Vulnerability Summary for the Week of August 7, 2006
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Ageet -- AGEphone | Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 allows remote attackers to execute arbitrary code via a crafted UDP SIP packet. |
| 7.0 | CVE-2006-4029 BUGTRAQ FULLDISC OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
Archangel Management -- Archangel Weblog | Multiple cross-site scripting (XSS) vulnerabilities in Archangel Management Archangel Weblog 0.90.02 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Comment section. |
| 7.0 | CVE-2006-4091 BUGTRAQ BID SECTRACK XF | ||
Barracuda Networks -- Barracuda Spam Firewall | Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin password. |
| 7.0 | CVE-2006-4001 BUGTRAQ BID XF | ||
Barracuda Networks -- Barracuda Spam Firewall | preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000. |
| 7.0 | CVE-2006-4081 BUGTRAQ BUGTRAQ | ||
Barracuda Networks -- Barracuda Spam Firewall | Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges. |
| 7.0 | CVE-2006-4082 BUGTRAQ | ||
Brad Fears -- phpCodeCabinet | PHP remote file inclusion vulnerability in Beautifier/Core.php in Brad Fears phpCodeCabinet 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the BEAUT_PATH parameter. |
| 7.0 | CVE-2006-4044 FULLDISC OTHER-REF BID FRSIRT SECUNIA | ||
CakePHP -- CakePHP | Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 ("Not Found") error page. NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2006-4067 OTHER-REF SECUNIA | ||
CivicSpace -- CivicSpace | Multiple cross-site scripting (XSS) vulnerabilities in CivicSpace 0.8.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject, (2) Comment, and (3) Add new comment sections. |
| 7.0 | CVE-2006-4088 BUGTRAQ BID | ||
Clam Anti-Virus -- ClamAV | Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values. |
| 7.0 | CVE-2006-4018 OTHER-REF CLAMAV GENTOO MANDRIVA BID FRSIRT SECUNIA SECUNIA SECUNIA | ||
Comet -- Comet Webfile Manager | PHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo Valvano Comet WebFileManager (CWFM) 0.9.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the Language parameter. |
| 7.0 | CVE-2006-4077 OTHER-REF BID FRSIRT SECUNIA | ||
Computer Associates -- eTrust Antivirus WebScan | Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote attackers to execute arbitrary code due to "improper bounds checking when processing certain user input." |
| 7.0 | CVE-2006-3975 OTHER-REF SECUNIA | ||
Computer Associates -- eTrust Antivirus WebScan | Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 has unknown impact and remote attackers related to "improper processing of outdated WebScan components." |
| 7.0 | CVE-2006-3977 OTHER-REF SECUNIA | ||
CounterChaos -- CounterChaos | SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header. |
| 7.0 | CVE-2006-4035 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA | ||
Csaba Godor -- SAPID Blog Beta 2 | Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_blog_infochannel.inc.php, (b) usr/extensions/get_blog_meta_info.inc.php, or (c) usr/extensions/get_infochannel.inc.php; or the (2) GLOBALS[root_path] parameter to (d) usr/extensions/get_tree.inc.php. |
| 7.0 | CVE-2006-4063 OTHER-REF FRSIRT XF | ||
David Walker -- phpAutoMembersArea | PHP remote file inclusion vulnerability in auto_check_renewals.php in phpAutoMembersArea (phpAMA) 3.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter. |
| 7.0 | CVE-2006-4050 BUGTRAQ OTHER-REF BID | ||
DeluxeBB -- DeluxeBB | pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter. |
| 7.0 | CVE-2006-4078 BUGTRAQ BID FRSIRT SECUNIA XF | ||
DeluxeBB -- DeluxeBB | Cross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB 1.08, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the subject parameter (aka the topic title field). |
| 7.0 | CVE-2006-4079 BUGTRAQ BID XF | ||
Ehmig -- ME Download System | Multiple PHP remote file inclusion vulnerabilities in ME Download System 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) Vb8878b936c2bd8ae0cab parameter to (a) inc/sett_style.php or (b) inc/sett_smilies.php; or the (2) Vb6c4d0e18a204a63b38f, (3) V18a78b93c3adaaae84e2, or (4) V9ae5d2ca9e9e787969ff parameters to (c) inc/datei.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-4054 FRSIRT SECUNIA | ||
Ekilat LLC -- php(Reactor) | PHP remote file inclusion vulnerability in editprofile.php in php(Reactor) 1.27pl1 allows remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter. |
