CVE number CVE-2007-0234
Score
0 CVE-2007-0253
7 CVE-2007-0279
7 CVE-2007-0292
7 CVE-2007-0295
3.3 CVE-2007-0525
7
Severity Description ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-20070243. Reason: This candidate is a duplicate of CVE-2007-0243. Notes: All CVE users should reference CVE-2007-0243 instead of this candidate. All references and descriptions in this candidate have been removed to prevent Low accidental usage. ** DISPUTED ** Unspecified vulnerability in the grsecurity patch has unspecified impact and remote attack vectors, a different vulnerability than the expand_stack vulnerability from the Digital Armaments 20070110 pre-advisory. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. High Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, High and (5) OHS07. Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 have unknown impact and attack vectors related to Oracle Agent, aka (1) EM01 and (2) EM02. NOTE: High EM05 might be related to CVE-2007-0222. Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13 and 8.47.11 has unknown impact and attack vectors in PeopleTools, aka PSE01. Low Multiple buffer overflows in Nickolas Grigoriadis Mini Web server (MiniWebsvr) before 0.05 have unknown impact and attack vectors. High
Loss Type
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
�CVE-2007-0621
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-20066456. Reason: This candidate is a duplicate of CVE-2006-6456. It was assigned for a targeted zero-day attack, but further analysis revealed it was for an older issue. Notes: All CVE users should reference CVE-2006-6456 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. AVAIL ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-20070396. Reason: This candidate is a duplicate of CVE-2007-0396. Notes: All CVE users should reference CVE-2007-0396 instead of this candidate. All references and descriptions in this candidate have been removed to prevent 0 Low AVAIL accidental usage. Multiple unspecified vulnerabilities in Ian Bezanson DropBox before 0.0.4 beta have unknown impact and attack vectors, possibly 7 High AVAIL related to a variable extraction vulnerability. Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2.1 allows contextdependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off by one overflow." 5.6 Medium AVAIL Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack 2.3 Low AVAIL vectors related to the confstr variable. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-20071861. Reason: This candidate is a duplicate of CVE-2007-1861. Notes: All CVE users should reference CVE-2007-1861 instead of this candidate. All references and descriptions in this candidate have been removed to prevent 0 Low AVAIL accidental usage. The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-themiddle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in 7 High AVAIL approximately 2006. 0 Low
CVE-2007-0818
CVE-2007-0974
CVE-2007-1886
CVE-2007-2051
CVE-2007-2436
CVE-2007-2593
�CVE-2007-0054
7 High CVE-2007-0056
Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior Foundry vCard PRO allows remote attackers to inject arbitrary web script or HTML via the sortby parameter. Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe 4.5 and AShop Administration Panel allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) ashop/catalogue.php and (b) ashop/basket.php, the (2) exp parameter to ashop/catalogue.php, the (3) searchstring parameter to (c) ashop/search.php, the (4) checkout and (5) action parameters to (d) ashop/shipping.php, the cat parameter to (f) cart-path/admin/editcatalogue.php, and the (7) resultpage parameter to (g) cartpath/admin/salesadmin.php.
AVAIL
7 High CVE-2007-0083
5.6 CVE-2007-0106
5.6 CVE-2007-0110
7 CVE-2007-0119
7 CVE-2007-0121
7
AVAIL Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a getURL statement in a .swf file, as demonstrated by "Remote Cookie Disclosure." NOTE: it could be argued that this is an issue in Shockwave instead of Nuked Medium Klan. AVAIL Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request. Medium AVAIL Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message. High AVAIL Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) High AVAIL mkpw.pl, or (3) mkpw.cgi. Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML High AVAIL via the q parameter.
�CVE-2007-0136
Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information. 5.6 Medium AVAIL Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ Serene Bach 2.05R and earlier, and 2.08D and earlier in the 2.08 series; and (2) sb 1.13D and earlier, and 1.18R and earlier in the 1.18 series; allows remote attackers to inject arbitrary web script or Medium HTML via unspecified vectors. AVAIL Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. Medium AVAIL Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML High AVAIL via the ordernum parameter. Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) deleteannounce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6) Address 2, (7) Town/City, (8) Postcode, (9) Phone Number, (10) Email Address and (11) Website Address form fields in (c) new_customer.php; and unspecified fields in (d) search.php and (e) Low AVAIL client-results.php. Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. High AVAIL Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter. High AVAIL
CVE-2007-0137
5.6 CVE-2007-0141
5.6 CVE-2007-0144
7 CVE-2007-0146
3.4 CVE-2007-0175
7 CVE-2007-0176
7
�CVE-2007-0177
CVE-2007-0183
CVE-2007-0186
CVE-2007-0191
CVE-2007-0204
CVE-2007-0225
Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or 5.6 Medium HTML via unspecified vectors. AVAIL Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party 5.6 Medium information. AVAIL Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an element; and (13) the vhost parameter to my.activation.php. NOTE: it is possible that this candidate overlaps CVE7 High AVAIL 2006-3550. Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contents_new operation in the ad_contents section. 7 High AVAIL Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third 7 High AVAIL party information, Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg 7 High AVAIL parameter.
�CVE-2007-0231
CVE-2007-0249
CVE-2007-0258
CVE-2007-0265
CVE-2007-0275
CVE-2007-0302
CVE-2007-0308
CVE-2007-0331
Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments 5.6 Medium field. AVAIL Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites 3.0 allows remote attackers to inject arbitrary web script or HTML 7 High AVAIL via the o parameter. Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo 2.0 and (2) Open Solution Quick.Cart 2.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: some of these details are obtained from third party information. 7 High AVAIL Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal System Beta 0.7.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pic parameter to custom/piczoom.asp, (2) the nocatname parameter to boxx/user-upload.asp, or (3) the iid parameter to 5.6 Medium indexes/newscomments.asp. AVAIL Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01. 2.8 Low AVAIL Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx. 5.6 Medium AVAIL Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.3.4 (beta) allows remote attackers to inject arbitrary web script or 7 High AVAIL HTML via Wiki Page titles. Cross-site scripting (XSS) vulnerability in liens.php3 in liens_dynamiques 2.1 allows remote attackers to inject arbitrary web script or HTML by using the ajouter=1 query string and 7 High AVAIL the add menu.
�CVE-2007-0341
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992. 5.6 Medium AVAIL Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string. 7 High AVAIL Cross-site scripting (XSS) vulnerability in the RSS feed component in FreshReader before 1.0.07010600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to tag attributes. 7 High AVAIL Cross-site scripting (XSS) vulnerability in adminsearch.php in (1) Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and (2) Openads (aka phpAdsNew) before 2.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. 7 High AVAIL Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to (a) suggest_category.php; the (2) u parameter to (b) user_detail.php; the (3) friend_name, (4) friend_email, (5) error_msg, (6) my_name, (7) my_email, and (8) id parameters to (c) tell_friend.php; the (9) error_msg, (10) email, (11) name, and (12) subject parameters to (d) sendmail.php; the (13) email, (14) error_msg, and (15) username parameters to (e) send_pwd.php; the (16) keyword parameter to (f) search.php; the (17) error_msg, (18) username, (19) password, (20) password2, and (21) email parameters to (g) register.php; the (22) url, (23) contact_name, and (24) email parameters to (h) power_search.php; the (25) path and (26) total parameters to (i) new.php; the (27) query parameter to (j) modify.php; the (28) error_msg parameter to (k) login.php; the (29) error_msg and (30) email parameters to (l) mailing_list.php; the (31) gateway parameter to (m) upgrade.php; and another unspecified AVAIL vector.
CVE-2007-0353
CVE-2007-0362
CVE-2007-0363
CVE-2007-0364
7 High
�CVE-2007-0365
Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.009 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably a different vulnerability than CVE-2006-5830. 7 High AVAIL Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-0376
7 High CVE-2007-0379
AVAIL
7 High CVE-2007-0384
AVAIL
5.6 Medium CVE-2007-0390
CVE-2007-0398
CVE-2007-0399
CVE-2007-0400
CVE-2007-0402
AVAIL Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 allows remote attackers to inject arbitrary web script or HTML 7 High AVAIL via the tag parameter. Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in Arnaud Guyonne (aka Arnotic) a-forum allow remote attackers to inject arbitrary web script or HTML via the (1) 7 High AVAIL Sujet or (2) Pseudo field. Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action. 4.2 Medium AVAIL Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the 7 High AVAIL keyword parameter. Cross-site scripting (XSS) vulnerability in admin/edit_member.php in Easebay Resources Paypal Subscription Manager allows remote attackers to inject arbitrary web script or HTML via the username parameter. 7 High AVAIL
�CVE-2007-0407
CVE-2007-0477
CVE-2007-0483
CVE-2007-0514
CVE-2007-0526
CVE-2007-0537
CVE-2007-0542
Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain Black WebGUI before 7.3.5 (beta) allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration, a different vector than CVE-20070308. NOTE: it is possible that a separate 7 High AVAIL "WikiPage titles" issue was also fixed. Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 (aka Max Media Manager before 0.3.31-alphapr2), and phpAdsNew/phpPgAds before 2.0.9pr1 allows remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in admin-search.php and (2) affiliatesearch.php. NOTE: this issue may overlap CVE2007-0363. 7 High AVAIL Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) show_owned.php or (2) show_joined.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. 7 High AVAIL Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP 7 High AVAIL Expect headers or (2) image maps. Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php. 2.3 Low AVAIL The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE5.6 Medium 2007-0478. AVAIL Cross-site scripting (XSS) vulnerability in show.php in 212cafe Guestbook 4.00 beta allows remote attackers to inject arbitrary web 7 High AVAIL script or HTML via the user parameter.
�CVE-2007-0544
CVE-2007-0549
CVE-2007-0550
CVE-2007-0552
CVE-2007-0553
CVE-2007-0565
CVE-2007-0567
CVE-2007-0579
CVE-2007-0592
Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject 4.2 Medium field, a different vector than CVE-2006-2949. AVAIL Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard 6.30 Beta allows remote attackers to inject arbitrary web script or 7 High AVAIL HTML via the user parameter. Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard 0.08 Beta allows remote attackers to inject arbitrary web script or 7 High AVAIL HTML via keyword parameter. Cross-site scripting (XSS) vulnerability in install/default/error404.html in Oh no! Not another CMS (Onnac) 0.0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the error_url parameter. 7 High AVAIL Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php in PHProxy before 0.5 beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) data[realm] and (2) _url parameters, different vectors than CVE-2004-2604. NOTE: some of these details are obtained from third party 7 High AVAIL information. CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via 7 High AVAIL unspecified vectors. Cross-site scripting (XSS) vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML 7 High AVAIL via the _p parameter. Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allows remote attackers to include certain files via unspecified vectors. NOTE: some of these details are obtained from third party information. 5.6 Medium AVAIL Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to admin/login.php and the Admin Panel Database. 5.6 Medium AVAIL
�CVE-2007-0604
Cross-site scripting (XSS) vulnerability in Movable Type (MT) before 3.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the MTCommentPreviewIsStatic tag, which can open the "comment entry screen," a different vulnerability than CVE-2007-0231. 7 High AVAIL Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party AVAIL information. Multiple cross-site scripting (XSS) vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) inc.page.php and (2) AVAIL inc.text.php. Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these details are obtained from AVAIL third party information. Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in custom/import_xml.php or (b) cross-site scripting (XSS) attacks via the rootdir parameter in interface/login/login_frame.php, via vectors associated with extract operations on the (1) POST and (2) GET superglobal arrays. NOTE: this issue was originally disputed before the extract behavior was identified in post-disclosure analysis. Also, the original report identified "Open Conference Systems," but this was an error. AVAIL Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values." AVAIL
CVE-2007-0610
7 High CVE-2007-0611
7 High CVE-2007-0628
7 High CVE-2007-0649
3.4 Low CVE-2007-0660
7 High
�CVE-2007-0696
5.6 CVE-2007-0763
7 CVE-2007-0767
7 CVE-2007-0768
5.6 CVE-2007-0769
7 CVE-2007-0804
7 CVE-2007-0807
7
Cross-site scripting (XSS) vulnerability in error messages in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, different vectors than Medium CVE-2007-0611. AVAIL Cross-site scripting (XSS) vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field. High AVAIL Cross-site scripting (XSS) vulnerability in the core in Phorum before 5.1.18 allows remote attackers to inject arbitrary web script or HTML High AVAIL via unspecified vectors. Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information. Medium AVAIL ** DISPUTED ** Cross-site scripting (XSS) vulnerability in register.php in Phorum 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly." High AVAIL Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ".." sequences in the subpageName parameter, as demonstrated by injecting PHP code into a High AVAIL template file. Cross-site scripting (XSS) vulnerability in info.php in flashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via a channel title (aka room name) that is not properly handled by the "who's online" feature. High AVAIL
�CVE-2007-0834
CVE-2007-0840
CVE-2007-0846
CVE-2007-0852
CVE-2007-0871
CVE-2007-0873
CVE-2007-0874
CVE-2007-0885
Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via the user name field when the user joins a chat room, a different vulnerability than CVE-2007-0807. NOTE: the provenance of this information is unknown; the details are obtained solely from 7 High third party information. Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the search class. NOTE: it is possible that this issue overlaps CVE-20065.6 Medium 4543.3 or CVE-2006-4454. Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to inject arbitrary HTML or web script 5.6 Medium via the name parameter. Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. NOTE: the provenance of this information is unknown; the details are obtained solely from 7 High third party information. Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as 7 High (1) .rar.php or (2) .zip.php. nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/. 7 High Allons_voter 1.0 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) admin_ajouter.php or (2) admin_supprimer.php. NOTE: this could be leveraged to conduct cross-site scripting (XSS) 7 High attacks. Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML 7 High via the id parameter.
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
�CVE-2007-0896
Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "export assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file. 3.3 Low AVAIL Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allows remote attackers to cause a denial of service (loss of cluster services) via a "specific UDP packet" to UDP port 8500, aka bug ID AVAIL CSCsg60949. The Skinny Call Control Protocol (SCCP) implementation in Cisco Unified CallManager (CUCM) 3.3 before 3.3(5)SR2a, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3)SR1, and 5.0 before 5.0(4a)SU1 allows remote attackers to cause a denial of service (loss of voice services) by sending crafted packets to the (1) SCCP (2000/tcp) or (2) SCCPS (2443/tcp) port. AVAIL Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allow remote attackers to cause a denial of service (loss of voice services) via a flood of ICMP echo requests, aka bug ID CSCsf12698. AVAIL The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in Ipsec-tools before 0.6.7 allows remote attackers to cause a denial of service (tunnel crash) via crafted (1) DELETE (ISAKMP_NPTYPE_D) and (2) NOTIFY (ISAKMP_NPTYPE_N) messages. AVAIL
CVE-2007-1826
3.3 Low CVE-2007-1833
2.3 Low CVE-2007-1834
3.3 Low CVE-2007-1841
2.3 Low
�CVE-2007-1856
Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c. 1.6 Low AVAIL The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel before 2.6.20.8 allows attackers to cause a denial of service (kernel panic) via NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack overflow. lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption. lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference. VMware Workstation before 5.5.4 allows attackers to cause a denial of service against the guest OS by causing the virtual machine process (VMX) to store malformed configuration information. Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file7981.doc and (2) file613-1.doc, possibly related to a buffer overflow. The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 and 7.00 before 20070109 implements an option for exclusive access to an RFC server, which allows remote attackers to cause a denial of service (client lockout) via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. 2.3 Low AVAIL The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double-free vulnerability.
CVE-2007-1861
3.3 Low CVE-2007-1869
AVAIL
2.3 Low CVE-2007-1870
AVAIL
3.3 Low CVE-2007-1877
AVAIL
3.3 Low CVE-2007-1911
AVAIL
2.7 Low CVE-2007-1918
AVAIL
CVE-2007-1944
2.3 Low
AVAIL
�CVE-2007-1958
2.3 Low CVE-2007-1981
Buffer overflow in TinyMUX before 2.4 allows attackers to cause a denial of service via unspecified vectors related to "too many substring matches in a regexp $-command." NOTE: some of these details are obtained from third party information. The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command. Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details, it is not clear whether this is the same as CVE2007-0916. bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.
AVAIL
3.3 Low CVE-2007-1994
AVAIL
2.3 Low CVE-2007-1995
AVAIL
2.7 Low CVE-2007-2010
2 Low CVE-2007-2026
3.3 Low CVE-2007-2028
2.3 Low CVE-2007-2029
3.3 Low
AVAIL Double-free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or AVAIL (2) mget command. The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use AVAIL wildcards, as originally reported for AMaViS. Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures. AVAIL File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file. AVAIL
�CVE-2007-2037
1.9 Low CVE-2007-2038
3.3 Low CVE-2007-2039
3.3 Low CVE-2007-2045
2.3 Low CVE-2007-2151
Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x before 4.0.155.0, allows remote attackers on a local network to cause a denial of service (device crash) via malformed Ethernet traffic. The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361. The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841. Unspecified vulnerability in the IP implementation in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (CPU consumption) via crafted IP packets, probably related to fragmented packets with duplicate or missing fragments. The administration server in McAfee eBusiness Server before 8.1.1 and 8.5.x before 8.5.2 allows remote attackers to cause a denial of service (service crash) via a large length value in a malformed authentication packet, which triggers a heap over-read. Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (browser hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. (1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
AVAIL
AVAIL
AVAIL
AVAIL
2.3 Low CVE-2007-2161
AVAIL
2.3 Low CVE-2007-2162
AVAIL
3.3 Low CVE-2007-2163
AVAIL
2.3 Low
AVAIL
�CVE-2007-2164
2.3 Low CVE-2007-2178
Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. Multiple unspecified vulnerabilities in Objective Development Sharity before 3.3 allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors. Multiple unspecified vulnerabilities in IXceedCompression in XceddZipLib (RaidenFTPD.dll) in RaidenFTPD 2.4 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving the (1) CalculateCrc, (2) Compress, and (3) Uncompress functions, which result in a NULL pointer dereference. Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file. Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers to cause a denial of service (application crash) by sending invalid data to TCP port 31337. A certain ActiveX control in askPopStp.dll in Netsprint Ask IE Toolbar 1.1 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long AddAllowed property value, related to "improper memory handling," possibly a buffer overflow. Unspecified vulnerability in the Initialize function in NetscapeFTPHandler in WS_FTP Home and Professional 2007 allows remote attackers to cause a denial of service (NULL dereference and application crash) via unspecified vectors related to "improper arguments."
AVAIL
3.3 Low CVE-2007-2179
AVAIL
3.3 Low CVE-2007-2180
AVAIL
2.7 Low CVE-2007-2186 2.3 Low CVE-2007-2195
AVAIL
AVAIL
2.3 Low CVE-2007-2210
AVAIL
3.3 Low CVE-2007-2213
AVAIL
3.3 Low CVE-2007-2237 Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.
AVAIL
2.7 Low
AVAIL
�CVE-2007-2241
2.7 Low CVE-2007-2242
3.3 Low CVE-2007-2246
3.3 Low CVE-2007-2267
2 Low CVE-2007-2270
3.3 Low CVE-2007-2274
3.3 Low CVE-2007-2276
3.3 Low
Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the AVAIL query_addsoa function. The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two AVAIL routers. Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: due to the lack of details from HP, it is not known whether this issue is a duplicate of another CVE such as CVE-2006-1173 or CVEAVAIL 2006-4434. Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 before 20070424 allows remote authenticated users, operating from a different cluster node, to cause a denial of service (data corruption or send_mondo panic) via unspecified vectors, as demonstrated by EMC Symcli backup software 6.2.1. AVAIL The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other AVAIL locations, in a SIP INVITE request. The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application crash) via a malformed torrent file. NOTE: the original disclosure refers to this to as a memory AVAIL leak, but it is not certain. ** DISPUTED ** 3Com TippingPoint IPS allows remote attackers to cause a denial of service (device hang) via a flood of packets on TCP port 80 with sequentially increasing source ports, related to a "badly written loop." NOTE: the vendor disputes this issue, stating that the product has "performed as expected with no AVAIL DoS emerging."
�CVE-2007-2294
3.3 Low CVE-2007-2297
3.3 Low CVE-2007-2315
3.3 Low CVE-2007-2322
3.3 Low CVE-2007-2336
3.3 Low CVE-2007-2344
The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference. The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash). MiniShare 1.5.4, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a flood of requests for new connections. NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet that contains two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 20070323 allows remote attackers to cause a denial of service (daemon crash) via crafted HTTP requests, as demonstrated by long requests containing '\A' characters, probably a different issue than CVE2006-5112 and CVE-2007-1733. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, on Windows allows remote attackers to cause a denial of service (daemon crash) via a UDP packet that contains an invalid "packet type" field.
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
3.3 Low CVE-2007-2367
10 High CVE-2007-2414 3.3 Low
AVAIL Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) 4.6 allows remote attackers to cause a denial of service (forced application exit) via a long directory name in the AVAIL URI. MyServer before 0.8.8 allows remote attackers to cause a denial of service via unspecified AVAIL vectors.
�CVE-2007-2415
3.3 CVE-2007-2437
2 CVE-2007-2439
6.7 CVE-2007-2445
2.3 CVE-2007-2455
3.3 CVE-2007-2461
3.3
Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial of service (application exit) via a long URI. NOTE: this issue was originally reported as a crash, but the vendor states that the impact is a "clean" exit in which "the server I/O loop finishes and the Low AVAIL process exits normally." The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a Low AVAIL divide-by-zero error. Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to cause a denial of service (device hang) and read data from a COM or LPT device via a DOS device name with an Medium arbitrary extension. AVAIL The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. Low AVAIL Parallels allows local users to cause a denial of service (virtual machine abort) via (1) certain INT instructions, as demonstrated by INT 0xAA; (2) an IRET instruction when an invalid address is at the top of the stack; (3) a malformed MOVNTI instruction, as demonstrated by using a register as a destination; or a write operation to (4) SEGR6 or (5) SEGR7. Low AVAIL The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers to cause a denial of service (dropped packets) via a DHCPREQUEST or DHCPINFORM message that causes multiple DHCPACK messages to be sent from DHCP servers to the agent, which consumes the memory allocated for a local buffer. NOTE: this issue only occurs when multiple DHCP servers Low AVAIL are used.
�CVE-2007-2463
Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination and password expiry. 3.3 Low AVAIL Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using "clientless SSL VPNs," allows remote attackers to cause a denial of service (device reload) via "nonAVAIL standard SSL sessions." Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing (BSM) is enabled for file read, write, attribute modify, create, or delete audit classes, allows local users to cause a denial of service (panic) via unknown vectors, possibly related to the audit_savepath function. AVAIL Unspecified vulnerability in the LDAP Software Development Kit (SDK) for C, as used in Sun Java System Directory Server 5.2 up to Patch 4 and Sun ONE Directory Server 5.1, allows remote attackers to cause a denial of service (crash) via certain BER encodings. AVAIL ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions and other products, allows local users to cause a denial of service (system crash) by sending malformed data to the vsdatant device driver, which causes an AVAIL invalid memory access. Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 and 8.3 allows local users to cause a denial of service (crash) via AVAIL "Program actions relating to exceptions." The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte. AVAIL Unspecified vulnerability in LiveData Server before 5.00.62 allows remote attackers to cause a denial of service (exit) via crafted ConnectionOriented Transport Protocol (COTP) packets. AVAIL
CVE-2007-2464
2.7 Low CVE-2007-2465
1.9 Low CVE-2007-2466
3.3 Low CVE-2007-2467
2.3 Low CVE-2007-2468
2.3 Low CVE-2007-2488
10 High CVE-2007-2490
3.3 Low
�CVE-2007-2491
7 High CVE-2007-2494
10 High CVE-2007-2496
3.3 Low CVE-2007-2497
3.3 Low CVE-2007-2502
3.3 Low CVE-2007-2506
3.3 Low
The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004, triggering a denial of service (virtual machine crash) or other unspecified impact, a related issue to CVEAVAIL 2007-1337. Multiple stack-based buffer overflows in the PowerPointOCX ActiveX control in PowerPointViewer.ocx 3.1.0.3 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. NOTE: some of these details are obtained from AVAIL third party information. The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) GotoPage, (6) Save, (7) SaveWebFile, (8) HttpDownloadFile, (9) Open, (10) OpenWebFile, (11) SaveAs, or (12) AVAIL ShowWordStandardDialog property value. RealNetworks RealPlayer 10 Gold allows remote attackers to cause a denial of service (memory consumption) via a certain .ra file. NOTE: this issue was referred to as a "memory leak," but it is not clear if this is correct. AVAIL Unspecified vulnerability in HP ProCurve 9300m Series switches with software 08.0.01c through 08.0.01j allows remote attackers to cause a denial of service via unknown vectors, a different switch series than CVE-2006-4015. AVAIL WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO. AVAIL
�CVE-2007-2525
Memory leak in the PPPoE socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized. 1.6 Low AVAIL WinAce allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. PicoZip allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. Cdelia Software ImageProcessing allows userassisted remote attackers to cause a denial of service (application crash) via a crafted BMP file. The SaveBarCode function in the Taltech Tal Bar Code ActiveX control allows remote attackers to cause a denial of service (disk consumption) by uploading multiple bar codes, as demonstrated by a WSF package. The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows contextdependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authenticated users to cause a denial of service (IOS reload) via unspecified vectors involving transferring files (aka bug ID CSCse29244). Unspecified vulnerability in the Init function in the Audio CD Ripper OCX (AudioCDRipperOCX.ocx) 1.0 ActiveX control allows remote attackers to cause a denial of service (NULL dereference and Internet Explorer crash) via unspecified vectors. Unspecified vulnerability in the FlexLabel ActiveX control allows remote attackers to cause a denial of service (unstable behavior) via an improper initialization, as demonstrated by a certain value of the Caption property.
