Vulnerability Summary for the Week of January 1, 2007
Released
Jan 08, 2007
Document ID
SB07-008
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
face="arial,geneva,helvetica">
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| 2enetworx -- OpenForum | Openforum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for openforum.mdb. |
| 10.0 | CVE-2007-0076 BUGTRAQ OTHER-REF | ||
| Adobe -- Acrobat Reader Plugin | Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding." |
| 7.0 | CVE-2007-0044 BUGTRAQ OTHER-REF OTHER-REF | ||
| Adobe -- Acrobat Reader Plugin | Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. |
| 7.0 | CVE-2007-0046 BUGTRAQ OTHER-REF OTHER-REF | ||
| Alan Ward -- aFAQ | SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catcode parameter. |
| 7.0 | CVE-2006-6831 OTHER-REF XF | ||
| AlstraSoft -- WebHost Directory | AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config. |
| 7.0 | CVE-2006-6818 BUGTRAQ BID | ||
| Apple -- QuickTime Player | Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI. |
| 7.0 | CVE-2007-0015 OTHER-REF Milw0rm BID OTHER-REF SECTRACK | ||
| AShopSoftware -- AShop Deluxe AShopSoftware -- AShop Administration Panel | Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe 4.5 and AShop Administration Panel allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) ashop/catalogue.php and (b) ashop/basket.php, the (2) exp parameter to ashop/catalogue.php, the (3) searchstring parameter to (c) ashop/search.php, the (4) checkout and (5) action parameters to (d) ashop/shipping.php, the cat parameter to (f) cart-path/admin/editcatalogue.php, and the (7) resultpage parameter to (g) cart-path/admin/salesadmin.php. |
| 7.0 | CVE-2007-0056 BUGTRAQ BID | ||
| ASP Siteware -- autoDealer | SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the iPro parameter. |
| 7.0 | CVE-2007-0053 OTHER-REF BID FRSIRT SECUNIA | ||
| ASPBB -- ASPBB | AspBB stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for db/aspbb.mdb. |
| 10.0 | CVE-2007-0075 BUGTRAQ OTHER-REF | ||
| ASPTicker -- ASPTicker | SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO. |
| 7.0 | CVE-2006-6848 OTHER-REF BID | ||
| Atmel -- Linux PCI PCMCIA USB Drivers | Buffer overflow in the Get_Wep function in cofvnet.c for ATMEL Linux PCI PCMCIA USB Drivers drivers 3.4.1.1 corruption allows attackers to execute arbitrary code via a long name argument. |
| 7.0 | CVE-2006-6881 BUGTRAQ | ||
| Belchior Foundry -- vCard PRO | Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior Foundry vCard PRO allows remote attackers to inject arbitrary web script or HTML via the sortby parameter. |
| 7.0 | CVE-2007-0054 BUGTRAQ BID | ||
| Cafelog -- B2 Blog | PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the index parameter. |
| 7.0 | CVE-2006-6830 OTHER-REF BID XF | ||
| Cahier de textes -- Cahier de textes | administration/index.php in Cahier de texte (CDT) 2.2 does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions. |
| 7.0 | CVE-2006-6849 BUGTRAQ OTHER-REF | ||
| Carbon Communities -- Carbon Communities | CarbonCommunities stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for DataBase/Carbon2.4d.mdb. |
| 7.0 | CVE-2007-0096 OTHER-REF FRSIRT | ||
| Cisco -- Clean Access | Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access. |
| 10.0 | CVE-2007-0057 CISCO FRSIRT | ||
| CMS Made Simple -- CMS Made Simple | Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form. |
| 7.0 | CVE-2006-6844 BUGTRAQ OTHER-REF SECTRACK | ||
| CMS Made Simple -- CMS Made Simple | Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action. |
| 7.0 | CVE-2006-6845 BUGTRAQ BID FRSIRT SECUNIA | ||
| CMS-Center -- Simple Web CMS | SQL injection vulnerability in page.php in Simple Web Content Management System allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2007-0093 BUGTRAQ OTHER-REF | ||
