier in the 2.x series, allows
                         remote attackers to execute arbitrary SQL
                         commands via the boardids[1] and other board[]
                7 High   parameters.                                       AVAIL
CVE-2007-0401             SQL injection vulnerability in
                         admin/memberlist.php in Easebay Resources
                         Login Manager 3.0 allows remote attackers to
                         execute arbitrary SQL commands via the
                7 High   init_row parameter.                               AVAIL
CVE-2007-0403             SQL injection vulnerability in
                         admin/memberlist.php in Easebay Resources
                         Paypal Subscription Manager allows remote
                         attackers to execute arbitrary SQL commands
                7 High   via the keyword parameter.                        AVAIL
CVE-2007-0484                 Multiple SQL injection vulnerabilities in
                             Enthusiast 3.1 allow remote attackers to
                             execute arbitrary SQL commands via the cat
                             parameter to (1) show_owned.php, (2)
                             show_joined.php, and possibly other files.
                             NOTE: The provenance of this information is
                             unknown; the details are obtained solely from
                 7 High      third party information.                             AVAIL
CVE-2007-0492                 Multiple SQL injection vulnerabilities in
                             gallery.php in webSPELL 4.01.02 and earlier
                             allow remote attackers to execute arbitrary SQL
                             commands via the (1) id or (2) galleryID
                             parameter. NOTE: The provenance of this
                             information is unknown; the details are obtained
                 7 High      solely from third party information.                 AVAIL
CVE-2007-0502                 SQL injection vulnerability in gallery.php in
                             webSPELL 4.01.02 allows remote attackers to
                             execute arbitrary SQL commands via the picID
                             parameter, a different vector than CVE-2007-
                 7 High      0492.                                                AVAIL
CVE-2007-0504                 Eval injection vulnerability in poll_frame.php in
                             Vote! Pro 4.0, and possibly other scripts, allows
                             remote attackers to execute arbitrary code via
                             the poll_id parameter, which is supplied to an
                             eval function call, a different vulnerability type
                10 High      than CVE-2005-4632.                                  AVAIL
CVE-2007-0507                 SQL injection vulnerability in the Acidfree
                             module for Drupal before 4.6.x-1.0, and before
                             4.7.x-1.0 in the 4.7 series, allows remote
                             authenticated users with "create acidfree
                             albums" privileges to execute arbitrary SQL
                3.4 Low      commands via node titles.                            AVAIL
CVE-2007-0520                 SQL injection vulnerability in banner.php in
                             Unique Ads (UDS) 1.x allows remote attackers
                             to execute arbitrary SQL commands via the bid
                 7 High      parameter.                                           AVAIL
CVE-2007-0527                 SQL injection vulnerability in the
                             is_remembered function in class.login.php in
                             Website Baker 2.6.5 and earlier allows remote
                             attackers to execute arbitrary SQL commands
                             via the REMEMBER_KEY cookie parameter.
                             NOTE: some of these details are obtained from
                             third party information.
                5.6 Medium                                                        AVAIL
CVE-2007-0535             Multiple eval injection vulnerabilities in Vote!
                         Pro 4.0, and possibly earlier, allow remote
                         attackers to execute arbitrary code via requests
                         to unspecified PHP scripts with the poll_id
                         parameter, which is supplied to eval function
                         calls, a different set of vectors than CVE-2007-
                         0504. NOTE: The provenance of this
                         information is unknown; the details are obtained
                7 High   solely from third party information.                 AVAIL
CVE-2007-0554             SQL injection vulnerability in print.asp in Guo
                         Xu Guos Posting System (GPS) 1.2 allows
                         remote attackers to execute arbitrary SQL
                7 High   commands via the id parameter.                       AVAIL
CVE-2007-0560             SQL injection vulnerability in user.asp in ASP
                         EDGE 1.2b and earlier allows remote attackers
                         to execute arbitrary SQL commands via the
                7 High   user parameter.                                      AVAIL
CVE-2007-0566             SQL injection vulnerability in news_detail.asp in
                         ASP NEWS 3 and earlier allows remote
                         attackers to execute arbitrary SQL commands
                7 High   via the id parameter.                                AVAIL
CVE-2007-0569             SQL injection vulnerability in xNews.php in
                         xNews 1.3 allows remote attackers to execute
                         arbitrary SQL commands via the id parameter in
                7 High   a shownews action.                                   AVAIL
CVE-2007-0574             SQL injection vulnerability in
                         rss/show_webfeed.php in SpoonLabs Vivvo
                         Article Management CMS (aka phpWordPress)
                         3.40 allows remote attackers to execute
                         arbitrary SQL commands via the wcHeadlines
                         parameter, a different vector than CVE-2006-
                         4715. NOTE: The provenance of this
                         information is unknown; the details are obtained
                         solely from third party information.
                7 High                                                        AVAIL
CVE-2007-0575             Multiple SQL injection vulnerabilities in the
                         administrative login page (admin/login.asp) in
                         ASPCode.net AdMentor allow remote attackers
                         to execute arbitrary SQL commands via the (1)
                         Userid and (2) Password fields.
                7 High                                                        AVAIL
CVE-2007-0582             SQL injection vulnerability in default.asp in
                         ChernobiLe 1.0 allows remote attackers to
                         execute arbitrary SQL commands via the User
                7 High   (username) field.                                    AVAIL
CVE-2007-0589             SQL injection vulnerability in Forum Livre 1.0
                         allows remote attackers to execute arbitrary
                         SQL commands via the user parameter to
                7 High   info_user.asp.                                       AVAIL
CVE-2007-0598                 SQL injection vulnerability in forum/load.php in
                             Aztek Forum 4.00 allows remote attackers to
                             execute arbitrary SQL commands via the fid
                 7    High   cookie to forum.php.                               AVAIL
CVE-2007-0600                 SQL injection vulnerability in news_page.asp in
                             Martyn Kilbryde Newsposter Script (aka makit
                             news/blog poster) 3 and earlier allows remote
                             attackers to execute arbitrary SQL commands
                             via the uid parameter.
                 7    High                                                      AVAIL
CVE-2007-0623                 SQL injection vulnerability in index.php in
                             MAXdev MDPro 1.0.76 allows remote attackers
                             to execute arbitrary SQL commands via the
                 7    High   startrow parameter.                                AVAIL
CVE-2007-0630                 Multiple SQL injection vulnerabilities in the
                             generate_csv function in
                             classes/class.news.php in X-dev xNews 1.3 and
                             earlier allow remote attackers to execute
                             arbitrary SQL commands via the (1) id, (2) from,
                             and (3) q parameters, different vectors than
                             CVE-2007-0569. NOTE: The provenance of this
                             information is unknown; the details are obtained
                             solely from third party information.
                 7    High                                                      AVAIL
CVE-2007-0631                 SQL injection vulnerability in index.php in
                             Eclectic Designs CascadianFAQ 4.1 and earlier
                             allows remote attackers to execute arbitrary
                             SQL commands via the catid parameter.
                 7    High                                                      AVAIL
CVE-2007-0632                 SQL injection vulnerability in artreplydelete.asp
                             in ASP EDGE 1.3a and earlier allows remote
                             attackers to execute arbitrary SQL commands
                             via a username cookie, a different vector than
                             CVE-2007-0560.
                 7    High                                                      AVAIL
CVE-2007-0642                 SQL injection vulnerability in tForum 2.00 in the
                             Raymond BERTHOU script collection (aka RBL -
                             ASP allows remote attackers to execute
                             arbitrary SQL commands via the (1) id and (2)
                 7    High   pass to user_confirm.asp.                          AVAIL
CVE-2007-0663                 SQL injection vulnerability in index.php in
                             Eclectic Designs CascadianFAQ 4.1 and earlier
                             allows remote attackers to execute arbitrary
                             SQL commands via the qid parameter, a
                             different vector than CVE-2007-0631. NOTE:
                             The provenance of this information is unknown;
                             the details are obtained solely from third party
                 7    High   information.                                       AVAIL
CVE-2007-0676                 SQL injection vulnerability in faq.php in
                             ExoPHPDesk 1.2.1 and earlier allows remote
                             attackers to execute arbitrary SQL commands
                5.6   Medium via the id parameter.                              AVAIL
CVE-2007-0678                 SQL injection vulnerability in windows.asp in
                             Fullaspsite Asp Hosting Sitesi allows remote
                             attackers to execute arbitrary SQL commands
                 7 High      via the kategori_id parameter.                    AVAIL
CVE-2007-0687                 SQL injection vulnerability in i-search.php in
                             Michelle's L2J Dropcalc 4 and earlier allows
                             remote authenticated users to execute arbitrary
                             SQL commands via the itemid parameter.
                4.2 Medium                                                      AVAIL
CVE-2007-0688               SQL injection vulnerability in oku.asp in
                           Hunkaray Duyuru Scripti allows remote
                           attackers to execute arbitrary SQL commands
                  7 High   via the id parameter.                                AVAIL
CVE-2007-0695               Multiple SQL injection vulnerabilities in Free
                           LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3
                           allow remote attackers to execute arbitrary SQL
                           commands via unspecified vectors. NOTE:
                           some sources mention the escape_sqlData,
                           implode_sql, and implode_sqlIn functions, but
                           these are protection schemes, not the
                           vulnerable functions.
                  7 High                                                        AVAIL
CVE-2007-0698               Multiple SQL injection vulnerabilities in
                           ACGVannu 1.3 and earlier allow remote
                           attackers to execute arbitrary SQL commands
                           via the id_mod parameter to
                           templates/modif.html, and other unspecified
                           vectors. NOTE: The provenance of this
                           information is unknown; the details are obtained
                5.6 Medium solely from third party information.                 AVAIL
CVE-2007-0759               Multiple SQL injection vulnerabilities in
                           EasyMoblog 0.5.1 allow remote attackers to
                           execute arbitrary SQL commands via the (1) i or
                           (2) post_id parameter to add_comment.php,
                           which triggers an injection in libraries.inc.php; or
                           (3) the i parameter to list_comments.php, which
                           triggers an injection in libraries.inc.php.
                  7 High                                                        AVAIL
CVE-2007-0765               SQL injection vulnerability in news.php in dB
                           Masters Curium CMS 1.03 and earlier allows
                           remote attackers to execute arbitrary SQL
                  7 High   commands via the c_id parameter.                     AVAIL
CVE-2007-0784               SQL injection vulnerability in login.asp for
                           tPassword in the Raymond BERTHOU script
                           collection (aka RBL - ASP) allows remote
                           attackers to execute arbitrary SQL commands
                           via the (1) User and (2) Password parameters.
                  7 High                                                        AVAIL
CVE-2007-0786             SQL injection vulnerability in view.php in
                         Noname Media Photo Galerie Standard 1.1.1
                         and earlier allows remote attackers to execute
                         arbitrary SQL commands via the id parameter.
                7 High                                                    AVAIL
CVE-2007-0789             SQL injection vulnerability in Mambo before
                         4.5.5 allows remote attackers to execute
                         arbitrary SQL commands via unspecified
                         vectors in cancel edit functions, possibly related
                7 High   to the id parameter.                               AVAIL
CVE-2007-0794             ** DISPUTED ** SQL injection vulnerability in
                         inc/common.php in GlobalMegaCorp dvddb 0.6
                         allows remote attackers to execute arbitrary
                         SQL commands via the user parameter. NOTE:
                         this issue has been disputed by a reliable third
                         party, who states that inc/common.php only
                         contains function definitions.
                7 High                                                      AVAIL
CVE-2007-0799             SQL injection vulnerability in badword.asp in
                         Ublog Reload 1.0.5 allows remote attackers to
                         execute arbitrary SQL commands via
                7 High   unspecified vectors.                               AVAIL
CVE-2007-0812             SQL injection vulnerability in pms.php in
                         Woltlab Burning Board (wBB) Lite 1.0.2pl3e and
                         earlier allows remote authenticated users to
                         execute arbitrary SQL commands via the
                7 High   pmid[0] parameter.                                 AVAIL
CVE-2007-0826             SQL injection vulnerability in forum.asp in
                         Kisisel Site 2007 allows remote attackers to
                         execute arbitrary SQL commands via the
                7 High   forumid parameter.                                 AVAIL
CVE-2007-0847             SQL injection vulnerability in mod/PM/reply.php
                         in Open Tibia Server CMS (OTSCMS) 2.1.5 and
                         earlier allows remote attackers to execute
                         arbitrary SQL commands via the id parameter
                7 High   to priv.php.                                       AVAIL
CVE-2007-0853             SQL injection vulnerability in DevTrack 6.0.3
                         allows remote attackers to execute arbitrary
                         SQL commands via the Username form field.
                         NOTE: the provenance of this information is
                         unknown; the details are obtained solely from
                7 High   third party information.                           AVAIL
CVE-2007-0875             ** DISPUTED ** SQL injection vulnerability in
                         install.php in mcRefer allows remote attackers
                         to execute arbitrary SQL commands via
                         unspecified vectors. NOTE: this issue has been
                         disputed by a third party, stating that the file
                         does not use a SQL database.
                7 High                                                      AVAIL
CVE-2007-0904             SQL injection vulnerability in projects.php in
                         LightRO CMS 1.0 allows remote attackers to
                         execute arbitrary SQL commands via the ID
                7 High   parameter to index.php.                              AVAIL
CVE-2007-0920             SQL injection vulnerability in
                         philboard_forum.asp in Philboard 1.14 and
                         earlier allows remote attackers to execute
                         arbitrary SQL commands via the forumid
                7 High   parameter.                                           AVAIL
CVE-2007-0951             SQL injection vulnerability in listmain.asp in
                         Fullaspsite ASP Hosting Site allows remote
                         attackers to execute arbitrary SQL commands
                7 High   via the cat parameter.                               AVAIL
CVE-2007-0970             Multiple SQL injection vulnerabilities in
                         WebTester 5.0.20060927 and earlier allow
                         remote attackers to execute arbitrary SQL
                         commands via the testID parameter to
                         directions.php, and unspecified parameters to
                7 High   other files that accept GET or POST input.           AVAIL
CVE-2007-0971             Multiple SQL injection vulnerabilities in Jupiter
                         CMS 1.1.5 allow remote attackers to execute
                         arbitrary SQL commands via the Client-IP
                         HTTP header and certain other HTTP headers,
                         which set the ip variable that is used in SQL
                         queries performed by index.php and certain
                         other PHP scripts. NOTE: the attack vector
                         might involve _SERVER.
                7 High                                                        AVAIL
CVE-2007-1026             SQL injection vulnerability in view.php in
                         XLAtunes 0.1 and earlier allows remote
                         attackers to execute arbitrary SQL commands
                         via the album parameter in view mode. NOTE:
                         some of these details are obtained from third
                7 High   party information.                                   AVAIL
CVE-2007-1107             SQL injection vulnerability in thumbnails.php in
                         Coppermine Photo Gallery (CPG) 1.3.x allows
                         remote authenticated users to execute arbitrary
                         SQL commands via a cpg131_fav cookie.
                7 High                                                        AVAIL
CVE-2007-1956             SQL injection vulnerability in ubbthreads.php in
                         Groupee UBB.threads 6.1.1 and earlier allows
                         remote attackers to execute arbitrary SQL
                7 High   commands via the C parameter.                     AVAIL
CVE-2007-0243             Buffer overflow in Sun JDK and Java Runtime
                         Environment (JRE) 5.0 Update 9 and earlier,
                         SDK and JRE 1.4.2_12 and earlier, and SDK
                         and JRE 1.3.1_18 and earlier allows applets to
                         gain privileges via a GIF image with a block with
                         a 0 width field, which triggers memory
                8 High   corruption.                                       AVAIL
CVE-2007-0263                 Unspecified vulnerability in Total Commander
                             before 6.5.6 allows user-assisted remote
                             attackers to delete arbitrary files and corrupt a
                             filesystem via a crafted RAR file. NOTE: The
                             provenance of this information is unknown; the
                             details are obtained solely from third party
                5.3   Medium information.                                         AVAIL
CVE-2007-1322                 QEMU 0.8.2 allows local users to halt a virtual
                             machine by executing the icebp instruction.
                2.3   Low                                                         AVAIL
CVE-2007-1366                 QEMU 0.8.2 allows local users to crash a
                             virtual machine via the divisor operand to the
                             aam instruction, as demonstrated by "aam 0x0,"
                2.3   Low    which triggers a divide-by-zero error.               AVAIL
CVE-2007-2120                 The Oracle Discoverer servlet in Oracle
                             Application Server 9.0.4.3, 10.1.2.0.2, and
                             10.1.2.2.0 allows remote attackers to shut down
                             an Oracle TNS Listener via a TNS STOP
                             commmand in a request that uses the
                3.3   Low    database/TNS alias, aka AS01.                        AVAIL
CVE-2007-2172                 A typo in Linux kernel 2.6 before 2.6.21-rc6
                             causes RTA_MAX to be used as an array size
                             instead of RTN_MAX, which leads to an "out of
                             bound access" by the (1) dn_fib_props
                             (dn_fib.c, DECNet) and (2) fib_props
                3.3   Low    (fib_semantics.c, IPv4) functions.                   AVAIL
CVE-2007-0001                 The file watch implementation in the audit
                             subsystem (auditctl -w) in the Red Hat
                             Enterprise Linux (RHEL) 4 kernel 2.6.9 allows
                             local users to cause a denial of service (kernel
                             panic) by replacing a watched file, which does
                             not cause the watch on the old inode to be
                1.9   Low    dropped.                                             AVAIL
CVE-2007-0006                 The key serial number collision avoidance code
                             in the key_alloc_serial function in Linux kernel
                             2.6.9 up to 2.6.20 allows local users to cause a
                             denial of service (crash) via vectors that trigger
                             a null dereference, as originally reported as
                             "spinlock CPU recursion."
                1.3   Low                                                         AVAIL
CVE-2007-0010                 The GdkPixbufLoader function in GIMP ToolKit
                             (GTK+) in GTK 2 (gtk2) before 2.4.13 allows
                             context-dependent attackers to cause a denial
                             of service (crash) via a malformed image file.
                1.6   Low                                                         AVAIL
CVE-2007-0039              The Exchange Collaboration Data Objects
                          (EXCDO) functionality in Microsoft Exchange
                          Server 2000 SP3, 2003 SP1 and SP2, and 2007
                          allows remote attackers to cause a denial of
                          service (crash) via an Internet Calendar (iCal)
                          file containing multiple X-MICROSOFT-CDO-
                          MODPROPS (MODPROPS) properties in which
                          the second MODPROPS is longer than the first,
                          which triggers a NULL pointer dereference and
                          an unhandled exception.
                3.3 Low                                                       AVAIL
CVE-2007-0048              Adobe Acrobat Reader Plugin before 8.0.0,
                          when used with Internet Explorer, allows remote
                          attackers to cause a denial of service (memory
                          consumption) via a long sequence of # (hash)
                          characters appended to a PDF URL.
                2.3 Low                                                       AVAIL
CVE-2007-0067              Unspecified vulnerability in the Lotus Domino
                          Web Server 6.0, 6.5.x before 6.5.6, and 7.0.x
                          before 7.0.3 allows remote attackers to cause a
                          denial of service (daemon crash) via requests
                          for URLs that reference certain files.
                3.3 Low                                                       AVAIL
CVE-2007-0086              ** DISPUTED ** The Apache HTTP Server,
                          when accessed through a TCP connection with
                          a large window size, allows remote attackers to
                          cause a denial of service (network bandwidth
                          consumption) via a Range header that specifies
                          multiple copies of the same fragment. NOTE:
                          the severity of this issue has been disputed by
                          third parties, who state that the large window
                          size required by the attack is not normally
                          supported or configured by the server, or that a
                          DDoS-style attack would accomplish the same
                          goal.
                3.3 Low                                                       AVAIL
CVE-2007-0087              ** DISPUTED ** Microsoft Internet Information
                          Services (IIS), when accessed through a TCP
                          connection with a large window size, allows
                          remote attackers to cause a denial of service
                          (network bandwidth consumption) via a Range
                          header that specifies multiple copies of the
                          same fragment. NOTE: the severity of this issue
                          has been disputed by third parties, who state
                          that the large window size required by the attack
                          is not normally supported or configured by the
                          server, or that a DDoS-style attack would
                          accomplish the same goal.

                3.3 Low                                                       AVAIL
CVE-2007-0099              Race condition in the msxml3 module in
                          Microsoft Internet Explorer 6 allows remote
                          attackers to cause a denial of service
                          (application crash) via many nested tags in an
                          XML document in an IFRAME, when
                          synchronous document rendering is frequently
                          disrupted with asynchronous events, as
                          demonstrated using a JavaScript timer, which
                          can trigger null pointer dereferences or memory
                2.7 Low   corruption.                                       AVAIL
CVE-2007-0102              The Adobe PDF specification 1.3, as
                          implemented by Apple Mac OS X Preview,
                          allows remote attackers to have an unknown
                          impact, possibly including denial of service
                          (infinite loop), arbitrary code execution, or
                          memory corruption, via a PDF file with a (1)
                          crafted catalog dictionary or (2) a crafted Pages
                          attribute that references an invalid page tree
                 7 High   node.                                             AVAIL
CVE-2007-0103              The Adobe PDF specification 1.3, as
                          implemented by Adobe Acrobat before 8.0.0,
                          allows remote attackers to have an unknown
                          impact, possibly including denial of service
                          (infinite loop), arbitrary code execution, or
                          memory corruption, via a PDF file with a (1)
                          crafted catalog dictionary or (2) a crafted Pages
                          attribute that references an invalid page tree
                 7 High   node.                                             AVAIL
CVE-2007-0104              The Adobe PDF specification 1.3, as
                          implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf
                          in KDE before 3.5.5, (c) poppler before 0.5.4,
                          and other products, allows remote attackers to
                          have an unknown impact, possibly including
                          denial of service (infinite loop), arbitrary code
                          execution, or memory corruption, via a PDF file
                          with a (1) crafted catalog dictionary or (2) a
                          crafted Pages attribute that references an
                          invalid page tree node.
                 7 High                                                     AVAIL
CVE-2007-0113              Buffer overflow in Packeteer PacketShaper
                          PacketWise 8.x allows remote authenticated
                          users to cause a denial of service (reset or
                          reboot) via (1) a long traffic class argument to
                          the "class show" command or (2) a long
                 2 Low    POLICY parameter value in clastree.htm.           AVAIL
CVE-2007-0120              Acunetix Web Vulnerability Scanner (WVS) 4.0
                          Build 20060717 and earlier allows remote
                          attackers to cause a denial of service
                          (application crash) via multiple HTTP requests
                          containing invalid Content-Length values.
                1.3 Low                                                     AVAIL
CVE-2007-0124              Unspecified vulnerability in Drupal before
                          4.6.11, and 4.7 before 4.7.5, when MySQL is
                          used, allows remote authenticated users to
                          cause a denial of service by poisoning the page
                          cache via unspecified vectors, which triggers
                          erroneous 404 HTTP errors for pages that exist.
                1.1 Low                                                     AVAIL
CVE-2007-0125              Kaspersky Labs Antivirus Engine 6.0 for
                          Windows and 5.5-10 for Linux before 20070102
                          enter an infinite loop upon encountering an
                          invalid NumberOfRvaAndSizes value in the
                          Optional Windows Header of a portable
                          executable (PE) file, which allows remote
                          attackers to cause a denial of service (CPU
                          consumption) by scanning a crafted PE file.
                2.3 Low                                                     AVAIL
CVE-2007-0138              formbankcgi.exe in Fersch Formbankserver
                          1.9, when the PATH_INFO begins with (1)
                          AbfrageForm or (2) EingabeForm, allows
                          remote attackers to cause a denial of service
                          (daemon crash) via multiple requests containing
                          many /../ sequences in the Name parameter.
                          NOTE: The provenance of this information is
                          unknown; the details are obtained solely from
                2.3 Low   third party information.                            AVAIL
CVE-2007-0157              Array index error in the uri_lookup function in
                          the URI parser for neon 0.26.0 to 0.26.2,
                          possibly only on 64-bit platforms, allows remote
                          malicious servers to cause a denial of service
                          (crash) via a URI with non-ASCII characters,
                          which triggers a buffer under-read due to a type
                          conversion error that generates a negative
                3.3 Low   index.                                              AVAIL
CVE-2007-0165              Unspecified vulnerability in libnsl in Sun Solaris
                          8 and 9 allows remote attackers to cause a
                          denial of service (crash) via malformed RPC
                          requests that trigger a crash in rpcbind.
                3.3 Low                                                       AVAIL
CVE-2007-0185              Getahead Direct Web Remoting (DWR) before
                          1.1.4 allows attackers to cause a denial of
                          service (memory exhaustion and servlet outage)
                          via unknown vectors related to a large number
                2.3 Low   of calls in a batch.                                AVAIL
CVE-2007-0198              The JTapi Gateway process in Cisco Unified
                          Contact Center Enterprise, Unified Contact
                          Center Hosted, IP Contact Center Enterprise,
                          and Cisco IP Contact Center Hosted 5.0
                          through 7.1 allows remote attackers to cause a
                          denial of service (repeated process restart) via
                          a certain TCP session on the JTapi server port.
                2.3 Low                                                       AVAIL
CVE-2007-0199              The Data-link Switching (DLSw) feature in
                          Cisco IOS 11.0 through 12.4 allows remote
                          attackers to cause a denial of service (device
                          reload) via "an invalid value in a DLSw
                          message... during the capabilities exchange."
                2.3 Low                                                       AVAIL
CVE-2007-0221              Integer overflow in the IMAP (IMAP4) support
                          in Microsoft Exchange Server 2000 SP3 allows
                          remote attackers to cause a denial of service
                          (service hang) via crafted literals in an IMAP
                          command, aka the "IMAP Literal Processing
                3.3 Low   Vulnerability."                                 AVAIL
CVE-2007-0228              The DataCollector service in EIQ Networks
                          Network Security Analyzer allows remote
                          attackers to cause a denial of service (service
                          crash) via a (1) &CONNECTSERVER& (2)
                          &ADDENTRY& (3) &FIN& (4) &START& (5)
                          &LOGPATH& (6) &FWADELTA& (7)
                          &FWALOG& (8) &SETSYNCHRONOUS& (9)
                          &SETPRGFILE&, or (10) &SETREPLYPORT&
                          string to TCP port 10618, which triggers a NULL
                          pointer dereference.

                2.3 Low                                                       AVAIL
CVE-2007-0229              Integer overflow in the ffs_mountfs function in
                          Mac OS X 10.4.8 and FreeBSD 6.1 allows local
                          users to cause a denial of service (panic) and
                          possibly gain privileges via a crafted DMG
                          image that causes "allocation of a negative size
                          buffer" leading to a heap-based buffer overflow,
                          a related issue to CVE-2006-5679. NOTE: a
                          third party states that this issue does not cross
                          privilege boundaries in FreeBSD because only
                          root may mount a filesystem.
                 7 High                                                       AVAIL
CVE-2007-0244              pptpgre.c in PoPToP Point to Point Tunneling
                          Server (pptpd) before 1.3.4 allows remote
                          attackers to cause a denial of service (PPTP
                          connection tear-down) via (1) GRE packets with
                          out-of-order sequence numbers or (2) certain
                          GRE packets that are processed using a wrong
                          pointer and improperly dequeued.
                2.3 Low                                                       AVAIL
CVE-2007-0247              squid/src/ftp.c in Squid before 2.6.STABLE7
                          allows remote FTP servers to cause a denial of
                          service (core dump) via crafted FTP directory
                          listing responses, possibly related to the (1)
                          ftpListingFinish and (2) ftpHtmlifyListEntry
                2.3 Low   functions.                                          AVAIL
CVE-2007-0248                 The aclMatchExternal function in Squid before
                             2.6.STABLE7 allows remote attackers to cause
                             a denial of service (crash) by causing an
                             external_acl queue overload, which triggers an
                2.3   Low    infinite loop.                                    AVAIL
CVE-2007-0256                 VideoLAN VLC 0.8.6a allows remote attackers
                             to cause a denial of service (application crash)
                3.3   Low    via a crafted .wmv file.                          AVAIL
CVE-2007-0267                 The ufs_lookup function in the Mac OS X
                             10.4.8 and FreeBSD 6.1 kernels allows local
                             users to cause a denial of service (kernel panic)
                             and possibly corrupt other filesystems by
                             mounting a crafted UNIX File System (UFS)
                             DMG image that contains a corrupted directory
                             entry (struct direct), related to the ufs_dirbad
                             function. NOTE: a third party states that the
                             FreeBSD issue does not cross privilege
                4.7   Medium boundaries.                                       AVAIL
CVE-2007-0270                 Unspecified vulnerability in Oracle Database
                             9.2.0.7 and 10.1.0.4 has unknown impact and
                             attack vectors related to the Data Guard and
                             sys.dbms_drs privileges, aka DB03. NOTE:
                             Oracle has not disputed a reliable researcher
                             claim that this is a buffer overflow in the
                             GET_PROPERTY function in SYS.DBMS_DRS,
                             which can be exploited for arbitrary code
                             execution or a denial of service.
                 4    Medium                                                   AVAIL
CVE-2007-0299                 Integer overflow in the byte_swap_sbin function
                             in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X
                             10.4.8 allows user-assisted remote attackers to
                             cause a denial of service (kernel panic) by
                             mounting a crafted Unix File System (UFS)
                             DMG image, which triggers an invalid pointer
                2.7   Low    dereference.                                      AVAIL
CVE-2007-0311                 Texas Imperial Software WFTPD and WFTPD
                             Pro Server 3.25 and earlier allow remote
                             attackers to cause a denial of service
                             (application crash) via a long SITE ADMIN
                2.3   Low    command.                                          AVAIL
CVE-2007-0318                 The do_hfs_truncate function in Mac OS X
                             10.4.8 allows context-dependent attackers to
                             cause a denial of service (kernel panic) via a
                             crafted HFS+ filesystem in a DMG image, which
                             causes an access of an invalid vnode structure
                3.3   Low    during file removal.                              AVAIL
CVE-2007-0342                 WebCore in Apple WebKit build 18794 allows
                             remote attackers to cause a denial of service
                             (null dereference and application crash) via a
                             TD element with a large number in the
                             ROWSPAN attribute, as demonstrated by a
                             crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a
                             different vulnerability than CVE-2006-2019.
                2.3 Low                                                         AVAIL
CVE-2007-0343                 OpenBSD before 20070116 allows remote
                             attackers to cause a denial of service (infinite
                             loop and CPU consumption) via certain IPv6
                2.3 Low      ICMP (aka ICMP6) echo request packets.             AVAIL
CVE-2007-0356                 The Common Controls Replacement Project
                             (CCRP) FolderTreeview (FTV) ActiveX control
                             (ccrpftv6.ocx) allows remote attackers to cause
                             a denial of service (Internet Explorer 7 crash)
                             via a long CCRP.RootFolder property value.
                2.3 Low                                                         AVAIL
CVE-2007-0358                 Unspecified vulnerability in the FTP server
                             implementation in HP Jetdirect firmware x.20.nn
                             through x.24.nn allows remote attackers to
                             cause a denial of service via unknown vectors.
                3.3 Low                                                       AVAIL
CVE-2007-0371               A certain ActiveX control in the Common
                           Controls Replacement Project (CCRP) CCRP
                           BrowseDialog Server (ccrpbds6.dll) allows
                           remote attackers to cause a denial of service
                           (Internet Explorer 7 crash) via a long
                1.9 Low    CCRP_BDc.SelectedFolder property value.            AVAIL
CVE-2007-0396               Unspecified vulnerability in HP-UX B.11.23,
                           when running IPFilter in combination with
                           PHNE_34474, allows remote attackers to cause
                           a denial of service (system crash) via
                2.7 Low    unspecified vectors.                               AVAIL
CVE-2007-0406               Multiple buffer overflows in the (1) main
                           function in (a) client.c, and the (2) server_setup
                           and (3) server_client_connect functions in (b)
                           server.c in gxine 0.5.9 and earlier allow local
                           users to cause a denial of service (daemon
                           crash) or gain privileges via a long HOME
                           environment variable. NOTE: some of these
                           details are obtained from third party information.
                4.9 Medium                                                    AVAIL
CVE-2007-0410               Unspecified vulnerability in the thread
                           management in BEA WebLogic 7.0 through 7.0
                           SP6, 8.1 through 8.1 SP5, 9.0, and 9.1, when
                           T3 authentication is used, allows remote
                           attackers to cause a denial of service (thread
                           and system hang) via unspecified "sequences
                2.3 Low    of events."                                        AVAIL
CVE-2007-0414               BEA WebLogic Server 6.1 through 6.1 SP7, 7.0
                           through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0
                           allows remote attackers to cause a denial of
                           service (server hang) via certain requests that
                           cause muxer threads to block when processing
                2.3 Low    error pages.                                     AVAIL
CVE-2007-0419               The BEA WebLogic Server proxy plug-in
                           before June 2006 for the Apache HTTP Server
                           does not properly handle protocol errors, which
                           allows remote attackers to cause a denial of
                2.3 Low    service (server outage).                         AVAIL
CVE-2007-0421               BEA WebLogic Server 6.1 through 6.1 SP7,
                           and 7.0 through 7.0 SP7 allows remote
                           attackers to cause a denial of service (disk
                           consumption) via requests containing
                           malformed headers, which cause a large
                           amount of data to be written to the server log.
                4.7 Medium                                                  AVAIL
CVE-2007-0422               BEA WebLogic Server 9.0, 9.1, and 9.2 Gold,
                           when running on Solaris 9, allows remote
                           attackers to cause a denial of service (server
                           inaccessibility) via manipulated socket
                2.3 Low    connections.                                     AVAIL
CVE-2007-0424               Unspecified vulnerability in the BEA WebLogic
                           Server proxy plug-in for Netscape Enterprise
                           Server before September 2006 for Netscape
                           Enterprise Server allow remote attackers to
                           cause a denial of service via certain requests
                           that trigger errors that lead to a server being
                           marked as unavailable, hosting web server
                           failure, or CPU consumption.
                2.3 Low                                                     AVAIL
CVE-2007-0428               Unspecified vulnerability in the chtbl_lookup
                           function in hash.c for WzdFTPD 8.0 and earlier
                           allows remote attackers to cause a denial of
                           service via a crafted FTP command, probably
                2.3 Low    due to a NULL pointer dereference.               AVAIL
CVE-2007-0429               DivXBrowserPlugin (aka DivX Web Player)
                           npdivx32.dll, as distributed with DivX Player
                           6.4.1, allows remote attackers to cause a denial
                           of service (Internet Explorer 7 crash) by
                           invoking the GoWindowed method for a certain
                2.3 Low    instance of the ActiveX object.                  AVAIL
CVE-2007-0430               The shared_region_map_file_np function in
                           Apple Mac OS X 10.4.8 and earlier kernel
                           allows local users to cause a denial of service
                           (memory corruption) via a large mappingCount
                2.3 Low    value.                                           AVAIL
CVE-2007-0431              AVM Fritz!Box 7050, and possibly other
                          product models, allows remote attackers to
                          cause a denial of service (VoIP application
                          crash) via a zero-length UDP packet to the SIP
                3.3 Low   port (port 5060).                                  AVAIL
CVE-2007-0451              Apache SpamAssassin before 3.1.8 allows
                          remote attackers to cause a denial of service
                          via long URLs in malformed HTML, which
                3.3 Low   triggers "massive memory usage."                   AVAIL
CVE-2007-0452              smbd in Samba 3.0.6 through 3.0.23d allows
                          remote authenticated users to cause a denial of
                          service (memory and CPU exhaustion) by
                          renaming a file in a way that prevents a request
                          from being removed from the deferred open
                          queue, which triggers an infinite loop.
                 2 Low                                                       AVAIL
CVE-2007-0456              Unspecified vulnerability in the LLT dissector in
                          Wireshark (formerly Ethereal) 0.99.3 and 0.99.4
                          allows remote attackers to cause a denial of
                          service (application crash) via unspecified
                2.7 Low   vectors.                                           AVAIL
CVE-2007-0457              Unspecified vulnerability in the IEEE 802.11
                          dissector in Wireshark (formerly Ethereal)
                          0.10.14 through 0.99.4 allows remote attackers
                          to cause a denial of service (application crash)
                2.7 Low   via unspecified vectors.                           AVAIL
CVE-2007-0458              Unspecified vulnerability in the HTTP dissector
                          in Wireshark (formerly Ethereal) 0.99.3 and
                          0.99.4 allows remote attackers to cause a
                          denial of service (application crash) via
                          unspecified vectors, a different issue than CVE-
                1.9 Low   2006-5468.                                         AVAIL
CVE-2007-0459              packet-tcp.c in the TCP dissector in Wireshark
                          (formerly Ethereal) 0.99.2 through 0.99.4 allows
                          remote attackers to cause a denial of service
                          (application crash or hang) via fragmented
                1.9 Low   HTTP packets.                                      AVAIL
CVE-2007-0461              Multiple memory leaks in the Dazuko anti-virus
                          helper module before 2.3.2 allow attackers to
                          cause a denial of service (memory
                2.3 Low   consumption) via unknown vectors.                  AVAIL
CVE-2007-0464              The _CFNetConnectionWillEnqueueRequests
                          function in CFNetwork 129.19 on Apple Mac OS
                          X 10.4.8 allows remote attackers to cause a
                          denial of service (application crash) via a
                          crafted HTTP 301 response, which results in a
                          NULL pointer dereference.
                2.3 Low                                                      AVAIL
CVE-2007-0479              Memory leak in the TCP listener in Cisco IOS
                          9.x, 10.x, 11.x, and 12.x allows remote
                          attackers to cause a denial of service by
                          sending crafted TCP traffic to an IPv4 address
                3.3 Low   on the IOS device.                                AVAIL
CVE-2007-0481              Cisco IOS allows remote attackers to cause a
                          denial of service (crash) via a crafted IPv6 Type
                3.3 Low   0 Routing header.                                 AVAIL
CVE-2007-0488              The Huawei Versatile Routing Platform 1.43
                          2500E-003 firmware on the Quidway R1600
                          Router, and possibly other models, allows
                          remote attackers to cause a denial of service
                2.3 Low   (device crash) via a long show arp command.       AVAIL
CVE-2007-0493              Use-after-free vulnerability in ISC BIND 9.3.0
                          up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to
                          9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum
                          only) allows remote attackers to cause a denial
                          of service (named daemon crash) via
                          unspecified vectors that cause named to
                          "dereference a freed fetch context."
                3.3 Low                                                     AVAIL
CVE-2007-0494              ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0
                          up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to
                          9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum
                          only) allows remote attackers to cause a denial
                          of service (exit) via a type * (ANY) DNS query
                          response that contains multiple RRsets, which
                          triggers an assertion error, aka the "DNSSEC
                          Validation" vulnerability.
                1.9 Low                                                     AVAIL
CVE-2007-0512              Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-
                          04 through 03-06-/K, and 03-00 through 03-03-
                          /H; and TP1/Server Base 05-00 through 05-00-
                          /M, 03-01-E through 03-01-FD, 03-01 through
                          03-01-DB, and 05-03; allow attackers to cause
                          a denial of service (process crash) via invalid
                          data to an OpenTP1 port.
                2.3 Low                                                     AVAIL
CVE-2007-0513              Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6,
                          6(64), 5.0, and 5.0(64); and various products
                          that bundle HiRDB Datareplicator; allows
                          attackers to cause a denial of service (CPU
                2.3 Low   consumption) via certain data.                    AVAIL
CVE-2007-0521              The Sony Ericsson K700i and W810i phones
                          allow remote attackers to cause a denial of
                          service (continual modal dialogs and UI
                          unavailability) by repeatedly trying to OBEX
                          push a file over Bluetooth, as demonstrated by
                1.9 Low   ussp-push.                                        AVAIL
CVE-2007-0522              The Motorola MOTORAZR V3 phone allows
                          remote attackers to cause a denial of service
                          (continual modal dialogs and UI unavailability)
                          by repeatedly trying to OBEX push a file over
                          Bluetooth, as demonstrated by ussp-push.
                1.9 Low                                                       AVAIL
CVE-2007-0523              The Nokia N70 phone allows remote attackers
                          to cause a denial of service (continual modal
                          dialogs and UI unavailability) by repeatedly
                          trying to OBEX push a file over Bluetooth, as
                          demonstrated by ussp-push.
                1.9 Low                                                       AVAIL
CVE-2007-0524              The LG Chocolate KG800 phone allows remote
                          attackers to cause a denial of service (continual
                          modal dialogs and UI unavailability) by
                          repeatedly trying to OBEX push a file over
                          Bluetooth, as demonstrated by ussp-push.
                1.9 Low                                                       AVAIL
CVE-2007-0533              The AToZed IntraWeb component 8.0 and
                          earlier for Borland Delphi and Kylix, and
                          IntraWeb 9.0 before build (9.0.12), allows
                          remote attackers to cause a denial of service
                          (thread hang or CPU consumption) via a crafted
                          HTTP request, related to the OnBeforeDispatch
                          function in the TIWServerController object.
                2.3 Low                                                       AVAIL
CVE-2007-0538              Telligent Community Server 2.1 and earlier
                          allows remote attackers to cause a denial of
                          service (bandwidth or thread consumption) via
                          pingback service calls with a source URI that
                          corresponds to (1) a large file, which triggers a
                          long download session without a timeout
                          constraint; or (2) a file with a binary content
                          type, which is downloaded even though it
                          cannot contain usable pingback data.
                2.3 Low                                                       AVAIL
CVE-2007-0539              The wp_remote_fopen function in WordPress
                          before 2.1 allows remote attackers to cause a
                          denial of service (bandwidth or thread
                          consumption) via pingback service calls with a
                          source URI that corresponds to a large file,
                          which triggers a long download session without
                          a timeout constraint.
                3.3 Low                                                       AVAIL
CVE-2007-0540              WordPress allows remote attackers to cause a
                          denial of service (bandwidth or thread
                          consumption) via pingback service calls with a
                          source URI that corresponds to a file with a
                          binary content type, which is downloaded even
                          though it cannot contain usable pingback data.
                2.3 Low                                                       AVAIL
CVE-2007-0548                 KarjaSoft Sami HTTP Server 2.0.1 allows
                             remote attackers to cause a denial of service
                             (daemon hang) via a large number of requests
                2.3   Low    for nonexistent objects.                              AVAIL
CVE-2007-0555                 PostgreSQL 7.3 before 7.3.13, 7.4 before
                             7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and
                             8.2 before 8.2.2 allows attackers to disable
                             certain checks for the data types of SQL
                             function arguments, which allows remote
                             authenticated users to cause a denial of service
                             (server crash) and possibly access database
                 4    Medium content.                                              AVAIL
CVE-2007-0556                 The query planner in PostgreSQL before
                             8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2
                             does not verify that a table is compatible with a
                             "previously made query plan," which allows
                             remote authenticated users to cause a denial of
                             service (server crash) and possibly access
                             database content via an "ALTER COLUMN
                             TYPE" SQL statement, which can be leveraged
                             to read arbitrary memory from the server.
                3.2   Low                                                          AVAIL
CVE-2007-0562                 Windows Explorer (explorer.exe)
                             6.0.2900.2180 in Microsoft Windows XP SP2
                             allows user-assisted remote attackers to cause
                             a denial of service (application crash) via a
                             crafted .avi file, which triggers the crash when
                1.9   Low    the user right clicks on the file.                    AVAIL
CVE-2007-0564                 The license registering interface in Symantec
                             Web Security (SWS) before 3.0.1.85 allows
                             attackers to cause a denial of service (CPU
                             consumption) by submitting a large file.
                1.4   Low                                                          AVAIL
CVE-2007-0578                 The http_open function in httpget.c in mpg123
                             before 0.64 allows remote attackers to cause a
                             denial of service (infinite loop) by closing the
                1.9   Low    HTTP connection early.                                AVAIL
CVE-2007-0612                 Multiple ActiveX controls in Microsoft Windows
                             2000, XP, 2003, and Vista allows remote
                             attackers to cause a denial of service (Internet
                             Explorer crash) by accessing the bgColor,
                             fgColor, linkColor, alinkColor, vlinkColor, or
                             defaultCharset properties in the (1) giffile, (2)
                             htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile,
                             (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile,
                             (10) xslfile, or (11) wdfile objects in (a)
                             mshtml.dll; or the (12)
                             TriEditDocument.TriEditDocument or (13)
                             TriEditDocument.TriEditDocument.1 objects in
                             (b) triedit.dll, which cause a NULL pointer
                3.3   Low    dereference.                                          AVAIL
CVE-2007-0613                   The Bonjour functionality in mDNSResponder,
                               iChat 3.1.6, and InstantMessage framework 428
                               in Apple Mac OS X 10.4.8 does not check for
                               duplicate entries when adding newly discovered
                               available contacts, which allows remote
                               attackers to cause a denial of service (disrupted
                               communication) via a flood of duplicate
                               _presence._tcp mDNS queries.
                2.3 Low                                                            AVAIL
CVE-2007-0614                   The Bonjour functionality in mDNSResponder,
                               iChat 3.1.6, and InstantMessage framework 428
                               in Apple Mac OS X 10.4.8 allows remote
                               attackers to cause a denial of service
                               (persistent application crash) via a crafted phsh
                               hash attribute in a TXT key.
                3.3 Low                                                            AVAIL
CVE-2007-0615                   Unspecified vulnerability in Hitachi JP1/HIBUN
                               Advanced Edition Management Server and Log
                               Server before 20070124 allows remote
                               attackers to cause a denial of service
                               (application stop) via unexpected data.
                3.3 Low                                                            AVAIL
CVE-2007-0625                   nxconfigure.sh in NoMachine NX Server before
                               2.1.0-18 does not validate the invoking user,
                               which allows local users to modify server
                               configuration keys in /usr/NX/etc/server.cfg,
                               resulting in an unspecified denial of service.
                2.3 Low                                                            AVAIL
CVE-2007-0634                 Unspecified vulnerability in Sun Solaris 10
                             before 20070130 allows remote attackers to
                             cause a denial of service (system crash) via
                2.3   Low    certain ICMP packets.                              AVAIL
CVE-2007-0644                 Format string vulnerability in Apple Safari 2.0.4
                             (419.3) allows remote user-assisted attackers to
                             cause a denial of service (crash) via format
                             string specifiers in filenames that are not
                             properly handled when calling the (1) NSLog
                             and (2) NSBeginAlertSheet Apple AppKit
                2.7   Low    functions.                                         AVAIL
CVE-2007-0645                 Format string vulnerability in iPhoto 6.0.5
                             allows remote user-assisted attackers to cause
                             a denial of service (crash) via format string
                             specifiers in a filename, which is not properly
                             handled when calling certain Apple AppKit
                5.6   Medium functions.                                         AVAIL
CVE-2007-0646                 Format string vulnerability in iMovie HD 6.0.3
                             allows remote user-assisted attackers to cause
                             a denial of service (crash) via format string
                             specifiers in a filename, which is not properly
                             handled when calling the
                             NSRunCriticalAlertPanel Apple AppKit function.
                2.7   Low                                                       AVAIL
CVE-2007-0647               Format string vulnerability in Help Viewer 3.0.0
                           allows remote user-assisted attackers to cause
                           a denial of service (crash) via format string
                           specifiers in a filename, which is not properly
                           handled when calling the NSBeginAlertSheet
                2.7 Low    Apple AppKit function.                            AVAIL
CVE-2007-0648               Cisco IOS after 12.3(14)T, 12.3(8)YC1,
                           12.3(8)YG, and 12.4, with voice support and
                           without Session Initiated Protocol (SIP)
                           configured, allows remote attackers to cause a
                           denial of service (crash) by sending a crafted
                3.3 Low    packet to port 5060/UDP.                          AVAIL
CVE-2007-0661               Intel Enterprise Southbridge 2 Baseboard
                           Management Controller (BMC), Intel Server
                           Boards 5000XAL, S5000PAL, S5000PSL,
                           S5000XVN, S5000VCL, S5000VSA,
                           SC5400RA, and OEM Firmware for Intel
                           Enterprise Southbridge Baseboard
                           Management Controller before 20070119, when
                           Intelligent Platform Management Interface
                           (IPMI) is enabled, allow remote attackers to
                           connect and issue arbitrary IPMI commands,
                           possibly triggering a denial of service.
                5.6 Medium                                                   AVAIL
CVE-2007-0668               The Loopback Filesystem (LOFS) in Sun
                           Solaris 10 allows local users in a non-global
                           zone to move and rename files in a read-only
                           filesystem, which could lead to a denial of
                2.8 Low    service.                                          AVAIL
CVE-2007-0672               LGSERVER.EXE in BrightStor Mobile Backup
                           4.0 allows remote attackers to cause a denial of
                           service (disk consumption and daemon hang)
                           via a value of 0xFFFFFF7F at a certain point in
                           an authentication negotiation packet, which
                           writes a large amount of data to a .USX file in
                           CA_BABLDdata\Server\data\transfer\.
                3.3 Low                                                      AVAIL
CVE-2007-0673               LGSERVER.EXE in BrightStor ARCserve
                           Backup for Laptops & Desktops r11.1 allows
                           remote attackers to cause a denial of service
                           (daemon crash) via a value of 0xFFFFFFFF at
                           a certain point in an authentication negotiation
                           packet, which results in an out-of-bounds read.
                3.3 Low                                                      AVAIL
CVE-2007-0674               Pictures and Videos on Windows Mobile 5.0
                           and Windows Mobile 2003 and 2003SE for
                           Smartphones and PocketPC allows user-
                           assisted remote attackers to cause a denial of
                           service (device hang) via a malformed JPEG
                2.7 Low    file.                                             AVAIL
CVE-2007-0685              Internet Explorer on Windows Mobile 5.0 and
                          Windows Mobile 2003 and 2003SE for
                          Smartphones and PocketPC allows attackers to
                          cause a denial of service (application crash and
                          device instability) via unspecified vectors,
                          possibly related to a buffer overflow.
                1.9 Low                                                      AVAIL
CVE-2007-0686              The Intel 2200BG 802.11 Wireless Mini-PCI
                          driver 9.0.3.9 (w29n51.sys) allows remote
                          attackers to cause a denial of service (system
                          crash) via crafted disassociation packets, which
                          triggers memory corruption of "internal kernel
                          structures," a different vulnerability than CVE-
                          2006-6651. NOTE: this issue might overlap
                2.7 Low   CVE-2006-3992.                                     AVAIL
CVE-2007-0708              cmdmon.sys in Comodo Firewall Pro (formerly
                          Comodo Personal Firewall) before 2.4.16.174
                          does not validate arguments that originate in
                          user mode for the (1) NtConnectPort and (2)
                          NtCreatePort hooked SSDT functions, which
                          allows local users to cause a denial of service
                          (system crash) and possibly gain privileges via
                 7 High   invalid arguments.                                 AVAIL
CVE-2007-0709              cmdmon.sys in Comodo Firewall Pro (formerly
                          Comodo Personal Firewall) 2.4.16.174 and
                          earlier does not validate arguments that
                          originate in user mode for the (1)
                          NtCreateSection, (2) NtOpenProcess, (3)
                          NtOpenSection, (4) NtOpenThread, and (5)
                          NtSetValueKey hooked SSDT functions, which
                          allows local users to cause a denial of service
                          (system crash) and possibly gain privileges via
                 7 High   invalid arguments.                                 AVAIL
CVE-2007-0720              The CUPS service on multiple platforms allows
                          remote attackers to cause a denial of service
                          (service hang) via a "partially-negotiated" SSL
                          connection, which prevents other requests from
                2.3 Low   being accepted.                                    AVAIL
CVE-2007-0726              The SSH key generation process in OpenSSH
                          in Apple Mac OS X 10.3.9 and 10.4 through
                          10.4.8 allows remote attackers to cause a
                          denial of service by connecting to the server
                          before SSH has finished creating keys, which
                          causes the keys to be regenerated and can
                          break trust relationships that were based on the
                          original keys.
                2.3 Low                                                      AVAIL
CVE-2007-0751              A cleanup script in crontabs in Apple Mac OS X
                          10.3.9 and 10.4.9 might delete filesystems that
                          have been mounted in /tmp, which might allow
                          local users to cause a denial of service, related
                          to the find command.
                1.6 Low                                                          AVAIL
CVE-2007-0756              Chicken of the VNC (cotv) 2.0 allows remote
                          attackers to cause a denial of service
                          (application crash) via a large computer-name
                          size value in a ServerInit packet, which triggers
                          a failed malloc and a resulting NULL
                3.3 Low   dereference.                                           AVAIL
CVE-2007-0771              Unspecified vulnerability in the utrace support
                          for Linux kernel 2.6.18, and other versions,
                          allows local users to cause a denial of service
                2.3 Low                                                          AVAIL
CVE-2007-0772              The Linux kernel 2.6.13 and other versions
                          before 2.6.20.1 allows remote attackers to
                          cause a denial of service (oops) via a crafted
                          NFSACL 2 ACCESS request that triggers a free
                2.3 Low   of an incorrect pointer.                               AVAIL
CVE-2007-0811              Microsoft Internet Explorer 6.0 SP1 on
                          Windows 2000, and 6.0 SP2 on Windows XP,
                          allows remote attackers to cause a denial of
                          service (NULL pointer dereference and
                          application crash) via an HTML document
                          containing a certain JavaScript for loop with an
                          empty loop body, possibly involving
                1.9 Low   getElementById.                                        AVAIL
CVE-2007-0816              The RPC Server service (catirpc.exe) in CA
                          (formerly Computer Associates) BrightStor
                          ARCserve Backup 11.5 SP2 and earlier allows
                          remote attackers to cause a denial of service
                          (service crash) via a crafted TADDR2UADDR
                          that triggers a null pointer dereference in
                          catirpc.dll, possibly related to null credentials or
                2.3 Low   verifier fields.                                       AVAIL
CVE-2007-0825              FlashFXP 3.4.0 build 1145 allows remote
                          servers to cause a denial of service (CPU
                          consumption) via a response to a PWD
                          command that contains a long string with deeply
                          nested directory structure, possibly due to a
                3.3 Low   buffer overflow.                                       AVAIL
CVE-2007-0838              FreeProxy before 3.92 Build 1626 allows
                          malicious users to cause a denial of service
                          (infinite loop) via a HOST: header with a
                          hostname and port number that refers to the
                2.3 Low   server itself.                                         AVAIL
CVE-2007-0842              The 64-bit versions of Microsoft Visual C++ 8.0
                          standard library (MSVCR80.DLL) time
                          functions, including (1) localtime, (2)
                          localtime_s, (3) gmtime, (4) gmtime_s, (5)
                          ctime, (6) ctime_s, (7) wctime, (8) wctime_s,
                          and (9) fstat, trigger an assertion error instead
                          of a NULL pointer or EINVAL when processing
                          a time argument later than Jan 1, 3000, which
                          might allow context-dependent attackers to
                          cause a denial of service (application exit) via
                          large time values. NOTE: it could be argued that
                          this is a design limitation of the functions, and
                          the vulnerability lies with any application that
                          does not validate arguments to these functions.
                          However, this behavior is inconsistent with
                          documentation, which does not list assertions
                          as a possible result of an error condition.

