Vulnerability Summary for the Week of August 14, 2006
Released
Aug 21, 2006
Document ID
SB06-233
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| ArcSoft -- MMS Composer | Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and possibly earlier, and 2.0.0.13, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted MMS (Multimedia Messaging Service) messages that trigger the overflows in the (1) M-Notification.ind, (2) M-Retrieve.conf (Header and Body), or (3) SMIL parsers. |
| 7.0 | CVE-2006-4131 BUGTRAQ FULLDISC OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
| Bob Jewell -- Discloser | Multiple PHP remote file inclusion vulnerabilities in Bob Jewell Discloser 0.0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the fileloc parameter to (1) content/content.php or (2) /inc/indexhead.php. |
| 7.0 | CVE-2006-4207 OTHER-REF OTHER-REF BID XF | ||
| Boite de News -- Boite de News | PHP remote file inclusion vulnerability in boitenews4/index.php in Boite de News 4.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the url_index parameter. |
| 7.0 | CVE-2006-4123 Milw0rm BID XF | ||
| Chaussette -- Chaussette | Multiple PHP remote file inclusion vulnerabilities in Chaussette 080706 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _BASE parameter to (1) Classes/Evenement.php, (2) Classes/Event.php, (3) Classes/Event_for_month.php, (4) Classes/Event_for_week.php, (5) Classes/My_Log.php, and (6) Classes/My_Smarty.php. |
| 7.0 | CVE-2006-4159 OTHER-REF BID FRSIRT SECUNIA | ||
| Chaussette -- Chaussette | PHP remote file inclusion vulnerability in Chaussette 080706 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _BASE parameter to Classes/Event_for_month_per_day.php, a different vector than CVE-2006-4159. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-4216 SECUNIA | ||
| Cisco -- PIX Firewall | ** DISPUTED ** Unspecified vulnerability in Cisco PIX 500 Series Security Appliances allows remote attackers to send arbitrary UDP packets to intranet devices via unspecified vectors involving Session Initiation Protocol (SIP) fixup commands, a different issue than CVE-2006-4032. NOTE: the vendor, after working with the researcher, has been unable to reproduce the issue. |
| 7.0 | CVE-2006-4194 OTHER-REF OTHER-REF OTHER-REF CISCO | ||
| CPG-Nuke -- Dragonfly CMS | Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search field. |
| 7.0 | CVE-2006-4162 BUGTRAQ XF | ||
| David Kent Norman -- Thatware | PHP remote file inclusion vulnerability in config.php in David Kent Norman Thatware 0.4.6 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. |
| 7.0 | CVE-2006-4213 OTHER-REF FRSIRT XF | ||
| DConnect -- DConnect Daemon | Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to execute arbitrary code via a large nickname, which is not properly handled by the listen_thread_udp function. |
| 7.0 | CVE-2006-4125 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| Dolphin -- Dolphin | Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts. |
| 7.0 | CVE-2006-4189 SECTRACK XF | ||
| Drupal -- Job Search | SQL injection vulnerability in the Job Search module (job.module) 4.6 before revision 1.3.2.1 in Drupal allows remote attackers to execute arbitrary SQL commands via a job or resume search. |
| 7.0 | CVE-2006-4107 OTHER-REF BID FRSIRT SECUNIA XF | ||
| Drupal -- Bibliography Module | SQL injection vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| 7.0 | CVE-2006-4108 OTHER-REF BID FRSIRT SECUNIA | ||
| Falko Timme and Till Brehm -- SQLiteWebAdmin | PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme and Till Brehm SQLiteWebAdmin 0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the conf[classpath] parameter. |
| 7.0 | CVE-2006-4102 OTHER-REF FRSIRT XF | ||
| HP -- OpenView Storage Data Protector | Unspecified vulnerability in the backup agent and Cell Manager in HP OpenView Storage Data Protector 5.1 and 5.5 before 20060810 allows remote attackers to execute arbitrary code on an agent via unspecified vectors related to authentication and input validation. |