| 7.0 | CVE-2006-3983 OTHER-REF BID FRSIRT XF | ||
Fenestrae -- Faxination Server | Unspecified vulnerability in Fenestrae Faxination Server allows remote attackers to execute arbitrary code via a crafted packet. |
| 7.0 | CVE-2006-4037 OTHER-REF BID FRSIRT SECUNIA | ||
GaesteChaos -- GaesteChaos | Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gastname or (2) gastwohnort parameters. |
| 7.0 | CVE-2006-4038 FULLDISC BID FRSIRT SECUNIA | ||
Gianluca Baldo -- Phpauction phpAdsNew -- phpAdsNew | PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in Albasoftware Phpauction 2.1 and possibly later versions, with phpAdsNew 2.0.5, allows remote attackers to execute arbitrary PHP code via a URL in the phpAds_path parameter. |
| 7.0 | CVE-2006-3984 BUGTRAQ OTHER-REF OTHER-REF BID XF | ||
IBM -- Informix IDS | Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username. |
| 7.0 | CVE-2006-3853 IBM BID FRSIRT SECUNIA XF | ||
IBM -- Informix Dynamic Database Server | Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, (c) _sq_remperms, (d) _sq_distfetch, and (e) _sq_dcatalog; and the (2) SET DEBUG FILE, (3) IFX_FILE_TO_FILE, (4) FILETOCLOB, (5) LOTOFILE, and (6) DBINFO functions (product defect IDs 171649, 171367, 171387, 171391, 171906, 172179). |
| 7.0 | CVE-2006-3857 OTHER-REF BID FRSIRT SECUNIA XF XF XF XF XF XF | ||
IBM -- Informix IDS | Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable). |
| 7.0 | CVE-2006-3862 IBM | ||
Jetbox -- Jetbox CMS | Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the administrator section. |
| 7.0 | CVE-2006-3583 BUGTRAQ OTHER-REF SECUNIA | ||
Jetbox -- CMS | Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables. |
| 7.0 | CVE-2006-3584 BUGTRAQ SECUNIA SECUNIA | ||
Jetbox -- Jetbox CMS | Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the (1) login parameter in admin/cms/index.php, (2) unspecified parameters in the "Supply news" page in formmail.php, (3) the URL in the "Site statistics" page, and the (5) query_string parameter when performing a search. |
| 7.0 | CVE-2006-3585 BUGTRAQ OTHER-REF SECUNIA | ||
Jetbox -- Jetbox CMS | SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) view parameter in index.php, and the (3) login parameter in admin/cms/index.php. |
| 7.0 | CVE-2006-3586 BUGTRAQ OTHER-REF SECUNIA | ||
Knusperleicht -- Quickie | PHP remote file inclusion vulnerability in quickie.php in Knusperleicht Quickie, probably 0.2, allows remote attackers to execute arbitrary PHP code via a URL in the QUICK_PATH parameter. |
| 7.0 | CVE-2006-3982 BUGTRAQ BID | ||
Knusperleicht -- Newsletter | PHP remote file inclusion vulnerability in index.php in Knusperleicht Newsletter 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NL_PATH parameter. |
| 7.0 | CVE-2006-3986 BUGTRAQ Milw0rm BID FRSIRT SECUNIA XF | ||
Knusperleicht -- Guestbook | PHP remote file inclusion vulnerability in index.php in Knusperleicht Guestbook 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the GB_PATH parameter. |
| 7.0 | CVE-2006-4007 BUGTRAQ BID XF | ||
Knusperleicht -- Faq | PHP remote file inclusion vulnerability in index.php in Knusperleicht Faq 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the faq_path parameter. |
| 7.0 | CVE-2006-4008 BUGTRAQ BID XF | ||
Macromedia -- ColdFusion MX | The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator. |
| 7.0 | CVE-2006-3979 ADOBE | ||
Mambo -- Mambo Gallery Manager | PHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-3980 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
Mambo -- Mambo Gallery Manager | PHP remote file inclusion vulnerability in about.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-3981 FRSIRT XF | ||
Microsoft -- Hyperlink Object Library | Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability." |
| 7.0 | CVE-2006-3438 MS CERT CERT-VN | ||
Microsoft -- Windows 2000 Microsoft -- Windows Server 2003 Microsoft -- Windows XP | Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314. |
| 10.0 | CVE-2006-3439 MS CERT CERT-VN FRSIRT SECUNIA | ||
Microsoft -- Windows 2000 Microsoft -- Windows Server 2003 Microsoft -- Windows XP | Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability." |
| 10.0 | CVE-2006-3440 MS CERT CERT-VN | ||
Microsoft -- Windows 2000 Microsoft -- Windows Server 2003 Microsoft -- Windows XP | Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. |
| 10.0 | CVE-2006-3441 MS CERT CERT-VN | ||
Microsoft -- Windows 2000 | Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer." |
| 7.0 | CVE-2006-3444 MS BID | ||