                3.3 Low                                                    AVAIL
CVE-2007-0868              Unspecified vulnerability in the Chat Room
                          functionality in Yahoo! Messenger 8.1.0.239 and
                          earlier allows remote attackers to cause a
                          denial of service via unspecified vectors. NOTE:
                          the provenance of this information is unknown;
                          the details are obtained solely from third party
                2.3 Low   information.                                     AVAIL
CVE-2007-0870              Unspecified vulnerability in Microsoft Word
                          2000 allows remote attackers to cause a denial
                          of service (crash) via unknown vectors, a
                          different vulnerability than CVE-2006-5994,
                          CVE-2006-6456, CVE-2006-6561, and CVE-
                 8 High   2007-0515, a variant of Exploit-MS06-027.        AVAIL
CVE-2007-0877              Unspecified vulnerability in March Networks
                          DVR 3000 and 4000 Digital Video Recorders
                          allows attackers to cause an unspecified denial
                          of service. NOTE: the provenance of this
                          information is unknown; the details are obtained
                2.3 Low   solely from third party information.             AVAIL
CVE-2007-0878              Unspecified vulnerability in Microsoft Internet
                          Explorer on Windows Mobile 5.0 allows remote
                          attackers to cause a denial of service (loss of
                          browser and other device functionality) via a
                          malformed WML page, related to an "overflow
                          state." NOTE: it is possible that this issue is
                          related to CVE-2007-0685.
                3.3 Low                                                    AVAIL
CVE-2007-0887              axigen 1.2.6 through 2.0.0b1 does not properly
                          parse login credentials, which allows remote
                          attackers to cause a denial of service (NULL
                          dereference and application crash) via a base64-
                          encoded "*\x00" sequence on the imap port
                3.3 Low   (143/tcp).                                       AVAIL
CVE-2007-0897              Clam AntiVirus ClamAV before 0.90 does not
                          close open file descriptors under certain
                          conditions, which allows remote attackers to
                          cause a denial of service (file descriptor
                          consumption and failed scans) via CAB
                          archives with a cabinet header record length of
                          zero, which causes a function to return without
                2.3 Low   closing a file descriptor.                          AVAIL
CVE-2007-0907              Buffer underflow in PHP before 5.2.1 allows
                          attackers to cause a denial of service via
                          unspecified vectors involving the
                2.3 Low   sapi_header_op function.                            AVAIL
CVE-2007-0911              Off-by-one error in the str_ireplace function in
                          PHP 5.2.1 might allow context-dependent
                          attackers to cause a denial of service (crash).
                2.3 Low                                                       AVAIL
CVE-2007-0914              Race condition in the TCP subsystem for
                          Solaris 10 allows remote attackers to cause a
                          denial of service (system panic) via unknown
                2.7 Low   vectors.                                            AVAIL
CVE-2007-0916              Unspecified vulnerability in the Address and
                          Routing Parameter Area (ARPA) transport
                          functionality in HP-UX B.11.11 and B.11.23
                          allows local users to cause an unspecified
                2.3 Low   denial of service via unknown vectors.              AVAIL
CVE-2007-0918              The ATOMIC.TCP signature engine in the
                          Intrusion Prevention System (IPS) feature for
                          Cisco IOS 12.4XA, 12.3YA, 12.3T, and other
                          trains allows remote attackers to cause a denial
                          of service (traffic loss) use regular expressions
                          via unspecified manipulations that are not
                          properly handled by the regular expression
                          feature, as demonstrated using the 3123.0
                2.3 Low   (Netbus Pro Traffic) signature.                     AVAIL
CVE-2007-0955              The NTLM_UnPack_Type3 function in
                          MENTLM.dll in MailEnable Professional 2.35
                          and earlier allows remote attackers to cause a
                          denial of service (application crash) via certain
                          base64-encoded data following an
                          AUTHENTICATE NTLM command to the imap
                          port (143/tcp), which results in an out-of-bounds
                3.3 Low   read.                                               AVAIL
CVE-2007-0959              Cisco PIX 500 and ASA 5500 Series Security
                          Appliances 7.2.2, when configured to inspect
                          certain TCP-based protocols, allows remote
                          attackers to cause a denial of service (device
                          reboot) via malformed TCP packets.
                3.3 Low                                                       AVAIL
CVE-2007-0961              Cisco PIX 500 and ASA 5500 Series Security
                          Appliances 6.x before 6.3(5.115), 7.0 before
                          7.0(5.2), and 7.1 before 7.1(2.5), and the
                          FWSM 3.x before 3.1(3.24), when the "inspect
                          sip" option is enabled, allows remote attackers
                          to cause a denial of service (device reboot) via
                3.3 Low   malformed SIP packets.                             AVAIL
CVE-2007-0962              Cisco PIX 500 and ASA 5500 Series Security
                          Appliances 7.0 before 7.0(4.14) and 7.1 before
                          7.1(2.1), and the FWSM 2.x before 2.3(4.12)
                          and 3.x before 3.1(3.24), when "inspect http" is
                          enabled, allows remote attackers to cause a
                          denial of service (device reboot) via malformed
                3.3 Low   HTTP traffic.                                      AVAIL
CVE-2007-0963              Unspecified vulnerability in Cisco Firewall
                          Services Module (FWSM) 3.x before 3.1(3.3),
                          when set to log at the "debug" level, allows
                          remote attackers to cause a denial of service
                          (device reboot) by sending packets that are not
                          of a particular protocol such as TCP or UDP,
                          which triggers the reboot during generation of
                3.3 Low   Syslog message 710006.                             AVAIL
CVE-2007-0964              Cisco FWSM 3.x before 3.1(3.18), when
                          authentication is configured to use "aaa
                          authentication match" or "aaa authentication
                          include", allows remote attackers to cause a
                          denial of service (device reboot) via a
                2.7 Low   malformed HTTPS request.                           AVAIL
CVE-2007-0965              Cisco FWSM 3.x before 3.1(3.2), when
                          authentication is configured to use "aaa
                          authentication match" or "aaa authentication
                          include", allows remote attackers to cause a
                          denial of service (device reboot) via a long
                3.3 Low   HTTP request.                                      AVAIL
CVE-2007-0966              Cisco Firewall Services Module (FWSM) 3.x
                          before 3.1(3.11), when the HTTPS server is
                          enabled, allows remote attackers to cause a
                          denial of service (device reboot) via certain
                3.3 Low   HTTPS traffic.                                     AVAIL
CVE-2007-0967              Cisco Firewall Services Module (FWSM) 3.x
                          before 3.1(3.1) allows remote attackers to
                          cause a denial of service (device reboot) via
                3.3 Low   malformed SNMP requests.                           AVAIL
CVE-2007-0988              The zend_hash_init function in PHP 5 before
                          5.2.1 and PHP 4 before 4.4.5, when running on
                          a 64-bit platform, allows context-dependent
                          attackers to cause a denial of service (infinite
                          loop) by unserializing certain integer
                          expressions, which only cause 32-bit arguments
                          to be used after the check for a negative value,
                          as demonstrated by an "a:2147483649:{"
                1.9 Low   argument.                                          AVAIL
CVE-2007-1005              Heap-based buffer overflow in SW3eng.exe in
                          the eID Engine service in CA (formerly
                          Computer Associates) eTrust Intrusion
                          Detection 3.0.5.57 and earlier allows remote
                          attackers to cause a denial of service
                          (application crash) via a long key length value to
                          the remote administration port (9191/tcp).
                3.3 Low                                                       AVAIL
CVE-2007-1008              Apple iTunes 7.0.2 allows user-assisted remote
                          attackers to cause a denial of service
                          (application crash) via a crafted XML list of radio
                          stations, which results in memory corruption.
                          NOTE: iTunes retrieves the XML document
                          from a static URL, which requires an attacker to
                          perform DNS spoofing or man-in-the-middle
                1.9 Low   attacks for exploitation.                           AVAIL
CVE-2007-1030              Niels Provos libevent 1.2 and 1.2a allows
                          remote attackers to cause a denial of service
                          (infinite loop) via a DNS response containing a
                3.3 Low   label pointer that references its own offset.       AVAIL
CVE-2007-1038              Shemes.com Grabit 1.5.3, and possibly earlier,
                          allows remote attackers to cause a denial of
                          service (application crash) via a .nzb file with a
                          subject field containing ';' (semicolon)
                          characters. NOTE: the provenance of this
                          information is unknown; the details are obtained
                          solely from third party information.
                2.3 Low                                                       AVAIL
CVE-2007-1069              The memory management in VMware
                          Workstation before 5.5.4 allows attackers to
                          cause a denial of service (Windows virtual
                          machine crash) by triggering certain general
                3.3 Low   protection faults (GPF).                            AVAIL
CVE-2007-1075              TurboFTP 5.30 Build 572 allows remote
                          servers to cause a denial of service (CPU
                          consumption) via a response with a large
                3.3 Low   number of newline characters.                       AVAIL
CVE-2007-1079              Stack-based buffer overflow in Rhino Software,
                          Inc. FTP Voyager 14.0.0.3 and earlier allows
                          remote servers to cause a denial of service
                          (crash) via a long response to a CWD
                          command, which triggers the overflow when the
                3.3 Low   user aborts the command.                            AVAIL
CVE-2007-1080              Multiple heap-based buffer overflows in
                          TurboFTP 5.30 Build 572 allow remote servers
                          to cause a denial of service via (1) long
                          filename in a response to a LIST command, and
                          (2) a long response to a CWD command.
                3.3 Low                                                       AVAIL
CVE-2007-1082              FTP Explorer 1.0.1 Build 047, and other
                          versions before 1.0.1.52, allows remote servers
                          to cause a denial of service (CPU consumption)
                          via a long response to a PWD command.
                2.3 Low                                                     AVAIL
CVE-2007-1090              Microsoft Windows Explorer on Windows XP
                          and 2003 allows remote user-assisted attackers
                          to cause a denial of service (crash) via a
                          malformed WMF file, which triggers the crash
                2.7 Low   when the user browses the folder.                 AVAIL
CVE-2007-1094              Microsoft Internet Explorer 7 allows remote
                          attackers to cause a denial of service (NULL
                          dereference and application crash) via
                          JavaScript onUnload handlers that modify the
                2.7 Low   structure of a document.                          AVAIL
CVE-2007-1098              Multiple unspecified vulnerabilities in ScryMUD
                          before 2.1.11 have unknown impact and attack
                          vectors, possibly related to denial of service
                          caused by a search that begins with a .*
                2.3 Low   sequence.                                         AVAIL
CVE-2007-1162              A certain ActiveX control in the Common
                          Controls Replacement Project (CCRP) CCRP
                          BrowseDialog Server (ccrpbds6.dll) allows
                          remote attackers to cause a denial of service
                          (Internet Explorer 7 crash) via a long (1)
                          IsFolderAvailable or (2) RootFolder property
                          value, different vectors than CVE-2007-0371.
                3.3 Low                                                     AVAIL
CVE-2007-1170              SimBin GTR - FIA GT Racing Game 1.5.0.0
                          and earlier, GT Legends 1.1.0.0 and earlier,
                          GTR 2 1.1 and earlier, and RACE - The WTCC
                          Game 1.0 and earlier allow remote attackers to
                          cause a denial of service (client disconnection)
                          via an empty UDP packet to the server port.
                2.3 Low                                                     AVAIL
CVE-2007-1211              Unspecified kernel GDI functions in Microsoft
                          Windows 2000 SP4; XP SP2; and Server 2003
                          Gold, SP1, and SP2 allows user-assisted
                          remote attackers to cause a denial of service
                          (possibly persistent restart) via a crafted
                          Windows Metafile (WMF) image that causes an
                          invalid dereference of an offset in a kernel
                          structure, a related issue to CVE-2005-4560.
                2.7 Low                                                     AVAIL
CVE-2007-1239              Microsoft Excel 2003 does not properly parse
                          .XLS files, which allows remote attackers to
                          cause a denial of service (application crash) via
                          a file with a (1) corrupted XML format or a (2)
                          corrupted XLS format, which triggers a NULL
                          pointer dereference.
                1.9 Low                                                     AVAIL
CVE-2007-1245              IrfanView 3.99 allows remote attackers to
                          cause a denial of service (application crash) via
                2.3 Low   a malformed WMF file.                               AVAIL
CVE-2007-1281              Kaspersky AntiVirus Engine 6.0.1.411 for
                          Windows and 5.5-10 for Linux allows remote
                          attackers to cause a denial of service (CPU
                          consumption) via a crafted UPX compressed
                          file with a negative offset, which triggers an
                3.3 Low   infinite loop during decompression.                 AVAIL
CVE-2007-1285              The Zend Engine in PHP 4.x before 4.4.7, and
                          5.x before 5.2.2, allows remote attackers to
                          cause a denial of service (stack exhaustion and
                          PHP crash) via deeply nested arrays, which
                          trigger deep recursion in the variable
                2.3 Low   destruction routines.                               AVAIL
CVE-2007-1294              A certain ActiveX control in the
                          DivXBrowserPlugin (npdivx32.dll) in DivX Web
                          Player, as distributed with DivX Player 1.3.0,
                          allows remote attackers to cause a denial of
                          service (Internet Explorer 7 crash) via large
                          values to DivxWP.Resize, related to resizing
                3.3 Low   images.                                             AVAIL
CVE-2007-1306              Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16
                          allows remote attackers to cause a denial of
                          service (crash) by sending a Session Initiation
                          Protocol (SIP) packet without a URI and SIP-
                          version header, which results in a NULL pointer
                3.3 Low   dereference.                                        AVAIL
CVE-2007-1308              ecma/kjs_html.cpp in KDE JavaScript (KJS), as
                          used in Konqueror in KDE 3.5.5, allows remote
                          attackers to cause a denial of service (crash) by
                          accessing the content of an iframe with an ftp://
                          URI in the src attribute, probably due to a NULL
                          pointer dereference.
                1.9 Low                                                     AVAIL
CVE-2007-1324              SnapGear 560, 585, 580, 640, 710, and 720
                          appliances before the 3.1.4u5 firmware allow
                          remote attackers to cause a denial of service
                          (complete packet loss) via a packet flood, a
                2.3 Low   different vulnerability than CVE-2006-4613.       AVAIL
CVE-2007-1325              The PMA_ArrayWalkRecursive function in
                          libraries/common.lib.php in phpMyAdmin before
                          2.10.0.2 does not limit recursion on arrays
                          provided by users, which allows context-
                          dependent attackers to cause a denial of
                          service (web server crash) via an array with
                          many dimensions. NOTE: it could be argued
                          that this vulnerability is caused by a problem in
                          PHP (CVE-2006-1549) and the proper fix
                          should be in PHP; if so, then this should not be
                          treated as a vulnerability in phpMyAdmin.
                2.7 Low                                                     AVAIL
CVE-2007-1327              The SILC_SERVER_CMD_FUNC function in
                          apps/silcd/command.c in silc-server 1.0.2
                          allows remote attackers to cause a denial of
                          service (NULL dereference and daemon crash)
                          via a request without a cipher algorithm and an
                3.3 Low   invalid HMAC algorithm.                           AVAIL
CVE-2007-1337              The virtual machine process (VMX) in VMware
                          Workstation before 5.5.4 does not properly read
                          state information when moving from the ACPI
                          sleep state to the run state, which allows
                          attackers to cause a denial of service (virtual
                          machine reboot) via unknown vectors.
                3.3 Low                                                     AVAIL
CVE-2007-1347              Microsoft Windows Explorer on Windows 2000
                          SP4 FR and XP SP2 FR, and possibly other
                          versions and platforms, allows remote attackers
                          to cause a denial of service (memory corruption
                          and crash) via an Office file with crafted
                          document summary information, which causes
                          an error in Ole32.dll.
                2.7 Low                                                     AVAIL
CVE-2007-1349              PerlRun.pm in Apache mod_perl before 1.30,
                          and RegistryCooker.pm in mod_perl 2.x, does
                          not properly escape PATH_INFO before use in
                          a regular expression, which allows remote
                          attackers to cause a denial of service (resource
                          consumption) via a crafted URI.
                3.3 Low                                                     AVAIL
CVE-2007-1357              The atalk_sum_skb function in AppleTalk for
                          Linux kernel 2.6.x before 2.6.21, and possibly
                          2.4.x, allows remote attackers to cause a denial
                          of service (crash) via an AppleTalk frame that is
                          shorter than the specified length, which triggers
                          a BUG_ON call when an attempt is made to
                          perform a checksum.
                3.3 Low                                                     AVAIL
CVE-2007-1362              Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x
                          before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2,
                          allows remote attackers to cause a denial of
                          service via (1) a large cookie path parameter,
                          which triggers memory consumption, or (2) an
                          internal delimiter within cookie path or name
                          values, which could trigger a misinterpretation
                          of cookie data, aka "Path Abuse in Cookies."
                3.3 Low                                                     AVAIL
CVE-2007-1377                 AcroPDF.DLL in Adobe Reader 8.0, when
                             accessed from Mozilla Firefox, Netscape, or
                             Opera, allows remote attackers to cause a
                             denial of service (unspecified resource
                             consumption) via a .pdf URL with an anchor
                             identifier that begins with search= followed by
                             many %n sequences, a different vulnerability
                             than CVE-2006-6027 and CVE-2006-6236.
                2.3 Low                                                        AVAIL
CVE-2007-1388               The do_ipv6_setsockopt function in
                           net/ipv6/ipv6_sockglue.c in Linux kernel before
                           2.6.20, and possibly other versions, allows local
                           users to cause a denial of service (oops) by
                           calling setsockopt with the IPV6_RTHDR option
                           name and possibly a zero option length or
                           invalid option value, which triggers a NULL
                1.1 Low    pointer dereference.                                AVAIL
CVE-2007-1398               The frag3 preprocessor in Snort 2.6.1.1,
                           2.6.1.2, and 2.7.0 beta, when configured for
                           inline use on Linux without the ip_conntrack
                           module loaded, allows remote attackers to
                           cause a denial of service (segmentation fault
                           and application crash) via certain UDP packets
                           produced by send_morefrag_packet and
                2.7 Low    send_overlap_packet.                                AVAIL
CVE-2007-1404               tftpd.exe in ProSysInfo TFTP Server
                           TFTPDWIN 0.4.2 allows remote attackers to
                           cause a denial of service via a long UDP packet
                           that is not properly handled in a recv_from call.
                           NOTE: this issue might be related to CVE-2006-
                5.3 Medium 4948.                                               AVAIL
CVE-2007-1420               MySQL 5.x before 5.0.36 allows local users to
                           cause a denial of service (database crash) by
                           performing information_schema table
                           subselects and using ORDER BY to sort a
                           single-row result, which prevents certain
                           structure elements from being initialized and
                           triggers a NULL dereference in the filesort
                2.3 Low    function.                                           AVAIL
CVE-2007-1426               AstroCam before 2.6.6 allows remote attackers
                           to cause a denial of service (daemon shutdown)
                           via certain requests to the web interface.
                3.3 Low                                                        AVAIL
CVE-2007-1431               Multiple unspecified vulnerabilities in
                           PennMUSH 1.8.3 before 1.8.3p1 and 1.8.2
                           before 1.8.2p3 allow attackers to cause a denial
                           of service (crash) related to the (1) speak and
                3.3 Low    (2) buy functions.                                  AVAIL
CVE-2007-1441              The 4thPass browser on the RIM BlackBerry
                          8100 (Pearl) before 4.2.1 allows remote
                          attackers to cause a denial of service
                          (temporary functionality loss) via a long href
                2.3 Low   attribute in a link in a WML page.                   AVAIL
CVE-2007-1448              The Tape Engine in CA (formerly Computer
                          Associates) BrightStor ARCserve Backup 11.5
                          and earlier allows remote attackers to cause a
                          denial of service (disabled interface) by calling
                1.6 Low   an unspecified RPC function.                         AVAIL
CVE-2007-1476              The SymTDI driver in Symantec Norton
                          Personal Firewall 2006 9.1.1.7 and earlier, and
                          possibly Norton Internet Security 2006 and
                          other Norton products, allows local users to
                          cause a denial of service (system crash) by
                          sending crafted data to the driver's \Device file,
                          which triggers invalid memory access, a
                          different vulnerability than CVE-2006-4855.
                1.3 Low                                                      AVAIL
CVE-2007-1492              winmm.dll in Microsoft Windows XP allows
                          user-assisted remote attackers to cause a
                          denial of service (infinite loop) via a large cch
                          argument value to the mmioRead function, as
                2.7 Low   demonstrated by a crafted WAV file.                AVAIL
CVE-2007-1495              The \Device\SymEvent driver in Symantec
                          Norton Personal Firewall 2006 9.1.1.7, and
                          possibly other products using symevent.sys
                          12.0.0.20, allows local users to cause a denial
                          of service (system crash) via invalid data, as
                          demonstrated by calling DeviceIoControl to
                          send the data, a reintroduction of CVE-2006-
                2.3 Low   4855.                                              AVAIL
CVE-2007-1496              nfnetlink_log in netfilter in the Linux kernel
                          before 2.6.20.3 allows attackers to cause a
                          denial of service (crash) via unspecified vectors
                          involving the (1) nfulnl_recv_config function, (2)
                          using "multiple packets per netlink message",
                          and (3) bridged packets, which trigger a NULL
                3.3 Low   pointer dereference.                               AVAIL
CVE-2007-1530              The LLTD Mapper in Microsoft Windows Vista
                          does not properly gather responses to EMIT
                          packets, which allows remote attackers to
                          cause a denial of service (mapping failure) by
                          omitting an ACK response, which triggers an
                          XML syntax error.
                2.3 Low                                                      AVAIL
CVE-2007-1531              Microsoft Windows XP and Vista overwrites
                          ARP table entries included in gratuitous ARP,
                          which allows remote attackers to cause a denial
                          of service (loss of network access) by sending a
                          gratuitous ARP for the address of the Vista
                2.3 Low   host.                                              AVAIL
CVE-2007-1537              \Device\NdisTapi (NDISTAPI.sys) in Microsoft
                          Windows XP SP2 and 2003 SP1 uses weak
                          permissions, which allows local users to write to
                          the device and cause a denial of service, as
                          demonstrated by using an IRQL to acquire a
                          spinlock on paged memory via the
                3.3 Low   NdisTapiDispatch function.                         AVAIL
CVE-2007-1542              Unspecified vulnerability in the Cisco IP Phone
                          7940 and 7960 running firmware before POS8-6-
                          0 allows remote attackers to cause a denial of
                          service via the Remote-Party-ID sipURI field in
                          a SIP INVITE request. NOTE: the provenance
                          of this information is unknown; the details are
                          obtained solely from third party information.
                2.3 Low                                                      AVAIL
CVE-2007-1545              The AddResource function in
                          server/dia/resource.c in Network Audio System
                          (NAS) before 1.8a SVN 237 allows remote
                          attackers to cause a denial of service (server
                2.3 Low   crash) via a nonexistent client ID.                AVAIL
CVE-2007-1546              Array index error in Network Audio System
                          (NAS) before 1.8a SVN 237 allows remote
                          attackers to cause a denial of service (crash)
                          via (1) large num_action values in the
                          ProcAuSetElements function in
                          server/dia/audispatch.c or (2) a large inputNum
                          parameter to the compileInputs function in
                2.3 Low   server/dia/auutil.c.                               AVAIL
CVE-2007-1547              The ReadRequestFromClient function in
                          server/os/io.c in Network Audio System (NAS)
                          before 1.8a SVN 237 allows remote attackers to
                          cause a denial of service (crash) via multiple
                          simultaneous connections, which triggers a
                3.3 Low   NULL pointer dereference.                          AVAIL
CVE-2007-1560              The clientProcessRequest() function in
                          src/client_side.c in Squid 2.6 before
                          2.6.STABLE12 allows remote attackers to
                          cause a denial of service (daemon crash) via
                          crafted TRACE requests that trigger an
                2.3 Low   assertion error.                                   AVAIL
CVE-2007-1561              The channel driver in Asterisk before 1.2.17
                          and 1.4.x before 1.4.2 allows remote attackers
                          to cause a denial of service (crash) via a SIP
                          INVITE message with an SDP containing one
                          valid and one invalid IP address.
                3.3 Low                                                      AVAIL
CVE-2007-1565              Konqueror 3.5.5 allows remote attackers to
                          cause a denial of service (crash) by using
                          JavaScript to read a child iframe having an ftp://
                3.3 Low   URI.                                               AVAIL
CVE-2007-1580              FTPDMIN 0.96 allows remote attackers to
                          cause a denial of service (daemon crash) via a
                          LIST command for a Windows drive letter, as
                          demonstrated using "//A:". NOTE: this has been
                          reported as a buffer overflow by some sources,
                          but there is not a long argument.
                1.6 Low                                                         AVAIL
CVE-2007-1586              ZynOS 3.40 allows remote attackers to cause a
                          denial of service (link restart) by sending a
                          request for the name \M via the SMB Mail Slot
                3.3 Low   Protocol.                                             AVAIL
CVE-2007-1589              TrueCrypt before 4.3, when set-euid mode is
                          used on Linux, allows local users to cause a
                          denial of service (filesystem unavailability) by
                          dismounting a volume mounted by a different
                1.6 Low   user.                                                 AVAIL
CVE-2007-1590              The Grandstream BudgeTone 200 IP phone,
                          with program 1.1.1.14 and bootloader 1.1.1.5,
                          allows remote attackers to cause a denial of
                          service (device crash) via SIP (1) INVITE, (2)
                          CANCEL, or unspecified other messages with a
                          WWW-Authenticate header containing a crafted
                3.3 Low   Digest domain.                                        AVAIL
CVE-2007-1591              VsapiNT.sys in the Scan Engine 8.0 for Trend
                          Micro AntiVirus 14.10.1041, and other products,
                          allows remote attackers to cause a denial of
                          service (kernel fault and system crash) via a
                          crafted UPX file with a certain field that triggers
                3.3 Low   a divide-by-zero error.                               AVAIL
CVE-2007-1592              net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to
                          2.6.21-rc3 inadvertently copies the
                          ipv6_fl_socklist from a listening TCP socket to
                          child sockets, which allows local users to cause
                          a denial of service (OOPS) or double-free by
                          opening a listening IPv6 socket, attaching a flow
                          label, and connecting to that socket.
                 1 Low                                                    AVAIL
CVE-2007-1593              The administrative service in Symantec Veritas
                          Volume Replicator (VVR) for Windows 3.1
                          through 4.3, and VVR for Unix 3.5 through 5.0,
                          in Symantec Storage Foundation products
                          allows remote attackers to cause a denial of
                          service (memory consumption and service
                          crash) via a crafted packet to the service port
                2.3 Low   (8199/tcp).                                     AVAIL
CVE-2007-1594              The handle_response function in chan_sip.c in
                          Asterisk before 1.2.17 and 1.4.x before 1.4.2
                          allows remote attackers to cause a denial of
                          service (crash) via a SIP Response code 0 in a
                3.3 Low   SIP packet.                                     AVAIL
CVE-2007-1648              0irc 1345 build 20060823 allows remote
                          attackers to cause a denial of service
                          (application crash) by operating an IRC server
                          that sends a long string to a client, which
                3.3 Low   triggers a NULL pointer dereference.                 AVAIL
CVE-2007-1650              pcapsipdump.cpp in pcapsipdump before 0.1.3
                          allows remote attackers to cause a denial of
                          service (application crash) via a malformed SIP
                          packet, which results in a NULL pointer
                3.3 Low   dereference.                                         AVAIL
CVE-2007-1653              GlowWorm FW before 1.5.3b4 allows remote
                          attackers to cause a denial of service (kernel
                          panic) via certain DNS responses that trigger
                          infinite recursion in TrueDNS packet parsing, as
                          originally observed with certain login.yahoo.com
                3.3 Low   responses.                                           AVAIL
CVE-2007-1667              Multiple integer overflows in (1) the XGetPixel
                          function in ImUtil.c in X.Org libx11 before 1.0.3,
                          and (2) XInitImage function in xwd.c for
                          ImageMagick, allow user-assisted remote
                          attackers to cause a denial of service (crash) or
                          obtain sensitive information via crafted images
                          with large or negative values that trigger a
                 8 High   buffer overflow.                                     AVAIL
CVE-2007-1669              Barracuda Spam Firewall 3.4 and later with
                          virusdef before 2.0.6399, and Spam Firewall
                          before 3.4 20070319 with virusdef before
                          2.0.6399o, allows remote attackers to cause a
                          denial of service (infinite loop) via a ZOO
                          archive with a direntry structure that points to a
                3.3 Low   previous file.                                       AVAIL
CVE-2007-1670              Panda Software Antivirus before 20070402
                          allows remote attackers to cause a denial of
                          service (infinite loop) via a ZOO archive with a
                          direntry structure that points to a previous file.
                3.3 Low                                                        AVAIL
CVE-2007-1671              avpack32.dll before 7.3.0.6 in Avira AntiVir
                          allows remote attackers to cause a denial of
                          service (infinite loop) via a ZOO archive with a
                          direntry structure that points to a previous file.
                3.3 Low                                                      AVAIL
CVE-2007-1672              avast! antivirus before 4.7.981 allows remote
                          attackers to cause a denial of service (infinite
                          loop) via a ZOO archive with a direntry structure
                3.3 Low   that points to a previous file.                    AVAIL
CVE-2007-1673              unzoo.c allows remote attackers to cause a
                          denial of service (infinite loop) via a ZOO
                          archive with a direntry structure that points to a
                3.3 Low   previous file.                                     AVAIL
CVE-2007-1693                   The SIP channel module in Yet Another
                               Telephony Engine (Yate) before 1.2.0 sets the
                               caller_info_uri parameter using a incorrect
                               variable that can be NULL, which allows remote
                               attackers to cause a denial of service (NULL
                               dereference and application crash) via a Call-
                               Info header without a purpose parameter.
                3.3 Low                                                         AVAIL
CVE-2007-1728                   The Remote Play feature in Sony Playstation 3
                               (PS3) 1.60 and Playstation Portable (PSP) 3.10
                               OE-A allows remote attackers to cause a denial
                               of service via a flood of UDP packets.
                3.3 Low                                                        AVAIL
CVE-2007-1730                 Integer signedness error in the DCCP support
                             in the do_dccp_getsockopt function in
                             net/dccp/proto.c in Linux kernel 2.6.20 and later
                             allows local users to read kernel memory or
                             cause a denial of service (oops) via a negative
                4.7   Medium optlen value.                                     AVAIL
CVE-2007-1734                 The DCCP support in the do_dccp_getsockopt
                             function in net/dccp/proto.c in Linux kernel
                             2.6.20 and later does not verify the upper
                             bounds of the optlen value, which allows local
                             users running on certain architectures to read
                             kernel memory or cause a denial of service
                             (oops), a related issue to CVE-2007-1730.
                 7    High                                                     AVAIL
CVE-2007-1739                 Heap-based buffer overflow in the LDAP server
                             in IBM Lotus Domino before 6.5.6 and 7.x
                             before 7.0.2 FP1 allows remote attackers to
                             cause a denial of service (crash) via a long,
                             malformed DN request, which causes only the
                             lower 16 bits of the string length to be used in
                3.3   Low    memory allocation.                                AVAIL
CVE-2007-1763                 The ATI kernel driver (atikmdag.sys) in
                             Microsoft Windows Vista allows user-assisted
                             remote attackers to cause a denial of service
                             (crash) via a crafted JPG image, as
                             demonstrated by a slideshow, possibly due to a
                2.7   Low    buffer overflow.                                  AVAIL
CVE-2007-1767                 Unspecified vulnerability in (1) Deskbar.dll and
                             (2) Toolbar.dll in AOL 9.0 before February 2007
                             allows remote attackers to cause a denial of
                             service (browser crash) via unknown vectors.
                3.3   Low                                                      AVAIL
CVE-2007-1772                 The FTP service in HP JetDirect print servers
                             allows remote attackers to cause a denial of
                             service (engine crash) via a RETR command
                2.7   Low    with a long pathname.                             AVAIL
CVE-2007-1804              PulseAudio 0.9.5 allows remote attackers to
                          cause a denial of service (daemon crash) via
                          (1) a PA_PSTREAM_DESCRIPTOR_LENGTH
                          value of FRAME_SIZE_MAX_ALLOW sent on
                          TCP port 9875, which triggers a p->export
                          assertion failure in do_read; (2) a
                          PA_PSTREAM_DESCRIPTOR_LENGTH value
                          of 0 sent on TCP port 9875, which triggers a
                          length assertion failure in pa_memblock_new;
                          or (3) an empty packet on UDP port 9875,
                          which triggers a t assertion failure in
                          pa_sdp_parse; and allows remote authenticated
                          users to cause a denial of service (daemon
                          crash) via a crafted packet on TCP port 9875
                          that (4) triggers a maxlength assertion failure in
                          pa_memblockq_new, (5) triggers a size
                          assertion failure in pa_xmalloc, or (6) plays a
                          certain sound file.