| 7.0 | CVE-2006-4201 OTHER-REF HP BID FRSIRT SECTRACK SECUNIA XF | ||
| IBM -- Informix Dynamic Database Server | Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, 9.40.TC8, 10.00.TC4, and 10.00.TC5, when running on Windows, allows remote attackers to execute arbitrary code via a long username, which causes an overflow in vsprintf when displaying in the resulting error message. NOTE: this issue is due to an incomplete fix for CVE-2006-3853. |
| 7.0 | CVE-2006-3854 BUGTRAQ BUGTRAQ OTHER-REF | ||
| IBM -- Websphere Application Server | Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others. |
| 7.0 | CVE-2006-4136 OTHER-REF AIXAPAR AIXAPAR AIXAPAR BID FRSIRT SECUNIA | ||
| IBM -- Access Support eGatherer ActiveX control | Stack-based buffer overflow in the IBM Access Support eGatherer ActiveX control before 3.20.0284.0 allows remote attackers to execute arbitrary code via a long filename parameter to the RunEgatherer method. |
| 7.0 | CVE-2006-4221 OTHER-REF BID FRSIRT SECUNIA | ||
| Invision Power Services -- Invision Power Board | Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to "access posts outside the topic." |
| 7.0 | CVE-2006-4155 OTHER-REF FRSIRT SECUNIA | ||
| Jason Alexander -- phNNTP | PHP remote file inclusion vulnerability in article-raw.php in Jason Alexander phNNTP 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter. |
| 7.0 | CVE-2006-4103 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
| Joomla! -- Webring Component | PHP remote file inclusion vulnerability in admin.webring.docs.php in the Webring Component (com_webring) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the component_dir parameter. |
| 7.0 | CVE-2006-4129 OTHER-REF BID FRSIRT SECUNIA | ||
| Microsoft -- Windows Help File Viewer | Multiple unspecified vulnerabilities in Microsoft Windows Help File viewer (winhlp32.exe) allow user-assisted attackers to execute arbitrary code via crafted HLP files. |
| 8.0 | CVE-2006-4138 BUGTRAQ BUGTRAQ BID | ||
| Microsoft -- Internet Explorer | Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files. |
| 7.0 | CVE-2006-4193 BUGTRAQ BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID BID BID | ||
| Microsoft -- Internet Explorer | The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN. |
| 7.0 | CVE-2006-4219 BUGTRAQ OTHER-REF BID | ||
| MODPlug -- Tracker | Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files. |
| 7.0 | CVE-2006-4192 BUGTRAQ OTHER-REF FRSIRT SECUNIA XF XF | ||
| MusicBrainz -- libmusicbrainz MusicBrainz -- libmusicbrainz SVN | Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c. |
| 8.0 | CVE-2006-4197 BUGTRAQ BID SECTRACK SECUNIA XF XF | ||
| MVCnPHP -- MVCnPHP | Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and Vincent Furia MVCnPHP 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the glConf[path_library] parameter to (1) BaseCommand.php, (2) BaseLoader.php, and (3) BaseView.php. |
| 7.0 | CVE-2006-4160 OTHER-REF BID FRSIRT SECUNIA | ||
| myWebland -- miniBloggie | ** DISPUTED ** PHP remote file inclusion vulnerability in cls_fast_template.php in myWebland miniBloggie 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fname parameter. NOTE: another researcher was unable to find a way to execute code after including it via a URL. CVE analysis as of 20060816 was inconclusive. |
| 7.0 | CVE-2006-4163 BUGTRAQ BUGTRAQ BID | ||
| ncompress -- ncompress | The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. |
| 7.0 | CVE-2006-1168 OTHER-REF DEBIAN MANDRIVA FRSIRT SECUNIA SECUNIA SECUNIA | ||
| NetCommons -- NetCommons | Cross-site scripting (XSS) vulnerability in NetCommons 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 7.0 | CVE-2006-4165 JVN BID SECUNIA XF | ||
