Weekly Vulnerabilities Reports > August 15 to 21, 2005

Overview

103 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 37 high severity vulnerabilities. This weekly summary report vulnerabilities in 72 products from 58 vendors including Apple, Parlano, Mentor, Gravity Board X Development Team, and Oracle. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 83 reported vulnerabilities are remotely exploitables.
  • 102 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 26 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

4 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-08-19 CVE-2005-2626 Kismet Remote vulnerability in Kismet

Unspecified vulnerability in Kismet before 2005-08-R1 allows remote attackers to have an unknown impact via unprintable characters in the SSID.

10.0
2005-08-19 CVE-2005-2511 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window.

10.0
2005-08-17 CVE-2005-2611 Symantec Veritas Unspecified vulnerability in Symantec Veritas Backup Exec, Backup Exec Remote Agent and Netbackup

VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 through 5.1 uses a static password during authentication from the NDMP agent to the server, which allows remote attackers to read and write arbitrary files with the backup server.

10.0
2005-08-17 CVE-2005-2593 Parlano Multiple Unspecified vulnerability in Parlano Mindalign 5.0

Parlano MindAlign 5.0 and later versions uses weak encryption, with unknown impact and attack vectors.

10.0

37 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-08-16 CVE-2005-2572 Oracle Remote Code Execution vulnerability in Oracle Mysql 5.0.33

MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll.

8.5
2005-08-19 CVE-2005-2501 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to execute arbitrary code via a crafted Rich Text Format (RTF) file.

7.6
2005-08-19 CVE-2005-2627 Kismet Remote vulnerability in Kismet

Multiple integer underflows in Kismet before 2005-08-R1 allow remote attackers to execute arbitrary code via (1) kernel headers in a pcap file or (2) data frame dissection, which leads to heap-based buffer overflows.

7.5
2005-08-19 CVE-2005-2625 Cpaint Remote Security vulnerability in CPAINT

Incomplete blacklist vulnerability in the checkBlacklist function in CPAINT allows remote attackers to execute arbitrary commands via the (1) ExecuteGlobal function or (2) GetRef statement, which is not included in the blacklist.

7.5
2005-08-19 CVE-2005-2518 Apple Unspecified vulnerability in Apple mac OS X 10.3.9/10.4.2

Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication.

7.5
2005-08-19 CVE-2005-2516 Apple Unspecified vulnerability in Apple mac OS X and Safari

Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands.

7.5
2005-08-19 CVE-2005-2514 Apple Unspecified vulnerability in Apple mac OS X 10.3.9

Buffer overflow in ping in Mac OS X 10.3.9 allows local users to execute arbitrary code.

7.5
2005-08-19 CVE-2005-2507 Apple Unspecified vulnerability in Apple mac OS X Server 10.3.9/10.4.2

Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication.

7.5
2005-08-19 CVE-2005-2505 Apple Unspecified vulnerability in Apple mac OS X 10.3.9

Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers to execute arbitrary code via command line arguments to an application that uses CoreFoundation.

7.5
2005-08-19 CVE-2005-2127 ATI
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."

7.5
2005-08-17 CVE-2005-2616 Ezupload Remote File Include vulnerability in Ezupload 2.2

Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote attackers to execute arbitrary code via the path parameter to (1) initialize.php, (2) customize.php, (3) form.php, or (4) index.php.

7.5
2005-08-17 CVE-2005-2615 Eqdkp Unspecified vulnerability in Eqdkp 1.0.0/1.1.0/1.2.0

Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown impact and attack vectors, possibly involving auto_login_id.

7.5
2005-08-17 CVE-2005-2614 Crosscom Olicom Unspecified vulnerability in Crosscom Olicom Discuz

Discuz! 4.0 rc4 does not properly restrict types of files that are uploaded to the server, which allows remote attackers to execute arbitrary commands via a filename containing ".php.rar" or other multiple extensions that include .php.