                3.3 Low                                                      AVAIL
CVE-2007-1826              Unspecified vulnerability in the IPSec Manager
                          Service for Cisco Unified CallManager (CUCM)
                          5.0 before 5.0(4a)SU1 and Cisco Unified
                          Presence Server (CUPS) 1.0 before 1.0(3)
                          allows remote attackers to cause a denial of
                          service (loss of cluster services) via a "specific
                          UDP packet" to UDP port 8500, aka bug ID
                3.3 Low   CSCsg60949.                                        AVAIL
CVE-2007-1833              The Skinny Call Control Protocol (SCCP)
                          implementation in Cisco Unified CallManager
                          (CUCM) 3.3 before 3.3(5)SR2a, 4.1 before
                          4.1(3)SR4, 4.2 before 4.2(3)SR1, and 5.0
                          before 5.0(4a)SU1 allows remote attackers to
                          cause a denial of service (loss of voice
                          services) by sending crafted packets to the (1)
                          SCCP (2000/tcp) or (2) SCCPS (2443/tcp) port.
                2.3 Low                                                      AVAIL
CVE-2007-1834              Cisco Unified CallManager (CUCM) 5.0 before
                          5.0(4a)SU1 and Cisco Unified Presence Server
                          (CUPS) 1.0 before 1.0(3) allow remote
                          attackers to cause a denial of service (loss of
                          voice services) via a flood of ICMP echo
                          requests, aka bug ID CSCsf12698.
                3.3 Low                                                      AVAIL
CVE-2007-1841              The isakmp_info_recv function in
                          src/racoon/isakmp_inf.c in racoon in Ipsec-tools
                          before 0.6.7 allows remote attackers to cause a
                          denial of service (tunnel crash) via crafted (1)
                          DELETE (ISAKMP_NPTYPE_D) and (2)
                          NOTIFY (ISAKMP_NPTYPE_N) messages.
                2.3 Low                                                      AVAIL
CVE-2007-1856              Vixie Cron before 4.1-r10 on Gentoo Linux is
                          installed with insecure permissions, which
                          allows local users to cause a denial of service
                          (cron failure) by creating hard links, which
                          results in a failed st_nlink check in database.c.
                1.6 Low                                                         AVAIL
CVE-2007-1861              The nl_fib_lookup function in
                          net/ipv4/fib_frontend.c in Linux Kernel before
                          2.6.20.8 allows attackers to cause a denial of
                          service (kernel panic) via
                          NETLINK_FIB_LOOKUP replies, which trigger
                3.3 Low   infinite recursion and a stack overflow.              AVAIL
CVE-2007-1869              lighttpd 1.4.12 and 1.4.13 allows remote
                          attackers to cause a denial of service (cpu and
                          resource consumption) by disconnecting while
                          lighttpd is parsing CRLF sequences, which
                          triggers an infinite loop and file descriptor
                2.3 Low   consumption.                                          AVAIL
CVE-2007-1870              lighttpd before 1.4.14 allows attackers to cause
                          a denial of service (crash) via a request to a file
                          whose mtime is 0, which results in a NULL
                3.3 Low   pointer dereference.                                  AVAIL
CVE-2007-1877              VMware Workstation before 5.5.4 allows
                          attackers to cause a denial of service against
                          the guest OS by causing the virtual machine
                          process (VMX) to store malformed configuration
                3.3 Low   information.                                          AVAIL
CVE-2007-1911              Multiple unspecified vulnerabilities in Microsoft
                          Word 2007 allow remote attackers to cause a
                          denial of service (CPU consumption) via crafted
                          documents, as demonstrated by (1) file798-
                          1.doc and (2) file613-1.doc, possibly related to a
                          buffer overflow.
                2.7 Low                                                         AVAIL
CVE-2007-1918              The RFC_SET_REG_SERVER_PROPERTY
                          function in the SAP RFC Library 6.40 and 7.00
                          before 20070109 implements an option for
                          exclusive access to an RFC server, which
                          allows remote attackers to cause a denial of
                          service (client lockout) via unspecified vectors.
                          NOTE: This information is based upon a vague
                          initial disclosure. Details will be updated after
                          the grace period has ended.
                2.3 Low                                                         AVAIL
CVE-2007-1944              The Java Message Service (JMS) in IBM
                          WebSphere Application Server (WAS) before
                          6.1.0.7 allows attackers to cause a denial of
                          service via unknown vectors involving the
                          "double release [of] a bytebuffer input stream,"
                2.3 Low   possibly a double-free vulnerability.                 AVAIL
CVE-2007-1958              Buffer overflow in TinyMUX before 2.4 allows
                          attackers to cause a denial of service via
                          unspecified vectors related to "too many
                          substring matches in a regexp $-command."
                          NOTE: some of these details are obtained from
                2.3 Low   third party information.                           AVAIL
CVE-2007-1981              The safevoid_vsnprintf function in Metamod-P
                          1.19p29 and earlier on Windows allows remote
                          attackers to cause a denial of service (daemon
                          crash) via a long meta list command.
                3.3 Low                                                      AVAIL
CVE-2007-1994              Unspecified vulnerability in the Address and
                          Routing Parameter Area (ARPA) transport
                          functionality in HP-UX B.11.00 allows local
                          users to cause a denial of service via unknown
                          vectors. NOTE: due to lack of vendor details, it
                          is not clear whether this is the same as CVE-
                2.3 Low   2007-0916.                                         AVAIL
CVE-2007-1995              bgpd/bgp_attr.c in Quagga 0.98.6 and earlier,
                          and 0.99.6 and earlier 0.99 versions, does not
                          validate length values in the MP_REACH_NLRI
                          and MP_UNREACH_NLRI attributes, which
                          allows remote attackers to cause a denial of
                          service (daemon crash or exit) via crafted
                          UPDATE messages that trigger an assertion
                          error or out of bounds read.
                2.7 Low                                                     AVAIL
CVE-2007-2010              Double-free vulnerability in bftpd before 1.8
                          allows remote authenticated users to cause a
                          denial of service (daemon crash) via a (1) get or
                 2 Low    (2) mget command.                                 AVAIL
CVE-2007-2026              The gnu regular expression code in file 4.20
                          allows context-dependent attackers to cause a
                          denial of service (CPU consumption) via a
                          crafted document with a large number of line
                          feed characters, which is not well handled by
                          OS/2 REXX regular expressions that use
                3.3 Low   wildcards, as originally reported for AMaViS.     AVAIL
CVE-2007-2028              Memory leak in freeRADIUS 1.1.5 and earlier
                          allows remote attackers to cause a denial of
                          service (memory consumption) via a large
                          number of EAP-TTLS tunnel connections using
                          malformed Diameter format attributes, which
                          causes the authentication request to be rejected
                          but does not reclaim VALUE_PAIR data
                          structures.
                2.3 Low                                                     AVAIL
CVE-2007-2029              File descriptor leak in the PDF handler in Clam
                          AntiVirus (ClamAV) allows remote attackers to
                          cause a denial of service via a crafted PDF file.
                3.3 Low                                                     AVAIL
CVE-2007-2037              Cisco Wireless LAN Controller (WLC) before
                          3.2.116.21, and 4.0.x before 4.0.155.0, allows
                          remote attackers on a local network to cause a
                          denial of service (device crash) via malformed
                1.9 Low   Ethernet traffic.                                 AVAIL
CVE-2007-2038              The Network Processing Unit (NPU) in the
                          Cisco Wireless LAN Controller (WLC) before
                          3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x
                          allows remote attackers on a local wireless
                          network to cause a denial of service (loss of
                          packet forwarding) via (1) crafted SNAP
                          packets, (2) malformed 802.11 traffic, or (3)
                          packets with certain header length values, aka
                3.3 Low   Bug ID CSCsg36361.                                AVAIL
CVE-2007-2039              The Network Processing Unit (NPU) in the
                          Cisco Wireless LAN Controller (WLC) before
                          3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x
                          allows remote attackers on a local wireless
                          network to cause a denial of service (loss of
                          packet forwarding) via (1) crafted SNAP
                          packets, (2) malformed 802.11 traffic, or (3)
                          packets with certain header length values, aka
                3.3 Low   Bug IDs CSCsg15901 and CSCsh10841.                AVAIL
CVE-2007-2045              Unspecified vulnerability in the IP
                          implementation in Sun Solaris 8 and 9 allows
                          remote attackers to cause a denial of service
                          (CPU consumption) via crafted IP packets,
                          probably related to fragmented packets with
                2.3 Low   duplicate or missing fragments.                   AVAIL
CVE-2007-2151              The administration server in McAfee e-
                          Business Server before 8.1.1 and 8.5.x before
                          8.5.2 allows remote attackers to cause a denial
                          of service (service crash) via a large length
                          value in a malformed authentication packet,
                          which triggers a heap over-read.
                2.3 Low                                                     AVAIL
CVE-2007-2161              Microsoft Internet Explorer 7 allows remote
                          attackers to cause a denial of service (browser
                          hang) via JavaScript that matches a regular
                          expression against a long string, as
                2.3 Low   demonstrated using /(.)*/.                        AVAIL
CVE-2007-2162              (1) Mozilla Firefox 2.0.0.3 and (2) GNU
                          IceWeasel 2.0.0.3 allow remote attackers to
                          cause a denial of service (browser crash or
                          system hang) via JavaScript that matches a
                          regular expression against a long string, as
                3.3 Low   demonstrated using /(.)*/.                        AVAIL
CVE-2007-2163              Apple Safari allows remote attackers to cause
                          a denial of service (browser crash) via
                          JavaScript that matches a regular expression
                          against a long string, as demonstrated using
                2.3 Low   /(.)*/.                                           AVAIL
CVE-2007-2164              Konqueror 3.5.5 release 45.4 allows remote
                          attackers to cause a denial of service (browser
                          crash or abort) via JavaScript that matches a
                          regular expression against a long string, as
                2.3 Low   demonstrated using /(.)*/.                              AVAIL
CVE-2007-2178              Multiple unspecified vulnerabilities in Objective
                          Development Sharity before 3.3 allow remote
                          attackers to cause a denial of service (daemon
                          crash) via unspecified vectors.
                3.3 Low                                                           AVAIL
CVE-2007-2179              Multiple unspecified vulnerabilities in
                          IXceedCompression in XceddZipLib
                          (RaidenFTPD.dll) in RaidenFTPD 2.4 allow
                          remote attackers to cause a denial of service
                          (crash) via unspecified vectors involving the (1)
                          CalculateCrc, (2) Compress, and (3)
                          Uncompress functions, which result in a NULL
                3.3 Low   pointer dereference.                                    AVAIL
CVE-2007-2180              Buffer overflow in Nullsoft Winamp 5.3 allows
                          user-assisted remote attackers to cause a
                          denial of service (crash) via a crafted WMV file.
                2.7 Low                                                           AVAIL
CVE-2007-2186              Foxit Reader 2.0 allows remote attackers to
                          cause a denial of service (application crash) via
                2.3 Low   a crafted PDF document.                                 AVAIL
CVE-2007-2195              aMSN (aka Alvaro's Messenger) 0.96 and
                          earlier allows remote attackers to cause a
                          denial of service (application crash) by sending
                2.3 Low   invalid data to TCP port 31337.                         AVAIL
CVE-2007-2210              A certain ActiveX control in askPopStp.dll in
                          Netsprint Ask IE Toolbar 1.1 allows remote
                          attackers to cause a denial of service (Internet
                          Explorer crash) via a long AddAllowed property
                          value, related to "improper memory handling,"
                          possibly a buffer overflow.
                3.3 Low                                                           AVAIL
CVE-2007-2213              Unspecified vulnerability in the Initialize function
                          in NetscapeFTPHandler in WS_FTP Home and
                          Professional 2007 allows remote attackers to
                          cause a denial of service (NULL dereference
                          and application crash) via unspecified vectors
                          related to "improper arguments."
                3.3 Low                                                           AVAIL
CVE-2007-2237              Microsoft Windows Graphics Device Interface
                          (GDI+, GdiPlus.dll) allows context-dependent
                          attackers to cause a denial of service (crash)
                          via an ICO file with an InfoHeader containing a
                          Height of zero, which triggers a divide-by-zero
                2.7 Low   error.                                                  AVAIL
CVE-2007-2241              Unspecified vulnerability in query.c in ISC BIND
                          9.4.0, and 9.5.0a1 through 9.5.0a3, when
                          recursion is enabled, allows remote attackers to
                          cause a denial of service (daemon exit) via a
                          sequence of queries processed by the
                2.7 Low   query_addsoa function.                             AVAIL
CVE-2007-2242              The IPv6 protocol allows remote attackers to
                          cause a denial of service via crafted IPv6 type 0
                          route headers (IPV6_RTHDR_TYPE_0) that
                          create network amplification between two
                3.3 Low   routers.                                           AVAIL
CVE-2007-2246              Unspecified vulnerability in HP-UX B.11.00 and
                          B.11.11, when running sendmail 8.9.3 or 8.11.1;
                          and HP-UX B.11.23 when running sendmail
                          8.11.1; allows remote attackers to cause a
                          denial of service via unknown attack vectors.
                          NOTE: due to the lack of details from HP, it is
                          not known whether this issue is a duplicate of
                          another CVE such as CVE-2006-1173 or CVE-
                3.3 Low   2006-4434.                                         AVAIL
CVE-2007-2267              Unspecified vulnerability in Sun Cluster 3.1 and
                          Solaris Cluster 3.2 before 20070424 allows
                          remote authenticated users, operating from a
                          different cluster node, to cause a denial of
                          service (data corruption or send_mondo panic)
                          via unspecified vectors, as demonstrated by
                          EMC Symcli backup software 6.2.1.
                 2 Low                                                       AVAIL
CVE-2007-2270              The Linksys SPA941 VoIP Phone allows
                          remote attackers to cause a denial of service
                          (device reboot) via a 0377 (0xff) character in the
                          From header, and possibly certain other
                3.3 Low   locations, in a SIP INVITE request.                AVAIL
CVE-2007-2274              The BitTorrent implementation in Opera 9.2
                          allows remote attackers to cause a denial of
                          service (CPU consumption and application
                          crash) via a malformed torrent file. NOTE: the
                          original disclosure refers to this to as a memory
                3.3 Low   leak, but it is not certain.                       AVAIL
CVE-2007-2276              ** DISPUTED ** 3Com TippingPoint IPS allows
                          remote attackers to cause a denial of service
                          (device hang) via a flood of packets on TCP
                          port 80 with sequentially increasing source
                          ports, related to a "badly written loop." NOTE:
                          the vendor disputes this issue, stating that the
                          product has "performed as expected with no
                3.3 Low   DoS emerging."                                     AVAIL
CVE-2007-2294              The Manager Interface in Asterisk before
                          1.2.18 and 1.4.x before 1.4.3 allows remote
                          attackers to cause a denial of service (crash) by
                          using MD5 authentication to authenticate a user
                          that does not have a password defined in
                          manager.conf, resulting in a NULL pointer
                3.3 Low   dereference.                                        AVAIL
CVE-2007-2297              The SIP channel driver (chan_sip) in Asterisk
                          before 1.2.18 and 1.4.x before 1.4.3 does not
                          properly parse SIP UDP packets that do not
                          contain a valid response code, which allows
                          remote attackers to cause a denial of service
                3.3 Low   (crash).                                            AVAIL
CVE-2007-2315              MiniShare 1.5.4, and possibly earlier, allows
                          remote attackers to cause a denial of service
                          (application crash) via a flood of requests for
                3.3 Low   new connections.                                    AVAIL
CVE-2007-2322              NMMediaServer.exe in Nero MediaHome
                          2.5.5.0 and CE 1.3.0.4 allows remote attackers
                          to cause a denial of service (NULL dereference
                          and application crash) via a crafted packet that
                          contains two CRLF sequences. NOTE: the
                          provenance of this information is unknown; the
                          details are obtained solely from third party
                3.3 Low   information.                                        AVAIL
CVE-2007-2336              Unspecified vulnerability in InterVations
                          NaviCOPA Web Server 2.01 20070323 allows
                          remote attackers to cause a denial of service
                          (daemon crash) via crafted HTTP requests, as
                          demonstrated by long requests containing '\A'
                          characters, probably a different issue than CVE-
                          2006-5112 and CVE-2007-1733. NOTE: the
                          provenance of this information is unknown; the
                          details are obtained solely from third party
                3.3 Low   information.                                        AVAIL
CVE-2007-2344              The BOOTPD component in Enterasys
                          NetSight Console 2.1 and NetSight Inventory
                          Manager 2.1, and possibly earlier, on Windows
                          allows remote attackers to cause a denial of
                          service (daemon crash) via a UDP packet that
                          contains an invalid "packet type" field.
                3.3 Low                                                      AVAIL
CVE-2007-2367              Buffer overflow in wserve_console.exe in
                          Wserve HTTP Server (whttp) 4.6 allows remote
                          attackers to cause a denial of service (forced
                          application exit) via a long directory name in the
                10 High   URI.                                               AVAIL
CVE-2007-2414              MyServer before 0.8.8 allows remote attackers
                          to cause a denial of service via unspecified
                3.3 Low   vectors.                                           AVAIL
CVE-2007-2415                 Pi3Web Web Server 2.0.3 PL1 allows remote
                             attackers to cause a denial of service
                             (application exit) via a long URI. NOTE: this
                             issue was originally reported as a crash, but the
                             vendor states that the impact is a "clean" exit in
                             which "the server I/O loop finishes and the
                3.3   Low    process exits normally."                           AVAIL
CVE-2007-2437                 The X render (Xrender) extension in X.org X
                             Window System 7.0, 7.1, and 7.2, with Xserver
                             1.3.0 and earlier, allows remote authenticated
                             users to cause a denial of service (daemon
                             crash) via crafted values to the (1)
                             XRenderCompositeTrapezoids and (2)
                             XRenderAddTraps functions, which trigger a
                 2    Low    divide-by-zero error.                              AVAIL
CVE-2007-2439                 Caucho Resin Professional 3.1.0 and Caucho
                             Resin 3.1.0 and earlier for Windows allows
                             remote attackers to cause a denial of service
                             (device hang) and read data from a COM or
                             LPT device via a DOS device name with an
                6.7   Medium arbitrary extension.                               AVAIL
CVE-2007-2445                 The png_handle_tRNS function in pngrutil.c in
                             libpng before 1.0.25 and 1.2.x before 1.2.17
                             allows remote attackers to cause a denial of
                             service (application crash) via a grayscale PNG
                             image with a bad tRNS chunk CRC value.
                2.3   Low                                                       AVAIL
CVE-2007-2455                 Parallels allows local users to cause a denial of
                             service (virtual machine abort) via (1) certain
                             INT instructions, as demonstrated by INT 0xAA;
                             (2) an IRET instruction when an invalid address
                             is at the top of the stack; (3) a malformed
                             MOVNTI instruction, as demonstrated by using
                             a register as a destination; or a write operation
                             to (4) SEGR6 or (5) SEGR7.
                3.3   Low                                                       AVAIL
CVE-2007-2461                 The DHCP relay agent in Cisco Adaptive
                             Security Appliance (ASA) and PIX 7.2 allows
                             remote attackers to cause a denial of service
                             (dropped packets) via a DHCPREQUEST or
                             DHCPINFORM message that causes multiple
                             DHCPACK messages to be sent from DHCP
                             servers to the agent, which consumes the
                             memory allocated for a local buffer. NOTE: this
                             issue only occurs when multiple DHCP servers
                3.3   Low    are used.                                          AVAIL
CVE-2007-2463              Unspecified vulnerability in Cisco Adaptive
                          Security Appliance (ASA) and PIX 7.1 before
                          7.1(2)49 and 7.2 before 7.2(2)17 allows remote
                          attackers to cause a denial of service (device
                          reload) via unknown vectors related to VPN
                          connection termination and password expiry.
                3.3 Low                                                      AVAIL
CVE-2007-2464              Race condition in Cisco Adaptive Security
                          Appliance (ASA) and PIX 7.1 before 7.1(2)49
                          and 7.2 before 7.2(2)19, when using "clientless
                          SSL VPNs," allows remote attackers to cause a
                          denial of service (device reload) via "non-
                2.7 Low   standard SSL sessions."                            AVAIL
CVE-2007-2465              Unspecified vulnerability in Sun Solaris 9, when
                          Solaris Auditing (BSM) is enabled for file read,
                          write, attribute modify, create, or delete audit
                          classes, allows local users to cause a denial of
                          service (panic) via unknown vectors, possibly
                          related to the audit_savepath function.
                1.9 Low                                                      AVAIL
CVE-2007-2466              Unspecified vulnerability in the LDAP Software
                          Development Kit (SDK) for C, as used in Sun
                          Java System Directory Server 5.2 up to Patch 4
                          and Sun ONE Directory Server 5.1, allows
                          remote attackers to cause a denial of service
                          (crash) via certain BER encodings.
                3.3 Low                                                      AVAIL
CVE-2007-2467              ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and
                          possibly earlier versions and other products,
                          allows local users to cause a denial of service
                          (system crash) by sending malformed data to
                          the vsdatant device driver, which causes an
                2.3 Low   invalid memory access.                             AVAIL
CVE-2007-2468              Unspecified vulnerability in HP OpenVMS for
                          Integrity Servers 8.2-1 and 8.3 allows local
                          users to cause a denial of service (crash) via
                2.3 Low   "Program actions relating to exceptions."          AVAIL
CVE-2007-2488              The IAX2 channel driver (chan_iax2) in
                          Asterisk before 20070504 does not properly null
                          terminate data, which allows remote attackers
                          to trigger loss of transmitted data, and possibly
                          obtain sensitive information (memory contents)
                          or cause a denial of service (application crash),
                          by sending a frame that lacks a 0 byte.
                10 High                                                      AVAIL
CVE-2007-2490              Unspecified vulnerability in LiveData Server
                          before 5.00.62 allows remote attackers to cause
                          a denial of service (exit) via crafted Connection-
                          Oriented Transport Protocol (COTP) packets.
                3.3 Low                                                      AVAIL
CVE-2007-2491              The PIIX4 power management subsystem in
                          EMC VMware Workstation 5.5.3.34685 and
                          VMware Server 1.0.1.29996 allows local users
                          to write to arbitrary memory locations via a
                          crafted poke to I/O port 0x1004, triggering a
                          denial of service (virtual machine crash) or
                          other unspecified impact, a related issue to CVE-
                 7 High   2007-1337.                                        AVAIL
CVE-2007-2494              Multiple stack-based buffer overflows in the
                          PowerPointOCX ActiveX control in
                          PowerPointViewer.ocx 3.1.0.3 allow remote
                          attackers to cause a denial of service (Internet
                          Explorer 7 crash) via a long (1)
                          DoOleCommand, (2) FTPDownloadFile, (3)
                          FTPUploadFile, (4) HttpUploadFile, (5) Save,
                          (6) SaveWebFile, (7) HttpDownloadFile, (8)
                          Open, or (9) OpenWebFile property value.
                          NOTE: some of these details are obtained from
                10 High   third party information.                          AVAIL
CVE-2007-2496              The WordOCX ActiveX control in
                          WordViewer.ocx 3.2.0.5 allows remote
                          attackers to cause a denial of service (Internet
                          Explorer 7 crash) via a long (1)
                          DoOleCommand, (2) FTPDownloadFile, (3)
                          FTPUploadFile, (4) HttpUploadFile, (5)
                          GotoPage, (6) Save, (7) SaveWebFile, (8)
                          HttpDownloadFile, (9) Open, (10)
                          OpenWebFile, (11) SaveAs, or (12)
                3.3 Low   ShowWordStandardDialog property value.            AVAIL
CVE-2007-2497              RealNetworks RealPlayer 10 Gold allows
                          remote attackers to cause a denial of service
                          (memory consumption) via a certain .ra file.
                          NOTE: this issue was referred to as a "memory
                          leak," but it is not clear if this is correct.
                3.3 Low                                                     AVAIL
CVE-2007-2502              Unspecified vulnerability in HP ProCurve
                          9300m Series switches with software 08.0.01c
                          through 08.0.01j allows remote attackers to
                          cause a denial of service via unknown vectors,
                          a different switch series than CVE-2006-4015.
                3.3 Low                                                     AVAIL
CVE-2007-2506              WebSpeed 3.x in OpenEdge 10.x in Progress
                          Software Progress 9.1e, and certain other 9.x
                          versions, allows remote attackers to cause a
                          denial of service (infinite loop and daemon
                          hang) via a messenger URL that invokes _edit.r
                          with no additional parameters, as demonstrated
                          by requests for cgiip.exe or wsisa.dll with
                          WService=wsbroker1/_edit.r in the
                          PATH_INFO.
                3.3 Low                                                     AVAIL
CVE-2007-2525              Memory leak in the PPPoE socket
                          implementation in the Linux kernel before
                          2.6.21-git8 allows local users to cause a denial
                          of service (memory consumption) by creating a
                          socket using connect, and releasing it before
                          the PPPIOCGCHAN ioctl is initialized.
                1.6 Low                                                        AVAIL
CVE-2007-2535              WinAce allows remote attackers to cause a
                          denial of service (infinite loop) via a ZOO
                          archive with a direntry structure that points to a
                3.3 Low   previous file.                                       AVAIL
CVE-2007-2536              PicoZip allows remote attackers to cause a
                          denial of service (infinite loop) via a ZOO
                          archive with a direntry structure that points to a
                3.3 Low   previous file.                                       AVAIL
CVE-2007-2565              Cdelia Software ImageProcessing allows user-
                          assisted remote attackers to cause a denial of
                          service (application crash) via a crafted BMP
                2.7 Low   file.                                                AVAIL
CVE-2007-2566              The SaveBarCode function in the Taltech Tal
                          Bar Code ActiveX control allows remote
                          attackers to cause a denial of service (disk
                          consumption) by uploading multiple bar codes,
                2.3 Low   as demonstrated by a WSF package.                    AVAIL
CVE-2007-2583              The in_decimal::set function in
                          item_cmpfunc.cc in MySQL before 5.0.40, and
                          5.1 before 5.1.18-beta, allows context-
                          dependent attackers to cause a denial of
                          service (crash) via a crafted IF clause that
                          results in a divide-by-zero error and a NULL
                1.4 Low   pointer dereference.                                 AVAIL
CVE-2007-2587              The IOS FTP Server in Cisco IOS 11.3 through
                          12.4 allows remote authenticated users to
                          cause a denial of service (IOS reload) via
                          unspecified vectors involving transferring files
                 2 Low    (aka bug ID CSCse29244).                             AVAIL
CVE-2007-2603              Unspecified vulnerability in the Init function in
                          the Audio CD Ripper OCX
                          (AudioCDRipperOCX.ocx) 1.0 ActiveX control
                          allows remote attackers to cause a denial of
                          service (NULL dereference and Internet
                3.3 Low   Explorer crash) via unspecified vectors.             AVAIL
CVE-2007-2604              Unspecified vulnerability in the FlexLabel
                          ActiveX control allows remote attackers to
                          cause a denial of service (unstable behavior)
                          via an improper initialization, as demonstrated
                          by a certain value of the Caption property.
                3.3 Low                                                        AVAIL
CVE-2007-2605              Unspecified vulnerability in the GetPropertyById
                          function in ISoftomateObj in SoftomateLib in
                          BRUJULA4.NET.DLL in the Brujula Toolbar
                          (Brujula.net toolbar) allows attackers to cause a
                          denial of service (NULL dereference and
                          browser crash) via certain arguments.
                2.7 Low                                                          AVAIL
CVE-2007-2623              Multiple buffer overflows in RControl.dll in
                          Remote Display Dev kit 1.2.1.0 allow remote
                          attackers to cause a denial of service (Internet
                          Explorer 7 crash) via (1) a long first argument to
                          the connect function or (2) a long InternalServer
                          property value, possibly involving ntdll.dll.
                3.3 Low                                                          AVAIL
CVE-2007-2635              Unspecified vulnerability in Interchange before
                          5.4.2 allows remote attackers to cause an
                          unspecified denial of service (possibly server
                          hang) via crafted HTTP requests.
                3.3 Low                                                          AVAIL
CVE-2007-2650              The OLE2 parser in Clam AntiVirus (ClamAV)
                          allows remote attackers to cause a denial of
                          service (resource consumption) via an OLE2 file
                          with (1) a large property size or (2) a loop in the
                          FAT file block chain that triggers an infinite loop,
                          as demonstrated via a crafted DOC file.
                2.3 Low                                                          AVAIL
CVE-2007-2656              Stack-based buffer overflow in the Hewlett-
                          Packard (HP) Magview ActiveX control in
                          hpqvwocx.dll 1.0.0.309 allows remote attackers
                          to cause a denial of service (application crash)
                          and possibly have other impact via a long
                          argument to the DeleteProfile method.
                3.3 Low                                                     AVAIL
CVE-2007-2657              Unspecified vulnerability in the PrecisionID
                          Barcode 1.3 ActiveX control in
                          PrecisionID_DataMatrix.DLL allows remote
                          attackers to cause a denial of service via a long
                3.3 Low   argument to the SaveBarCode method.               AVAIL
CVE-2007-2658              Unspecified vulnerability in the ID Automation
                          Linear Barcode 1.6.0.5 ActiveX control in
                          IDAutomationLinear6.dll allows remote
                          attackers to cause a denial of service via a long
                          argument to the SaveEnhWMF method.
                3.3 Low                                                     AVAIL
CVE-2007-2671              Mozilla Firefox 2.0.0.3 allows remote attackers
                          to cause a denial of service (application crash)
                          via a long hostname in an HREF attribute in an
                          A element, which triggers an out-of-bounds
                2.7 Low   memory access.                                    AVAIL
CVE-2007-2697                 The embedded LDAP server in BEA WebLogic
                             Express and WebLogic Server 7.0 through SP6,
                             8.1 through SP5, 9.0, and 9.1, when in certain
                             configurations, does not limit or audit failed
                             authentication attempts, which allows remote
                             attackers to more easily conduct brute-force
                             attacks against the administrator password, or
                             flood the server with login attempts and cause a
                             denial of service.
                5.6 Medium                                                         AVAIL
CVE-2007-2704                 BEA WebLogic Server 9.0 through 9.2 allows
                             remote attackers to cause a denial of service
                             (SSL port unavailability) by accessing a half-
                2.7 Low      closed SSL socket.                                    AVAIL
CVE-2007-2721                 The jpc_qcx_getcompparms function in
                             jpc/jpc_cs.c for the JasPer JPEG-2000 library
                             (libjasper) before 1.900 allows remote user-
                             assisted attackers to cause a denial of service
                             (crash) and possibly corrupt the heap via
                             malformed image files, as originally
                1.9 Low      demonstrated using imagemagick convert.               AVAIL
CVE-2007-2722                 Unspecified vulnerability in NewzCrawler 1.8
                             allows remote attackers to cause a denial of
                             service (application instability) via certain invalid
                             strings in the URL attribute of an ENCLOSURE
                             element, as demonstrated by a "%s" sequence,
                             a "%Y" sequence, a "%%" sequence, and an
                3.3 Low      "n," sequence.                                        AVAIL
CVE-2007-2723                 Media Player Classic 6.4.9.0 allows user-
                             assisted remote attackers to cause a denial of
                             service (web browser crash) via an "empty"
                             .MPA file, which triggers a divide-by-zero error.
                2.7 Low                                                            AVAIL
CVE-2007-2726                 BitsCast 0.13.0 allows remote attackers to
                             cause a denial of service (application crash) via
                             an RSS 2.0 feed item with certain invalid strings
                             in a pubDate element, as demonstrated by
                             repeated "../A" or "A/../" patterns.
                3.3 Low                                                            AVAIL
CVE-2007-2756                 The gdPngReadData function in libgd 2.0.34
                             allows user-assisted attackers to cause a denial
                             of service (CPU consumption) via a crafted
                             PNG image with truncated data, which causes
                             an infinite loop in the png_read_info function in
                1.9 Low      libpng.                                               AVAIL
CVE-2007-2764                 The embedded Linux kernel in certain Sun-
                             Brocade SilkWorm switches before 20070516
                             does not properly handle a situation in which a
                             non-root user creates a kernel process, which
                             allows attackers to cause a denial of service
                             (oops and device reboot) via unspecified
                3.3 Low      vectors.                                              AVAIL
CVE-2007-2765              blockhosts.py in BlockHosts before 2.0.3 does
                          not properly parse daemon log files, which
                          allows remote attackers to add arbitrary deny
                          entries to the /etc/hosts.allow file and cause a
                          denial of service by adding arbitrary IP
                          addresses to a daemon log file, as
                          demonstrated by logging in through ssh using a
                          login name containing certain strings with an IP
                          address, which is not properly handled by a
                          regular expression, a related issue to CVE-2006-
                 2 Low    6301.                                                AVAIL
CVE-2007-2772              (1) caloggerd.exe (camt70.dll) and (2)
                          mediasvr.exe (catirpc.dll and rwxdr.dll) in CA
                          BrightStor Backup 11.5.2.0 SP2 allow remote
                          attackers to cause a denial of service (NULL
                          dereference and application crash) via a crafted
                3.3 Low   RPC packet.                                          AVAIL
CVE-2007-2784              Unspecified vulnerability in globus-job-manager
                          in Globus Toolkit 4.1.1 and earlier
                          (globus_nexus-6.6 and earlier) allows remote
                          attackers to cause a denial of service (resource
                          exhaustion and system crash) via certain
                          requests to temporary TCP ports for a GRAM2
                3.3 Low   job or its MPICH-G2 applications.                    AVAIL
CVE-2007-2786              Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5
                          and earlier allows remote attackers to cause a
                          denial of service (resource exhaustion) by
                2.3 Low   making many requests from a single client.           AVAIL
CVE-2007-2789              The BMP image parser in Sun Java
                          Development Kit (JDK) before 1.5.0_11-b03,
                          and 1.6.x before 1.6.0_01-b06, on Unix/Linux
                          systems, allows remote attackers to trigger the
                          opening of arbitrary local files via a crafted BMP
                          file, which causes a denial of service (system
                          hang) in certain cases such as /dev/tty, and has
                          other unspecified impact.
                2.7 Low                                                  AVAIL
CVE-2007-2796              Arris Cadant C3 CMTS allows remote attackers
                          to cause a denial of service (service
                          termination) via a malformed IP packet with an
                3.3 Low   invalid IP option.                             AVAIL
CVE-2007-2813              Cisco IOS 12.4 and earlier, when using the
                          crypto packages and SSL support is enabled,
                          allows remote attackers to cause a denial of
                          service via a malformed (1) ClientHello, (2)
                          ChangeCipherSpec, or (3) Finished message
                3.3 Low   during an SSL session.                         AVAIL
CVE-2007-2829              The 802.11 network stack in
                          net80211/ieee80211_input.c in MadWifi before
                          0.9.3.1 allows remote attackers to cause a
                          denial of service (system hang) via a crafted
                          length field in nested 802.3 Ethernet frames in
                          Fast Frame packets, which results in a NULL
                2.3 Low   pointer dereference.                                AVAIL
CVE-2007-2830              The ath_beacon_config function in if_ath.c in
                          MadWifi before 0.9.3.1 allows remote attackers
                          to cause a denial of service (system crash) via
                          crafted beacon interval information when
                          scanning for access points, which triggers a
                2.3 Low   divide-by-zero error.                               AVAIL
CVE-2007-2869              The form autocomplete feature in Mozilla
                          Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4,
                          and possibly earlier versions, allows remote
                          attackers to cause a denial of service
                          (persistent temporary CPU consumption) via a
                          large number of characters in a submitted form.
                1.9 Low                                                       AVAIL
CVE-2007-2873              SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before
                          20070611, when running as root in unusual
                          configurations using vpopmail or virtual users,
                          allows local users to cause a denial of service
                          (corrupt arbitrary files) via a symlink attack on a
                          file that is used by spamd.
                1.3 Low                                                       AVAIL
CVE-2007-2876              The sctp_new function in (1)
                          ip_conntrack_proto_sctp.c and (2)
                          nf_conntrack_proto_sctp.c in Netfilter in Linux
                          kernel 2.6 before 2.6.20.13, and 2.6.21.x before
                          2.6.21.4, allows remote attackers to cause a
                          denial of service by causing certain invalid
                          states that trigger a NULL pointer dereference.
                2.3 Low                                                       AVAIL
CVE-2007-2878              The VFAT compat ioctls in the Linux kernel
                          before 2.6.21.2, when run on a 64-bit system,
                          allow local users to corrupt a kernel_dirent
                          struct and cause a denial of service (system
                2.3 Low   crash) via unknown vectors.                         AVAIL
CVE-2007-2882              Unspecified vulnerability in the NFS client
                          module in Sun Solaris 8 through 10 before
                          20070524, when operating as an NFS server,
                          allows remote attackers to cause a denial of
                          service (crash) via certain Access Control List
                2.3 Low   (acl) packets.                                      AVAIL
CVE-2007-2885              The NotSafe function in the
                          MSVDTDatabaseDesigner7 ActiveX control in
                          VDT70.DLL in Microsoft Visual Database Tools
                          (MSVDT) Database Designer 7.0 allows remote
                          attackers to cause a denial of service (Internet
                          Explorer 6 crash) via a long argument.
                1.9 Low                                                        AVAIL
CVE-2007-2886              Unspecified vulnerability in the Nortel CS 1000
                          M media card in Enterprise VoIP-Core-CS
                          1000E, 1000M, and 1000S 04.50W before
                          20070523 in Meridian/CS 1000 allows remote
                          attackers to cause a denial of service (card
                2.3 Low   hang) via unspecified vectors.                       AVAIL
CVE-2007-2894              The emulated floppy disk controller in Bochs
                          2.3 allows local users of the guest operating
                          system to cause a denial of service (virtual
                          machine crash) via unspecified vectors,
                1.6 Low   resulting in a divide-by-zero error.                 AVAIL
CVE-2007-2896              Race condition in the Symantec Enterprise
                          Security Manager (ESM) 6.5.3 managers and
                          agents on Windows before 20070524 allows
                          remote attackers to cause a denial of service
                          (CPU consumption and application hang) via
                          certain network scans to ESM ports.
                1.9 Low                                                        AVAIL
CVE-2007-2903              Buffer overflow in the HelpPopup method in the
                          Microsoft Office 2000 Controllo UA di Microsoft
                          Office ActiveX control (OUACTRL.OCX) 1.0.1.9
                          allows remote attackers to cause a denial of
                          service (probably winhlp32.exe crash) via a long
                          first argument. NOTE: it is not clear whether this
                          issue crosses privilege boundaries.
                2.3 Low                                                       AVAIL
CVE-2007-2906              Java Embedding Plugin 0.9.6.1 allows remote
                          attackers to cause a denial of service (browser
                          crash) via a Thread subclass that calls
                2.3 Low   super.run from its run method.                      AVAIL
CVE-2007-2964              The fsmsh.dll host module in F-Secure Policy
                          Manager Server 7.00 and earlier allows remote
                          attackers to cause a denial of service
                          (application crash) via NTFS reserved words in
                2.3 Low   filenames in URLs.                                  AVAIL
CVE-2007-2972              The file parsing engine in Avira Antivir Antivirus
                          before 7.04.00.24 allows remote attackers to
                          cause a denial of service (application crash) via
                          a crafted UPX compressed file, which triggers a
                          divide-by-zero error.
                3.3 Low                                                       AVAIL
CVE-2007-2973              Avira Antivir Antivirus before 7.03.00.09 allows
                          remote attackers to cause a denial of service
                          (infinite loop and CPU consumption) via a
                3.3 Low   malformed TAR archive.                              AVAIL
CVE-2007-2977              Buffer overflow in the receive function in
                          submit/submitcommon.c in the submit daemon
                          in DOMjudge before 2.0.0RC1 allows remote
                          attackers to cause a denial of service or have
                          other unspecified impact. NOTE: some of these
                          details are obtained from third party information.
                3.3 Low                                                        AVAIL
CVE-2007-2989              The libike library in Sun Solaris 9 before
                          20070529 contains a logic error related to a
                          certain pointer, which allows remote attackers to
                          cause a denial of service (in.iked daemon
                          crash) by sending certain UDP packets with a
                          source port different from 500. NOTE: this issue
                          might overlap CVE-2006-2298.
                3.3 Low                                                        AVAIL
CVE-2007-2990              Unspecified vulnerability in inetd in Sun Solaris
                          10 before 20070529 allows local users to cause
                          a denial of service (daemon termination) via
                          unspecified manipulations of the
                          /var/run/.inetd.uds Unix domain socket file.
                2.3 Low                                                        AVAIL
CVE-2007-2998              The Pascal run-time library (PAS$RTL.EXE)
                          before 20070418 on OpenVMS for Integrity
                          Servers 8.3, and PAS$RTL.EXE before
                          20070419 on OpenVMS Alpha 8.3, does not
                          properly restore PC and PSL values, which
                          allows local users to cause a denial of service
                          (system crash) via certain Pascal code.
                2.3 Low                                                        AVAIL
CVE-2007-3005              Unspecified vulnerability in the Sun Java
                          Runtime Environment in JDK and JRE 6, JDK
                          and JRE 5.0 Update 10 and earlier, SDK and
                          JRE 1.4.2_14 and earlier, and SDK and JRE
                          1.3.1_19 and earlier allows remote attackers to
                          cause a denial of service (JVM hang) via certain
                          untrusted applets or applications.
                1.9 Low                                                        AVAIL
CVE-2007-3009              Format string vulnerability in the
                          MprLogToFile::logEvent function in Mbedthis
                          AppWeb 2.0.5-4, when the build supports
                          logging but the configuration disables logging,
                          allows remote attackers to cause a denial of
                          service (daemon crash) via format string
                          specifiers in the HTTP scheme, as
                          demonstrated by a "GET %n://localhost:80/"
                1.9 Low   request.                                             AVAIL
CVE-2007-3025              Unspecified vulnerability in
                          libclamav/phishcheck.c in ClamAV before
                          0.90.3 and 0.91 before 0.91rc1, when running
                          on Solaris, allows remote attackers to cause a
                          denial of service (hang) via unknown vectors
                          related to the isURL function and regular
                2.3 Low   expressions.                                         AVAIL
CVE-2007-3044              Unspecified vulnerability in the Map I/O Service
                          (xpwmap) in Hitachi XP/W on HI-UX/WE2
                          before 20070319, and XP/W on HP-UX before
                          20070405, allows remote attackers to cause a
                          denial of service via certain data to the service
                2.3 Low   port.                                                AVAIL
CVE-2007-3045              Unspecified vulnerability in Hitachi
                          TP1/NET/OSI-TP-Extended on HI-UX/WE2
                          before 20070213, and on HP-UX before
                          20070314, allows remote attackers to cause a
                2.3 Low   denial of service via certain data to a port.        AVAIL
CVE-2007-3046              Buffer overflow in Advanced Software
                          Production Line Vortex Library before 1.0.3
                          allows remote attackers to cause a denial of
                          service (listener crash) via unspecified vectors
                          related to the select I/O implementation and the
                          file set buffer. NOTE: some of these details are
                          obtained from third party information.
                2.3 Low                                                        AVAIL
CVE-2007-3086              Unrestricted critical resource lock in Agnitum
                          Outpost Firewall PRO 4.0 1007.591.145 and
                          earlier allows local users to cause a denial of
                          service (system hang) by capturing the
                2.3 Low   outpost_ipc_hdr mutex.                               AVAIL
CVE-2007-3098              The SNMPc Server (crserv.exe) process in
                          Castle Rock Computing SNMPc before 7.0.19
                          allows remote attackers to cause a denial of
                          service (crash) via a crafted packet to port
                2.3 Low   165/TCP.                                             AVAIL
CVE-2007-3099              usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-
                          initiator-utils) before 2.0-865 checks the client's
                          UID on the listening AF_LOCAL socket instead
                          of the new connection, which allows remote
                          attackers to access the management interface
                          and cause a denial of service (iscsid exit or
                          iSCSI connection loss).
                3.3 Low                                                        AVAIL
CVE-2007-3100              usr/log.c in iscsid in open-iscsi (iscsi-initiator-
                          utils) before 2.0-865 uses a semaphore with
                          insecure permissions (world-writable/world-
                          readable) for managing log messages using
                          shared memory, which allows local users to
                          cause a denial of service (hang) by grabbing the
                2.3 Low   semaphore.                                           AVAIL
CVE-2007-3112              Cacti 0.8.6i, and possibly other versions, allows
                          remote authenticated users to cause a denial of
                          service (CPU consumption) via a large value of
                          the (1) graph_start or (2) graph_end parameter.
                3.3 Low                                                        AVAIL
CVE-2007-3113              Cacti 0.8.6i, and possibly other versions, allows
                          remote authenticated users to cause a denial of
                          service (CPU consumption) via a large value of
                          the (1) graph_height or (2) graph_width
                 2 Low    parameter.                                         AVAIL
CVE-2007-3114              Memory leak in server/MaraDNS.c in MaraDNS
                          before 1.2.12.05, and 1.3.x before 1.3.03,
                          allows remote attackers to cause a denial of
                          service (memory consumption) via unspecified
                2.3 Low   vectors.                                           AVAIL
CVE-2007-3115              Multiple memory leaks in server/MaraDNS.c in
                          MaraDNS before 1.2.12.06, and 1.3.x before
                          1.3.05, allow remote attackers to cause a denial
                          of service (memory consumption) via
                3.3 Low   unspecified vectors.                               AVAIL
CVE-2007-3116              Memory leak in server/MaraDNS.c in MaraDNS
                          1.2.12.06 and 1.3.05 allows remote attackers to
                          cause a denial of service (memory
                          consumption) via unspecified vectors.
                2.3 Low                                                      AVAIL
CVE-2007-3123              unrar.c in libclamav in ClamAV before 0.90.3
                          and 0.91 before 0.91rc1 allows remote
                          attackers to cause a denial of service (core
                          dump) via a crafted RAR file with a modified
                          vm_codesize value, which triggers a heap-
                2.3 Low   based buffer overflow.                             AVAIL
CVE-2007-3126              Gimp 2.3.14 allows context-dependent
                          attackers to cause a denial of service (crash)
                          via an ICO file with an InfoHeader containing a
                          Height of zero, a similar issue to CVE-2007-
                2.3 Low   2237.                                              AVAIL
CVE-2007-3132              Multiple vulnerabilities in Symantec Ghost
                          Solution Suite 2.0.0 and earlier, with Ghost
                          8.0.992 and possibly other versions, allow
                          remote attackers to cause a denial of service
                          (client or server crash) via malformed requests
                          to the daemon port, 1346/udp or 1347/udp.
                2.3 Low                                                      AVAIL
CVE-2007-3151              rpttop.htm in the web management interface in
                          Packeteer PacketShaper 7.3.0g2 and 7.5.0g1
                          allows remote attackers to cause a denial of
                          service (device reboot) via a request with empty
                          values of the OP.MEAS.DATAQUERY and
                          MEAS.TYPE parameters.
                2.3 Low                                                      AVAIL
CVE-2007-3157                 IPSecDrv.sys 10.4.0.12 in SafeNET High
                             Assurance Remote 1.4.0 Build 12, and
                             SoftRemote, allows remote attackers to cause a
                             denial of service (infinite loop and system hang)
                             via an invalid packet with certain bytes in an
                             option header, possibly related to the IPv6
                2.3   Low    support for IPSec.                                   AVAIL
CVE-2007-3159                 http.c in MiniWeb Http Server 0.8.x allows
                             remote attackers to cause a denial of service
                             (application crash) via a negative value in the
                2.3   Low    Content-Length HTTP header.                          AVAIL
CVE-2007-3162                 Buffer overflow in the NotSafe function in the
                             idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in
                             Internet Download Accelerator (ida) 5.2 allows
                             remote attackers to cause a denial of service
                             (Internet Explorer crash) via a long argument.
                2.3   Low                                                         AVAIL
CVE-2007-3185                 Apple Safari for Windows public beta allows
                             remote attackers to cause a denial of service
                             (crash) via unspecified DHTML manipulations
                             that trigger memory corruption, as
                3.3   Low    demonstrated using Hamachi.                          AVAIL
CVE-2007-0347                 The is_eow function in format.c in CVSTrac
                             before 2.0.1 does not properly check for the "'"
                             (quote) character, which allows remote
                             authenticated users to execute limited SQL
                             injection attacks and cause a denial of service
                             (database error) via a ' character in certain
                1.9   Low    messages, tickets, or Wiki entries.                  AVAIL
CVE-2007-2371                 admin/index.php in Gregory Kokanosky
                             phpMyNewsletter 0.8 beta5 and earlier provides
                             access to configuration modification before
                             login, which allows remote attackers to cause a
                             denial of service (loss of configuration data),
                             and possibly perform direct static code injection,
                             via a saveGlobalconfig action.
                10    High                                                        AVAIL
CVE-2007-0021                 Format string vulnerability in Apple iChat 3.1.6
                             allows remote attackers to cause a denial of
                             service (null pointer dereference and application
                             crash) and possibly execute arbitrary code via
                             format string specifiers in an aim:// URI.
                 7    High                                                        AVAIL
CVE-2007-0148                 Format string vulnerability in OmniGroup
                             OmniWeb 5.5.1 allows remote attackers to
                             cause a denial of service (application crash) or
                             execute arbitrary code via format string
                5.6   Medium specifiers in the Javascript alert function.         AVAIL
CVE-2007-0160             Stack-based buffer overflow in the LiveJournal
                         support (hooks/ljhook.cc) in CenterICQ 4.9.11
                         through 4.21.0, when using unofficial
                         LiveJournal servers, allows remote attackers to
                         cause a denial of service (crash) and possibly
                         execute arbitrary code by adding the victim as a
                         friend and using long (1) username and (2) real
                7 High   name strings.                                      AVAIL
CVE-2007-0235             Stack-based buffer overflow in the
                         glibtop_get_proc_map_s function in libgtop
                         before 2.14.6 (libgtop2) allows local users to
                         cause a denial of service (crash) and possibly
                         execute arbitrary code via a process with a long
                         filename that is mapped in its address space,
                         which triggers the overflow in gnome-system-
                7 High   monitor.                                           AVAIL
CVE-2007-0255             XINE 0.99.4 allows user-assisted remote
                         attackers to cause a denial of service
                         (application crash) and possibly execute
                         arbitrary code via a certain M3U file that
                         contains a long #EXTINF line and contains
                         format string specifiers in an invalid udp:// URI,
                8 High   possibly a variant of CVE-2007-0017.               AVAIL
CVE-2007-0315             Multiple buffer overflows in FileZilla before
                         2.2.30a allow remote attackers to execute
                         arbitrary code or cause a denial of service
                         (application crash) via unspecified vectors
                         related to (1) Options.cpp when sotring settings
                         in the registry, and (2) the transfer queue
                         (QueueCtrl.cpp). NOTE: some of these details
                         are obtained from third party information.
                8 High                                                      AVAIL
CVE-2007-0317             Format string vulnerability in the LogMessage
                         function in FileZilla before 3.0.0-beta5 allows
                         remote attackers to cause a denial of service
                         (application crash) and possibly execute
                         arbitrary code via crafted arguments. NOTE:
                         some of these details are obtained from third
                7 High   party information.                                 AVAIL
CVE-2007-0330             Buffer overflow in wsbho2k0.dll, as used by
                         wsftpurl.exe, in Ipswitch WS_FTP 2007
                         Professional allows remote attackers to cause a
                         denial of service (application crash) and
                         possibly execute arbitrary code via a long ftp://
                         URL in an HTML document, and possibly other
                7 High   vectors.                                           AVAIL
CVE-2007-0344              Multiple format string vulnerabilities in (1)
                          _invitedToRoom: and (2) _invitedToDirectChat:
                          in Colloquy 2.1 and earlier allow remote
                          attackers to cause a denial of service
                          (application crash) and possibly execute
                          arbitrary code via format string specifiers in the
                          channel name of an INVITE request, related to
                          the implementation of AlertSheet and AlertPanel
                          in Apple AppKit.
                 7 High                                                     AVAIL
CVE-2007-0455              Buffer overflow in the gdImageStringFTEx
                          function in gdft.c in GD Graphics Library 2.0.33
                          and earlier allows remote attackers to cause a
                          denial of service (application crash) and
                          possibly execute arbitrary code via a crafted
                3.3 Low   string with a JIS encoded font.                   AVAIL
CVE-2007-0462              The _GetSrcBits32ARGB function in Apple
                          QuickDraw, as used by Quicktime 7.1.3 and
                          other applications on Mac OS X 10.4.8 and
                          earlier, allows remote attackers to cause a
                          denial of service (application crash) and
                          possibly execute arbitrary code via a crafted
                          PICT image with a malformed Alpha RGB
                          (ARGB) record, which triggers memory
                10 High   corruption.                                       AVAIL
CVE-2007-0463              Format string vulnerability in Apple Software
                          Update 2.0.5 on Mac OS X 10.4.8 allows
                          remote attackers to cause a denial of service
                          (application crash) or execute arbitrary code via
                          format string specifiers in (1) SWUTMP or (2)
                          SUCATALOG filenames, or using the (3)
                          application/x-apple.sucatalog+xml MIME type.
                2.3 Low                                                     AVAIL
CVE-2007-0588              The InternalUnpackBits function in Apple
                          QuickDraw, as used by Quicktime 7.1.3 and
                          other applications on Mac OS X 10.4.8 and
                          earlier, allows remote attackers to cause a
                          denial of service (application crash) and
                          possibly execute arbitrary code via a crafted
                          PICT file that triggers memory corruption in the
                          _GetSrcBits32ARGB function. NOTE: this issue
                2.7 Low   might overlap CVE-2007-0462.                      AVAIL
CVE-2007-0643              Stack-based buffer overflow in Bloodshed Dev-
                          C++ 4.9.9.2 allows user-assisted remote
                          attackers to cause a denial of service
                          (application crash) and possibly execute
                1.9 Low   arbitrary code via a long line in a .cpp file.    AVAIL
CVE-2007-0713              Heap-based buffer overflow in Apple
                          QuickTime before 7.1.5 allows remote user-
                          assisted attackers to cause a denial of service
                          (crash) and possibly execute arbitrary code via
                          a crafted QuickTime movie file.
                3.7 Low                                                      AVAIL
CVE-2007-0715              Heap-based buffer overflow in Apple
                          QuickTime before 7.1.5 allows remote user-
                          assisted attackers to cause a denial of service
                          (crash) and possibly execute arbitrary code via
                3.7 Low   a crafted PICT file.                               AVAIL
CVE-2007-0716              Stack-based buffer overflow in Apple
                          QuickTime before 7.1.5 allows remote user-
                          assisted attackers to cause a denial of service
                          (crash) and possibly execute arbitrary code via
                3.7 Low   a crafted QTIF file.                               AVAIL
CVE-2007-0717              Integer overflow in Apple QuickTime before
                          7.1.5 allows remote user-assisted attackers to
                          cause a denial of service (crash) and possibly
                          execute arbitrary code via a crafted QTIF file.
                3.7 Low                                                      AVAIL
CVE-2007-0718              Heap-based buffer overflow in Apple
                          QuickTime before 7.1.5 allows remote user-
                          assisted attackers to cause a denial of service
                          (crash) and possibly execute arbitrary code via
                          a QTIF file with a Video Sample Description
                          containing a Color table ID of 0, which triggers
                          memory corruption when QuickTime assumes
                          that a color table exists.
                3.7 Low                                                    AVAIL
CVE-2007-0766              Stack-based buffer overflow in Remotesoft
                          .NET Explorer 2.0.1 allows user-assisted
                          remote attackers to cause a denial of service
                          (application crash) and possibly execute
                 8 High   arbitrary code via a long line in a .cpp file.   AVAIL
CVE-2007-0777              The JavaScript engine in Mozilla Firefox before
                          1.5.0.10 and 2.x before 2.0.0.2, Thunderbird
                          before 1.5.0.10, and SeaMonkey before 1.0.8
                          allows remote attackers to cause a denial of
                          service (crash) and possibly execute arbitrary
                          code via certain vectors that trigger memory
                 8 High   corruption.                                      AVAIL
CVE-2007-0796              Blue Coat Systems WinProxy 6.1a and 6.0 r1c,
                          and possibly earlier, allows remote attackers to
                          cause a denial of service (daemon crash) or
                          possibly execute arbitrary code via a long HTTP
                          CONNECT request, which triggers heap
                 7 High   corruption.                                      AVAIL
CVE-2007-0884              Buffer overflow in Roaring Penguin
                          MIMEDefang 2.59 and 2.60 allows remote
                          attackers to cause a denial of service
                          (application crash) and possibly execute
                10 High   arbitrary code via unspecified vectors.           AVAIL
CVE-2007-0886              Heap-based buffer underflow in axigen 1.2.6
                          through 2.0.0b1 allows remote attackers to
                          cause a denial of service (application crash)
                          and possibly execute arbitrary code via certain
                          base64-encoded data on the pop3 port
                          (110/tcp), which triggers an integer overflow.
                10 High                                                     AVAIL
CVE-2007-0931              Heap-based buffer overflow in the
                          management interfaces in (1) Aruba Mobility
                          Controllers 200, 800, 2400, and 6000 and (2)
                          Alcatel-Lucent OmniAccess Wireless 43xx and
                          6000 allows remote attackers to cause a denial
                          of service (process crash) and possibly execute
                          arbitrary code via long credential strings.
                 7 High                                                    AVAIL
CVE-2007-0933              Buffer overflow in the wireless driver 6.0.0.18
                          for D-Link DWL-G650+ (Rev. A1) on Windows
                          XP allows remote attackers to cause a denial of
                          service (crash) and possibly execute arbitrary
                          code via a beacon frame with a long TIM
                3.3 Low   Information Element.                             AVAIL
CVE-2007-1014              Stack-based buffer overflow in VicFTPS before
                          5.0 allows remote attackers to cause a denial of
                          service (application crash) and possibly execute
                          arbitrary code via a long CWD command.
                10 High                                                    AVAIL
CVE-2007-1501              Stack-based buffer overflow in Avant Browser
                          11.0 build 26 allows remote attackers to cause
                          a denial of service (crash) and possibly execute
                          arbitrary code via a long Content-Type HTTP
                 8 High   header.                                          AVAIL
CVE-2007-1544              Integer overflow in the ProcAuWriteElement
                          function in server/dia/audispatch.c in Network
                          Audio System (NAS) before 1.8a SVN 237
                          allows remote attackers to cause a denial of
                          service (crash) and possibly execute arbitrary
                          code via a large max_samples value.
                2.3 Low                                                    AVAIL
CVE-2007-1654              Buffer overflow in the
                          Ne7sshSftp::addOpenHandle function in
                          ne7ssh_sftp.cpp in NetSieben SSH Library
                          (ne7ssh) before 1.2.1 allows user-assisted
                          remote SFTP servers to cause a denial of
                          service (crash) or possibly execute arbitrary
                          code via multiple file transfers, related to
                          multiple open file handles in SFTP (1) put and
                 8 High   (2) get operations.                              AVAIL
CVE-2007-1655               Buffer overflow in the fun_ladd function in
                           funmath.cpp in TinyMUX before 20070126
                           might allow remote attackers to cause a denial
                           of service (crash) or possibly execute arbitrary
                           code via unspecified vectors related to lists of
                 10 High   numbers.                                            AVAIL
CVE-2007-2053               Multiple stack-based buffer overflows in
                           AFFLIB before 2.2.6 allow remote attackers to
                           cause a denial of service (crash) or possibly
                           execute arbitrary code via (1) a long
                           LastModified value in an S3 XML response in
                           lib/s3.cpp; (2) a long (a) path or (b) bucket in an
                           S3 URL in lib/vnode_s3.cpp; or (3) a long (c)
                           EFW, (d) AFD, or (c) aimage file path. NOTE:
                           the aimage vector (3c) has since been recalled
                           from the researcher's original advisory, since
                           the code is not called in any version of AFFLIB.
                 10 High                                                       AVAIL
CVE-2007-2362               Multiple buffer overflows in MyDNS 1.1.0 allow
                           remote attackers to (1) cause a denial of
                           service (daemon crash) and possibly execute
                           arbitrary code via a certain update, which
                           triggers a heap-based buffer overflow in
                           update.c; and (2) cause a denial of service
                           (daemon crash) via unspecified vectors that
                           trigger an off-by-one stack-based buffer
                  6 Medium overflow in update.c.                               AVAIL
CVE-2007-2459               Buffer overflow in the read_4bit_bmp function
                           in bmp.c in Imager 0.56 and earlier allows
                           remote attackers to cause a denial of service
                           (application crash) and possibly execute
                           arbitrary code via 4-bit/pixel BMP files. NOTE:
                           the provenance of this information is unknown;
                           the details are obtained solely from third party
                3.3 Low    information.                                        AVAIL
CVE-2007-2602               Buffer overflow in MIBEXTRA.EXE in Ipswitch
                           WhatsUp Gold 11 allows attackers to cause a
                           denial of service (application crash) or execute
                           arbitrary code via a long MIB filename
                           argument. NOTE: If there is not a common
                           scenario under which MIBEXTRA.EXE is called
                           with attacker-controlled command line
                           arguments, then perhaps this issue should not
                           be included in CVE.
                3.3 Low                                                        AVAIL
CVE-2007-2645               Integer overflow in the
                           exif_data_load_data_entry function in exif-
                           data.c in libexif before 0.6.14 allows user-
                           assisted remote attackers to cause a denial of
                           service (crash) or possibly execute arbitrary
                           code via crafted EXIF data, involving the (1) doff
                  8 High   or (2) s variable.                                  AVAIL
CVE-2007-2741              Stack-based buffer overflow in Little CMS
                          (lmcs) before 1.15 allows remote attackers to
                          execute arbitrary code or cause a denial of
                          service (application crash) via a crafted ICC
                10 High   profile in a JPG file.                            AVAIL
CVE-2007-2831              Array index error in the (1)
                          ieee80211_ioctl_getwmmparams and (2)
                          ieee80211_ioctl_setwmmparams functions in
                          net80211/ieee80211_wireless.c in MadWifi
                          before 0.9.3.1 allow local users to cause a
                          denial of service (system crash), possibly obtain
                          kernel memory contents, and possibly execute
                          arbitrary code via a large negative array index
                10 High   value.                                            AVAIL
CVE-2007-2919              Multiple stack-based buffer overflows in the
                          FViewerLoading ActiveX control
                          (FlipViewerX.dll) in E-Book Systems FlipViewer
                          before 4.1 allow remote attackers to cause a
                          denial of service (crash) or execute arbitrary
                          code via long (1) UID, (2) Opf, (3) PAGENO, (4)
                          LaunchMode, (5) SubID, (6) BookID, (7)
                          LibraryID, (8) SubURL, and (9) LoadOpf
                 8 High   properties.                                       AVAIL
CVE-2007-2946              Buffer overflow in a certain ActiveX control in
                          LeadTools Raster Dialog File_D Object
                          (LTRDFD14e.DLL) 14.5.0.44 allows remote
                          attackers to cause a denial of service (Internet
                          Explorer 7 crash) or execute arbitrary code via a
                          long DestinationPath property value.
                10 High                                                     AVAIL
CVE-2007-3169              Buffer overflow in a certain ActiveX control in
                          the EDraw Office Viewer Component
                          (edrawofficeviewer.ocx) 4.0.5.20 allows remote
                          attackers to cause a denial of service (Internet
                          Explorer 7 crash) or execute arbitrary code via a
                          long first argument to the HttpDownloadFile
                1.9 Low   method.                                           AVAIL
CVE-2007-0003              pam_unix.so in Linux-PAM 0.99.7.0 allows
                          context-dependent attackers to log into
                          accounts whose password hash, as stored in
                          /etc/passwd or /etc/shadow, has only two
                 7 High   characters.                                       AVAIL
CVE-2007-0007              gnucash 2.0.4 and earlier allows local users to
                          overwrite arbitrary files via a symlink attack on
                          the (1) gnucash.trace, (2) qof.trace, and (3)
                          qof.trace.[PID] temporary files.
                3.3 Low                                                     AVAIL
CVE-2007-0022              Untrusted search path vulnerability in
                          writeconfig in Apple Mac OS X 10.4.8 allows
                          local users to gain privileges via a modified
                          PATH that points to a malicious launchctl
                 7 High   program.                                          AVAIL
CVE-2007-0023                 The CFUserNotificationSendRequest function
                             in UserNotificationCenter.app in Apple Mac OS
                             X 10.4.8, when used in combination with
                             diskutil, allows local users to gain privileges via
                             a malicious InputManager in
                             Library/InputManagers in a user's home
                             directory, which is executed when Cocoa
                             applications attempt to notify the user.
                5.6 Medium                                                      AVAIL
CVE-2007-0049               Geckovich TaskTracker Pro 1.5 and earlier
                           allows remote attackers to add administrative or
                           other accounts via an Add action with a
                           modified GroupID in a direct request to
                  7 High   Customize.asp.                                       AVAIL
CVE-2007-0057               Cisco Clean Access (CCA) 3.6.x through
                           3.6.4.2 and 4.0.x through 4.0.3.2 does not
                           properly configure or allow modification of a
                           shared secret authentication key, which causes
                           all devices to have the same shared sercet and
                           allows remote attackers to gain unauthorized
                 10 High   access.                                              AVAIL
CVE-2007-0081               Sunbelt Kerio Personal Firewall (SKPF) 4.3.268
                           and 4.3.246, and possibly other versions allows
                           local users to provide a Trojan horse iphlpapi.dll
                           to SKPF by placing it in the installation directory.
                4.2 Medium                                                      AVAIL
CVE-2007-0084               ** DISPUTED ** Buffer overflow in the
                           Windows NT Message Compiler (MC)
                           1.00.5239 on Microsoft Windows XP allows
                           local users to gain privileges via a long MC-
                           filename. NOTE: this issue has been disputed
                           by a reliable third party who states that the
                           compiler is not a privileged program, so
                3.4 Low    privilege boundaries cannot be crossed.              AVAIL
CVE-2007-0085               Unspecified vulnerability in
                           sys/dev/pci/vga_pci.c in the VGA graphics driver
                           for wscons in OpenBSD 3.9 and 4.0, when the
                           kernel is compiled with the PCIAGP option and
                           a non-AGP device is being used, allows local
                           users to gain privileges via unspecified vectors,
                           possibly related to agp_ioctl NULL pointer
                3.4 Low    reference.                                           AVAIL
CVE-2007-0089               jgbbs stores sensitive information under the
                           web root with insufficient access control, which
                           allows remote attackers to download a
                           database containing passwords via a direct
                  7 High   request for db/bbs.mdb.                              AVAIL
CVE-2007-0090               WineGlass stores sensitive information under
                           the web root with insufficient access control,
                           which allows remote attackers to download a
                           database containing passwords via a direct
                  7 High   request for db/data.mdb.                             AVAIL
CVE-2007-0091                 newsCMSlite stores sensitive information under
                             the web root with insufficient access control,
                             which allows remote attackers to download a
                             database containing passwords via a direct
                 7 High      request for newsCMS.mdb.                               AVAIL
CVE-2007-0094                 Sven Moderow GuestBook 0.3a stores
                             sensitive information under the web root with
                             insufficient access control, which allows remote
                             attackers to download a database containing
                             passwords via a direct request for (1)
                 7 High      gbook97.mdb or (2) gbook.mdb in ~db/.                  AVAIL
CVE-2007-0096                 CarbonCommunities stores sensitive
                             information under the web root with insufficient
                             access control, which allows remote attackers
                             to download a database containing passwords
                             via a direct request for
                 7 High      DataBase/Carbon2.4d.mdb.                               AVAIL
CVE-2007-0100                 The Perforce client does not restrict the set of
                             files that it overwrites upon receiving a request
                             from the server, which allows remote attackers
                             to overwrite arbitrary files by modifying the client
                             config file on the server, or by operating a
                10 High      malicious server.                                      AVAIL
CVE-2007-0101                 Cross-site request forgery (CSRF) vulnerability
                             in SPINE allows remote attackers to perform
                             unauthorized actions as administrators via
                             unspecified vectors. NOTE: some of these
                             details are obtained from third party information.
                5.6 Medium                                                     AVAIL
CVE-2007-0108                 nwgina.dll in Novell Client 4.91 SP3 for
                             Windows 2000/XP/2003 does not delete user
                             profiles during a Terminal Service or Citrix
                             session, which allows remote authenticated
                3.4 Low      users to invoke alternate user profiles.          AVAIL
CVE-2007-0116                 Digger Solutions Intranet Open Source (IOS)
                             stores sensitive information under the web root
                             with insufficient access control, which allows
                             remote attackers to download a database
                             containing passwords via a direct request for
                 7 High      data/intranet.mdb.                                AVAIL
CVE-2007-0117                 DiskManagementTool in the
                             DiskManagement.framework 92.29 on Mac OS
                             X 10.4.8 does not properly validate Bill of
                             Materials (BOM) files, which allows attackers to
                             gain privileges via a BOM file under
                             /Library/Receipts/, which triggers arbitrary file
                             permission changes upon execution of a diskutil
                             permission repair operation.
                10 High                                                        AVAIL
CVE-2007-0131             JAMWiki before 0.5.0 does not properly check
                         permissions during moves of "read-only or
                         admin-only topics," which allows remote
                         attackers to make unauthorized changes to the
                7 High   wiki.                                             AVAIL
CVE-2007-0139             Unspecified vulnerability in the DECnet-Plus
                         7.3-2 feature in DECnet/OSI 7.3-2 for
                         OpenVMS ALPHA, and the DECnet-Plus 7.3
                         feature in DECnet/OSI 7.3 for OpenVMS VAX,
                         allows attackers to obtain "unintended privileged
                         access to data and system resources" via
                         unspecified vectors, related to (1)
                         [SYSEXE]CTF$UI.EXE, (2)
                         [SYSMSG]CTF$MESSAGES.EXE, (3)
                         [SYSHLP]CTF$HELP.HLB, and (4)
                7 High   [SYSMGR]CTF$STARTUP.COM.                          AVAIL
CVE-2007-0149             EMembersPro 1.0 stores sensitive information
                         under the web root with insufficient access
                         control, which allows remote attackers to
                         download a database containing passwords via
                         a direct request for users.mdb.
                7 High                                                     AVAIL
CVE-2007-0151             MitiSoft stores sensitive information under the
                         web root with insufficient access control, which
                         allows remote attackers to download a
                         database containing passwords via a direct
                7 High   request for access_MS/MitiSoft.mdb.               AVAIL
CVE-2007-0152             OhhASP stores sensitive information under the
                         web root with insufficient access control, which
                         allows remote attackers to download a
                         database containing passwords via a direct
                7 High   request for db/OhhASP.mdb.                        AVAIL
CVE-2007-0153             AJLogin 3.5 stores sensitive information under
                         the web root with insufficient access control,
                         which allows remote attackers to download a
                         database containing passwords via a direct
                7 High   request for ajlogin.mdb.                          AVAIL
CVE-2007-0154             Webulas stores sensitive information under the
                         web root with insufficient access control, which
                         allows remote attackers to download a
                         database containing passwords via a direct
                7 High   request for db/db.mdb.                            AVAIL
CVE-2007-0155             HarikaOnline 2.0 stores sensitive information
                         under the web root with insufficient access
                         control, which allows remote attackers to
                         download a database containing passwords via
                         a direct request for harikaonline.mdb.
                7 High                                                     AVAIL
CVE-2007-0156             M-Core stores the database under the web
                         document root, which allows remote attackers
                         to obtain sensitive information via a direct
                7 High   request to db/uyelik.mdb.                         AVAIL
CVE-2007-0159               Directory traversal vulnerability in the
                           GeoIP_update_database_general function in
                           libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows
                           remote malicious update servers (possibly only
                           update.maxmind.com) to overwrite arbitrary
                           files via a .. (dot dot) in the database filename,
                           which is returned by a request to
                4.7 Medium app/update_getfilename.                            AVAIL
CVE-2007-0162               Unsanity Application Enhancer (APE) 2.0.2
                           installs with insecure permissions for the (1)
                           ApplicationEnhancer binary and the (2)
                           /Library/Frameworks/ApplicationEnhancer.fram
                           ework directory, which allows local users to gain
                           privileges by modifying or replacing the binary or
                4.2 Medium library files.                                     AVAIL
CVE-2007-0166               The jail rc.d script in FreeBSD 5.3 up to 6.2
                           does not verify pathnames when writing to
                           /var/log/console.log during a jail start-up, or
                           when file systems are mounted or unmounted,
                           which allows local root users to overwrite
                           arbitrary files, or mount/unmount files, outside
                3.4 Low    of the jail via a symlink attack.                  AVAIL
CVE-2007-0184               Getahead Direct Web Remoting (DWR) before
                           1.1.4 allows attackers to obtain unauthorized
                           access to public methods via a crafted request
                           that bypasses the include/exclude checks.
                  7 High                                                      AVAIL
CVE-2007-0187               F5 FirePass 5.4 through 5.5.2 and 6.0 allows
                           remote attackers to access restricted URLs via
                           (1) a trailing null byte, (2) multiple leading
                           slashes, (3) Unicode encoding, (4) URL-
                           encoded directory traversal or same-directory
                           characters, or (5) upper case letters in the
                  7 High   domain name.                                       AVAIL
CVE-2007-0188               F5 FirePass 5.4 through 5.5.1 does not
                           properly enforce host access restrictions when
                           a client uses a single integer (dword)
                           representation of an IP address ("dotless IP
                           address"), which allows remote authenticated
                           users to connect to the FirePass administrator
                           console and certain other network resources.
                4.2 Medium                                                    AVAIL
CVE-2007-0192               Cross-site request forgery (CSRF) vulnerability
                           in the save_main operation in the ad_perms
                           section in admin.php in MKPortal allows remote
                           attackers to modify privilege settings, as
                           demonstrated using a getURL of admin.php
                           within a .swf file contained in an IFRAME
                           element, aka the "All Guests are Admin" attack.
                  7 High                                                      AVAIL
CVE-2007-0193                 FON La Fonera routers do not properly limit
                             DNS service access by unauthenticated clients,
                             which allows remote attackers to tunnel traffic
                             via DNS requests for hosts that should not be
                             accessible before authentication.
                 7 High                                                        AVAIL
CVE-2007-0210               The Window Image Acquisition (WIA) Service
                           in Microsoft Windows XP SP2 allows local
                           users to gain privileges via unspecified vectors
                           involving an "unchecked buffer," probably a
                  7 High   buffer overflow.                                    AVAIL
CVE-2007-0211               The hardware detection functionality in the
                           Windows Shell in Microsoft Windows XP SP2
                           and Professional, and Server 2003 SP1 allows
                           local users to gain privileges via an unvalidated
                           parameter to a function related to the "detection
                           and registration of new hardware."
                  7 High                                                       AVAIL
CVE-2007-0237               The ndeb-binary feature in Lookup (lookup-el)
                           allows local users to overwrite arbitrary files via
                4.9 Medium a symlink attack on temporary files.                AVAIL
CVE-2007-0251               Integer underflow in the DecodeGRE function
                           in src/decode.c in Snort 2.6.1.2 allows remote
                           attackers to trigger dereferencing of certain
                           memory locations via crafted GRE packets,
                           which may cause corruption of log files or
                           writing of sensitive information into log files.
                3.3 Low                                                        AVAIL
CVE-2007-0252               Unspecified vulnerability in easy-content
                           filemanager allows remote attackers to upload
                           or modify arbitrary files via unspecified vectors.
                  7 High                                                       AVAIL
CVE-2007-0257               ** DISPUTED ** Unspecified vulnerability in the
                           expand_stack function in grsecurity PaX allows
                           local users to gain privileges via unspecified
                           vectors. NOTE: the grsecurity developer has
                           disputed this issue, stating that "the function
                           they claim the vulnerability to be in is a trivial
                           function, which can, and has been, easily
                           checked for any supposed vulnerabilities." The
                           developer also cites a past disclosure that was
                           not proven. As of 20070120, the original
                           researcher has released demonstration code.
                  7 High                                                       AVAIL
CVE-2007-0261               snews.php in sNews 1.5.30 and earlier does
                           not properly exit when authentication fails,
                           which allows remote attackers to perform
                           unauthorized administrative actions, as
                           demonstrated by changing an administrative
                           password via the changeup task, and by
                           uploading PHP code via the imagefile
                 10 High   parameter.                                          AVAIL
CVE-2007-0271               Unspecified vulnerability in Oracle Database
                           9.0.1.5 and 9.2.0.7 has unknown impact and
                           attack vectors related to the Log Miner
                           component and sys.dbms_log_mnr privileges,
                           aka DB04. NOTE: Oracle has not disputed a
                           reliable researcher claim that this is a buffer
                           overflow in the ADD_LOGFILE procedure for
                           the SYS.DBMS_LOGMNR package that allows
                2.8 Low    code execution.                                   AVAIL
CVE-2007-0272               Unspecified vulnerability in Oracle Database
                           8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has
                           unknown impact and attack vectors related to
                           the Oracle Spatial component and mdsys.md
                           privileges, aka DB05. NOTE: Oracle has not
                           disputed a reliable researcher report that claims
                           this is for multiple buffer overflows and other
                           issues in unspecified public procedures.
                  4 Medium                                                   AVAIL
CVE-2007-0274               Multiple unspecified vulnerabilities in Oracle
                           Database 9.2.0.7 and 10.1.0.5 have unknown
                           impact and attack vectors related to (1) Export
                           and sys.dbms_logrep_util (DB08), and (2)
                           Oracle Streams and
                           sys.dbms_capture_adm_internal privileges
                           (DB09). NOTE: Oracle has not disputed reliable
                           researcher claims that DB08 is for a buffer
                           overflow in the GET_OBJECT_NAME
                           procedure in the DBMS_LOGREP_UTIL
                           package, and DB09 is for buffer overflows in the
                           CREATE_CAPTURE, ALTER_CAPTURE, and
                           ABORT_TABLE_INSTANTIATION procedures
                           in SYS.DBMS_CAPTURE_ADM_INTERNAL.

