Vulnerability Summary for the Week of July 31, 2006
Released
Aug 07, 2006
Document ID
SB06-219
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Apple -- Mac OS X Server Apple -- Mac OS X | Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request. |
| 7.0 | CVE-2006-3498 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated. |
| 7.0 | CVE-2006-3505 APPLE | ||
| Apple -- Safari | The KHTMLParser::popOneBlock function in Apple Safari 2.0.4 on Mac OS X 10.4 allows remote attackers to execute arbitrary code via Javascript that changes document.body.innerHTML within a DIV tag, which results in memory corruption. |
| 7.0 | CVE-2006-3946 BLOGSPOT FRSIRT SECUNIA BID XF | ||
| Banex -- Banex | Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the (1) site_name parameter to (a) signup.php, and the (2) id, (3) deleteuserbanner, (4) viewmem, (5) viewmemunb, (6) viewunmem,or (7) deleteuser parameters to (b) admin.php. |
| 7.0 | CVE-2006-3963 FULLDISC BID | ||
| Banex -- Banex | PHP remote file inclusion vulnerability in members.php in Banex PHP MySQL Banner Exchange 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_root parameter. |
| 7.0 | CVE-2006-3964 FULLDISC BID | ||
| BosDev -- BosDates | PHP remote file inclusion vulnerability in payment.php in BosDev BosDates allows remote attackers to execute arbitrary PHP code via a URL in the insPath parameter. |
| 7.0 | CVE-2006-3957 OTHER-REF BID SECTRACK | ||
| Brian Wotring -- Osiris | Format string vulnerability in Brian Wotring Osiris before 4.2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified attack vectors related to the logging functions. |
| 7.0 | CVE-2006-3120 OTHER-REF OTHER-REF DEBIAN | ||
| Carlos Sanchez Valle -- MyNewsGroups PHP Layers Menu -- PHP Layers Menu | PHP remote file inclusion vulnerability in /lib/tree/layersmenu.inc.php in the PHP Layers Menu 2.3.5 package for MyNewsGroups 0.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter. |
| 7.0 | CVE-2006-3966 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
| Computer Associates -- eTrust Antivirus WebScan | Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote attacakers to execute arbitrary code due to "improper bounds checking when processing certain user input." |
| 7.0 | CVE-2006-3975 OTHER-REF SECUNIA | ||
| EFS Software -- Easy File Sharing FTP Server | Stack-based buffer overflow in EFS Software Easy File Sharing FTP Server 2.0 allows remote attackers to execute arbitrary code via a long argument to the PASS command. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-3952 FRSIRT SECUNIA | ||
| Joomla! -- LMO | PHP remote file inclusion vulnerability in lmo.php in the LMO Component (com_lmo) 1.0b2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-3970 OTHER-REF FRSIRT XF | ||
| libTIFF -- libTIFF | Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2 allow context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors. |
| 8.0 | CVE-2006-3459 DEBIAN | ||
| libTIFF -- libTIFF | Heap-based buffer overflow in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors. |
| 8.0 | CVE-2006-3460 DEBIAN | ||
| libTIFF -- libTIFF | Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors. |
| 7.0 | CVE-2006-3461 DEBIAN | ||
| libTIFF -- libTIFF | Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors. |
| 7.0 | CVE-2006-3462 DEBIAN | ||
| libTIFF -- libTIFF | Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors. |
| 8.0 | CVE-2006-3465 DEBIAN | ||
| Mam-moodle alpha component -- Mam-moodle alpha component | PHP remote file inclusion vulnerability in moodle.php in Mam-moodle alpha component (com_moodle) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-3951 OTHER-REF BID FRSIRT XF | ||
| Mambo -- Artlinks component | PHP remote file inclusion vulnerability in artlinks.dispnew.php in the Artlinks component (com_artlinks) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-3949 BUGTRAQ BID | ||