| Pearlabs -- Mafia MoBlog | ** DISPUTED ** PHP remote file inclusion vulnerability in big.php in pearlabs mafia moblog 6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathtotemplate parameter. NOTE: a third party claims that the researcher is incorrect, because template.php defines pathtotemplate before big.php uses pathtotemplate. CVE has not verified either claim, but during August 2006, the original researcher has made several significant errors regarding this bug type. |
| 7.0 | CVE-2006-4156 BUGTRAQ BID | ||
| PHPMyRing -- PHPMyRing | SQL injection vulnerability in view_com.php in Nicolas Grandjean PHPMyRing 4.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idsite parameter. |
| 7.0 | CVE-2006-4114 Milw0rm BID FRSIRT SECUNIA | ||
| phpPrintAnalyzer -- phpPrintAnalyzer | PHP remote file inclusion vulnerability in inc/header.inc.php in phpPrintAnalyzer 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ficStyle parameter. |
| 7.0 | CVE-2006-4164 Milw0rm BID FRSIRT XF | ||
| Ruby on Rails -- Ruby on Rails | Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112. |
| 7.0 | CVE-2006-4111 RUBY ON RAILS GENTOO OTHER-REF BID FRSIRT SECUNIA | ||
| Ruby on Rails -- Ruby on Rails | Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or "data loss," a different vulnerability than CVE-2006-4111. |
| 7.0 | CVE-2006-4112 RUBY ON RAILS GENTOO CERT-VN BID SECUNIA SECUNIA XF | ||
| SAP Software -- Internet Graphics Server | Buffer overflow in SAP Internet Graphics Service (IGS) 6.40 and earlier, and 7.00 and earlier, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted HTTP requests. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. |
| 7.0 | CVE-2006-4133 BUGTRAQ OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
| Simple One-File Guestbook -- Simple One-File Guestbook | Simple one-file guestbook 1.0 and earlier allows remote attackers to bypass authentication and delete guestbook entries via a modified id parameter to guestbook.php. |
| 7.0 | CVE-2006-4122 OTHER-REF BID FRSIRT SECUNIA XF | ||
| Soft3304 -- 04WebServer | Cross-site scripting (XSS) vulnerability in Soft3304 04WebServer 1.83 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page, a different vulnerability than CVE-2004-1512. |
| 7.0 | CVE-2006-4199 OTHER-REF BID SECUNIA XF | ||
| Soft3304 -- 04WebServer | Unspecified vulnerability in 04WebServer 1.83 and earlier allows remote attackers to bypass user authentication via unspecified vectors related to request processing. |
| 7.0 | CVE-2006-4200 OTHER-REF BID SECUNIA XF | ||
| TinyWebGallery -- TinyWebGallery | PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the image parameter to (1) image.php or (2) image.php2. |
| 7.0 | CVE-2006-4166 BUGTRAQ Milw0rm SECTRACK XF | ||
| Vincent Hor -- Calendarix | ** DISPUTED ** PHP remote file inclusion vulnerability in cal_config.inc.php in Calendarix 0.7.20060401 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the calpath parameter. NOTE: this issue has been disputed by a third party, who says that the affected $calpath variable is set to a constant value in the beginning of the script. CVE concurs that the initial report is invalid. |
| 7.0 | CVE-2006-4135 BUGTRAQ BUGTRAQ MLIST XF | ||
| VWar -- Virtual War | SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) sortby and (2) sortorder parameters. |
| 7.0 | CVE-2006-4141 BUGTRAQ XF | ||
| VWar -- Virtual War | SQL injection vulnerability in extra/online.php in Virtual War (VWar) 1.5.0 R14 and earlier allows remote attackers to execute arbitrary SQL commands via the n parameter. |
| 7.0 | CVE-2006-4142 BUGTRAQ BID XF | ||
| WebDynamite -- ProjectButler | Multiple PHP remote file inclusion vulnerabilities in WebDynamite ProjectButler 0.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to /classes/ scripts including (1) Cache.class.php, (2) Customer.class.php, (3) Performance.class.php, (4) Project.class.php, (5) Representative.class.php, (6) User.class.php, or (7) common.php. |
| 7.0 | CVE-2006-4205 OTHER-REF BID XF | ||
| WEBInsta -- CMS | PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templates_dir parameter. |
| 7.0 | CVE-2006-4196 BUGTRAQ ECHO Milw0rm BID FRSIRT SECUNIA | ||