| CodeMonkeyX -- Acronym Mod | SQL injection vulnerability in admin/admin_acronyms.php in the Acronym Mod 0.9.5 for phpBB2 Plus 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2006-6842 OTHER-REF BID XF | ||
| ConeXware -- PowerArchiver 2006 | Multiple stack-based buffer overflows in the (1) LoadTree and (2) ReadHeader functions in PAISO.DLL 1.7.3.0 (1.7.3 beta) in ConeXware PowerArchiver 2006 9.64.02 allow user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories. |
| 8.0 | CVE-2007-0097 FULLDISC OTHER-REF FRSIRT SECUNIA | ||
| Cybercoded -- WYWO - InOut Board | Multiple SQL injection vulnerabilities in WYWO - InOut Board 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the num parameter in (a) phonemessage.asp, (2) the catcode parameter in (b) faqDsp.asp, and the (3) Username and (4) Password fields in (c) login.asp. |
| 7.0 | CVE-2006-6846 OTHER-REF BID | ||
| De Marchi Daniele -- QuickCam | The qcamvc_video_init function in qcamvc.c in De Marchi Daniele QuickCam VC Linux device driver (aka quickcam-vc) 1.0.9 and earlier does not properly check a boundary, triggering memory corruption, which might allow attackers to execute arbitrary code via a crafted QuickCam object. |
| 7.0 | CVE-2006-6854 BUGTRAQ BID | ||
| DMXReady -- DMXReady Secure Login Manager | Multiple SQL injection vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel; (4) the sent parameter to (a) login.asp, (b) content.asp, and (c) members.asp in the Remote-WebSite; and (5) the sent parameter to applications/SecureLoginManager/inc_secureloginmanager.asp in the Live Demo. |
| 7.0 | CVE-2006-6816 BUGTRAQ BID XF | ||
| E-Smart Cart -- E-Smart Cart | SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter. |
| 7.0 | CVE-2007-0092 OTHER-REF SECUNIA | ||
| Efkan Forum -- Efkan Forum | Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the grup parameter in admin.asp, or the id parameter in (2) default.asp or (3) admin.asp. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. The default.asp/grup vector is already covered by CVE-2006-6794. |
| 7.0 | CVE-2006-6828 FRSIRT | ||
| eNdonesia -- eNdonesia | Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2) the intypeid parameter in a showinfo operation in the informasi module in mod.php, (3) the "your Friend" field in friend.php, or (4) the "Main Text" field in admin.php. |
| 7.0 | CVE-2006-6871 OTHER-REF BID FRSIRT SECUNIA | ||
| eNdonesia -- eNdonesia | Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via (1) the did parameter in a (a) viewdisk operation (diskusi mod), or the (2) cid parameter in a (b) viewlink (katalog mod) or (b) viewcat (diskusi mod) operation. |
| 7.0 | CVE-2006-6873 OTHER-REF BID FRSIRT SECUNIA | ||
| eNdonesia -- eNdonesia | Multiple cross-site scripting (XSS) vulnerabilities in friend.php in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Message or (2) Your Name field. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2006-6874 SECUNIA | ||
| Enigma -- WordPress Bridge | ** DISPUTED ** PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value. |
| 10.0 | CVE-2006-6863 BUGTRAQ OTHER-REF VIM BID SECTRACK | ||
| Enigma2 -- Coppermine Bridge | PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. |
| 10.0 | CVE-2006-6864 BUGTRAQ OTHER-REF VIM BID SECTRACK | ||
| Fermentigrafici -- WineGlass | WineGlass stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/data.mdb. |
| 7.0 | CVE-2007-0090 BUGTRAQ OTHER-REF | ||
| FreeRadius -- 1.1.3 | Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party, who states that the server parameter can only be exploited via the FreeRADIUS configuration file. |
| 7.0 | CVE-2007-0080 BUGTRAQ BUGTRAQ | ||
| FreeStyle -- FreeStyle Wiki | FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request for config/user.dat. |
| 7.0 | CVE-2006-6889 OTHER-REF XF | ||