7.5
2005-08-17 CVE-2005-2612 Wordpress Remote Security vulnerability in WordPress

Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.

7.5
2005-08-17 CVE-2005-2606 Phlymail Authentication Bypass vulnerability in Phlymail 3.02.00

Unknown vulnerability in the "frontend authentication" in PHlyMail 3.02.00 has unknown impact and attack vectors.

7.5
2005-08-17 CVE-2005-2601 Midicart Software SQL Injection vulnerability in MidiCart ASP Item_Show.ASP Code_No Parameter

SQL injection vulnerability in MidiCart allows remote attackers to execute arbitrary SQL commands via the code_no parameter to (1) Item_Show.asp or (2) search_list.asp.

7.5
2005-08-17 CVE-2005-2599 Hummingbird Unspecified vulnerability in Hummingbird Connectivity 10.0

Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial encoding) to store the user's password in the FTP profile, which allows attackers to gain privileges.

7.5
2005-08-17 CVE-2005-2592 Parlano Multiple Unspecified vulnerability in Parlano Mindalign 5.0

Unknown vulnerability in Parlano MindAlign 5.0 and later versions allows remote attackers to bypass authentication via unknown vectors.

7.5
2005-08-17 CVE-2005-2589 Linksys Authentication Bypass vulnerability in Linksys Wrt54Gs 4.50.6

Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption.

7.5
2005-08-16 CVE-2005-2587 Phptb SQL Injection vulnerability in PHPtb Topic Boards 2.0

SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards 2.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter.

7.5
2005-08-16 CVE-2005-2583 Mentor Remote Security vulnerability in Mentor Adslfr4Ii 2.00.0111

Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented web server running on TCP port 5678, which allows local users to gain access.

7.5
2005-08-16 CVE-2005-2580 Mybulletinboard SQL Injection vulnerability in Mybulletinboard 1.00Rc4Securitypatch

Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4) member.php, or (5) polloptions parameter to polls.php.

7.5
2005-08-16 CVE-2005-2575 XMB Forum SQL Injection vulnerability in XMB Forum XMB 1.9.1

SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows remote attackers to execute arbitrary SQL commands via certain values that are inserted into the $in variable.

7.5
2005-08-16 CVE-2005-2568 Syscp Team Remote Security vulnerability in Syscp Team Syscp 1.2.10

Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "{" and "}" (curly bracket) characters, which are processed by the PHP eval function.

7.5
2005-08-16 CVE-2005-2567 Syscp Team Remote Security vulnerability in Syscp

PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter.

7.5
2005-08-16 CVE-2005-2566 Openbb SQL-Injection vulnerability in OpenBB

Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter to board.php or (2) UID parameter to member.php.

7.5
2005-08-16 CVE-2005-2564 Gravity Board X Development Team Remote Security vulnerability in Gravity Board X Development Team Gravity Board X 1.1

Direct static code injection vulnerability in editcss.php in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary PHP code, HTML, and script via the csscontent parameter, which is directly inserted into the gbxfinal.css file.

7.5
2005-08-16 CVE-2005-2562 Gravity Board X Development Team SQL Injection vulnerability in Gravity Board X Development Team Gravity Board X 1.1

SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the login field.

7.5
2005-08-16 CVE-2005-2561 Myfaq SQL Injection vulnerability in Myfaq 1.0

Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the Theme parameter to (1) affichagefaq.php3, (2) choixsoustheme.php3, (3) consultation.php3, (4) insfaq.php3, (5) inssoustheme.php3, (6) instheme.php3, (7) saisiefaqtotale.php3, (8) saisiesoustheme.php3, or (9) voirfaq.php3, the SousTheme parameter to (10) affichagefaq.php3, (11) consultation.php3, (12) insfaq.php3, (13) inssoustheme.php3, (14) saisiefaq.php3, (15) saisiefaqtotale.php3, or (16) voirfaq.php3, the Faq parameter to (17) saisiefaq.php3, (18) voirfaq.php3, or (19) inssolution.php3, or (20) question parameter to affichagefaq.php3.