CVE-2007-2535
3.3 Low CVE-2007-2536
AVAIL
3.3 Low CVE-2007-2565
AVAIL
2.7 Low CVE-2007-2566
AVAIL
2.3 Low CVE-2007-2583
AVAIL
1.4 Low CVE-2007-2587
AVAIL
2 Low CVE-2007-2603
AVAIL
3.3 Low CVE-2007-2604
AVAIL
3.3 Low
AVAIL
�CVE-2007-2605
Unspecified vulnerability in the GetPropertyById function in ISoftomateObj in SoftomateLib in BRUJULA4.NET.DLL in the Brujula Toolbar (Brujula.net toolbar) allows attackers to cause a denial of service (NULL dereference and browser crash) via certain arguments. 2.7 Low AVAIL Multiple buffer overflows in RControl.dll in Remote Display Dev kit 1.2.1.0 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via (1) a long first argument to the connect function or (2) a long InternalServer property value, possibly involving ntdll.dll. 3.3 Low AVAIL Unspecified vulnerability in Interchange before 5.4.2 allows remote attackers to cause an unspecified denial of service (possibly server hang) via crafted HTTP requests. 3.3 Low AVAIL The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file. 2.3 Low AVAIL Stack-based buffer overflow in the HewlettPackard (HP) Magview ActiveX control in hpqvwocx.dll 1.0.0.309 allows remote attackers to cause a denial of service (application crash) and possibly have other impact via a long argument to the DeleteProfile method. 3.3 Low AVAIL Unspecified vulnerability in the PrecisionID Barcode 1.3 ActiveX control in PrecisionID_DataMatrix.DLL allows remote attackers to cause a denial of service via a long AVAIL argument to the SaveBarCode method. Unspecified vulnerability in the ID Automation Linear Barcode 1.6.0.5 ActiveX control in IDAutomationLinear6.dll allows remote attackers to cause a denial of service via a long argument to the SaveEnhWMF method. AVAIL Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of service (application crash) via a long hostname in an HREF attribute in an A element, which triggers an out-of-bounds AVAIL memory access.
CVE-2007-2623
CVE-2007-2635
CVE-2007-2650
CVE-2007-2656
CVE-2007-2657
3.3 Low CVE-2007-2658
3.3 Low CVE-2007-2671
2.7 Low
�CVE-2007-2697
The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily conduct brute-force attacks against the administrator password, or flood the server with login attempts and cause a denial of service. 5.6 Medium AVAIL BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service (SSL port unavailability) by accessing a halfAVAIL closed SSL socket. The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote userassisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally AVAIL demonstrated using imagemagick convert. Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers to cause a denial of service (application instability) via certain invalid strings in the URL attribute of an ENCLOSURE element, as demonstrated by a "%s" sequence, a "%Y" sequence, a "%%" sequence, and an AVAIL "n," sequence. Media Player Classic 6.4.9.0 allows userassisted remote attackers to cause a denial of service (web browser crash) via an "empty" .MPA file, which triggers a divide-by-zero error. AVAIL BitsCast 0.13.0 allows remote attackers to cause a denial of service (application crash) via an RSS 2.0 feed item with certain invalid strings in a pubDate element, as demonstrated by repeated "../A" or "A/../" patterns. AVAIL The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in AVAIL libpng. The embedded Linux kernel in certain SunBrocade SilkWorm switches before 20070516 does not properly handle a situation in which a non-root user creates a kernel process, which allows attackers to cause a denial of service (oops and device reboot) via unspecified AVAIL vectors.
CVE-2007-2704
2.7 Low CVE-2007-2721
1.9 Low CVE-2007-2722
3.3 Low CVE-2007-2723
2.7 Low CVE-2007-2726
3.3 Low CVE-2007-2756
1.9 Low CVE-2007-2764
3.3 Low
�CVE-2007-2765
2 Low CVE-2007-2772
3.3 Low CVE-2007-2784
3.3 Low CVE-2007-2786
2.3 Low CVE-2007-2789
blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ssh using a login name containing certain strings with an IP address, which is not properly handled by a regular expression, a related issue to CVE-20066301. (1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet. Unspecified vulnerability in globus-job-manager in Globus Toolkit 4.1.1 and earlier (globus_nexus-6.6 and earlier) allows remote attackers to cause a denial of service (resource exhaustion and system crash) via certain requests to temporary TCP ports for a GRAM2 job or its MPICH-G2 applications. Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows remote attackers to cause a denial of service (resource exhaustion) by making many requests from a single client. The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03, and 1.6.x before 1.6.0_01-b06, on Unix/Linux systems, allows remote attackers to trigger the opening of arbitrary local files via a crafted BMP file, which causes a denial of service (system hang) in certain cases such as /dev/tty, and has other unspecified impact.
AVAIL
AVAIL
AVAIL
AVAIL
2.7 Low CVE-2007-2796
3.3 Low CVE-2007-2813
3.3 Low
AVAIL Arris Cadant C3 CMTS allows remote attackers to cause a denial of service (service termination) via a malformed IP packet with an AVAIL invalid IP option. Cisco IOS 12.4 and earlier, when using the crypto packages and SSL support is enabled, allows remote attackers to cause a denial of service via a malformed (1) ClientHello, (2) ChangeCipherSpec, or (3) Finished message AVAIL during an SSL session.
�CVE-2007-2829
2.3 Low CVE-2007-2830
2.3 Low CVE-2007-2869
1.9 Low CVE-2007-2873
1.3 Low CVE-2007-2876
2.3 Low CVE-2007-2878
2.3 Low CVE-2007-2882
2.3 Low
The 802.11 network stack in net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL AVAIL pointer dereference. The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a AVAIL divide-by-zero error. The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form. AVAIL SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd. AVAIL The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference. AVAIL The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system AVAIL crash) via unknown vectors. Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List AVAIL (acl) packets.
�CVE-2007-2885
The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in VDT70.DLL in Microsoft Visual Database Tools (MSVDT) Database Designer 7.0 allows remote attackers to cause a denial of service (Internet Explorer 6 crash) via a long argument. 1.9 Low AVAIL Unspecified vulnerability in the Nortel CS 1000 M media card in Enterprise VoIP-Core-CS 1000E, 1000M, and 1000S 04.50W before 20070523 in Meridian/CS 1000 allows remote attackers to cause a denial of service (card hang) via unspecified vectors. The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error. Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports. Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries. 2.3 Low AVAIL Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a denial of service (browser crash) via a Thread subclass that calls AVAIL super.run from its run method. The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in AVAIL filenames in URLs. The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 allows remote attackers to cause a denial of service (application crash) via a crafted UPX compressed file, which triggers a divide-by-zero error. AVAIL Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a AVAIL malformed TAR archive.
CVE-2007-2886
2.3 Low CVE-2007-2894
AVAIL
1.6 Low CVE-2007-2896
AVAIL
1.9 Low CVE-2007-2903
AVAIL
CVE-2007-2906
2.3 Low CVE-2007-2964
2.3 Low CVE-2007-2972
3.3 Low CVE-2007-2973
3.3 Low
�CVE-2007-2977
Buffer overflow in the receive function in submit/submitcommon.c in the submit daemon in DOMjudge before 2.0.0RC1 allows remote attackers to cause a denial of service or have other unspecified impact. NOTE: some of these details are obtained from third party information. 3.3 Low AVAIL The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298. 3.3 Low AVAIL Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 allows local users to cause a denial of service (daemon termination) via unspecified manipulations of the /var/run/.inetd.uds Unix domain socket file. 2.3 Low AVAIL The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS for Integrity Servers 8.3, and PAS$RTL.EXE before 20070419 on OpenVMS Alpha 8.3, does not properly restore PC and PSL values, which allows local users to cause a denial of service (system crash) via certain Pascal code. 2.3 Low AVAIL Unspecified vulnerability in the Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier allows remote attackers to cause a denial of service (JVM hang) via certain untrusted applets or applications. 1.9 Low AVAIL Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in the HTTP scheme, as demonstrated by a "GET %n://localhost:80/" request.
CVE-2007-2989
CVE-2007-2990
CVE-2007-2998
CVE-2007-3005
CVE-2007-3009
1.9 Low
AVAIL
�CVE-2007-3025
2.3 Low CVE-2007-3044
2.3 Low CVE-2007-3045
2.3 Low CVE-2007-3046
2.3 Low CVE-2007-3086
2.3 Low CVE-2007-3098
2.3 Low CVE-2007-3099
3.3 Low CVE-2007-3100
2.3 Low
Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular AVAIL expressions. Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi XP/W on HI-UX/WE2 before 20070319, and XP/W on HP-UX before 20070405, allows remote attackers to cause a denial of service via certain data to the service AVAIL port. Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on HI-UX/WE2 before 20070213, and on HP-UX before 20070314, allows remote attackers to cause a AVAIL denial of service via certain data to a port. Buffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service (listener crash) via unspecified vectors related to the select I/O implementation and the file set buffer. NOTE: some of these details are obtained from third party information. AVAIL Unrestricted critical resource lock in Agnitum Outpost Firewall PRO 4.0 1007.591.145 and earlier allows local users to cause a denial of service (system hang) by capturing the AVAIL outpost_ipc_hdr mutex. The SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc before 7.0.19 allows remote attackers to cause a denial of service (crash) via a crafted packet to port AVAIL 165/TCP. usr/mgmt_ipc.c in iscsid in open-iscsi (iscsiinitiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss). AVAIL usr/log.c in iscsid in open-iscsi (iscsi-initiatorutils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/worldreadable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the AVAIL semaphore.
�CVE-2007-3112
Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter. 3.3 Low AVAIL Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_height or (2) graph_width AVAIL parameter. Memory leak in server/MaraDNS.c in MaraDNS before 1.2.12.05, and 1.3.x before 1.3.03, allows remote attackers to cause a denial of service (memory consumption) via unspecified AVAIL vectors. Multiple memory leaks in server/MaraDNS.c in MaraDNS before 1.2.12.06, and 1.3.x before 1.3.05, allow remote attackers to cause a denial of service (memory consumption) via AVAIL unspecified vectors. Memory leak in server/MaraDNS.c in MaraDNS 1.2.12.06 and 1.3.05 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. AVAIL unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heapAVAIL based buffer overflow. Gimp 2.3.14 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, a similar issue to CVE-2007AVAIL 2237. Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and earlier, with Ghost 8.0.992 and possibly other versions, allow remote attackers to cause a denial of service (client or server crash) via malformed requests to the daemon port, 1346/udp or 1347/udp. AVAIL rpttop.htm in the web management interface in Packeteer PacketShaper 7.3.0g2 and 7.5.0g1 allows remote attackers to cause a denial of service (device reboot) via a request with empty values of the OP.MEAS.DATAQUERY and MEAS.TYPE parameters. AVAIL
CVE-2007-3113
2 Low CVE-2007-3114
2.3 Low CVE-2007-3115
3.3 Low CVE-2007-3116
2.3 Low CVE-2007-3123
2.3 Low CVE-2007-3126
2.3 Low CVE-2007-3132
2.3 Low CVE-2007-3151
2.3 Low
�CVE-2007-3157
2.3 CVE-2007-3159
2.3 CVE-2007-3162
2.3 CVE-2007-3185
3.3 CVE-2007-0347
1.9 CVE-2007-2371
10 CVE-2007-0021
7 CVE-2007-0148
5.6
IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build 12, and SoftRemote, allows remote attackers to cause a denial of service (infinite loop and system hang) via an invalid packet with certain bytes in an option header, possibly related to the IPv6 Low AVAIL support for IPSec. http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Low AVAIL Content-Length HTTP header. Buffer overflow in the NotSafe function in the idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in Internet Download Accelerator (ida) 5.2 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long argument. Low AVAIL Apple Safari for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as Low AVAIL demonstrated using Hamachi. The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain Low AVAIL messages, tickets, or Wiki entries. admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action. High AVAIL Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI. High AVAIL Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string Medium specifiers in the Javascript alert function. AVAIL
�CVE-2007-0160
7 High CVE-2007-0235
7 High CVE-2007-0255
8 High CVE-2007-0315
8 High CVE-2007-0317
7 High CVE-2007-0330
7 High
Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real AVAIL name strings. Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which triggers the overflow in gnome-systemAVAIL monitor. XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, AVAIL possibly a variant of CVE-2007-0017. Multiple buffer overflows in FileZilla before 2.2.30a allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors related to (1) Options.cpp when sotring settings in the registry, and (2) the transfer queue (QueueCtrl.cpp). NOTE: some of these details are obtained from third party information. AVAIL Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments. NOTE: some of these details are obtained from third AVAIL party information. Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other AVAIL vectors.
�CVE-2007-0344
Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the channel name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit. 7 High AVAIL Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted AVAIL string with a JIS encoded font. The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory AVAIL corruption. Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type. AVAIL The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue AVAIL might overlap CVE-2007-0462. Stack-based buffer overflow in Bloodshed DevC++ 4.9.9.2 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute AVAIL arbitrary code via a long line in a .cpp file.
CVE-2007-0455
3.3 Low CVE-2007-0462
10 High CVE-2007-0463
2.3 Low CVE-2007-0588
2.7 Low CVE-2007-0643
1.9 Low
�CVE-2007-0713
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote userassisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file. 3.7 Low AVAIL Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote userassisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file. Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote userassisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file. Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file. Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote userassisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists. 3.7 Low AVAIL Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute AVAIL arbitrary code via a long line in a .cpp file. The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory AVAIL corruption. Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap AVAIL corruption.
CVE-2007-0715
3.7 Low CVE-2007-0716
AVAIL
3.7 Low CVE-2007-0717
AVAIL
3.7 Low CVE-2007-0718
AVAIL
CVE-2007-0766
8 High CVE-2007-0777
8 High CVE-2007-0796
7 High
�CVE-2007-0884
10 High CVE-2007-0886
Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors. Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which triggers an integer overflow. Heap-based buffer overflow in the management interfaces in (1) Aruba Mobility Controllers 200, 800, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via long credential strings.
AVAIL
10 High CVE-2007-0931
AVAIL
7 High CVE-2007-0933
3.3 Low CVE-2007-1014
10 High CVE-2007-1501
8 High CVE-2007-1544
2.3 Low CVE-2007-1654
8 High
AVAIL Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a beacon frame with a long TIM AVAIL Information Element. Stack-based buffer overflow in VicFTPS before 5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long CWD command. AVAIL Stack-based buffer overflow in Avant Browser 11.0 build 26 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Content-Type HTTP AVAIL header. Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value. AVAIL Buffer overflow in the Ne7sshSftp::addOpenHandle function in ne7ssh_sftp.cpp in NetSieben SSH Library (ne7ssh) before 1.2.1 allows user-assisted remote SFTP servers to cause a denial of service (crash) or possibly execute arbitrary code via multiple file transfers, related to multiple open file handles in SFTP (1) put and AVAIL (2) get operations.
�CVE-2007-1655
CVE-2007-2053
CVE-2007-2362
CVE-2007-2459
CVE-2007-2602
CVE-2007-2645
Buffer overflow in the fun_ladd function in funmath.cpp in TinyMUX before 20070126 might allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors related to lists of 10 High AVAIL numbers. Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB. 10 High AVAIL Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer 6 Medium overflow in update.c. AVAIL Buffer overflow in the read_4bit_bmp function in bmp.c in Imager 0.56 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via 4-bit/pixel BMP files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party 3.3 Low AVAIL information. Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of service (application crash) or execute arbitrary code via a long MIB filename argument. NOTE: If there is not a common scenario under which MIBEXTRA.EXE is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE. 3.3 Low AVAIL Integer overflow in the exif_data_load_data_entry function in exifdata.c in libexif before 0.6.14 allows userassisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff 8 High AVAIL or (2) s variable.
�CVE-2007-2741
10 High CVE-2007-2831
10 High CVE-2007-2919
8 High CVE-2007-2946
10 High CVE-2007-3169
1.9 Low CVE-2007-0003
7 High CVE-2007-0007
3.3 Low CVE-2007-0022
7 High
Stack-based buffer overflow in Little CMS (lmcs) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC AVAIL profile in a JPG file. Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allow local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index AVAIL value. Multiple stack-based buffer overflows in the FViewerLoading ActiveX control (FlipViewerX.dll) in E-Book Systems FlipViewer before 4.1 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via long (1) UID, (2) Opf, (3) PAGENO, (4) LaunchMode, (5) SubID, (6) BookID, (7) LibraryID, (8) SubURL, and (9) LoadOpf AVAIL properties. Buffer overflow in a certain ActiveX control in LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long DestinationPath property value. AVAIL Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long first argument to the HttpDownloadFile AVAIL method. pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two AVAIL characters. gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files. AVAIL Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to gain privileges via a modified PATH that points to a malicious launchctl AVAIL program.
�CVE-2007-0023
The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user. AVAIL Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to 7 High AVAIL Customize.asp. Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized 10 High AVAIL access. Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and possibly other versions allows local users to provide a Trojan horse iphlpapi.dll to SKPF by placing it in the installation directory. 4.2 Medium AVAIL ** DISPUTED ** Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows local users to gain privileges via a long MCfilename. NOTE: this issue has been disputed by a reliable third party who states that the compiler is not a privileged program, so 3.4 Low AVAIL privilege boundaries cannot be crossed. Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer 3.4 Low AVAIL reference. jgbbs stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct 7 High AVAIL request for db/bbs.mdb. WineGlass stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct 7 High AVAIL request for db/data.mdb. 5.6 Medium
CVE-2007-0049
CVE-2007-0057
CVE-2007-0081
CVE-2007-0084
CVE-2007-0085
CVE-2007-0089
CVE-2007-0090
�CVE-2007-0091
7 High CVE-2007-0094
7 High CVE-2007-0096
7 High CVE-2007-0100
10 High CVE-2007-0101
newsCMSlite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for newsCMS.mdb. Sven Moderow GuestBook 0.3a stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for (1) gbook97.mdb or (2) gbook.mdb in ~db/. CarbonCommunities stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for DataBase/Carbon2.4d.mdb. The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows remote attackers to overwrite arbitrary files by modifying the client config file on the server, or by operating a malicious server. Cross-site request forgery (CSRF) vulnerability in SPINE allows remote attackers to perform unauthorized actions as administrators via unspecified vectors. NOTE: some of these details are obtained from third party information.
AVAIL
AVAIL
AVAIL
AVAIL
5.6 Medium CVE-2007-0108
3.4 Low CVE-2007-0116
7 High CVE-2007-0117
10 High
AVAIL nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated AVAIL users to invoke alternate user profiles. Digger Solutions Intranet Open Source (IOS) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for AVAIL data/intranet.mdb. DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation. AVAIL
�CVE-2007-0131
7 High CVE-2007-0139
7 High CVE-2007-0149
7 High CVE-2007-0151
7 High CVE-2007-0152
7 High CVE-2007-0153
7 High CVE-2007-0154
7 High CVE-2007-0155
7 High CVE-2007-0156
7 High
JAMWiki before 0.5.0 does not properly check permissions during moves of "read-only or admin-only topics," which allows remote attackers to make unauthorized changes to the AVAIL wiki. Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain "unintended privileged access to data and system resources" via unspecified vectors, related to (1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.HLB, and (4) AVAIL [SYSMGR]CTF$STARTUP.COM. EMembersPro 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for users.mdb. AVAIL MitiSoft stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct AVAIL request for access_MS/MitiSoft.mdb. OhhASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct AVAIL request for db/OhhASP.mdb. AJLogin 3.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct AVAIL request for ajlogin.mdb. Webulas stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct AVAIL request for db/db.mdb. HarikaOnline 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for harikaonline.mdb. AVAIL M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct AVAIL request to db/uyelik.mdb.
�CVE-2007-0159
CVE-2007-0162
CVE-2007-0166
CVE-2007-0184
CVE-2007-0187
CVE-2007-0188
CVE-2007-0192
Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the database filename, which is returned by a request to 4.7 Medium app/update_getfilename. AVAIL Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.fram ework directory, which allows local users to gain privileges by modifying or replacing the binary or 4.2 Medium library files. AVAIL The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside 3.4 Low AVAIL of the jail via a symlink attack. Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks. 7 High AVAIL F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URLencoded directory traversal or same-directory characters, or (5) upper case letters in the 7 High AVAIL domain name. F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources. 4.2 Medium AVAIL Cross-site request forgery (CSRF) vulnerability in the save_main operation in the ad_perms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka the "All Guests are Admin" attack. 7 High AVAIL
�CVE-2007-0193
FON La Fonera routers do not properly limit DNS service access by unauthenticated clients, which allows remote attackers to tunnel traffic via DNS requests for hosts that should not be accessible before authentication. 7 High AVAIL The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a 7 High AVAIL buffer overflow. The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware." 7 High AVAIL The ndeb-binary feature in Lookup (lookup-el) allows local users to overwrite arbitrary files via 4.9 Medium a symlink attack on temporary files. AVAIL Integer underflow in the DecodeGRE function in src/decode.c in Snort 2.6.1.2 allows remote attackers to trigger dereferencing of certain memory locations via crafted GRE packets, which may cause corruption of log files or writing of sensitive information into log files. 3.3 Low AVAIL Unspecified vulnerability in easy-content filemanager allows remote attackers to upload or modify arbitrary files via unspecified vectors. 7 High AVAIL ** DISPUTED ** Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code. 7 High AVAIL snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile 10 High AVAIL parameter.
CVE-2007-0210
CVE-2007-0211
CVE-2007-0237
CVE-2007-0251
CVE-2007-0252
CVE-2007-0257
CVE-2007-0261
�CVE-2007-0271
CVE-2007-0272
CVE-2007-0274
Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors related to the Log Miner component and sys.dbms_log_mnr privileges, aka DB04. NOTE: Oracle has not disputed a reliable researcher claim that this is a buffer overflow in the ADD_LOGFILE procedure for the SYS.DBMS_LOGMNR package that allows 2.8 Low AVAIL code execution. Unspecified vulnerability in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and attack vectors related to the Oracle Spatial component and mdsys.md privileges, aka DB05. NOTE: Oracle has not disputed a reliable researcher report that claims this is for multiple buffer overflows and other issues in unspecified public procedures. 4 Medium AVAIL Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09). NOTE: Oracle has not disputed reliable researcher claims that DB08 is for a buffer overflow in the GET_OBJECT_NAME procedure in the DBMS_LOGREP_UTIL package, and DB09 is for buffer overflows in the CREATE_CAPTURE, ALTER_CAPTURE, and ABORT_TABLE_INSTANTIATION procedures in SYS.DBMS_CAPTURE_ADM_INTERNAL. 1.4 Low AVAIL Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that OPMN01 is for a buffer overflow in Oracle Notification Service (ONS). 4.7 Medium AVAIL Unspecified vulnerability in GONICUS System Administration (GOsa) before 2.5.8 allows remote authenticated users to modify certain settings, including the admin password, via 6 Medium crafted POST requests.