| WEBInsta -- Mailing List Manager | PHP remote file inclusion vulnerability in install3.php in WEBInsta Mailing List Manager 1.3e allows remote attackers to execute arbitrary PHP code via a URL in the cabsolute_path parameter. |
| 7.0 | CVE-2006-4209 BUGTRAQ OTHER-REF OTHER-REF XF | ||
| YaBB -- YaBB SE | Cross-site scripting (XSS) vulnerability in index.php in Yet another Bulletin Board (YaBB) allows remote attackers to inject arbitrary web script or HTML via the categories parameter. |
| 7.0 | CVE-2006-4157 BUGTRAQ BID XF | ||
| Zen Cart -- Zen Cart | Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to ipn_get_stored_session, which can be leveraged to modify elements of $_SESSION; and allow remote authenticated users to execute arbitrary SQL commands via (2) a session id within a cookie to whos_online_session_recreate, (3) the quantity field to the add_cart function, (4) an id[] parameter when adding an item to a shopping cart, or (5) a redemption code when checking out. |
| 7.0 | CVE-2006-4214 OTHER-REF BID FRSIRT SECUNIA | ||
| Zen Cart -- Zen Cart | PHP remote file inclusion vulnerability in index.php in Zen Cart 1.3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in autoLoadConfig[999][0][loadFile] parameter. |
| 7.0 | CVE-2006-4215 OTHER-REF BID FRSIRT SECUNIA | ||
| Zen Cart -- Zen Cart | Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier allows remote attackers to include and possibly execute arbitrary local files via directory traversal sequences in the typefilter parameter. |
| 7.0 | CVE-2006-4218 OTHER-REF BID FRSIRT SECUNIA |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| ASPPlayground.NET -- ASPPlayground.NET Forum | Cross-site scripting (XSS) vulnerability in calendar.asp in ASPPlayground.NET Forum Advanced Edition 2.4.5 Unicode allows remote attackers to inject arbitrary web script or HTML via the calendarID parameter. |
| 4.7 | CVE-2006-4206 BUGTRAQ XF | ||
| b0zz and Chris Vincent -- Owl Intranet Engine | Cross-site scripting (XSS) vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 4.7 | CVE-2006-4211 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| b0zz and Chris Vincent -- Owl Intranet Engine | SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| 4.7 | CVE-2006-4212 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| ChaosSoft -- GeheimChaos | Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Temp_entered_login or (2) Temp_entered_email parameters to (a) gc.php, and in multiple parameters in (b) include/registrieren.php, possibly involving the (3) $form_email, (4) $form_vorname, (5) $form_nachname, (6) $form_strasse, (7) $form_plzort, (8) $form_land, (9) $form_homepage, (10) $form_bildpfad, (11) $form_profilsichtbar, (12) $Temp_sprache, (13) $form_tag, (14) $form_monat, (15) $form_jahr, (16) $Temp_akt_string, (17) $form_icq, (18) $form_msn, (19) $form_yahoo, (20) $form_username, and (21) $Temp_form_pass variables. |
| 5.6 | CVE-2006-4118 BUGTRAQ FULLDISC BID FRSIRT SECUNIA XF | ||
| ChaosSoft -- GeheimChaos | SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the Temp_entered_password parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 5.6 | CVE-2006-4119 SECUNIA XF | ||
| Drupal -- Recipe Module Drupal -- Drupal | Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 5.6 | CVE-2006-4120 DRUPAL DRUPAL BID FRSIRT SECUNIA | ||
| e-Zest Solutions -- PgMarket | PHP remote file inclusion vulnerability in common.inc.php in PgMarket 2.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CFG[libdir] parameter. |
| 5.6 | CVE-2006-4115 BUGTRAQ BID XF | ||
| Hitweb -- Hitweb | PHP remote file inclusion vulnerability in genpage-cgi.php in Brian Fraval hitweb 4.2 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the REP_INC parameter. |
| 5.6 | CVE-2006-4113 Milw0rm BID FRSIRT SECUNIA | ||
| IBM -- Informix Dynamic Database Server | IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the (1) "SET DEBUG FILE" SQL command, and the (2) start_onpload and (3) dbexp functions. |
