Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2006-06-30 CVE-2006-3322 SQL Injection vulnerability in Spiffyjr PHPraid 3.0.5
SQL injection vulnerability in includes/functions_logging.php in phpRaid 3.0.5, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the log_hack function.
network
high complexity
spiffyjr
5.1
2006-06-30 CVE-2006-3118 Denial Of Service vulnerability in Spread Insecure Socket File Creation
spread uses a temporary file with a static filename based on the port number, which allows local users to cause a denial of service by creating the file during a race condition between unlink and bind function calls.
local
high complexity
canonical
1.2
2006-06-30 CVE-2006-3117 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability."
network
high complexity
openoffice sun CWE-119
7.6
2006-06-30 CVE-2006-2199 Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents.
network
high complexity
openoffice sun
7.6
2006-06-30 CVE-2006-2198 Permissions, Privileges, and Access Controls vulnerability in multiple products
OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user.
network
high complexity
openoffice sun CWE-264
7.6
2006-06-30 CVE-2006-3321 Cross-Site Injection vulnerability in OpenForum
Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp in OpenForum 1.2 Beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ofdisp and (2) ofmsgid parameters.
network
2enetworx
4.3
2006-06-30 CVE-2006-3320 Cross-Site Scripting vulnerability in SiteBar
Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter.
network
high complexity
sitebar
2.6
2006-06-30 CVE-2006-3319 Cross-Site Scripting vulnerability in PHP iCalendar
Cross-site scripting (XSS) vulnerability in rss/index.php in PHP iCalendar 2.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the cal parameter.
network
php-icalendar
4.3
2006-06-29 CVE-2006-1467 Numeric Errors vulnerability in Apple Itunes
Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value.
network
high complexity
apple CWE-189
5.1
2006-06-29 CVE-2006-3318 SQL Injection vulnerability in Spiffyjr PHPraid 3.0.6
SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters.
network
high complexity
spiffyjr CWE-89
5.1