CVE-2007-0280
CVE-2007-0313
AVAIL
�CVE-2007-0332
CVE-2007-0333
CVE-2007-0334
CVE-2007-0336
CVE-2007-0345
CVE-2007-0351
CVE-2007-0366
(1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques 2.1 do not require authentication, which allows remote attackers to perform unauthorized 7 High administrative actions using a direct request. Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product's installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated 7 High by modifying SandBox.sys. Unspecified vulnerability in the SIP module in InGate Firewall and SIParator before 4.5.1 allows remote attackers to conduct replay attacks on the authentication mechanism via 7 High unknown vectors. Undercover.app/Contents/Resources/uc in Rixstep Undercover allows local users to overwrite arbitrary files, probably related to a 3.9 Low race condition. The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcad mintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions 4.2 Medium repair via diskutil. Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the 5.6 Medium user. Untrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a 4.9 Medium malicious ipfw program.
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
�CVE-2007-0367
4.9 CVE-2007-0392
4.9 CVE-2007-0393
4.9 CVE-2007-0394
4.9 CVE-2007-0405
4.2 CVE-2007-0408
7 CVE-2007-0411
5.6 CVE-2007-0416
7 CVE-2007-0417
10
Rumpus 5.1 and earlier has weak permissions for certain files and directories under /usr/local/Rumpus, including the configuration file, which allows local users to have an unknown impact by creating, modifying, or Medium deleting files. AVAIL IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572. Medium AVAIL Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of Medium CVE-2002-0572. AVAIL HP HP-UX B11.11 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of Medium CVE-2002-0572. AVAIL The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user. Medium AVAIL BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an High AVAIL untrusted X.509 certificate. BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which allows remote attackers to conduct a manMedium in-the-middle (MITM) attack. AVAIL The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to High AVAIL bypass application security. BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative High AVAIL identity.
�CVE-2007-0418
BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods. 7 High AVAIL BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," 3.9 Low which has an unknown impact. Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to gain privileges via unspecified vectors, related to an "overflow condition," probably a 7 High buffer overflow. BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended 5.6 Medium restrictions. BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject malformed request messages to a proxy service, which might allow remote attackers to bypass authorization policies and route requests to back-end services or conduct other unauthorized 7 High activities. Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been 4.2 Medium disabled. BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2 does not properly set the severity level of audit events when the system load is high, which might make it easier for attackers to avoid detection. 4.9 Medium T-Com Speedport 500V routers with firmware 1.31 allow remote attackers to bypass authentication and reconfigure the device via a LOGINKEY=TECOM cookie value. 7 High
CVE-2007-0423
AVAIL
CVE-2007-0425
AVAIL
CVE-2007-0426
AVAIL
CVE-2007-0432
AVAIL
CVE-2007-0433
AVAIL
CVE-2007-0434
AVAIL
CVE-2007-0435
AVAIL
�CVE-2007-0436
Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install BMS1472) in X-Kryptor Secure Client does not drop privileges when launching an Explorer window in response to a help command, which allows local users to gain LocalSystem privileges via interactive use of Explorer. 7 High AVAIL The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI. 10 High AVAIL Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors. 7 High AVAIL sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication AVAIL token. Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp. AVAIL Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue AVAIL with smb4k_kill." Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with AVAIL the sudo configuration.
CVE-2007-0448
CVE-2007-0470
CVE-2007-0471
7 High CVE-2007-0472
3.9 Low CVE-2007-0474
2.6 Low CVE-2007-0475
3.9 Low
�CVE-2007-0476
CVE-2007-0482
CVE-2007-0517
CVE-2007-0518
CVE-2007-0528
CVE-2007-0536
CVE-2007-0557
CVE-2007-0585
The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite 4.9 Medium arbitrary files via a symlink attack. cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, 4.9 Medium unspecified local attack. Scriptsez Random PHP Quote 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password information via a 7 High direct request for pwd.txt. Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for 7 High pwd.txt. The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and 6 Medium configuration data). The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain 7 High privileges. rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different 7 High vulnerability than CVE-2007-0536. include/debug.php in Webfwlog 0.92 and earlier, when register_globals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct directory traversal attacks. 8 High
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
�CVE-2007-0599
Variable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/common_actions.php, via vectors associated with extract operations on the (1) POST, (2) GET, (3) COOKIE, and (4) SERVER superglobal arrays. 7 High AVAIL common/safety.php in Aztek Forum 4.00 allows remote attackers to enter certain data containing %22 sequences (URL encoded double quotes) and other potentially dangerous manipulations by sending a cookie, which bypasses the blacklist matching against the GET and PUT superglobal arrays. AVAIL Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro VirusWall 3.81 for Linux, as used by IScan.BASE/vscan, allows local users to gain privileges via a long command line argument, a different vulnerability than CVE5.6 Medium 2005-0533. AVAIL PGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the 4.8 Medium corresponding address. AVAIL The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from third party 4.7 Medium information. AVAIL Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag. 5.6 Medium AVAIL Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to read and overwrite arbitrary files via the gamedir command. 7 High AVAIL 7 High
CVE-2007-0601
CVE-2007-0602
CVE-2007-0603
CVE-2007-0629
CVE-2007-0652
CVE-2007-0657
�CVE-2007-0675
** DISPUTED ** The Speech Recognition feature of Windows Vista allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer. NOTE: the vendor disputes the severity of this issue, stating that "there is little if any need to worry about the effects of this issue on your new Windows Vista installation." Since little user interaction is required, and the relevant operating environment is common, CVE considers this a vulnerability. 5.6 Medium AVAIL profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to High AVAIL register.php. index2.php in ACGVannu 1.3 and earlier allows remote attackers to change the password or profile of a user via a modified id parameter, related to templates/modif.html. NOTE: some of these details are obtained from third party Medium information. AVAIL Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and Portable Sleipnir 2.45 and earlier, allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information. High AVAIL Cross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third High AVAIL party information. The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not properly check certain environment variables, which allows local users to gain privileges via unspecified vectors. Medium AVAIL
CVE-2007-0681
7 CVE-2007-0697
4.7 CVE-2007-0705
7 CVE-2007-0706
7 CVE-2007-0737
4.9
�CVE-2007-0760
10 High CVE-2007-0792
7 High CVE-2007-0806
7 High CVE-2007-0819
7 High CVE-2007-0829
3.9 Low CVE-2007-0845
7 High CVE-2007-0849
EQdkp 1.3.1 and earlier authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote attackers to read or modify account names and passwords via a spoofed Referer. The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file. Les News 2.2 allows remote attackers to bypass authentication and gain administrative access via a direct request for adminews/index_fr.php3, and possibly the adminews index documents for other localizations. HP Network Node Manager (NNM) Remote Console 7.50 assigns Everyone Full Control permission for the %PROGRAMFILES%\HP OpenView directory tree, which allows local users to gain privileges via a Trojan horse executable file or ActiveX component, or a modified bin\ovtrcsvc.exe for the HP Open View Shared Trace Service. avast! Server Edition before 4.7.726 does not demand a password in a certain intended context, even when a password has been set, which allows local users to bypass authentication requirements. admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1. scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly quote pathnames in user home directories, which allows local users to gain privileges by placing shell metacharacters in a directory name, and then using the control panel to protect this directory, a different vulnerability than CVE-2005-2568.
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
7 High
AVAIL
�CVE-2007-0889
Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible encoding") for passwords, account names, and IP addresses in kiwidb-cattools.kdb, which might allow local users to gain sensitive information by decrypting the file. NOTE: this issue could be leveraged with a directory traversal vulnerability for a remote attack vector. 4.9 Medium AVAIL Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435. 2.6 Low AVAIL Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a 4.7 Medium multi-part message. Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php in Jportal 2.3.1, and possibly earlier, allows remote attackers to perform privileged actions as administrators by tricking the admin into accessing a URL with modified arguments to 8 High admin/admin.adm.php. Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a crafted 10 High RPC request. Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top6.7 Medium level URI. Till Gerken phpPolls 1.0.3 allows remote attackers to bypass authentication and perform certain administrative actions via a direct request to phpPollAdmin.php3. NOTE: this 7 High issue might subsume CVE-2006-3764. The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows remote attackers to gain administrative privileges, probably via modified $mysql['pass'] and $gbpass variables. 7 High
CVE-2007-0895
CVE-2007-0898
AVAIL
CVE-2007-0912
AVAIL
CVE-2007-0915
AVAIL
CVE-2007-0921
AVAIL
CVE-2007-0924
AVAIL
CVE-2007-0926
AVAIL
�CVE-2007-0930
CVE-2007-0932
CVE-2007-0960
CVE-2007-0968
CVE-2007-0972
CVE-2007-0973
CVE-2007-0975
CVE-2007-0978
Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's 7 High extract function. The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative 7 High interfaces or the WLAN. Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when configured to use the LOCAL authentication method, allows remote authenticated users to gain privileges via 6 Medium unspecified vectors. Unspecified vulnerability in Cisco Firewall Services Module (FWSM) before 2.3(4.7) and 3.x before 3.1(3.1) causes the access control entries (ACE) in an ACL to be improperly evaluated, which allows remote authenticated users to bypass intended certain ACL 4.8 Medium protections. Unrestricted file upload vulnerability in modules/emoticons.php in Jupiter CMS 1.1.5 allows remote attackers to upload arbitrary files by modifying the HTTP request to send an image content type, and to omit is_guest and is_user parameters. NOTE: this issue might be 7 High related to CVE-2006-4875. Multiple cross-site scripting (XSS) vulnerabilities in index.php in Jupiter CMS 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header and certain other HTTP headers, which are displayed without proper sanitization when an administrator performs a Logged Guest action. 7 High Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array. 2.3 Low Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain privileges via long input data. 7 High
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
�CVE-2007-0981
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code. 7 High AVAIL Directory traversal vulnerability in archives.php in Xpression News (X-News) 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter. 7 High AVAIL Unspecified vulnerability in Distributed Checksum Clearinghouse (DCC) before 1.3.51 allows remote attackers to delete or add hosts AVAIL in /var/dcc/maps. dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle AVAIL attacks. Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods. AVAIL Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via (1) an avatar upload in an add_down action, or (2) an add_link action. AVAIL Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote authenticated administrators to upload arbitrary files to AVAIL /modules/content/pictures/tmp/. WebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image Uploader, which has unknown impact and attack vectors. AVAIL
CVE-2007-1040
CVE-2007-1047
7 High CVE-2007-1099
7 High CVE-2007-1112
10 High CVE-2007-1129
7 High CVE-2007-1150
2.2 Low CVE-2007-1178
7 High
�CVE-2007-1183
CVE-2007-1188
CVE-2007-1256
CVE-2007-1309
CVE-2007-1359
CVE-2007-1384
CVE-2007-1396
CVE-2007-1444
WebAPP before 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown 7 High impact and attack vectors. WebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for (1) composition or (2) length, which has unknown impact, possibly related to "search 7 High form hijacking". Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a 5.6 Medium variant of CVE-2007-1092. Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying 6 Medium policy.txt. Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python. 5.6 Medium Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.2 allows remote attackers to overwrite arbitrary files via ".." sequences in a 4.7 Medium torrent filename. The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address and Referer data, and have other unspecified impact. NOTE: it could be argued that this is a design limitation of PHP and that only the misuse of this feature, i.e. implementation bugs in applications, should be included in CVE. However, it has been fixed by the vendor. 10 High netserver in netperf 2.4.3 allows local users to overwrite arbitrary files via a symlink attack on 3.9 Low /tmp/netperf.debug.
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
�CVE-2007-1451
CVE-2007-1497
CVE-2007-1500
CVE-2007-1535
CVE-2007-1562
CVE-2007-1563
CVE-2007-1564
CVE-2007-1599
GuppY 4.0 allows remote attackers to delete arbitrary files via a direct request to install/install.php, then selecting "Installation propre" (cleanup.php) and then "Suppression 4.7 Medium des fichiers d'installation" (delete.php). AVAIL nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 7 High AVAIL fragments. The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as 2.9 Low AVAIL demonstrated using /tmp/lsat1.lsat. Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo. 7 High AVAIL The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an 5.6 Medium FTP PASV response. AVAIL The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. 5.6 Medium AVAIL The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. 5.6 Medium AVAIL wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter. 4.2 Medium AVAIL
�CVE-2007-1692
The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector. 7 High AVAIL
CVE-2007-1745
CVE-2007-1799
CVE-2007-1800
CVE-2007-1831
CVE-2007-1879
The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party 2.7 Low information. Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an 4.7 Medium incomplete fix for CVE-2007-1384. Cisco Secure ACS does not require authentication when Cisco Trust Agent (CTA) transmits posture information, which might allow remote attackers to gain network access via a spoofed Network Endpoint Assessment posture, aka "NACATTACK." NOTE: this attack might be limited to authenticated users and 7 High devices. web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to open files and write "wrong data" via a crafted 3.4 Low QUERY_STRING. The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command. NOTE: this issue might be related to CVE-2007-1112. 8 High
AVAIL
AVAIL
AVAIL
AVAIL
AVAIL
�CVE-2007-1949 7 High CVE-2007-1951 7 High CVE-2007-1952
7 High CVE-2007-1953
Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. Session fixation vulnerability in onelook courts on-line allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not check authentication, which allows remote attackers to obtain or modify user information via a direct request.
AVAIL
AVAIL
AVAIL
7 High CVE-2007-2017
AVAIL
7 High CVE-2007-2023 USB20.dll in Secustick USB flash drive decouples the authorization and file access routines, which allows local users to bypass authentication requirements by altering the return value of the VerifyPassWord function. Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the file path in an (1) GZ, (2) TAR, (3) RAR, (4) JAR, or (5) ZIP archive.
AVAIL
7 High CVE-2007-2058
AVAIL
CVE-2007-2063
CVE-2007-2074
CVE-2007-2138
AVAIL SSH Tectia Server for IBM z/OS before 5.4.0, when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other 3.9 Low AVAIL unknown impact. Certain programs in containers in ScramDisk 4 Linux before 1.0-1 execute with SUID permissions, which allows local users to gain 4.9 Medium privileges via mounted containers. AVAIL Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings." 3.4 Low AVAIL
5.6 Medium
�CVE-2007-2170
CVE-2007-2188
CVE-2007-2200
CVE-2007-2221
CVE-2007-2385
CVE-2007-2453
The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-20076.7 Medium 2128. AVAIL eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to 10 High AVAIL conduct DNS spoofing. Directory traversal vulnerability in navigator/navigator_ok.php in Pagode 0.5.8 allows remote attackers to read and possibly delete arbitrary files via a .. (dot dot) in the 10 High AVAIL asolute parameter. Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability." 8 High AVAIL The Yahoo! UI framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." 2.3 Low AVAIL The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source. 4.9 Medium AVAIL
�CVE-2007-2480
The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other applications. AVAIL Unspecified vulnerability in search/list/action_search/index.php in ACP3 4.0 beta 3 allows remote attackers to have unknown impact, relating to "Cookie Manipulation", via the form[search_term] 7 High AVAIL parameter. Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE. 3.3 Low AVAIL A certain ActiveX control in Morovia Barcode ActiveX Professional 3.3.1304 allows remote attackers to overwrite arbitrary files by calling 6.7 Medium the Save method with an arbitrary filename. AVAIL xfs_fsr in xfsdump creates a temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary 3.9 Low AVAIL files on xfs filesystems. The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP 3.3 Low AVAIL traffic. Check Point Web Intelligence does not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. 3.3 Low AVAIL Multiple IBM ISS Proventia Series products, including the A, G, and M series, do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. 3.3 Low AVAIL 4.9 Medium
CVE-2007-2578
CVE-2007-2606
CVE-2007-2644
CVE-2007-2654
CVE-2007-2688
CVE-2007-2689
CVE-2007-2690
�CVE-2007-2691
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. 2.2 Low AVAIL The DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control allows remote attackers to overwrite arbitrary files via the SaveToFile function. Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows remote attackers to identify valid users via unspecified vectors, probably related to timing attacks and AuthInteractiveFailureRandomTimeout. Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events. Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.
CVE-2007-2725
7 High CVE-2007-2791
AVAIL
10 High CVE-2007-2843
AVAIL
10 High CVE-2007-3053
AVAIL
7 High CVE-2007-0882
AVAIL
10 High
AVAIL
�Categories:
code injection denial of service gain of priveleges/access control unknown Interaction description
Vulnerability Type
References
Interactions
INPUT |
http://www.securityfocus.com/archive/1/archive/1/457159/100/0/threaded | http://www.kb.cert.org/vul
http://forums.grsecurity.net/viewtopic.php?t=1646 | http://www.digitalarmaments.com/news_news.shtml | http://grsecurity.net/n 1
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert ?
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert ?
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert ?
INPUT |
http://sourceforge.net/project/shownotes.php?release_id=479480&group_id=187000 | http://www.frs 1 Specially crafted request
�INPUT |
DESIGN |
http://sourceforge.net/forum/forum.php?forum_id=660819 | http://www.frsirt.com/english/advisories/2 ?
INPUT |
search string = single character, replace string http://www.php-security.org/MOPB/MOPB-39-2007.html | 2 = single character
INPUT |
http://sourceforge.net/project/shownotes.php?release_id=500238&group_id=32077 | http://www.frsir 1
INPUT |
INPUT | ACCESS |
http://www.securityfocus.com/archive/1/archive/1/468049/100/0/threaded | http://www.securityfocus. 1 SSL bypassed
�INPUT |
HTML or web script injected by the sortby http://www.securityfocus.com/archive/1/archive/1/455615/100/0/threaded | http://www.securityfocus. 1 parameter
INPUT |
Arbitrary code injected via (1) cat parameter to (a) ashop/catalogue.php and (b) ashop/basket.php, the (2) exp parameter to ashop/catalogue.php, the (3) searchstring parameter to (c) ashop/search.php, the (4) checkout and (5) action parameters to (d) ashop/shipping.php, the cat parameter to (f) cart-path/admin/editcatalogue.php, and the (7) resultpage parameter to (g) cartpath/admin/salesadmin.php. http://www.securityfocus.com/archive/1/archive/1/455629/100/0/threaded | http://www.securityfocus. ?
INPUT |
http://www.securityfocus.com/archive/1/archive/1/455726/100/0/threaded | http://www.securityfocus. 1 Invalid URI in getURL
INPUT |
Invalid tokens and qoute characters or HTML http://www.securityfocus.com/archive/1/archive/1/456048/100/0/threaded | http://www.hardened-php 1 tages in URL variable names
INPUT |
Web script or HTML injected vi IssueInstant https://secure-support.novell.com/KanisaPlatform/Publishing/143/3615264_f.SAL_Public.html | http:/ 1 Parameter
INPUT |
crafted parameter to mkpw_mp.cgi, mkpw.pl, http://www.securityfocus.com/archive/1/archive/1/456055/100/0/threaded | http://www.securityfocus. 1 or mkpw.cgi
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456052/100/0/threaded | http://www.securityfocus. 1 crafted g parameter to search.asp
�INPUT |
http://marc.theaimsgroup.com/?l=full-disclosure&m=116799778408115&w=2 | http://drupal.org/node 2
INPUT |
http://jvn.jp/jp/JVN%2365500885/index.html | http://serenebach.net/log/sb119R.html | http://sereneba 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456122/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://www.milw0rm.com/exploits/3089 | http://secunia.com/advisories/23652 | http://xforce.iss.net/xf 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456121/100/0/threaded | http://www.frsirt.com/engl ?
INPUT |
http://secunia.com/advisories/23656 | http://www.securityfocus.com/bid/21953 | http://xforce.iss.net/x 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456296/100/0/threaded | http://www.eazel.es/advis 1
�INPUT |
http://sourceforge.net/forum/forum.php?forum_id=652721 | http://svn.wikimedia.org/svnroot/mediaw 2 wgUseAjax = true, other params unspecified
INPUT |
http://www.securityfocus.com/bid/21977 | http://secunia.com/advisories/23605 |
INPUT |
http://www.mnin.org/advisories/2007_firepass.pdf | https://tech.f5.com/home/solutions/sol6919.html ?
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456042/100/100/threaded | http://xforce.iss.net/xfo 1
INPUT |
http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0 | http://www.frsirt.com/english/a ?
INPUT |
http://www.milw0rm.com/exploits/3115 | http://secunia.com/advisories/23699 | http://xforce.iss.net/xf 1
�INPUT | CONFIG |
(1) nofollow disabled AND (2) unmoderated http://golem.ph.utexas.edu/~distler/blog/archives/001102.html | http://www.zackvision.com/weblog/2 2 comments enabled
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456636/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://14house.blogspot.com/2007/01/fastilo-open-source-shopping-cart-vuln.html | http://www.secur 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456699/100/0/threaded | http://www.bugsec.com/a 1
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456970/100/0/threaded | http://www.securityfocus. 2
INPUT |
http://www.plainblack.com/getwebgui/advisories/webgui-7_3_4-beta-released#BUeIjcWiQasypsJxD1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456986/100/0/threaded | http://www.securityfocus. 2 (1) ajouter=1 querery string and (2) add menu
�INPUT |
URI of script or HTML in convcharset http://www.securityfocus.com/archive/1/archive/1/456726/100/0/threaded | http://www.securityfocus. 1 parameter
INPUT |
web script or HTML injected via the http://www.securityfocus.com/archive/1/archive/1/457206/100/0/threaded | http://mywebland.com/for 1 PATH_INFO string.
INPUT |
http://jvn.jp/jp/JVN%2395249468/index.html | http://manual.freshreader.com/archives/2007/01/20070 1 Scripts inserted into vectors
INPUT |
http://sourceforge.net/project/shownotes.php?group_id=11386&release_id=479424 | http://sourcefor 1 Scripts inserted into vectors
INPUT |
web script or HTML inserted via the (1) error_msg parameter to (a) suggest_category.php; the (2) u parameter to (b) user_detail.php; the (3) friend_name, (4) friend_email, (5) error_msg, (6) my_name, (7) my_email, and (8) id parameters to (c) tell_friend.php; the (9) error_msg, (10) email, (11) name, and (12) subject parameters to (d) sendmail.php; the (13) email, (14) error_msg, and (15) username parameters to (e) send_pwd.php; the (16) keyword parameter to (f) search.php; the (17) error_msg, (18) username, (19) password, (20) password2, and (21) email parameters to (g) register.php; the (22) url, (23) contact_name, and (24) email parameters to (h) power_search.php; the (25) path and (26) total parameters to (i) new.php; the (27) query parameter to (j) modify.php; the (28) error_msg parameter to (k) login.php; the (29) error_msg and (30) email parameters to (l) mailing_list.php; the (31) gateway parameter to (m) upgrade.php; and another unspecified http://www.securityfocus.com/archive/1/archive/1/457079/100/0/threaded | http://www.securityfocus. ?
�INPUT |
Scripts inserted into vectors http://sourceforge.net/project/shownotes.php?release_id=478370 | http://www.frsirt.com/english/advi ?
INPUT |
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://virtuemart.svn.sourc 1 Scripts inserted into vectors
INPUT |
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advi 1 Scripts inserted into vectors
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advisories/festival.txt | http://no 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/457331/100/0/threaded | http://www.securityfocus. 1 Scripts inserted into tag parameter
INPUT |
Scripts or HTML injected via (1)Suject or (2) http://www.securityfocus.com/archive/1/archive/1/457503/100/0/threaded | http://www.attrition.org/pip 1 Pseudo fields
INPUT |
Scripts or HTML injected via recipient or BCC http://www.securityfocus.com/archive/1/archive/1/457508/100/0/threaded | http://aria-security.com/fo 1 fields
INPUT |
Scripts or HTML injected via keyword http://www.securityfocus.com/archive/1/archive/1/457505/100/0/threaded | http://xforce.iss.net/xforce 1 parameter
INPUT |
Scripts or HTML injected via username http://www.securityfocus.com/archive/1/archive/1/457506/100/0/threaded | http://xforce.iss.net/xforce 1 parameter
�INPUT |
(1) Scripts or HTML injected via username parameter and (2) anonymous registration is http://www.plainblack.com/bugs/tracker/security-update-cross-site-scripting-vulnerability | http://www 2 being done
http://forum.openads.org/index.php?showtopic=503412651 | http://jvn.jp/jp/JVN%2307274813/index.html | https://developer.op 1
INPUT |
URI of script or HTML in (1) show_owned.php http://secunia.com/advisories/23865show_joined.php 1 or (2) | http://www.securityfocus.com/bid/22180 | http://xforce.iss.net/x
INPUT |
Web script or HTML injected via (1) HTTP http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html | http://www.frsirt.com/engli 1 Expect headers or (2) image maps
INPUT |
Web scripts or HTML injected via URL in http://www.securityfocus.com/archive/1/archive/1/457695/100/0/threaded | http://xforce.iss.net/xforce 1 PATH_INFO parameter
INPUT |
http://www.securityfocus.com/archive/1/archive/1/457924/100/0/threaded | http://www.kde.org/info/se 1 HTML embedded in comment tags
INPUT |
http://www.securityfocus.com/archive/1/archive/1/457660/100/0/threaded | http://xforce.iss.net/xforce 1
�INPUT |
http://www.securityfocus.com/archive/1/archive/1/457929/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/457611/100/0/threaded | http://xforce.iss.net/xforce 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/457611/100/0/threaded | http://xforce.iss.net/xforce 1
INPUT |
http://onnac.svn.sourceforge.net/viewvc/onnac/trunk/install/default/error404.html?view=log | http://so 1
INPUT |
http://sourceforge.net/project/shownotes.php?release_id=479999&group_id=110693 | http://www.frs 2
http://jvn.jp/jp/JVN%2382258242/index.html | http://secunia.com/advisories/23909 | http://www.securityfocus.com/bid/22245 | 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/458226/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://lists.horde.org/archives/announce/2007/000308.html | http://lists.horde.org/archives/announce/
INPUT |
http://www.securityfocus.com/archive/1/archive/1/458062/100/0/threaded | http://www.securityfocus.