| Mambo -- bayesiannaivefilter | PHP remote file inclusion vulnerability in administrator/components/com_bayesiannaivefilter/lang.php in the bayesiannaivefilter component (com_bayesiannaivefilter) 1.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-3962 OTHER-REF BID | ||
| MamboXChange -- a6MamboHelpDesk | PHP remote file inclusion vulnerability in admin.a6mambohelpdesk.php in a6mambohelpdesk Mambo Component 18RC1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. |
| 7.0 | CVE-2006-3930 BUGTRAQ Milw0rm BID FRSIRT | ||
| Mikael Software -- WMNews | PHP remote file inclusion vulnerability in index.php in WMNews 0.2a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_datapath paramter. |
| 7.0 | CVE-2006-3928 OTHER-REF BID FRSIRT OSVDB SECUNIA XF | ||
| MiniBB -- MiniBB | Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) news.php, (2) search.php, or (3) whosOnline.php. |
| 7.0 | CVE-2006-3955 BUGTRAQ BUGTRAQ BID SECTRACK SECTRACK XF | ||
| Moskool -- Moskool | PHP remote file inclusion vulnerability in component/option,com_moskool/Itemid,34/admin.moskool.php in MamboXChange Moskool 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-3967 BUGTRAQ BID | ||
| PHP Pro Bid -- PHP Pro Bid | Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) start parameters to (a) viewfeedback.php or the (3) orderType parameter to (b) categories.php. |
| 7.0 | CVE-2006-3926 BUGTRAQ BID OSVDB OSVDB SECTRACK SECUNIA XF | ||
| phpBB Group -- phpbb-auction | Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-1234. NOTE: the original disclosure states that the product name is "PHP-Auction", but this is probably an error. |
| 7.0 | CVE-2006-3940 BUGTRAQ OTHER-REF | ||
| PortailPHP -- PortailPHP | PHP remote file inclusion vulnerability in mod_membre/inscription.php in PortailPHP 1.7 allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. |
| 7.0 | CVE-2006-3922 OTHER-REF FRSIRT SECUNIA BUGTRAQ BID XF | ||
| ScriptsCenter -- ezUpload Pro | ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform administrative activities without authentication in (1) filter.php, which permits changing the Extensions Mode file type; (2) access.php, which permits changing the Protection Method; (3) edituser.php, which permits adding upload capabilities to user accounts; (4) settings.php, which permits changing the admin information; and (5) index.php, which permits uploading of arbitrary files. |
| 7.0 | CVE-2006-3939 BUGTRAQ BID | ||
| Sun -- N1 Grid Engine | Unspecified vulnerability in the daemons for Sun N1 Grid Engine 5.3 and N1 Grid Engine 6.0 allows local users to cause a denial of service (grid service shutdown) and possibly execute arbitrary code using buffer overflows via unknown vectors. |
| 7.0 | CVE-2006-3941 SUNALERT BID FRSIRT SECTRACK SECUNIA | ||
| Ubuntu -- Ubuntu Linux Apache Software Foundation -- Apache | Off-by-one error in the the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules. |
| 7.0 | CVE-2006-3747 OTHER-REF OTHER-REF CERT-VN UBUNTU BUGTRAQ BUGTRAQ FULLDISC FULLDISC MANDRIVA OPENPKG SUSE BID FRSIRT SECTRACK SECUNIA SECUNIA XF | ||
| X-Scripts -- X-Statistics | SQL injection vulnerability in x-statistics.php in X-Scripts X-Statistics 1.20 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. |
| 7.0 | CVE-2006-3950 FULLDISC BID FRSIRT SECUNIA | ||
| X-Scripts -- X-Statistics | SQL injection vulnerability in protect.php in X-Scripts X-Protection 1.10, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameter. |
| 7.0 | CVE-2006-3959 OTHER-REF BID FRSIRT SECUNIA | ||
| X-Scripts -- X-Poll | SQL injection vulnerability in top.php in X-Scripts X-Poll 1.10 allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-3960 OTHER-REF BID |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Alkacon -- OpenCms | system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to (1) send broadcast messages to all users (/workplace/broadcast), (2) list all users (/accounts/users), (3) add webusers (/accounts/webusers/new), (4) upload database import and export files (/database/importhttp), (5) upload arbitrary program modules (/modules/modules_import), and (6) read the log file (/workplace/logfileview) by setting the appropriate value for the path parameter in a direct request to admin-main.jsp. |