Microsoft -- PowerPoint | Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability." |
| 7.0 | CVE-2006-3449 MS CERT CERT-VN BUGTRAQ OTHER-REF | ||
Microsoft -- Internet Explorer | Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file. |
| 7.0 | CVE-2006-3450 MS CERT-VN BID CERT BUGTRAQ OTHER-REF FRSIRT SECUNIA | ||
Microsoft -- Internet Explorer | Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors. |
| 7.0 | CVE-2006-3451 MS CERT CERT-VN BUGTRAQ OTHER-REF FRSIRT SECUNIA | ||
Microsoft -- Internet Explorer | Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." |
| 7.0 | CVE-2006-3637 MS CERT CERT-VN FRSIRT SECUNIA | ||
Microsoft -- Internet Explorer | Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, aka "COM Object Instantiation Memory Corruption Vulnerability." |
| 7.0 | CVE-2006-3638 MS FRSIRT SECUNIA | ||
Microsoft -- Internet Explorer | Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability." |
| 7.0 | CVE-2006-3639 MS CERT CERT-VN FRSIRT SECUNIA | ||
Microsoft -- Windows 2000 Microsoft -- Windows Server 2003 Microsoft -- Windows XP | Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception." |
| 7.0 | CVE-2006-3648 MS CERT CERT-VN FRSIRT | ||
MIT -- Kerberos 5 | The (1) ftpd and (2) ksu programs in MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues. |
| 10.0 | CVE-2006-3084 OTHER-REF CERT-VN | ||
Mitch Murray -- Eremove | Buffer overflow in the preview_create function in gui.cpp in Mitch Murray Eremove 1.4 allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a large email attachment. |
| 7.0 | CVE-2006-4057 BUGTRAQ OTHER-REF BID SECTRACK | ||
ModernGigabyte -- ModernBill | PHP remote file inclusion vulnerability in include/html/config.php in ModernGigabyte ModernBill 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the DIR parameter. |
| 7.0 | CVE-2006-4034 BUGTRAQ OTHER-REF BID XF | ||
myWebland -- myEvent | PHP remote file inclusion vulnerability in viewevent.php in myWebland myEvent 1.x allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter, a different vector than CVE-2006-4040. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-4083 FRSIRT SECUNIA | ||
Netious CMS -- Netious CMS | Netious CMS 0.4 initializes session IDs based on the client IP address, which allows remote attackers to gain access to the administration section when originating from the same IP address as the administrator. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 10.0 | CVE-2006-4048 FRSIRT SECUNIA | ||
Novell -- GroupWise WebAccess | Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the "+ADw-SCRIPT+AD4-" sequence. |
| 7.0 | CVE-2006-3817 FULLDISC INFOBYTE NOVELL NOVELL FRSIRT SECUNIA XF | ||
OZJournals -- OZJournals | Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-4086 FRSIRT SECUNIA | ||
phpCC -- phpCC | Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz phpCC Beta 4.2 allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) login.php, (2) reactivate.php, or (3) register.php. |
| 7.0 | CVE-2006-4073 BUGTRAQ Milw0rm BID FRSIRT XF | ||
PHPSavant -- Savant2 | Multiple PHP remote file inclusion vulnerabilities in Paul M. Jones Savant2, possibly when used with the com_mtree component for Mambo and Joomla!, allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) Savant2_Plugin_stylesheet.php, (2) Savant2_Compiler_basic.php, (3) Savant2_Error_pear.php, (4) Savant2_Error_stack.php, (5) Savant2_Filter_colorizeCode.php, (6) Savant2_Filter_trimwhitespace.php, (7) Savant2_Plugin_ahref.php, (8) Savant2_Plugin_ahrefcontact.php, (9) Savant2_Plugin_ahreflisting.php, (10) Savant2_Plugin_ahreflistingimage.php, (11) Savant2_Plugin_ahrefmap.php, (12) Savant2_Plugin_ahrefownerlisting.php, (13) Savant2_Plugin_ahrefprint.php, (14) Savant2_Plugin_ahrefrating.php, (15) Savant2_Plugin_ahrefrecommend.php, (16) Savant2_Plugin_ahrefreport.php, (17) Savant2_Plugin_ahrefreview.php, (18) Savant2_Plugin_ahrefvisit.php, (19) Savant2_Plugin_checkbox.php, (20) Savant2_Plugin_cycle.php, (21) Savant2_Plugin_dateformat.php, (22) Savant2_Plugin_editor.php, (23) Savant2_Plugin_form.php, (24) Savant2_Plugin_image.php, (25) Savant2_Plugin_input.php, (26) Savant2_Plugin_javascript.php, (27) Savant2_Plugin_listalpha.php, (28) Savant2_Plugin_listingname.php, (29) Savant2_Plugin_modify.php, (30) Savant2_Plugin_mtpath.php, (31) Savant2_Plugin_options.php, (32) Savant2_Plugin_radios.php, (33) Savant2_Plugin_rating.php, or (34) Savant2_Plugin_textarea.php. |
| 7.0 | CVE-2006-3990 BUGTRAQ BID SECTRACK XF | ||