                1.4 Low                                                        AVAIL
CVE-2007-0280                 Unspecified vulnerability in Oracle HTTP
                             Server 9.0.1.5, Application Server 9.0.4.3,
                             10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and
                             Collaboration Suite 9.0.4.2 and 10.1.2; has
                             unknown impact and attack vectors related to
                             the Oracle Process Mgmt & Notification
                             component, aka OPMN01. NOTE: as of
                             20070123, Oracle has not disputed claims by a
                             reliable researcher that OPMN01 is for a buffer
                             overflow in Oracle Notification Service (ONS).
                4.7 Medium                                                     AVAIL
CVE-2007-0313              Unspecified vulnerability in GONICUS System
                          Administration (GOsa) before 2.5.8 allows
                          remote authenticated users to modify certain
                          settings, including the admin password, via
                 6 Medium crafted POST requests.                               AVAIL
CVE-2007-0332               (1) admin/adminlien.php3 and (2)
                           admin/modif.php3 in liens_dynamiques 2.1 do
                           not require authentication, which allows remote
                           attackers to perform unauthorized
                  7 High   administrative actions using a direct request.      AVAIL
CVE-2007-0333               Agnitum Outpost Firewall PRO 4.0 allows local
                           users to bypass access restrictions and insert
                           Trojan horse drivers into the product's
                           installation directory by creating links using
                           FileLinkInformation requests with the
                           ZwSetInformationFile function, as demonstrated
                  7 High   by modifying SandBox.sys.                           AVAIL
CVE-2007-0334               Unspecified vulnerability in the SIP module in
                           InGate Firewall and SIParator before 4.5.1
                           allows remote attackers to conduct replay
                           attacks on the authentication mechanism via
                  7 High   unknown vectors.                                    AVAIL
CVE-2007-0336               Undercover.app/Contents/Resources/uc in
                           Rixstep Undercover allows local users to
                           overwrite arbitrary files, probably related to a
                3.9 Low    race condition.                                     AVAIL
CVE-2007-0345               The (1) Activity
                           Monitor.app/Contents/Resources/pmTool, (2)
                           Keychain
                           Access.app/Contents/Resources/kcproxy, and
                           (3) ODBC
                           Administrator.app/Contents/Resources/iodbcad
                           mintool programs in /Applications/Utilities/ in
                           Mac OS X 10.4.8 have weak permissions
                           (writable by admin group), which allows local
                           admin users to gain root privileges by modifying
                           a program and then performing permissions
                4.2 Medium repair via diskutil.                                AVAIL
CVE-2007-0351               Microsoft Windows XP and Windows Server
                           2003 do not properly handle user logoff, which
                           might allow local users to gain the privileges of
                           a previous system user, possibly related to user
                           profile unload failure. NOTE: it is not clear
                           whether this is an issue in Windows itself, or an
                           interaction with another product. The issue
                           might involve ZoneAlarm not being able to
                           terminate processes when it cannot prompt the
                5.6 Medium user.                                               AVAIL
CVE-2007-0366               Untrusted search path vulnerability in Rumpus
                           5.1 and earlier allows local users to gain
                           privileges via a modified PATH that points to a
                4.9 Medium malicious ipfw program.                             AVAIL
CVE-2007-0367                 Rumpus 5.1 and earlier has weak permissions
                             for certain files and directories under
                             /usr/local/Rumpus, including the configuration
                             file, which allows local users to have an
                             unknown impact by creating, modifying, or
                4.9   Medium deleting files.                                      AVAIL
CVE-2007-0392                 IBM AIX 5.3 does not properly verify the status
                             of file descriptors before setuid execution, which
                             allows local users to gain privileges by closing
                             file descriptor 0, 1, or 2 and then invoking a
                             setuid program, a variant of CVE-2002-0572.
                4.9   Medium                                                      AVAIL
CVE-2007-0393                 Sun Solaris 9 does not properly verify the
                             status of file descriptors before setuid
                             execution, which allows local users to gain
                             privileges by closing file descriptor 0, 1, or 2 and
                             then invoking a setuid program, a variant of
                4.9   Medium CVE-2002-0572.                                       AVAIL
CVE-2007-0394                 HP HP-UX B11.11 does not properly verify the
                             status of file descriptors before setuid
                             execution, which allows local users to gain
                             privileges by closing file descriptor 0, 1, or 2 and
                             then invoking a setuid program, a variant of
                4.9   Medium CVE-2002-0572.                                       AVAIL
CVE-2007-0405                 The LazyUser class in the
                             AuthenticationMiddleware for Django 0.95 does
                             not properly cache the user name across
                             requests, which allows remote authenticated
                             users to gain the privileges of a different user.
                4.2   Medium                                                      AVAIL
CVE-2007-0408                 BEA Weblogic Server 8.1 through 8.1 SP4
                             does not properly validate client certificates
                             when reusing cached connections, which allows
                             remote attackers to obtain access via an
                 7    High   untrusted X.509 certificate.                         AVAIL
CVE-2007-0411                 BEA WebLogic Server 8.1 through 8.1 SP5,
                             9.0, 9.1, and 9.2 Gold, when WS-Security is
                             used, does not properly validate certificates,
                             which allows remote attackers to conduct a man-
                5.6   Medium in-the-middle (MITM) attack.                         AVAIL
CVE-2007-0416                 The WSEE runtime (WS-Security runtime) in
                             BEA WebLogic Server 9.0 and 9.1 does not
                             verify credentials when decrypting client
                             messages, which allows remote attackers to
                 7    High   bypass application security.                         AVAIL
CVE-2007-0417                 BEA WebLogic Server 7.0 through 7.0 SP7, 8.1
                             through 8.1 SP5, 9.0, and 9.1, when using the
                             WebLogic Server 6.1 compatibility realm, allows
                             attackers to execute certain EJB container
                             persistence operations with an administrative
                10    High   identity.                                            AVAIL
CVE-2007-0418                 BEA WebLogic Server 7.0 through 7.0 SP6, 8.1
                             through 8.1 SP5, 9.0, and 9.1 does not enforce
                             a security policy that declares permissions for
                             EJB methods that have array parameters, which
                             allows remote attackers to obtain unauthorized
                             access to these methods.
                 7 High                                                        AVAIL
CVE-2007-0423               BEA WebLogic Portal 9.2 does not properly
                           handle when an administrator deletes
                           entitlements for a role, which causes other role
                           entitlements to be "inadvertently affected,"
                3.9 Low    which has an unknown impact.                        AVAIL
CVE-2007-0425               Unspecified vulnerability in BEA WebLogic
                           Platform and Server 8.1 through 8.1 SP5, and
                           JRockit 1.4.2 R4.5 and earlier, allows attackers
                           to gain privileges via unspecified vectors,
                           related to an "overflow condition," probably a
                  7 High   buffer overflow.                                    AVAIL
CVE-2007-0426               BEA WebLogic Portal 9.2, when running in a
                           WebLogic Server clustered environment using
                           WebLogic Portal entitlements, does not properly
                           propagate entitlement policy changes if the
                           changes are made on a managed server while
                           the Administrative Server is unavailable, which
                           might allow attackers to bypass intended
                5.6 Medium restrictions.                                       AVAIL
CVE-2007-0432               BEA AquaLogic Service Bus 2.0, 2.1, and 2.5
                           does not properly reject malformed request
                           messages to a proxy service, which might allow
                           remote attackers to bypass authorization
                           policies and route requests to back-end
                           services or conduct other unauthorized
                  7 High   activities.                                         AVAIL
CVE-2007-0433               Unspecified vulnerability in BEA AquaLogic
                           Enterprise Security 2.0 through 2.0 SP2, 2.1
                           through 2.1 SP1, and 2.2, when using Active
                           Directory LDAP for authentication, allows
                           remote authenticated users to access the
                           server even after the account has been
                4.2 Medium disabled.                                           AVAIL
CVE-2007-0434               BEA AquaLogic Enterprise Security 2.0 through
                           2.0 SP2, 2.1 through 2.1 SP1, and 2.2 does not
                           properly set the severity level of audit events
                           when the system load is high, which might
                           make it easier for attackers to avoid detection.
                4.9 Medium                                                     AVAIL
CVE-2007-0435               T-Com Speedport 500V routers with firmware
                           1.31 allow remote attackers to bypass
                           authentication and reconfigure the device via a
                           LOGINKEY=TECOM cookie value.
                  7 High                                                       AVAIL
CVE-2007-0436              Barron McCann X-Kryptor Driver
                          BMS1446HRR (Xgntr BMS1351 Install
                          BMS1472) in X-Kryptor Secure Client does not
                          drop privileges when launching an Explorer
                          window in response to a help command, which
                          allows local users to gain LocalSystem
                          privileges via interactive use of Explorer.
                 7 High                                                         AVAIL
CVE-2007-0448              The fopen function in PHP 5.2.0 does not
                          properly handle invalid URI handlers, which
                          allows context-dependent attackers to bypass
                          safe_mode restrictions and read arbitrary files
                          via a file path specified with an invalid URI, as
                          demonstrated via the srpath URI.
                10 High                                                         AVAIL
CVE-2007-0470              Multiple unspecified vulnerabilities in tip in Sun
                          Solaris 8, 9, and 10 allow local users to gain
                          uucp account privileges via unspecified vectors.
                 7 High                                                       AVAIL
CVE-2007-0471              sre/params.php in the Integrity Clientless
                          Security (ICS) component in Check Point
                          Connectra NGX R62 3.x and earlier before
                          Security Hotfix 5, and possibly VPN-1 NGX
                          R62, allows remote attackers to bypass security
                          requirements via a crafted Report parameter,
                          which returns a valid ICSCookie authentication
                 7 High   token.                                              AVAIL
CVE-2007-0472              Multiple race conditions in Smb4K before 0.8.0
                          allow local users to (1) modify arbitrary files via
                          unspecified manipulations of Smb4K's lock file,
                          which is not properly handled by the
                          remove_lock_file function in
                          core/smb4kfileio.cpp, and (2) add lines to the
                          sudoers file via a symlink attack on temporary
                          files, which isn't properly handled by the
                          writeFile function in core/smb4kfileio.cpp.
                3.9 Low                                                       AVAIL
CVE-2007-0474              Smb4K before 0.8.0 allow local users, when
                          present on the Smb4K sudoers list, to kill
                          arbitrary processes, related to a "design issue
                2.6 Low   with smb4k_kill."                                   AVAIL
CVE-2007-0475              Multiple stack-based buffer overflows in
                          utilities/smb4k_*.cpp in Smb4K before 0.8.0
                          allow local users, when present on the Smb4K
                          sudoers list, to gain privileges via unspecified
                          vectors related to the args variable and
                          unspecified other variables, in conjunction with
                3.9 Low   the sudo configuration.                             AVAIL
CVE-2007-0476               The gencert.sh script, when installing
                           OpenLDAP before 2.1.30-r10, 2.2.x before
                           2.2.28-r7, and 2.3.x before 2.3.30-r2 as an
                           ebuild in Gentoo Linux, does not create
                           temporary directories in /tmp securely during
                           emerge, which allows local users to overwrite
                4.9 Medium arbitrary files via a symlink attack.               AVAIL
CVE-2007-0482               cgi-bin/main in Sun Ray Server Software 2.0
                           and 3.0 before 20070123 allows local users to
                           obtain the utadmin password by reading a web
                           server's log file, or by conducting a different,
                4.9 Medium unspecified local attack.                           AVAIL
CVE-2007-0517               Scriptsez Random PHP Quote 1.0 stores
                           sensitive information under the web root with
                           insufficient access control, which allows remote
                           attackers to obtain password information via a
                  7 High   direct request for pwd.txt.                         AVAIL
CVE-2007-0518               Scriptsez Smart PHP Subscriber (aka
                           subscribe) stores sensitive information under
                           the web root with insufficient access control,
                           which allows remote attackers to obtain
                           encoded passwords via a direct request for
                  7 High   pwd.txt.                                            AVAIL
CVE-2007-0528               The admin web console implemented by the
                           Centrality Communications (aka Aredfox)
                           PA168 chipset and firmware 1.54 and earlier, as
                           provided by various IP phones, does not require
                           passwords or authentication tokens when using
                           HTTP, which allows remote attackers to
                           connect to existing superuser sessions and
                           obtain sensitive information (passwords and
                  6 Medium configuration data).                                AVAIL
CVE-2007-0536               The chroot helper in rMake for rPath Linux 1
                           does not drop supplemental groups, which
                           causes packages to be installed with insecure
                           permissions and might allow local users to gain
                  7 High   privileges.                                         AVAIL
CVE-2007-0557               rMake before 1.0.4 drops root privileges in a
                           way that retains the original supplemental
                           groups, which might allow attackers to gain
                           privileges via a crafted recipe file, a different
                  7 High   vulnerability than CVE-2007-0536.                   AVAIL
CVE-2007-0585               include/debug.php in Webfwlog 0.92 and
                           earlier, when register_globals is enabled, allows
                           remote attackers to obtain source code of files
                           via the conffile parameter. NOTE: some of
                           these details are obtained from third party
                           information. It is likely that this issue can be
                           exploited to conduct directory traversal attacks.
                  8 High                                                       AVAIL
CVE-2007-0599                 Variable overwrite vulnerability in
                             common/config.php in Aztek Forum 4.00 allows
                             remote attackers to overwrite arbitrary program
                             variables and conduct other unauthorized
                             activities, such as copying arbitrary files using
                             index/common_actions.php, via vectors
                             associated with extract operations on the (1)
                             POST, (2) GET, (3) COOKIE, and (4) SERVER
                             superglobal arrays.
                 7 High                                                          AVAIL
CVE-2007-0601                 common/safety.php in Aztek Forum 4.00 allows
                             remote attackers to enter certain data
                             containing %22 sequences (URL encoded
                             double quotes) and other potentially dangerous
                             manipulations by sending a cookie, which
                             bypasses the blacklist matching against the
                             GET and PUT superglobal arrays.
                 7 High                                                      AVAIL
CVE-2007-0602               Buffer overflow in libvsapi.so in the VSAPI
                           library in Trend Micro VirusWall 3.81 for Linux,
                           as used by IScan.BASE/vscan, allows local
                           users to gain privileges via a long command line
                           argument, a different vulnerability than CVE-
                5.6 Medium 2005-0533.                                        AVAIL
CVE-2007-0603               PGP Desktop before 9.5.1 does not validate
                           data objects received over the (1) \pipe\pgpserv
                           named pipe for PGPServ.exe or the (2)
                           \pipe\pgpsdkserv named pipe for
                           PGPsdkServ.exe, which allows remote
                           authenticated users to gain privileges by
                           sending a data object representing an absolute
                           pointer, which causes code execution at the
                4.8 Medium corresponding address.                            AVAIL
CVE-2007-0629               The www_purgeList method in Plain Black
                           WebGUI before 7.3.8 does not properly check
                           user permissions, which allows attackers to
                           delete unauthorized assets. NOTE: some of
                           these details are obtained from third party
                4.7 Medium information.                                      AVAIL
CVE-2007-0652               Cross-site request forgery (CSRF) vulnerability
                           in MailEnable Professional before 2.37 allows
                           remote attackers to modify arbitrary
                           configurations and perform unauthorized
                           actions as arbitrary users via a link or IMG tag.
                5.6 Medium                                                   AVAIL
CVE-2007-0657               Unspecified vulnerability in Nexuiz 2.2.2 allows
                           remote attackers to read and overwrite arbitrary
                           files via the gamedir command.
                  7 High                                                     AVAIL
CVE-2007-0675                   ** DISPUTED ** The Speech Recognition
                               feature of Windows Vista allows user-assisted
                               remote attackers to delete arbitrary files, and
                               conduct other unauthorized activities, via a web
                               page with an embedded sound object that
                               contains voice commands to an enabled
                               microphone, allowing for interaction with
                               Windows Explorer. NOTE: the vendor disputes
                               the severity of this issue, stating that "there is
                               little if any need to worry about the effects of this
                               issue on your new Windows Vista installation."
                               Since little user interaction is required, and the
                               relevant operating environment is common,
                               CVE considers this a vulnerability.
                5.6 Medium                                                      AVAIL
CVE-2007-0681                 profile.php in ExtCalendar 2 and earlier allows
                             remote attackers to change the passwords of
                             arbitrary users without providing the original
                             password, and possibly perform other
                             unauthorized actions, via modified values to
                 7    High   register.php.                                      AVAIL
CVE-2007-0697                 index2.php in ACGVannu 1.3 and earlier allows
                             remote attackers to change the password or
                             profile of a user via a modified id parameter,
                             related to templates/modif.html. NOTE: some of
                             these details are obtained from third party
                4.7   Medium information.                                       AVAIL
CVE-2007-0705                 Cross-zone scripting vulnerability in Sleipnir
                             2.49 and earlier, and Portable Sleipnir 2.45 and
                             earlier, allows remote attackers to bypass Web
                             content zone restrictions via certain script
                             contained in RSS data. NOTE: some of these
                             details are obtained from third party information.
                 7    High                                                      AVAIL
CVE-2007-0706                 Cross-zone scripting vulnerability in Darksky
                             RSS bar for Internet Explorer before 1.29, RSS
                             bar for Sleipnir before 1.29, and RSS bar for
                             unDonut before 1.29 allows remote attackers to
                             bypass Web content zone restrictions via
                             certain script contained in RSS data. NOTE:
                             some of these details are obtained from third
                 7    High   party information.                                 AVAIL
CVE-2007-0737                 The Login Window in Apple Mac OS X 10.3.9
                             through 10.4.9 does not properly check certain
                             environment variables, which allows local users
                             to gain privileges via unspecified vectors.
                4.9   Medium                                                    AVAIL
CVE-2007-0760              EQdkp 1.3.1 and earlier authenticates
                          administrative requests by verifying that the
                          HTTP Referer header specifies an admin/ URL,
                          which allows remote attackers to read or modify
                          account names and passwords via a spoofed
                10 High   Referer.                                             AVAIL
CVE-2007-0792              The mod_perl initialization script in Bugzilla
                          2.23.3 does not set the Bugzilla Apache
                          configuration to allow .htaccess permissions to
                          override file permissions, which allows remote
                          attackers to obtain the database username and
                          password via a direct request for the localconfig
                 7 High   file.                                                AVAIL
CVE-2007-0806              Les News 2.2 allows remote attackers to
                          bypass authentication and gain administrative
                          access via a direct request for
                          adminews/index_fr.php3, and possibly the
                          adminews index documents for other
                 7 High   localizations.                                       AVAIL
CVE-2007-0819              HP Network Node Manager (NNM) Remote
                          Console 7.50 assigns Everyone Full Control
                          permission for the %PROGRAMFILES%\HP
                          OpenView directory tree, which allows local
                          users to gain privileges via a Trojan horse
                          executable file or ActiveX component, or a
                          modified bin\ovtrcsvc.exe for the HP Open View
                 7 High   Shared Trace Service.                                AVAIL
CVE-2007-0829              avast! Server Edition before 4.7.726 does not
                          demand a password in a certain intended
                          context, even when a password has been set,
                          which allows local users to bypass
                3.9 Low   authentication requirements.                         AVAIL
CVE-2007-0845              admin/index.php in Advanced Poll 2.0.0
                          through 2.0.5-dev allows remote attackers to
                          bypass authentication and gain administrator
                          privileges by obtaining a valid session identifier
                 7 High   and setting the uid parameter to 1.                  AVAIL
CVE-2007-0849              scripts/cronscript.php in SysCP 1.2.15 and
                          earlier does not properly quote pathnames in
                          user home directories, which allows local users
                          to gain privileges by placing shell
                          metacharacters in a directory name, and then
                          using the control panel to protect this directory,
                          a different vulnerability than CVE-2005-2568.
                 7 High                                                        AVAIL
CVE-2007-0889                  Kiwi CatTools before 3.2.0 beta uses weak
                              encryption ("reversible encoding") for
                              passwords, account names, and IP addresses
                              in kiwidb-cattools.kdb, which might allow local
                              users to gain sensitive information by decrypting
                              the file. NOTE: this issue could be leveraged
                              with a directory traversal vulnerability for a
                              remote attack vector.
                4.9 Medium                                                          AVAIL
CVE-2007-0895                  Race condition in recursive directory deletion
                              with the (1) -r or (2) -R option in rm in Solaris 8
                              through 10 before 20070208 allows local users
                              to delete files and directories as the user
                              running rm by moving a low-level directory to a
                              higher level as it is being deleted, which causes
                              rm to chdir to a ".." directory that is higher than
                              expected, possibly up to the root file system, a
                              related issue to CVE-2002-0435.
                2.6 Low                                                             AVAIL
CVE-2007-0898               Directory traversal vulnerability in clamd in
                           Clam AntiVirus ClamAV before 0.90 allows
                           remote attackers to overwrite arbitrary files via a
                           .. (dot dot) in the id MIME header parameter in a
                4.7 Medium multi-part message.                                      AVAIL
CVE-2007-0912               Cross-Site Request Forgery (CSRF)
                           vulnerability in admin/admin.adm.php in Jportal
                           2.3.1, and possibly earlier, allows remote
                           attackers to perform privileged actions as
                           administrators by tricking the admin into
                           accessing a URL with modified arguments to
                  8 High   admin/admin.adm.php.                                     AVAIL
CVE-2007-0915               Distributed SLS daemon (SLSd) on HP-UX
                           B.11.11 allows remote attackers to overwrite
                           arbitrary files and gain privileges via a crafted
                 10 High   RPC request.                                             AVAIL
CVE-2007-0921               Portal Search allows remote attackers to
                           redirect a URL to an arbitrary web site by
                           placing the URL in the query string to the top-
                6.7 Medium level URI.                                               AVAIL
CVE-2007-0924               Till Gerken phpPolls 1.0.3 allows remote
                           attackers to bypass authentication and perform
                           certain administrative actions via a direct
                           request to phpPollAdmin.php3. NOTE: this
                  7 High   issue might subsume CVE-2006-3764.                       AVAIL
CVE-2007-0926               The dologin function in guestbook.php in
                           KvGuestbook 1.0 Beta allows remote attackers
                           to gain administrative privileges, probably via
                           modified $mysql['pass'] and $gbpass variables.
                  7 High                                                            AVAIL
CVE-2007-0930               Variable extract vulnerability in Apache Stats
                           before 0.0.3beta allows attackers to modify
                           arbitrary variables and conduct attacks via
                           unknown vectors involving the use of PHP's
                  7 High   extract function.                                     AVAIL
CVE-2007-0932               The (1) Aruba Mobility Controllers 200, 600,
                           2400, and 6000 and (2) Alcatel-Lucent
                           OmniAccess Wireless 43xx and 6000 do not
                           properly implement authentication and privilege
                           assignment for the guest account, which allows
                           remote attackers to access administrative
                  7 High   interfaces or the WLAN.                               AVAIL
CVE-2007-0960               Unspecified vulnerability in Cisco PIX 500 and
                           ASA 5500 Series Security Appliances 7.2.2,
                           when configured to use the LOCAL
                           authentication method, allows remote
                           authenticated users to gain privileges via
                  6 Medium unspecified vectors.                                  AVAIL
CVE-2007-0968               Unspecified vulnerability in Cisco Firewall
                           Services Module (FWSM) before 2.3(4.7) and
                           3.x before 3.1(3.1) causes the access control
                           entries (ACE) in an ACL to be improperly
                           evaluated, which allows remote authenticated
                           users to bypass intended certain ACL
                4.8 Medium protections.                                          AVAIL
CVE-2007-0972               Unrestricted file upload vulnerability in
                           modules/emoticons.php in Jupiter CMS 1.1.5
                           allows remote attackers to upload arbitrary files
                           by modifying the HTTP request to send an
                           image content type, and to omit is_guest and
                           is_user parameters. NOTE: this issue might be
                  7 High   related to CVE-2006-4875.                             AVAIL
CVE-2007-0973               Multiple cross-site scripting (XSS)
                           vulnerabilities in index.php in Jupiter CMS 1.1.5
                           allow remote attackers to inject arbitrary web
                           script or HTML via the Referer HTTP header
                           and certain other HTTP headers, which are
                           displayed without proper sanitization when an
                           administrator performs a Logged Guest action.
                  7 High                                                         AVAIL
CVE-2007-0975               Variable extraction vulnerability in Ian
                           Bezanson Apache Stats before 0.0.3 beta
                           allows attackers to overwrite critical variables,
                           with unknown impact, when the extract function
                           is used on the _REQUEST superglobal array.
                2.3 Low                                                          AVAIL
CVE-2007-0978               Buffer overflow in swcons in IBM AIX 5.3 allows
                           local users to gain privileges via long input data.
                  7 High                                                         AVAIL
CVE-2007-0981              Mozilla based browsers, including Firefox
                          before 1.5.0.10 and 2.x before 2.0.0.2, and
                          SeaMonkey before 1.0.8, allow remote
                          attackers to bypass the same origin policy, steal
                          cookies, and conduct other attacks by writing a
                          URI with a null byte to the hostname
                          (location.hostname) DOM property, due to
                          interactions with DNS resolver code.
                 7 High                                                        AVAIL
CVE-2007-1040              Directory traversal vulnerability in archives.php
                          in Xpression News (X-News) 1.0.1 allows
                          remote attackers to include arbitrary files or
                          obtain sensitive information via a .. (dot dot) in
                          the xnews-template parameter.
                 7 High                                                      AVAIL
CVE-2007-1047              Unspecified vulnerability in Distributed
                          Checksum Clearinghouse (DCC) before 1.3.51
                          allows remote attackers to delete or add hosts
                 7 High   in /var/dcc/maps.                                  AVAIL
CVE-2007-1099              dbclient in Dropbear SSH client before 0.49
                          does not sufficiently warn the user when it
                          detects a hostkey mismatch, which might allow
                          remote attackers to conduct man-in-the-middle
                 7 High   attacks.                                           AVAIL
CVE-2007-1112              Kaspersky Anti-Virus 6.0 and Internet Security
                          6.0 exposes unsafe methods in the (a)
                          AXKLPROD60Lib.KAV60Info (AxKLProd60.dll)
                          and (b) AXKLSYSINFOLib.SysInfo
                          (AxKLSysInfo.dll) ActiveX controls, which allows
                          remote attackers to "download" or delete
                          arbitrary files via crafted arguments to the (1)
                          DeleteFile, (2) StartBatchUploading, (3)
                          StartStrBatchUploading, or (4) StartUploading
                          methods.
                10 High                                                      AVAIL
CVE-2007-1129              Multiple unrestricted file upload vulnerabilities
                          in MTCMS 3.2 allow remote attackers to upload
                          and execute files via (1) an avatar upload in an
                          add_down action, or (2) an add_link action.
                 7 High                                                      AVAIL
CVE-2007-1150              Unrestricted file upload vulnerability in
                          LoveCMS 1.4 allows remote authenticated
                          administrators to upload arbitrary files to
                2.2 Low   /modules/content/pictures/tmp/.                    AVAIL
CVE-2007-1178              WebAPP before 0.9.9.5 does not check access
                          in certain contexts related to (1) Calendar
                          Administration, (2) Instant Messages
                          Administration, and (3) the Image Uploader,
                          which has unknown impact and attack vectors.
                 7 High                                                      AVAIL
CVE-2007-1183               WebAPP before 0.9.9.5 allows remote
                           authenticated users to spoof another user's
                           Real Name via whitespace, which has unknown
                  7 High   impact and attack vectors.                             AVAIL
CVE-2007-1188               WebAPP before 0.9.9.5 allows remote
                           attackers to submit Search form input that is not
                           checked for (1) composition or (2) length, which
                           has unknown impact, possibly related to "search
                  7 High   form hijacking".                                       AVAIL
CVE-2007-1256               Mozilla Firefox 2.0.0.2 allows remote attackers
                           to spoof the address bar, favicons, and
                           document source, and perform updates in the
                           context of arbitrary websites, by repeatedly
                           setting document.location in the onunload
                           attribute when linking to another website, a
                5.6 Medium variant of CVE-2007-1092.                              AVAIL
CVE-2007-1309               Novell Access Management 3 SSLVPN Server
                           allows remote authenticated users to bypass
                           VPN restrictions by making policy.txt read-only,
                           disconnecting, then manually modifying
                  6 Medium policy.txt.                                            AVAIL
CVE-2007-1359               Interpretation conflict in ModSecurity
                           (mod_security) 2.1.0 and earlier allows remote
                           attackers to bypass request rules via
                           application/x-www-form-urlencoded POST data
                           that contains an ASCIIZ (0x00) byte, which
                           mod_security treats as a terminator even
                           though it is still processed as normal data by
                           some HTTP parsers including PHP 5.2.0, and
                           possibly parsers in Perl, and Python.
                5.6 Medium                                                        AVAIL
CVE-2007-1384               Directory traversal vulnerability in torrent.cpp in
                           KTorrent before 2.1.2 allows remote attackers
                           to overwrite arbitrary files via ".." sequences in a
                4.7 Medium torrent filename.                                      AVAIL
CVE-2007-1396               The import_request_variables function in PHP
                           4.0.7 through 4.4.6, and 5.x before 5.2.2, when
                           called without a prefix, does not prevent the (1)
                           GET, (2) POST, (3) COOKIE, (4) FILES, (5)
                           SERVER, (6) SESSION, and other superglobals
                           from being overwritten, which allows remote
                           attackers to spoof source IP address and
                           Referer data, and have other unspecified
                           impact. NOTE: it could be argued that this is a
                           design limitation of PHP and that only the
                           misuse of this feature, i.e. implementation bugs
                           in applications, should be included in CVE.
                           However, it has been fixed by the vendor.
                 10 High                                                          AVAIL
CVE-2007-1444               netserver in netperf 2.4.3 allows local users to
                           overwrite arbitrary files via a symlink attack on
                3.9 Low    /tmp/netperf.debug.                                    AVAIL
CVE-2007-1451               GuppY 4.0 allows remote attackers to delete
                           arbitrary files via a direct request to
                           install/install.php, then selecting "Installation
                           propre" (cleanup.php) and then "Suppression
                4.7 Medium des fichiers d'installation" (delete.php).         AVAIL
CVE-2007-1497               nf_conntrack in netfilter in the Linux kernel
                           before 2.6.20.3 does not set nfctinfo during
                           reassembly of fragmented packets, which
                           leaves the default value as
                           IP_CT_ESTABLISHED and might allow remote
                           attackers to bypass certain rulesets using IPv6
                  7 High   fragments.                                         AVAIL
CVE-2007-1500               The Linux Security Auditing Tool (LSAT) allows
                           local users to overwrite arbitrary files via a
                           symlink attack on temporary files, as
                2.9 Low    demonstrated using /tmp/lsat1.lsat.                AVAIL
CVE-2007-1535               Microsoft Windows Vista establishes a Teredo
                           address without user action upon connection to
                           the Internet, contrary to documentation that
                           Teredo is inactive without user action, which
                           increases the attack surface and allows remote
                           attackers to communicate via Teredo.
                  7 High                                                      AVAIL
CVE-2007-1562               The FTP protocol implementation in Mozilla
                           Firefox before 1.5.0.11 and 2.x before 2.0.0.3
                           allows remote attackers to force the client to
                           connect to other servers, perform a proxied port
                           scan, or obtain sensitive information by
                           specifying an alternate server address in an
                5.6 Medium FTP PASV response.                                 AVAIL
CVE-2007-1563               The FTP protocol implementation in Opera
                           9.10 allows remote attackers to allows remote
                           servers to force the client to connect to other
                           servers, perform a proxied port scan, or obtain
                           sensitive information by specifying an alternate
                           server address in an FTP PASV response.
                5.6 Medium                                                    AVAIL
CVE-2007-1564               The FTP protocol implementation in Konqueror
                           3.5.5 allows remote servers to force the client to
                           connect to other servers, perform a proxied port
                           scan, or obtain sensitive information by
                           specifying an alternate server address in an
                           FTP PASV response.
                5.6 Medium                                                    AVAIL
CVE-2007-1599               wp-login.php in WordPress allows remote
                           attackers to redirect authenticated users to
                           other websites and potentially obtain sensitive
                           information via the redirect_to parameter.
                4.2 Medium                                                    AVAIL
CVE-2007-1692                  The default configuration of Microsoft Windows
                              uses the Web Proxy Autodiscovery Protocol
                              (WPAD) without static WPAD entries, which
                              might allow remote attackers to intercept web
                              traffic by registering a proxy server using WINS
                              or DNS, then responding to WPAD requests, as
                              demonstrated using Internet Explorer. NOTE: it
                              could be argued that if an attacker already has
                              control over WINS/DNS, then web traffic could
                              already be intercepted by modifying WINS or
                              DNS records, so this would not cross privilege
                              boundaries and would not be a vulnerability. It
                              has also been reported that DHCP is an
                              alternate attack vector.