7.5
2005-08-16 CVE-2005-2559 E107 Remote Security vulnerability in e107

doping.php in ePing plugin 1.02 and earlier for e107 portal allows remote attackers to execute arbitrary code or overwrite files via (1) shell metacharacters in the eping_count parameter or (2) restricted shell metacharacters such as ">" and "&" in the eping_host parameter, which is not handled by the validation function.

7.5
2005-08-16 CVE-2005-2470 Adobe Remote Buffer Overflow vulnerability in Adobe Acrobat and Adobe Reader

Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 through 7.0.2 and Acrobat 5.0 through 7.0.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

7.5
2005-08-16 CVE-2005-2103 ROB Flynn Multiple vulnerability in Gaim AIM/ICQ Protocols

Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.

7.5
2005-08-19 CVE-2005-2519 Apple Unspecified vulnerability in Apple mac OS X 10.3.9

slpd in Directory Services in Mac OS X 10.3.9 creates insecure temporary files as root, which allows local users to gain privileges.

7.2
2005-08-19 CVE-2005-2504 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid.

7.2
2005-08-17 CVE-2005-2597 AOL Local Privilege Escalation vulnerability in AOL Client Software 9.0

AOL Client Software 9.0 uses insecure permissions for its installation path, which allows local users to execute arbitrary code with SYSTEM privileges by replacing ACSD.exe with a malicious program.

7.2
2005-08-16 CVE-2005-2584 Mentor The web administration interface in Mentor ADSL-FR4II router running firmware 2.00.0111 does not set a default password, which allows local users to gain access.
7.2
2005-08-16 CVE-2005-2579 Nortel Local Security vulnerability in Nortel Contivity V0501.030

Nortel Contivity VPN Client V05_01.030, when configuring a certificate to be used as authentication, does not properly drop system privileges, which allows local users to gain privileges by opening a program with the File Open dialog box.

7.2

53 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-08-17 CVE-2005-2613 Cpaint Command Execution and Information Disclosure vulnerability in CPaint

Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows attackers to execute arbitrary PHP or ASP code or read files via unknown vectors.

6.4
2005-08-17 CVE-2005-2605 Omnipilot Software Remote Authentication Bypass vulnerability in Omnipilot Software Lasso Professional Server 8.0.4/8.0.5

Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 allows attackers to bypass authentication, related to [Auth] tags.

6.4
2005-08-16 CVE-2005-2571 Funkboard Remote Security vulnerability in FunkBoard

FunkBoard 0.66CF, and possibly earlier versions, does not properly restrict access to the (1) admin/mysql_install.php and (2) admin/pg_install.php scripts, which allows attackers to obtain the database username and password or inject arbitrary PHP code into info.php.

6.4
2005-08-19 CVE-2005-2522 Apple Unspecified vulnerability in Apple mac OS X and Safari

Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file.

5.1
2005-08-19 CVE-2005-2502 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file.

5.1
2005-08-19 CVE-2005-2624 Cpaint Remote Security vulnerability in Cpaint 1.3Sp

Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers to execute arbitrary ASP code via the cpaint_argument[] parameter to (1) calculator.asp or (2) cpaintfile.asp, which is directly fed into an eval statement.

5.0
2005-08-19 CVE-2005-2623 ECW Shop Remote Security vulnerability in Ecw-Shop 6.0.2

ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of their shopping cart by specifying a negative quantity for an item, which causes the price of the item to be subtracted from the total cost.

5.0
2005-08-19 CVE-2005-2621 ECW Shop SQL-Injection vulnerability in Ecw-Shop 6.0.2

index.php in ECW-Shop 6.0.2 allows remote attackers to obtain sensitive information via the (1) min or (2) max parameter with a "'" (single quote), which reveals the path in an error message, possibly due to a SQL injection vulnerability.