Pike -- Pike | SQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors. |
| 7.0 | CVE-2006-4041 PIKE GENTOO BID FRSIRT SECUNIA SECUNIA XF | ||
Thomas Pequet -- phpPrintAnalyzer | PHP remote file inclusion vulnerability in index.php in Thomas Pequet phpPrintAnalyzer 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the rep_par_rapport_racine parameter. |
| 7.0 | CVE-2006-4061 BUGTRAQ BID | ||
Torbstoff -- Torbstoff News | PHP remote file inclusion vulnerability in news.php in Torbstoff News 4 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter. |
| 7.0 | CVE-2006-4045 OTHER-REF FRSIRT SECUNIA | ||
Turnkey Web Tools -- PHP Live Helper | PHP remote file inclusion vulnerability in global.php in Turnkey Web Tools PHP Live Helper 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter. |
| 7.0 | CVE-2006-4051 BUGTRAQ ECHO Milw0rm BID SECTRACK | ||
Turnkey Web Tools -- PHP Simple Shop | Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Simple Shop 2.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) admin/index.php, (2) admin/adminindex.php, (3) admin/adminglobal.php, (4) admin/login.php, (5) admin/menu.php or (6) admin/header.php. |
| 7.0 | CVE-2006-4052 OTHER-REF OTHER-REF SECUNIA | ||
User Home Pages -- User Home Pages | Multiple PHP remote file inclusion vulnerabilities in (1) uhp_config.php, and possibly (2) footer.php, (3) functions.php, (4) install.uhp.php, (5) toolbar.uhp.html.php, (6) uhp.class.php, and (7) uninstall.uhp.php, in the UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo or Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-3995 OTHER-REF OTHER-REF BID FRSIRT OSVDB OSVDB SECUNIA XF | ||
USolved -- NEWSolved Lite | Multiple PHP remote file inclusion vulnerabilities in USOLVED NEWSolved Lite 1.9.2, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) newsscript_lyt.php, (2) newsticker/newsscript_get.php, (3) inc/output/news_theme1.php, (4) inc/output/news_theme2.php, or (5) inc/output/news_theme3.php. |
| 7.0 | CVE-2006-4059 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
Voc-Project -- Voodoo Chat | PHP remote file inclusion vulnerability in index.php in Vlad Vostrykh Voodoo chat 1.0RC1b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_path parameter. |
| 7.0 | CVE-2006-3991 Milw0rm BID FRSIRT | ||
VWar -- Virtual War | SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. |
| 7.0 | CVE-2006-4010 BUGTRAQ BID | ||
Web-Scripts -- Visual Events Calendar | PHP remote file inclusion vulnerability in calendar.php in Visual Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_dir parameter. |
| 7.0 | CVE-2006-4060 BUGTRAQ OTHER-REF BID SECTRACK SECUNIA | ||
Webligo -- BlogHoster | Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 allows remote attackers to inject arbitrary web script or HTML via the "From: part of the comment post." |
| 7.0 | CVE-2006-4090 BUGTRAQ | ||
WoWRoster -- WoWRoster | PHP remote file inclusion vulnerability in hsList.php in WoWRoster (aka World of Warcraft Roster) 1.5.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter. |
| 7.0 | CVE-2006-3997 BUGTRAQ OTHER-REF BID XF SECUNIA | ||
WoWRoster -- WoWRoster | PHP remote file inclusion vulnerability in conf.php in WoWRoster (aka World of Warcraft Roster) 1.5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter. |
| 7.0 | CVE-2006-3998 OTHER-REF OTHER-REF BID FRSIRT XF | ||
XennoBB -- XennoBB | SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year parameters in the personal section. |
| 7.0 | CVE-2006-4025 BUGTRAQ BID | ||
XMB Software -- XMB Forum | SQL injection vulnerability in the u2u_send_recp function in u2u.inc.php in XMB (aka extreme message board) 1.9.6 Alpha and earlier allows remote attackers to execute arbitrary SQL commands via the u2uid parameter to u2u.php, which is directly accessed from $_POST and bypasses the protection scheme. |
| 7.0 | CVE-2006-3994 OTHER-REF BID FRSIRT SECUNIA | ||
YenerTurk -- YenerTurk Haber Script | SQL injection vulnerability in default.asp in YenerTurk Haber Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2006-4064 OTHER-REF BID FRSIRT SECUNIA | ||
ZoneMetrics -- ZoneX Publishers Gold Edition | PHP remote file inclusion vulnerability in includes/usercp_register.php in ZoneMetrics ZoneX Publishers Gold Edition 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| 7.0 | CVE-2006-4036 BUGTRAQ BID FRSIRT SECUNIA |
Medium Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Adaptive Technology Resource Centre -- ATutor | SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters. |