�http://www.sixapart.com/movabletype/beta/distros/MT-3.34-beta-Release-Notes.html | 1
INPUT |
http://secunia.com/advisories/23951 | http://www.securityfocus.com/bid/22250 | http://xforce.iss.net/x 1
http://sourceforge.net/project/shownotes.php?release_id=480714&group_id=98260 | http://www.frsirt.com/english/advisories/2 2
INPUT |
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102621-1 | http://www.securityfocus.co 1
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/458306/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://www.dotnetnuke.com/Default.aspx?tabid=825&EntryID=1278 | http://www.frsirt.com/english/ad
�INPUT |
http://sourceforge.net/project/shownotes.php?release_id=481131&group_id=98260 | http://www.frsir
INPUT |
http://www.milw0rm.com/exploits/3255 | http://www.securityfocus.com/bid/22379 | http://milw0rm.com 1
http://www.phorum.org/phorum5/read.php?12,1197571 http://www.frsirt.com/english/advisories/2007/0410 | |
INPUT |
http://www.securityfocus.com/archive/1/archive/1/458225/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/458461/100/0/threaded | http://www.securityfocus.
INPUT |
http://www.milw0rm.com/exploits/3271 | http://www.securityfocus.com/bid/22412 | http://www.frsirt.co 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/459160/100/0/threaded | http://www.securityfocus. 1
�INPUT |
http://secunia.com/advisories/24071 | http://xforce.iss.net/xforce/xfdb/32417 | 1
INPUT |
http://sourceforge.net/project/shownotes.php?release_id=484226 | http://www.securityfocus.com/bid
INPUT |
http://www.milw0rm.com/exploits/3283 | http://www.securityfocus.com/bid/22450 | http://milw0rm.com 1
INPUT |
http://secunia.com/advisories/23217 | http://www.securityfocus.com/bid/22460 | 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/459562/100/0/threaded | http://www.securityfocus. 1
ACCESS |
http://www.securityfocus.com/archive/1/archive/1/459655/100/0/threaded | http://forums.avenir-geop 1
ACCESS |
http://www.securityfocus.com/archive/1/archive/1/459652/100/0/threaded | http://forums.avenir-geop 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/459590/100/0/threaded | http://www.securityfocus. 1
�INPUT |
http://jvn.jp/jp/JVN%2384430861/index.html | http://mozdev.org/bugs/show_bug.cgi?id=16320 | http: 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/459979/100/0/threaded | http://www.securityfocus. 1
INPUT |
(1) Inject script via the t and yr paramerters and the sho parameter and (2) the m parameter is http://www.securityfocus.com/bid/22536 | http://secunia.com/advisories/24125 | http://xforce.iss.net/x 2 out of range
INPUT |
http://www.securityfocus.com/archive/1/archive/1/460078/100/0/threaded | http://www.securityfocus. ?
INPUT |
http://downloads.securityfocus.com/vulnerabilities/exploits/22719.html | http://www.securityfocus.com 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/463820/100/0/threaded | http://www.securityfocus. 1
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/464041/100/0/threaded | 1
INPUT | DESIGN |
URLs in object or iframe HTML tags not http://www.securityfocus.com/archive/1/archive/1/464041/100/0/threaded | 1 checked for phishing
INPUT |
http://jvn.jp/jp/JVN%2340511721/index.html | http://www.securityfocus.com/bid/23207 | http://www.fr 1
�INPUT |
http://www.securityfocus.com/archive/1/archive/1/468316/100/0/threaded | 1
INPUT |
http://jvn.jp/jp/JVN%2392832583/index.html | http://www.evalue.jp/support/security/IPA_92832583.a
INPUT |
http://www.securityfocus.com/archive/1/archive/1/469087/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://pridels-team.blogspot.com/2007/05/parodia-xss-vuln.html | http://www.securityfocus.com/bid/2 1
INPUT |
http://pridels-team.blogspot.com/2007/05/track-xss-vuln.html | http://www.securityfocus.com/bid/240 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/469291/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://marc.info/?l=full-disclosure&m=117987658110713&w=2 | http://www.securityfocus.com/bid/24 1
http://www-1.ibm.com/support/docview.wss?uid=isg1IY95526 | http://www-1.ibm.com/support/docview.wss?uid=isg1IY95637 |
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/470446/100/0/threaded | http://archives.neohapsis 1
DESIGN |
http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev=HEAD&content-type=text/vnd.viewcvs-markup 1
�INPUT | CONFIG |
(1) CRLF injection vulnerability in Adobe Acrobat Reader and (2) Microsoft.XMLHTTP http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf | http://www.frs 1 ActiveX object allow arbitrary HTTP headers
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456699/100/0/threaded | http://www.bugsec.com/a 1
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.red-database-security.co ?
INPUT | DESIGN |
http://www.milw0rm.com/exploits/3153 code uploaded as image form banner 1 Arbitrary | http://milw0rm.com/exploits/3153 | http://xforce.iss.net/xforc
INPUT |
http://retrogod.altervista.org/guppy_4516_cmd.html | http://www.milw0rm.com/exploits/3221 | http://s 1
�INPUT |
http://www.milw0rm.com/exploits/3288 | http://www.securityfocus.com/bid/22470 | http://milw0rm.com 1
INPUT |
http://www.milw0rm.com/exploits/3287 | http://www.securityfocus.com/bid/22469 | http://milw0rm.com 1
INPUT |
(1) inject HTTP headers into url parameter and http://marc.theaimsgroup.com/?l=full-disclosure&m=117121596803908&w=2 | http://www.securityfoc 2 (2) pagename parameter begins with "FILE:"
INPUT |
http://www.securityfocus.com/archive/1/archive/1/466906/100/0/threaded | http://www.wisec.it/vulns. 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/463596/100/0/threaded | http://us2.php.net/release
INPUT |
http://www.securityfocus.com/archive/1/archive/1/468644/100/0/threaded | http://www.netvigilance.co 1
INPUT |
http://projects.info-pull.com/moab/MOAB-01-01-2007.html | http://www.milw0rm.com/exploits/3064 | 1 URL length > N
INPUT |
http://www.securityfocus.com/bid/21840 | http://secunia.com/advisories/22959 | 1 filename length > N
�INPUT |
http://projects.info-pull.com/moab/MOAB-02-01-2007.html | http://secunia.com/advisories/23592 | ht 1 Invalid URI in M3U file
INPUT |
http://secunia.com/secunia_research/2007-2/advisory/ | http://secunia.com/secunia_research/2007-3 1 Stack buffer overflow
INPUT |
http://projects.info-pull.com/moab/MOAB-18-01-2007.html | http://secunia.com/advisories/23842 | ht 1 heap based buffer overflow
�INPUT |
http://projects.info-pull.com/moab/MOAB-19-01-2007.html | http://www.milw0rm.com/exploits/3160 | 1 URL length > N
EXCEP |
http://www.microsoft.com/technet/security/Bulletin/MS07-012.mspx | http://www.kb.cert.org/vuls/id/93 1
EXCEP |
http://www.microsoft.com/technet/security/Bulletin/MS07-011.mspx | http://www.kb.cert.org/vuls/id/49 1
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/455801/100/0/threaded | http://events.ccc.de/cong 1
INPUT | DESIGN |
(1) Arbitrary code executed in language parameter and (2) Variable must not have been http://www.securityfocus.com/archive/1/archive/1/455795/100/0/threaded | http://www.securityfocus. 2 set since installation
INPUT |
crafted format string specifiers in RSS iPhoto http://projects.info-pull.com/moab/MOAB-04-01-2007.html | http://www.securityfocus.com/archive/1/a 1 feed title
�INPUT |
http://projects.info-pull.com/moab/MOAB-03-01-2007.html | http://www.gnucitizen.org/blog/backdoor 1 HREFTrack contains automatic action tag
EXCEP |
http://www.milw0rm.com/exploits/3049 | http://www.securityfocus.com/bid/21827 | http://www.frsirt.co 1
INPUT |
http://marc.theaimsgroup.com/?l=full-disclosure&m=116791509125050&w=2 | http://vuln.sg/powarc9 1 Stack-based buffer overflow
CONFIG |
http://www.milw0rm.com/exploits/3075 | http://www.frsirt.com/english/advisories/2007/0035 | http://xf 1
INPUT |
http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml | http://www.securityfocus.com 1 Code executed by craffted GET request
INPUT |
http://blog.trendmicro.com/flaw-in-3rd-party-app-weakens-windows-mobile/ | http://www.trendmicro.c 1 crafted image file
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456045/100/0/threaded | http://xforce.iss.net/xforce 1 .phtml extension used to disguise .php files
�INPUT |
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=457 | http://www.opera.com/suppo 1 crafted JPG files allow arbitrary code to run
INPUT | DESIGN |
Unvalidated obeject created which can execute http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458 | http://www.opera.com/suppo 1 arbitrary JavaScript
INPUT |
register_globals = true, current_path = http://www.attrition.org/pipermail/vim/2007-January/001219.html | http://securityreason.com/exploital 2 malicious URL
INPUT |
http://milw0rm.com/exploits/3090 | http://www.frsirt.com/english/advisories/2007/0078 | http://secunia 1
INPUT |
http://securitytracker.com/id?1017477 | http://xforce.iss.net/xforce/xfdb/31328 | 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456212/100/0/threaded | http://www.frsirt.com/engl 1
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/456259/100/0/threaded | http://secway.org/advisor 1
�INPUT |
http://www.securityfocus.com/archive/1/archive/1/456386/100/0/threaded | http://www.attrition.org/pip 1
INPUT |
http://www.zerodayinitiative.com/advisories/ZDI-07-002.html | http://supportconnectw.ca.com/public/ 1
INPUT |
http://www.zerodayinitiative.com/advisories/ZDI-07-003.html | http://www.zerodayinitiative.com/advis 1
INPUT |
http://www.milw0rm.com/exploits/3097 | http://www.securityfocus.com/bid/21917 | http://xforce.iss.ne 1
INPUT |
http://www.milw0rm.com/exploits/3096 | http://www.securityfocus.com/bid/21916 | http://xforce.iss.ne 1
INPUT |
http://www.milw0rm.com/exploits/3093 | http://www.securityfocus.com/bid/21918 | http://xforce.iss.ne 1
�INPUT |
register_globals = true, magic_quotes = false, http://www.milw0rm.com/exploits/3091 | http://www.securityfocus.com/bid/21914 | http://xforce.iss.ne 3 page parameter contains ..'s
INPUT |
http://marc.theaimsgroup.com/?l=full-disclosure&m=116832852700467&w=2 | http://secway.org/adv 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456404/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://vuln.sg/efcommander575-en.html | http://secunia.com/advisories/23659 | http://www.securityfo 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456264/100/0/threaded | http://milw0rm.com/explo 1
�INPUT |
http://www.securityfocus.com/archive/1/archive/1/456389/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456251/100/0/threaded | http://www.attrition.org/pip 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456439/100/0/threaded | http://www.securityfocus. 1
EXCEP |
http://projects.info-pull.com/moab/MOAB-09-01-2007.html | http://www.securityfocus.com/archive/1/a 1
�INPUT |
http://www.milw0rm.com/exploits/3108 | http://www.attrition.org/pipermail/vim/2007-January/001233. 1
INPUT |
http://www.ranum.com/security/computer_security/editorials/codetools/ | http://www.securityfocus.co 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456527/100/0/threaded | http://www.attrition.org/pip 1
INPUT |
http://www.milw0rm.com/exploits/3113 | http://www.securityfocus.com/bid/21995 | http://www.securit 1
INPUT | DESIGN |
numeric parameter_1 = hash(alphanumeric http://www.milw0rm.com/exploits/3109 | http://www.securityfocus.com/bid/21983 | http://xforce.iss.ne 1 parm_2)
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456590/100/0/threaded | http://www.securityfocus.
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456744/100/0/threaded | http://www.attrition.org/pip 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456697/100/0/threadedURL 2 register_globals = true, PollDir = malicious | http://attrition.org/piperma
�INPUT |
http://milw0rm.com/exploits/3118 | http://www.securityfocus.com/bid/22021 | http://www.frsirt.com/en 1
INPUT |
http://milw0rm.com/exploits/3123 | http://www.securityfocus.com/bid/22040 | http://www.frsirt.com/en 1
INPUT |
http://milw0rm.com/exploits/3121 | http://www.securityfocus.com/bid/22038 | http://www.frsirt.com/en 1
INPUT |
http://www.milw0rm.com/exploits/3114 | http://www.securityfocus.com/bid/22017 | http://xforce.iss.ne 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/460197/100/0/threaded | http://www.lizardtech.com
INPUT |
a ".." in the language pack parameter in (1) http://www.securityfocus.com/archive/1/archive/1/456981/100/0/threaded | http://www.securityfocus. 1 jax_petitionbook.php or (2) smileys.php.
INPUT |
http://www.milw0rm.com/exploits/3134 |skinnn parameter 1 ".." in the http://www.securityfocus.com/bid/22065 | http://milw0rm.com
INPUT |
http://milw0rm.com/exploits/3128 | http://secunia.com/advisories/23731 N 1 USER command with format specifiers > |
�INPUT |
Crafted .cnt file that in which lines begin with an http://www.securityfocus.com/archive/1/archive/1/457210/100/0/threaded | http://www.anspi.pl/~pork 1 integer followed by a space and a long string.
INPUT |
http://projects.info-pull.com/moab/MOAB-17-01-2007.html | http://www.milw0rm.com/exploits/3151 | 1 registration request with invalid attr-list field.
INPUT |
http://www.milw0rm.com/exploits/3147 | http://www.attrition.org/pipermail/vim/2007-January/001247. 1 URL of code in setup_folder parameter
INPUT |
http://www.milw0rm.com/exploits/3150 | http://www.frsirt.com/english/advisories/2007/0229 | http://w 1 URL of code in file parameter
INPUT |
http://www.milw0rm.com/exploits/3145 | http://www.frsirt.com/english/advisories/2007/0231 | http://m 1 URL of code in chem parameter
INPUT |
http://www.mbse.eu/mbse/mbsebbs/index.html | http://www.milw0rm.com/exploits/3154 | http://www. 1 MBSE_ROOT length > N
EXCEP |
http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051883.html | http://www.bitdefender.co 1
INPUT |
http://www.milw0rm.com/exploits/3152 | http://www.securityfocus.com/bid/22108 | http://milw0rm.com 1 URL of code in inc_dir parameter
INPUT |
http://code.djangoproject.com/changeset/3592 |not qouted 1 Argument strings http://secunia.com/advisories/23826 | http://www.se
�INPUT |
http://www.securityfocus.com/archive/1/archive/1/457436/100/0/threaded | http://www.anspi.pl/~pork 1 HLP field in OPTION sections > N
http://www.securityfocus.com/archive/1/archive/1/456623/100/100/threaded | http://securitytracker.com/id?1017504 | http://www ?
INPUT |
(1) EnumPrinters argument lengths > N and (2) http://www.zerodayinitiative.com/advisories/ZDI-07-006.html | http://support.citrix.com/article/CTX11 2 OpenPrinter arugment lengths > M
INPUT |
http://www.zerodayinitiative.com/advisories/ZDI-07-007.html | http://h20000.www2.hp.com/bizsuppor 1 server_ip_name length > N
INPUT |
Crafted packeds to TCP port (1) 1900 or (2) http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp | http://www.s 1 2200
INPUT | ENV |
http://www.securityfocus.com/archive/1/archive/1/459168/100/0/threaded | http://www.securityfocus. 1 Buffer overflow in nss_windbind.so
INPUT |
Code injected in format string specifiers via(1) PKG, (2) DISTZ, or (3) MPKG package http://projects.info-pull.com/moab/MOAB-26-01-2007.html | http://www.securityfocus.com/bid/22272 1 filename.
�DESIGN |
http://projects.info-pull.com/moab/MOAB-27-01-2007.html | http://www.securityfocus.com/bid/22286 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/457646/100/0/threaded | http://www.anspi.pl/~pork 1 1 TYPELIB MOVEABLE PURE length > N
DESIGN |
http://rubyforge.org/frs/shownotes.php?release_id=9074 | http://www.frsirt.com/english/advisories/20 1
INPUT |
PHP injected via URL in WEBCHATPATH http://www.milw0rm.com/exploits/3169 | http://xforce.iss.net/xforce/xfdb/31624 | http://milw0rm.com/e 1 parameter
INPUT |
PHP injected via URL in (1)phpAds_geoPlugi parameter or (2) filename parameter or (3) http://www.securityfocus.com/archive/1/archive/1/457670/100/0/threaded | http://www.securityfocus. 1 phpAds_config[my_footer] parameter
INPUT |
http://www.securityfocus.com/archive/1/archive/1/457643/100/0/threaded | http://www.securityfocus. 1 PHP injected via URL in fpath variable
INPUT |
PHP injected via URL in http://milw0rm.com/exploits/3175 | http://www.frsirt.com/english/advisories/2007/0285 | http://secunia 1 mosConfig_absolute_path parameter
�INPUT |
PHP injected via URL in my_ms[root] http://www.frsirt.com/english/advisories/2007/0269 | http://secunia.com/advisories/23850 | 1 parameter
INPUT |
http://milw0rm.com/exploits/3161 | http://www.frsirt.com/english/advisories/2007/0263 | http://secunia 1 PHP injected via URL in racine parameter
INPUT |
PHP injected via URL in g_strRootDir http://www.milw0rm.com/exploits/3163 | http://www.frsirt.com/english/advisories/2007/0268 | http://m 1 parameter
INPUT |
http://echo.or.id/adv/adv62-y3dips-2007.txt | http://www.frsirt.com/english/advisories/2007/0265 | http 1 PHP injected via URL in maindir parameter
INPUT |
http://www.milw0rm.com/exploits/3165 | http://milw0rm.com/exploits/3165 | 1 PHP injected via URL in my[root] parameter
INPUT |
PHP injected via URL in env[inc_path] http://www.milw0rm.com/exploits/3164 | http://www.frsirt.com/english/advisories/2007/0267 | http://m 1 parameter
INPUT |
PHP injected via URL in include_path http://milw0rm.com/exploits/3162 | http://www.frsirt.com/english/advisories/2007/0264 | http://secunia 1 parameter
INPUT |
http://www.milw0rm.com/exploits/3171 | http://www.frsirt.com/english/advisories/2007/0271 | http://m 1 PHP injected via URL in gen parameter
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102728-1 | http://www.frsirt.com/english/advisories/2007/0287 | h 1
�ACCESS |
http://drupal.org/node/112146 | http://www.frsirt.com/english/advisories/2007/0312 | http://www.secur 1
INPUT |
PHP injected via URL in http://www.milw0rm.com/exploits/3183 | http://www.frsirt.com/english/advisories/2007/0318 | http://se 1 BBC_LANGUAGE_PATH parameter
INPUT | CONFIG |
URL set in path parameter to (1) (1) dom.php, (2) dtd.php, or (3) parser.php in include/ allows http://www.milw0rm.com/exploits/3184 | http://secunia.com/advisories/23875 | http://milw0rm.com/ex 1 for arbitrarty execution of PHP code
INPUT |
PHP injected via URL in include_path http://www.securityfocus.com/archive/1/archive/1/457870/100/0/threaded | http://www.securityfocus. 1 parameter
INPUT |
http://14house.blogspot.com/2007/01/freewebshoporg-remote-file-inclusion.html | http://www.freewe 1 PHP injected via URL in lang_file parameter
INPUT |
http://www.securityfocus.com/archive/1/archive/1/457668/100/0/threaded | http://xforce.iss.net/xforce 2
INPUT |
http://www.milw0rm.com/exploits/3191 | http://www.frsirt.com/english/advisories/2007/0339 | http://m 1
INPUT |
http://www.milw0rm.com/exploits/3185 | http://www.frsirt.com/english/advisories/2007/0342 | http://m 1
�INPUT |
http://www.milw0rm.com/exploits/3192 | http://www.securityfocus.com/archive/1/archive/1/458059/10 1
INPUT |
http://www.milw0rm.com/exploits/3201 | http://www.securityfocus.com/bid/22257 | http://www.frsirt.co 1
INPUT |
http://www.milw0rm.com/exploits/3202 | http://www.securityfocus.com/bid/22259 | http://www.frsirt.co 1
INPUT |
http://www.milw0rm.com/exploits/3212 | http://www.frsirt.com/english/advisories/2007/0386 | http://m 1
INPUT | DESIGN |
http://www.milw0rm.com/exploits/3207 PHP code can be exectuted 1 Arbitrary | http://www.frsirt.com/english/advisories/2007/0390 | http://m
INPUT |
http://milw0rm.com/exploits/3205 | http://www.attrition.org/pipermail/vim/2007-January/001257.html | 1
INPUT | DESIGN |
http://seclists.org/bugtraq/2007/Jan/0643.html | http://milw0rm.com/exploits/3209 | http://www.xt-scri 1 Arbitrary PHP code can be exectuted
INPUT |
http://milw0rm.com/exploits/3206 | http://www.securityfocus.com/bid/22278 | http://www.frsirt.com/en 1
INPUT |
http://milw0rm.com/exploits/3215 | http://www.securityfocus.com/bid/22285 | http://secunia.com/advi 1
�INPUT |
http://www.milw0rm.com/exploits/3214 | http://www.securityfocus.com/bid/22283 | http://milw0rm.com 1
INPUT |
http://www.milw0rm.com/exploits/3217 | http://www.securityfocus.com/bid/22287 | http://www.frsirt.co 1
INPUT |
http://www.milw0rm.com/exploits/3198 | http://milw0rm.com/exploits/3198 | http://www.securityfocus. 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/458076/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=468 | http://morte.jedrea.com/~jed 1
ACCESS |
http://drupal.org/node/113935 | http://www.frsirt.com/english/advisories/2007/0406 | http://secunia.co 1
INPUT |
http://www.milw0rm.com/exploits/3228 | http://www.securityfocus.com/bid/22313 | http://milw0rm.com 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/458582/100/0/threaded | http://www.securityfocus. 1
�INPUT |
http://www.milw0rm.com/exploits/3225 | http://www.securityfocus.com/bid/22324 | http://xforce.iss.ne 1
INPUT |
http://www.securityfocus.com/data/vulnerabilities/exploits/testlpc.c | http://www.securityfocus.com/bid 1
INPUT |
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=225491 | http://www.securityfocus.com/bid/238 1
INPUT |
http://www.milw0rm.com/exploits/3231 | http://www.securityfocus.com/bid/22320 | http://www.frsirt.co 1
INPUT |
http://www.milw0rm.com/exploits/3236 | http://www.securityfocus.com/bid/22333 | http://milw0rm.com 1
INPUT | DESIGN |
Arbitrary commands my be executed via format http://www.securityfocus.com/archive/1/archive/1/458293/100/0/threaded | http://www.securityfocus. 1 string specifiers
EXCEP |
http://www.securityfocus.com/archive/1/archive/1/458774/100/0/threaded | http://www.securityfocus. 1
http://www.securityfocus.com/archive/1/archive/1/458464/100/0/threaded | http://www.frsirt.com/english/advisories/2007/0407 | 1
�http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2007-0669 | http://www.kb.cert.org/vuls/id/584436 | http://www.openpkg.c ?