| Geckovich -- TaskTracker Pro Geckovich -- TaskTracker | Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp. |
| 7.0 | CVE-2007-0049 OTHER-REF BID SECUNIA | ||
| IBM -- OS/400 | Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing. |
| 7.0 | CVE-2006-6836 AIXAPAR OTHER-REF BID SECUNIA | ||
| Iconics -- Dialog Wrapper Module ActiveX Control | Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument. |
| 7.0 | CVE-2006-6488 CERT-VN FRSIRT SECUNIA | ||
| IMGallery -- IMGallery | users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts. |
| 7.0 | CVE-2007-0082 OTHER-REF BID FRSIRT XF | ||
| JGBBS -- JGBBS | jgbbs stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/bbs.mdb. |
| 7.0 | CVE-2007-0089 BUGTRAQ OTHER-REF | ||
| Joomla! -- Joomla! | Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title. |
| 7.0 | CVE-2006-6832 OTHER-REF OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
| Joomla! -- Joomla! | com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors. |
| 7.0 | CVE-2006-6833 OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
| Joomla! -- BE IT EasyPartner component | PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2006-6843 BID | ||
| Katy Whitton Web Development -- newsCMSlite | newsCMSlite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for newsCMS.mdb. |
| 7.0 | CVE-2007-0091 OTHER-REF XF | ||
| KDE -- KsIRC | Buffer overflow in KsIRC 1.3.12 allows remote attackers to execute arbitrary code via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server. |
| 7.0 | CVE-2006-6811 OTHER-REF BID OTHER-REF FRSIRT SECTRACK XF | ||
| MAXdev -- MDForum | Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php. |
| 8.0 | CVE-2006-6869 OTHER-REF BID FRSIRT | ||
| Mozilla -- Durian Web Application Server | Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002. |
| 10.0 | CVE-2006-6853 OTHER-REF OTHER-REF BID XF | ||
| MXmania -- MXmania File Upload Manager | SQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. |
| 7.0 | CVE-2006-6813 OTHER-REF BID FRSIRT SECUNIA | ||
| MXmania -- Calendar MX BASIC | Calendar MX BASIC 1.0.2 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for calendar.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2006-6825 FRSIRT | ||
| myPHPCalendar -- myPHPCalendar | Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar 10.1 allow remote attackers to execute arbitrary PHP code via a URL in the cal_dir parameter to (1) admin.php, (2) contacts.php, or (3) convert-date.php. |
| 7.0 | CVE-2006-6812 OTHER-REF BID | ||
| MythControl -- MythControl | Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information. |
| 10.0 | CVE-2006-6860 BUGTRAQ BID SECTRACK | ||
| Neocrome -- Land Down Under | SQL injection vulnerability in Journal.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the w parameter to journal.php. |
| 7.0 | CVE-2006-6835 BUGTRAQ XF | ||
| Netfarer.com -- MoviePlay | Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers to execute arbitrary code via a long filename in a LST file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-0016 BID SECUNIA | ||
| OpenMedia -- OpenMedia | Multiple directory traversal vulnerabilities in openmedia allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) src parameter to page.php or the (2) format parameter to search_form.php. |
| 8.0 | CVE-2007-0088 BUGTRAQ | ||
| OpenPinboard -- OpenPinboard | ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the language parameter. NOTE: this issue has been disputed by a third party, who states that the vulnerable is set before use. |
| 7.0 | CVE-2007-0050 BUGTRAQ BUGTRAQ | ||
| OpenSER -- OpenSER OSP Module OpenSER -- OpenSER | Buffer overflow in the validateospheader function in the Open Settlement Protocol (OSP) module in OpenSER 1.1.0 and earlier allows remote attackers to execute arbitrary code via a crafted OSP header. |
| 7.0 | CVE-2006-6875 BUGTRAQ BID | ||
| OpenSER -- OpenSER | The fetchsms function in the SMS handling module (libsms_getsms.c) in OpenSER 1.1.0 and earlier might allow remote attackers to execute arbitrary code via a crafted SMS message, triggering memory corruption when the "beginning" buffer is copied to the third (pdu) argument. |
| 7.0 | CVE-2006-6876 BUGTRAQ BID | ||
| Outfront -- Spooky Login | Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to includes/a_register.asp. |
| 10.0 | CVE-2006-6861 BUGTRAQ BID | ||
| Outfront -- Spooky Login | Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login/login.asp or (2) login/register.asp. |
| 7.0 | CVE-2006-6862 BUGTRAQ BID | ||
| Personal .NET Portal -- Personal .NET Portal | Unspecified vulnerability in the tab editor for Personal .NET Portal before 2.0.0 has unknown impact and attack vectors related to a "Security leak." |
| 7.0 | CVE-2006-6826 OTHER-REF FRSIRT XF | ||
| PHP iCalendar -- PHP iCalendar | Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) getdate parameter in (a) day.php, (b) month.php, (c) year.php, (d) week.php, (e) search.php, (f) rss/index.php, (g) print.php, and (h) preferences.php; the (2) cpath parameter in (i) day.php, (j) month.php, (k) year.php, (l) week.php, and (m) search.php; the (3) query parameter in search.php; and possibly the cpath, (4) unset, and (5) set parameters in a setcookie action in preferences.php; different vectors than CVE-2006-3319. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2006-6824 OTHER-REF BID SECTRACK SECUNIA | ||
| PHP-Update -- PHP-Update | admin/uploads.php in PHP-Update 2.7 and earlier allows remote attackers to gain privileges by setting the rights[7] parameter to 1 during a login action. |
| 7.0 | CVE-2006-6878 OTHER-REF BID SECUNIA | ||
| PHP-Update -- PHP-Update | Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter. |
| 7.0 | CVE-2006-6880 OTHER-REF BID SECUNIA | ||
| phpBB Group -- phpBB | Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets." |
| 7.0 | CVE-2006-6839 OTHER-REF BID | ||
| phpBB Group -- phpBB | Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter." |
| 7.0 | CVE-2006-6840 OTHER-REF BID | ||
| phpBB Group -- phpBB | Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors. |
| 7.0 | CVE-2006-6841 OTHER-REF BID | ||
| PHPIrc_bot -- PHPIrc_bot | ** DISPUTED ** PHP remote file inclusion vulnerability in php4you.php in PHPIrc_bot 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE, since the dir variable is declared before being used. |
| 7.0 | CVE-2006-6883 BUGTRAQ MLIST | ||
| Red Hat -- Red Hat Enterprise Linux AS OpenOffice -- OpenOffice Red Hat -- Red Hat Enterprise Linux ES Red Hat -- Red Hat Enterprise Linux WS Red Hat -- Red Hat Desktop | Multiple integer overflows in OpenOffice.org 2.0.4 and earlier, and possibly other versions, allow remote user-assisted attackers to execute arbitrary code via a crafted WMF file. |
| 8.0 | CVE-2006-5870 OTHER-REF REDHAT | ||
| Rediff -- Bol Downloader ActiveX (OCX) control | Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to execute arbitrary files, and obtain sensitive information (usernames and pathnames), via a URL in the url vbscript parameter. |
| 7.0 | CVE-2006-6838 BUGTRAQ OTHER-REF BID | ||
| Shadowed Works -- Shadowed Portal | PHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter. |
| 7.0 | CVE-2006-6850 OTHER-REF OTHER-REF FRSIRT XF | ||
| Sven Moderow -- GuestBook | Sven Moderow GuestBook 0.3a stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for (1) gbook97.mdb or (2) gbook.mdb in ~db/. |
| 7.0 | CVE-2007-0094 BUGTRAQ OTHER-REF | ||
| tDiary -- tDiary | Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by (1) conf.rhtml and (2) i.conf.rhtml. NOTE: some of these details are obtained from third party information. |
| 10.0 | CVE-2006-6852 OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