| 4.2 | CVE-2006-3996 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
Apple -- Mac OS X Server Apple -- Mac OS X | The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types. |
| 5.6 | CVE-2006-0395 OTHER-REF APPLE | ||
ChaosSoft -- GaesteChaos | Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) gastname, (2) gastwohnort, or (3) gasteintrag parameters. |
| 4.7 | CVE-2006-4039 FULLDISC BID FRSIRT SECUNIA | ||
Club-Nuke -- Club-Nuke | Multiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0 LCID 2048 allow remote attackers to execute arbitrary SQL commands via the (1) haber_id parameter to haber_detay.asp, and allow remote authenticated users to execute arbitrary SQL commands via the (2) menu_id parameter to menu.asp. |
| 4.2 | CVE-2006-4072 Milw0rm SECUNIA | ||
ConeXware -- PowerArchiver | Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware PowerArchiver 9.62.03 allows user-assisted attackers to execute narbitrary code by adding a new file to a crafted ZIP archive that already contains a file with a long name. |
| 5.6 | CVE-2006-3985 BUGTRAQ OTHER-REF POWERARCHIVER FRSIRT SECTRACK SECUNIA XF | ||
David Walker -- phpAutoMembersArea | Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 has unknown impact and attack vectors, related to "a potential security exploit which is critical." |
| 4.9 | CVE-2006-4084 OTHER-REF | ||
Dmitry Sheiko -- SAPID Shop | PHP remote file inclusion vulnerability in usr/extensions/get_tree.inc.php in Dmitry Sheiko SAPID Shop 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_path] parameter. |
| 5.6 | CVE-2006-4062 OTHER-REF FRSIRT SECUNIA XF | ||
Dmitry Sheiko -- SAPID Gallery | Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko SAPID Gallery 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_calendar.inc.php or the (2) GLOBALS[root_path] parameter to (b) usr/extensions/get_tree.inc.php. |
| 5.6 | CVE-2006-4065 OTHER-REF FRSIRT SECUNIA XF | ||
Ehmig -- ME Download System | PHP remote file inclusion vulnerability in templates/header.php in ME Download System 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the Vb8878b936c2bd8ae0cab parameter. |
| 5.6 | CVE-2006-4053 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
Festalon -- Festalon | The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr value in a HES file, which is used as an offset in a memcpy operation and leads to a buffer underflow. |
| 5.6 | CVE-2006-4024 OTHER-REF FRSIRT SECUNIA | ||
IBM -- Informix IDS | Unspecified vulnerability in IBM Informix Dynamic Server (IDS) allows attackers to execute arbitrary C code via unspecified vectors involving the "C code UDR." |
| 4.9 | CVE-2006-3855 IBM | ||
Imendio Planner -- Imendio Planner | Format string vulnerability in Imendio Planner 0.13 allows user-assisted attackers to execute arbitrary code via format string specifiers in a filename. |
| 5.6 | CVE-2006-4070 BUGTRAQ | ||
Intel -- 2915ABG PROSet/Wireless Intel -- 2200BG PROSet/Wireless | Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption. |
| 5.6 | CVE-2006-3992 INTEL FRSIRT CERT-VN SECTRACK BID | ||
Intel -- 2100 PROSet/Wireless | Intel 2100 PRO/Wireless Network Connection driver PROSet before 7.1.4.6 allows local users to corrupt memory and execute code via "requests for capabilities from higher-level protocol drivers or user-level applications" involving crafted frames, a different issue than CVE-2006-3992. |
| 4.9 | CVE-2006-4022 OTHER-REF FRSIRT SECTRACK | ||
Internet Security Systems -- BlackICE PC Protection | ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor the integrity of the pamversion.dll BlackICE library, which allows local users to subvert BlackICE by replacing pamversion.dll. NOTE: in most cases, the attack would not cross privilege boundaries because replacing pamversion.dll requires administrative privileges. However, this issue is a vulnerability because BlackICE is intended to protect against certain rogue privileged actions. |
| 4.9 | CVE-2006-3999 BUGTRAQ | ||
Joomla! -- JD-Wiki | PHP remote file inclusion vulnerability in lib/tpl/default/main.php in the JD-Wiki Component (com_jd-wiki) 1.0.2 and earlier for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 5.6 | CVE-2006-4074 Milw0rm JOOMLA! BID FRSIRT SECUNIA XF | ||
Knusperleicht -- FileManager | Multiple PHP remote file inclusion vulnerabilities in index.php in Knusperleicht FileManager 1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) dwl_download_path or (2) dwl_include_path parameters. |