INPUT |
http://www-1.ibm.com/support/docview.wss?uid=isg1IY94301 | http://secunia.com/advisories/23995 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/458681/100/0/threaded | http://echo.or.id/adv/adv6 1
INPUT |
http://www.milw0rm.com/exploits/3238 | http://www.securityfocus.com/bid/22345 | http://milw0rm.com 1
INPUT |
http://www.milw0rm.com/exploits/3235 | http://www.xoron.info/bugs/phpbbtweaked.txt | http://www.se 1
INPUT |
http://www.milw0rm.com/exploits/3240 | http://secunia.com/advisories/24012 | http://milw0rm.com/ex 1
INPUT |
http://www.milw0rm.com/exploits/3242 | http://www.xoron.info/bugs/omegaboard-html.txt | http://www 1
INPUT |
http://www.milw0rm.com/exploits/3243 | http://www.xoron.info/bugs/ceruleanportalsystem-html.txt | h 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/458805/100/0/threaded | http://www.attrition.org/pip 1
INPUT |
http://www.milw0rm.com/exploits/3247 | http://www.attrition.org/pipermail/vim/2007-February/001266 1
�INPUT |
http://www.attrition.org/exploits/3246 | http://www.attrition.org/pipermail/vim/2007-February/001264.h 1
INPUT |
http://www.milw0rm.com/exploits/3249 | http://www.attrition.org/pipermail/vim/2007-February/001267 1
INPUT |
http://www.milw0rm.com/exploits/2329 | http://www.attrition.org/pipermail/vim/2007-February/001265 1
INPUT |
http://www.gomplayer.com/forum/viewtopic.html?t=221 | http://secunia.com/advisories/23994 | http:/ 1
INPUT |
http://www.milw0rm.com/exploits/3251 | http://www.attrition.org/pipermail/vim/2007-February/001272 1
INPUT |
http://www.securityfocus.com/bid/22374 | http://xforce.iss.net/xforce/xfdb/32273 | 1
INPUT |
http://www.milw0rm.com/exploits/3258 | http://www.xoron.info/bugs/ezconvert.txt | http://www.attrition 1
INPUT |
http://www.milw0rm.com/exploits/3259 | http://www.attrition.org/pipermail/vim/2007-February/001279 1
�INPUT |
http://www.milw0rm.com/exploits/3255 | http://milw0rm.com/exploits/3255 | http://xforce.iss.net/xforc 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/459507/100/0/threaded | https://issues.rpath.com/b
INPUT |
http://www.milw0rm.com/exploits/3266 | http://www.securityfocus.com/bid/22385 | http://www.frsirt.co 1
INPUT |
http://www.simpleinvoices.org/index.php?news=25 | http://secunia.com/advisories/24040 | http://www 1
INPUT |
http://secunia.com/advisories/24051 | http://www.securityfocus.com/bid/22390 | http://xforce.iss.net/x 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/459149/100/0/threaded | 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/459147/100/0/threaded | http://xforce.iss.net/xforce 2
INPUT |
http://www.milw0rm.com/exploits/3268 | http://www.securityfocus.com/bid/22391 | http://milw0rm.com 1
�INPUT |
http://sourceforge.net/project/shownotes.php?release_id=483468 | http://www.securityfocus.com/bid
INPUT |
http://www.securityfocus.com/archive/1/archive/1/459191/100/0/threaded | http://xforce.iss.net/xforce 1
INPUT |
http://www.milw0rm.com/exploits/3270 | http://milw0rm.com/exploits/3270 | http://www.securityfocus. 1
INPUT |
http://www.milw0rm.com/exploits/3267 | http://milw0rm.com/exploits/3267 | http://www.securityfocus. 1
INPUT |
http://www.securityfocus.com/bid/22381 | 1
INPUT |
http://www.milw0rm.com/exploits/3275 | http://www.securityfocus.com/bid/22430 | http://milw0rm.com 1
INPUT |
http://www.milw0rm.com/exploits/3279 | http://lists.grok.org.uk/pipermail/full-disclosure/2007-Februa 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/459290/100/0/threaded | http://www.securityfocus. 1
�DESIGN |
http://www.securityfocus.com/archive/1/archive/1/458581/100/100/threaded | http://www.securityfocu 1
INPUT |
http://www.securityfocus.com/bid/22406 | http://secunia.com/advisories/24019 | http://xforce.iss.net/x 1
INPUT |
http://www.milw0rm.com/exploits/3280 | http://www.attrition.org/pipermail/vim/2007-February/001297 1
INPUT |
http://www.milw0rm.com/exploits/3281 | http://www.attrition.org/pipermail/vim/2007-February/001292 2
INPUT |
http://www.milw0rm.com/exploits/3284 | http://www.attrition.org/pipermail/vim/2007-February/001299 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/459397/100/0/threaded | http://www.securityfocus.
�INPUT |
http://www.securityfocus.com/archive/1/archive/1/459409/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=472 | http://www.securityfocus.com
ACCESS |
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=469 | http://esupport.trendmicro.c ?
INPUT |
http://www.securityfocus.com/archive/1/archive/1/458312/100/100/threaded | http://www.securityfocu 1
�INPUT |
http://www.securityfocus.com/archive/1/archive/1/458064/100/200/threaded | http://www.securityfocu 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/458559/100/100/threaded | http://www.securityfocu 1
INPUT |
http://www.attrition.org/pipermail/vim/2007-January/001241.html | http://securitytracker.com/id?1017 1
http://www.securityfocus.com/archive/1/archive/1/459497/100/0/threaded | http://securitytracker.com/id?1017614 | http://www.s ?
INPUT |
http://www.milw0rm.com/exploits/3285 | http://www.securityfocus.com/bid/22467 | http://milw0rm.com 1
INPUT |
http://www.securityfocus.com/bid/22501 | http://www.frsirt.com/english/advisories/2007/0665 | http://x 1
INPUT |
http://echo.or.id/adv/adv64-y3dips-2007.txt | http://www.milw0rm.com/exploits/3292 | http://secunia.c 1
�INPUT |
http://advisories.echo.or.id/adv/adv65-K-159-2007.txt | http://www.frsirt.com/english/advisories/2007/ 1
http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2007-021312-5133-99&tabid=2 |
INPUT |
http://www.milw0rm.com/exploits/3296 | http://www.securityfocus.com/bid/22530 | http://www.securit 1
INPUT |
http://www.securityfocus.com/bid/22553 | http://secunia.com/advisories/23999 | http://xforce.iss.net/x 1
INPUT |
http://www.milw0rm.com/exploits/3307 | http://www.securityfocus.com/bid/22558 | http://xforce.iss.ne 1
EXCEP |
http://www.milw0rm.com/exploits/3297 | http://xforce.iss.net/xforce/xfdb/32453 | http://milw0rm.com/e 1
�INPUT |
http://www.milw0rm.com/exploits/3314 | http://cazalet.org/category/zebrafeeds | http://cazalet.org/zeb 2
INPUT |
http://milw0rm.com/exploits/3328 | http://www.securityfocus.com/bid/22605 | http://www.frsirt.com/en 1
INPUT |
http://security-protocols.com/sp-x39-advisory.php | http://www.securityfocus.com/bid/22630 | http://d 1
INPUT |
http://www.milw0rm.com/exploits/3373 | http://www.securityfocus.com/bid/22713 | http://www.frsirt.co 1
INPUT |
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=502 | http://lists.freedesktop.org/a 1
INPUT | EXCEP |
http://www.php-security.org/MOPB/MOPB-23-2007.html | http://www.frsirt.com/english/advisories/20 1 Illegal characters in session identifier
INPUT |
http://www.milw0rm.com/exploits/3576 | http://www.securityfocus.com/archive/1/archive/1/463843/10 1
�INPUT |
http://vil.nai.com/vil/content/v_141860.htm | http://www.avertlabs.com/research/blog/?p=230 | http://w ?
INPUT |
search string = single character, replace string http://www.php-security.org/MOPB/MOPB-39-2007.html | http://www.php.net/releases/5_2_1.php | h 2 = very long
INPUT |
http://www.php-security.org/MOPB/MOPB-41-2007.html | http://www.sqlite.org/cvstrac/rlog?f=sqlite/s 1
INPUT |
http://www.php-security.org/MOPB/MOPB-43-2007.html | http://www.securityfocus.com/bid/23236 | 1
DESIGN | ACCESS |
http://www.securityfocus.com/archive/1/archive/1/466223/100/0/threaded | http://www.zerodayinitiativ 1
�INPUT |
http://www.securityfocus.com/archive/1/archive/1/467041/100/0/threaded | http://www.vsecurity.com
INPUT |
http://www.milw0rm.com/exploits/3747 | http://www.securityfocus.com/bid/23505 | http://www.frsirt.co 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/466222/100/0/threaded | http://www.zerodayinitiativ
INPUT |
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=506 | http://www.enterasys.com/p
INPUT |
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html |
INPUT |
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html |
INPUT |
http://www.hitachi-support.com/security_e/vuls_e/HS07-009_e/index-e.html | http://www.securityfocu
INPUT |
http://www.securityfocus.com/archive/1/archive/1/467362/100/0/threaded | http://www.milw0rm.com/ 2 register_globals = true, wpPATH contains ..
�INPUT | EXCEP |
http://www.securityfocus.com/archive/1/archive/1/466564/100/100/threaded | http://www.attrition.org/ 1 GLOBALS parameter contains ".."
INPUT |
http://www.milw0rm.com/exploits/3864 | http://www.frsirt.com/english/advisories/2007/1679 | http://xf 1
EXCEP |
http://www.opendap.org/security.html | http://www.kb.cert.org/vuls/id/659148 | http://www.securityfoc 1
INPUT |
http://milw0rm.com/exploits/3934 | http://secunia.com/advisories/25282 | http://xforce.iss.net/xforce/x 1
INPUT |
http://seclists.org/fulldisclosure/2007/May/0378.html | http://archives.neohapsis.com/archives/fulldisc 1
INPUT |
http://milw0rm.com/exploits/3061 | http://www.securityfocus.com/bid/21836 | http://www.frsirt.com/en 1 arbitrary commands executed via id parameter
INPUT |
arbitrary commands executed via iPro http://milw0rm.com/exploits/3062 | http://www.securityfocus.com/bid/21833 | http://www.frsirt.com/en 1 parameter
�INPUT |
Commands can be executed via product_id http://www.milw0rm.com/exploits/3074 | http://secunia.com/advisories/23610 | http://www.frsirt.com/e 1 parameter
INPUT |
http://www.securityfocus.com/archive/1/archive/1/455814/100/0/threaded | http://acid-root.new.fr/poc 1 Commands can be executed via id parameter
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456049/100/0/threaded | http://www.hardened-php 1 mbstring is enabled1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456272/100/0/threaded | http://www.securityfocus. 1 parameter to catid
ACCESS |
http://www.securityfocus.com/archive/1/archive/1/456051/100/0/threaded | http://www.attrition.org/pip 1
INPUT |
execution of arbitrary commands in several php http://www.securityfocus.com/archive/1/archive/1/456051/100/0/threaded | http://acid-root.new.fr/poc 1 files
INPUT |
http://milw0rm.com/exploits/3081 | http://www.frsirt.com/english/advisories/2007/0053 | http://secunia 1 book_id parameter to info_book.asp invalid
INPUT |
http://www.milw0rm.com/exploits/3073 | http://xforce.iss.net/xforce/xfdb/31242 | http://www.frsirt.com 1
INPUT |
http://www.milw0rm.com/exploits/3082 | http://www.securityfocus.com/bid/21873 | http://www.frsirt.co 1
�INPUT |
http://www.milw0rm.com/exploits/3083 | http://packetstormsecurity.nl/0701-exploits/igshop10-multipl 1
INPUT |
http://www.frsirt.com/english/advisories/2007/0056 | 1
INPUT |
http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt | http://www.milw0rm.com/exploits/3 2
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456068/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456127/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456384/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://www.milw0rm.com/exploits/3105 | http://www.securityfocus.com/bid/21963 | http://xforce.iss.ne 1
INPUT |
http://sourceforge.net/project/shownotes.php?release_id=477845 | http://secunia.com/advisories/237 1
INPUT |
http://www.milw0rm.com/exploits/3115 | http://secunia.com/advisories/23699 | http://xforce.iss.net/xf 1
INPUT |
http://www.milw0rm.com/exploits/3106 | http://www.securityfocus.com/bid/21966 | http://xforce.iss.ne 1
�INPUT |
http://www.milw0rm.com/exploits/3120 | http://www.frsirt.com/english/advisories/2007/0175 | http://se 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456894/100/0/threaded | http://www.milw0rm.com/ 1
INPUT |
http://milw0rm.com/exploits/3122 | http://www.securityfocus.com/bid/22039 | http://www.frsirt.com/en 1
INPUT |
register_globals = true, magic_quotes_gpc = false, cat parameter = arbitrary malicious http://www.securityfocus.com/archive/1/archive/1/456787/100/0/threaded | http://www.neosecuritytea 3 command
INPUT |
magic_quotes = false, xuser_name or did http://www.securityfocus.com/archive/1/456742 | http://www.securityfocus.com/archive/1/456741 | ht 2 parameters = arbitrary SQL command
INPUT |
http://www.securityfocus.com/archive/1/archive/1/457071/100/0/threaded | http://www.attrition.org/pip 1 ps parameter contains SQL commands
INPUT |
http://www.milw0rm.com/exploits/3124 | http://secunia.com/advisories/23735 | http://milw0rm.com/ex 1 Commands executed via board parameter
INPUT |
http://www.attrition.org/pipermail/vim/2007-January/001244.html | http://www.frsirt.com/english/advis 1 Commands executed via us parameter
�INPUT |
Commands executable via (1) ps, (2) us, (3) f, http://www.frsirt.com/english/advisories/2007/0221 | http://xforce.iss.net/xforce/xfdb/31533 | 1 or (4) code parameter.
INPUT |
http://www.milw0rm.com/exploits/3141 arbitrary commands via id parameter | http://www.attrition.o 1 Exectute | http://www.tv-kritik.net/mgb/index.php
INPUT |
http://www.milw0rm.com/exploits/3153 | http://milw0rm.com/exploits/3153 | http://xforce.iss.net/xforc 1 SQL commands executed via comment forum
INPUT |
SQL commands executed via comment forum (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in modules/Advertising/admin/index.php; or unspecified vectors in the (7) advertising, (8) http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advi 1 weblinks, or (9) reviews section.
INPUT |
SQL commands executed via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter in (4) plugins/search/contacts.php, (5) plugins/search/categories.php, or (6) plugins/search/sections.php; or (7) the email http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advi 1 parameter in database/table/user.php,
INPUT |
(1) SQL commands executed via id parameter http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advi 2 and (2) content editing is being cancellled
�INPUT |
SQL Commands injected via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advi 1 vectors.
INPUT |
SQL commans injected via vectors http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advi ?
INPUT |
SQL commands executed via parameters http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.atutor.ca/atuto ?
INPUT |
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advi 1 SQL commands executed via the id parameter
INPUT |
SQL commands executed via the catid http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | http://www.hackers.ir/advi 1 parameter
INPUT |
SQL commands executed via the boardids[1] http://www.milw0rm.com/exploits/3143 | http://www.milw0rm.com/exploits/3144 | http://xforce.iss.net 1 parameter
INPUT |
http://www.securityfocus.com/archive/1/archive/1/457505/100/0/threaded | 1 SQL commands injected via init_row parameter
INPUT |
SQL commands injected via keyword http://www.securityfocus.com/archive/1/archive/1/457506/100/0/threaded | http://xforce.iss.net/xforce 1 parameter
�INPUT |
http://secunia.com/advisories/23865 | http://www.securityfocus.com/bid/22180 | http://xforce.iss.net/x 1 SQL commands executable via cat parameter
INPUT |
SQL commands executable via (1) id or (2) http://www.frsirt.com/english/advisories/2007/0270 | http://xforce.iss.net/xforce/xfdb/31632 | 1 galleryID
INPUT |
SQL commands executable via picID http://www.milw0rm.com/exploits/3172 | http://www.frsirt.com/english/advisories/2007/0270 | http://m 1 parameter
INPUT |
http://www.milw0rm.com/exploits/3180 code executed via poll_id parameter 1 Arbitrary | http://www.frsirt.com/english/advisories/2007/0300 | http://se
ACCESS |
http://drupal.org/node/112145 | http://www.frsirt.com/english/advisories/2007/0313 | http://secunia.co 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/457667/100/0/threaded | http://xforce.iss.net/xforce 1 SQL commands executed via bid parameter
INPUT |
SQL commands executed via http://www.securityfocus.com/archive/1/archive/1/457684/100/0/threaded | http://secunia.com/adviso 1 REMEMBER_KEY parameter
�INPUT |
http://www.frsirt.com/english/advisories/2007/0300 | http://secunia.com/advisories/23834 | 1 PHP injected via poll_id parameter
INPUT |
http://www.securityfocus.com/archive/1/archive/1/458061/100/0/threaded | http://milw0rm.com/explo 1
INPUT |
http://www.milw0rm.com/exploits/3186 | http://www.securityfocus.com/archive/1/archive/1/458058/10 1
INPUT |
http://www.milw0rm.com/exploits/3187 | http://www.securityfocus.com/archive/1/archive/1/458057/10 1
INPUT |
http://milw0rm.com/exploits/3216 | http://www.securityfocus.com/bid/22284 | http://secunia.com/advi 1
INPUT |
http://www.securityfocus.com/bid/22282 | 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/458303/100/0/threaded | http://forums.avenir-geop 2
INPUT |
http://www.milw0rm.com/exploits/3210 | http://www.securityfocus.com/bid/22280 | http://milw0rm.com 1
INPUT |
http://www.milw0rm.com/exploits/3197 | http://milw0rm.com/exploits/3197 | 1
�INPUT |
http://www.securityfocus.com/archive/1/archive/1/458076/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/458063/100/0/threaded | http://www.milw0rm.com/ 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/458438/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://www.frsirt.com/english/advisories/2007/0395 | 1
INPUT |
http://www.milw0rm.com/exploits/3227 | http://www.securityfocus.com/bid/22314 | http://milw0rm.com 1
INPUT |
http://www.frsirt.com/english/advisories/2007/0341 | 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/458495/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://www.frsirt.com/english/advisories/2007/0424 | 1
INPUT |
http://www.milw0rm.com/exploits/3234 | http://www.securityfocus.com/bid/22338 | http://xforce.iss.ne 1
�INPUT |
http://www.milw0rm.com/exploits/3233 | http://www.securityfocus.com/bid/22347 | http://milw0rm.com 1
INPUT |
http://www.milw0rm.com/exploits/3232 | http://www.securityfocus.com/bid/22335 | http://xforce.iss.ne 1
INPUT |
http://www.milw0rm.com/exploits/3241 | http://milw0rm.com/exploits/3241 | http://www.frsirt.com/eng 1
INPUT |
http://sourceforge.net/project/shownotes.php?release_id=481131&group_id=98260 | http://www.attri
INPUT |
http://www.frsirt.com/english/advisories/2007/0388 | 1
INPUT |
http://www.zion-security.com/text/Sql_Vulnerability_EasymoBlog%232.txt | http://www.zion-security.c 1
INPUT |
http://www.milw0rm.com/exploits/3256 | http://www.securityfocus.com/bid/22373 | http://xforce.iss.ne 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/458495/100/0/threaded | http://www.securityfocus. 1
�INPUT |
http://www.milw0rm.com/exploits/3261 | http://www.securityfocus.com/bid/22384 | http://www.frsirt.co 1
http://mamboxchange.com/frs/shownotes.php?release_id=6232 | http://www.frsirt.com/english/advisories/2007/0480 | http://se 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/459151/100/0/threaded | http://www.securityfocus.
INPUT |
http://www.securityfocus.com/archive/1/archive/1/459027/100/0/threaded | http://www.hackerscenter
INPUT |
http://www.milw0rm.com/exploits/3262 | http://milw0rm.com/exploits/3262 | http://www.securityfocus. 1
INPUT |
http://www.milw0rm.com/exploits/3278 | http://milw0rm.com/exploits/3278 | http://www.securityfocus. 1
INPUT |
http://www.milw0rm.com/exploits/3283 | http://www.securityfocus.com/bid/22450 | http://milw0rm.com 1
INPUT |
http://secunia.com/advisories/23217 | http://www.securityfocus.com/bid/22460 | http://xforce.iss.net/x 1
ACCESS |
http://www.securityfocus.com/archive/1/archive/1/459649/100/0/threaded | http://forums.avenir-geop ?
�INPUT |
http://www.milw0rm.com/exploits/3286 | http://www.frsirt.com/english/advisories/2007/0540 | http://xf 1
INPUT |
http://www.milw0rm.com/exploits/3295 | http://www.securityfocus.com/bid/22532 | http://xforce.iss.ne 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/459979/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/460078/100/0/threaded | http://www.securityfocus. ?
INPUT |
http://www.securityfocus.com/archive/1/archive/1/460076/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://www.milw0rm.com/exploits/3327 | http://www.securityfocus.com/bid/22602 | http://www.frsirt.co 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/461158/100/0/threaded | http://www.milw0rm.com/ 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/465076/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://www.zerodayinitiative.com/advisories/ZDI-07-005.html | http://sunsolve.sun.com/search/docum 1
�INPUT |
http://www.ghisler.com/whatsnew.htm | http://www.securityfocus.com/bid/22033 |
INPUT |
http://taviso.decsystem.org/virtsec.pdf | http://www.debian.org/security/2007/dsa-1284 | http://www.s 1
INPUT |
http://lists.gnu.org/archive/html/qemu-devel/2007-04/msg00650.html | http://lists.gnu.org/archive/htm 1
http://www.red-database-security.com/advisory/oracle_discoverer_servlet.html | http://www.oracle.com/technology/deploy/secu 1
INPUT |
vger.kernel.org/msg08270.html | http://www.securityfocus.com/bid/23447 | http://www.redhat.com/support/errata/RHSA2007-0347.html | http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.21-rc6 | http://www.mail-archive.com/g 1 http://secunia.com/advisories/25288 |
EXCEP |
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223129 | http://www.redhat.com/support/errata/R 1
DESIGN |
http://bugzilla.kernel.org/show_bug.cgi?id=7727 | https://bugzilla.redhat.com/bugzilla/show_bug.cgi? ?
INPUT |
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218932 | http://www.redhat.com/support/errata 1 Malformed imagefile
�INPUT | EXCEP |
http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx | http://www.securityfocus.com/bi 2 length MODPROPS_2 > length MODPROPS_1
INPUT |
hash character sequence > N appended to http://www.securityfocus.com/archive/1/archive/1/455801/100/0/threaded | http://events.ccc.de/cong 1 PDF URL
EXCEP |
http://www-1.ibm.com/support/docview.wss?uid=swg21257251 | http://www.securityfocus.com/bid/24 ?
EXCEP |
(1) Window size > N and (2) range header that http://www.securityfocus.com/archive/1/archive/1/455833/100/0/threaded | http://www.securityfocus. 2 specifies multiple copies of the same fragment
EXCEP |
http://www.securityfocus.com/archive/1/archive/1/455833/100/0/threaded | http://www.securityfocus. 1
�RACE |
IFRAME in a web page contains many nested XML tags, document rendering interrupted by http://www.securityfocus.com/archive/1/archive/1/455965/100/0/threaded | http://www.securityfocus. 2 asynchronous events such as timers
INPUT |
PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an http://projects.info-pull.com/moab/MOAB-06-01-2007.html | http://www.securityfocus.com/bid/21910 1 invalid page tree node.
DESIGN |
http://www.securityfocus.com/bid/21910 | http://projects.info-pull.com/moab/MOAB-06-01-2007.html 1
INPUT |
PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an http://www.securityfocus.com/bid/21910 | http://projects.info-pull.com/moab/MOAB-06-01-2007.html 1 invalid page tree node.
INPUT |
traffic class argument length > N or POLICY http://www.securityfocus.com/archive/1/archive/1/456267/100/0/threaded | http://www.securityfocus. 1 parameter length > N
EXCEP |
http://www.milw0rm.com/exploits/3078 | http://www.securityfocus.com/bid/21898 | http://xforce.iss.ne 1
�INPUT |
unspecified http://www.securityfocus.com/archive/1/archive/1/456056/100/0/threaded | http://drupal.org/node/104 ?