5.0
2005-08-19 CVE-2005-2526 Easy Software Products
Apple
CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection.
5.0
2005-08-19 CVE-2005-2525 Easy Software Products
Apple
CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descriptors when handling multiple simultaneous print jobs, which allows remote attackers to cause a denial of service (printing halt).
5.0
2005-08-19 CVE-2005-2513 Apple Unspecified vulnerability in Apple mac OS X 10.4.2

Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows VoiceOver services to read secure input fields.

5.0
2005-08-19 CVE-2005-2506 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10.3.9 and 10.4.2 allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates.

5.0
2005-08-17 CVE-2005-2620 Novell Unspecified vulnerability in Novell Groupwise 6.0/6.5/6.5.2

grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory.

5.0
2005-08-17 CVE-2005-2609 Vegadns Remote Security vulnerability in Vegadns 0.8.1/0.9.8

index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows remote attackers to obtain the full server path via an invalid VDNS_Sessid parameter.

5.0
2005-08-17 CVE-2005-2607 Phpsimplicity Remote File Include vulnerability in PHPsimplicity Simplicity of Upload 1.3

PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload before 1.3.1 allows remote attackers to include arbitrary local and remote files via the language parameter and a terminating null ("%00") characters.

5.0
2005-08-17 CVE-2005-2604 MY Image Gallery Cross-Site Scripting vulnerability in MY Image Gallery MY Image Gallery 1.4.1

index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to obtain the web server path via certain currDir and image arguments, which leaks the path in an error message.

5.0
2005-08-17 CVE-2005-2600 Ilia Alshanetsky Unspecified vulnerability in Ilia Alshanetsky Fudforum 2.6.15

FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter.

5.0
2005-08-17 CVE-2005-2598 Dokeos Directory Traversal vulnerability in Dokeos

Multiple directory traversal vulnerabilities in Dokeos 1.6 and earlier, and possibly Claroline, allow remote attackers to (1) delete arbitrary files or directories via the delete parameter to claroline/scorm/scormdocument.php, (2) move arbitrary files via the move_to and move_file parameters to claroline/document/document.php, or determine the existence of arbitrary files via the file parameter to (3) claroline/scorm/showinframes.php or (4) claroline/scorm/contents.php.

5.0
2005-08-17 CVE-2005-2594 Apple Denial Of Service vulnerability in Apple Safari 1.3

Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to cause a denial of service (crash) via certain Javascript, possibly involving a function that defines a handler for itself within the function body.

5.0
2005-08-17 CVE-2005-2591 Parlano Multiple Unspecified vulnerability in Parlano Mindalign 5.0

Parlano MindAlign 5.0 and later versions allows remote attackers to list valid users via unknown vectors, aka the "User Enumeration" vulnerability.

5.0
2005-08-17 CVE-2005-2101 KDE Unspecified vulnerability in KDE

langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files.

5.0
2005-08-16 CVE-2005-2585 Mentor Multiple vulnerability in Mentor Adslfr4Ii 2.00.0111

Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote attackers to cause a denial of service (active TCP connections state table consumption) via a large number of connections, such as a port scan.

5.0
2005-08-16 CVE-2005-2581 Grandstream Unspecified vulnerability in Grandstream Budgetone 101 and Budgetone 102

Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibly earlier versions, allows remote attackers to cause a denial of service (device hang or reboot) via a large UDP packet to port 5060.

5.0
2005-08-16 CVE-2005-2577 Wyse Remote Denial of Service vulnerability in Wyse Winterm 1125Se

Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote attackers to cause a denial of service (device crash) via a packet with a zero in the IP option length field.

5.0
2005-08-16 CVE-2005-2576 Calogic Information Disclosure vulnerability in Calogic 1.22

CaLogic 1.22, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to (1) doclsqlres.php, (2) clmcpreload.php, (3) viewhistlog.php, (4) mcconfig.php, (5) doclsqlbak.php, (6) defcalsel.php, or (7) cl_minical.php, which reveals the path in an error message.