| 4.7 | CVE-2006-3860 BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF XF | ||
| Lesstif -- Lesstif | The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program. |
| 4.9 | CVE-2006-4124 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
| Lhaz -- Lhaz | Multiple stack-based buffer overflows in Lhaz before 1.32 allow user-assisted attackers to execute arbitrary code via a long filename in (1) an LHZ archive, when saving the filename during extraction; and (2) an LHZ archive with an invalid CRC checksum, when constructing an error message. |
| 5.6 | CVE-2006-4116 BUGTRAQ OTHER-REF OTHER-REF FRSIRT SECUNIA XF XF | ||
| MamboXChange -- PeopleBook | PHP remote file inclusion vulnerability in param.peoplebook.php in the Peoplebook Component for Mambo (com_peoplebook) 1.0 and earlier, and possibly 1.1.2, when register_globals and allow_fopenurl are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 5.6 | CVE-2006-4195 BUGTRAQ Milw0rm BID SECUNIA | ||
| MamboXChange -- Mambo eMail Publisher | PHP remote file inclusion vulnerability in help.mmp.php in the MMP Component (com_mmp) 1.2 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 4.7 | CVE-2006-4203 OTHER-REF BID FRSIRT SECUNIA XF | ||
| Matt Smith -- ReMOSitory for Mambo | PHP remote file inclusion vulnerability in admin.remository.php in the Remository Component (com_remository) 3.25 and earlier for Mambo and Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 5.6 | CVE-2006-4130 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
| NetGear -- FVG318 | Netgear FVG318 running firmware 1.0.40 allows remote attackers to cause a denial of service (router reset) via TCP packets with bad checksums. |
| 5.0 | CVE-2006-4143 BUGTRAQ BID XF | ||
| PHP-Nuke -- AutoHTML Module | Directory traversal vulnerability in autohtml.php in the AutoHTML module for PHP-Nuke allows local users to include arbitrary files via a .. (dot dot) in the name parameter for a modload operation. |
| 4.9 | CVE-2006-4190 BUGTRAQ OTHER-REF BID | ||
| PHProjekt -- PHProjekt | Multile PHP remote file inclusion vulnerabilities in PHProjekt 5.1 and possibly earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_pre parameter in lib/specialdays.php and the (2) lib_path parameter in lib/dbman_filter.inc.php. |
| 4.7 | CVE-2006-4204 OTHER-REF BID SECUNIA | ||
| See-Commerce -- See-Commerce | PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce 1.0.625 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. |
| 5.6 | CVE-2006-4121 OTHER-REF BID FRSIRT SECUNIA | ||
| Spaminator -- Spaminator | PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. |
| 5.6 | CVE-2006-4158 OTHER-REF BID FRSIRT SECUNIA XF | ||
| SquirrelMail -- SquirrelMail | Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users. |
| 4.7 | CVE-2006-4019 SQUIRRELMAIL SQUIRRELMAIL FRSIRT SECUNIA BUGTRAQ BUGTRAQ FULLDISC MLIST OTHER-REF BID OSVDB SECTRACK SECUNIA XF | ||
| Symantec Veritas -- Backup Exec | Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message. |
| 4.2 | CVE-2006-4128 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| Wheatblog -- Wheatblog | PHP remote file inclusion vulnerability in includes/session.php in Wheatblog (wB) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wb_class_dir parameter. |
| 5.6 | CVE-2006-4198 BUGTRAQ SECWATCH Milw0rm SOURCEFORGE BID XF | ||
| XMB Software -- Extreme Message Board | Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php. |
| 5.6 | CVE-2006-4191 BUGTRAQ ALTERVISTA Milw0rm BID SECUNIA XF |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Andreas Kansok -- phPay | nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when register_globals is enabled, allows remote attackers to use the server as an open mail relay via modified mail_text2, user_row[5], nu_mail_1, and shop_mail parameters. NOTE: some of these details are obtained from third party information. |
| 2.3 | CVE-2006-4210 OTHER-REF BID SECUNIA XF | ||