INPUT |
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=459 | http://secunia.com/advisorie 1
INPUT |
PATH_INFO starts with AbfrageForm or EingabeForm, Name = malicious requests http://secunia.com/advisories/23539 | http://xforce.iss.net/xforce/xfdb/31216 | 2 contaning many instances of /../
INPUT |
http://mailman.webdav.org/pipermail/neon/2007-January/002362.html | http://bugs.debian.org/cgi-bin 1
INPUT |
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102713-1 | http://www.securityfocus.co 1
EXCEP |
http://getahead.ltd.uk/dwr/changelog | http://www.securityfocus.com/bid/21955 | http://www.frsirt.com 1
INPUT |
http://www.cisco.com/warp/public/707/cisco-sa-20070110-jtapi.shtml | http://www.securityfocus.com/
�INPUT |
http://www.cisco.com/warp/public/707/cisco-sa-20070110-dlsw.shtml | http://www.securityfocus.com 1
INPUT | EXCEP |
http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx | http://www.securityfocus.com/bi 1 IMAP command containing crafted literal
EXCEP |
http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0209.html | http://www.securityfocus.c 1
INPUT |
http://applefun.blogspot.com/2007/01/moab-10-01-2007-apple-dmg-ufs.html | http://projects.info-pul 1
EXCEP |
http://sourceforge.net/project/shownotes.php?release_id=501476&group_id=44827 | http://www.deb 1
INPUT |
http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12 | http:/ 1
�EXCEP |
http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-RELEASENOTES.html#s12 | http:/ 1
http://downloads.securityfocus.com/vulnerabilities/exploits/22003.py | http://www.securityfocus.com/bid/22003 | http://xforce.iss 1
EXCEP |
http://lists.freebsd.org/pipermail/freebsd-security/2007-January/004218.html | http://projects.info-pull 1
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert ?
DESIGN |
http://projects.info-pull.com/moab/MOAB-11-01-2007.html | http://secunia.com/advisories/23725 | ht 1
EXCEP |
http://www.milw0rm.com/exploits/3126 | http://www.securityfocus.com/bid/22046 | http://milw0rm.com 1
INPUT |
http://secunia.com/advisories/23742 | http://www.frsirt.com/english/advisories/2007/0171 | http://proje 1
�EXCEP |
http://security-protocols.com/sp-x41-advisory.php | http://www.securityfocus.com/bid/22059 | 1
INPUT |
http://www.openbsd.org/errata39.html#icmp6 | http://www.openbsd.org/errata.html#icmp6 | http://ww 1 ICMP6 Echo request cause inifinite loops
EXCEP |
http://www.milw0rm.com/exploits/3142 | http://www.securityfocus.com/bid/22092 | http://milw0rm.com 1
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00838612 | http://secunia.com/advisories/23802 | http://www.securityfocus ?
DESIGN |
http://www.milw0rm.com/exploits/3155 | http://www.securityfocus.com/bid/22110 | http://milw0rm.com 1
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00837319 | http://www.securityfocus.com/bid/2 ?
INPUT |
http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=476891 | http://xinehq.de/ 1 HOME length > N
http://dev2dev.bea.com/pub/advisory/204 ? http://www.frsirt.com/english/advisories/2007/0213 | http://securitytracker.com/id?10 |
�EXCEP |
http://dev2dev.bea.com/pub/advisory/208 | http://www.frsirt.com/english/advisories/2007/0213 | http: 1
EXCEP |
http://dev2dev.bea.com/pub/advisory/213 | http://www.frsirt.com/english/advisories/2007/0213 | http: 1
INPUT |
http://dev2dev.bea.com/pub/advisory/215headers 1 Malformed | http://www.frsirt.com/english/advisories/2007/0213 | http:
INPUT |
http://dev2dev.bea.com/pub/advisory/217 | http://www.frsirt.com/english/advisories/2007/0213 | http: 1 Socket Connection manipulated
INPUT | EXCEP |
http://dev2dev.bea.com/pub/advisory/219 | http://www.frsirt.com/english/advisories/2007/0213 | http: 1 Request that triggers errors
INPUT |
http://www.securityfocus.com/archive/1/archive/1/457454/100/0/threaded | http://lists.grok.org.uk/pip 1 Crafted FTP command
EXCEP |
http://www.milw0rm.com/exploits/3157 | http://www.securityfocus.com/bid/22133 | http://xforce.iss.ne 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/457466/100/0/threaded | http://www.frsirt.com/engl 1 mappingCount > N
�EXCEP |
http://www.securityfocus.com/archive/1/archive/1/457406/100/0/threaded | http://archives.neohapsis 1
INPUT |
http://svn.apache.org/repos/asf/spamassassin/branches/3.1/build/announcements/3.1.8.txt | http://fe 1 URL length > N
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/459167/100/0/threaded | http://www.securityfocus. 1
http://www.wireshark.org/security/wnpa-sec-2007-01.html | http://www.securityfocus.com/bid/22352 | http://www.frsirt.com/engl
http://www.wireshark.org/security/wnpa-sec-2007-01.html | http://www.securityfocus.com/bid/22352 | http://www.frsirt.com/engl
INPUT |
http://www.wireshark.org/security/wnpa-sec-2007-01.html | http://www.securityfocus.com/bid/22352 1 vectors targeted for attack
INPUT |
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1200 | http://www.wireshark.org/security/wnpa-s 1 fragmented HTTP packets
OTHER |
http://www.novell.com/linux/security/advisories/2007_01_sr.html | ?
DESIGN |
http://projects.info-pull.com/moab/MOAB-25-01-2007.html | http://www.milw0rm.com/exploits/3200 | 1
�EXCEP |
http://www.cisco.com/en/US/products/products_security_advisory09186a00807cb0e4.shtml | http://w 1
EXCEP |
http://www.cisco.com/en/US/products/products_security_advisory09186a00807cb0fd.shtml | http://w 1
INPUT |
http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051856.html | http://xforce.iss.net/xforc 1 show arp length > N
INPUT |
http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052018.html | http://marc.theaimsgroup 1 Crafted DNS request
http://marc.theaimsgroup.com/?l=bind-announce&m=116968519300764&w=2 | http://www.isc.org/index.pl?/sw/bind/view/?rele 1
EXCEP |
http://www.hitachi-support.com/security_e/vuls_e/HS06-021_e/01-e.html | http://www.frsirt.com/engli 1
OTHER |
http://www.hitachi-support.com/security_e/vuls_e/HS06-023_e/01-e.html | http://www.frsirt.com/engli 1
INPUT | DESIGN |
Files repeatedly pushed to phone over http://www.securityfocus.com/archive/1/archive/1/457768/100/0/threaded | http://www.securityfocus. 1 Bluetooth
�INPUT | DESIGN |
Files repeatedly pushed to phone over http://www.securityfocus.com/archive/1/archive/1/457768/100/0/threaded | http://www.securityfocus. 1 Bluetooth
INPUT | DESIGN |
Files repeatedly pushed to phone over http://www.securityfocus.com/archive/1/archive/1/457768/100/0/threaded | http://www.securityfocus. 1 Bluetooth
INPUT | DESIGN |
Files repeatedly pushed to phone over http://www.securityfocus.com/archive/1/archive/1/457768/100/0/threaded | http://www.securityfocus. 1 Bluetooth
INPUT |
http://www.securityfocus.com/archive/1/archive/1/457758/100/0/threaded | http://www.securityfocus. 1 Crafted HTTP request
EXCEP |
http://www.securityfocus.com/archive/1/archive/1/457999/100/0/threaded | http://www.securityfocus. 1
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/458003/100/0/threaded | http://www.securityfocus. 1
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/458003/100/0/threaded | http://www.securityfocus. 1
�EXCEP |
http://www.milw0rm.com/exploits/3182 | http://secunia.com/advisories/23901 | http://xforce.iss.net/xf 1
http://www.postgresql.org/support/security | http://www.ubuntulinux.org/support/documentation/usn/usn-417-1 | http://www.frsir 1
INPUT |
http://www.postgresql.org/support/security | http://www.ubuntulinux.org/support/documentation/usn/u 1
INPUT | DESIGN |
http://www.milw0rm.com/exploits/3190 | http://milw0rm.com/exploits/3190 | 1 Crafted .avi file clicked on by user
INPUT |
http://securityresponse.symantec.com/avcenter/security/Content/2007.01.24c.html | http://www.frsirt 1
EXCEP |
http://sourceforge.net/project/shownotes.php?group_id=135704&release_id=478747 | http://www.mp 1
EXCEP |
http://www.securityfocus.com/archive/1/archive/1/458443/100/0/threaded | http://lists.grok.org.uk/pip 1
�DESIGN |
http://projects.info-pull.com/moab/MOAB-29-01-2007.html | http://www.securityfocus.com/bid/22304 1
http://projects.info-pull.com/moab/MOAB-29-01-2007.html | http://www.securityfocus.com/bid/22304 | http://docs.info.apple.com 1
EXCEP |
http://www.hitachi-support.com/security_e/vuls_e/HS06-019_e/01-e.html | http://www.securityfocus.c ?
DESIGN | ACCESS |
http://www.nomachine.com/news_read.php?idnews=190 | http://www.nomachine.com/tr/view.php?id 1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102697-1 | http://www.kb.cert.org/vuls/id/967236 | http://www.sec ?
INPUT | EXCEP |
Improperly formatted format string specifiers that are unhandled when calling NSLog and http://www.digitalmunition.com/MOAB-30-01-2007.html |AppKit. 1 NSBeginAlertSheet Apple http://www.securityfocus.com/bid/22326 | h
INPUT |
http://www.digitalmunition.com/MOAB-30-01-2007.html | http://www.securityfocus.com/bid/22326 | h 1
INPUT | EXCEP |
Improperly formatted format string specifiers that are unhandled when calling NSLog and http://www.digitalmunition.com/MOAB-30-01-2007.html |AppKit. 1 NSBeginAlertSheet Apple http://www.securityfocus.com/bid/22326 | h
�INPUT |
http://www.digitalmunition.com/MOAB-30-01-2007.html | http://www.securityfocus.com/bid/22326 | h 1
CONFIG |
http://www.cisco.com/warp/public/707/cisco-air-20070131-sip.shtml | http://www.cisco.com/warp/pub 1
ACCESS |
http://lz1.intel.com/psirt/advisory.aspx?intelid=INTEL-SA-00012&languageid=en-fr | http://www.frsirt. 1
DESIGN |
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102699-1 | http://www.securityfocus.co ?
EXCEP |
http://www.securityfocus.com/archive/1/archive/1/458653/100/0/threaded | http://supportconnectw.ca 1
EXCEP |
http://www.securityfocus.com/archive/1/archive/1/458650/100/0/threaded | http://supportconnectw.ca 1
EXCEP |
http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws/ | http://www.securityfocus. 1
�INPUT |
http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws/ | http://www.securityfocus.
DESIGN |
http://www.milw0rm.com/exploits/3224 | http://milw0rm.com/exploits/3224 | 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/458773/100/0/threaded | http://www.matousec.com 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/458773/100/0/threaded | http://www.matousec.com 1
DESIGN | EXCEP |
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html | https://bugzilla.redhat.c 1
EXCEP |
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html | http://docs.info.apple.c 1
�DESIGN |
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html | ?
INPUT |
http://www.securityfocus.com/archive/1/archive/1/458907/100/0/threaded | http://www.securityfocus. 1
DESIGN |
http://www.redhat.com/support/errata/RHSA-2007-0169.html | http://www.securityfocus.com/bid/237 ?
INPUT |
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.1 | http://www.frsirt.com/english/advisories/
INPUT | DESIGN |
HTML document contains JavaScript loop with http://www.milw0rm.com/exploits/3272 | http://www.powerhacker.net/exploit/IE_NULL_CRASH.html 1 empty body
DESIGN |
http://milw0rm.com/exploits/3248 | http://www.securityfocus.com/bid/22365 | http://www.frsirt.com/en 1
INPUT |
http://www.milw0rm.com/exploits/3276 | http://www.securityfocus.com/bid/22433 | http://milw0rm.com
INPUT | DESIGN |
(1) hostname in HOST: header = self AND (2) http://marc.theaimsgroup.com/?l=bugtraq&m=117086856902907&w=2 | http://marc.theaimsgroup.co 2 port number = [particualr port on host?]
�DESIGN | EXCEP |
http://www.securityfocus.com/archive/1/archive/1/459847/100/0/threaded | http://msdn2.microsoft.co 1
http://www.securityfocus.com/bid/22407 |
http://www.avertlabs.com/research/blog/?p=199 | http://www.avertlabs.com/research/blog/?p=206 | http://www.microsoft.com/t 1
http://www.securityfocus.com/bid/22497 |
EXCEP |
http://www.securityfocus.com/archive/1/archive/1/459571/100/0/threaded | http://www.securityfocus. 1
EXCEP |
http://marc.theaimsgroup.com/?l=full-disclosure&m=117094708423302&w=2 | http://www.milw0rm.c 1
�EXCEP |
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=475 | http://www.securityfocus.com 1
http://www.php.net/ChangeLog-5.php#5.2.1 | http://www.php.net/releases/5_2_1.php | http://www.securityfocus.com/bid/22496 1
http://marc.theaimsgroup.com/?l=php-dev&m=117104930526516&w=2 | http://marc.theaimsgroup.com/?l=php-dev&m=11710 1
RACE |
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102796-1 | http://www.securityfocus.co ?
EXCEP |
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00863839 | http://www.securityfocus.com ?
EXCEP |
http://www.cisco.com/en/US/products/products_security_advisory09186a00807e0a5b.shtml | http://w 1
INPUT |
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052427.html | http://secunia.com/advis 1
DESIGN |
http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml | http://w 1
�INPUT |
(1) Malformed SIP packets and (2) inspect sip http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml | http://w 2 option enabled
INPUT |
(1) Inspect http enabled and (2) malformed http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml | http://w 2 HTTP traffic
http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml | http://www.frsirt.com/english/adv 2 (1) In debug level and (2) crafted packets
INPUT |
(1) aaa authentication match or aaa authentication include is enabled and (2) http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml | http://w 2 malformed HTTPS request
INPUT |
(1) aaa authentication match or aaa authentication include is enabled and (2) HTTP http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml | http://w 2 request length > N
INPUT |
(1) HTTPS server enabled and (2) malformed http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml | http://w 2 HTTPS traffic
INPUT |
http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml | http://w 1
INPUT |
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228858 | http://www.php.net/releases/5_2_1.php 1
�INPUT |
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=484 | http://supportconnectw.ca.co 1
EXCEP |
http://www.securityfocus.com/archive/1/archive/1/460544/100/0/threaded | http://www.securityfocus. 1
EXCEP |
http://www.securityfocus.com/archive/1/archive/1/460530/100/0/threaded | http://monkey.org/~provo 1
INPUT |
http://www.securityfocus.com/bid/22619 | http://www.frsirt.com/english/advisories/2007/0664 | http://x 1
INPUT |
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554 | http://www.securityfocus.c 1
INPUT |
http://www.milw0rm.com/exploits/3341 | http://www.securityfocus.com/bid/22634 | 1
INPUT |
http://www.milw0rm.com/exploits/3343 | http://www.securityfocus.com/bid/22637 | http://xforce.iss.ne 1
INPUT |
(1)filename > N in response to LIST command http://www.milw0rm.com/exploits/3341 | http://www.securityfocus.com/bid/22634 | http://xforce.iss.ne 2 and (2) long response to CWD command
�INPUT |
http://www.milw0rm.com/exploits/3347 | http://www.securityfocus.com/bid/22640 | http://xforce.iss.ne 1
EXCEP |
http://securityvulns.com/Qdocument170.html | http://securityvulns.com/news/Microsoft/Windows/Exp 1
RACE |
http://www.securityfocus.com/archive/1/archive/1/461024/100/0/threaded | http://www.securityfocus. 1
INPUT | EXCEP |
http://www.wanfear.com/pipermail/scrymud/2007q1/001157.html | http://scrymud.net/downloads/Cha 1 search string beginning with ".*"
INPUT |
http://www.securityfocus.com/data/vulnerabilities/exploits/22645.html | http://www.securityfocus.com 1
EXCEP |
http://www.securityfocus.com/archive/1/archive/1/460762/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://www.microsoft.com/technet/security/Bulletin/ms07-017.mspx | http://xforce.iss.net/xforce/xfdb/ ?
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/461373/100/0/threaded | http://securityvulns.com/n 1
�EXCEP |
http://www.securityfocus.com/archive/1/archive/1/461373/100/0/threaded | http://securityvulns.com/Q 1
DESIGN |
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=485 | http://www.securityfocus.com 1
DESIGN |
http://www.php-security.org/MOPB/MOPB-03-2007.html | http://www.redhat.com/support/errata/RHS 1
EXCEP |
http://www.milw0rm.com/exploits/3392 | http://www.securityfocus.com/bid/22776 | http://xforce.iss.ne 1
EXCEP |
http://asterisk.org/node/48319 | http://asterisk.org/node/48320 | http://www.kb.cert.org/vuls/id/228032 1
EXCEP |
http://www.securityfocus.com/archive/1/archive/1/461897/100/0/threaded | http://lists.grok.org.uk/pip 1
EXCEP |
http://www.cyberguard.info/snapgear/releases.html | http://www.securityfocus.com/bid/22835 | http:// ?
INPUT |
http://www.php-security.org/MOPB/MOPB-02-2007.html | http://sourceforge.net/tracker/index.php?fu 1
�INPUT | EXCEP |
(1) request contains invalid HMAC algorithm http://marc.theaimsgroup.com/?l=full-disclosure&m=117320823618036&w=2 | http://www.securityfoc 2 specification AND (2) no cipher algorithm
INPUT |
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554 | http://xforce.iss.net/xforce 1
DESIGN |
http://www.milw0rm.com/exploits/3419 | http://www.kb.cert.org/vuls/id/194944 | http://www.securitytra 1
INPUT |
http://www.gossamer-threads.com/lists/modperl/modperl/92739 | http://svn.apache.org/repos/asf/per 1
INPUT |
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.5 | https://bugzilla.redhat.com/bugzilla 1
INPUT | EXCEP |
http://www.mozilla.org/security/announce/2007/mfsa2007-14.html | 1 cookie path length > N
�EXCEP |
http://www.securityfocus.com/data/vulnerabilities/exploits/22856.html | http://www.securityfocus.com 1
EXCEP |
option name = IPV6_RTHDR, option length = 0 http://bugzilla.kernel.org/show_bug.cgi?id=8155invalid 2 or option value is | http://www.kernel.org/pub/linux/kernel/v2.6/Change
EXCEP |
configured for inline use, ip_conntrack module not loaded, UDP packets from send_morefrag_packet and http://www.milw0rm.com/exploits/3434 | http://www.securityfocus.com/bid/22872 | http://www.snort.o 3 send_overlap_packet
EXCEP |
http://www.milw0rm.com/exploits/3432 | http://secunia.com/advisories/24452 | http://xforce.iss.net/xf 1
INPUT | EXCEP |
(1) information_schema table selected AND (2) http://www.securityfocus.com/archive/1/archive/1/462339/100/0/threaded | http://www.sec-consult.co 2 ORDER BY selected
EXCEP |
http://sourceforge.net/project/shownotes.php?group_id=85523&release_id=492572 | http://www.frsir ?
INPUT |
http://www.pennmush.org/archives/pennmush-announce/2007/000137.html | http://www.securityfocu ?
�EXCEP |
http://www.securityfocus.com/archive/1/archive/1/462589/100/0/threaded | http://www.frsirt.com/engl 1
DESIGN |
http://supportconnectw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp | http://www3.c 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/462926/100/0/threaded | http://www.matousec.com 1
INPUT | EXCEP |
http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0063.html | http://www.securityfocus.com 1 cch argument value > N
EXCEP |
http://www.securityfocus.com/archive/1/archive/1/462792/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.3 | http://www.securityfocus.com/bid/2 1
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/462793/100/0/threaded | http://www.symantec.com 1
INPUT | DESIGN |
http://www.securityfocus.com/archive/1/archive/1/462793/100/0/threaded | http://www.symantec.com 1 gratuitous ARP packet
�ACCESS |
http://www.securityfocus.com/archive/1/archive/1/463208/100/0/threaded | http://www.reversemode. 1
INPUT |
http://www.securityfocus.com/bid/23047 | http://www.frsirt.com/english/advisories/2007/1023 | http://s ?
INPUT | EXCEP |
http://aluigi.altervista.org/adv/nasbugs-adv.txt | http://www.securityfocus.com/bid/23017 | http://www. 1 client ID does not exist
INPUT | EXCEP |
num_action value > N OR inputNum parameter http://aluigi.altervista.org/adv/nasbugs-adv.txt | http://www.securityfocus.com/bid/23017 | http://www. 1 >N
EXCEP |
http://aluigi.altervista.org/adv/nasbugs-adv.txt | http://www.securityfocus.com/bid/23017 | http://www. 1
INPUT |
http://www.squid-cache.org/Advisories/SQUID-2007_1.txt | http://www.squid-cache.org/Versions/v2/2 1
EXCEP |
http://marc.theaimsgroup.com/?l=full-disclosure&m=117432783011737&w=2 | http://www.securityfoc 1
EXCEP |
http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf | 1
�EXCEP |
http://www.milw0rm.com/exploits/3523 | http://www.securityfocus.com/bid/23049 | http://xforce.iss.ne 1
EXCEP |
http://www.securityfocus.com/archive/1/archive/1/463238/100/0/threaded | http://www.securityfocus. 1
ACCESS |
http://www.truecrypt.org/docs/?s=version-history | http://www.securityfocus.com/bid/23128 | http://ww 1
INPUT |
http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/053099.html | http://www.frsirt.com/englis 1
EXCEP |
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=488 | http://esupport.trendmicro.c 1
DESIGN |
http://marc.info/?l=linux-netdev&m=117406721731891&w=2 | http://git.kernel.org/?p=linux/kernel/git 1
INPUT |
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=539 | http://www.symantec.com/a 1
EXCEP |
http://www.securityfocus.com/archive/1/archive/1/463434/100/0/threaded | http://voipsa.org/pipermai 1
�EXCEP |
http://www.milw0rm.com/exploits/3547 | http://www.securityfocus.com/bid/23101 | http://xforce.iss.ne 1
INPUT |
http://sourceforge.net/project/shownotes.php?release_id=495646&group_id=173277 | 1
EXCEP |
http://glowworm.us/history/release_1_5_3_b4.html | 1
INPUT |
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414045 | https://bugzilla.redhat.com/bugzilla/show_ 1
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/467646/100/0/threaded | http://www.securityfocus. 1
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/467646/100/0/threaded | http://www.securityfocus. 1
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/467646/100/0/threaded | http://www.securityfocus. 1
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/467646/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/467646/100/0/threaded | http://www.securityfocus. 1
�EXCEP |
http://www.securityfocus.com/archive/1/archive/1/467289/100/200/threaded | http://voip.null.ro/cgi-bi 1
http://www.securityfocus.com/archive/1/archive/1/463847/100/0/threaded | http://xforce.iss.net/xforce/xfdb/33503 | 1
OTHER |
http://www.securityfocus.com/archive/1/archive/1/463934/100/0/threaded | http://www.securityfocus. 1
INPUT | ACCESS |
http://www.securityfocus.com/archive/1/archive/1/463969/100/0/threaded | http://www.securitytracke 1 No upper bounds of optlen value
INPUT |
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=494 | http://www-1.ibm.com/suppo 1
INPUT |
http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0077.html | http://securityvulns.com/news 1
http://archives.neohapsis.com/archives/bugtraq/2007-03/0392.html | http://xforce.iss.net/xforce/xfdb/33309 | ?
EXCEP |
http://marc.info/?l=full-disclosure&m=117502315312302&w=2 | http://www.securityfocus.com/bid/23 1
�EXCEP |
http://aluigi.altervista.org/adv/pulsex-adv.txt | http://aluigi.org/poc/pulsex.zip | http://xforce.iss.net/xfor 1
http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml | http://www.securityfocus.com/bid/23181 | http://securityt ?