5.0
2005-08-16 CVE-2005-2574 XMB Forum Remote Security vulnerability in XMB Forum XMB 1.9.1

xmb.php in XMB Forum 1.9.1 extracts and defines all provided variables, which allows remote attackers to modify arbitrary server variables such as _SERVER[REMOTE_ADDR].

5.0
2005-08-16 CVE-2005-2573 Mysql
Oracle
Directory Traversal vulnerability in MySQL

The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character.

5.0
2005-08-16 CVE-2005-2570 Funkboard Information Disclosure vulnerability in Funkboard 0.66Cf

FunkBoard 0.66CF, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to forums.php, which reveals the path in an error message.

5.0
2005-08-16 CVE-2005-2565 Gravity Board X Development Team Information Disclosure vulnerability in Gravity Board X Development Team Gravity Board X 1.1

Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive information via (1) a 1 in the perm parameter to deletethread.php or a direct request to (2) ban.php, (3) addnews.php, (4) banned.php, (5) boardstats.php, (6) adminform.php, (7) /forms/admininfo.php, (8) /forms/announcements.php, (9) forms/banform.php, or (10) other pages in the /forms directory, which reveal the path in an error message.

5.0
2005-08-16 CVE-2005-2358 EMC Directory Traversal And Information Disclosure vulnerability in EMC Navisphere Manager

EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list arbitrary directories via an HTTP request for a directory that ends in a "." (trailing dot).

5.0
2005-08-16 CVE-2005-2357 EMC Directory Traversal And Information Disclosure vulnerability in EMC Navisphere Manager

Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to read arbitrary files via a ..

5.0
2005-08-16 CVE-2005-2102 ROB Flynn Multiple vulnerability in Gaim AIM/ICQ Protocols

The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) via a filename that contains invalid UTF-8 characters.

5.0
2005-08-15 CVE-2005-2498 EDD Dumbill Remote Code Injection vulnerability in EDD Dumbill PHPxmlrpc 1.1.1

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.

5.0
2005-08-15 CVE-2005-1527 Awstats
Ubuntu
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.
5.0
2005-08-19 CVE-2005-2521 Apple Unspecified vulnerability in Apple mac OS X 10.3.9

Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to execute arbitrary code via unknown vectors.

4.6
2005-08-19 CVE-2005-2515 Apple Unspecified vulnerability in Apple mac OS X 10.4.2

Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to access links from the RSS Visualizer even when a password is required.

4.6
2005-08-19 CVE-2005-2510 Apple Unspecified vulnerability in Apple mac OS X Server 10.4/10.4.1/10.4.2

The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4.2, when using multiple subnets and Address Groups, does not always properly write firewall rules to the Active Rules when certain conditions occur, which could result in firewall policies that are less restrictive than intended by the administrator.

4.6
2005-08-19 CVE-2005-2508 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

dsidentity in Directory Services in Mac OS X 10.4.2 allows local users to add or remove user accounts.

4.6
2005-08-19 CVE-2005-2503 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window.

4.6
2005-08-17 CVE-2005-2596 Gallery Project Unspecified vulnerability in Gallery Project Gallery 1.3.4

User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries.

4.6
2005-08-16 CVE-2005-2558 Mysql
Oracle
Buffer Overflow vulnerability in MySQL User-Defined Function

Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field.

4.6
2005-08-16 CVE-2005-2555 Debian
Linux
Permissions, Privileges, and Access Controls vulnerability in multiple products

Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c.

4.6
2005-08-19 CVE-2005-2622 ECW Shop Cross-Site Scripting vulnerability in Ecw-Shop 6.0.2

Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 6.0.2 allows remote attackers to inject arbitrary web script or HTML via the (1) max or (2) ctg parameter.