| 5.6 | CVE-2006-3987 BUGTRAQ Milw0rm BID FRSIRT SECUNIA | ||
Knusperleicht -- newsReporter | PHP remote file inclusion vulnerability in index.php in Knusperleicht newsReporter 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the news_include_path parameter. |
| 5.6 | CVE-2006-3988 BUGTRAQ Milw0rm BID FRSIRT SECUNIA XF | ||
Knusperleicht -- Shoutbox | PHP remote file inclusion vulnerability in index.php in Knusperleicht Shoutbox 4.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sb_include_path parameter. |
| 5.6 | CVE-2006-3989 BUGTRAQ Milw0rm BID FRSIRT SECUNIA | ||
Lhaplus -- Lhaplus | Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LZH archive with a long header, as specified by the extendedHeaderSize. |
| 5.6 | CVE-2006-4033 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
Microsoft -- Windows 2000 | Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability." |
| 5.6 | CVE-2006-3443 MS BID FRSIRT SECUNIA | ||
Microsoft -- Internet Explorer | Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability." |
| 4.2 | CVE-2006-3643 MS CERT CERT-VN | ||
Microsoft -- Visual Basic for Applications SDK | Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents. |
| 5.6 | CVE-2006-3649 MS CERT CERT-VN | ||
MIT -- Kerberos 5 | The (1) krshd and (2) v4rcp applications in MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion. |
| 6.0 | CVE-2006-3083 OTHER-REF CERT-VN REDHAT | ||
mojoscripts.com -- mojoGallery | Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 4.7 | CVE-2006-4087 FRSIRT SECUNIA | ||
myWebland -- myEvent | PHP remote file inclusion vulnerability in myevent.php in myWebland myEvent 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter. |
| 4.7 | CVE-2006-4040 OTHER-REF BID FRSIRT SECUNIA | ||
myWebland -- myBloggie | Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute abitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters. |
| 4.7 | CVE-2006-4042 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA | ||
Netious CMS -- Netious CMS | SQL injection vulnerability in index.php in Netious CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 4.7 | CVE-2006-4047 FRSIRT SECUNIA | ||
Novell -- Groupwise WebAccess | Cross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter. |
| 4.7 | CVE-2006-3818 OTHER-REF OTHER-REF FRSIRT SECUNIA XF | ||
Olaf Noehring -- The Search Engine Project | PHP remote file inclusion vulnerability in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to pagenavigation.php, a different vector than CVE-2006-4055. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 4.7 | CVE-2006-4085 SECUNIA | ||
Open Cubic Player -- Open Cubic Player | Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function. |
| 4.7 | CVE-2006-4046 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA XF XF XF XF | ||
PC Tools -- PC Tools AntiVirus | PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the "PC Tools AntiVirus" directory, which allows local users to gain privileges and execute commands. |
| 4.9 | CVE-2006-3114 BUGTRAQ SECUNIA BID FRSIRT SECTRACK SECUNIA XF | ||
PHP -- PHP | scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read. |
| 4.9 | CVE-2006-4020 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
SAPID -- SAPID CMS | PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter in usr/extensions/get_infochannel.inc.php and the (2) GLOBALS["root_path"] parameter in usr/extensions/get_tree.inc.php. |
| 5.6 | CVE-2006-4026 BUGTRAQ BID OTHER-REF FRSIRT SECUNIA XF | ||
SaveWebPortal -- SaveWebPortal | Multiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb Portal 3.4 allow remote attackers to execute arbitrary PHP code via a URL in the SITE_Path parameter to (1) poll/poll.php or (2) poll/view_polls.php. NOTE: the menu_dx.php vector is already covered by CVE-2005-2687. |
| 5.6 | CVE-2006-4012 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
Symantec -- Brightmail AntiSpam | Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in (1) DATABLOB-GET and (2) DATABLOB-SAVE requests. |
| 4.7 | CVE-2006-4013 OTHER-REF FRSIRT SECTRACK SECUNIA | ||
The Address Book Reloaded -- The Address Book Reloaded The Address Book -- The Address Book | Multiple SQL injection vulnerabilities in the authentication process in katzlbt (a) The Address Book 1.04e and earlier and (b) The Address Book Reloaded before 2.0-rc4 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. NOTE: portions of these details are obtained from third party information. |
| 5.6 | CVE-2006-4056 OTHER-REF FRSIRT SECUNIA SECUNIA | ||