| The Address Book -- The Address Book | Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote attackers to execute arbitrary SQL commands via the (1) lastname, (2) firstname, (3) passwordOld, (4) passwordNew, (5) id, (6) language, (7) defaultLetter, (8) newuserPass, (9) newuserType, (10) newuserEmail parameters in (a) user.php; the (11) goTo and (12) search parameters in (b) search.php; and the (13) groupAddName parameter in (c) save.php. |
| 7.0 | CVE-2006-4575 OTHER-REF SECUNIA | ||
| The Address Book -- The Address Book | Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (3) groupAddName parameters in (a) save.php; the (4) errorMsg parameter in (b) index.php; and the (5) goTo and (6) search parameters in (c) search.php. |
| 7.0 | CVE-2006-4577 OTHER-REF SECUNIA | ||
| The Address Book -- The Address Book | export.php in The Address Book 1.04e writes username and password hash information into a publicly accessible file when dumping the MySQL database contents, which allows remote attackers to obtain sensitive information. |
| 7.0 | CVE-2006-4578 OTHER-REF SECUNIA | ||
| The Address Book -- The Address Book | register.php in The Address Book 1.04e allows remote attackers to bypass the "Allow User Self-Registration" setting and create arbitrary users by setting the mode parameter to "confirm". |
| 7.0 | CVE-2006-4580 OTHER-REF SECUNIA | ||
| VerliAdmin -- VerliAdmin | Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php. |
| 7.0 | CVE-2007-0098 OTHER-REF FRSIRT | ||
| Vizayn Haber -- Vizayn Haber | SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2007-0052 OTHER-REF BID FRSIRT SECUNIA | ||
| Vladimir Menshakov -- buratinable templator | Multiple PHP remote file inclusion vulnerabilities in process.php in Vladimir Menshakov buratinable templator (aka bubla) 1.0.0rc2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) bu_dir or (2) bu_config[dir] parameter. |
| 7.0 | CVE-2006-6809 OTHER-REF BID FRSIRT XF | ||
| Vladimir Meshakov -- Bubla | Multiple PHP remote file inclusion vulnerabilities in Vladimir Menshakov buratinable templator (aka bubla) 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the bu_dir parameter to (1) bu/bu_claro.php, (2) bu/bu_cache.php, or (3) bu/bu_parse.php, different vectors and a different affected version than CVE-2006-6809. |
| 7.0 | CVE-2006-6867 OTHER-REF BID FRSIRT SECUNIA XF | ||
| Voc-Project -- Voodoo Chat | Voodoo chat 1.0RC1b stores sensitive information under the web root with insufficient access control, which allows remote attackers to download passwords via a direct request for data/users.dat. |
| 7.0 | CVE-2006-6890 OTHER-REF XF | ||
| Website Designs for Less -- Click N' Print Coupons | SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. |
| 10.0 | CVE-2006-6859 OTHER-REF BID FRSIRT SECUNIA | ||
| WebText -- WebText | Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit (edycja) operation, which is then executed via a direct request for this script. |
| 7.0 | CVE-2006-6856 OTHER-REF BID FRSIRT SECUNIA | ||
| Yrch! -- Yrch! | PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc.php in Yrch! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. |
| 7.0 | CVE-2006-6823 OTHER-REF BID FRSIRT XF | ||
| Zen Cart -- Web Shopping Cart | Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Shopping Cart before 1.3.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 7.0 | CVE-2006-6868 OTHER-REF BID SECUNIA |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Adobe -- Acrobat Reader Plugin | Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox web browser allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a javascript: or res: URI in the (1) FDF, (2) XML, and (3) XFDF AJAX request parameters, which follow the # (hash) character in a URL, aka "Universal XSS (UXSS)." |
| 5.6 | CVE-2007-0045 BUGTRAQ OTHER-REF OTHER-REF | ||
| Adobe -- Acrobat Reader Plugin | CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. |
| 5.6 | CVE-2007-0047 OTHER-REF | ||
| AlstraSoft -- WebHost Directory | AlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup database via a direct request for admin/backup/db. |
| 4.7 | CVE-2006-6819 BUGTRAQ | ||
| Apple -- iPhoto | Format string vulnerability in Apple iPhoto 6.0.5 (316), and possibly earlier versions, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed. |
| 5.6 | CVE-2007-0051 OTHER-REF | ||
| Apple -- Quicktime Player | Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm. |
| 5.6 | CVE-2007-0059 OTHER-REF OTHER-REF | ||
| DoceboLMS -- DoceboLMS | Cross-site scripting (XSS) vulnerability in modules/credits/credits.php in Docebo LMS allows remote attackers to inject arbitrary web script or HTML via the lang parameter. |
| 5.6 | CVE-2006-6857 BUGTRAQ | ||
| Golden Book -- Golden Book | Cross-site scripting (XSS) vulnerability in golden book allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 5.6 | CVE-2006-6882 BUGTRAQ BID | ||
| Jonathon Freeman -- OvBB | Cross-site scripting (XSS) vulnerability in the GetLocation function in online.php in Jonathon J. Freeman OvBB 0.13a allows remote attackers to inject arbitrary web script or HTML via the aRequest variable. |
| 5.6 | CVE-2006-6892 OTHER-REF SECUNIA | ||
| Joomla! -- Joomla! | Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes." |
| 5.6 | CVE-2006-6834 OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
| logahead -- logahead UNU | Unrestricted file upload vulnerability in logahead UNU 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), a different vulnerability than CVE-2006-6783. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 5.6 | CVE-2006-6887 SECUNIA | ||
| Miredo -- Miredo | Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo bubble during UDP hole punching with HMAC-MD5-64 hashing, which allows remote attackers to impersonate an arbitrary Teredo client. |
| 5.6 | CVE-2006-6858 OTHER-REF SECUNIA | ||
| Mobilelib -- Mobilelib GOLD | Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php in ac4p Mobilelib gold 2 allow remote attackers to inject arbitrary web script or HTML via the (1) email or (2) errr parameter. |
| 5.6 | CVE-2006-6851 BUGTRAQ BUGTRAQ BID | ||
| Nuked-Klan -- Nuked-Klan | Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a getURL statement in a .swf file, as demonstrated by "Remote Cookie Disclosure." NOTE: it could be argued that this is an issue in Shockwave instead of Nuked Klan. |
| 5.6 | CVE-2007-0083 BUGTRAQ | ||
| Sergey Oblomov -- iso_wincmd | Multiple stack-based buffer overflows in the (1) LoadTree, (2) ReadHeader, and (3) LoadXBOXTree functions in the ISO (iso_wincmd) plugin 1.7.3.3 and earlier for Total Commander allow user-assisted remote attackers to execute arbitrary code via a long pathname in an ISO image. |
| 5.6 | CVE-2006-6837 BUGTRAQ OTHER-REF OTHER-REF BID SECTRACK SECUNIA XF | ||
| Sunbelt -- Sunbelt Kerio Personal Firewall | Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and possibly other versions allows local users to provide a Trojan horse iphlpapi.dll to SKPF by placing it in the installation directory. |
| 4.2 | CVE-2007-0081 BUGTRAQ OTHER-REF | ||
| The Address Book -- The Address Book | Cross-site scripting (XSS) vulnerability in The Address Book 1.04e allows remote attackers to inject arbitrary web script or HTML by uploading the HTML file with a GIF or JPG extension, which is rendered by Internet Explorer. |
| 5.6 | CVE-2006-4576 OTHER-REF SECUNIA | ||
| VideoLAN -- VLC | Format string vulnerability in VideoLAN VLC 0.8.6 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a udp://-- URI in an M3U file. |
| 5.6 | CVE-2007-0017 OTHER-REF SECUNIA | ||
