Multiple Total Remote Compromise Vulnerabilities in Mercury SiteScope Monitoring Software
CVE-2007-6257, VU#245025. Discovered: 10.05.06. Disclosed: 09.20.07. Critical vulnerabilities exist within the Mercury SiteScope server monitoring software. Some of these can result in a complete remote compromise of the entire monitored network, as well as arbitrary code execution on all servers managed by the SiteScope software.
Buffer Overflow in Mono BigInteger Montgomery Reduction Method
VU#146292. Discovered: 07.25.07. Reported: 08.24.07. Disclosed: 09.20.07. An exploitable buffer overflow vulnerability exists in the Montgomery reduction method within the Mono Frameworks BigInteger Class (Mono.Math.BigInteger).
Static Microsoft Windows WPAD entries might allow interception of traffic
CVE-2007-1692. Disclosed: 03.26.07. The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries. A remote attacker could leverage this to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests.