Vulnerability Summary for the Week of October 2, 2006
Released
Oct 09, 2006
Document ID
SB06-282
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| A-Blog -- A-Blog | Multiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) open_box, (2) middle_box, and (3) close_box parameters in (a) sources/myaccount.php; the (4) navigation_end parameter in (b) navigation/search.php and (c) navigation/donation.php; and the (6) navigation_start and (7) navigation_middle parameters in navigation/donation.php, (d) navigation/latestnews.php, and (e) navigation/links.php; different vectors than CVE-2006-5092. |
| 7.0 | CVE-2006-5135 OTHER-REF BID XF | ||
| Andreas Gohr -- DokuWiki | lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert. |
| 7.0 | CVE-2006-5099 OTHER-REF GENTOO SECUNIA SECUNIA FRSIRT | ||
| Apple -- Mac OS X NeXT -- OpenStep | The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function. |
| 7.0 | CVE-2006-4392 BUGTRAQ OTHER-REF APPLE CERT-VN SECTRACK CERT BID FRSIRT SECUNIA XF | ||
| Apple -- Mac OS X | A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIds to bypass service access controls and log into the system using loginwindow via unknown vectors. |
| 7.0 | CVE-2006-4394 APPLE CERT CERT-VN BID FRSIRT SECTRACK SECUNIA XF | ||
| Baumedia -- Newswriter | PHP remote file inclusion vulnerability in include/editfunc.inc.php in Sebastian Baumann and Philipp Wolfer Newswriter SW 1.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NWCONF_SYSTEM[server_path] parameter. |
| 7.0 | CVE-2006-5102 OTHER-REF BID XF | ||
| bbsNew -- bbsNew | PHP remote file inclusion vulnerability in index2.php in bbsNew 2.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the right parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-5103 BID | ||
| Comdev -- Comdev CSV Importer | PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1, and (12) Comdev eCommerce 3.1, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: it has been reported that 4.1 versions might also be affected. |
| 7.0 | CVE-2006-5101 BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ FRSIRT FRSIRT FRSIRT FRSIRT FRSIRT FRSIRT FRSIRT FRSIRT FRSIRT FRSIRT FRSIRT FRSIRT FRSIRT SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA | ||
| ConPresso -- ConPresso CMS | Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php, (2) the msg parameter in db_mysql.inc.php, and (3) the pos parameter in index.php. |
| 7.0 | CVE-2006-5127 BUGTRAQ OTHER-REF OTHER-REF BID XF | ||
| ConPresso -- ConPresso CMS | SQL injection vulnerability in index.php in Bartels Schoene ConPresso before 4.0.5a allows remote attackers to execute arbitrary SQL commands via the nr parameter. |
| 7.0 | CVE-2006-5128 BUGTRAQ OTHER-REF OTHER-REF BID XF | ||
| DeluxeBB -- DeluxeBB | PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatefolder parameter. |
| 7.0 | CVE-2006-5154 OTHER-REF BID FRSIRT SECUNIA | ||
| Devellion -- CubeCart | Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter in view_doc.php, and (4) the order_id parameter in admin/print_order.php. |
| 7.0 | CVE-2006-5107 BUGTRAQ BID XF | ||
| Devellion -- CubeCart | Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters and (5) certain language parameters in admin/nav.php; the (6) image parameter in admin/image.php; the (7) site_name, (8) la_adm_header, (9) charset, and (10) certain other parameters in admin/header.inc.php; the (12) la_pow_by parameter in footer.inc.php; and the (13) site_name parameter and (14) certain other parameters in header.inc.php. |
| 7.0 | CVE-2006-5108 BUGTRAQ BID FRSIRT SECUNIA XF | ||
| Forum One -- SyntaxCMS | Multiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1.1.1 through 1.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the init_path parameter to admin/testing/tests/0030_init_syntax.php, or (2) an unspecified parameter to admin/testing/index.php. NOTE: the 0004_init_urls.php vector is already covered by CVE-2006-5055. |
| 7.0 | CVE-2006-5105 OTHER-REF SECUNIA | ||
| Forum82 -- Forum82 | Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts. |
| 7.0 | CVE-2006-5148 OTHER-REF BID FRSIRT SECUNIA | ||
| HP -- HP-UX | Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to "gain root access" via unspecified vectors. |
| 10.0 | CVE-2006-5151 HP BID SECTRACK XF | ||
| InterVations -- NaviCOPA Web Server | Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request. |
| 7.0 | CVE-2006-5112 OTHER-REF BID FRSIRT SECUNIA XF | ||
| Jelsoft -- VBulletin | SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x allows remote attackers to execute arbitrary SQL commands via the templatesused parameter. |
| 7.0 | CVE-2006-5104 BUGTRAQ BID XF | ||
| Joshua Muheim -- phpMyWebmin | Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim phpMyWebmin 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) target and (2) action parameters in window.php, and possibly the (3) target parameter in home.php. |
| 7.0 | CVE-2006-5124 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
| Kevin A. Gordon -- Open Geo Targeting | PHP remote file inclusion vulnerability in script.php in Kevin A. Gordon Open Geo Targeting (aka geotarget) allows remote attackers to execute arbitrary PHP code via a URL in the anp_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-5141 BID | ||
| Lappy512 -- PHP Krazy Image Host Script | SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image Host Script (phpkimagehost) 0.7a allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2006-5140 OTHER-REF BID XF | ||
| McAfee -- ePolicy Orchestrator McAfee -- ProtectionPilot | Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header. |
| 10.0 | CVE-2006-5156 OTHER-REF OTHER-REF OTHER-REF OTHER-REF BID SECUNIA | ||
| Microsoft -- Internet Explorer | Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032. |
| 7.0 | CVE-2006-5152 BUGTRAQ BUGTRAQ BUGTRAQ | ||
| MyPhotos -- MyPhotos | ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in MyPhotos 0.1.3b beta allows remote attackers to execute arbitrary PHP code via the includesdir parameter. NOTE: this issue is disputed by CVE on 20060927, since the includesdir is defined before being used when the product is installed according to the provided instructions. |
| 7.0 | CVE-2006-5095 BUGTRAQ MLIST | ||
| net2ftp -- net2ftp | PHP remote file inclusion vulnerability in index.php in net2ftp allows remote attackers to execute arbitrary PHP code via a URL in the application_rootdir parameter. |
| 7.0 | CVE-2006-5097 BUGTRAQ XF | ||
| NetWin -- WebNEWS | PHP remote file inclusion vulnerability in parse/parser.php in WEB//NEWS (aka webnews) 1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WN_BASEDIR parameter. |
| 7.0 | CVE-2006-5100 BUGTRAQ OTHER-REF FRSIRT SECUNIA XF | ||
| Olate -- OlateDownload | Cross-site scripting (XSS) vulnerability in userupload.php in OlateDownload 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the description_small parameter. |
| 7.0 | CVE-2006-5144 BUGTRAQ BID XF | ||
| Olate -- OlateDownload | Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php. |
| 7.0 | CVE-2006-5145 BUGTRAQ BID XF | ||
| OpenBiblio -- OpenBiblio | Multiple PHP remote file inclusion vulnerabilities in (1) shared/header.php and (2) shared/help.php in OpenBiblio before 0.5.2 allow remote attackers to execute arbitrary PHP code via unspecified vectors. |
| 7.0 | CVE-2006-5149 OTHER-REF BID FRSIRT SECUNIA | ||
| OpenBiblio -- OpenBiblio | SQL injection vulnerability in the reports system in OpenBiblio before 0.5.2 allows remote attackers with report privileges to execute arbitrary SQL commands via unspecified vectors. |
| 7.0 | CVE-2006-5150 OTHER-REF BID FRSIRT SECUNIA | ||
| Paul Schudar -- Tagmin Control Center | PHP remote file inclusion vulnerability in index.php in Tagmin Control Center in TagIt! Tagboard 2.1.B Build 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. |
| 7.0 | CVE-2006-5093 OTHER-REF BID OTHER-REF SECUNIA XF FRSIRT | ||
| PHP Invoice -- PHP Invoice | Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2.2 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different vector than CVE-2006-5074. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-5110 FRSIRT SECUNIA XF | ||
| PHP Web Scripts -- Easy Banner Free | PHP remote file inclusion vulnerability in functions.php in PHP Web Scripts Easy Banner Free allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter. |
| 7.0 | CVE-2006-5166 BUGTRAQ BID XF | ||
| phpMyAgenda -- phpMyAgenda | Multiple PHP remote file inclusion vulnerabilities in phpMyAgenda 3.0 Final and earlier allow remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter to (1) agendaplace.php3, (2) agendaplace2.php3, (3) infoevent.php3, and (4) agenda2.php3, different vectors than CVE-2006-2009. |
| 7.0 | CVE-2006-5132 BUGTRAQ OTHER-REF OTHER-REF OSVDB OSVDB OSVDB OSVDB | ||
| PHProjekt -- PHProjekt | Multiple PHP remote file inclusion vulnerabilities in Albrecht Guenther PHProjekt 5.1.x before 5.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib_path or (2) lang_path parameter in unspecified files, related to code changes intended to fix inclusion, a different vulnerability than CVE-2002-0451, CVE-2006-4204, and CVE-2006-4609. |
| 7.0 | CVE-2006-5123 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
| PHPSelect -- Web Development Division | PHP remote file inclusion vulnerability in index.php3 in the PDD package for PHPSelect Web Development Division allows remote attackers to execute arbitrary PHP code via a URL in the Application_Root parameter. |
| 7.0 | CVE-2006-5118 BUGTRAQ BID XF | ||
| PostNuke Software Foundation -- PostNuke | SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter. |
| 7.0 | CVE-2006-5121 BUGTRAQ XF | ||
| PowerPortal -- PowerPortal | PHP remote file inclusion vulnerability in index.php in John Himmelman (aka DaRk2k1) PowerPortal 1.3a allows remote attackers to execute arbitrary PHP code via a URL in the file_name[] parameter. |
| 7.0 | CVE-2006-5126 OTHER-REF BID XF SECUNIA | ||
| Salims Softhouse -- JAF CMS | Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) the message parameter, and possibly other parameters, in module/shout/jafshout.php (aka the shoutbox); and (2) the message body in a forum post in module/forum/topicwin.php, related to the name, email, title, date, ldate, and lname variables. |
| 7.0 | CVE-2006-5129 BUGTRAQ BID SECUNIA | ||
| Salims Softhouse -- JAF CMS | Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) url, (3) title, and (4) about parameters in a forum post. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-5130 SECUNIA | ||
| Salims Softhouse -- JAF CMS | module/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allows remote attackers to execute arbitrary code within sections bounded by "
", possibly due to a static code injection vulnerability involving admin/data_inc.php. |
| 7.0 | CVE-2006-5131 BUGTRAQ SECUNIA | ||
| SAP -- Internet Transaction Server | Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP Internet Transaction Server (ITS) 6.1 and 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) ~urlmime or (2) ~command parameter, different vectors than CVE-2003-0749. |
| 7.0 | CVE-2006-5114 BUGTRAQ BID | ||
| Steve Poulsen -- GuildFTPd | Buffer overflow in GuildFTPd 0.999.13 allows remote attackers to have an unknown impact, possibly code execution related to input containing "globbing chars." |
| 7.0 | CVE-2006-5133 BUGTRAQ OTHER-REF OTHER-REF OSVDB | ||
| Sum Effect Software -- digiSHOP | Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum Effect Software digiSHOP 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sortBy or (2) search parameters. |
| 7.0 | CVE-2006-5164 BUGTRAQ BID SECUNIA | ||
| Trend Micro -- OfficeScan | Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the "Management Console's Remote Client Install name search". |
| 7.0 | CVE-2006-5157 BUGTRAQ OTHER-REF BID SECTRACK SECUNIA | ||
| UBBCentral -- UBB.threads | Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in Groupee UBB.threads 6.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[thispath] or (2) GLOBALS[configdir] parameter. |
| 7.0 | CVE-2006-5136 BUGTRAQ BID XF | ||
| VAMP Webmail -- VAMP Webmail | PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml in VAMP Webmail 2.0beta1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the no_url parameter. |
| 7.0 | CVE-2006-5147 Milw0rm BID XF | ||
| VideoDB -- VideoDB | PHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2.1 and earlier allows remote attackers to execute arbitrary PHP code via the config[pdf_module] parameter. |
| 7.0 | CVE-2006-5155 OTHER-REF BID SECUNIA XF | ||
| Yblog -- Yblog | Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) funk.php, or the (2) action parameter in (b) tem.php and (c) uss.php. |
| 7.0 | CVE-2006-5146 BUGTRAQ MLIST BID | ||
| Yuuki Yoshizawa -- Exporia | Directory traversal vulnerability in common.php in Yuuki Yoshizawa Exporia 0.3.0 allows remote attackers to include and execute local files via a .. (dot dot) in the lan parameter to includes.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2006-5113 BID FRSIRT OSVDB SECUNIA |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Apple -- Mac OS X | Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage WebObjects applications. |
| 4.9 | CVE-2006-4387 APPLE BID FRSIRT SECUNIA XF | ||
| Apple -- Mac OS X | Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to execute arbitrary code via a malformed JPEG2000 image. |
| 5.6 | CVE-2006-4391 APPLE SECTRACK CERT CERT-VN BID FRSIRT SECUNIA XF | ||
| Apple -- Mac OS X | Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users. |
| 4.9 | CVE-2006-4393 APPLE BID FRSIRT SECTRACK SECUNIA XF | ||
| Apple -- Mac OS X | Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 through 10.4.7 prevents Kerberos tickets from being destroyed if a user does not successfully log on to a network account from the login window, which might allow later users to gain access to the original user's Kerberos tickets. |
| 4.9 | CVE-2006-4397 APPLE BID FRSIRT SECTRACK SECUNIA | ||
| Basilix -- Basilix Webmail | Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) BSX_LIBDIR parameter in scripts in /files/ including (a) abook.php3, (b) compose-attach.php3, (c) compose-menu.php3, (d) compose-new.php3, (e) compose-send.php3, (f) folder-create.php3, (g) folder-delete.php3, (h) folder-empty.php3, (i) folder-rename.php3, (j) folders.php3, (k) mbox-action.php3, (l) mbox-list.php3, (m) message-delete.php3, (n) message-forward.php3, (o) message-header.php3, (p) message-print.php3, (q) message-read.php3, (r) message-reply.php3, (s) message-replyall.php3, (t) message-search.php3, or (u) settings.php3; and the (2) BSX_HTXDIR parameter in (v) files/login.php3. |
| 5.6 | CVE-2006-5167 Milw0rm BID FRSIRT SECUNIA XF | ||
| FacileForms -- FacileForms | Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 for Mambo and Joomla!, when either register_globals or RG_EMULATION is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 5.6 | CVE-2006-5106 OTHER-REF BID FRSIRT SECUNIA | ||
| IBM -- Client Security Password Manager | IBM Client Security Password Manager stores and distributes saved passwords based upon the title of a website, which allows remote attackers to obtain username and password credentials by changing the title of an HTML page. |
| 4.7 | CVE-2006-5161 BUGTRAQ BID | ||
| KGB -- KGB | Directory traversal vulnerability in kgcall.php in KGB 1.87 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the engine parameter, as demonstrated by uploading a file containing PHP code with an image/jpeg content type, and then referencing this file through the engine parameter. |
| 5.6 | CVE-2006-5115 OTHER-REF BID XF | ||
| phpMyAdmin -- phpMyAdmin | Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017. |
| 5.6 | CVE-2006-5116 OTHER-REF BID SECUNIA BUGTRAQ MLIST OTHER-REF XF | ||
| Skrypty -- PPA Gallery | PHP remote file inclusion vulnerability in inc/functions.inc.php in Skrypty PPA Gallery 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[ppa_root_path] parameter. |
| 5.6 | CVE-2006-5165 Milw0rm BID FRSIRT SECUNIA XF | ||
| UBBCentral -- UBB.threads | Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP code via a config[] array parameter to admin/doeditconfig.php, and then execute the code via includes/config.inc.php; and inject a reference to PHP code via a URL in the config[path] parameter, and then execute the code via (3) dorateuser.php, (4) calendar.php, and unspecified other scripts. |
| 5.6 | CVE-2006-5137 BUGTRAQ BID XF |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Andreas Gohr -- DokuWiki | lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image. |
| 3.3 | CVE-2006-5098 OTHER-REF GENTOO SECUNIA SECUNIA FRSIRT | ||
| Apple -- Mac OS X | CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted. |
| 1.9 | CVE-2006-4390 APPLE SECTRACK XF BID FRSIRT SECUNIA | ||
| Apple -- Mac OS X | Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows context-dependent attackers to cause a denial of service ("memory corruption" and crash) via a crafted PICT image that is not properly handled by a certain "unsupported QuickDraw operation." |
| 2.7 | CVE-2006-4395 APPLE CERT CERT-VN BID FRSIRT SECTRACK SECUNIA XF | ||
| Apple -- Mac OS X | User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not actually supported, which could result in less secure password management than intended. |
| 3.3 | CVE-2006-4399 APPLE CERT CERT-VN BID FRSIRT SECTRACK SECUNIA XF | ||
| Devellion -- CubeCart | Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive information via a direct request for (1) link_navi.php or (2) spotlight.php, which reveals the path in various error messages. NOTE: the information.php, language.php, list_docs.php, popular_prod.php, sale.php, check_sum.php, and cat_navi.php vectors are already covered by CVE-2005-0607. |
| 2.3 | CVE-2006-5109 BUGTRAQ BID XF | ||
| IBM -- Informix Dynamic Server | IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack. |
| 3.3 | CVE-2006-5163 BUGTRAQ FULLDISC BID SECUNIA XF XF | ||
| Joshua Muheim -- phpMyWebmin | Directory traversal vulnerability in window.php, possibly used by home.php, in Joshua Muheim phpMyWebmin 1.0 allows remote attackers to obtain sensitive information via a directory name in the target parameter, which triggers a directory listing through the opendir function. |
| 2.3 | CVE-2006-5125 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
| Kerio -- Personal Firewall | The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal Firewall 4.3.268 and earlier do not validate arguments passed through to SSDT functions, including NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, and NtSetInformationFile, which allows local users to cause a denial of service (crash) and possibly other impacts via unspecified vectors. |
| 3.3 | CVE-2006-5153 BUGTRAQ OTHER-REF BID SECUNIA | ||
| libksba library -- libksba library | The libksba library 0.9.12 and possibly other versions, as used by gpgsm in the newpg package on SUSE LINUX, allows attackers to cause a denial of service (application crash) via a malformed X.509 certificate in a signature. |
| 2.3 | CVE-2006-5111 OTHER-REF SUSE | ||
| Mercury -- Mercury SiteScope | Multiple cross-site scripting (XSS) vulnerabilities in Mercury SiteScope 8.2 (8.1.2.0) allow remote authenticated users to inject arbitrary web script or HTML via (1) "any field create name field" except "create new group name" or (2) any description field. |
| 2.8 | CVE-2006-5122 BUGTRAQ BID | ||
| Mercury -- Mercury SiteScope | Mercury SiteScope 8.2 (8.1.2.0) allows remote authenticated users to cause a denial of service (loss of connectivity to the classic interface) via attempted HTML injection into the "new monitor description" field. |
| 1.4 | CVE-2006-5134 BUGTRAQ BID | ||
| Microsoft -- Internet Explorer | wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow. |
| 2.3 | CVE-2006-5162 BUGTRAQ Milw0rm BID FRSIRT OSVDB XF | ||
| MKPortal -- MKPortal | Unspecified vulnerability in MkPortal allows remote attackers to corrupt web site content, and possibly have other impact, via a certain long Message that affects "Tables," related to the Urlobox. |
| 2.3 | CVE-2006-5139 BUGTRAQ | ||
| Mozilla -- Firefox | ** DISPUTED ** Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that "we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succeeded in making this code do anything more than cause a crash and eat up system resources". |
| 3.3 | CVE-2006-5159 BUGTRAQ BUGTRAQ MOZILLA OTHER-REF BID BID SECTRACK | ||
| Mozilla -- Firefox | ** DISPUTED ** Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that "I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not." |
| 2.3 | CVE-2006-5160 BUGTRAQ MOZILLA OTHER-REF BID | ||
| Novell -- GroupWise Messenger | Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted HTTP POST request to TCP port 8300 with a modified val parameter, which triggers a null dereference related to "zero-size strings in blowfish routines." |
| 2.3 | CVE-2006-4511 IDEFENSE OTHER-REF BID SECUNIA | ||
| phpMyAdmin -- phpMyAdmin | phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files. |
| 2.3 | CVE-2006-5117 OTHER-REF BID SECUNIA | ||
| Scott Metoyer -- Red Mombin | Multiple cross-site scripting (XSS) vulnerabilities in Scott Metoyer Red Mombin 0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) index.php and (2) process_login.php. |
| 3.7 | CVE-2006-5120 BUGTRAQ OTHER-REF BID | ||
| SuSE -- SuSE Linux | Unspecified vulnerability in NFS lockd in the kernel in SUSE Linux 9.2 through 10.0 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a deadlock. |
| 2.3 | CVE-2006-5158 | ||
| UBBCentral -- UBB.threads | Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitive information via a direct request for cron/php/subscriptions.php, which reveals the path in an error message. |
| 2.3 | CVE-2006-5138 BUGTRAQ BID XF | ||
| VirtueMart -- VirtueMart Joomla! eCommerce Edition CMS | Multiple cross-site scripting (XSS) vulnerabilities in index.php in VirtueMart (formerly known as mambo-phpShop) Joomla! eCommerce Edition CMS 1.0.11, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Itemid parameter in a (1) com_contact or (2) subscribe action. |
| 2.3 | CVE-2006-5096 BUGTRAQ BID XF SECUNIA FRSIRT | ||
| Zen Cart -- Zen Cart | Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) index.php and (2) password_forgotten.php. |
| 3.7 | CVE-2006-5119 BUGTRAQ OTHER-REF BID |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.