| WinZip -- WinZip | Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 Build 6667 allows remote attackers to execute arbitrary code via a long argument to the CreateNewFolderFromName method, a different vulnerability than CVE-2006-5198. |
| 5.6 | CVE-2006-6884 BUGTRAQ BUGTRAQ |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Adobe -- Acrobat Reader Plugin | Adobe Acrobat Reader Plugin before 8.0.0, when used with Internet Explorer, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL. |
| 2.3 | CVE-2007-0048 BUGTRAQ OTHER-REF OTHER-REF | ||
| AIDeX -- Mini-WebServer | AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to cause a denial of service (daemon crash) via a flood of HTTP GET requests, possibly related to display of HTTP log data by the GUI. NOTE: some of these details are obtained from third party information. |
| 2.3 | CVE-2006-6855 OTHER-REF OTHER-REF BID SECTRACK SECUNIA XF | ||
| AlstraSoft -- WebHost Directory | AlstraSoft Web Host Directory allows remote attackers to obtain sensitive information by requesting any invalid URI, which reveals the path in an error message, a different vulnerability than CVE-2006-2617. |
| 2.3 | CVE-2006-6817 BUGTRAQ | ||
| Apache Group -- Apache | ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal. |
| 3.3 | CVE-2007-0086 BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ | ||
| Avahi -- Avahi | The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself. |
| 2.3 | CVE-2006-6870 OTHER-REF OTHER-REF OTHER-REF | ||
| BattleBlog -- BattleBlog | BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb. |
| 3.3 | CVE-2007-0078 BUGTRAQ OTHER-REF | ||
| Cisco -- Clean Access | Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file. |
| 3.3 | CVE-2007-0058 CISCO FRSIRT | ||
| DB Hub -- DB Hub | Unspecified vulnerability in the clear_user_list function in src/main.c in DB Hub 0.3 allows remote attackers to cause a denial of service (application crash) via crafted network traffic, which triggers memory corruption. |
| 2.3 | CVE-2006-6810 OTHER-REF OTHER-REF BID MLIST OTHER-REF OTHER-REF FRSIRT SECUNIA XF | ||
| DMXReady -- DMXReady Secure Login Manager | Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel. |
| 3.4 | CVE-2006-6815 BUGTRAQ SECTRACK XF | ||
| Efkan Forum -- Efkan Forum | Efkan Forum 1.0 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 3.3 | CVE-2006-6829 FRSIRT | ||
| eNdonesia -- eNdonesia | Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter. |
| 2.3 | CVE-2006-6872 OTHER-REF BID FRSIRT SECUNIA | ||
| Enthrallweb -- eCoupons | myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter. |
| 1.1 | CVE-2006-6820 OTHER-REF FRSIRT SECUNIA | ||
| Enthrallweb -- eNews | myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter. |
| 1.1 | CVE-2006-6821 OTHER-REF FRSIRT SECUNIA | ||
| Enthrallweb -- eClassifieds | myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter. |
| 1.1 | CVE-2006-6822 OTHER-REF FRSIRT | ||
| Fersche -- Formankserver | Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in Formbankserver 1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 2.3 | CVE-2007-0055 OTHER-REF FRSIRT SECUNIA | ||
| Hosting Controller -- Hosting Controller | Directory traversal vulnerability in FolderManager/FolderManager.aspx in Hosting Controller 7c allows remote authenticated users to read and modify arbitrary files, and list arbitrary directories via ..\ (dot dot backslash) sequences in the BrowsePath parameter. |
| 1.6 | CVE-2006-6814 OTHER-REF BID SECTRACK FRSIRT | ||
| LBlog -- LBlog | lblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a certain file in admin/db/newFolder/. |
| 3.3 | CVE-2007-0077 BUGTRAQ OTHER-REF | ||
| Linux -- Linux kernel | The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash. |
| 1.0 | CVE-2006-5749 OTHER-REF OTHER-REF SECUNIA | ||
| Macromedia -- Flash | Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the Flash8b.AllowScriptAccess method. |