| 4.2 | CVE-2006-3935 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF SECUNIA XF XF XF XF XF XF | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image. |
| 5.6 | CVE-2006-0392 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-complicit attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Zip archive. |
| 6.4 | CVE-2006-3497 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via an "improperly handled condition" that leads to use of "dangerous paths," probably related to an untrusted search path vulnerability. |
| 4.9 | CVE-2006-3500 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image. |
| 5.6 | CVE-2006-3501 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled. |
| 5.6 | CVE-2006-3502 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed GIF image. |
| 5.6 | CVE-2006-3503 APPLE | ||
| Gonafish -- LinksCaffe | SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 5.6 | CVE-2006-3932 SECUNIA | ||
| InterActual Technologies -- InterActual Player | Stack-based buffer overflow in ITIRecorder.MicRecorder ActiveX control in iarecord.dll in InterActual Player before 2.6 allows remote attackers to execute arbitrary code via a long argument to the Files method. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 4.7 | CVE-2006-3925 BID FRSIRT SECUNIA | ||
| InterVations -- FileCOPA | Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before 2006-07-21 allow remote authenticated users to execute arbitrary code via a long argument to the (1) CWD, (2) DELE, (3) MDTM, and (4) MKD commands, which triggers a stack-based buffer overflow. |
| 4.7 | CVE-2006-3768 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
| Joomla! -- Colophon | PHP remote file inclusion vulnerability in administrator/components/com_colophon/admin.colophon.php in Colophon 1.2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 5.6 | CVE-2006-3969 OTHER-REF BID FRSIRT SECUNIA XF | ||
| libTIFF -- libTIFF | Multiple unspecified vulnerabilities in the TIFF library (libtiff) before 3.8.2 have unknown impact and attack vectors related to "multiple unchecked arithmetic operations" including numeric range checks. |
| 4.9 | CVE-2006-3464 DEBIAN | ||
| Mambo -- Mambatstaff | PHP remote file inclusion vulnerability in components/com_mambatstaff/mambatstaff.php in the Mambatstaff 3.1b and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 5.6 | CVE-2006-3947 BUGTRAQ Milw0rm BID SECUNIA | ||
| McAfee -- VirusScan McAfee -- AntiSpyware McAfee -- Wireless Home Network Security McAfee -- Internet Security Suite McAfee -- SpamKiller McAfee -- QuickClean McAfee -- Privacy Service McAfee -- Personal Firewall Plus McAfee -- SecurityCenter | Unspecified vulnerability in McAfee Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, and AntiSpyware allows remote attackers to execute arbitrary commands via unknown vectors. |
| 4.7 | CVE-2006-3961 OTHER-REF BID SECUNIA | ||
| Tuomas Airaksinen -- Midirecord | Buffer overflow in the daemon function in midirecord.cc in Tuomas Airaksinen Midirecord 2.0 allows local users to execute arbitrary code via a long command line argument (filename). NOTE: This may not be a vulnerability if Midirecord is not installed setuid. |
| 4.9 | CVE-2006-3931 BUGTRAQ ECHO BID |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Alkacon -- OpenCms | Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body. |
| 1.4 | CVE-2006-3933 BUGTRAQ OTHER-REF OPENCMS OPENCMS SECUNIA XF | ||
| Alkacon -- OpenCms | Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter. |