                 7 High                                                           AVAIL
CVE-2007-1745               The chm_decompress_stream function in
                           libclamav/chmunpack.c in Clam AntiVirus
                           (ClamAV) before 0.90.2 leaks file descriptors,
                           which has unknown impact and attack vectors
                           involving a crafted CHM file, a different
                           vulnerability than CVE-2007-0897. NOTE: some
                           of these details are obtained from third party
                2.7 Low    information.                                           AVAIL
CVE-2007-1799               Directory traversal vulnerability in torrent.cpp in
                           KTorrent before 2.1.3 only checks for the ".."
                           string, which allows remote attackers to
                           overwrite arbitrary files via modified ".."
                           sequences in a torrent filename, as
                           demonstrated by "../" sequences, due to an
                4.7 Medium incomplete fix for CVE-2007-1384.                      AVAIL
CVE-2007-1800               Cisco Secure ACS does not require
                           authentication when Cisco Trust Agent (CTA)
                           transmits posture information, which might allow
                           remote attackers to gain network access via a
                           spoofed Network Endpoint Assessment
                           posture, aka "NACATTACK." NOTE: this attack
                           might be limited to authenticated users and
                  7 High   devices.                                               AVAIL
CVE-2007-1831               web-app.org WebAPP before 0.9.9.6 allows
                           remote authenticated users to open files and
                           write "wrong data" via a crafted
                3.4 Low    QUERY_STRING.                                          AVAIL
CVE-2007-1879               The StartUploading function in KL.SysInfo
                           ActiveX control (AxKLSysInfo.dll) in Kaspersky
                           Anti-Virus 6.0 and Internet Security 6.0 before
                           Maintenance Pack 2 build 6.0.2.614 allows
                           remote attackers to read arbitrary files by
                           triggering an outbound anonymous FTP session
                           that invokes the PUT command. NOTE: this
                           issue might be related to CVE-2007-1112.
                  8 High                                                          AVAIL
CVE-2007-1949                 Session fixation vulnerability in WebBlizzard
                             CMS allows remote attackers to hijack web
                 7 High      sessions by setting a PHPSESSID cookie.                AVAIL
CVE-2007-1951                 Session fixation vulnerability in onelook obo
                             Shop allows remote attackers to hijack web
                 7 High      sessions by setting a PHPSESSID cookie.                AVAIL
CVE-2007-1952                 Session fixation vulnerability in onelook
                             onebyone CMS allows remote attackers to
                             hijack web sessions by setting a PHPSESSID
                 7 High      cookie.                                                AVAIL
CVE-2007-1953                 Session fixation vulnerability in onelook courts
                             on-line allows remote attackers to hijack web
                             sessions by setting a PHPSESSID cookie.
                 7 High                                                             AVAIL
CVE-2007-2017                siteadmin/useredit.php in AlstraSoft Video
                             Share Enterprise does not check authentication,
                             which allows remote attackers to obtain or
                             modify user information via a direct request.
                 7 High                                                             AVAIL
CVE-2007-2023                 USB20.dll in Secustick USB flash drive
                             decouples the authorization and file access
                             routines, which allows local users to bypass
                             authentication requirements by altering the
                 7 High      return value of the VerifyPassWord function.           AVAIL
CVE-2007-2058                 Directory traversal vulnerability in Acubix
                             PicoZip 4.02 allows user-assisted remote
                             attackers to overwrite arbitrary files via a .. (dot
                             dot) sequence in the file path in an (1) GZ, (2)
                             TAR, (3) RAR, (4) JAR, or (5) ZIP archive.
                5.6 Medium                                                    AVAIL
CVE-2007-2063               SSH Tectia Server for IBM z/OS before 5.4.0,
                           when _BPX_BATCH_UMASK is missing from
                           the environment, creates HFS files with
                           insecure permissions, which allows local users
                           to read or modify these files and have other
                3.9 Low    unknown impact.                                    AVAIL
CVE-2007-2074               Certain programs in containers in ScramDisk 4
                           Linux before 1.0-1 execute with SUID
                           permissions, which allows local users to gain
                4.9 Medium privileges via mounted containers.                 AVAIL
CVE-2007-2138               Untrusted search path vulnerability in
                           PostgreSQL before 7.3.19, 7.4.x before 7.4.17,
                           8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x
                           before 8.2.4 allows remote authenticated users,
                           when permitted to call a SECURITY DEFINER
                           function, to gain the privileges of the function
                           owner, related to "search_path settings."
                3.4 Low                                                       AVAIL
CVE-2007-2170               The APPLSYS.FND_DM_NODES package in
                           Oracle E-Business Suite does not check for
                           valid sessions, which allows remote attackers to
                           delete arbitrary nodes. NOTE: due to lack of
                           details from Oracle, it is not clear whether this
                           issue is related to other CVE identifiers such as
                           CVE-2007-2126, CVE-2007-2127, or CVE-2007-
                6.7 Medium 2128.                                             AVAIL
CVE-2007-2188               eXtremail 2.1.1 and earlier does not verify the
                           ID field (aka transaction id) in DNS responses,
                           which makes it easier for remote attackers to
                 10 High   conduct DNS spoofing.                             AVAIL
CVE-2007-2200               Directory traversal vulnerability in
                           navigator/navigator_ok.php in Pagode 0.5.8
                           allows remote attackers to read and possibly
                           delete arbitrary files via a .. (dot dot) in the
                 10 High   asolute parameter.                                AVAIL
CVE-2007-2221               Unspecified vulnerability in the mdsauth.dll
                           COM object in Microsoft Windows Media Server
                           in the Microsoft Internet Explorer 5.01 SP4 on
                           Windows 2000 SP4; 6 SP1 on Windows 2000
                           SP4; 6 and 7 on Windows XP SP2, or Windows
                           Server 2003 SP1 or SP2; or 7 on Windows
                           Vista allows remote attackers to overwrite
                           arbitrary files via unspecified vectors, aka the
                           "Arbitrary File Rewrite Vulnerability."
                  8 High                                                     AVAIL
CVE-2007-2385               The Yahoo! UI framework exchanges data
                           using JavaScript Object Notation (JSON)
                           without an associated protection scheme, which
                           allows remote attackers to obtain the data via a
                           web page that retrieves the data through a URL
                           in the SRC attribute of a SCRIPT element and
                           captures the data using other JavaScript code,
                           aka "JavaScript Hijacking."
                2.3 Low                                                      AVAIL
CVE-2007-2453               The random number feature in Linux kernel 2.6
                           before 2.6.20.13, and 2.6.21.x before 2.6.21.4,
                           (1) does not properly seed pools when there is
                           no entropy, or (2) uses an incorrect cast when
                           extracting entropy, which might cause the
                           random number generator to provide the same
                           values after reboots on systems without an
                           entropy source.
                4.9 Medium                                                   AVAIL
CVE-2007-2480                 The _udp_lib_get_port function in
                             net/ipv4/udp.c in Linux kernel 2.6.21 and earlier
                             does not prevent a bind to a port with a local
                             address when there is already a bind to that port
                             with a wildcard local address, which might allow
                             local users to intercept local traffic for daemons
                             or other applications.
                4.9 Medium                                                   AVAIL
CVE-2007-2578               Unspecified vulnerability in
                           search/list/action_search/index.php in ACP3 4.0
                           beta 3 allows remote attackers to have
                           unknown impact, relating to "Cookie
                           Manipulation", via the form[search_term]
                  7 High   parameter.                                        AVAIL
CVE-2007-2606               Multiple buffer overflows in Firebird 2.1 allow
                           attackers to trigger memory corruption and
                           possibly have other unspecified impact via
                           certain input processed by (1)
                           config\ConfigFile.cpp or (2)
                           msgs\check_msgs.epp. NOTE: if ConfigFile.cpp
                           reads a configuration file with restrictive
                           permissions, then the ConfigFile.cpp vector may
                           not cross privilege boundaries and perhaps
                           should not be included in CVE.
                3.3 Low                                                      AVAIL
CVE-2007-2644               A certain ActiveX control in Morovia Barcode
                           ActiveX Professional 3.3.1304 allows remote
                           attackers to overwrite arbitrary files by calling
                6.7 Medium the Save method with an arbitrary filename.       AVAIL
CVE-2007-2654               xfs_fsr in xfsdump creates a temporary
                           directory with insecure permissions, which
                           allows local users to read or overwrite arbitrary
                3.9 Low    files on xfs filesystems.                         AVAIL
CVE-2007-2688               The Cisco Intrusion Prevention System (IPS)
                           and IOS with Firewall/IPS Feature Set do not
                           properly handle certain full-width and half-width
                           Unicode character encodings, which might allow
                           remote attackers to evade detection of HTTP
                3.3 Low    traffic.                                          AVAIL
CVE-2007-2689               Check Point Web Intelligence does not properly
                           handle certain full-width and half-width Unicode
                           character encodings, which might allow remote
                           attackers to evade detection of HTTP traffic.
                3.3 Low                                                      AVAIL
CVE-2007-2690               Multiple IBM ISS Proventia Series products,
                           including the A, G, and M series, do not properly
                           handle certain full-width and half-width Unicode
                           character encodings, which might allow remote
                           attackers to evade detection of HTTP traffic.
                3.3 Low                                                      AVAIL
CVE-2007-2691              MySQL before 4.1.23, 5.0.x before 5.0.42, and
                          5.1.x before 5.1.18 does not require the DROP
                          privilege for RENAME TABLE statements,
                          which allows remote authenticated users to
                          rename arbitrary tables.
                2.2 Low                                                       AVAIL
CVE-2007-2725              The DB Software Laboratory DeWizardX
                          (DEWizardAX.ocx) ActiveX control allows
                          remote attackers to overwrite arbitrary files via
                 7 High   the SaveToFile function.                            AVAIL
CVE-2007-2791              Unspecified vulnerability in the Secure Shell
                          (SSH) in HP Tru64 UNIX 5.1B-4 and 5.1B-3
                          allows remote attackers to identify valid users
                          via unspecified vectors, probably related to
                          timing attacks and
                10 High   AuthInteractiveFailureRandomTimeout.                AVAIL
CVE-2007-2843              Cross-domain vulnerability in Apple Safari 2.0.4
                          allows remote attackers to access restricted
                          information from other domains via Javascript,
                          as demonstrated by a js script that accesses
                          the location information of cross-domain web
                          pages, probably involving setTimeout and timed
                10 High   events.                                             AVAIL
CVE-2007-3053              Session fixation vulnerability in Calimero.CMS
                          3.3.1232 and earlier allows remote attackers to
                          hijack web sessions by setting the PHPSESSID
                 7 High   parameter.                                          AVAIL
CVE-2007-0882              Argument injection vulnerability in the telnet
                          daemon (in.telnetd) in Solaris 10 and 11
                          (SunOS 5.10 and 5.11) misinterprets certain
                          client "-f" sequences as valid requests for the
                          login program to skip authentication, which
                          allows remote attackers to log into certain
                          accounts, as demonstrated by the bin account.
                10 High                                                       AVAIL
                                         Categories:    code injection
                                                        denial of service
                                                        gain of priveleges/access control
                                                        unknown

Vulnerability Type       References      Interactions   Interaction description




INPUT |                   http://www.securityfocus.com/archive/1/archive/1/457159/100/0/threaded | http://www.kb.cert.org/vul




                                                       1
http://forums.grsecurity.net/viewtopic.php?t=1646 | http://www.digitalarmaments.com/news_news.shtml | http://grsecurity.net/n




                                        ?
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert




                                        ?
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert




                                        ?
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert



INPUT |                                               1 Specially crafted request
                          http://sourceforge.net/project/shownotes.php?release_id=479480&group_id=187000 | http://www.frs
INPUT |




DESIGN |                           ?
                   http://sourceforge.net/forum/forum.php?forum_id=660819 | http://www.frsirt.com/english/advisories/2




                                                search string = single character, replace string
INPUT |                                       2 = single character
                   http://www.php-security.org/MOPB/MOPB-39-2007.html |


INPUT |                                        1
                   http://sourceforge.net/project/shownotes.php?release_id=500238&group_id=32077 | http://www.frsir




INPUT |




INPUT | ACCESS |                              1 SSL bypassed
                   http://www.securityfocus.com/archive/1/archive/1/468049/100/0/threaded | http://www.securityfocus.
                                       HTML or web script injected by the sortby
INPUT |                              1 parameter
          http://www.securityfocus.com/archive/1/archive/1/455615/100/0/threaded | http://www.securityfocus.




                                       Arbitrary code injected via (1) cat parameter to
                                       (a) ashop/catalogue.php and (b)
                                       ashop/basket.php, the (2) exp parameter to
                                       ashop/catalogue.php, the (3) searchstring
                                       parameter to (c) ashop/search.php, the (4)
                                       checkout and (5) action parameters to (d)
                                       ashop/shipping.php, the cat parameter to (f)
                                       cart-path/admin/editcatalogue.php, and the (7)
                                       resultpage parameter to (g) cart-
INPUT |                  ?             path/admin/salesadmin.php.
          http://www.securityfocus.com/archive/1/archive/1/455629/100/0/threaded | http://www.securityfocus.




INPUT |                              1 Invalid URI in getURL
          http://www.securityfocus.com/archive/1/archive/1/455726/100/0/threaded | http://www.securityfocus.




                                       Invalid tokens and qoute characters or HTML
INPUT |                              1 tages in URL variable names
          http://www.securityfocus.com/archive/1/archive/1/456048/100/0/threaded | http://www.hardened-php




                                         Web script or HTML injected vi IssueInstant
INPUT |                              1 Parameter
          https://secure-support.novell.com/KanisaPlatform/Publishing/143/3615264_f.SAL_Public.html | http:/



                                       crafted parameter to mkpw_mp.cgi, mkpw.pl,
INPUT |                              1 or mkpw.cgi
          http://www.securityfocus.com/archive/1/archive/1/456055/100/0/threaded | http://www.securityfocus.



INPUT |                              1 crafted g parameter to search.asp
          http://www.securityfocus.com/archive/1/archive/1/456052/100/0/threaded | http://www.securityfocus.
INPUT |                              2
          http://marc.theaimsgroup.com/?l=full-disclosure&m=116799778408115&w=2 | http://drupal.org/node




INPUT |                              1
          http://jvn.jp/jp/JVN%2365500885/index.html | http://serenebach.net/log/sb119R.html | http://sereneba




INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/456122/100/0/threaded | http://www.securityfocus.




INPUT |                            1
          http://www.milw0rm.com/exploits/3089 | http://secunia.com/advisories/23652 | http://xforce.iss.net/xf




INPUT |                  ?
          http://www.securityfocus.com/archive/1/archive/1/456121/100/0/threaded | http://www.frsirt.com/engl




INPUT |                               1
          http://secunia.com/advisories/23656 | http://www.securityfocus.com/bid/21953 | http://xforce.iss.net/x




INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/456296/100/0/threaded | http://www.eazel.es/advis
INPUT |                               2 wgUseAjax = true, other params unspecified
          http://sourceforge.net/forum/forum.php?forum_id=652721 | http://svn.wikimedia.org/svnroot/mediaw




INPUT |   http://www.securityfocus.com/bid/21977 | http://secunia.com/advisories/23605 |




INPUT |                  ?
          http://www.mnin.org/advisories/2007_firepass.pdf | https://tech.f5.com/home/solutions/sol6919.html




INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/456042/100/100/threaded | http://xforce.iss.net/xfo




INPUT |                 ?
          http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0 | http://www.frsirt.com/english/a




INPUT |                            1
          http://www.milw0rm.com/exploits/3115 | http://secunia.com/advisories/23699 | http://xforce.iss.net/xf
                                                       (1) nofollow disabled AND (2) unmoderated
INPUT | CONFIG |                                     2 comments enabled
                          http://golem.ph.utexas.edu/~distler/blog/archives/001102.html | http://www.zackvision.com/weblog/2



INPUT |                                              1
                          http://www.securityfocus.com/archive/1/archive/1/456636/100/0/threaded | http://www.securityfocus.




INPUT |                                              1
                          http://14house.blogspot.com/2007/01/fastilo-open-source-shopping-cart-vuln.html | http://www.secur




INPUT |                                              1
                          http://www.securityfocus.com/archive/1/archive/1/456699/100/0/threaded | http://www.bugsec.com/a




                                                      1
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert




INPUT |                                              2
                          http://www.securityfocus.com/archive/1/archive/1/456970/100/0/threaded | http://www.securityfocus.



INPUT |                                              1
                          http://www.plainblack.com/getwebgui/advisories/webgui-7_3_4-beta-released#BUeIjcWiQasypsJxD-




INPUT |                                              2 (1) ajouter=1 querery string and (2) add menu
                          http://www.securityfocus.com/archive/1/archive/1/456986/100/0/threaded | http://www.securityfocus.
                                       URI of script or HTML in convcharset
INPUT |                              1 parameter
          http://www.securityfocus.com/archive/1/archive/1/456726/100/0/threaded | http://www.securityfocus.



                                       web script or HTML injected via the
INPUT |                              1 PATH_INFO string.
          http://www.securityfocus.com/archive/1/archive/1/457206/100/0/threaded | http://mywebland.com/for




INPUT |                              1 Scripts inserted into vectors
          http://jvn.jp/jp/JVN%2395249468/index.html | http://manual.freshreader.com/archives/2007/01/20070




INPUT |                               1 Scripts inserted into vectors
          http://sourceforge.net/project/shownotes.php?group_id=11386&release_id=479424 | http://sourcefor




                                       web script or HTML inserted via the (1)
                                       error_msg parameter to (a)
                                       suggest_category.php; the (2) u parameter to
                                       (b) user_detail.php; the (3) friend_name, (4)
                                       friend_email, (5) error_msg, (6) my_name, (7)
                                       my_email, and (8) id parameters to (c)
                                       tell_friend.php; the (9) error_msg, (10) email,
                                       (11) name, and (12) subject parameters to (d)
                                       sendmail.php; the (13) email, (14) error_msg,
                                       and (15) username parameters to (e)
                                       send_pwd.php; the (16) keyword parameter to
                                       (f) search.php; the (17) error_msg, (18)
                                       username, (19) password, (20) password2, and
                                       (21) email parameters to (g) register.php; the
                                       (22) url, (23) contact_name, and (24) email
                                       parameters to (h) power_search.php; the (25)
                                       path and (26) total parameters to (i) new.php;
                                       the (27) query parameter to (j) modify.php; the
                                       (28) error_msg parameter to (k) login.php; the
                                       (29) error_msg and (30) email parameters to (l)
                                       mailing_list.php; the (31) gateway parameter to
INPUT |                  ?             (m) upgrade.php; and another unspecified
          http://www.securityfocus.com/archive/1/archive/1/457079/100/0/threaded | http://www.securityfocus.
INPUT |                                    ?              Scripts inserted into vectors
                           http://sourceforge.net/project/shownotes.php?release_id=478370 | http://www.frsirt.com/english/advi



INPUT |                                                1 Scripts inserted into vectors
                           http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://virtuemart.svn.sourc



INPUT |                                                1 Scripts inserted into vectors
                           http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advi




                                                      1
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advisories/festival.txt | http://no



INPUT |                                               1 Scripts inserted into tag parameter
                           http://www.securityfocus.com/archive/1/archive/1/457331/100/0/threaded | http://www.securityfocus.



                                                        Scripts or HTML injected via (1)Suject or (2)
INPUT |                                               1 Pseudo fields
                           http://www.securityfocus.com/archive/1/archive/1/457503/100/0/threaded | http://www.attrition.org/pip




                                                        Scripts or HTML injected via recipient or BCC
INPUT |                                               1 fields
                           http://www.securityfocus.com/archive/1/archive/1/457508/100/0/threaded | http://aria-security.com/fo



                                                        Scripts or HTML injected via keyword
INPUT |                                               1 parameter
                           http://www.securityfocus.com/archive/1/archive/1/457505/100/0/threaded | http://xforce.iss.net/xforce




                                                        Scripts or HTML injected via username
INPUT |                                               1 parameter
                           http://www.securityfocus.com/archive/1/archive/1/457506/100/0/threaded | http://xforce.iss.net/xforce
                                                      (1) Scripts or HTML injected via username
                                                      parameter and (2) anonymous registration is
INPUT |                                             2 being done
                         http://www.plainblack.com/bugs/tracker/security-update-cross-site-scripting-vulnerability | http://www




                                                  1
http://forum.openads.org/index.php?showtopic=503412651 | http://jvn.jp/jp/JVN%2307274813/index.html | https://developer.op




                                                       URI of script or HTML in (1) show_owned.php
INPUT |                                              1 or (2) | http://www.securityfocus.com/bid/22180 | http://xforce.iss.net/x
                         http://secunia.com/advisories/23865show_joined.php




                                                       Web script or HTML injected via (1) HTTP
INPUT |                                              1 Expect headers or (2) image maps
                         http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html | http://www.frsirt.com/engli




                                                      Web scripts or HTML injected via URL in
INPUT |                                             1 PATH_INFO parameter
                         http://www.securityfocus.com/archive/1/archive/1/457695/100/0/threaded | http://xforce.iss.net/xforce




INPUT |                                             1 HTML embedded in comment tags
                         http://www.securityfocus.com/archive/1/archive/1/457924/100/0/threaded | http://www.kde.org/info/se



INPUT |                                             1
                         http://www.securityfocus.com/archive/1/archive/1/457660/100/0/threaded | http://xforce.iss.net/xforce
INPUT |                                             1
                         http://www.securityfocus.com/archive/1/archive/1/457929/100/0/threaded | http://www.securityfocus.



INPUT |                                             1
                         http://www.securityfocus.com/archive/1/archive/1/457611/100/0/threaded | http://xforce.iss.net/xforce



INPUT |                                             1
                         http://www.securityfocus.com/archive/1/archive/1/457611/100/0/threaded | http://xforce.iss.net/xforce




INPUT |                                             1
                         http://onnac.svn.sourceforge.net/viewvc/onnac/trunk/install/default/error404.html?view=log | http://so




INPUT |                                              2
                         http://sourceforge.net/project/shownotes.php?release_id=479999&group_id=110693 | http://www.frs



                                                      1
http://jvn.jp/jp/JVN%2382258242/index.html | http://secunia.com/advisories/23909 | http://www.securityfocus.com/bid/22245 |




INPUT |                                             1
                         http://www.securityfocus.com/archive/1/archive/1/458226/100/0/threaded | http://www.securityfocus.




INPUT |                  http://lists.horde.org/archives/announce/2007/000308.html | http://lists.horde.org/archives/announce/




INPUT |                  http://www.securityfocus.com/archive/1/archive/1/458062/100/0/threaded | http://www.securityfocus.
                                                   1
http://www.sixapart.com/movabletype/beta/distros/MT-3.34-beta-Release-Notes.html |




INPUT |                                              1
                         http://secunia.com/advisories/23951 | http://www.securityfocus.com/bid/22250 | http://xforce.iss.net/x




                                                    2
http://sourceforge.net/project/shownotes.php?release_id=480714&group_id=98260 | http://www.frsirt.com/english/advisories/2




INPUT |                                             1
                         http://sunsolve.sun.com/search/document.do?assetkey=1-26-102621-1 | http://www.securityfocus.co




DESIGN |                                            1
                         http://www.securityfocus.com/archive/1/archive/1/458306/100/0/threaded | http://www.securityfocus.




INPUT |                  http://www.dotnetnuke.com/Default.aspx?tabid=825&EntryID=1278 | http://www.frsirt.com/english/ad
INPUT |                 http://sourceforge.net/project/shownotes.php?release_id=481131&group_id=98260 | http://www.frsir




INPUT |                                          1
                        http://www.milw0rm.com/exploits/3255 | http://www.securityfocus.com/bid/22379 | http://milw0rm.com



                                                 |
http://www.phorum.org/phorum5/read.php?12,1197571 http://www.frsirt.com/english/advisories/2007/0410 |




INPUT |                                            1
                        http://www.securityfocus.com/archive/1/archive/1/458225/100/0/threaded | http://www.securityfocus.




INPUT |                 http://www.securityfocus.com/archive/1/archive/1/458461/100/0/threaded | http://www.securityfocus.




INPUT |                                          1
                        http://www.milw0rm.com/exploits/3271 | http://www.securityfocus.com/bid/22412 | http://www.frsirt.co




INPUT |                                            1
                        http://www.securityfocus.com/archive/1/archive/1/459160/100/0/threaded | http://www.securityfocus.
INPUT |                                1
           http://secunia.com/advisories/24071 | http://xforce.iss.net/xforce/xfdb/32417 |




INPUT |    http://sourceforge.net/project/shownotes.php?release_id=484226 | http://www.securityfocus.com/bid




INPUT |                             1
           http://www.milw0rm.com/exploits/3283 | http://www.securityfocus.com/bid/22450 | http://milw0rm.com




INPUT |                                1
           http://secunia.com/advisories/23217 | http://www.securityfocus.com/bid/22460 |




INPUT |                               1
           http://www.securityfocus.com/archive/1/archive/1/459562/100/0/threaded | http://www.securityfocus.




ACCESS |                              1
           http://www.securityfocus.com/archive/1/archive/1/459655/100/0/threaded | http://forums.avenir-geop




ACCESS |                              1
           http://www.securityfocus.com/archive/1/archive/1/459652/100/0/threaded | http://forums.avenir-geop




INPUT |                               1
           http://www.securityfocus.com/archive/1/archive/1/459590/100/0/threaded | http://www.securityfocus.
INPUT |                                       1
                   http://jvn.jp/jp/JVN%2384430861/index.html | http://mozdev.org/bugs/show_bug.cgi?id=16320 | http:



INPUT |                                       1
                   http://www.securityfocus.com/archive/1/archive/1/459979/100/0/threaded | http://www.securityfocus.