INPUT |
http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml | http://www.securityfocus.com/ 1
EXCEP |
http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml | http://www.securityfocus.com/ 1
INPUT |
http://sourceforge.net/mailarchive/message.php?msg_name=20070406123739.GA1546%40zen.inc 1
�ACCESS | CONFIG |
http://security.gentoo.org/glsa/glsa-200704-11.xml | http://www.securityfocus.com/bid/23520 | http://w 1
INPUT |
https://issues.rpath.com/browse/RPL-1309 | http://secunia.com/advisories/25083 | http://kernel.org/p 1
DESIGN | EXCEP |
http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_01.txt | http://www.frsirt.com/english/adviso 1
EXCEP |
http://www.lighttpd.net/assets/2007/4/13/lighttpd_sa2007_02.txt | http://www.frsirt.com/english/adviso 1
DESIGN | CONFIG |
http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html#554 | http://secunia.com/adviso 1
INPUT |
http://www.milw0rm.com/exploits/3690 |
http://www.securityfocus.com/archive/1/archive/1/464685/100/0/threaded | http://www.cybsec.com/vuln/CYBSEC-Security_Adv 1
DESIGN |
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951#6107 | http://www.frsirt.com 1
�INPUT |
http://www.tinymux.org/changes.txt | http://www.frsirt.com/english/advisories/2007/1213 |
INPUT |
http://sourceforge.net/forum/forum.php?forum_id=681753 | http://sourceforge.net/project/shownotes 1
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00944467 | http://www.securityfocus.com/bid/2 1
INPUT |
http://bugzilla.quagga.net/show_bug.cgi?id=354 | http://bugzilla.quagga.net/show_bug.cgi?id=355 | h 1
OTHER |
http://bftpd.sourceforge.net/downloads/CHANGELOG | http://secunia.com/advisories/24864 | http://b 1
INPUT | EXCEP |
http://sourceforge.net/mailarchive/forum.php?thread_name=755AF709E5B77E6EA58479D5%40fox 1 number of line feeds > N
EXCEP |
http://www.freeradius.org/security.html | http://frontal2.mandriva.com/security/advisories?name=MDK 1
EXCEP |
http://www.debian.org/security/2007/dsa-1281 | http://www.securityfocus.com/bid/23656 | http://secu 1
�INPUT |
http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml | http://www.securityfocus.com/b
EXCEP |
http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml | http://www.securityfocus.com/b 1
INPUT |
http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml | http://www.securityfocus.com/b
INPUT | DESIGN |
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102866-1 | http://www.frsirt.com/englis 1 Crafted IP packets sent to user
EXCEP |
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=516 | https://knowledge.mcafee.co 1
EXCEP |
http://www.securityfocus.com/archive/1/archive/1/466017/100/0/threaded | http://www.securityfocus. 1
EXCEP |
http://www.securityfocus.com/archive/1/archive/1/466017/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/466017/100/0/threaded | http://www.securityfocus.
�INPUT |
http://www.securityfocus.com/archive/1/archive/1/466017/100/0/threaded | http://www.securityfocus.
http://www.obdev.at/products/sharity/releasenotes.html | http://www.securityfocus.com/bid/23572 | http://secunia.com/advisorie 1
EXCEP |
http://www.securityfocus.com/archive/1/archive/1/466319/100/0/threaded | http://www.securityfocus. ?
INPUT |
http://www.securityfocus.com/archive/1/archive/1/466291/100/0/threaded | http://www.securityfocus.
EXCEP |
http://www.milw0rm.com/exploits/3770 | http://www.securityfocus.com/bid/23576 | http://xforce.iss.ne 1
INPUT |
http://www.securityfocus.com/data/vulnerabilities/exploits/23583.c | http://www.securityfocus.com/bid 1
INPUT | EXCEP |
http://www.securityfocus.com/archive/1/archive/1/466022/100/100/threaded | http://www.securityfocu 1 AddAllowed value > N
INPUT | EXCEP |
http://www.securityfocus.com/archive/1/archive/1/466576/100/0/threaded | http://www.securityfocus.
INPUT | DESIGN | EXCEP | http://www.csis.dk/dk/forside/GdiPlus.pdf | http://www.kb.cert.org/vuls/id/290961 | http://www.security 1 height = 0
�EXCEP |
http://www.isc.org/index.pl?/sw/bind/bind-security.php | http://www.frsirt.com/english/advisories/2007 1
INPUT | DESIGN |
IPV6_RTHDR_TYPE_0 set to create network http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf | http://openbsd.org/errata39.html#022_rou 1 amplification between 2 routers
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00841370 | http://www.securit ?
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102874-1 | http://www.frsirt.com/english/advisories/2007/1530 | h ?
EXCEP |
http://www.milw0rm.com/exploits/3791 | http://www.milw0rm.com/exploits/3792 | http://www.securityf 1
EXCEP |
http://www.milw0rm.com/exploits/3784 | 1
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/466784/100/0/threaded | http://www.securityfocus. 1
�INPUT |
http://www.securityfocus.com/archive/1/archive/1/466911/100/0/threaded | http://www.asterisk.org/fil 1
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/466882/100/0/threaded | http://bugs.digium.com/vi 1
EXCEP |
http://sourceforge.net/forum/forum.php?forum_id=685448 | http://sourceforge.net/project/shownotes 1
INPUT |
http://secunia.com/advisories/24724 | http://www.securityfocus.com/bid/23640 |
INPUT |
http://secunia.com/advisories/25049 | http://xforce.iss.net/xforce/xfdb/33903 |
EXCEP |
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=506 | http://www.enterasys.com/p 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/464819/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://sourceforge.net/project/shownotes.php?release_id=504709&group_id=63119 | http://www.mys
�INPUT |
http://sourceforge.net/forum/forum.php?thread_id=1725156&forum_id=131392 | http://www.securityf 1
EXCEP |
http://www.rapid7.com/advisories/R7-0027.jsp | http://www.securitytracker.com/id?1017984 | http://x 1
INPUT | EXCEP |
http://www.rapid7.com/advisories/R7-0028.jsp | http://www.caucho.com/resin-3.1/changes/changes. 1 DOS device name with arbitrary extension
INPUT |
http://sourceforge.net/project/shownotes.php?release_id=508653&group_id=5624 | http://sourceforg
EXCEP |
http://taviso.decsystem.org/virtsec.pdf | 1
INPUT |
http://www.cisco.com/en/US/products/products_security_response09186a0080833172.html | http://w
�http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml | http://www.securityfocus.com/bid ?
RACE |
http://www.cisco.com/en/US/products/products_security_advisory09186a0080833166.shtml | http://w 1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102900-1 | http://www.securityfocus.com/bid/23751 | http://www. 1
EXCEP |
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102895-1 | http://www.securityfocus.co 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/467269/100/0/threaded | http://www.matousec.com
ftp://ftp.itrc.hp.com/openvms_patches/i64/V8.2-1/VMS821I_SYS-V0400.txt | ftp://ftp.itrc.hp.com/openvms_patches/i64/V8.3/VM 1
EXCEP |
http://ftp.digium.com/pub/asa/ASA-2007-013.pdf | http://www.securityfocus.com/bid/23824 | http://ww 1
INPUT | EXCEP |
http://www.kb.cert.org/vuls/id/MIMG-6Q3NFD | http://www.kb.cert.org/vuls/id/711420 | http://www.sec 1 Crafted COTP packets
�INPUT |
http://taviso.decsystem.org/virtsec.pdf |
INPUT | EXCEP |
length > N for (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) http://www.milw0rm.com/exploits/3826 | http://moaxb.blogspot.com/2007/05/moaxb-01-powerpointvi 1 OpenWebFile property value.
INPUT | EXCEP |
length > N for (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) GotoPage, (6) Save, (7) SaveWebFile, (8) HttpDownloadFile, (9) Open, (10) OpenWebFile, (11) SaveAs, or (12) http://moaxb.blogspot.com/2007/05/moaxb-03-wordviewerocx-32-multiple_03.html | http://www.secu 1 ShowWordStandardDialog property value.
INPUT | EXCEP |
http://www.milw0rm.com/exploits/3819 | http://www.securityfocus.com/bid/23712 | 1 Certain .ra file used by Real Player 10 Gold
DESIGN |
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01034753 | http://ww 1
INPUT | EXCEP |
(1) messenger URL contains _edit.r AND (2) http://www.securityfocus.com/archive/1/archive/1/467375/100/0/threaded | http://www.securityfocus. 2 parameters list for _edit.r empty
�OTHER |
create socket, release it before PPIOCGCHAN http://kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.21-git8.log | http://secunia.com/advisories 2 ioctl is initalized
INPUT |
http://www.securityfocus.com/archive/1/archive/1/467646/100/0/threaded | http://www.securityfocus.
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/467646/100/0/threaded | http://www.securityfocus. 1
INPUT | EXCEP |
http://www.securityfocus.com/archive/1/archive/1/466754/100/100/threaded | http://www.securityfocu 1 Crafted BMP files used in ImageProcessing
EXCEP |
http://www.securityfocus.com/archive/1/archive/1/467822/100/0/threaded | http://secunia.com/adviso 1
EXCEP |
http://bugs.mysql.com/bug.php?id=27513 | http://security.gentoo.org/glsa/glsa-200705-11.xml | http:/ 1
http://www.cisco.com/en/US/products/products_security_advisory09186a00808399d0.shtml | http://www.securityfocus.com/bid 1
INPUT | EXCEP |
http://www.securityfocus.com/archive/1/archive/1/468070/100/0/threaded | http://www.securityfocus.
EXCEP | CONFIG |
http://www.securityfocus.com/archive/1/archive/1/468070/100/0/threaded | 1
�INPUT | EXCEP |
User access webpage that passes invalid http://www.securityfocus.com/archive/1/archive/1/468070/100/0/threaded | http://www.securityfocus. 1 argument to GetPropertyByID() function
INPUT |
http://www.milw0rm.com/exploits/3891 | http://moaxb.blogspot.com/2007/05/moaxb-10-rcontroldll-v1
INPUT | EXCEP |
http://ftp.icdevgroup.org/interchange/5.4/ANNOUNCEMENT-5.4.2.txt hang 1 Crafted POST request cause server to | http://www.frsirt.com/english/a
INPUT |
http://lurker.clamav.net/message/20070418.111144.0df6c5d3.en.html | http://article.gmane.org/gma 1
INPUT |
http://www.milw0rm.com/exploits/3898 | http://www.securityfocus.com/bid/23941 | http://xforce.iss.ne 1
INPUT |
http://www.milw0rm.com/exploits/3910 | http://moaxb.blogspot.com/2007/05/moaxb-12-precisionid-b 1
INPUT |
http://www.milw0rm.com/exploits/3917 | http://moaxb.blogspot.com/2007/05/moaxb-13-id-automatio 1
INPUT |
http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/062773.html | http://www.critical.lt/research 1
�CONFIG |
http://dev2dev.bea.com/pub/advisory/229 | http://www.frsirt.com/english/advisories/2007/1815 | http: 1
EXCEP |
http://dev2dev.bea.com/pub/advisory/237 | http://www.frsirt.com/english/advisories/2007/1815 | http: 1
INPUT |
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413033 | http://bugs.debian.org/cgi-bin/bugreport.c
INPUT |
http://www.milw0rm.com/exploits/3930 | http://www.securityfocus.com/bid/23994 | 1
EXCEP |
http://www.securityfocus.com/archive/1/archive/1/468626/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://www.milw0rm.com/exploits/3929 | http://www.securityfocus.com/bid/23993 | 1
DESIGN |
http://bugs.libgd.org/?do=details&task_id=86 | 1
EXCEP |
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102752-1 | http://www.securityfocus.co 1
�INPUT | EXCEP |
This may be 1 if the presence of an IP address is all that is needed, or 2 or more if some other condition is required in | http://www.aczoom.com/tools/blockhosts/CHANGES the login name 1?
INPUT |
http://www.securityfocus.com/archive/1/archive/1/468784/100/0/threaded | http://milw0rm.com/explo 1
http://www.globus.org/mail_archive/security-announce/2007/05/msg00000.html | http://bugzilla.globus.org/globus/show_bug.cg 1
EXCEP |
http://lists.ratbox.org/pipermail/ircd-ratbox/2007-May/000759.html | http://www.openpkg.com/security
http://scary.beasts.org/security/CESA-2006-004.html |1 http://www.securityfocus.com/bid/24004 | http://www.frsirt.com/english/a
EXCEP |
http://www.zerodayinitiative.com/advisories/ZDI-07-036.html | 1
OTHER |
http://www.cisco.com/en/US/products/products_security_advisory09186a0080847c49.shtml | 1
�EXCEP |
http://madwifi.org/ticket/1335 | http://madwifi.org/wiki/Security | 1
EXCEP |
http://madwifi.org/ticket/1270 | http://madwifi.org/wiki/Security | 1
EXCEP |
http://www.mozilla.org/security/announce/2007/mfsa2007-13.html | 1
INPUT |
http://spamassassin.apache.org/advisories/cve-2007-2873.txt |
EXCEP |
http://marc.info/?l=linux-kernel&m=118128610219959&w=2 | http://marc.info/?l=linux-kernel&m=118 1
INPUT | EXCEP |
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.2 | http://www.securityfocus.com/bid/2 1 corrupt kernel_dirent
ACCESS |
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102911-1 | http://www.securityfocus.co 1
�INPUT |
http://downloads.securityfocus.com/vulnerabilities/exploits/24127.html | http://www.securityfocus.com 1
http://www.securityfocus.com/bid/24131 | http://www.frsirt.com/english/advisories/2007/1927 | http://xforce.iss.net/xforce/xfdb/3
http://www.frsirt.com/english/advisories/2007/1936 | 1
RACE |
http://securityresponse.symantec.com/avcenter/security/Content/2007.05.24a.html | http://securityres 1
INPUT |
http://moaxb.blogspot.com/2007/05/moaxb-23-microsoft-office-2000.html | http://www.shinnai.altervi 1
DESIGN |
http://sourceforge.net/project/shownotes.php?group_id=107955&release_id=501861 | 1
INPUT |
http://www.f-secure.com/security/fsc-2007-4.shtml | http://www.frsirt.com/english/advisories/2007/19 1
EXCEP |
http://marc.info/?l=full-disclosure&m=118040810718045&w=2 | http://www.nruns.com/advisories/%5 1
EXCEP |
http://forum.antivir-pe.de/thread.php?threadid=22528 | http://www.securityfocus.com/bid/24187 | http 1
�INPUT |
http://sourceforge.net/project/shownotes.php?release_id=511778 | http://svn.a-eskwadraat.nl/wsvn/D
EXCEP |
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102745-1 | http://www.securityfocus.co 1
ACCESS |
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102921-1 | http://www.securityfocus.co 1
EXCEP |
http://mail.openvms.org:8100/Lists/alerts/Message/504.html | http://mail.openvms.org:8100/Lists/ale 1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1 | 1
INPUT |
http://www.appwebserver.org/forum/viewtopic.php?t=969 | 1
�http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html | http://kolab.org/security/kolab-vendor-notice-15.txt | 1
http://www.hitachi-support.com/security_e/vuls_e/HS07-013_e/index-e.html | http://www.frsirt.com/english/advisories/2007/202 1
http://www.hitachi-support.com/security_e/vuls_e/HS07-012_e/index-e.html | http://www.frsirt.com/english/advisories/2007/202 1
INPUT |
http://lists.aspl.es/pipermail/vortex/2007-May/000152.html | http://secunia.com/advisories/25442 |
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/470278/100/0/threaded | http://www.matousec.com 1
EXCEP |
http://www.milw0rm.com/exploits/4033 | http://www.securityfocus.com/bid/24292 | http://secunia.com 1
DESIGN |
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243719 | http://svn.berlios.de/viewcvs/open-iscs 1
DESIGN |
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243719 | http://svn.berlios.de/viewcvs/open-iscs 1
�INPUT |
http://mdessus.free.fr/?p=15 | http://bugs.cacti.net/view.php?id=955 | http://svn.cacti.net/cgi-bin/view 1
INPUT |
http://mdessus.free.fr/?p=15 | http://bugs.cacti.net/view.php?id=955 | http://svn.cacti.net/cgi-bin/view 1
OTHER |
http://superb-west.dl.sourceforge.net/sourceforge/maradns/maradns-1.2.12.05.tar.gz | http://www.m ?
DESIGN |
http://superb-west.dl.sourceforge.net/sourceforge/maradns/maradns-1.2.12.06.tar.gz | http://www.m 1
OTHER |
http://maradns.blogspot.com/search/label/MaraDNS | ?
INPUT |
http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html | http://svn.clamav.net/svn/cla 1
EXCEP |
http://www.securityfocus.com/archive/1/archive/1/470751/100/0/threaded | 1
EXCEP |
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=540 | http://www.securityfocus.com 1
EXCEP |
OP.MEAS.DATAQUERY is empty and (2) http://www.securityfocus.com/archive/1/archive/1/470835/100/0/threaded | http://www.securityfocus. 2 MEAS.TYPE is empty
�EXCEP |
http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063859.html | http://www.digit-labs.org/file 1
EXCEP |
http://www.milw0rm.com/exploits/4046 | http://www.securityfocus.com/bid/24375 | http://secunia.com 1
INPUT |
http://www.milw0rm.com/exploits/4056 | http://www.securityfocus.com/bid/24400 | 1
INPUT |
http://aviv.raffon.net/2007/06/11/AppleSafariForWindowsOutWithACrash.aspx |
INPUT |
http://www.securityfocus.com/archive/1/archive/1/458455/100/0/threaded | http://lists.grok.org.uk/pip 1 character in mesasges, tickets, or Wikis.
INPUT | ACCESS |
http://www.milw0rm.com/exploits/3671 | http://www.securityfocus.com/bid/23342 | 1 Configuration can be modified before login
INPUT |
http://projects.info-pull.com/moab/MOAB-20-01-2007.html | http://www.frsirt.com/english/advisories/2 1 format string specifiers in aim:// URI
INPUT |
http://projects.info-pull.com/moab/MOAB-07-01-2007.html | http://www.omnigroup.com/applications/ 1
�INPUT |
http://www.securityfocus.com/archive/1/archive/1/456255/100/0/threaded | http://www.securityfocus. 2 username and real_name are long
INPUT |
https://launchpad.net/bugs/79206 | http://bugzilla.gnome.org/show_bug.cgi?id=396477 | http://ftp.gno 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456523/100/0/threaded | file 2 long #EXTINF and invalid udp:// URI in M3U http://frontal2.mandriva.c
INPUT |
http://sourceforge.net/project/shownotes.php?release_id=475423&group_id=21558 | http://www.secu
INPUT |
http://sourceforge.net/project/shownotes.php?release_id=477793&group_id=21558 | http://www.secu
INPUT |
http://www.securityfocus.com/archive/1/archive/1/456755/100/0/threaded | http://www.securityfocus. 1 ftp:// URI > N
�INPUT |
Code executed in format string specifiers in http://projects.info-pull.com/moab/MOAB-16-01-2007.html | http://www.securityfocus.com/bid/22086 1 INVITE request
INPUT |
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607crafted string 2 (1) A JIS ecoded font and (2) | http://www.frsirt.com/english/advisories
INPUT |
http://projects.info-pull.com/moab/MOAB-23-01-2007.html ARGB record 1 PICT image with malformed | http://www.securityfocus.com/bid/22207
INPUT |
Code injected in format string specifiers via (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml http://projects.info-pull.com/moab/MOAB-24-01-2007.html | http://www.frsirt.com/english/advisories/2 1 MIME type.
INPUT |
http://security-protocols.com/sp-x43-advisory.php | http://www.securityfocus.com/bid/22228 | http://d 1
INPUT |
http://www.milw0rm.com/exploits/3229 | http://www.securityfocus.com/bid/22315 | http://milw0rm.com 1
�INPUT |
http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html | http://docs.info.apple.c 1
INPUT |
http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html | http://docs.info.apple.c 1
INPUT |
http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html | http://docs.info.apple.c 1
INPUT |
http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html | http://docs.info.apple.c 1
INPUT |
http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html | http://docs.info.apple.c 1
INPUT |
http://www.milw0rm.com/exploits/3254 | http://www.securityfocus.com/bid/22377 | http://milw0rm.com
INPUT |
http://www.mozilla.org/security/announce/2007/mfsa2007-01.html | http://www.securityfocus.com/arc
INPUT |
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=471 | http://www.frsirt.com/english
�INPUT |
http://lists.roaringpenguin.com/pipermail/mimedefang/2007-February/032011.html | http://secunia.co 1
EXCEP |
http://marc.theaimsgroup.com/?l=full-disclosure&m=117094708423302&w=2 | http://www.milw0rm.c 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/459928/100/0/threaded | http://lists.grok.org.uk/pip 1
INPUT |
http://www.blackhat.com/presentations/bh-europe-07/Butti/Presentation/bh-eu-07-Butti.pdf | 1
INPUT |
http://www.milw0rm.com/exploits/3331 | http://vicftps.50webs.com/ | http://www.securityfocus.com/bi 1
INPUT |
http://www.milw0rm.com/exploits/3514 | http://www.securityfocus.com/bid/23002 | http://xforce.iss.ne 1
EXCEP |
http://aluigi.altervista.org/adv/nasbugs-adv.txt | http://www.securityfocus.com/bid/23017 | http://www. 1
INPUT |
http://netsieben.com/files/CHANGELOG | 1
�INPUT |
http://code.google.com/p/tinymux/issues/detail?id=282&can=2&q= | http://www.tinymux.org/changes 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/467038/100/0/threaded | http://www.vsecurity.com 1
INPUT |
http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/054024.html | http://www.digit-labs.org/files
INPUT |
http://www.frsirt.com/english/advisories/2007/1587 | http://xforce.iss.net/xforce/xfdb/34010 |
INPUT | EXCEP |
http://www.securityfocus.com/archive/1/archive/1/468070/100/0/threaded | 1 MIB filename argument length > N
INPUT |
http://sourceforge.net/tracker/index.php?func=detail&aid=1716196&group_id=12272&atid=112272 | 1
�INPUT |
http://scary.beasts.org/security/CESA-2007-001.html | http://www.securityfocus.com/bid/24001 | http 1
EXCEP |
http://madwifi.org/ticket/1334 | http://madwifi.org/wiki/Security | 1
INPUT |
http://www.kb.cert.org/vuls/id/449089 | http://www.securityfocus.com/bid/24328 | http://www.frsirt.com 1
INPUT |
http://www.milw0rm.com/exploits/3986 | http://moaxb.blogspot.com/2007/05/moaxb-25-leadtools-ras 1
INPUT |
http://www.milw0rm.com/exploits/4009 | http://moaxb.blogspot.com/2007/05/moaxb-29-edraw-office 1
DESIGN | ACCESS |
http://www.redhat.com/archives/fedora-devel-list/2007-January/msg01271.html | http://www.redhat.c 1 password hash length = 2
OTHER |
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223233 | http://secunia.com/advisories/24225 | 1
INPUT |
http://projects.info-pull.com/moab/MOAB-21-01-2007.html | http://www.osvdb.org/31605 | http://secu 1 modified path points to launchctl program
�INPUT |
(!)CFUserNotficationSend request function http://projects.info-pull.com/moab/MOAB-22-01-2007.html | http://docs.info.apple.com/article.html?a 2 used and (2) DiskUtil used
ACCESS |
http://milw0rm.com/exploits/3068 | http://www.securityfocus.com/bid/21847 | http://secunia.com/advi 1
DESIGN |
http://www.cisco.com/warp/public/707/cisco-sa-20070103-CleanAccess.shtml | http://www.frsirt.com 1
INPUT | DESIGN |
Malicous program creates fake iphlpapi.dll in http://www.securityfocus.com/archive/1/archive/1/455624/100/0/threaded | http://www.matousec.com 1 SKPF instillation directory
INPUT |
http://www.securityfocus.com/archive/1/archive/1/455729/100/0/threaded | http://www.securityfocus. 1 filename length > N
http://marc.theaimsgroup.com/?l=openbsd-cvs&m=116781980706409&w=2 | http://ilja.netric.org/files/Unusual%20bugs%2023 1
DESIGN | ACCESS |
http://www.securityfocus.com/archive/1/archive/1/455832/100/0/threaded | http://aria-security.com/fo 1
DESIGN | ACCESS |
http://www.securityfocus.com/archive/1/archive/1/455807/100/0/threaded | http://aria-security.com/fo 1
�DESIGN | ACCESS |
http://www.milw0rm.com/exploits/3066 | http://xforce.iss.net/xforce/xfdb/31222 | http://milw0rm.com/e 1
DESIGN | ACCESS |
http://www.securityfocus.com/archive/1/archive/1/455788/100/0/threaded | http://aria-security.com/fo 1
ACCESS |
http://aria-security.com/forum/showthread.php?t=85 | http://www.frsirt.com/english/advisories/2007/0 1
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/455977/100/0/threaded | 1
INPUT |
http://spine.sourceforge.net/changelog.html | http://www.frsirt.com/english/advisories/2007/0042 | htt 1 Specially crafted HTML request
DESIGN |
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974970.htm | http://www.securityfocus.com/b 1
DESIGN | ACCESS |
http://www.securityfocus.com/archive/1/archive/1/456047/100/0/threaded | http://xforce.iss.net/xforce 1
INPUT |
http://projects.info-pull.com/moab/MOAB-05-01-2007.html | http://www.securityfocus.com/bid/21899 1 crafted BOM file
�ACCESS |
http://sourceforge.net/project/shownotes.php?group_id=171441&release_id=475663 | http://secunia 1
ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/AXP_DNVOSIMUP01-V0703-2.txt | ftp://ftp.itrc.hp.com/openvms_patches/ 1
DESIGN | ACCESS |
http://www.securityfocus.com/archive/1/archive/1/456228/100/0/threaded | http://xforce.iss.net/xforce 1
ACCESS |
http://www.securityfocus.com/archive/1/archive/1/456230/100/0/threaded | http://xforce.iss.net/xforce 1
DESIGN | ACCESS |
http://www.securityfocus.com/archive/1/archive/1/456117/100/0/threaded | http://64.38.62.221/ariase 1
DESIGN | ACCESS |
http://www.securityfocus.com/archive/1/archive/1/456226/100/0/threaded | http://xforce.iss.net/xforce 1
DESIGN | ACCESS |
http://www.securityfocus.com/archive/1/archive/1/456239/100/0/threaded | http://xforce.iss.net/xforce 1
DESIGN | ACCESS |
http://www.securityfocus.com/archive/1/archive/1/456238/100/0/threaded | http://xforce.iss.net/xforce 1
DESIGN | ACCESS |
http://www.securityfocus.com/archive/1/archive/1/456235/100/0/threaded | http://xforce.iss.net/xforce 1
�INPUT |
http://arctic.org/~dean/patches/GeoIP-1.4.0-update-vulnerability.patch | http://frontal2.mandriva.com 1
ACCESS |
http://landonf.bikemonkey.org/code/macosx/MOAB_Day_8.20070109002959.18582.timor.html | http 1
DESIGN |
http://security.freebsd.org/advisories/FreeBSD-SA-07:01.jail.asc | http://www.securityfocus.com/bid/2 ?