| 2.3 | CVE-2006-6827 OTHER-REF BID XF | ||
| Macromedia -- Shockwave | An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the swURL attribute. |
| 1.9 | CVE-2006-6885 OTHER-REF XF | ||
| Matteo Lucarelli -- 3editor CMS | Directory traversal vulnerability in index.php in Matteo Lucarelli 3editor CMS 0.42 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) in the page parameter. |
| 1.9 | CVE-2006-6877 OTHER-REF FRSIRT SECUNIA | ||
| Microsoft -- Message Compiler | ** DISPUTED ** Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows local users to gain privileges via a long MC-filename. NOTE: this issue has been disputed by a reliable third party who states that the compiler is not a privileged program, so privilege boundaries cannot be crossed. |
| 3.4 | CVE-2007-0084 BUGTRAQ BUGTRAQ | ||
| Microsoft -- Internet Information Services | ** DISPUTED ** Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal. |
| 3.3 | CVE-2007-0087 BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ | ||
| OpenBSD -- OpenBSD | Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer reference. |
| 3.4 | CVE-2007-0085 MLIST OTHER-REF OPENBSD OPENBSD SECTRACK SECUNIA | ||
| P-News -- P-News | P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat. |
| 2.3 | CVE-2006-6888 OTHER-REF XF | ||
| PHP-Update -- PHP-Update | Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter. |
| 3.4 | CVE-2006-6879 OTHER-REF OTHER-REF BID SECUNIA | ||
| phpMyAdmin -- phpMyAdmin | phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message. |
| 3.3 | CVE-2007-0095 FULLDISC XF | ||
| phpwcms -- phpwcms | phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for (1) files.public-userroot.inc.php or (2) files.private.additions.inc.php in include/inc_lib/, which reveals the path in various error messages. |
| 2.3 | CVE-2006-6886 BUGTRAQ OTHER-REF FRSIRT OSVDB OSVDB XF | ||
| Rblog -- Rblog | rblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/admin.mdb or (2) data/rblog.mdb. |
| 3.3 | CVE-2007-0079 BUGTRAQ OTHER-REF | ||
| RealNetworks -- RealPlayer | An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the RealPlayer.OpenURLInPlayerBrowser method with a long second argument. |
| 2.3 | CVE-2006-6847 OTHER-REF BID | ||
| SoftArtisans -- FileUp | Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp in SoftArtisans FileUp (SAFileUp) 5.0.14 allows remote attackers to read arbitrary files via a %c0%ae. (Unicode dot dot) in the path parameter, which bypasses the checks for ".." sequences. |
| 3.3 | CVE-2006-6865 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT | ||
| STphp -- EasyNews | STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt. |
| 3.3 | CVE-2006-6866 OTHER-REF FRSIRT SECTRACK SECUNIA XF | ||
| The Address Book -- The Address Book | Directory traversal vulnerability in users.php in The Address Book 1.04e allows remote attackers to include arbitrary files via a .. (dot dot) in the language parameter. |
| 2.3 | CVE-2006-4579 OTHER-REF SECUNIA | ||
| The Address Book -- The Address Book | Unrestricted file upload vulnerability in The Address Book 1.04e validates the Content-Type header but not the file extension, which allows remote attackers to upload arbitrary PHP scripts. |
| 2.3 | CVE-2006-4581 OTHER-REF SECUNIA | ||
| The Address Book -- The Address Book | Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e allows remote attackers to perform unauthorized actions as other users via unspecified vectors, as demonstrated by deleting arbitrary users via the id parameter in a deleteuser action in users.php. |
| 2.3 | CVE-2006-4582 OTHER-REF SECUNIA | ||
| Vz Forum -- Vz Forum | Vz (Adp) Forum 2.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for users/admin.txt. |
| 2.3 | CVE-2006-6891 OTHER-REF XF |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.