                                                (1) Inject script via the t and yr paramerters and
                                                the sho parameter and (2) the m parameter is
INPUT |                                       2 out of range
                   http://www.securityfocus.com/bid/22536 | http://secunia.com/advisories/24125 | http://xforce.iss.net/x




INPUT |                           ?
                   http://www.securityfocus.com/archive/1/archive/1/460078/100/0/threaded | http://www.securityfocus.




INPUT |                                        1
                   http://downloads.securityfocus.com/vulnerabilities/exploits/22719.html | http://www.securityfocus.com



INPUT |                                       1
                   http://www.securityfocus.com/archive/1/archive/1/463820/100/0/threaded | http://www.securityfocus.




DESIGN |                                      1
                   http://www.securityfocus.com/archive/1/archive/1/464041/100/0/threaded |



                                                URLs in object or iframe HTML tags not
INPUT | DESIGN |                              1 checked for phishing
                   http://www.securityfocus.com/archive/1/archive/1/464041/100/0/threaded |



INPUT |                                       1
                   http://jvn.jp/jp/JVN%2340511721/index.html | http://www.securityfocus.com/bid/23207 | http://www.fr
INPUT |                                            1
                        http://www.securityfocus.com/archive/1/archive/1/468316/100/0/threaded |



INPUT |                 http://jvn.jp/jp/JVN%2392832583/index.html | http://www.evalue.jp/support/security/IPA_92832583.a




INPUT |                                            1
                        http://www.securityfocus.com/archive/1/archive/1/469087/100/0/threaded | http://www.securityfocus.




INPUT |                                             1
                        http://pridels-team.blogspot.com/2007/05/parodia-xss-vuln.html | http://www.securityfocus.com/bid/2



INPUT |                                             1
                        http://pridels-team.blogspot.com/2007/05/track-xss-vuln.html | http://www.securityfocus.com/bid/240




INPUT |                                            1
                        http://www.securityfocus.com/archive/1/archive/1/469291/100/0/threaded | http://www.securityfocus.



INPUT |                                                1
                        http://marc.info/?l=full-disclosure&m=117987658110713&w=2 | http://www.securityfocus.com/bid/24



http://www-1.ibm.com/support/docview.wss?uid=isg1IY95526 | http://www-1.ibm.com/support/docview.wss?uid=isg1IY95637 |




DESIGN |                                           1
                        http://www.securityfocus.com/archive/1/archive/1/470446/100/0/threaded | http://archives.neohapsis




DESIGN |                                             1
                        http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev=HEAD&content-type=text/vnd.viewcvs-markup
                                                       (1) CRLF injection vulnerability in Adobe
                                                       Acrobat Reader and (2) Microsoft.XMLHTTP
INPUT | CONFIG |                                    1 ActiveX object allow arbitrary HTTP headers
                         http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf | http://www.frs




INPUT |                                             1
                         http://www.securityfocus.com/archive/1/archive/1/456699/100/0/threaded | http://www.bugsec.com/a




                                        ?
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.red-database-security.co




INPUT | DESIGN |                                  1 Arbitrary | http://milw0rm.com/exploits/3153 | http://xforce.iss.net/xforc
                         http://www.milw0rm.com/exploits/3153 code uploaded as image form banner




INPUT |                                                1
                         http://retrogod.altervista.org/guppy_4516_cmd.html | http://www.milw0rm.com/exploits/3221 | http://s
INPUT |                            1
          http://www.milw0rm.com/exploits/3288 | http://www.securityfocus.com/bid/22470 | http://milw0rm.com



INPUT |                            1
          http://www.milw0rm.com/exploits/3287 | http://www.securityfocus.com/bid/22469 | http://milw0rm.com




                                       (1) inject HTTP headers into url parameter and
INPUT |                              2 (2) pagename parameter begins with "FILE:"
          http://marc.theaimsgroup.com/?l=full-disclosure&m=117121596803908&w=2 | http://www.securityfoc




INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/466906/100/0/threaded | http://www.wisec.it/vulns.




INPUT |   http://www.securityfocus.com/archive/1/archive/1/463596/100/0/threaded | http://us2.php.net/release




INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/468644/100/0/threaded | http://www.netvigilance.co


INPUT |                                 1 URL length > N
          http://projects.info-pull.com/moab/MOAB-01-01-2007.html | http://www.milw0rm.com/exploits/3064 |




INPUT |                              1 filename length > N
          http://www.securityfocus.com/bid/21840 | http://secunia.com/advisories/22959 |
INPUT |                                 1 Invalid URI in M3U file
          http://projects.info-pull.com/moab/MOAB-02-01-2007.html | http://secunia.com/advisories/23592 | ht




INPUT |                              1 Stack buffer overflow
          http://secunia.com/secunia_research/2007-2/advisory/ | http://secunia.com/secunia_research/2007-3




INPUT |                                 1 heap based buffer overflow
          http://projects.info-pull.com/moab/MOAB-18-01-2007.html | http://secunia.com/advisories/23842 | ht
INPUT |                                          1 URL length > N
                   http://projects.info-pull.com/moab/MOAB-19-01-2007.html | http://www.milw0rm.com/exploits/3160 |




EXCEP |                                       1
                   http://www.microsoft.com/technet/security/Bulletin/MS07-012.mspx | http://www.kb.cert.org/vuls/id/93




EXCEP |                                       1
                   http://www.microsoft.com/technet/security/Bulletin/MS07-011.mspx | http://www.kb.cert.org/vuls/id/49




DESIGN |                                      1
                   http://www.securityfocus.com/archive/1/archive/1/455801/100/0/threaded | http://events.ccc.de/cong




                                                (1) Arbitrary code executed in language
                                                parameter and (2) Variable must not have been
INPUT | DESIGN |                              2 set since installation
                   http://www.securityfocus.com/archive/1/archive/1/455795/100/0/threaded | http://www.securityfocus.




                                                   crafted format string specifiers in RSS iPhoto
INPUT |                                          1 feed title
                   http://projects.info-pull.com/moab/MOAB-04-01-2007.html | http://www.securityfocus.com/archive/1/a
INPUT |                                  1 HREFTrack contains automatic action tag
           http://projects.info-pull.com/moab/MOAB-03-01-2007.html | http://www.gnucitizen.org/blog/backdoor




EXCEP |                             1
           http://www.milw0rm.com/exploits/3049 | http://www.securityfocus.com/bid/21827 | http://www.frsirt.co




INPUT |                               1 Stack-based buffer overflow
           http://marc.theaimsgroup.com/?l=full-disclosure&m=116791509125050&w=2 | http://vuln.sg/powarc9




CONFIG |                            1
           http://www.milw0rm.com/exploits/3075 | http://www.frsirt.com/english/advisories/2007/0035 | http://xf




INPUT |                              1 Code executed by craffted GET request
           http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml | http://www.securityfocus.com




INPUT |                                1 crafted image file
           http://blog.trendmicro.com/flaw-in-3rd-party-app-weakens-windows-mobile/ | http://www.trendmicro.c




INPUT |                               1 .phtml extension used to disguise .php files
           http://www.securityfocus.com/archive/1/archive/1/456045/100/0/threaded | http://xforce.iss.net/xforce
INPUT |                                        1 crafted JPG files allow arbitrary code to run
                   http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=457 | http://www.opera.com/suppo




                                                   Unvalidated obeject created which can execute
INPUT | DESIGN |                               1 arbitrary JavaScript
                   http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458 | http://www.opera.com/suppo




                                                  register_globals = true, current_path =
INPUT |                                         2 malicious URL
                   http://www.attrition.org/pipermail/vim/2007-January/001219.html | http://securityreason.com/exploital




INPUT |                                       1
                   http://milw0rm.com/exploits/3090 | http://www.frsirt.com/english/advisories/2007/0078 | http://secunia




INPUT |                                         1
                   http://securitytracker.com/id?1017477 | http://xforce.iss.net/xforce/xfdb/31328 |




INPUT |                                       1
                   http://www.securityfocus.com/archive/1/archive/1/456212/100/0/threaded | http://www.frsirt.com/engl




DESIGN |                                      1
                   http://www.securityfocus.com/archive/1/archive/1/456259/100/0/threaded | http://secway.org/advisor
INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/456386/100/0/threaded | http://www.attrition.org/pip




INPUT |                                1
          http://www.zerodayinitiative.com/advisories/ZDI-07-002.html | http://supportconnectw.ca.com/public/




INPUT |                                1
          http://www.zerodayinitiative.com/advisories/ZDI-07-003.html | http://www.zerodayinitiative.com/advis




INPUT |                            1
          http://www.milw0rm.com/exploits/3097 | http://www.securityfocus.com/bid/21917 | http://xforce.iss.ne




INPUT |                            1
          http://www.milw0rm.com/exploits/3096 | http://www.securityfocus.com/bid/21916 | http://xforce.iss.ne




INPUT |                            1
          http://www.milw0rm.com/exploits/3093 | http://www.securityfocus.com/bid/21918 | http://xforce.iss.ne
                                     register_globals = true, magic_quotes = false,
INPUT |                            3 page parameter contains ..'s
          http://www.milw0rm.com/exploits/3091 | http://www.securityfocus.com/bid/21914 | http://xforce.iss.ne




INPUT |                              1
          http://marc.theaimsgroup.com/?l=full-disclosure&m=116832852700467&w=2 | http://secway.org/adv



INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/456404/100/0/threaded | http://www.securityfocus.




INPUT |                             1
          http://vuln.sg/efcommander575-en.html | http://secunia.com/advisories/23659 | http://www.securityfo




INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/456264/100/0/threaded | http://milw0rm.com/explo
INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/456389/100/0/threaded | http://www.securityfocus.




INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/456251/100/0/threaded | http://www.attrition.org/pip




INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/456439/100/0/threaded | http://www.securityfocus.




EXCEP |                                 1
          http://projects.info-pull.com/moab/MOAB-09-01-2007.html | http://www.securityfocus.com/archive/1/a
INPUT |                                     1
                   http://www.milw0rm.com/exploits/3108 | http://www.attrition.org/pipermail/vim/2007-January/001233.



INPUT |                                     1
                   http://www.ranum.com/security/computer_security/editorials/codetools/ | http://www.securityfocus.co




INPUT |                                       1
                   http://www.securityfocus.com/archive/1/archive/1/456527/100/0/threaded | http://www.attrition.org/pip




INPUT |                                     1
                   http://www.milw0rm.com/exploits/3113 | http://www.securityfocus.com/bid/21995 | http://www.securit




                                              numeric parameter_1 = hash(alphanumeric
INPUT | DESIGN |                            1 parm_2)
                   http://www.milw0rm.com/exploits/3109 | http://www.securityfocus.com/bid/21983 | http://xforce.iss.ne



INPUT |            http://www.securityfocus.com/archive/1/archive/1/456590/100/0/threaded | http://www.securityfocus.




INPUT |                                       1
                   http://www.securityfocus.com/archive/1/archive/1/456744/100/0/threaded | http://www.attrition.org/pip




INPUT |                                       2 register_globals = true, PollDir = malicious | http://attrition.org/piperma
                   http://www.securityfocus.com/archive/1/archive/1/456697/100/0/threadedURL
INPUT |                              1
          http://milw0rm.com/exploits/3118 | http://www.securityfocus.com/bid/22021 | http://www.frsirt.com/en




INPUT |                              1
          http://milw0rm.com/exploits/3123 | http://www.securityfocus.com/bid/22040 | http://www.frsirt.com/en




INPUT |                              1
          http://milw0rm.com/exploits/3121 | http://www.securityfocus.com/bid/22038 | http://www.frsirt.com/en




INPUT |                            1
          http://www.milw0rm.com/exploits/3114 | http://www.securityfocus.com/bid/22017 | http://xforce.iss.ne



INPUT |   http://www.securityfocus.com/archive/1/archive/1/460197/100/0/threaded | http://www.lizardtech.com




                                       a ".." in the language pack parameter in (1)
INPUT |                              1 jax_petitionbook.php or (2) smileys.php.
          http://www.securityfocus.com/archive/1/archive/1/456981/100/0/threaded | http://www.securityfocus.




INPUT |                            1 ".." in the http://www.securityfocus.com/bid/22065 | http://milw0rm.com
          http://www.milw0rm.com/exploits/3134 |skinnn parameter




INPUT |                              1 USER command with format specifiers > |
          http://milw0rm.com/exploits/3128 | http://secunia.com/advisories/23731 N
                                       Crafted .cnt file that in which lines begin with an
INPUT |                              1 integer followed by a space and a long string.
          http://www.securityfocus.com/archive/1/archive/1/457210/100/0/threaded | http://www.anspi.pl/~pork




INPUT |                                 1 registration request with invalid attr-list field.
          http://projects.info-pull.com/moab/MOAB-17-01-2007.html | http://www.milw0rm.com/exploits/3151 |




INPUT |                            1 URL of code in setup_folder parameter
          http://www.milw0rm.com/exploits/3147 | http://www.attrition.org/pipermail/vim/2007-January/001247.




INPUT |                            1 URL of code in file parameter
          http://www.milw0rm.com/exploits/3150 | http://www.frsirt.com/english/advisories/2007/0229 | http://w



INPUT |                            1 URL of code in chem parameter
          http://www.milw0rm.com/exploits/3145 | http://www.frsirt.com/english/advisories/2007/0231 | http://m



INPUT |                           1 MBSE_ROOT length > N
          http://www.mbse.eu/mbse/mbsebbs/index.html | http://www.milw0rm.com/exploits/3154 | http://www.




EXCEP |                                 1
          http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051883.html | http://www.bitdefender.co




INPUT |                            1 URL of code in inc_dir parameter
          http://www.milw0rm.com/exploits/3152 | http://www.securityfocus.com/bid/22108 | http://milw0rm.com




INPUT |                               1 Argument strings http://secunia.com/advisories/23826 | http://www.se
          http://code.djangoproject.com/changeset/3592 |not qouted
INPUT |                                             1 HLP field in OPTION sections > N
                         http://www.securityfocus.com/archive/1/archive/1/457436/100/0/threaded | http://www.anspi.pl/~pork




                                         ?
http://www.securityfocus.com/archive/1/archive/1/456623/100/100/threaded | http://securitytracker.com/id?1017504 | http://www




                                                        (1) EnumPrinters argument lengths > N and (2)
INPUT |                                               2 OpenPrinter arugment lengths > M
                         http://www.zerodayinitiative.com/advisories/ZDI-07-006.html | http://support.citrix.com/article/CTX11




INPUT |                                               1 server_ip_name length > N
                         http://www.zerodayinitiative.com/advisories/ZDI-07-007.html | http://h20000.www2.hp.com/bizsuppor




                                                      Crafted packeds to TCP port (1) 1900 or (2)
INPUT |                                             1 2200
                         http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp | http://www.s




INPUT | ENV |                                       1 Buffer overflow in nss_windbind.so
                         http://www.securityfocus.com/archive/1/archive/1/459168/100/0/threaded | http://www.securityfocus.



                                                         Code injected in format string specifiers via(1)
                                                         PKG, (2) DISTZ, or (3) MPKG package
INPUT |                                                1 filename.
                         http://projects.info-pull.com/moab/MOAB-26-01-2007.html | http://www.securityfocus.com/bid/22272
DESIGN |                                 1
           http://projects.info-pull.com/moab/MOAB-27-01-2007.html | http://www.securityfocus.com/bid/22286




INPUT |                               1 1 TYPELIB MOVEABLE PURE length > N
           http://www.securityfocus.com/archive/1/archive/1/457646/100/0/threaded | http://www.anspi.pl/~pork




DESIGN |                                1
           http://rubyforge.org/frs/shownotes.php?release_id=9074 | http://www.frsirt.com/english/advisories/20


                                      PHP injected via URL in WEBCHATPATH
INPUT |                             1 parameter
           http://www.milw0rm.com/exploits/3169 | http://xforce.iss.net/xforce/xfdb/31624 | http://milw0rm.com/e




                                        PHP injected via URL in (1)phpAds_geoPlugi
                                        parameter or (2) filename parameter or (3)
INPUT |                               1 phpAds_config[my_footer] parameter
           http://www.securityfocus.com/archive/1/archive/1/457670/100/0/threaded | http://www.securityfocus.




INPUT |                               1 PHP injected via URL in fpath variable
           http://www.securityfocus.com/archive/1/archive/1/457643/100/0/threaded | http://www.securityfocus.




                                        PHP injected via URL in
INPUT |                               1 mosConfig_absolute_path parameter
           http://milw0rm.com/exploits/3175 | http://www.frsirt.com/english/advisories/2007/0285 | http://secunia
                                                        PHP injected via URL in my_ms[root]
INPUT |                                              1 parameter
                         http://www.frsirt.com/english/advisories/2007/0269 | http://secunia.com/advisories/23850 |



INPUT |                                             1 PHP injected via URL in racine parameter
                         http://milw0rm.com/exploits/3161 | http://www.frsirt.com/english/advisories/2007/0263 | http://secunia



                                                    PHP injected via URL in g_strRootDir
INPUT |                                           1 parameter
                         http://www.milw0rm.com/exploits/3163 | http://www.frsirt.com/english/advisories/2007/0268 | http://m




INPUT |                                              1 PHP injected via URL in maindir parameter
                         http://echo.or.id/adv/adv62-y3dips-2007.txt | http://www.frsirt.com/english/advisories/2007/0265 | http




INPUT |                                           1 PHP injected via URL in my[root] parameter
                         http://www.milw0rm.com/exploits/3165 | http://milw0rm.com/exploits/3165 |



                                                    PHP injected via URL in env[inc_path]
INPUT |                                           1 parameter
                         http://www.milw0rm.com/exploits/3164 | http://www.frsirt.com/english/advisories/2007/0267 | http://m



                                                      PHP injected via URL in include_path
INPUT |                                             1 parameter
                         http://milw0rm.com/exploits/3162 | http://www.frsirt.com/english/advisories/2007/0264 | http://secunia




INPUT |                                           1 PHP injected via URL in gen parameter
                         http://www.milw0rm.com/exploits/3171 | http://www.frsirt.com/english/advisories/2007/0271 | http://m



                                                  1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102728-1 | http://www.frsirt.com/english/advisories/2007/0287 | h
ACCESS |                                      1
                   http://drupal.org/node/112146 | http://www.frsirt.com/english/advisories/2007/0312 | http://www.secur



                                              PHP injected via URL in
INPUT |                                     1 BBC_LANGUAGE_PATH parameter
                   http://www.milw0rm.com/exploits/3183 | http://www.frsirt.com/english/advisories/2007/0318 | http://se



                                              URL set in path parameter to (1) (1) dom.php,
                                              (2) dtd.php, or (3) parser.php in include/ allows
INPUT | CONFIG |                            1 for arbitrarty execution of PHP code
                   http://www.milw0rm.com/exploits/3184 | http://secunia.com/advisories/23875 | http://milw0rm.com/ex




                                                PHP injected via URL in include_path
INPUT |                                       1 parameter
                   http://www.securityfocus.com/archive/1/archive/1/457870/100/0/threaded | http://www.securityfocus.




INPUT |                                       1 PHP injected via URL in lang_file parameter
                   http://14house.blogspot.com/2007/01/freewebshoporg-remote-file-inclusion.html | http://www.freewe




INPUT |                                       2
                   http://www.securityfocus.com/archive/1/archive/1/457668/100/0/threaded | http://xforce.iss.net/xforce




INPUT |                                     1
                   http://www.milw0rm.com/exploits/3191 | http://www.frsirt.com/english/advisories/2007/0339 | http://m



INPUT |                                     1
                   http://www.milw0rm.com/exploits/3185 | http://www.frsirt.com/english/advisories/2007/0342 | http://m
INPUT |                                     1
                   http://www.milw0rm.com/exploits/3192 | http://www.securityfocus.com/archive/1/archive/1/458059/10




INPUT |                                     1
                   http://www.milw0rm.com/exploits/3201 | http://www.securityfocus.com/bid/22257 | http://www.frsirt.co




INPUT |                                     1
                   http://www.milw0rm.com/exploits/3202 | http://www.securityfocus.com/bid/22259 | http://www.frsirt.co




INPUT |                                     1
                   http://www.milw0rm.com/exploits/3212 | http://www.frsirt.com/english/advisories/2007/0386 | http://m




INPUT | DESIGN |                            1 Arbitrary | http://www.frsirt.com/english/advisories/2007/0390 | http://m
                   http://www.milw0rm.com/exploits/3207 PHP code can be exectuted




INPUT |                                       1
                   http://milw0rm.com/exploits/3205 | http://www.attrition.org/pipermail/vim/2007-January/001257.html |




INPUT | DESIGN |                                1 Arbitrary PHP code can be exectuted
                   http://seclists.org/bugtraq/2007/Jan/0643.html | http://milw0rm.com/exploits/3209 | http://www.xt-scri




INPUT |                                       1
                   http://milw0rm.com/exploits/3206 | http://www.securityfocus.com/bid/22278 | http://www.frsirt.com/en



INPUT |                                       1
                   http://milw0rm.com/exploits/3215 | http://www.securityfocus.com/bid/22285 | http://secunia.com/advi
INPUT |                             1
           http://www.milw0rm.com/exploits/3214 | http://www.securityfocus.com/bid/22283 | http://milw0rm.com




INPUT |                             1
           http://www.milw0rm.com/exploits/3217 | http://www.securityfocus.com/bid/22287 | http://www.frsirt.co




INPUT |                             1
           http://www.milw0rm.com/exploits/3198 | http://milw0rm.com/exploits/3198 | http://www.securityfocus.




INPUT |                               1
           http://www.securityfocus.com/archive/1/archive/1/458076/100/0/threaded | http://www.securityfocus.



INPUT |                                1
           http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=468 | http://morte.jedrea.com/~jed




ACCESS |                              1
           http://drupal.org/node/113935 | http://www.frsirt.com/english/advisories/2007/0406 | http://secunia.co




INPUT |                             1
           http://www.milw0rm.com/exploits/3228 | http://www.securityfocus.com/bid/22313 | http://milw0rm.com




INPUT |                               1
           http://www.securityfocus.com/archive/1/archive/1/458582/100/0/threaded | http://www.securityfocus.
INPUT |                                           1
                         http://www.milw0rm.com/exploits/3225 | http://www.securityfocus.com/bid/22324 | http://xforce.iss.ne




INPUT |                                             1
                         http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c | http://www.securityfocus.com/bid




INPUT |                                              1
                         https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=225491 | http://www.securityfocus.com/bid/238




INPUT |                                           1
                         http://www.milw0rm.com/exploits/3231 | http://www.securityfocus.com/bid/22320 | http://www.frsirt.co




INPUT |                                           1
                         http://www.milw0rm.com/exploits/3236 | http://www.securityfocus.com/bid/22333 | http://milw0rm.com




                                                      Arbitrary commands my be executed via format
INPUT | DESIGN |                                    1 string specifiers
                         http://www.securityfocus.com/archive/1/archive/1/458293/100/0/threaded | http://www.securityfocus.




EXCEP |                                             1
                         http://www.securityfocus.com/archive/1/archive/1/458774/100/0/threaded | http://www.securityfocus.




                                                    1
http://www.securityfocus.com/archive/1/archive/1/458464/100/0/threaded | http://www.frsirt.com/english/advisories/2007/0407 |
                                            ?
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2007-0669 | http://www.kb.cert.org/vuls/id/584436 | http://www.openpkg.c




INPUT |                                            1
                          http://www-1.ibm.com/support/docview.wss?uid=isg1IY94301 | http://secunia.com/advisories/23995




INPUT |                                              1
                          http://www.securityfocus.com/archive/1/archive/1/458681/100/0/threaded | http://echo.or.id/adv/adv6




INPUT |                                            1
                          http://www.milw0rm.com/exploits/3238 | http://www.securityfocus.com/bid/22345 | http://milw0rm.com




INPUT |                                            1
                          http://www.milw0rm.com/exploits/3235 | http://www.xoron.info/bugs/phpbbtweaked.txt | http://www.se




INPUT |                                            1
                          http://www.milw0rm.com/exploits/3240 | http://secunia.com/advisories/24012 | http://milw0rm.com/ex




INPUT |                                            1
                          http://www.milw0rm.com/exploits/3242 | http://www.xoron.info/bugs/omegaboard-html.txt | http://www




INPUT |                                            1
                          http://www.milw0rm.com/exploits/3243 | http://www.xoron.info/bugs/ceruleanportalsystem-html.txt | h




INPUT |                                              1
                          http://www.securityfocus.com/archive/1/archive/1/458805/100/0/threaded | http://www.attrition.org/pip



INPUT |                                            1
                          http://www.milw0rm.com/exploits/3247 | http://www.attrition.org/pipermail/vim/2007-February/001266
INPUT |                                1
          http://www.attrition.org/exploits/3246 | http://www.attrition.org/pipermail/vim/2007-February/001264.h




INPUT |                            1
          http://www.milw0rm.com/exploits/3249 | http://www.attrition.org/pipermail/vim/2007-February/001267




INPUT |                            1
          http://www.milw0rm.com/exploits/2329 | http://www.attrition.org/pipermail/vim/2007-February/001265




INPUT |                            1
          http://www.gomplayer.com/forum/viewtopic.html?t=221 | http://secunia.com/advisories/23994 | http:/




INPUT |                            1
          http://www.milw0rm.com/exploits/3251 | http://www.attrition.org/pipermail/vim/2007-February/001272




INPUT |                              1
          http://www.securityfocus.com/bid/22374 | http://xforce.iss.net/xforce/xfdb/32273 |




INPUT |                            1
          http://www.milw0rm.com/exploits/3258 | http://www.xoron.info/bugs/ezconvert.txt | http://www.attrition




INPUT |                            1
          http://www.milw0rm.com/exploits/3259 | http://www.attrition.org/pipermail/vim/2007-February/001279
INPUT |                            1
          http://www.milw0rm.com/exploits/3255 | http://milw0rm.com/exploits/3255 | http://xforce.iss.net/xforc




INPUT |   http://www.securityfocus.com/archive/1/archive/1/459507/100/0/threaded | https://issues.rpath.com/b




INPUT |                            1
          http://www.milw0rm.com/exploits/3266 | http://www.securityfocus.com/bid/22385 | http://www.frsirt.co




INPUT |                              1
          http://www.simpleinvoices.org/index.php?news=25 | http://secunia.com/advisories/24040 | http://www




INPUT |                               1
          http://secunia.com/advisories/24051 | http://www.securityfocus.com/bid/22390 | http://xforce.iss.net/x




INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/459149/100/0/threaded |




INPUT |                              2
          http://www.securityfocus.com/archive/1/archive/1/459147/100/0/threaded | http://xforce.iss.net/xforce




INPUT |                            1
          http://www.milw0rm.com/exploits/3268 | http://www.securityfocus.com/bid/22391 | http://milw0rm.com
INPUT |   http://sourceforge.net/project/shownotes.php?release_id=483468 | http://www.securityfocus.com/bid



INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/459191/100/0/threaded | http://xforce.iss.net/xforce




INPUT |                            1
          http://www.milw0rm.com/exploits/3270 | http://milw0rm.com/exploits/3270 | http://www.securityfocus.




INPUT |                            1
          http://www.milw0rm.com/exploits/3267 | http://milw0rm.com/exploits/3267 | http://www.securityfocus.




INPUT |                              1
          http://www.securityfocus.com/bid/22381 |



INPUT |                            1
          http://www.milw0rm.com/exploits/3275 | http://www.securityfocus.com/bid/22430 | http://milw0rm.com




INPUT |                            1
          http://www.milw0rm.com/exploits/3279 | http://lists.grok.org.uk/pipermail/full-disclosure/2007-Februa




INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/459290/100/0/threaded | http://www.securityfocus.
DESIGN |                              1
           http://www.securityfocus.com/archive/1/archive/1/458581/100/100/threaded | http://www.securityfocu




INPUT |                               1
           http://www.securityfocus.com/bid/22406 | http://secunia.com/advisories/24019 | http://xforce.iss.net/x




INPUT |                             1
           http://www.milw0rm.com/exploits/3280 | http://www.attrition.org/pipermail/vim/2007-February/001297




INPUT |                             2
           http://www.milw0rm.com/exploits/3281 | http://www.attrition.org/pipermail/vim/2007-February/001292




INPUT |                             1
           http://www.milw0rm.com/exploits/3284 | http://www.attrition.org/pipermail/vim/2007-February/001299




INPUT |    http://www.securityfocus.com/archive/1/archive/1/459397/100/0/threaded | http://www.securityfocus.
INPUT |                               1
           http://www.securityfocus.com/archive/1/archive/1/459409/100/0/threaded | http://www.securityfocus.




INPUT |    http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=472 | http://www.securityfocus.com




ACCESS |                    ?
           http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=469 | http://esupport.trendmicro.c




INPUT |                               1
           http://www.securityfocus.com/archive/1/archive/1/458312/100/100/threaded | http://www.securityfocu
INPUT |                                             1
                         http://www.securityfocus.com/archive/1/archive/1/458064/100/200/threaded | http://www.securityfocu




INPUT |                                             1
                         http://www.securityfocus.com/archive/1/archive/1/458559/100/100/threaded | http://www.securityfocu




INPUT |                                               1
                         http://www.attrition.org/pipermail/vim/2007-January/001241.html | http://securitytracker.com/id?1017



                                         ?
http://www.securityfocus.com/archive/1/archive/1/459497/100/0/threaded | http://securitytracker.com/id?1017614 | http://www.s




INPUT |                                           1
                         http://www.milw0rm.com/exploits/3285 | http://www.securityfocus.com/bid/22467 | http://milw0rm.com




INPUT |                                             1
                         http://www.securityfocus.com/bid/22501 | http://www.frsirt.com/english/advisories/2007/0665 | http://x




INPUT |                                              1
                         http://echo.or.id/adv/adv64-y3dips-2007.txt | http://www.milw0rm.com/exploits/3292 | http://secunia.c
INPUT |                                              1
                        http://advisories.echo.or.id/adv/adv65-K-159-2007.txt | http://www.frsirt.com/english/advisories/2007/




http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2007-021312-5133-99&tabid=2 |



INPUT |                                          1
                        http://www.milw0rm.com/exploits/3296 | http://www.securityfocus.com/bid/22530 | http://www.securit




INPUT |                                            1
                        http://www.securityfocus.com/bid/22553 | http://secunia.com/advisories/23999 | http://xforce.iss.net/x



INPUT |                                          1
                        http://www.milw0rm.com/exploits/3307 | http://www.securityfocus.com/bid/22558 | http://xforce.iss.ne




EXCEP |                                          1
                        http://www.milw0rm.com/exploits/3297 | http://xforce.iss.net/xforce/xfdb/32453 | http://milw0rm.com/e
INPUT |                                    2
                  http://www.milw0rm.com/exploits/3314 | http://cazalet.org/category/zebrafeeds | http://cazalet.org/zeb




INPUT |                                      1
                  http://milw0rm.com/exploits/3328 | http://www.securityfocus.com/bid/22605 | http://www.frsirt.com/en




INPUT |                                        1
                  http://security-protocols.com/sp-x39-advisory.php | http://www.securityfocus.com/bid/22630 | http://d




INPUT |                                    1
                  http://www.milw0rm.com/exploits/3373 | http://www.securityfocus.com/bid/22713 | http://www.frsirt.co




INPUT |                                       1
                  http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=502 | http://lists.freedesktop.org/a




INPUT | EXCEP |                              1 Illegal characters in session identifier
                  http://www.php-security.org/MOPB/MOPB-23-2007.html | http://www.frsirt.com/english/advisories/20




INPUT |                                    1
                  http://www.milw0rm.com/exploits/3576 | http://www.securityfocus.com/archive/1/archive/1/463843/10
INPUT |                               ?
                    http://vil.nai.com/vil/content/v_141860.htm | http://www.avertlabs.com/research/blog/?p=230 | http://w




                                                 search string = single character, replace string
INPUT |                                        2 = very long
                    http://www.php-security.org/MOPB/MOPB-39-2007.html | http://www.php.net/releases/5_2_1.php | h




INPUT |                                        1
                    http://www.php-security.org/MOPB/MOPB-41-2007.html | http://www.sqlite.org/cvstrac/rlog?f=sqlite/s




INPUT |                                        1
                    http://www.php-security.org/MOPB/MOPB-43-2007.html | http://www.securityfocus.com/bid/23236 |




DESIGN | ACCESS |                              1
                    http://www.securityfocus.com/archive/1/archive/1/466223/100/0/threaded | http://www.zerodayinitiativ
INPUT |   http://www.securityfocus.com/archive/1/archive/1/467041/100/0/threaded | http://www.vsecurity.com




INPUT |                            1
          http://www.milw0rm.com/exploits/3747 | http://www.securityfocus.com/bid/23505 | http://www.frsirt.co




INPUT |   http://www.securityfocus.com/archive/1/archive/1/466222/100/0/threaded | http://www.zerodayinitiativ




INPUT |   http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=506 | http://www.enterasys.com/p




INPUT |   http://lists.apple.com/archives/security-announce/2007/May/msg00004.html |




INPUT |   http://lists.apple.com/archives/security-announce/2007/May/msg00004.html |




INPUT |   http://www.hitachi-support.com/security_e/vuls_e/HS07-009_e/index-e.html | http://www.securityfocu




INPUT |                              2 register_globals = true, wpPATH contains ..
          http://www.securityfocus.com/archive/1/archive/1/467362/100/0/threaded | http://www.milw0rm.com/
INPUT | EXCEP |                              1 GLOBALS parameter contains ".."
                  http://www.securityfocus.com/archive/1/archive/1/466564/100/100/threaded | http://www.attrition.org/




INPUT |                                    1
                  http://www.milw0rm.com/exploits/3864 | http://www.frsirt.com/english/advisories/2007/1679 | http://xf




EXCEP |                                     1
                  http://www.opendap.org/security.html | http://www.kb.cert.org/vuls/id/659148 | http://www.securityfoc




INPUT |                                      1
                  http://milw0rm.com/exploits/3934 | http://secunia.com/advisories/25282 | http://xforce.iss.net/xforce/x




INPUT |                                          1
                  http://seclists.org/fulldisclosure/2007/May/0378.html | http://archives.neohapsis.com/archives/fulldisc



INPUT |                                      1 arbitrary commands executed via id parameter
                  http://milw0rm.com/exploits/3061 | http://www.securityfocus.com/bid/21836 | http://www.frsirt.com/en


                                               arbitrary commands executed via iPro
INPUT |                                      1 parameter
                  http://milw0rm.com/exploits/3062 | http://www.securityfocus.com/bid/21833 | http://www.frsirt.com/en
                                      Commands can be executed via product_id
INPUT |                             1 parameter
           http://www.milw0rm.com/exploits/3074 | http://secunia.com/advisories/23610 | http://www.frsirt.com/e



INPUT |                               1 Commands can be executed via id parameter
           http://www.securityfocus.com/archive/1/archive/1/455814/100/0/threaded | http://acid-root.new.fr/poc




INPUT |                               1 mbstring is enabled1
           http://www.securityfocus.com/archive/1/archive/1/456049/100/0/threaded | http://www.hardened-php



INPUT |                               1 parameter to catid
           http://www.securityfocus.com/archive/1/archive/1/456272/100/0/threaded | http://www.securityfocus.




ACCESS |                              1
           http://www.securityfocus.com/archive/1/archive/1/456051/100/0/threaded | http://www.attrition.org/pip




                                        execution of arbitrary commands in several php
INPUT |                               1 files
           http://www.securityfocus.com/archive/1/archive/1/456051/100/0/threaded | http://acid-root.new.fr/poc



INPUT |                               1 book_id parameter to info_book.asp invalid
           http://milw0rm.com/exploits/3081 | http://www.frsirt.com/english/advisories/2007/0053 | http://secunia



INPUT |                             1
           http://www.milw0rm.com/exploits/3073 | http://xforce.iss.net/xforce/xfdb/31242 | http://www.frsirt.com



INPUT |                             1
           http://www.milw0rm.com/exploits/3082 | http://www.securityfocus.com/bid/21873 | http://www.frsirt.co
INPUT |                            1
          http://www.milw0rm.com/exploits/3083 | http://packetstormsecurity.nl/0701-exploits/igshop10-multipl




INPUT |                               1
          http://www.frsirt.com/english/advisories/2007/0056 |




INPUT |                               2
          http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt | http://www.milw0rm.com/exploits/3



INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/456068/100/0/threaded | http://www.securityfocus.



INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/456127/100/0/threaded | http://www.securityfocus.



INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/456384/100/0/threaded | http://www.securityfocus.




INPUT |                            1
          http://www.milw0rm.com/exploits/3105 | http://www.securityfocus.com/bid/21963 | http://xforce.iss.ne




INPUT |                               1
          http://sourceforge.net/project/shownotes.php?release_id=477845 | http://secunia.com/advisories/237




INPUT |                            1
          http://www.milw0rm.com/exploits/3115 | http://secunia.com/advisories/23699 | http://xforce.iss.net/xf




INPUT |                            1
          http://www.milw0rm.com/exploits/3106 | http://www.securityfocus.com/bid/21966 | http://xforce.iss.ne
INPUT |                            1
          http://www.milw0rm.com/exploits/3120 | http://www.frsirt.com/english/advisories/2007/0175 | http://se



INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/456894/100/0/threaded | http://www.milw0rm.com/



INPUT |                              1
          http://milw0rm.com/exploits/3122 | http://www.securityfocus.com/bid/22039 | http://www.frsirt.com/en




                                       register_globals = true, magic_quotes_gpc =
                                       false, cat parameter = arbitrary malicious
INPUT |                              3 command
          http://www.securityfocus.com/archive/1/archive/1/456787/100/0/threaded | http://www.neosecuritytea




                                       magic_quotes = false, xuser_name or did
INPUT |                              2 parameters = arbitrary SQL command
          http://www.securityfocus.com/archive/1/456742 | http://www.securityfocus.com/archive/1/456741 | ht




INPUT |                              1 ps parameter contains SQL commands
          http://www.securityfocus.com/archive/1/archive/1/457071/100/0/threaded | http://www.attrition.org/pip




INPUT |                            1 Commands executed via board parameter
          http://www.milw0rm.com/exploits/3124 | http://secunia.com/advisories/23735 | http://milw0rm.com/ex



INPUT |                                1 Commands executed via us parameter
          http://www.attrition.org/pipermail/vim/2007-January/001244.html | http://www.frsirt.com/english/advis
                                         Commands executable via (1) ps, (2) us, (3) f,
INPUT |                               1 or (4) code parameter.
          http://www.frsirt.com/english/advisories/2007/0221 | http://xforce.iss.net/xforce/xfdb/31533 |




INPUT |                            1 Exectute | http://www.tv-kritik.net/mgb/index.php
          http://www.milw0rm.com/exploits/3141 arbitrary commands via id parameter | http://www.attrition.o



INPUT |                            1 SQL commands executed via comment forum
          http://www.milw0rm.com/exploits/3153 | http://milw0rm.com/exploits/3153 | http://xforce.iss.net/xforc


                                        SQL commands executed via comment forum
                                        (1) the active parameter in
                                        admin/modules/modules.php; the (2) ad_class,
                                        (3) imageurl, (4) clickurl, (5) ad_code, or (6)
                                        position parameter in
                                        modules/Advertising/admin/index.php; or
                                        unspecified vectors in the (7) advertising, (8)
INPUT |                               1 weblinks, or (9) reviews section.
          http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advi




                                        SQL commands executed via (1) the
                                        searchword parameter in certain files; the
                                        where parameter in (2)
                                        plugins/search/content.php or (3)
                                        plugins/search/weblinks.php; the text
                                        parameter in (4) plugins/search/contacts.php,
                                        (5) plugins/search/categories.php, or (6)
                                        plugins/search/sections.php; or (7) the email
INPUT |                               1 parameter in database/table/user.php,
          http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advi



                                        (1) SQL commands executed via id parameter
INPUT |                               2 and (2) content editing is being cancellled
          http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advi
                                        SQL Commands injected via (1) the id
                                        parameter in kernel/group.php in core, (2) the
                                        lid parameter in class/table_broken.php in the
                                        Weblinks module, and other unspecified
INPUT |                               1 vectors.
          http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advi



INPUT |                    ?           SQL commans injected via vectors
          http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advi




INPUT |                    ?           SQL commands executed via parameters
          http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.atutor.ca/atuto




INPUT |                               1 SQL commands executed via the id parameter
          http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advi




                                        SQL commands executed via the catid
INPUT |                               1 parameter
          http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advi




                                     SQL commands executed via the boardids[1]
INPUT |                            1 parameter
          http://www.milw0rm.com/exploits/3143 | http://www.milw0rm.com/exploits/3144 | http://xforce.iss.net




INPUT |                              1 SQL commands injected via init_row parameter
          http://www.securityfocus.com/archive/1/archive/1/457505/100/0/threaded |



                                       SQL commands injected via keyword
INPUT |                              1 parameter
          http://www.securityfocus.com/archive/1/archive/1/457506/100/0/threaded | http://xforce.iss.net/xforce
INPUT |                                1 SQL commands executable via cat parameter
           http://secunia.com/advisories/23865 | http://www.securityfocus.com/bid/22180 | http://xforce.iss.net/x




                                          SQL commands executable via (1) id or (2)
INPUT |                                1 galleryID
           http://www.frsirt.com/english/advisories/2007/0270 | http://xforce.iss.net/xforce/xfdb/31632 |



                                      SQL commands executable via picID
INPUT |                             1 parameter
           http://www.milw0rm.com/exploits/3172 | http://www.frsirt.com/english/advisories/2007/0270 | http://m




INPUT |                             1 Arbitrary | http://www.frsirt.com/english/advisories/2007/0300 | http://se
           http://www.milw0rm.com/exploits/3180 code executed via poll_id parameter




ACCESS |                              1
           http://drupal.org/node/112145 | http://www.frsirt.com/english/advisories/2007/0313 | http://secunia.co



INPUT |                               1 SQL commands executed via bid parameter
           http://www.securityfocus.com/archive/1/archive/1/457667/100/0/threaded | http://xforce.iss.net/xforce




                                        SQL commands executed via
INPUT |                               1 REMEMBER_KEY parameter
           http://www.securityfocus.com/archive/1/archive/1/457684/100/0/threaded | http://secunia.com/adviso
INPUT |                               1 PHP injected via poll_id parameter
          http://www.frsirt.com/english/advisories/2007/0300 | http://secunia.com/advisories/23834 |



INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/458061/100/0/threaded | http://milw0rm.com/explo



INPUT |                            1
          http://www.milw0rm.com/exploits/3186 | http://www.securityfocus.com/archive/1/archive/1/458058/10



INPUT |                            1
          http://www.milw0rm.com/exploits/3187 | http://www.securityfocus.com/archive/1/archive/1/458057/10



INPUT |                              1
          http://milw0rm.com/exploits/3216 | http://www.securityfocus.com/bid/22284 | http://secunia.com/advi




INPUT |                              1
          http://www.securityfocus.com/bid/22282 |




INPUT |                              2
          http://www.securityfocus.com/archive/1/archive/1/458303/100/0/threaded | http://forums.avenir-geop



INPUT |                            1
          http://www.milw0rm.com/exploits/3210 | http://www.securityfocus.com/bid/22280 | http://milw0rm.com



INPUT |                            1
          http://www.milw0rm.com/exploits/3197 | http://milw0rm.com/exploits/3197 |
INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/458076/100/0/threaded | http://www.securityfocus.




INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/458063/100/0/threaded | http://www.milw0rm.com/



INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/458438/100/0/threaded | http://www.securityfocus.




INPUT |                               1
          http://www.frsirt.com/english/advisories/2007/0395 |




INPUT |                            1
          http://www.milw0rm.com/exploits/3227 | http://www.securityfocus.com/bid/22314 | http://milw0rm.com




INPUT |                               1
          http://www.frsirt.com/english/advisories/2007/0341 |




INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/458495/100/0/threaded | http://www.securityfocus.




INPUT |                               1
          http://www.frsirt.com/english/advisories/2007/0424 |



INPUT |                            1
          http://www.milw0rm.com/exploits/3234 | http://www.securityfocus.com/bid/22338 | http://xforce.iss.ne
INPUT |                            1
          http://www.milw0rm.com/exploits/3233 | http://www.securityfocus.com/bid/22347 | http://milw0rm.com




INPUT |                            1
          http://www.milw0rm.com/exploits/3232 | http://www.securityfocus.com/bid/22335 | http://xforce.iss.ne



INPUT |                            1
          http://www.milw0rm.com/exploits/3241 | http://milw0rm.com/exploits/3241 | http://www.frsirt.com/eng




INPUT |   http://sourceforge.net/project/shownotes.php?release_id=481131&group_id=98260 | http://www.attri




INPUT |                               1
          http://www.frsirt.com/english/advisories/2007/0388 |




INPUT |                              1
          http://www.zion-security.com/text/Sql_Vulnerability_EasymoBlog%232.txt | http://www.zion-security.c



INPUT |                            1
          http://www.milw0rm.com/exploits/3256 | http://www.securityfocus.com/bid/22373 | http://xforce.iss.ne




INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/458495/100/0/threaded | http://www.securityfocus.
INPUT |                                           1
                         http://www.milw0rm.com/exploits/3261 | http://www.securityfocus.com/bid/22384 | http://www.frsirt.co




                                                1
http://mamboxchange.com/frs/shownotes.php?release_id=6232 | http://www.frsirt.com/english/advisories/2007/0480 | http://se




INPUT |                  http://www.securityfocus.com/archive/1/archive/1/459151/100/0/threaded | http://www.securityfocus.