ACCESS |
http://getahead.ltd.uk/dwr/changelog | http://www.securityfocus.com/bid/21955 | http://www.frsirt.com 1
INPUT |
http://www.mnin.org/advisories/2007_firepass.pdf | https://tech.f5.com/home/solutions/sol6924.html 1
ACCESS |
http://www.mnin.org/advisories/2007_firepass.pdf | https://tech.f5.com/home/solutions/sol6922.html 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/455894/100/100/threaded | 1
�DESIGN | ACCESS |
http://www.securityfocus.com/archive/1/archive/1/456128/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://www.microsoft.com/technet/security/Bulletin/MS07-007.mspx | http://www.securityfocus.com/b
INPUT |
http://www.microsoft.com/technet/security/Bulletin/MS07-006.mspx | http://www.kb.cert.org/vuls/id/24 1
INPUT | DESIGN |
http://www.debian.org/security/2007/dsa-1269 | http://secunia.com/advisories/24377 | http://secunia. 1 ndeb binary feature allows overwrite
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/456598/100/0/threaded | http://labs.calyptix.com/ad 1
http://www.securityfocus.com/archive/1/archive/1/456622/100/0/threaded | ?
http://www.securityfocus.com/archive/1/archive/1/456626/100/0/threaded | http://forums.grsecurity.net/viewtopic.php?t=1646 | h 1
DESIGN |
http://www.milw0rm.com/exploits/3116 | http://www.securityfocus.com/bid/22025 | http://secunia.com 1
�http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert 1
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert 1
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert ?
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html | http://www.us-cert.gov/cas/techalert 1
INPUT |
http://oss.gonicus.de/pipermail/gosa/2007-January/002650.html | http://www.frsirt.com/english/advis 1
�INPUT |
http://www.securityfocus.com/archive/1/archive/1/456986/100/0/threaded | http://www.securityfocus. 1 Admisnitrative actions through direct request
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/456973/100/0/threaded | http://www.matousec.com 1
ACCESS |
http://www.ingate.com/relnote-451.php | http://www.securityfocus.com/bid/22080 | http://secunia.com ?
DESIGN | RACE |
http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051793.html | http://www.securityfocus. 1
ACCESS |
http://projects.info-pull.com/moab/MOAB-15-01-2007.html | http://www.milw0rm.com/exploits/3136 | ?
DESIGN | RACE |
http://www.securityfocus.com/archive/1/archive/1/457217/100/0/threaded | http://www.securityfocus. 1
INPUT |
(1) Modified path and (2) malicious ipfw http://projects.info-pull.com/moab/MOAB-18-01-2007.html | http://secunia.com/advisories/23842 | ht 2 program
�DESIGN |
http://projects.info-pull.com/moab/MOAB-18-01-2007.html | http://secunia.com/advisories/23842 | ?
EXCEP |
http://www.securityfocus.com/archive/1/archive/1/457279/100/0/threaded | http://www.securityfocus. 1
EXCEP |
http://www.securityfocus.com/archive/1/archive/1/457279/100/0/threaded | http://www.securityfocus. 1
EXCEP |
http://www.securityfocus.com/archive/1/archive/1/457279/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://code.djangoproject.com/changeset/3754 | http://secunia.com/advisories/23826 | http://www.se 1 user name not chached
DESIGN | ACCESS |
(1) Does not validate client certificates and (2) http://dev2dev.bea.com/pub/advisory/202 | http://www.frsirt.com/english/advisories/2007/0213 | http: 2 reusing chached connections
OTHER |
http://dev2dev.bea.com/pub/advisory/205 | http://www.frsirt.com/english/advisories/2007/0213 | http: 1
ACCESS |
http://dev2dev.bea.com/pub/advisory/210 | http://www.frsirt.com/english/advisories/2007/0213 | http: 1
ACCESS |
http://dev2dev.bea.com/pub/advisory/211 | http://www.frsirt.com/english/advisories/2007/0213 | http: ?
�ACCESS |
http://dev2dev.bea.com/pub/advisory/212 | http://www.frsirt.com/english/advisories/2007/0213 | http: 1
DESIGN |
http://dev2dev.bea.com/pub/advisory/218 | http://www.frsirt.com/english/advisories/2007/0213 | http: 1
INPUT |
http://dev2dev.bea.com/pub/advisory/222 | http://www.frsirt.com/english/advisories/2007/0213 | http: 1 Overflow allows privledges
DESIGN | ACCESS |
http://dev2dev.bea.com/pub/advisory/223 | http://www.frsirt.com/english/advisories/2007/0213 | http: ?
ACCESS |
http://dev2dev.bea.com/pub/advisory/224 | http://securitytracker.com/id?1017523 | http://secunia.com 1
DESIGN |
http://dev2dev.bea.com/pub/advisory/221 | http://securitytracker.com/id?1017524 | http://secunia.com 1
DESIGN | ACCESS |
http://dev2dev.bea.com/pub/advisory/220 | http://secunia.com/advisories/23786 | ?
ACCESS |
http://www.securityfocus.com/archive/1/archive/1/457453/100/0/threaded | http://www.securityfocus. 1
�http://jvn.jp/niscc/NISCC-462660/index.html | http://www.cpni.gov.uk/Products/advisories/default.aspx?id=al-20070129-0107.xm 1
INPUT | ACCESS |
fopen function does not handled invalid URI http://marc.info/?l=full-disclosure&m=116977186211191&w=2 | http://securityreason.com/achieveme 1 handlers
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102773-1 | http://www.securityfocus.com/bid/22190 | http://www. ?
INPUT |
http://www.securityfocus.com/archive/1/archive/1/457683/100/0/threaded | http://www.securityfocus. 1 Crafted report parameter
RACE |
https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html | http://developer.ber 1
DESIGN |
https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html | http://developer.ber ?
INPUT |
writeFile() function creates incorrect permisions https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html | http://developer.ber 1 on files
�DESIGN |
http://security.gentoo.org/glsa/glsa-200701-19.xml | http://secunia.com/advisories/23881 | http://www 1
ACCESS |
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102779-1 | http://www.securityfocus.co ?
DESIGN | ACCESS |
http://www.securityfocus.com/archive/1/archive/1/457825/100/0/threaded | http://secunia.com/adviso 1
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/457852/100/0/threaded | http://secunia.com/adviso 1
DESIGN | ACCESS |
http://www.securityfocus.com/archive/1/archive/1/457868/100/0/threaded | http://www.procheckup.co 1
DESIGN |
https://issues.rpath.com/browse/RPL-987 | http://lists.rpath.com/pipermail/security-announce/2007-J 1
INPUT | DESIGN |
https://issues.rpath.com/browse/RPL-1002 | are dropped 1 Root privledges
INPUT |
register_globals = true, conffile parameter http://www.milw0rm.com/exploits/3222 | http://www.frsirt.com/english/advisories/2007/0399 | http://m 2 malicious
�INPUT |
http://www.securityfocus.com/archive/1/archive/1/458076/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/458076/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/458111/100/0/threaded | http://www.devtarget.org/ 1
INPUT | DESIGN |
Data Object is sent representing an absolute http://www.securityfocus.com/archive/1/archive/1/458137/100/0/threaded | http://www.ngssoftware.c 1 pointer
ACCESS |
http://sourceforge.net/project/shownotes.php?group_id=51417&release_id=481584 | http://www.plain 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/460063/100/0/threaded | http://secunia.com/secun
INPUT |
http://www.alientrap.org/devwiki/index.php?n=Nexuiz.Patch | http://www.frsirt.com/english/advisories 1
�INPUT |
http://lists.immunitysec.com/pipermail/dailydave/2007-January/004003.html | http://lists.immunitysec
INPUT |
http://www.milw0rm.com/exploits/3239 | http://milw0rm.com/exploits/3239 | http://xforce.iss.net/xforc
INPUT |
http://www.milw0rm.com/exploits/3208 | http://www.securityfocus.com/bid/22279 | http://www.frsirt.co 1
ENV |
http://jvn.jp/jp/JVN%2393700808/index.html | http://www.fenrir.co.jp/press/20070126_2.html | http://w 1
INPUT |
http://jvn.jp/jp/JVN%2393700808/index.html | http://www.fenrir.co.jp/press/20070126_2.html | http://w
ENV |
http://docs.info.apple.com/article.html?artnum=305391 | http://lists.apple.com/archives/Security-anno
�ACCESS |
http://www.milw0rm.com/exploits/3252 | http://www.securityfocus.com/bid/20805 | http://milw0rm.com 1
ACCESS |
http://www.securityfocus.com/archive/1/archive/1/459025/100/0/threaded | http://www.bugzilla.org/se ?
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/459186/100/0/threaded | http://forums.avenir-geop 1
DESIGN | ACCESS |
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0174.html | http://securityvulns.com/n ?
ACCESS |
http://www.avast.com/eng/avast-4-server-revision-history.html | http://www.securityfocus.com/bid/22 1
INPUT | DESIGN | ACCESS | http://www.milw0rm.com/exploits/3282 | http://www.securityfocus.com/bid/22451 | http://milw0rm.com 2 (1) session ID valid AND (2) UID = 1
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/459397/100/0/threaded | http://www.securityfocus. 1
�DESIGN |
http://www.securityfocus.com/archive/1/archive/1/459500/100/0/threaded | http://secunia.com/adviso ?
RACE |
run rm on a low level directory, move low level http://sunsolve.sun.com/search/document.do?assetkey=1-26-102782-1 | http://www.frsirt.com/englis 2 directory higher as it is being deleted
INPUT |
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=476 | http://www.securityfocus.com 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/459827/100/0/threaded | http://xforce.iss.net/xforce 1
ACCESS |
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00862809 | http://www.securityfocus.com 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/459794/100/0/threaded | http://www.securityfocus. 1
INPUT | ACCESS |
http://www.securityfocus.com/archive/1/archive/1/459789/100/0/threaded | http://www.securityfocus. 1 Authentication bypassed by direct request
INPUT | ACCESS |
$mysql['pass'] and $gbpass variables modified to allow administrative privledges http://www.securityfocus.com/archive/1/archive/1/459799/100/0/threaded | 2?
�DESIGN |
http://sourceforge.net/forum/forum.php?forum_id=660919 | http://www.securityfocus.com/bid/22388 ?
CONFIG |
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052382.html | http://www.kb.cert.org/v 1
CONFIG |
(1) Configured to use LOCAL authentication method and (2) privlidges gained by http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2484.shtml | http://w 2 unspecified vectors
http://www.cisco.com/en/US/products/products_security_advisory09186a00807e2481.shtml | http://www.frsirt.com/english/adv 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/460076/100/0/threaded | http://www.securityfocus. 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/460076/100/0/threaded | http://www.securityfocus. 1
DESIGN |
http://sourceforge.net/forum/forum.php?forum_id=660919 | http://superb-east.dl.sourceforge.net/sou 1
INPUT |
http://www-1.ibm.com/support/docview.wss?uid=isg1IY94901 | http://secunia.com/advisories/24154 1
�INPUT |
http://www.securityfocus.com/archive/1/460217/100/0/threaded | http://lcamtuf.dione.cc/ffhostname.h 1
INPUT |
http://www.milw0rm.com/exploits/3332 | http://www.securityfocus.com/bid/22609 | http://www.frsirt.co 1
ACCESS |
http://www.rhyolite.com/anti-spam/dcc/CHANGES | http://www.securityfocus.com/bid/22622 | http://w ?
DESIGN |
http://matt.ucc.asn.au/dropbear/CHANGES | http://www.securityfocus.com/bid/22761 | http://www.frs 1
DESIGN |
http://www.zerodayinitiative.com/advisories/ZDI-07-014.html | http://www.kaspersky.com/technews?i 1
INPUT |
http://www.securityfocus.com/bid/22690 | http://www.securityfocus.com/archive/1/archive/1/461330/1 ?
INPUT |
http://www.securityfocus.com/archive/1/archive/1/460917/100/0/threaded | http://www.securityfocus. 1
http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250 | http://www.securityfocus.com/bid/22563 | http://www.frsirt
�http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250 | http://www.securityfocus.com/bid/22563 | http://www.frsirt
INPUT |
http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250 | http://www.securityfocus.com/b 1
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/461437/100/0/threaded | http://marc.theaimsgroup 1
ACCESS |
https://secure-support.novell.com/KanisaPlatform/Publishing/648/3429077_f.SAL_Public.html | http:/ ?
INPUT |
http://www.php-security.org/MOPB/BONUS-12-2007.html | http://www.securityfocus.com/bid/22831 | 1
INPUT |
http://lists.kde.org/?l=kde-announce&m=117346514411140&w=2 | http://ktorrent.org/forum/viewtopic 1
DESIGN |
http://www.securityfocus.com/archive/1/archive/1/462263/100/0/threaded | http://www.securityfocus. 1
RACE |
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413658 | http://www.securityfocus.com/bid/22925 | 1
�INPUT |
http://www.securityfocus.com/archive/1/archive/1/462584/100/0/threaded | http://forums.avenir-geop 1
DESIGN |
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.3 | http://secunia.com/advisories/2449 1
DESIGN | ACCESS |
http://bugs.gentoo.org/show_bug.cgi?id=159542 | http://security.gentoo.org/glsa/glsa-200703-20.xm 1
DESIGN | CONFIG |
http://www.securityfocus.com/archive/1/archive/1/462793/100/0/threaded | http://www.symantec.com 1
INPUT | DESIGN |
Clients can be forced to connect to other http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf | https://bugzilla.mozilla.org/show_ 1 servers or preform a port scan
INPUT | DESIGN |
Clients can be forced to connect to other http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf | http://www.securityfocus.com/bid 1 servers or preform a port scan
INPUT | DESIGN |
Clients can be forced to connect to other http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf | http://www.ubuntu.com/usn/usn1 servers or preform a port scan
INPUT |
http://www.securityfocus.com/archive/1/archive/1/463291/100/0/threaded | http://www.metaeye.org/a 1
�CONFIG |
http://archives.neohapsis.com/archives/isn/2007-q1/0418.html | http://news.com.com/Windows+wea 1
INPUT |
http://sourceforge.net/project/shownotes.php?release_id=500765 | http://www.securityfocus.com/bid 1
INPUT |
http://bugs.kde.org/show_bug.cgi?id=143637 | https://bugs.gentoo.org/show_bug.cgi?id=170303 | ht 1
ACCESS |
http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Dror | http://www.cisco.com/en 1
INPUT |
http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=252 | http://www.web-app.org/cgi-bin 1
DESIGN |
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=504 | http://www.kaspersky.com/te 1
�INPUT |
http://www.securityfocus.com/archive/1/archive/1/464959/100/0/threaded | http://www.majorsecurity. 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/464886/100/0/threaded | http://www.majorsecurity. 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/464884/100/0/threaded | http://www.majorsecurity. 1
INPUT |
http://www.securityfocus.com/archive/1/archive/1/464887/100/0/threaded | http://www.majorsecurity. 1
INPUT | ACCESS |
http://pridels.blogspot.com/2007/03/alstrasoft-video-share-enterprise.html | http://www.securityfocus. 1 Authentication bypassed by direct request
DESIGN | ACCESS |
http://tweakers.net/reviews/682 | http://tweakers.net/reviews/683 | 1
INPUT |
http://www.bugtraq.ir/articles/advisory/picozip_directory_traversal/9 | http://www.securityfocus.com/b 1
DESIGN |
http://www.ssh.com/documents/33/SSH_Tectia_Server_5.4.0_zOS_releasenotes.txt | http://www.se 1
DESIGN |
http://sourceforge.net/tracker/index.php?func=detail&aid=1696777&group_id=101952&atid=630783 1
INPUT | ACCESS |
(1)SECURITY_DEFINER fucntion can be http://www.postgresql.org/about/news.791 | http://www.postgresql.org/support/security.html | http://se 2 called and (2)authenticated user
�ACCESS |
http://www.securityfocus.com/archive/1/archive/1/466214/100/0/threaded | http://www.oracle.com/tec 1
ACCESS |
http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0569.html | http://www.securityfocus.c 1
INPUT |
http://www.milw0rm.com/exploits/3783 | http://www.securityfocus.com/bid/23617 | http://www.frsirt.co 1
INPUT |
http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx | http://www.securityfocus.com/bi
INPUT |
http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf |
DESIGN |
http://marc.info/?l=linux-kernel&m=118128610219959&w=2 | http://marc.info/?l=linux-kernel&m=118 1
�DESIGN |
(1) Port X has a bind with wild card local adress and (2) binding is not prevented to that local http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=de34ed91c4ffa4727964a83 2 address
http://www.securityfocus.com/archive/1/archive/1/467746/100/0/threaded | http://www.securityfocus.com/bid/23834 | 1
INPUT | EXCEP |
Input exceeds bound of buffer in either config\ConfigFile.cpp or http://www.securityfocus.com/archive/1/archive/1/468070/100/0/threaded | 1 \msgs\check_msgs.epp
DESIGN |
http://www.milw0rm.com/exploits/3899 | http://moaxb.blogspot.com/2007/05/morovia-barcode-active 1
RACE |
http://www.novell.com/linux/security/advisories/2007_10_sr.html | http://www.securityfocus.com/bid/2 1
DESIGN |
http://www.gamasec.net/english/gs07-01.html | http://www.cisco.com/en/US/products/products_secu 1
DESIGN |
http://www.gamasec.net/english/gs07-01.html | http://www.kb.cert.org/vuls/id/739224 | http://www.se 1
DESIGN |
http://www.gamasec.net/english/gs07-01.html | http://www.kb.cert.org/vuls/id/739224 | http://www.se 1
�DESIGN |
http://bugs.mysql.com/bug.php?id=27515 | http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.htm 1
DESIGN |
http://moaxb.blogspot.com/2007/05/moaxb-15-db-software-laboratory.html | http://shinnai.altervista.o 1
DESIGN |
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c010 1
OTHER |
http://www.businessinfo.co.uk/labs/googlesnoop/snoop.html | http://www.thespanner.co.uk/2007/05/ ?
INPUT |
http://www.securityfocus.com/archive/1/archive/1/470272/100/0/threaded | http://www.majorsecurity. 1
ACCESS |
http://isc.sans.org/diary.html?storyid=2220 | http://www.milw0rm.com/exploits/3293 | http://www.secu 1
�1 2 3 0 Category
0
0
0
0
0
�0
0
0
0
�1
1
1
1
1
1
1
�1
1
1
1
1
1
1
�1
1
1
1
1
1
�1
1
1
1
1
1
1
1
�1
1
1
1
1
�1
1
1
1
1
1
1
1
1
�1
1
1
1
1
1
1
�1
1
1
1
1
1
1
1
1
�1
1
1
1
1
1
�1
1
1
1
1
1
1
�1
1
1
1
1
1
1
1
�1
1
1
1
1
1
1
1
1
�1
1
1
1
1
1
1
1
1
1
�1
1
1
1
1
�1
1
1
1
1
1
1
1
�1
1
1
�1
1
1
1
1
1
�1
1
1
1
1
1
1
�1
1
1
1
1
1
1
�1
1
1
1
1
1
�1
1
1
1
1
�1
1
1
1
�1
1
1
1
1
1
1
1
�1
1
1
1
1
1
1
1
�1
1
1
1
1
1
1
1
1
�1
1
1
1
1
1
1
�1
1
1
1
1
1
1
�1
1
1
1
1
1
1
1
1
�1
1
1
1
1
1
1
1
�1
1
1
1
1
1
1
1
1
�1
1
1
1
1
1
1
1
�1
1
1
1
1
1
1
1
�1
1
1
1
1
1
1
1
1
1
�1
1
1
1
1
1
1
1
�1
1
1
1
1
1
1
1
�1
1
1
1
1
1
1
1
�1
1
1
1
1
1
�1
1
1
1
�1
1
1
1
1
1
1
�1
1
1
1
1
1
�1
1
1
1
1
1
1
�1
1
1
1
1
�1
1
1
1
1
1
1
1
�1
1
1
1
1
1
1
�1
1
1
1
1
1
1
1
1
�1
1
1
1
1
1
1
1
1
1
�1
1
1
1
1
1
1
1
�1
1
1
1
1
1
�1
1
1
1
1
1
1
1
�1
1
1
1
1
1
1
�1
1
1
1
1
1
1
1
1
�1
1
1
1
1
1
1
1
1
�1
1
1
1
1
1
1
1
�1
1
1
1
1
1
1
1
1
�1
1
1
1
1
1
1
1
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
�2
2
2
2
2
2
�2
2
2
2
2
2
2
�2
2
2
2
2
2
�2
2
2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
2
2
�2
2
2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
2
2
�2
2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
2
�2
2
2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
2
2
2
2
�2
2
2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
2
�2
2
2
2
2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
2
2
�2
2
2
2
2
2
2
�2
2
2
2
2
2
2
2
2
�2
2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
2
�2
2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
2
2
2
�2
2
2
2
2
2
�2
2
2
2
2
3
3
3
�3
3
3
3
3
3
3
3
�3
3
3
3
3
3
3
3
�3
3
3
3
3
3
3
3
3
�3
3
3
3
3
3
3
�3
3
3
3
3
3
3
3
�3
3
3
3
3
�3
3
3
3
3
3
3
�3
3
3
3
3
3
3
3
3
�3
3
3
3
3
3
3
3
�3
3
3
3
3
3
3
�3
3
3
3
3
3
3
3
�3
3
3
3
3
3
3
�3
3
3
3
3
3
�3
3
3
3
3
3
3
�3
3
3
3
3
3
3
3
�3
3
3
3
3
3
3
3
�3
3
3
3
3
3
3
3
�3
3
3
3
3
3
3
3
�3
3
3
3
3
3
3
3
�3
3
3
3
3
3
�3
3
3
3
3
3
3
3
3
3
�3
3
3
3
3
3
�3
3
3
3
3
3
3
3
�3
3
3
3
3
3
�Unknown 1 way 2 way 3 way Total 152 798 55 3 1008 Cumulative 798 853 856 0.932243 0.996495 1
2007 2006 Total Cumulative
798 55 1620 95 2418 150 2418 2568 0.931433 0.989214
3 25 28 2596 1
T 1 2 3 4 5 6 0.931 0.989 1 1 1 1
1
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1 0 1
�NVD 2007 data
1
0.9
0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0 1 way 2 way 3 way
NVD 2007 data
NVD 2006, 2007
NVD 2006, 2007
2
3
4
5
6