| 2.0 | CVE-2006-3934 BUGTRAQ OTHER-REF OPENCMS OPENCMS SECUNIA XF | ||
| Alkacon -- OpenCms | system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp. |
| 1.4 | CVE-2006-3936 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF SECUNIA XF | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang. |
| 3.7 | CVE-2006-0393 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determing names of unauthorized files and folders via unknown vectors related to the search results. |
| 1.9 | CVE-2006-1472 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors. |
| 3.3 | CVE-2006-1473 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users. |
| 1.6 | CVE-2006-3495 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause denial of service (crash) via an invalid AFP request that triggers an unchecked error condition. |
| 3.3 | CVE-2006-3496 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications. |
| 1.6 | CVE-2006-3499 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari. |
| 1.3 | CVE-2006-3504 APPLE | ||
| Banex -- Banex | Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database usernames and passwords. |
| 2.3 | CVE-2006-3965 FULLDISC | ||
| Computer Associates -- eTrust Antivirus WebScan | Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 allows remote attackers to install arbitrary files. |
| 2.3 | CVE-2006-3976 OTHER-REF SECUNIA | ||
| CounterPane -- PasswordSafe | Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the configuration settings for locking the password database when certain dialogue windows are open, which might allow attackers with physical access to obtain the database contents. |
| 1.6 | CVE-2006-3675 BUGTRAQ OTHER-REF BID SECTRACK XF | ||
| Dokeos -- Dokeos | Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 2.3 | CVE-2006-3924 OTHER-REF BID SECUNIA | ||
| Dotclear -- Dotclear | DotClear allows remote attackers to obtain sensitive information via a direct request for (1) edit_cat.php, (2) index.php, (3) edit_link.php in ecrire/tools/blogroll/; (4) syslog/index.php, (5) thememng/index.php, (6) toolsmng/index.php, (7) utf8convert/index.php in /ecrire/tools/; (8) /ecrire/inc/connexion.php and (9) /inc/session.php; (10) class.blog.php, (11) class.blogcomment.php, (12) and class.blogpost.php in /inc/classes/; (13) append.php, (14) class.xblog.php, (15) class.xblogcomment.php, and (16) class.xblogpost.php in /layout/; (17) form.php, (18) list.php, (19) post.php, or (20) template.php in /themes/default/, which reveal the installation path in error messages. |
| 2.3 | CVE-2006-3938 BUGTRAQ | ||
| Fire-Mouse -- Toplist | Cross-site scripting (XSS) vulnerability in add.php in Fire-Mouse Toplist 1.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the Seitenname parameter. |
| 1.9 | CVE-2006-3923 BUGTRAQ OTHER-REF FRSIRT SECUNIA | ||
| GnuPG -- GnuPG | Buffer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message. |
| 2.3 | CVE-2006-3746 MLIST OTHER-REF BID | ||
| libTIFF -- libTIFF | The TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via unknown vectors that trigger an infinite loop. |
| 3.3 | CVE-2006-3463 DEBIAN | ||
| Linux -- Linux kernel | The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic functions in Linux kernel 2.6.17-rc4 to 2.6.18-rc2 performs the atomic futex operation with user space addresses instead of kernel space addresses, which allows local users to cause a denial of service (crash). |
| 1.6 | CVE-2006-3634 OTHER-REF | ||
| Microsoft -- Windows 2000 Microsoft -- Windows Server 2003 Microsoft -- Windows XP | The server driver (srv.sys) in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet on an SMB PIPE that triggers a null dereference. |
| 2.3 | CVE-2006-3942 ISS OTHER-REF OTHER-REF BID XF FRSIRT SECTRACK SECUNIA | ||
| Microsoft -- Internet Explorer | Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties. |
| 1.9 | CVE-2006-3943 BLOGSPOT BID OSVDB XF | ||