INPUT |                  http://www.securityfocus.com/archive/1/archive/1/459027/100/0/threaded | http://www.hackerscenter




INPUT |                                           1
                         http://www.milw0rm.com/exploits/3262 | http://milw0rm.com/exploits/3262 | http://www.securityfocus.



INPUT |                                           1
                         http://www.milw0rm.com/exploits/3278 | http://milw0rm.com/exploits/3278 | http://www.securityfocus.




INPUT |                                           1
                         http://www.milw0rm.com/exploits/3283 | http://www.securityfocus.com/bid/22450 | http://milw0rm.com




INPUT |                                              1
                         http://secunia.com/advisories/23217 | http://www.securityfocus.com/bid/22460 | http://xforce.iss.net/x




ACCESS |                                ?
                         http://www.securityfocus.com/archive/1/archive/1/459649/100/0/threaded | http://forums.avenir-geop
INPUT |                            1
          http://www.milw0rm.com/exploits/3286 | http://www.frsirt.com/english/advisories/2007/0540 | http://xf




INPUT |                            1
          http://www.milw0rm.com/exploits/3295 | http://www.securityfocus.com/bid/22532 | http://xforce.iss.ne



INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/459979/100/0/threaded | http://www.securityfocus.




INPUT |                  ?
          http://www.securityfocus.com/archive/1/archive/1/460078/100/0/threaded | http://www.securityfocus.




INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/460076/100/0/threaded | http://www.securityfocus.




INPUT |                            1
          http://www.milw0rm.com/exploits/3327 | http://www.securityfocus.com/bid/22602 | http://www.frsirt.co




INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/461158/100/0/threaded | http://www.milw0rm.com/



INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/465076/100/0/threaded | http://www.securityfocus.




INPUT |                                1
          http://www.zerodayinitiative.com/advisories/ZDI-07-005.html | http://sunsolve.sun.com/search/docum
INPUT |                  http://www.ghisler.com/whatsnew.htm | http://www.securityfocus.com/bid/22033 |


INPUT |                                              1
                         http://taviso.decsystem.org/virtsec.pdf | http://www.debian.org/security/2007/dsa-1284 | http://www.s



INPUT |                                                1
                         http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00650.html | http://lists.gnu.org/archive/htm




                                                    1
http://www.red-database-security.com/advisory/oracle_discoverer_servlet.html | http://www.oracle.com/technology/deploy/secu

                                                        vger.kernel.org/msg08270.html |
                                                        http://www.securityfocus.com/bid/23447 |
                                                        http://www.redhat.com/support/errata/RHSA-
                                                        2007-0347.html |
INPUT |                                               1 http://secunia.com/advisories/25288 |
                         http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.21-rc6 | http://www.mail-archive.com/g




EXCEP |                                              1
                         http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223129 | http://www.redhat.com/support/errata/R




DESIGN |                                  ?
                         http://bugzilla.kernel.org/show_bug.cgi?id=7727 | https://bugzilla.redhat.com/bugzilla/show_bug.cgi?




INPUT |                                              1 Malformed imagefile
                         https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218932 | http://www.redhat.com/support/errata
INPUT | EXCEP |                              2 length MODPROPS_2 > length MODPROPS_1
                  http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx | http://www.securityfocus.com/bi




                                               hash character sequence > N appended to
INPUT |                                      1 PDF URL
                  http://www.securityfocus.com/archive/1/archive/1/455801/100/0/threaded | http://events.ccc.de/cong




EXCEP |                          ?
                  http://www-1.ibm.com/support/docview.wss?uid=swg21257251 | http://www.securityfocus.com/bid/24




                                               (1) Window size > N and (2) range header that
EXCEP |                                      2 specifies multiple copies of the same fragment
                  http://www.securityfocus.com/archive/1/archive/1/455833/100/0/threaded | http://www.securityfocus.




EXCEP |                                      1
                  http://www.securityfocus.com/archive/1/archive/1/455833/100/0/threaded | http://www.securityfocus.
                                        IFRAME in a web page contains many nested
                                        XML tags, document rendering interrupted by
RACE |                                2 asynchronous events such as timers
           http://www.securityfocus.com/archive/1/archive/1/455965/100/0/threaded | http://www.securityfocus.




                                           PDF file with a (1) crafted catalog dictionary or
                                           (2) a crafted Pages attribute that references an
INPUT |                                  1 invalid page tree node.
           http://projects.info-pull.com/moab/MOAB-06-01-2007.html | http://www.securityfocus.com/bid/21910




DESIGN |                              1
           http://www.securityfocus.com/bid/21910 | http://projects.info-pull.com/moab/MOAB-06-01-2007.html




                                        PDF file with a (1) crafted catalog dictionary or
                                        (2) a crafted Pages attribute that references an
INPUT |                               1 invalid page tree node.
           http://www.securityfocus.com/bid/21910 | http://projects.info-pull.com/moab/MOAB-06-01-2007.html




                                        traffic class argument length > N or POLICY
INPUT |                               1 parameter length > N
           http://www.securityfocus.com/archive/1/archive/1/456267/100/0/threaded | http://www.securityfocus.




EXCEP |                             1
           http://www.milw0rm.com/exploits/3078 | http://www.securityfocus.com/bid/21898 | http://xforce.iss.ne
INPUT |                  ?             unspecified
          http://www.securityfocus.com/archive/1/archive/1/456056/100/0/threaded | http://drupal.org/node/104




INPUT |                               1
          http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=459 | http://secunia.com/advisorie




                                        PATH_INFO starts with AbfrageForm or
                                        EingabeForm, Name = malicious requests
INPUT |                               2 contaning many instances of /../
          http://secunia.com/advisories/23539 | http://xforce.iss.net/xforce/xfdb/31216 |




INPUT |                             1
          http://mailman.webdav.org/pipermail/neon/2007-January/002362.html | http://bugs.debian.org/cgi-bin




INPUT |                              1
          http://sunsolve.sun.com/search/document.do?assetkey=1-26-102713-1 | http://www.securityfocus.co




EXCEP |                               1
          http://getahead.ltd.uk/dwr/changelog | http://www.securityfocus.com/bid/21955 | http://www.frsirt.com




INPUT |   http://www.cisco.com/warp/public/707/cisco-sa-20070110-jtapi.shtml | http://www.securityfocus.com/
INPUT |                                     1
                  http://www.cisco.com/warp/public/707/cisco-sa-20070110-dlsw.shtml | http://www.securityfocus.com




INPUT | EXCEP |                              1 IMAP command containing crafted literal
                  http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx | http://www.securityfocus.com/bi




EXCEP |                                       1
                  http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0209.html | http://www.securityfocus.c




INPUT |                                       1
                  http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.html | http://projects.info-pul




EXCEP |                                       1
                  http://sourceforge.net/project/shownotes.php?release_id=501476&group_id=44827 | http://www.deb




INPUT |                                      1
                  http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12 | http:/
EXCEP |                                              1
                          http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12 | http:/


                                                      1
http://downloads.securityfocus.com/vulnerabilities/exploits/22003.py | http://www.securityfocus.com/bid/22003 | http://xforce.iss




EXCEP |                                                 1
                          http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html | http://projects.info-pull




                                        ?
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert




DESIGN |                                                1
                          http://projects.info-pull.com/moab/MOAB-11-01-2007.html | http://secunia.com/advisories/23725 | ht




EXCEP |                                            1
                          http://www.milw0rm.com/exploits/3126 | http://www.securityfocus.com/bid/22046 | http://milw0rm.com




INPUT |                                               1
                          http://secunia.com/advisories/23742 | http://www.frsirt.com/english/advisories/2007/0171 | http://proje
EXCEP |                                                1
                          http://security-protocols.com/sp-x41-advisory.php | http://www.securityfocus.com/bid/22059 |



INPUT |                                             1 ICMP6 Echo request cause inifinite loops
                          http://www.openbsd.org/errata39.html#icmp6 | http://www.openbsd.org/errata.html#icmp6 | http://ww




EXCEP |                                            1
                          http://www.milw0rm.com/exploits/3142 | http://www.securityfocus.com/bid/22092 | http://milw0rm.com




                                           ?
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00838612 | http://secunia.com/advisories/23802 | http://www.securityfocus




DESIGN |                                           1
                          http://www.milw0rm.com/exploits/3155 | http://www.securityfocus.com/bid/22110 | http://milw0rm.com




                                      ?
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00837319 | http://www.securityfocus.com/bid/2




INPUT |                                               1 HOME length > N
                          http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=476891 | http://xinehq.de/




                                        |
http://dev2dev.bea.com/pub/advisory/204 ? http://www.frsirt.com/english/advisories/2007/0213 | http://securitytracker.com/id?10
EXCEP |                                     1
                  http://dev2dev.bea.com/pub/advisory/208 | http://www.frsirt.com/english/advisories/2007/0213 | http:




EXCEP |                                     1
                  http://dev2dev.bea.com/pub/advisory/213 | http://www.frsirt.com/english/advisories/2007/0213 | http:




INPUT |                                     1 Malformed | http://www.frsirt.com/english/advisories/2007/0213 | http:
                  http://dev2dev.bea.com/pub/advisory/215headers




INPUT |                                     1 Socket Connection manipulated
                  http://dev2dev.bea.com/pub/advisory/217 | http://www.frsirt.com/english/advisories/2007/0213 | http:




INPUT | EXCEP |                             1 Request that triggers errors
                  http://dev2dev.bea.com/pub/advisory/219 | http://www.frsirt.com/english/advisories/2007/0213 | http:




INPUT |                                      1 Crafted FTP command
                  http://www.securityfocus.com/archive/1/archive/1/457454/100/0/threaded | http://lists.grok.org.uk/pip




EXCEP |                                    1
                  http://www.milw0rm.com/exploits/3157 | http://www.securityfocus.com/bid/22133 | http://xforce.iss.ne




INPUT |                                      1 mappingCount > N
                  http://www.securityfocus.com/archive/1/archive/1/457466/100/0/threaded | http://www.frsirt.com/engl
EXCEP |                                             1
                         http://www.securityfocus.com/archive/1/archive/1/457406/100/0/threaded | http://archives.neohapsis



INPUT |                                             1 URL length > N
                         http://svn.apache.org/repos/asf/spamassassin/branches/3.1/build/announcements/3.1.8.txt | http://fe




DESIGN |                                            1
                         http://www.securityfocus.com/archive/1/archive/1/459167/100/0/threaded | http://www.securityfocus.




http://www.wireshark.org/security/wnpa-sec-2007-01.html | http://www.securityfocus.com/bid/22352 | http://www.frsirt.com/engl




http://www.wireshark.org/security/wnpa-sec-2007-01.html | http://www.securityfocus.com/bid/22352 | http://www.frsirt.com/engl




INPUT |                                             1 vectors targeted for attack
                         http://www.wireshark.org/security/wnpa-sec-2007-01.html | http://www.securityfocus.com/bid/22352




INPUT |                                              1 fragmented HTTP packets
                         http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1200 | http://www.wireshark.org/security/wnpa-s



OTHER |                                 ?
                         http://www.novell.com/linux/security/advisories/2007_01_sr.html |




DESIGN |                                               1
                         http://projects.info-pull.com/moab/MOAB-25-01-2007.html | http://www.milw0rm.com/exploits/3200 |
EXCEP |                                           1
                        http://www.cisco.com/en/US/products/products_security_advisory09186a00807cb0e4.shtml | http://w


EXCEP |                                           1
                        http://www.cisco.com/en/US/products/products_security_advisory09186a00807cb0fd.shtml | http://w




INPUT |                                               1 show arp length > N
                        http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051856.html | http://xforce.iss.net/xforc




INPUT |                                               1 Crafted DNS request
                        http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052018.html | http://marc.theaimsgroup




                                                1
http://marc.theaimsgroup.com/?l=bind-announce&m=116968519300764&w=2 | http://www.isc.org/index.pl?/sw/bind/view/?rele




EXCEP |                                             1
                        http://www.hitachi-support.com/security_e/vuls_e/HS06-021_e/01-e.html | http://www.frsirt.com/engli




OTHER |                                             1
                        http://www.hitachi-support.com/security_e/vuls_e/HS06-023_e/01-e.html | http://www.frsirt.com/engli




                                                     Files repeatedly pushed to phone over
INPUT | DESIGN |                                   1 Bluetooth
                        http://www.securityfocus.com/archive/1/archive/1/457768/100/0/threaded | http://www.securityfocus.
                                                Files repeatedly pushed to phone over
INPUT | DESIGN |                              1 Bluetooth
                   http://www.securityfocus.com/archive/1/archive/1/457768/100/0/threaded | http://www.securityfocus.




                                                Files repeatedly pushed to phone over
INPUT | DESIGN |                              1 Bluetooth
                   http://www.securityfocus.com/archive/1/archive/1/457768/100/0/threaded | http://www.securityfocus.




                                                Files repeatedly pushed to phone over
INPUT | DESIGN |                              1 Bluetooth
                   http://www.securityfocus.com/archive/1/archive/1/457768/100/0/threaded | http://www.securityfocus.




INPUT |                                       1 Crafted HTTP request
                   http://www.securityfocus.com/archive/1/archive/1/457758/100/0/threaded | http://www.securityfocus.




EXCEP |                                       1
                   http://www.securityfocus.com/archive/1/archive/1/457999/100/0/threaded | http://www.securityfocus.




DESIGN |                                      1
                   http://www.securityfocus.com/archive/1/archive/1/458003/100/0/threaded | http://www.securityfocus.




DESIGN |                                      1
                   http://www.securityfocus.com/archive/1/archive/1/458003/100/0/threaded | http://www.securityfocus.
EXCEP |                                            1
                          http://www.milw0rm.com/exploits/3182 | http://secunia.com/advisories/23901 | http://xforce.iss.net/xf




                                                       1
http://www.postgresql.org/support/security | http://www.ubuntulinux.org/support/documentation/usn/usn-417-1 | http://www.frsir




INPUT |                                              1
                          http://www.postgresql.org/support/security | http://www.ubuntulinux.org/support/documentation/usn/u




INPUT | DESIGN |                                   1 Crafted .avi file clicked on by user
                          http://www.milw0rm.com/exploits/3190 | http://milw0rm.com/exploits/3190 |




INPUT |                                              1
                          http://securityresponse.symantec.com/avcenter/security/Content/2007.01.24c.html | http://www.frsirt



EXCEP |                                               1
                          http://sourceforge.net/project/shownotes.php?group_id=135704&release_id=478747 | http://www.mp




EXCEP |                                              1
                          http://www.securityfocus.com/archive/1/archive/1/458443/100/0/threaded | http://lists.grok.org.uk/pip
DESIGN |                                               1
                         http://projects.info-pull.com/moab/MOAB-29-01-2007.html | http://www.securityfocus.com/bid/22304




                                                   1
http://projects.info-pull.com/moab/MOAB-29-01-2007.html | http://www.securityfocus.com/bid/22304 | http://docs.info.apple.com




EXCEP |                                  ?
                         http://www.hitachi-support.com/security_e/vuls_e/HS06-019_e/01-e.html | http://www.securityfocus.c




DESIGN | ACCESS |                                 1
                         http://www.nomachine.com/news_read.php?idnews=190 | http://www.nomachine.com/tr/view.php?id



                                       ?
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102697-1 | http://www.kb.cert.org/vuls/id/967236 | http://www.sec




                                                       Improperly formatted format string specifiers
                                                       that are unhandled when calling NSLog and
INPUT | EXCEP |                                      1 NSBeginAlertSheet Apple http://www.securityfocus.com/bid/22326 | h
                         http://www.digitalmunition.com/MOAB-30-01-2007.html |AppKit.




INPUT |                                              1
                         http://www.digitalmunition.com/MOAB-30-01-2007.html | http://www.securityfocus.com/bid/22326 | h




                                                       Improperly formatted format string specifiers
                                                       that are unhandled when calling NSLog and
INPUT | EXCEP |                                      1 NSBeginAlertSheet Apple http://www.securityfocus.com/bid/22326 | h
                         http://www.digitalmunition.com/MOAB-30-01-2007.html |AppKit.
INPUT |                                1
           http://www.digitalmunition.com/MOAB-30-01-2007.html | http://www.securityfocus.com/bid/22326 | h




CONFIG |                             1
           http://www.cisco.com/warp/public/707/cisco-air-20070131-sip.shtml | http://www.cisco.com/warp/pub




ACCESS |                                 1
           http://lz1.intel.com/psirt/advisory.aspx?intelid=INTEL-SA-00012&languageid=en-fr | http://www.frsirt.




DESIGN |                   ?
           http://sunsolve.sun.com/search/document.do?assetkey=1-26-102699-1 | http://www.securityfocus.co




EXCEP |                               1
           http://www.securityfocus.com/archive/1/archive/1/458653/100/0/threaded | http://supportconnectw.ca




EXCEP |                               1
           http://www.securityfocus.com/archive/1/archive/1/458650/100/0/threaded | http://supportconnectw.ca




EXCEP |                                1
           http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws/ | http://www.securityfocus.
INPUT |            http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws/ | http://www.securityfocus.




DESIGN |                                    1
                   http://www.milw0rm.com/exploits/3224 | http://milw0rm.com/exploits/3224 |




INPUT |                                       1
                   http://www.securityfocus.com/archive/1/archive/1/458773/100/0/threaded | http://www.matousec.com




INPUT |                                       1
                   http://www.securityfocus.com/archive/1/archive/1/458773/100/0/threaded | http://www.matousec.com




DESIGN | EXCEP |                                1
                   http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html | https://bugzilla.redhat.c




EXCEP |                                         1
                   http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html | http://docs.info.apple.c
DESIGN |                             ?
                   http://lists.apple.com/archives/security-announce/2007/May/msg00004.html |




INPUT |                                       1
                   http://www.securityfocus.com/archive/1/archive/1/458907/100/0/threaded | http://www.securityfocus.



DESIGN |                          ?
                   http://www.redhat.com/support/errata/RHSA-2007-0169.html | http://www.securityfocus.com/bid/237




INPUT |            http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.1 | http://www.frsirt.com/english/advisories/




                                              HTML document contains JavaScript loop with
INPUT | DESIGN |                            1 empty body
                   http://www.milw0rm.com/exploits/3272 | http://www.powerhacker.net/exploit/IE_NULL_CRASH.html




DESIGN |                                      1
                   http://milw0rm.com/exploits/3248 | http://www.securityfocus.com/bid/22365 | http://www.frsirt.com/en




INPUT |            http://www.milw0rm.com/exploits/3276 | http://www.securityfocus.com/bid/22433 | http://milw0rm.com



                                                (1) hostname in HOST: header = self AND (2)
INPUT | DESIGN |                              2 port number = [particualr port on host?]
                   http://marc.theaimsgroup.com/?l=bugtraq&m=117086856902907&w=2 | http://marc.theaimsgroup.co
DESIGN | EXCEP |                                    1
                         http://www.securityfocus.com/archive/1/archive/1/459847/100/0/threaded | http://msdn2.microsoft.co




http://www.securityfocus.com/bid/22407 |




                                                     1
http://www.avertlabs.com/research/blog/?p=199 | http://www.avertlabs.com/research/blog/?p=206 | http://www.microsoft.com/t




http://www.securityfocus.com/bid/22497 |




EXCEP |                                             1
                         http://www.securityfocus.com/archive/1/archive/1/459571/100/0/threaded | http://www.securityfocus.




EXCEP |                                             1
                         http://marc.theaimsgroup.com/?l=full-disclosure&m=117094708423302&w=2 | http://www.milw0rm.c
EXCEP |                                              1
                         http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=475 | http://www.securityfocus.com



                                                    1
http://www.php.net/ChangeLog-5.php#5.2.1 | http://www.php.net/releases/5_2_1.php | http://www.securityfocus.com/bid/22496



                                                1
http://marc.theaimsgroup.com/?l=php-dev&m=117104930526516&w=2 | http://marc.theaimsgroup.com/?l=php-dev&m=11710



RACE |                                   ?
                         http://sunsolve.sun.com/search/document.do?assetkey=1-26-102796-1 | http://www.securityfocus.co




EXCEP |                                  ?
                         http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00863839 | http://www.securityfocus.com




EXCEP |                                            1
                         http://www.cisco.com/en/US/products/products_security_advisory09186a00807e0a5b.shtml | http://w




INPUT |                                                1
                         http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052427.html | http://secunia.com/advis




DESIGN |                                           1
                         http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml | http://w
                                                    (1) Malformed SIP packets and (2) inspect sip
INPUT |                                           2 option enabled
                        http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml | http://w




                                                    (1) Inspect http enabled and (2) malformed
INPUT |                                           2 HTTP traffic
                        http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml | http://w




                                                  2 (1) In debug level and (2) crafted packets
http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml | http://www.frsirt.com/english/adv



                                                    (1) aaa authentication match or aaa
                                                    authentication include is enabled and (2)
INPUT |                                           2 malformed HTTPS request
                        http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml | http://w



                                                    (1) aaa authentication match or aaa
                                                    authentication include is enabled and (2) HTTP
INPUT |                                           2 request length > N
                        http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml | http://w



                                                    (1) HTTPS server enabled and (2) malformed
INPUT |                                           2 HTTPS traffic
                        http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml | http://w



INPUT |                                           1
                        http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml | http://w




INPUT |                                             1
                        http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228858 | http://www.php.net/releases/5_2_1.php
INPUT |                               1
          http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=484 | http://supportconnectw.ca.co




EXCEP |                              1
          http://www.securityfocus.com/archive/1/archive/1/460544/100/0/threaded | http://www.securityfocus.



EXCEP |                              1
          http://www.securityfocus.com/archive/1/archive/1/460530/100/0/threaded | http://monkey.org/~provo




INPUT |                              1
          http://www.securityfocus.com/bid/22619 | http://www.frsirt.com/english/advisories/2007/0664 | http://x




INPUT |                           1
          http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554 | http://www.securityfocus.c



INPUT |                            1
          http://www.milw0rm.com/exploits/3341 | http://www.securityfocus.com/bid/22634 |




INPUT |                            1
          http://www.milw0rm.com/exploits/3343 | http://www.securityfocus.com/bid/22637 | http://xforce.iss.ne




                                     (1)filename > N in response to LIST command
INPUT |                            2 and (2) long response to CWD command
          http://www.milw0rm.com/exploits/3341 | http://www.securityfocus.com/bid/22634 | http://xforce.iss.ne
INPUT |                                    1
                  http://www.milw0rm.com/exploits/3347 | http://www.securityfocus.com/bid/22640 | http://xforce.iss.ne




EXCEP |                                      1
                  http://securityvulns.com/Qdocument170.html | http://securityvulns.com/news/Microsoft/Windows/Exp




RACE |                                       1
                  http://www.securityfocus.com/archive/1/archive/1/461024/100/0/threaded | http://www.securityfocus.




INPUT | EXCEP |                             1 search string beginning with ".*"
                  http://www.wanfear.com/pipermail/scrymud/2007q1/001157.html | http://scrymud.net/downloads/Cha




INPUT |                                      1
                  http://www.securityfocus.com/data/vulnerabilities/exploits/22645.html | http://www.securityfocus.com




EXCEP |                                      1
                  http://www.securityfocus.com/archive/1/archive/1/460762/100/0/threaded | http://www.securityfocus.




INPUT |                          ?
                  http://www.microsoft.com/technet/security/Bulletin/ms07-017.mspx | http://xforce.iss.net/xforce/xfdb/




DESIGN |                                     1
                  http://www.securityfocus.com/archive/1/archive/1/461373/100/0/threaded | http://securityvulns.com/n
EXCEP |                               1
           http://www.securityfocus.com/archive/1/archive/1/461373/100/0/threaded | http://securityvulns.com/Q




DESIGN |                               1
           http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=485 | http://www.securityfocus.com




DESIGN |                              1
           http://www.php-security.org/MOPB/MOPB-03-2007.html | http://www.redhat.com/support/errata/RHS




EXCEP |                             1
           http://www.milw0rm.com/exploits/3392 | http://www.securityfocus.com/bid/22776 | http://xforce.iss.ne




EXCEP |                                1
           http://asterisk.org/node/48319 | http://asterisk.org/node/48320 | http://www.kb.cert.org/vuls/id/228032




EXCEP |                               1
           http://www.securityfocus.com/archive/1/archive/1/461897/100/0/threaded | http://lists.grok.org.uk/pip




EXCEP |                   ?
           http://www.cyberguard.info/snapgear/releases.html | http://www.securityfocus.com/bid/22835 | http://




INPUT |                               1
           http://www.php-security.org/MOPB/MOPB-02-2007.html | http://sourceforge.net/tracker/index.php?fu
                                               (1) request contains invalid HMAC algorithm
INPUT | EXCEP |                              2 specification AND (2) no cipher algorithm
                  http://marc.theaimsgroup.com/?l=full-disclosure&m=117320823618036&w=2 | http://www.securityfoc




INPUT |                                   1
                  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554 | http://xforce.iss.net/xforce




DESIGN |                                   1
                  http://www.milw0rm.com/exploits/3419 | http://www.kb.cert.org/vuls/id/194944 | http://www.securitytra




INPUT |                                    1
                  http://www.gossamer-threads.com/lists/modperl/modperl/92739 | http://svn.apache.org/repos/asf/per




INPUT |                                       1
                  http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.5 | https://bugzilla.redhat.com/bugzilla




INPUT | EXCEP |                              1 cookie path length > N
                  http://www.mozilla.org/security/announce/2007/mfsa2007-14.html |
EXCEP |                                      1
                  http://www.securityfocus.com/data/vulnerabilities/exploits/22856.html | http://www.securityfocus.com




                                                 option name = IPV6_RTHDR, option length = 0
EXCEP |                                        2 or option value is | http://www.kernel.org/pub/linux/kernel/v2.6/Change
                  http://bugzilla.kernel.org/show_bug.cgi?id=8155invalid




                                             configured for inline use, ip_conntrack module
                                             not loaded, UDP packets from
                                             send_morefrag_packet and
EXCEP |                                    3 send_overlap_packet
                  http://www.milw0rm.com/exploits/3434 | http://www.securityfocus.com/bid/22872 | http://www.snort.o




EXCEP |                                    1
                  http://www.milw0rm.com/exploits/3432 | http://secunia.com/advisories/24452 | http://xforce.iss.net/xf




                                               (1) information_schema table selected AND (2)
INPUT | EXCEP |                              2 ORDER BY selected
                  http://www.securityfocus.com/archive/1/archive/1/462339/100/0/threaded | http://www.sec-consult.co



EXCEP |                           ?
                  http://sourceforge.net/project/shownotes.php?group_id=85523&release_id=492572 | http://www.frsir




INPUT |                          ?
                  http://www.pennmush.org/archives/pennmush-announce/2007/000137.html | http://www.securityfocu
EXCEP |                                       1
                   http://www.securityfocus.com/archive/1/archive/1/462589/100/0/threaded | http://www.frsirt.com/engl




DESIGN |                                      1
                   http://supportconnectw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp | http://www3.c




INPUT |                                       1
                   http://www.securityfocus.com/archive/1/archive/1/462926/100/0/threaded | http://www.matousec.com




INPUT | EXCEP |                                1 cch argument value > N
                   http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0063.html | http://www.securityfocus.com




EXCEP |                                       1
                   http://www.securityfocus.com/archive/1/archive/1/462792/100/0/threaded | http://www.securityfocus.




INPUT |                                        1
                   http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.3 | http://www.securityfocus.com/bid/2




DESIGN |                                      1
                   http://www.securityfocus.com/archive/1/archive/1/462793/100/0/threaded | http://www.symantec.com




INPUT | DESIGN |                              1 gratuitous ARP packet
                   http://www.securityfocus.com/archive/1/archive/1/462793/100/0/threaded | http://www.symantec.com
ACCESS |                                     1
                  http://www.securityfocus.com/archive/1/archive/1/463208/100/0/threaded | http://www.reversemode.




INPUT |                          ?
                  http://www.securityfocus.com/bid/23047 | http://www.frsirt.com/english/advisories/2007/1023 | http://s




INPUT | EXCEP |                                  1 client ID does not exist
                  http://aluigi.altervista.org/adv/nasbugs-adv.txt | http://www.securityfocus.com/bid/23017 | http://www.




                                                   num_action value > N OR inputNum parameter
INPUT | EXCEP |                                  1 >N
                  http://aluigi.altervista.org/adv/nasbugs-adv.txt | http://www.securityfocus.com/bid/23017 | http://www.




EXCEP |                                          1
                  http://aluigi.altervista.org/adv/nasbugs-adv.txt | http://www.securityfocus.com/bid/23017 | http://www.




INPUT |                                      1
                  http://www.squid-cache.org/Advisories/SQUID-2007_1.txt | http://www.squid-cache.org/Versions/v2/2




EXCEP |                                      1
                  http://marc.theaimsgroup.com/?l=full-disclosure&m=117432783011737&w=2 | http://www.securityfoc



EXCEP |                                         1
                  http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf |
EXCEP |                             1
           http://www.milw0rm.com/exploits/3523 | http://www.securityfocus.com/bid/23049 | http://xforce.iss.ne



EXCEP |                               1
           http://www.securityfocus.com/archive/1/archive/1/463238/100/0/threaded | http://www.securityfocus.




ACCESS |                               1
           http://www.truecrypt.org/docs/?s=version-history | http://www.securityfocus.com/bid/23128 | http://ww




INPUT |                                  1
           http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/053099.html | http://www.frsirt.com/englis




EXCEP |                                1
           http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=488 | http://esupport.trendmicro.c




DESIGN |                                1
           http://marc.info/?l=linux-netdev&m=117406721731891&w=2 | http://git.kernel.org/?p=linux/kernel/git




INPUT |                                1
           http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=539 | http://www.symantec.com/a




EXCEP |                               1
           http://www.securityfocus.com/archive/1/archive/1/463434/100/0/threaded | http://voipsa.org/pipermai
EXCEP |                             1
           http://www.milw0rm.com/exploits/3547 | http://www.securityfocus.com/bid/23101 | http://xforce.iss.ne




INPUT |                                1
           http://sourceforge.net/project/shownotes.php?release_id=495646&group_id=173277 |




EXCEP |                                1
           http://glowworm.us/history/release_1_5_3_b4.html |




INPUT |                                1
           http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414045 | https://bugzilla.redhat.com/bugzilla/show_




DESIGN |                              1
           http://www.securityfocus.com/archive/1/archive/1/467646/100/0/threaded | http://www.securityfocus.




DESIGN |                              1
           http://www.securityfocus.com/archive/1/archive/1/467646/100/0/threaded | http://www.securityfocus.




DESIGN |                              1
           http://www.securityfocus.com/archive/1/archive/1/467646/100/0/threaded | http://www.securityfocus.



DESIGN |                              1
           http://www.securityfocus.com/archive/1/archive/1/467646/100/0/threaded | http://www.securityfocus.



INPUT |                               1
           http://www.securityfocus.com/archive/1/archive/1/467646/100/0/threaded | http://www.securityfocus.
EXCEP |                                              1
                          http://www.securityfocus.com/archive/1/archive/1/467289/100/200/threaded | http://voip.null.ro/cgi-bi




                                                    1
http://www.securityfocus.com/archive/1/archive/1/463847/100/0/threaded | http://xforce.iss.net/xforce/xfdb/33503 |




OTHER |                                              1
                          http://www.securityfocus.com/archive/1/archive/1/463934/100/0/threaded | http://www.securityfocus.




INPUT | ACCESS |                                     1 No upper bounds of optlen value
                          http://www.securityfocus.com/archive/1/archive/1/463969/100/0/threaded | http://www.securitytracke




INPUT |                                               1
                          http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=494 | http://www-1.ibm.com/suppo




INPUT |                                               1
                          http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0077.html | http://securityvulns.com/news




                                         ?
http://archives.neohapsis.com/archives/bugtraq/2007-03/0392.html | http://xforce.iss.net/xforce/xfdb/33309 |



EXCEP |                                                  1
                          http://marc.info/?l=full-disclosure&m=117502315312302&w=2 | http://www.securityfocus.com/bid/23
EXCEP |                                                  1
                          http://aluigi.altervista.org/adv/pulsex-adv.txt | http://aluigi.org/poc/pulsex.zip | http://xforce.iss.net/xfor




                                         ?
http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml | http://www.securityfocus.com/bid/23181 | http://securityt




INPUT |                                             1
                          http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml | http://www.securityfocus.com/




EXCEP |                                             1
                          http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml | http://www.securityfocus.com/




INPUT |                                               1
                          http://sourceforge.net/mailarchive/message.php?msg_name=20070406123739.GA1546%40zen.inc
ACCESS | CONFIG |                                    1
                        http://security.gentoo.org/glsa/glsa-200704-11.xml | http://www.securityfocus.com/bid/23520 | http://w




INPUT |                                             1
                        https://issues.rpath.com/browse/RPL-1309 | http://secunia.com/advisories/25083 | http://kernel.org/p




DESIGN | EXCEP |                                    1
                        http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_01.txt | http://www.frsirt.com/english/adviso



EXCEP |                                             1
                        http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_02.txt | http://www.frsirt.com/english/adviso




DESIGN | CONFIG |                               1
                        http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554 | http://secunia.com/adviso




INPUT |                 http://www.milw0rm.com/exploits/3690 |




                                                    1
http://www.securityfocus.com/archive/1/archive/1/464685/100/0/threaded | http://www.cybsec.com/vuln/CYBSEC-Security_Adv




DESIGN |                                         1
                        http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951#6107 | http://www.frsirt.com
INPUT |                 http://www.tinymux.org/changes.txt | http://www.frsirt.com/english/advisories/2007/1213 |




INPUT |                                             1
                        http://sourceforge.net/forum/forum.php?forum_id=681753 | http://sourceforge.net/project/shownotes




                                                 1
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00944467 | http://www.securityfocus.com/bid/2




INPUT |                                             1
                        http://bugzilla.quagga.net/show_bug.cgi?id=354 | http://bugzilla.quagga.net/show_bug.cgi?id=355 | h



OTHER |                                              1
                        http://bftpd.sourceforge.net/downloads/CHANGELOG | http://secunia.com/advisories/24864 | http://b




INPUT | EXCEP |                                     1 number of line feeds > N
                        http://sourceforge.net/mailarchive/forum.php?thread_name=755AF709E5B77E6EA58479D5%40fox




EXCEP |                                             1
                        http://www.freeradius.org/security.html | http://frontal2.mandriva.com/security/advisories?name=MDK



EXCEP |                                           1
                        http://www.debian.org/security/2007/dsa-1281 | http://www.securityfocus.com/bid/23656 | http://secu
INPUT |            http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml | http://www.securityfocus.com/b




EXCEP |                                      1
                   http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml | http://www.securityfocus.com/b




INPUT |            http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml | http://www.securityfocus.com/b




INPUT | DESIGN |                              1 Crafted IP packets sent to user
                   http://sunsolve.sun.com/search/document.do?assetkey=1-26-102866-1 | http://www.frsirt.com/englis




EXCEP |                                        1
                   http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=516 | https://knowledge.mcafee.co




EXCEP |                                       1
                   http://www.securityfocus.com/archive/1/archive/1/466017/100/0/threaded | http://www.securityfocus.




EXCEP |                                       1
                   http://www.securityfocus.com/archive/1/archive/1/466017/100/0/threaded | http://www.securityfocus.




INPUT |            http://www.securityfocus.com/archive/1/archive/1/466017/100/0/threaded | http://www.securityfocus.
INPUT |                   http://www.securityfocus.com/archive/1/archive/1/466017/100/0/threaded | http://www.securityfocus.




                                                     1
http://www.obdev.at/products/sharity/releasenotes.html | http://www.securityfocus.com/bid/23572 | http://secunia.com/advisorie




EXCEP |                                  ?
                          http://www.securityfocus.com/archive/1/archive/1/466319/100/0/threaded | http://www.securityfocus.



INPUT |                   http://www.securityfocus.com/archive/1/archive/1/466291/100/0/threaded | http://www.securityfocus.


EXCEP |                                            1
                          http://www.milw0rm.com/exploits/3770 | http://www.securityfocus.com/bid/23576 | http://xforce.iss.ne



INPUT |                                              1
                          http://www.securityfocus.com/data/vulnerabilities/exploits/23583.c | http://www.securityfocus.com/bid




INPUT | EXCEP |                                      1 AddAllowed value > N
                          http://www.securityfocus.com/archive/1/archive/1/466022/100/100/threaded | http://www.securityfocu




INPUT | EXCEP |           http://www.securityfocus.com/archive/1/archive/1/466576/100/0/threaded | http://www.securityfocus.




INPUT | DESIGN | EXCEP |                          1 height = 0
                      http://www.csis.dk/dk/forside/GdiPlus.pdf | http://www.kb.cert.org/vuls/id/290961 | http://www.security
EXCEP |                                              1
                         http://www.isc.org/index.pl?/sw/bind/bind-security.php | http://www.frsirt.com/english/advisories/2007



                                                      IPV6_RTHDR_TYPE_0 set to create network
INPUT | DESIGN |                                    1 amplification between 2 routers
                         http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf | http://openbsd.org/errata39.html#022_rou




                                      ?
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00841370 | http://www.securit




                                       ?
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102874-1 | http://www.frsirt.com/english/advisories/2007/1530 | h




EXCEP |                                           1
                         http://www.milw0rm.com/exploits/3791 | http://www.milw0rm.com/exploits/3792 | http://www.securityf




EXCEP |                                           1
                         http://www.milw0rm.com/exploits/3784 |




DESIGN |                                            1
                         http://www.securityfocus.com/archive/1/archive/1/466784/100/0/threaded | http://www.securityfocus.
INPUT |                               1
           http://www.securityfocus.com/archive/1/archive/1/466911/100/0/threaded | http://www.asterisk.org/fil




DESIGN |                              1
           http://www.securityfocus.com/archive/1/archive/1/466882/100/0/threaded | http://bugs.digium.com/vi



EXCEP |                                1
           http://sourceforge.net/forum/forum.php?forum_id=685448 | http://sourceforge.net/project/shownotes




INPUT |    http://secunia.com/advisories/24724 | http://www.securityfocus.com/bid/23640 |




INPUT |    http://secunia.com/advisories/25049 | http://xforce.iss.net/xforce/xfdb/33903 |




EXCEP |                                1
           http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=506 | http://www.enterasys.com/p




INPUT |                               1
           http://www.securityfocus.com/archive/1/archive/1/464819/100/0/threaded | http://www.securityfocus.


INPUT |    http://sourceforge.net/project/shownotes.php?release_id=504709&group_id=63119 | http://www.mys
INPUT |                                       1
                  http://sourceforge.net/forum/forum.php?thread_id=1725156&forum_id=131392 | http://www.securityf




EXCEP |                                     1
                  http://www.rapid7.com/advisories/R7-0027.jsp | http://www.securitytracker.com/id?1017984 | http://x




INPUT | EXCEP |                             1 DOS device name with arbitrary extension
                  http://www.rapid7.com/advisories/R7-0028.jsp | http://www.caucho.com/resin-3.1/changes/changes.




INPUT |           http://sourceforge.net/project/shownotes.php?release_id=508653&group_id=5624 | http://sourceforg




EXCEP |                                       1
                  http://taviso.decsystem.org/virtsec.pdf |




INPUT |           http://www.cisco.com/en/US/products/products_security_response09186a0080833172.html | http://w
                                       ?
http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml | http://www.securityfocus.com/bid




RACE |                                             1
                         http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml | http://w




                                                  1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102900-1 | http://www.securityfocus.com/bid/23751 | http://www.




EXCEP |                                             1
                         http://sunsolve.sun.com/search/document.do?assetkey=1-26-102895-1 | http://www.securityfocus.co




INPUT |                  http://www.securityfocus.com/archive/1/archive/1/467269/100/0/threaded | http://www.matousec.com



                                                    1
ftp://ftp.itrc.hp.com/openvms_patches/i64/V8.2-1/VMS821I_SYS-V0400.txt | ftp://ftp.itrc.hp.com/openvms_patches/i64/V8.3/VM




EXCEP |                                              1
                         http://ftp.digium.com/pub/asa/ASA-2007-013.pdf | http://www.securityfocus.com/bid/23824 | http://ww




INPUT | EXCEP |                                       1 Crafted COTP packets
                         http://www.kb.cert.org/vuls/id/MIMG-6Q3NFD | http://www.kb.cert.org/vuls/id/711420 | http://www.sec
INPUT |           http://taviso.decsystem.org/virtsec.pdf |




                                             length > N for (1) DoOleCommand, (2)
                                             FTPDownloadFile, (3) FTPUploadFile, (4)
                                             HttpUploadFile, (5) Save, (6) SaveWebFile, (7)
                                             HttpDownloadFile, (8) Open, or (9)
INPUT | EXCEP |                            1 OpenWebFile property value.
                  http://www.milw0rm.com/exploits/3826 | http://moaxb.blogspot.com/2007/05/moaxb-01-powerpointvi




                                              length > N for (1) DoOleCommand, (2)
                                              FTPDownloadFile, (3) FTPUploadFile, (4)
                                              HttpUploadFile, (5) GotoPage, (6) Save, (7)
                                              SaveWebFile, (8) HttpDownloadFile, (9) Open,
                                              (10) OpenWebFile, (11) SaveAs, or (12)
INPUT | EXCEP |                             1 ShowWordStandardDialog property value.
                  http://moaxb.blogspot.com/2007/05/moaxb-03-wordviewerocx-32-multiple_03.html | http://www.secu




INPUT | EXCEP |                            1 Certain .ra file used by Real Player 10 Gold
                  http://www.milw0rm.com/exploits/3819 | http://www.securityfocus.com/bid/23712 |




DESIGN |                                   1
                  http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01034753 | http://ww




                                               (1) messenger URL contains _edit.r AND (2)
INPUT | EXCEP |                              2 parameters list for _edit.r empty
                  http://www.securityfocus.com/archive/1/archive/1/467375/100/0/threaded | http://www.securityfocus.
                                                       create socket, release it before PPIOCGCHAN
OTHER |                                              2 ioctl is initalized
                        http://kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.21-git8.log | http://secunia.com/advisories



INPUT |                 http://www.securityfocus.com/archive/1/archive/1/467646/100/0/threaded | http://www.securityfocus.



DESIGN |                                           1
                        http://www.securityfocus.com/archive/1/archive/1/467646/100/0/threaded | http://www.securityfocus.



INPUT | EXCEP |                                    1 Crafted BMP files used in ImageProcessing
                        http://www.securityfocus.com/archive/1/archive/1/466754/100/100/threaded | http://www.securityfocu




EXCEP |                                            1
                        http://www.securityfocus.com/archive/1/archive/1/467822/100/0/threaded | http://secunia.com/adviso




EXCEP |                                           1
                        http://bugs.mysql.com/bug.php?id=27513 | http://security.gentoo.org/glsa/glsa-200705-11.xml | http:/




                                                  1
http://www.cisco.com/en/US/products/products_security_advisory09186a00808399d0.shtml | http://www.securityfocus.com/bid




INPUT | EXCEP |         http://www.securityfocus.com/archive/1/archive/1/468070/100/0/threaded | http://www.securityfocus.




EXCEP | CONFIG |                                   1
                        http://www.securityfocus.com/archive/1/archive/1/468070/100/0/threaded |
                                               User access webpage that passes invalid
INPUT | EXCEP |                              1 argument to GetPropertyByID() function
                  http://www.securityfocus.com/archive/1/archive/1/468070/100/0/threaded | http://www.securityfocus.




INPUT |                                    1
                  http://www.milw0rm.com/exploits/3891 | http://moaxb.blogspot.com/2007/05/moaxb-10-rcontroldll-v-




INPUT | EXCEP |                                 1 Crafted POST request cause server to | http://www.frsirt.com/english/a
                  http://ftp.icdevgroup.org/interchange/5.4/ANNOUNCEMENT-5.4.2.txt hang




INPUT |                                       1
                  http://lurker.clamav.net/message/20070418.111144.0df6c5d3.en.html | http://article.gmane.org/gma




INPUT |                                    1
                  http://www.milw0rm.com/exploits/3898 | http://www.securityfocus.com/bid/23941 | http://xforce.iss.ne




INPUT |                                    1
                  http://www.milw0rm.com/exploits/3910 | http://moaxb.blogspot.com/2007/05/moaxb-12-precisionid-b




INPUT |                                    1
                  http://www.milw0rm.com/exploits/3917 | http://moaxb.blogspot.com/2007/05/moaxb-13-id-automatio




INPUT |                                         1
                  http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/062773.html | http://www.critical.lt/research
CONFIG |                             1
           http://dev2dev.bea.com/pub/advisory/229 | http://www.frsirt.com/english/advisories/2007/1815 | http:



EXCEP |                              1
           http://dev2dev.bea.com/pub/advisory/237 | http://www.frsirt.com/english/advisories/2007/1815 | http:




INPUT |    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413033 | http://bugs.debian.org/cgi-bin/bugreport.c




INPUT |                             1
           http://www.milw0rm.com/exploits/3930 | http://www.securityfocus.com/bid/23994 |




EXCEP |                               1
           http://www.securityfocus.com/archive/1/archive/1/468626/100/0/threaded | http://www.securityfocus.