| Apache Software Foundation -- Apache | Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems. |
| 1.9 | CVE-2006-4110 BUGTRAQ BID FRSIRT SECUNIA | ||
| Arcsoft -- MMS Composer | ArcSoft MMS Composer 1.5.5.6 and possibly earlier, and 2.0.0.13 and possibly earlier, allow remote attackers to cause a denial of service (resource exhaustion and application crash) via WAPPush messages to UDP port UDP 2948. |
| 2.3 | CVE-2006-4132 BUGTRAQ FULLDISC OTHER-REF OTHER-REF OTHER-REF BID SECUNIA | ||
| Blursoft -- Blur6ex | Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 allows remote attackers to inject arbitrary web script or HTML via a comment title. |
| 2.3 | CVE-2006-4106 BUGTRAQ BID | ||
| DConnect -- DConnect Daemon | The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to cause a denial of service (application crash) by sending a client message before providing the nickname, which triggers a null pointer dereference. |
| 2.3 | CVE-2006-4126 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| DConnect -- DConnect Daemon | Multiple format string vulnerabilities in DConnect Daemon 0.7.0 and earlier allow remote administrators to execute arbitrary code via format string specifiers that are not properly handled when calling the (1) privmsg() or (2) pubmsg functions from (a) cmd.user.c, (b) penalties.c, or (c) cmd.dc.c. |
| 3.4 | CVE-2006-4127 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| Drupal -- Bibliography Module | Cross-site scripting (XSS) vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 2.3 | CVE-2006-4109 DRUPAL BID FRSIRT SECUNIA | ||
| Fill Threads Database -- Fill Threads Database | Cross-site scripting (XSS) vulnerability in Fill Threads Database (FTD) 3.7.3 allows remote attackers to inject arbitrary web script or HTML via the (1) search field or (2) an e-mail message. |
| 2.3 | CVE-2006-4105 BUGTRAQ BID SECTRACK XF | ||
| Gallery Project -- Gallery | Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." |
| 2.3 | CVE-2006-4030 OTHER-REF DEBIAN BID FRSIRT SECUNIA SECUNIA | ||
| High Availability Linux Project -- Heartbeat | The heartbeat subsystem in High-Availability Linux before 1.2.5 and 2.0 before 2.0.7 allows remote attackers to cause a denial of service (crash) via a crafted heartbeat message. |
| 2.3 | CVE-2006-3121 OTHER-REF OTHER-REF DEBIAN BID | ||
| HP -- HP-UX | Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23, when running in trusted mode, allows local users to cause a denial of service via unspecified vectors. |
| 1.6 | CVE-2006-4187 HP BID SECTRACK | ||
| HP -- HP-UX | Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via unknown vectors. |
| 2.3 | CVE-2006-4188 HP BID SECTRACK SECUNIA | ||
| IBM -- Informix Dynamic Database Server | IBM Informix Dynamic Server (IDS) allows remote authenticated users to create and overwrite arbitrary files via the (1) LOTOFILE and (2) trl_tracefile_set functions, and the (3) "SET DEBUG FILE" commands. |
| 1.4 | CVE-2006-3859 BUGTRAQ BUGTRAQ OTHER-REF | ||
| IBM -- Websphere Application Server | IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2) "script generated syntax on wsadmin command line," and (3) traces. |
| 2.3 | CVE-2006-4137 OTHER-REF AIXAPAR AIXAPAR AIXAPAR BID FRSIRT SECUNIA | ||
| IBM -- Websphere Application Server | Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.0.2.13 have unspecified vectors and impact, including (1) an "authority problem" in ThreadIdentitySupport as identified by PK25199, and "Potential security exposure" issues as identified by (2) PK22747, (3) PK24334, (4) PK25740, and (5) PK26123. |
| 2.3 | CVE-2006-4222 OTHER-REF FRSIRT SECUNIA | ||
| ImageMagick -- ImageMagick | Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow. |
| 1.9 | CVE-2006-4144 BUGTRAQ OTHER-REF BID SECUNIA | ||
| IPCheck -- Server Monitor | Directory traversal vulnerability in IPCheck Server Monitor 5.3.2.609 and earlier allows remote attackers to read arbitrary files via modified .. (dot dot) sequences in the URL, including (1) "..%2f" (encoded "/" slash), "..../" (multiple dot), and "..%255c../" (double-encoded "\" backslash). |