| Microsoft -- Internet Explorer | Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference. |
| 2.3 | CVE-2006-3944 BLOGSPOT FRSIRT | ||
| Mozilla -- SeaMonkey Mozilla -- Firefox Mozilla -- Thunderbird | Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links. |
| 1.9 | CVE-2006-3812 OTHER-REF BID SECTRACK SECTRACK SECUNIA SECUNIA SECUNIA OTHER-REF BUGTRAQ REDHAT UBUNTU UBUNTU CERT-VN SECUNIA XF | ||
| MyBB -- MyBB | Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. |
| 2.3 | CVE-2006-3953 BUGTRAQ BID | ||
| MyBB -- MyBB | Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action. |
| 2.3 | CVE-2006-3954 BUGTRAQ BID | ||
| Opera Software -- Opera Web Browser | The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption. |
| 2.3 | CVE-2006-3945 BLOGSPOT FRSIRT OSVDB XF | ||
| PHP Pro Bid -- PHP Pro Bid | Cross-site scripting (XSS) vulnerability in auctionsearch.php in PhpProBid 5.24 allows remote attackers to inject arbitrary web script or HTML via the advsrc parameter. |
| 2.3 | CVE-2006-3927 BUGTRAQ BID OSVDB SECTRACK SECUNIA XF | ||
| PHP-Nuke -- INP | Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke INP allows remote attackers to inject arbitrary web script or HTML via the query parameter. |
| 2.3 | CVE-2006-3948 BUGTRAQ BID | ||
| PKR Internet -- Taskjitsu | Multiple unspecified cross-site scripting (XSS) vulnerabilities in Taskjitsu 2.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 2.3 | CVE-2006-3958 OTHER-REF FRSIRT SECUNIA | ||
| Scott Weedon -- Ajax Chat | Cross-site scripting (XSS) vulnerability in visitor/livesupport/chat.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to inject arbitrary web script or HTML via the userid parameter. |
| 2.3 | CVE-2006-3971 FULLDISC BID FRSIRT SECUNIA XF | ||
| Scott Weedon -- Ajax Chat | Directory traversal vulnerability in includes/operator_chattranscript.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to read arbitrary files via a .. (dot dot) in the chatid parameter. |
| 2.3 | CVE-2006-3972 FULLDISC BID FRSIRT SECUNIA XF | ||
| Sun -- Solaris | The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm. |
| 2.3 | CVE-2006-3920 SUNALERT FRSIRT SECTRACK SECUNIA XF | ||
| Sun -- Java System Application Server Sun -- Java Web Server Sun -- Java System Web Server | Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI. |
| 1.4 | CVE-2006-3921 SUNALERT BID SECTRACK SECTRACK FRSIRT SECUNIA | ||
| Sun -- Solaris | The crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01, when running on Sun Fire T2000 platforms, incorrectly verifies a DSA signature, which might prevent applications from detecting that the data has been modified. |
| 2.3 | CVE-2006-3968 SUNALERT | ||
| Tamarack Consulting -- Tamarack MMSd | Tamarack MMSd before 7.992 allows remote attackers to cause a denial of service (crash) via malformed RFC1006 (OSI over TCP/IP) packets. |
| 2.3 | CVE-2006-1178 OTHER-REF CERT-VN XF BID | ||
| Total Online Solutions -- Advanced Webhost Billing System | Multiple cross-site scripting (XSS) vulnerabilities in contact.php in Advanced Webhost Billing System (AWBS) 2.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) AccountUsername and (3) Message parameters. |
| 2.3 | CVE-2006-3956 BUGTRAQ SECUNIA | ||
| VMWare -- ESX Server | VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.3 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619). |
| 2.3 | CVE-2006-2481 OTHER-REF | ||
| xGuestBook -- xGuestBook | post.php in x_atrix xGuestBook 1.02 allows remote attackers to obtain sensitive information via a request without the (1) user, (2) mail, (3) p, or (4) url parameter, which reveals the installation path in an error message. |
| 2.3 | CVE-2006-3937 BUGTRAQ XF | ||
| ZyXEL Prestige -- 660H-61 ADSL Router | Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter. |
| 2.3 | CVE-2006-3929 BUGTRAQ OTHER-REF BID FRSIRT SECTRACK SECUNIA XF |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.