INPUT |                             1
           http://www.milw0rm.com/exploits/3929 | http://www.securityfocus.com/bid/23993 |




DESIGN |                               1
           http://bugs.libgd.org/?do=details&task_id=86 |




EXCEP |                               1
           http://sunsolve.sun.com/search/document.do?assetkey=1-26-102752-1 | http://www.securityfocus.co
                                                     This may be 1 if the presence of an IP address
                                                     is all that is needed, or 2 or more if some other
INPUT | EXCEP |                                      condition is required in |
                          http://www.aczoom.com/tools/blockhosts/CHANGES the login name
                                         1?




INPUT |                                              1
                          http://www.securityfocus.com/archive/1/archive/1/468784/100/0/threaded | http://milw0rm.com/explo




                                                    1
http://www.globus.org/mail_archive/security-announce/2007/05/msg00000.html | http://bugzilla.globus.org/globus/show_bug.cg



EXCEP |                   http://lists.ratbox.org/pipermail/ircd-ratbox/2007-May/000759.html | http://www.openpkg.com/security




http://scary.beasts.org/security/CESA-2006-004.html |1http://www.securityfocus.com/bid/24004 | http://www.frsirt.com/english/a



EXCEP |                                                1
                          http://www.zerodayinitiative.com/advisories/ZDI-07-036.html |




OTHER |                                             1
                          http://www.cisco.com/en/US/products/products_security_advisory09186a0080847c49.shtml |
EXCEP |                                        1
                  http://madwifi.org/ticket/1335 | http://madwifi.org/wiki/Security |




EXCEP |                                        1
                  http://madwifi.org/ticket/1270 | http://madwifi.org/wiki/Security |




EXCEP |                                      1
                  http://www.mozilla.org/security/announce/2007/mfsa2007-13.html |




INPUT |           http://spamassassin.apache.org/advisories/cve-2007-2873.txt |




EXCEP |                                        1
                  http://marc.info/?l=linux-kernel&m=118128610219959&w=2 | http://marc.info/?l=linux-kernel&m=118




INPUT | EXCEP |                               1 corrupt kernel_dirent
                  http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.2 | http://www.securityfocus.com/bid/2




ACCESS |                                     1
                  http://sunsolve.sun.com/search/document.do?assetkey=1-26-102911-1 | http://www.securityfocus.co
INPUT |                                               1
                          http://downloads.securityfocus.com/vulnerabilities/exploits/24127.html | http://www.securityfocus.com




http://www.securityfocus.com/bid/24131 | http://www.frsirt.com/english/advisories/2007/1927 | http://xforce.iss.net/xforce/xfdb/3




http://www.frsirt.com/english/advisories/2007/1936 | 1




RACE |                                               1
                          http://securityresponse.symantec.com/avcenter/security/Content/2007.05.24a.html | http://securityres




INPUT |                                             1
                          http://moaxb.blogspot.com/2007/05/moaxb-23-microsoft-office-2000.html | http://www.shinnai.altervi



DESIGN |                                              1
                          http://sourceforge.net/project/shownotes.php?group_id=107955&release_id=501861 |




INPUT |                                             1
                          http://www.f-secure.com/security/fsc-2007-4.shtml | http://www.frsirt.com/english/advisories/2007/19




EXCEP |                                                  1
                          http://marc.info/?l=full-disclosure&m=118040810718045&w=2 | http://www.nruns.com/advisories/%5



EXCEP |                                                 1
                          http://forum.antivir-pe.de/thread.php?threadid=22528 | http://www.securityfocus.com/bid/24187 | http
INPUT |                 http://sourceforge.net/project/shownotes.php?release_id=511778 | http://svn.a-eskwadraat.nl/wsvn/D




EXCEP |                                            1
                        http://sunsolve.sun.com/search/document.do?assetkey=1-26-102745-1 | http://www.securityfocus.co




ACCESS |                                           1
                        http://sunsolve.sun.com/search/document.do?assetkey=1-26-102921-1 | http://www.securityfocus.co




EXCEP |                                            1
                        http://mail.openvms.org:8100/Lists/alerts/Message/504.html | http://mail.openvms.org:8100/Lists/ale




                                                  1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1 |




INPUT |                                          1
                        http://www.appwebserver.org/forum/viewtopic.php?t=969 |
                                                  1
http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html | http://kolab.org/security/kolab-vendor-notice-15.txt |




                                                    1
http://www.hitachi-support.com/security_e/vuls_e/HS07-013_e/index-e.html | http://www.frsirt.com/english/advisories/2007/202




                                                    1
http://www.hitachi-support.com/security_e/vuls_e/HS07-012_e/index-e.html | http://www.frsirt.com/english/advisories/2007/202




INPUT |                  http://lists.aspl.es/pipermail/vortex/2007-May/000152.html | http://secunia.com/advisories/25442 |




DESIGN |                                            1
                         http://www.securityfocus.com/archive/1/archive/1/470278/100/0/threaded | http://www.matousec.com




EXCEP |                                           1
                         http://www.milw0rm.com/exploits/4033 | http://www.securityfocus.com/bid/24292 | http://secunia.com




DESIGN |                                             1
                         http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243719 | http://svn.berlios.de/viewcvs/open-iscs




DESIGN |                                             1
                         http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243719 | http://svn.berlios.de/viewcvs/open-iscs
INPUT |                               1
           http://mdessus.free.fr/?p=15 | http://bugs.cacti.net/view.php?id=955 | http://svn.cacti.net/cgi-bin/view




INPUT |                               1
           http://mdessus.free.fr/?p=15 | http://bugs.cacti.net/view.php?id=955 | http://svn.cacti.net/cgi-bin/view




OTHER |                   ?
           http://superb-west.dl.sourceforge.net/sourceforge/maradns/maradns-1.2.12.05.tar.gz | http://www.m




DESIGN |                               1
           http://superb-west.dl.sourceforge.net/sourceforge/maradns/maradns-1.2.12.06.tar.gz | http://www.m




OTHER |                   ?
           http://maradns.blogspot.com/search/label/MaraDNS |




INPUT |                                1
           http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html | http://svn.clamav.net/svn/cla




EXCEP |                               1
           http://www.securityfocus.com/archive/1/archive/1/470751/100/0/threaded |




EXCEP |                                1
           http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=540 | http://www.securityfocus.com




                                        OP.MEAS.DATAQUERY is empty and (2)
EXCEP |                               2 MEAS.TYPE is empty
           http://www.securityfocus.com/archive/1/archive/1/470835/100/0/threaded | http://www.securityfocus.
EXCEP |                                          1
                   http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063859.html | http://www.digit-labs.org/file



EXCEP |                                     1
                   http://www.milw0rm.com/exploits/4046 | http://www.securityfocus.com/bid/24375 | http://secunia.com




INPUT |                                     1
                   http://www.milw0rm.com/exploits/4056 | http://www.securityfocus.com/bid/24400 |




INPUT |            http://aviv.raffon.net/2007/06/11/AppleSafariForWindowsOutWithACrash.aspx |




INPUT |                                       1 character in mesasges, tickets, or Wikis.
                   http://www.securityfocus.com/archive/1/archive/1/458455/100/0/threaded | http://lists.grok.org.uk/pip




INPUT | ACCESS |                            1 Configuration can be modified before login
                   http://www.milw0rm.com/exploits/3671 | http://www.securityfocus.com/bid/23342 |




INPUT |                                          1 format string specifiers in aim:// URI
                   http://projects.info-pull.com/moab/MOAB-20-01-2007.html | http://www.frsirt.com/english/advisories/2




INPUT |                                          1
                   http://projects.info-pull.com/moab/MOAB-07-01-2007.html | http://www.omnigroup.com/applications/
INPUT |                              2 username and real_name are long
          http://www.securityfocus.com/archive/1/archive/1/456255/100/0/threaded | http://www.securityfocus.




INPUT |                              1
          https://launchpad.net/bugs/79206 | http://bugzilla.gnome.org/show_bug.cgi?id=396477 | http://ftp.gno




INPUT |                              2 long #EXTINF and invalid udp:// URI in M3U http://frontal2.mandriva.c
          http://www.securityfocus.com/archive/1/archive/1/456523/100/0/threaded | file




INPUT |   http://sourceforge.net/project/shownotes.php?release_id=475423&group_id=21558 | http://www.secu




INPUT |   http://sourceforge.net/project/shownotes.php?release_id=477793&group_id=21558 | http://www.secu




INPUT |                              1 ftp:// URI > N
          http://www.securityfocus.com/archive/1/archive/1/456755/100/0/threaded | http://www.securityfocus.
                                          Code executed in format string specifiers in
INPUT |                                 1 INVITE request
          http://projects.info-pull.com/moab/MOAB-16-01-2007.html | http://www.securityfocus.com/bid/22086




INPUT |                               2 (1) A JIS ecoded font and (2) | http://www.frsirt.com/english/advisories
          http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607crafted string




INPUT |                                 1 PICT image with malformed | http://www.securityfocus.com/bid/22207
          http://projects.info-pull.com/moab/MOAB-23-01-2007.html ARGB record




                                          Code injected in format string specifiers via (1)
                                          SWUTMP or (2) SUCATALOG filenames, or
                                          using the (3) application/x-apple.sucatalog+xml
INPUT |                                 1 MIME type.
          http://projects.info-pull.com/moab/MOAB-24-01-2007.html | http://www.frsirt.com/english/advisories/2




INPUT |                                1
          http://security-protocols.com/sp-x43-advisory.php | http://www.securityfocus.com/bid/22228 | http://d




INPUT |                            1
          http://www.milw0rm.com/exploits/3229 | http://www.securityfocus.com/bid/22315 | http://milw0rm.com
INPUT |                                1
          http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html | http://docs.info.apple.c




INPUT |                                1
          http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html | http://docs.info.apple.c




INPUT |                                1
          http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html | http://docs.info.apple.c




INPUT |                                1
          http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html | http://docs.info.apple.c




INPUT |                                1
          http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html | http://docs.info.apple.c




INPUT |   http://www.milw0rm.com/exploits/3254 | http://www.securityfocus.com/bid/22377 | http://milw0rm.com




INPUT |   http://www.mozilla.org/security/announce/2007/mfsa2007-01.html | http://www.securityfocus.com/arc




INPUT |   http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=471 | http://www.frsirt.com/english
INPUT |                                1
          http://lists.roaringpenguin.com/pipermail/mimedefang/2007-February/032011.html | http://secunia.co




EXCEP |                              1
          http://marc.theaimsgroup.com/?l=full-disclosure&m=117094708423302&w=2 | http://www.milw0rm.c




INPUT |                              1
          http://www.securityfocus.com/archive/1/archive/1/459928/100/0/threaded | http://lists.grok.org.uk/pip




INPUT |                             1
          http://www.blackhat.com/presentations/bh-europe-07/Butti/Presentation/bh-eu-07-Butti.pdf |




INPUT |                            1
          http://www.milw0rm.com/exploits/3331 | http://vicftps.50webs.com/ | http://www.securityfocus.com/bi




INPUT |                            1
          http://www.milw0rm.com/exploits/3514 | http://www.securityfocus.com/bid/23002 | http://xforce.iss.ne




EXCEP |                                  1
          http://aluigi.altervista.org/adv/nasbugs-adv.txt | http://www.securityfocus.com/bid/23017 | http://www.




INPUT |                               1
          http://netsieben.com/files/CHANGELOG |
INPUT |                                       1
                  http://code.google.com/p/tinymux/issues/detail?id=282&can=2&q= | http://www.tinymux.org/changes




INPUT |                                      1
                  http://www.securityfocus.com/archive/1/archive/1/467038/100/0/threaded | http://www.vsecurity.com




INPUT |           http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/054024.html | http://www.digit-labs.org/files




INPUT |           http://www.frsirt.com/english/advisories/2007/1587 | http://xforce.iss.net/xforce/xfdb/34010 |




INPUT | EXCEP |                              1 MIB filename argument length > N
                  http://www.securityfocus.com/archive/1/archive/1/468070/100/0/threaded |




INPUT |                                       1
                  http://sourceforge.net/tracker/index.php?func=detail&aid=1716196&group_id=12272&atid=112272 |
INPUT |                                         1
                    http://scary.beasts.org/security/CESA-2007-001.html | http://www.securityfocus.com/bid/24001 | http




EXCEP |                                          1
                    http://madwifi.org/ticket/1334 | http://madwifi.org/wiki/Security |




INPUT |                                          1
                    http://www.kb.cert.org/vuls/id/449089 | http://www.securityfocus.com/bid/24328 | http://www.frsirt.com




INPUT |                                      1
                    http://www.milw0rm.com/exploits/3986 | http://moaxb.blogspot.com/2007/05/moaxb-25-leadtools-ras




INPUT |                                      1
                    http://www.milw0rm.com/exploits/4009 | http://moaxb.blogspot.com/2007/05/moaxb-29-edraw-office




DESIGN | ACCESS |                             1 password hash length = 2
                    http://www.redhat.com/archives/fedora-devel-list/2007-January/msg01271.html | http://www.redhat.c




OTHER |                                         1
                    https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223233 | http://secunia.com/advisories/24225 |




INPUT |                                           1 modified path points to launchctl program
                    http://projects.info-pull.com/moab/MOAB-21-01-2007.html | http://www.osvdb.org/31605 | http://secu
                                                        (!)CFUserNotficationSend request function
INPUT |                                               2 used and (2) DiskUtil used
                        http://projects.info-pull.com/moab/MOAB-22-01-2007.html | http://docs.info.apple.com/article.html?a




ACCESS |                                           1
                        http://milw0rm.com/exploits/3068 | http://www.securityfocus.com/bid/21847 | http://secunia.com/advi




DESIGN |                                          1
                        http://www.cisco.com/warp/public/707/cisco-sa-20070103-CleanAccess.shtml | http://www.frsirt.com



                                                     Malicous program creates fake iphlpapi.dll in
INPUT | DESIGN |                                   1 SKPF instillation directory
                        http://www.securityfocus.com/archive/1/archive/1/455624/100/0/threaded | http://www.matousec.com




INPUT |                                            1 filename length > N
                        http://www.securityfocus.com/archive/1/archive/1/455729/100/0/threaded | http://www.securityfocus.




                                                1
http://marc.theaimsgroup.com/?l=openbsd-cvs&m=116781980706409&w=2 | http://ilja.netric.org/files/Unusual%20bugs%2023




DESIGN | ACCESS |                                  1
                        http://www.securityfocus.com/archive/1/archive/1/455832/100/0/threaded | http://aria-security.com/fo




DESIGN | ACCESS |                                  1
                        http://www.securityfocus.com/archive/1/archive/1/455807/100/0/threaded | http://aria-security.com/fo
DESIGN | ACCESS |                            1
                    http://www.milw0rm.com/exploits/3066 | http://xforce.iss.net/xforce/xfdb/31222 | http://milw0rm.com/e




DESIGN | ACCESS |                              1
                    http://www.securityfocus.com/archive/1/archive/1/455788/100/0/threaded | http://aria-security.com/fo




ACCESS |                                         1
                    http://aria-security.com/forum/showthread.php?t=85 | http://www.frsirt.com/english/advisories/2007/0




DESIGN |                                       1
                    http://www.securityfocus.com/archive/1/archive/1/455977/100/0/threaded |




INPUT |                                         1 Specially crafted HTML request
                    http://spine.sourceforge.net/changelog.html | http://www.frsirt.com/english/advisories/2007/0042 | htt




DESIGN |                                        1
                    http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974970.htm | http://www.securityfocus.com/b




DESIGN | ACCESS |                              1
                    http://www.securityfocus.com/archive/1/archive/1/456047/100/0/threaded | http://xforce.iss.net/xforce




INPUT |                                           1 crafted BOM file
                    http://projects.info-pull.com/moab/MOAB-05-01-2007.html | http://www.securityfocus.com/bid/21899
ACCESS |                                            1
                        http://sourceforge.net/project/shownotes.php?group_id=171441&release_id=475663 | http://secunia




                                                    1
ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/AXP_DNVOSIMUP01-V0703-2.txt | ftp://ftp.itrc.hp.com/openvms_patches/




DESIGN | ACCESS |                                  1
                        http://www.securityfocus.com/archive/1/archive/1/456228/100/0/threaded | http://xforce.iss.net/xforce




ACCESS |                                           1
                        http://www.securityfocus.com/archive/1/archive/1/456230/100/0/threaded | http://xforce.iss.net/xforce




DESIGN | ACCESS |                                  1
                        http://www.securityfocus.com/archive/1/archive/1/456117/100/0/threaded | http://64.38.62.221/ariase




DESIGN | ACCESS |                                  1
                        http://www.securityfocus.com/archive/1/archive/1/456226/100/0/threaded | http://xforce.iss.net/xforce




DESIGN | ACCESS |                                  1
                        http://www.securityfocus.com/archive/1/archive/1/456239/100/0/threaded | http://xforce.iss.net/xforce




DESIGN | ACCESS |                                  1
                        http://www.securityfocus.com/archive/1/archive/1/456238/100/0/threaded | http://xforce.iss.net/xforce



DESIGN | ACCESS |                                  1
                        http://www.securityfocus.com/archive/1/archive/1/456235/100/0/threaded | http://xforce.iss.net/xforce
INPUT |                                 1
           http://arctic.org/~dean/patches/GeoIP-1.4.0-update-vulnerability.patch | http://frontal2.mandriva.com




ACCESS |                              1
           http://landonf.bikemonkey.org/code/macosx/MOAB_Day_8.20070109002959.18582.timor.html | http




DESIGN |                     ?
           http://security.freebsd.org/advisories/FreeBSD-SA-07:01.jail.asc | http://www.securityfocus.com/bid/2




ACCESS |                               1
           http://getahead.ltd.uk/dwr/changelog | http://www.securityfocus.com/bid/21955 | http://www.frsirt.com




INPUT |                               1
           http://www.mnin.org/advisories/2007_firepass.pdf | https://tech.f5.com/home/solutions/sol6924.html




ACCESS |                              1
           http://www.mnin.org/advisories/2007_firepass.pdf | https://tech.f5.com/home/solutions/sol6922.html




INPUT |                               1
           http://www.securityfocus.com/archive/1/archive/1/455894/100/100/threaded |
DESIGN | ACCESS |                                   1
                         http://www.securityfocus.com/archive/1/archive/1/456128/100/0/threaded | http://www.securityfocus.




INPUT |                  http://www.microsoft.com/technet/security/Bulletin/MS07-007.mspx | http://www.securityfocus.com/b




INPUT |                                             1
                         http://www.microsoft.com/technet/security/Bulletin/MS07-006.mspx | http://www.kb.cert.org/vuls/id/24


INPUT | DESIGN |                                   1 ndeb binary feature allows overwrite
                         http://www.debian.org/security/2007/dsa-1269 | http://secunia.com/advisories/24377 | http://secunia.




DESIGN |                                            1
                         http://www.securityfocus.com/archive/1/archive/1/456598/100/0/threaded | http://labs.calyptix.com/ad



                                         ?
http://www.securityfocus.com/archive/1/archive/1/456622/100/0/threaded |




                                                    1
http://www.securityfocus.com/archive/1/archive/1/456626/100/0/threaded | http://forums.grsecurity.net/viewtopic.php?t=1646 | h




DESIGN |                                          1
                         http://www.milw0rm.com/exploits/3116 | http://www.securityfocus.com/bid/22025 | http://secunia.com
                                                      1
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert




                                                      1
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert




                                        ?
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert




                                                      1
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert




INPUT |                                               1
                          http://oss.gonicus.de/pipermail/gosa/2007-January/002650.html | http://www.frsirt.com/english/advis
INPUT |                                      1 Admisnitrative actions through direct request
                  http://www.securityfocus.com/archive/1/archive/1/456986/100/0/threaded | http://www.securityfocus.




DESIGN |                                     1
                  http://www.securityfocus.com/archive/1/archive/1/456973/100/0/threaded | http://www.matousec.com




ACCESS |                         ?
                  http://www.ingate.com/relnote-451.php | http://www.securityfocus.com/bid/22080 | http://secunia.com



DESIGN | RACE |                                 1
                  http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051793.html | http://www.securityfocus.




ACCESS |                            ?
                  http://projects.info-pull.com/moab/MOAB-15-01-2007.html | http://www.milw0rm.com/exploits/3136 |




DESIGN | RACE |                              1
                  http://www.securityfocus.com/archive/1/archive/1/457217/100/0/threaded | http://www.securityfocus.


                                                  (1) Modified path and (2) malicious ipfw
INPUT |                                         2 program
                  http://projects.info-pull.com/moab/MOAB-18-01-2007.html | http://secunia.com/advisories/23842 | ht
DESIGN |                              ?
                    http://projects.info-pull.com/moab/MOAB-18-01-2007.html | http://secunia.com/advisories/23842 |




EXCEP |                                        1
                    http://www.securityfocus.com/archive/1/archive/1/457279/100/0/threaded | http://www.securityfocus.




EXCEP |                                        1
                    http://www.securityfocus.com/archive/1/archive/1/457279/100/0/threaded | http://www.securityfocus.




EXCEP |                                        1
                    http://www.securityfocus.com/archive/1/archive/1/457279/100/0/threaded | http://www.securityfocus.




INPUT |                                         1 user name not chached
                    http://code.djangoproject.com/changeset/3754 | http://secunia.com/advisories/23826 | http://www.se



                                                (1) Does not validate client certificates and (2)
DESIGN | ACCESS |                             2 reusing chached connections
                    http://dev2dev.bea.com/pub/advisory/202 | http://www.frsirt.com/english/advisories/2007/0213 | http:




OTHER |                                       1
                    http://dev2dev.bea.com/pub/advisory/205 | http://www.frsirt.com/english/advisories/2007/0213 | http:




ACCESS |                                      1
                    http://dev2dev.bea.com/pub/advisory/210 | http://www.frsirt.com/english/advisories/2007/0213 | http:




ACCESS |                            ?
                    http://dev2dev.bea.com/pub/advisory/211 | http://www.frsirt.com/english/advisories/2007/0213 | http:
ACCESS |                                      1
                    http://dev2dev.bea.com/pub/advisory/212 | http://www.frsirt.com/english/advisories/2007/0213 | http:




DESIGN |                                      1
                    http://dev2dev.bea.com/pub/advisory/218 | http://www.frsirt.com/english/advisories/2007/0213 | http:




INPUT |                                       1 Overflow allows privledges
                    http://dev2dev.bea.com/pub/advisory/222 | http://www.frsirt.com/english/advisories/2007/0213 | http:




DESIGN | ACCESS |                   ?
                    http://dev2dev.bea.com/pub/advisory/223 | http://www.frsirt.com/english/advisories/2007/0213 | http:




ACCESS |                                      1
                    http://dev2dev.bea.com/pub/advisory/224 | http://securitytracker.com/id?1017523 | http://secunia.com




DESIGN |                                      1
                    http://dev2dev.bea.com/pub/advisory/221 | http://securitytracker.com/id?1017524 | http://secunia.com




DESIGN | ACCESS |                   ?
                    http://dev2dev.bea.com/pub/advisory/220 | http://secunia.com/advisories/23786 |




ACCESS |                                       1
                    http://www.securityfocus.com/archive/1/archive/1/457453/100/0/threaded | http://www.securityfocus.
                                                       1
http://jvn.jp/niscc/NISCC-462660/index.html | http://www.cpni.gov.uk/Products/advisories/default.aspx?id=al-20070129-0107.xm




                                                          fopen function does not handled invalid URI
INPUT | ACCESS |                                        1 handlers
                         http://marc.info/?l=full-disclosure&m=116977186211191&w=2 | http://securityreason.com/achieveme



                                       ?
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102773-1 | http://www.securityfocus.com/bid/22190 | http://www.




INPUT |                                             1 Crafted report parameter
                         http://www.securityfocus.com/archive/1/archive/1/457683/100/0/threaded | http://www.securityfocus.




RACE |                                                 1
                         https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html | http://developer.ber



DESIGN |                                    ?
                         https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html | http://developer.ber




                                                         writeFile() function creates incorrect permisions
INPUT |                                                1 on files
                         https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html | http://developer.ber
DESIGN |                                         1
                    http://security.gentoo.org/glsa/glsa-200701-19.xml | http://secunia.com/advisories/23881 | http://www




ACCESS |                            ?
                    http://sunsolve.sun.com/search/document.do?assetkey=1-26-102779-1 | http://www.securityfocus.co




DESIGN | ACCESS |                              1
                    http://www.securityfocus.com/archive/1/archive/1/457825/100/0/threaded | http://secunia.com/adviso




DESIGN |                                       1
                    http://www.securityfocus.com/archive/1/archive/1/457852/100/0/threaded | http://secunia.com/adviso




DESIGN | ACCESS |                              1
                    http://www.securityfocus.com/archive/1/archive/1/457868/100/0/threaded | http://www.procheckup.co




DESIGN |                                        1
                    https://issues.rpath.com/browse/RPL-987 | http://lists.rpath.com/pipermail/security-announce/2007-J




INPUT | DESIGN |                                1 Root privledges
                    https://issues.rpath.com/browse/RPL-1002 | are dropped




                                               register_globals = true, conffile parameter
INPUT |                                      2 malicious
                    http://www.milw0rm.com/exploits/3222 | http://www.frsirt.com/english/advisories/2007/0399 | http://m
INPUT |                                       1
                   http://www.securityfocus.com/archive/1/archive/1/458076/100/0/threaded | http://www.securityfocus.




INPUT |                                       1
                   http://www.securityfocus.com/archive/1/archive/1/458076/100/0/threaded | http://www.securityfocus.




INPUT |                                       1
                   http://www.securityfocus.com/archive/1/archive/1/458111/100/0/threaded | http://www.devtarget.org/




                                                Data Object is sent representing an absolute
INPUT | DESIGN |                              1 pointer
                   http://www.securityfocus.com/archive/1/archive/1/458137/100/0/threaded | http://www.ngssoftware.c




ACCESS |                                       1
                   http://sourceforge.net/project/shownotes.php?group_id=51417&release_id=481584 | http://www.plain




INPUT |            http://www.securityfocus.com/archive/1/archive/1/460063/100/0/threaded | http://secunia.com/secun



INPUT |                                        1
                   http://www.alientrap.org/devwiki/index.php?n=Nexuiz.Patch | http://www.frsirt.com/english/advisories
INPUT |   http://lists.immunitysec.com/pipermail/dailydave/2007-January/004003.html | http://lists.immunitysec




INPUT |   http://www.milw0rm.com/exploits/3239 | http://milw0rm.com/exploits/3239 | http://xforce.iss.net/xforc




INPUT |                            1
          http://www.milw0rm.com/exploits/3208 | http://www.securityfocus.com/bid/22279 | http://www.frsirt.co




ENV |                                1
          http://jvn.jp/jp/JVN%2393700808/index.html | http://www.fenrir.co.jp/press/20070126_2.html | http://w




INPUT |   http://jvn.jp/jp/JVN%2393700808/index.html | http://www.fenrir.co.jp/press/20070126_2.html | http://w




ENV |     http://docs.info.apple.com/article.html?artnum=305391 | http://lists.apple.com/archives/Security-anno
ACCESS |                                         1
                        http://www.milw0rm.com/exploits/3252 | http://www.securityfocus.com/bid/20805 | http://milw0rm.com




ACCESS |                               ?
                        http://www.securityfocus.com/archive/1/archive/1/459025/100/0/threaded | http://www.bugzilla.org/se




DESIGN |                                           1
                        http://www.securityfocus.com/archive/1/archive/1/459186/100/0/threaded | http://forums.avenir-geop




DESIGN | ACCESS |                        ?
                        http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0174.html | http://securityvulns.com/n




ACCESS |                                          1
                        http://www.avast.com/eng/avast-4-server-revision-history.html | http://www.securityfocus.com/bid/22




INPUT | DESIGN | ACCESS |                      2 (1) session ID valid AND (2) UID = 1
                      http://www.milw0rm.com/exploits/3282 | http://www.securityfocus.com/bid/22451 | http://milw0rm.com




DESIGN |                                           1
                        http://www.securityfocus.com/archive/1/archive/1/459397/100/0/threaded | http://www.securityfocus.
DESIGN |                          ?
                   http://www.securityfocus.com/archive/1/archive/1/459500/100/0/threaded | http://secunia.com/adviso




                                                run rm on a low level directory, move low level
RACE |                                        2 directory higher as it is being deleted
                   http://sunsolve.sun.com/search/document.do?assetkey=1-26-102782-1 | http://www.frsirt.com/englis




INPUT |                                        1
                   http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=476 | http://www.securityfocus.com




INPUT |                                       1
                   http://www.securityfocus.com/archive/1/archive/1/459827/100/0/threaded | http://xforce.iss.net/xforce



ACCESS |                                      1
                   http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00862809 | http://www.securityfocus.com



INPUT |                                       1
                   http://www.securityfocus.com/archive/1/archive/1/459794/100/0/threaded | http://www.securityfocus.




INPUT | ACCESS |                              1 Authentication bypassed by direct request
                   http://www.securityfocus.com/archive/1/archive/1/459789/100/0/threaded | http://www.securityfocus.



                                                $mysql['pass'] and $gbpass variables modified
INPUT | ACCESS |                  2?            to allow administrative privledges
                   http://www.securityfocus.com/archive/1/archive/1/459799/100/0/threaded |
DESIGN |                                ?
                        http://sourceforge.net/forum/forum.php?forum_id=660919 | http://www.securityfocus.com/bid/22388




CONFIG |                                              1
                        http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052382.html | http://www.kb.cert.org/v



                                                    (1) Configured to use LOCAL authentication
                                                    method and (2) privlidges gained by
CONFIG |                                          2 unspecified vectors
                        http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml | http://w




                                                  1
http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml | http://www.frsirt.com/english/adv




INPUT |                                            1
                        http://www.securityfocus.com/archive/1/archive/1/460076/100/0/threaded | http://www.securityfocus.




INPUT |                                            1
                        http://www.securityfocus.com/archive/1/archive/1/460076/100/0/threaded | http://www.securityfocus.




DESIGN |                                            1
                        http://sourceforge.net/forum/forum.php?forum_id=660919 | http://superb-east.dl.sourceforge.net/sou


INPUT |                                          1
                        http://www-1.ibm.com/support/docview.wss?uid=isg1IY94901 | http://secunia.com/advisories/24154
INPUT |                                             1
                         http://www.securityfocus.com/archive/1/460217/100/0/threaded | http://lcamtuf.dione.cc/ffhostname.h




INPUT |                                           1
                         http://www.milw0rm.com/exploits/3332 | http://www.securityfocus.com/bid/22609 | http://www.frsirt.co



ACCESS |                                ?
                         http://www.rhyolite.com/anti-spam/dcc/CHANGES | http://www.securityfocus.com/bid/22622 | http://w




DESIGN |                                             1
                         http://matt.ucc.asn.au/dropbear/CHANGES | http://www.securityfocus.com/bid/22761 | http://www.frs




DESIGN |                                              1
                         http://www.zerodayinitiative.com/advisories/ZDI-07-014.html | http://www.kaspersky.com/technews?i




INPUT |                                 ?
                         http://www.securityfocus.com/bid/22690 | http://www.securityfocus.com/archive/1/archive/1/461330/1



INPUT |                                             1
                         http://www.securityfocus.com/archive/1/archive/1/460917/100/0/threaded | http://www.securityfocus.




http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250 | http://www.securityfocus.com/bid/22563 | http://www.frsirt
http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250 | http://www.securityfocus.com/bid/22563 | http://www.frsirt




INPUT |                                            1
                         http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250 | http://www.securityfocus.com/b




DESIGN |                                            1
                         http://www.securityfocus.com/archive/1/archive/1/461437/100/0/threaded | http://marc.theaimsgroup




ACCESS |                                 ?
                         https://secure-support.novell.com/KanisaPlatform/Publishing/648/3429077_f.SAL_Public.html | http:/




INPUT |                                             1
                         http://www.php-security.org/MOPB/BONUS-12-2007.html | http://www.securityfocus.com/bid/22831 |



INPUT |                                               1
                         http://lists.kde.org/?l=kde-announce&m=117346514411140&w=2 | http://ktorrent.org/forum/viewtopic




DESIGN |                                            1
                         http://www.securityfocus.com/archive/1/archive/1/462263/100/0/threaded | http://www.securityfocus.


RACE |                                               1
                         http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413658 | http://www.securityfocus.com/bid/22925 |
INPUT |                                        1
                    http://www.securityfocus.com/archive/1/archive/1/462584/100/0/threaded | http://forums.avenir-geop




DESIGN |                                        1
                    http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.3 | http://secunia.com/advisories/2449



DESIGN | ACCESS |                              1
                    http://bugs.gentoo.org/show_bug.cgi?id=159542 | http://security.gentoo.org/glsa/glsa-200703-20.xm




DESIGN | CONFIG |                              1
                    http://www.securityfocus.com/archive/1/archive/1/462793/100/0/threaded | http://www.symantec.com




                                                    Clients can be forced to connect to other
INPUT | DESIGN |                                  1 servers or preform a port scan
                    http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf | https://bugzilla.mozilla.org/show_




                                                    Clients can be forced to connect to other
INPUT | DESIGN |                                  1 servers or preform a port scan
                    http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf | http://www.securityfocus.com/bid




                                                    Clients can be forced to connect to other
INPUT | DESIGN |                                  1 servers or preform a port scan
                    http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf | http://www.ubuntu.com/usn/usn-




INPUT |                                        1
                    http://www.securityfocus.com/archive/1/archive/1/463291/100/0/threaded | http://www.metaeye.org/a
CONFIG |                               1
           http://archives.neohapsis.com/archives/isn/2007-q1/0418.html | http://news.com.com/Windows+wea




INPUT |                                1
           http://sourceforge.net/project/shownotes.php?release_id=500765 | http://www.securityfocus.com/bid




INPUT |                              1
           http://bugs.kde.org/show_bug.cgi?id=143637 | https://bugs.gentoo.org/show_bug.cgi?id=170303 | ht




ACCESS |                             1
           http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Dror | http://www.cisco.com/en



INPUT |                              1
           http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=252 | http://www.web-app.org/cgi-bin




DESIGN |                               1
           http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=504 | http://www.kaspersky.com/te
INPUT |                                        1
                    http://www.securityfocus.com/archive/1/archive/1/464959/100/0/threaded | http://www.majorsecurity.


INPUT |                                        1
                    http://www.securityfocus.com/archive/1/archive/1/464886/100/0/threaded | http://www.majorsecurity.



INPUT |                                        1
                    http://www.securityfocus.com/archive/1/archive/1/464884/100/0/threaded | http://www.majorsecurity.



INPUT |                                        1
                    http://www.securityfocus.com/archive/1/archive/1/464887/100/0/threaded | http://www.majorsecurity.




INPUT | ACCESS |                                1 Authentication bypassed by direct request
                    http://pridels.blogspot.com/2007/03/alstrasoft-video-share-enterprise.html | http://www.securityfocus.




DESIGN | ACCESS |                               1
                    http://tweakers.net/reviews/682 | http://tweakers.net/reviews/683 |




INPUT |                                          1
                    http://www.bugtraq.ir/articles/advisory/picozip_directory_traversal/9 | http://www.securityfocus.com/b




DESIGN |                                    1
                    http://www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txt | http://www.se



DESIGN |                                        1
                    http://sourceforge.net/tracker/index.php?func=detail&aid=1696777&group_id=101952&atid=630783




                                                 (1)SECURITY_DEFINER fucntion can be
INPUT | ACCESS |                               2 called and (2)authenticated user
                    http://www.postgresql.org/about/news.791 | http://www.postgresql.org/support/security.html | http://se
ACCESS |                              1
           http://www.securityfocus.com/archive/1/archive/1/466214/100/0/threaded | http://www.oracle.com/tec



ACCESS |                               1
           http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0569.html | http://www.securityfocus.c




INPUT |                             1
           http://www.milw0rm.com/exploits/3783 | http://www.securityfocus.com/bid/23617 | http://www.frsirt.co




INPUT |    http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx | http://www.securityfocus.com/bi




INPUT |    http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf |




DESIGN |                                1
           http://marc.info/?l=linux-kernel&m=118128610219959&w=2 | http://marc.info/?l=linux-kernel&m=118
                                                         (1) Port X has a bind with wild card local adress
                                                         and (2) binding is not prevented to that local
DESIGN |                                               2 address
                         http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=de34ed91c4ffa4727964a83




                                                    1
http://www.securityfocus.com/archive/1/archive/1/467746/100/0/threaded | http://www.securityfocus.com/bid/23834 |




                                                      Input exceeds bound of buffer in either
                                                      config\ConfigFile.cpp or
INPUT | EXCEP |                                     1 \msgs\check_msgs.epp
                         http://www.securityfocus.com/archive/1/archive/1/468070/100/0/threaded |



DESIGN |                                          1
                         http://www.milw0rm.com/exploits/3899 | http://moaxb.blogspot.com/2007/05/morovia-barcode-active



RACE |                                               1
                         http://www.novell.com/linux/security/advisories/2007_10_sr.html | http://www.securityfocus.com/bid/2




DESIGN |                                          1
                         http://www.gamasec.net/english/gs07-01.html | http://www.cisco.com/en/US/products/products_secu




DESIGN |                                          1
                         http://www.gamasec.net/english/gs07-01.html | http://www.kb.cert.org/vuls/id/739224 | http://www.se




DESIGN |                                          1
                         http://www.gamasec.net/english/gs07-01.html | http://www.kb.cert.org/vuls/id/739224 | http://www.se
DESIGN |                             1
           http://bugs.mysql.com/bug.php?id=27515 | http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.htm



DESIGN |                             1
           http://moaxb.blogspot.com/2007/05/moaxb-15-db-software-laboratory.html | http://shinnai.altervista.o




DESIGN |                            1
           http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c010




OTHER |                   ?
           http://www.businessinfo.co.uk/labs/googlesnoop/snoop.html | http://www.thespanner.co.uk/2007/05/



INPUT |                               1
           http://www.securityfocus.com/archive/1/archive/1/470272/100/0/threaded | http://www.majorsecurity.




ACCESS |                                1
           http://isc.sans.org/diary.html?storyid=2220 | http://www.milw0rm.com/exploits/3293 | http://www.secu
           1
           2
           3
           0

Category




           0




           0




           0




           0



           0
0




0


0




0
1




1




1




1




1




1



1
1




1




1




1




1




1




1
1




1




1




1




1




1
1



1




1




1




1




1



1




1
1




1




1




1




1
1



1



1




1



1




1




1




1




1
1




1




1




1




1




1



1
1



1



1




1




1



1




1




1




1
1




1




1




1




1




1
1




1



1




1




1




1




1
1




1




1




1




1




1




1




1
1



1




1




1




1



1




1




1



1
1



1




1




1



1




1



1



1




1




1
1




1




1




1




1
1



1




1




1




1




1


1




1
1




1




1
1




1




1




1




1




1
1




1




1




1




1




1




1
1




1




1




1




1




1




1
1




1




1




1




1




1
1




1



1




1




1
1




1




1




1
1



1




1




1




1



1




1




1
1




1




1




1



1




1




1




1
1




1




1




1



1



1




1




1




1
1




1




1




1




1




1




1
1




1




1



1




1




1




1
1



1




1




1




1




1




1




1



1
1




1




1




1




1




1




1



1
1




1




1




1




1




1




1




1



1
1




1




1




1



1




1




1




1
1




1




1




1




1




1




1




1
1




1




1




1




1




1




1




1




1



1
1




1




1




1




1




1




1




1
1




1




1




1




1




1




1




1
1



1




1




1




1



1




1




1
1




1




1




1




1




1
1




1




1




1
1




1




1



1




1




1




1
1




1



1




1



1




1
1




1




1




1




1




1




1
1




1




1




1




1
1




1




1




1




1




1




1




1
1




1




1




1




1



1



1
1



1




1



1




1




1



1



1



1
1




1




1



1



1



1




1




1




1




1
1



1



1




1




1




1




1



1
1




1



1




1




1




1
1



1




1




1




1




1




1




1
1




1




1




1




1



1




1
1



1



1



1



1




1




1



1



1
1




1



1




1




1




1




1




1



1
1




1



1




1




1




1



1




1
1




1




1



1




1



1




1




1




1
1




1



1




1




1




1




1



1




2
2


2



2




2




2




2




2




2
2




2




2




2




2
2




2




2




2




2




2
2




2




2




2




2




2




2
2




2




2




2




2




2
2


2




2




2




2




2




2
2



2




2




2




2




2




2




2
2




2




2




2




2




2




2




2
2



2




2




2




2




2




2



2




2
2


2




2




2




2




2




2




2
2




2




2




2




2




2




2
2




2




2




2




2



2




2
2




2




2




2



2




2




2




2
2




2




2




2




2




2




2
2




2




2




2




2




2
2




2



2




2




2




2




2




2
2




2




2




2




2




2
2



2



2



2




2




2




2




2
2




2




2




2




2




2



2




2
2




2



2




2




2



2




2




2
2




2




2




2




2




2




2




2
2




2




2




2




2




2




2




2
2




2




2




2




2




2
2




2




2




2




2



2




2
2




2




2




2




2




2




2




2
2




2




2




2




2




2




2



2
2



2




2




2




2




2




2




2
2




2




2




2




2




2




2



2



2
2




2




2




2




2




2




2



2
2




2




2




2




2
2




2




2



2




2




2




2




2
2




2




2




2



2




2




2



2
2




2




2




2




2




2




2




2
2




2




2



2


2



2




2




2




2
2




2




2




2




2




2




2
2




2



2




2




2




2




2


2
2




2




2




2




2




2
2




2




2




2




2



2




2




2
2




2




2




2




2




2
2



2



2



2




2




2




2




2




2
2




2




2




2




2




2




2




2
2



2




2




2




2




2




2




2
2




2




2



2




2



2




2
2




2




2




2




2




2




2
2




2




2




2




2



2




2




2



2
2




2




2




2




2




2
2




2




2




2




2




2




2




2
2




2




2




2




2




2




2




2




2
2



2




2




2




2




2




2




2
2




2




2




2




2




2
2




2




2




2




2




2
2




2




2




2




2




2




2




2
2




2




2




2




2




2




2




2
2




2




2




2




2




2
2




2




2




2




2




3




3




3
3




3




3




3




3




3




3




3
3




3




3




3




3




3




3




3
3




3




3




3




3




3




3




3



3
3




3




3




3




3




3




3
3




3




3


3




3



3




3




3
3




3




3




3




3
3




3




3



3




3




3



3
3




3




3




3




3




3




3




3




3
3




3




3




3




3




3




3




3
3




3



3




3




3



3




3
3




3




3




3




3




3




3




3
3




3




3




3




3




3



3
3




3




3




3




3




3
3




3




3




3




3




3




3
3




3




3




3



3



3




3




3
3




3




3




3




3




3




3


3
3




3



3




3




3




3



3




3
3




3




3




3




3



3




3


3
3




3



3




3




3




3




3




3
3




3




3




3



3




3
3


3



3



3




3




3




3




3



3




3
3



3




3




3




3




3
3




3




3



3



3




3




3




3
3



3




3




3



3




3
           Unknown 1 way     2 way     3 way     Total
                152      798        55         3       1008
Cumulative               798       853       856
                    0.932243 0.996495          1




    2007                   798       55        3
    2006                  1620       95       25
Total                     2418      150       28
Cumulative                2418     2568     2596
                      0.931433 0.989214        1



T                                                              1
        1     0.931
        2     0.989                                           0.9
        3         1
        4         1                                           0.8
        5         1
        6         1                                           0.7

                                                              0.6

                                                              0.5

                                                              0.4

                                                              0.3

                                                              0.2

                                                              0.1

                                                               0
                                                                    1
                                      NVD 2007 data



         1


        0.9


        0.8


        0.7


        0.6


        0.5                                                            NVD 2007 data


        0.4


        0.3


        0.2


        0.1


         0
         1 way                2 way                        3 way




         NVD 2006, 2007




                                                      NVD 2006, 2007




2   3            4        5                6

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:1365
posted:11/11/2011
language:English
pages:410