TSEP -- TSEP | PHP remote file inclusion vulnerability in copyright.php in Olaf Noehring The Search Engine Project (TSEP) 0.942 allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter. |
| 5.6 | CVE-2006-3993 BUGTRAQ OTHER-REF Milw0rm SOURCEFORGE BID FRSIRT SECUNIA XF SECTRACK | ||
TSEP -- TSEP | Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to (1) include/colorswitch.php, (2) contentimages.class.php, (3) ipfunctions.php, (4) configfunctions.php, (5) printpagedetails.php, or (6) log.class.php. NOTE: the copyright.php vector is already covered by CVE-2006-3993. |
| 5.6 | CVE-2006-4055 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID SECUNIA | ||
vbPortal -- vbPortal | Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php. |
| 4.7 | CVE-2006-4004 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
Wim Fleischhauer -- docpile:we | Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/folder.class.php, (2) lib/email.inc.php, (3) lib/document.class.php or (4) lib/auth.inc.php. |
| 5.6 | CVE-2006-4075 BUGTRAQ Milw0rm SECUNIA XF | ||
Wim Fleischhauer -- docpile:we | Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/access.inc.php, (2) lib/folders.inc.php, (3) lib/init.inc.php or (4) lib/templates.inc.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 5.6 | CVE-2006-4076 SECUNIA | ||
WordPress -- WordPress | Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. |
| 4.9 | CVE-2006-4028 OTHER-REF BID FRSIRT SECUNIA |
Low Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Andy Lo-A-Foe -- AlsaPlayer | Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c. |
| 2.3 | CVE-2006-4089 BUGTRAQ BID | ||
Barracuda Networks -- Barracuda Spam Firewall | Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. |
| 1.4 | CVE-2006-4000 BUGTRAQ BID | ||
BomberClone -- BomberClone | BomberClone 0.11.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via (1) a certain malformed PKGF_ackreq packet, which triggers a crash in the rscache_add() function in pkgcache.c; and (2) an error packet, which is intended to be received by clients and force client shutdown, but also triggers server shutdown. |
| 2.3 | CVE-2006-4005 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF XF | ||
BomberClone -- BomberClone | The do_gameinfo functionin BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory. |
| 2.3 | CVE-2006-4006 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
Cisco -- CallManager Express | Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417. |
| 2.3 | CVE-2006-4032 BLACKHAT CISCO BID FRSIRT SECTRACK SECUNIA XF | ||
DeluxeBB -- DeluxeBB | DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 hash of a password, which allows remote attackers to gain privileges by sniffing or cross-site scripting (XSS) and conduct password guessing attacks. |
| 1.9 | CVE-2006-4080 BUGTRAQ | ||
Drupal -- Drupal | Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information. |
| 2.3 | CVE-2006-4002 DRUPAL FRSIRT SECUNIA | ||
Hobbit Monitor -- Hobbit Monitor | The config method in Henrik Storner Hobbit monitor before 4.1.2p2 permits access to files outside of the intended configuration directory, which allows remote attackers to obtain sensitive information via requests to the hobbitd daemon on port 1984/tcp. |
| 2.3 | CVE-2006-4003 BUGTRAQ SOURCEFORGE BID FRSIRT SECUNIA XF | ||
HP -- Procurve Switch | Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with software before K.11.33 allow remote attackers to cause a denial of service (possibly memory leak or system crash) via unknown vectors. |
| 2.3 | CVE-2006-4015 HP BID FRSIRT SECTRACK SECUNIA | ||
IBM -- Informix IDS | IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors. |
| 1.6 | CVE-2006-3856 IBM BID FRSIRT SECUNIA XF | ||
IBM -- Informix IDS | IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772). |
| 1.6 | CVE-2006-3858 IBM BID FRSIRT SECUNIA XF | ||
IBM -- Informix IDS | IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases. |
| 2.0 | CVE-2006-3861 IBM BID FRSIRT SECUNIA XF | ||
Inter Network Marketing AG -- G3 Content management System | Cross-site scripting (XSS) vulnerability in the search module in Inter Network Marketing (INM) CMS G3 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter. |
| 2.3 | CVE-2006-4017 FULLDISC BID SECUNIA FRSIRT | ||
ISC -- DHCP server | The supersede_lease function in memory.c in ISC DHCP server 2.0pl5 allows remote attackers to cause a denial of service (application crash) via a DHCPDISCOVER packet with a 32 byte client-identifier, which causes the packet to be interpreted as a corrupt uid and causes the server to exit with "corrupt lease uid." |