4.3
2005-08-19 CVE-2005-2523 Apple Unspecified vulnerability in Apple mac OS X and Weblog Server

Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2005-08-17 CVE-2005-2610 Vegadns Cross-Site Scripting vulnerability in VegaDNS

Cross-site scripting (XSS) vulnerability in index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the message parameter.

4.3
2005-08-17 CVE-2005-2608 Safehtml Cross-Site Scripting vulnerability in Safehtml 1.3.2

SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks in vulnerable applications that use SafeHTML.

4.3
2005-08-17 CVE-2005-2603 MY Image Gallery Cross-Site Scripting vulnerability in MY Image Gallery MY Image Gallery 1.4.1

Cross-site scripting (XSS) vulnerability in index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) currDir or (2) image parameters.

4.3
2005-08-17 CVE-2005-2595 Dada Mail HTML Injection vulnerability in Dada Mail Archives

Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 Alpha 1 allows remote attackers to execute arbitrary Javascript via archived messages.

4.3
2005-08-17 CVE-2005-2590 Parlano Multiple Unspecified vulnerability in Parlano Mindalign 5.0

Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and later versions allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2005-08-17 CVE-2005-2588 Dvbbs Cross-Site Scripting vulnerability in Dvbbs 7.1/7.1Sp2

Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter to dispbbs.asp, (2) name parameter to dispuser.asp, or the (3) title, (4) view, or (5) act parameter to boardhelp.asp.

4.3
2005-08-16 CVE-2005-2569 Funkboard Cross-Site Scripting vulnerability in FunkBoard

Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard 0.66CF, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the fbusername or fbpassword parameter to (1) editpost.php, (2) prefs.php, (3) newtopic.php, (4) reply.php, or (5) profile.php, the (6) fbusername, (7) fmail, (8) www, (9) icq, (10) yim, (11) location, (12) sex, (13) interebbies, (14) sig or (15) aim parameter to register.php, or (16) subject parameter to newtopic.php.

4.3
2005-08-16 CVE-2005-2563 Gravity Board X Development Team SQL Injection vulnerability in Gravity Board X Development Team Gravity Board X 1.1

Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X (GBX) 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the board_id parameter to deletethread.php or (2) the template.

4.3
2005-08-16 CVE-2005-2560 Ader Software Cross-Site Scripting vulnerability in AderSoftware CFBB Index.CFM

Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-08-17 CVE-2005-2617 Linux Unspecified vulnerability in Linux Kernel 2.6.12

The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 and later, on the 64-bit x86 platform, does not check the return value of the insert_vm_struct function, which allows local users to trigger a memory leak via a 32-bit application with crafted ELF headers.

3.6
2005-08-16 CVE-2005-2582 Kaspersky LAB Local Security vulnerability in Kaspersky LAB Kaspersky Anti-Virus 5.0.5

Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses world-writable permissions for the (1) log and (2) license directory, which allows local users to delete log files, append to arbitrary files via a symlink attack on kavmonitor.log, or delete license keys and prevent keepup2date from properly executing.

3.6
2005-08-19 CVE-2005-2517 Apple Unspecified vulnerability in Apple mac OS X and Safari

Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.

2.6
2005-08-17 CVE-2005-2602 Mozilla Unspecified vulnerability in Mozilla Firefox and Thunderbird

Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks.

2.6
2005-08-19 CVE-2005-2520 Apple Unspecified vulnerability in Apple mac OS X 10.4/10.4.1/10.4.2

The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords.

2.1
2005-08-19 CVE-2005-2512 Apple Unspecified vulnerability in Apple mac OS X and Mail

Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak.

2.1
2005-08-19 CVE-2005-2509 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts.

2.1
2005-08-16 CVE-2005-2586 Mentor Multiple vulnerability in Mentor Adslfr4Ii 2.00.0111

Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web administration password in cleartext in the backup configuration file, which allows local users to obtain sensitive information.

2.1
2005-08-16 CVE-2005-2097 KDE
Xpdf
Remote Denial of Service vulnerability in XPDF Loca Table Verification

xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.

2.1