| 2.3 | CVE-2006-4140 BUGTRAQ BID FRSIRT SECTRACK SECUNIA XF | ||
| Linux -- Linux kernel | Race condition between the kfree_skb and __skb_unlink functions in the socket buffer handling in Linux kernel 2.6.9, and possibly other versions, allows remote attackers to cause a denial of service (crash), as demonstrated using the TCP stress tests from the LTP test suite. |
| 2.7 | CVE-2006-2446 REDHAT OTHER-REF | ||
| MojoScripts -- mojoGallery | Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 2.3 | CVE-2006-4087 FRSIRT SECUNIA | ||
| MojoScripts -- mojoGallery | Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via "password input." |
| 2.3 | CVE-2006-4104 BUGTRAQ BID FRSIRT SECUNIA | ||
| Novell -- eDirectory | Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated using a Nessus scan. |
| 2.3 | CVE-2006-4185 NOVELL BID SECTRACK SECUNIA | ||
| Novell -- eDirectory | The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file. |
| 1.6 | CVE-2006-4186 OTHER-REF BID SECTRACK SECUNIA | ||
| SAP Software -- Internet Graphics Server | Unspecified vulnerability related to a "design flaw" in SAP Internet Graphics Service (IGS) 6.40 and earlier and 7.00 and earlier allows remote attackers to cause a denial of service (service shutdown) via certain HTTP requests. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. |
| 2.3 | CVE-2006-4134 BUGTRAQ FULLDISC OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| ScatterChat -- ScatterChat | The cryptographic module in ScatterChat 1.0.x allows attackers to identify patterns in large numbers of messages by identifying collisions using a birthday attack on the custom padding mechanism for ECB mode encryption. |
| 1.9 | CVE-2006-4021 BUGTRAQ SCATTERCHAT SCATTERCHAT | ||
| Skippy.net -- WP-DB Backup Plugin for Wordpress | Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote authenticated users with administrative privileges to read arbitrary files via a .. (dot dot) in the backup parameter to edit.php. |
| 2.3 | CVE-2006-4208 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
| SmartLine -- DeviceLock | SmartLine DeviceLock before 5.73 Build 305 does not properly enforce access control lists (ACL) in raw mode, which allows local users to bypass NTFS controls and obtain sensitive information. |
| 2.3 | CVE-2006-4184 BUGTRAQ OTHER-REF BID SECUNIA XF | ||
| Spidey Blog -- Spidey Blog Script | SQL injection vulnerability in proje_goster.php in Spidey Blog Script 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. |
| 2.3 | CVE-2006-4202 Milw0rm BID SECUNIA | ||
| Sun -- Solaris | The squeue_drain function in Sun Solaris 10, possibly only when run on CMT processors, allows remote attackers to cause a denial of service ("bad trap" and system panic) by opening and closing a large number of TCP connections ("heavy TCP/IP loads"). NOTE: the original report specifies the function name as "drain_squeue," but this is likely incorrect. |
| 2.7 | CVE-2006-4117 SUNALERT FRSIRT SECUNIA | ||
| Sun -- Solaris | Race condition in Sun Solaris 10 allows attackers to cause a denial of service (system panic) via unspecified vectors related to ifconfig and either netstat or SNMP queries. |
| 2.7 | CVE-2006-4139 SUNALERT FRSIRT SECTRACK SECUNIA | ||
| Webligo -- BlogHoster | Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 allows remote attackers to inject arbitrary web script or HTML via the "From: part of the comment post," probably involving the nickname parameter to previewcomment.php. |
| 2.3 | CVE-2006-4090 BUGTRAQ BID FRSIRT OSVDB SECUNIA XF | ||
| XennoBB -- XennoBB | Directory traversal vulnerability in the avatar_gallery action in profile.php in XennoBB 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the category parameter. |
| 2.3 | CVE-2006-4161 BUGTRAQ OTHER-REF BID SECUNIA XF |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.