| 2.3 | CVE-2006-3122 DEBIAN DEBIAN FRSIRT SECUNIA SECUNIA | ||
Kayako -- eSupport | PHP remote file inclusion vulnerability in esupport/admin/autoclose.php in Kayako eSupport 2.3.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the subd parameter. |
| 1.9 | CVE-2006-4011 OTHER-REF BID SECUNIA XF | ||
Matt Blaze -- Cryptographic File System | Multiple integer overflows in the (1) dodecrypt and (2) doencrypt functions in cfs_fh.c in cfsd in Matt Blaze Cryptographic File System (CFS) 1.4.1 before Debian GNU/Linux package 1.4.1-17 allow local users to cause a denial of service (daemon crash) by appending data to a file that is larger than 2 Gb. |
| 1.6 | CVE-2006-3123 OTHER-REF DEBIAN BID FRSIRT SECUNIA SECUNIA | ||
Microsoft -- Internet Explorer | Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability." |
| 2.3 | CVE-2006-3640 MS FRSIRT SECUNIA | ||
Microsoft -- Windows XP | The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messenger, and (3) .jpg file that crashes Internet Explorer. NOTE: another researcher has not been able to reproduce this issue. |
| 1.9 | CVE-2006-4066 BUGTRAQ BUGTRAQ FRSIRT XF | ||
Microsoft -- Windows Server 2003 Microsoft -- Windows XP | Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file. |
| 1.9 | CVE-2006-4071 BUGTRAQ BUGTRAQ FULLDISC FULLDISC FRSIRT SECUNIA | ||
MySQL -- MySQL | MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy. |
| 1.6 | CVE-2006-4031 MYSQL MYSQL MYSQL BID FRSIRT SECTRACK SECUNIA | ||
myWebland -- myBloggie | index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message. |
| 2.3 | CVE-2006-4043 BUGTRAQ ALTERVISTA Milw0rm SECUNIA | ||
OZJournals -- OZJournals | Multiple cross-site scripting (XSS) vulnerabilities in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) m and (2) c parameters in index.php, (3) a search action, and (4) a "submit comment" action. |
| 2.3 | CVE-2006-4069 OTHER-REF FRSIRT SECUNIA | ||
PHP -- PHP | The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner. |
| 2.3 | CVE-2006-4023 BUGTRAQ BUGTRAQ ALTERVISTA SECTRACK | ||
pswd.js -- pswd.js | The pswd.js script relies on the client to calculate whether a username and password for a server match hard-coded hashed values, which allows remote attackers to obtain a username and password by downloading pswd.js and conducting brute-force offline attacks. |
| 2.3 | CVE-2006-4068 BUGTRAQ BID | ||
Simpliciti -- Locked Browser | Simpliciti Locked Browser does not properly limit a user's actions to ones within the intended Internet Explorer environment, which allows local users to perform unauthorized actions by visiting a web site that executes a JavaScript window.blur loop to remove focus from the browser window, then pressing CTRL-SHIFT-ESC to invoke the Task Manager. |
| 3.3 | CVE-2006-4092 BUGTRAQ | ||
Simplog -- Simplog | Cross-site scripting (XSS) vulnerability in archive.php in Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyw parameter when performing a search. NOTE: some details are obtained from third party information. |
| 2.3 | CVE-2006-4058 BUGTRAQ FRSIRT SECUNIA | ||
Sun -- Sun Ray Server Software | Unspecified vulnerability in the utxconfig utility in Sun Ray Server Software 3.x allows local users to create or overwrite arbitrary files via unknown attack vectors. |
| 1.6 | CVE-2006-4049 SUNALERT | ||
Symantec -- On-Demand Agent Symantec -- On-Demand Protection | Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the Virtual Desktop module in Symantec On-Demand Protection (SODP) before 2.6 Build 2233, do not properly encrypt files that are subject to policy-based automatic encryption, which might allow local users to read sensitive data via an unspecified decryption method. |
| 1.6 | CVE-2006-3457 BUGTRAQ OTHER-REF FRSIRT | ||
Symantec -- Brightmail AntiSpam | Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) "by sending invalid posts". |
| 2.3 | CVE-2006-4014 OTHER-REF FRSIRT SECTRACK SECUNIA | ||
Toenda Software Development -- toendaCMS | Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS stable 1.0.3 and earlier, and unstable 1.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via the s parameter. |
| 2.3 | CVE-2006-4016 BUGTRAQ OTHER-REF BID | ||
VWar -- Virtual War | Cross-site scripting (XSS) vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
| 2.3 | CVE-2006-4009 BUGTRAQ BID |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.