Weekly Vulnerabilities Reports > November 14 to 20, 2005
Overview
122 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 52 high severity vulnerabilities. This weekly summary report vulnerabilities in 119 products from 84 vendors including IBM, SAP, Realnetworks, Walla Telesite, and Microsoft. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Path Traversal", and "Cross-site Scripting".
- 104 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 11 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 118 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 5 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
9 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-11-18 | CVE-2005-3666 | Internet KEY Exchange | Denial-Of-Service vulnerability in Internet KEY Exchange Internet KEY Exchange 1 Multiple unspecified format string vulnerabilities in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 10.0 |
2005-11-18 | CVE-2005-3116 | Symantec Veritas | Buffer Overflow vulnerability in VERITAS NetBackup Volume Manager Daemon Stack-based buffer overflow in a shared library as used by the Volume Manager daemon (vmd) in VERITAS NetBackup Enterprise Server 5.0 MP1 to MP5 and 5.1 up to MP3A allows remote attackers to execute arbitrary code via a crafted packet. | 10.0 |
2005-11-16 | CVE-2005-3640 | Floosietek | Buffer Errors vulnerability in Floosietek Ftgate 44.1 Multiple buffer overflows in the IMAP Groupware Mail server of Floosietek FTGate (FTGate4) 4.1 allow remote attackers to execute arbitrary code via long arguments to various IMAP commands, as demonstrated with the EXAMINE command. | 10.0 |
2005-11-16 | CVE-2005-3595 | Microsoft | Unspecified vulnerability in Microsoft Windows XP Ibmoemversion By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer. | 10.0 |
2005-11-16 | CVE-2005-3587 | Clam Anti Virus | Remote Security vulnerability in ClamAV Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors. | 10.0 |
2005-11-16 | CVE-2005-3344 | Horde | Unspecified vulnerability in Horde 3.0.4 The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access. | 10.0 |
2005-11-16 | CVE-2005-2659 | JED Wing | Buffer Overflow vulnerability in JED Wing CHM LIB 0.35 Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as used in products such as KchmViewer, has unknown impact and attack vectors. | 10.0 |
2005-11-19 | CVE-2005-3693 | Sunncomm Mediamax | Remote Security vulnerability in Axwebremovectrl The AxWebRemoveCtrl ActiveX control for uninstalling the SunnComm MediaMax DRM allows remote attackers to download and execute arbitrary code, a similar vulnerability to CVE-2005-3650. | 9.3 |
2005-11-17 | CVE-2005-3650 | First4Internet XCP DRM | Code Injection vulnerability in First4Internet XCP DRM First4Internet XCP DRM The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the First4Internet XCP DRM, has "safe for scripting" enabled, which allows remote attackers to execute arbitrary code by calling vulnerable functions such as RebootMachine, IsAdministrator, and ExecuteCode. | 9.3 |
52 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-11-20 | CVE-2005-3694 | Centericq | Remote Denial of Service vulnerability in Centericq 4.20.0R3 centericq 4.20.0-r3 with "Enable peer-to-peer communications" set allows remote attackers to cause a denial of service (segmentation fault and crash) via short zero-length packets, and possibly packets of length 1 or 2, as demonstrated using Nessus. | 7.8 |
2005-11-18 | CVE-2005-3675 | TCP | Unspecified vulnerability in TCP The Transmission Control Protocol (TCP) allows remote attackers to cause a denial of service (bandwidth consumption) by sending ACK messages for packets that have not yet been received (optimistic ACKs), which can cause the sender to increase its transmission rate until it fills available bandwidth. | 7.8 |
2005-11-18 | CVE-2005-3674 | SUN | Denial Of Service vulnerability in SUN Solaris 10.0/9.0 The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Sun Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked crash) via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 7.8 |
2005-11-18 | CVE-2005-3673 | Checkpoint | Denial of Service vulnerability in Check Point Firewall-1 and VPN-1 ISAKMP IKE The Internet Key Exchange version 1 (IKEv1) implementation in Check Point products allows remote attackers to cause a denial of service via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 7.8 |
2005-11-18 | CVE-2005-3671 | Frees WAN Openswan Xelerance | Denial Of Service vulnerability in Openswan IKE Traffic The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 7.8 |
2005-11-18 | CVE-2005-3670 | HP | Denial Of Service vulnerability in HP Hp-Ux, Jetdirect 635N and Tru64 Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in HP HP-UX B.11.00, B.11.11, and B.11.23 running IPSec, HP Jetdirect 635n IPv6/IPsec Print Server, and HP Tru64 UNIX 5.1B-3 and 5.1B-2/PK4, allow remote attackers to cause a denial of service via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 7.8 |
2005-11-17 | CVE-2005-3644 | Microsoft | Resource Management Errors vulnerability in Microsoft Windows 2000 and Windows XP PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120. | 7.8 |
2005-11-16 | CVE-2005-3589 | Filezilla | Remote Client-Side Buffer Overflow vulnerability in Filezilla Server Terminal 0.9.4D Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote attackers to cause a denial of service (terminal crash) via a long USER ftp command. | 7.8 |
2005-11-16 | CVE-2005-3583 | SUN | Remote Denial of Service vulnerability in Sun Java Development Kit Font Serialization (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.2_08, 1.4.2_09, and 1.5.0_05 and possibly other versions allow remote attackers to cause a denial of service (JVM unresponsive) via a crafted serialized object, such as a font object as demonstrated on JBoss. | 7.8 |
2005-11-20 | CVE-2005-3696 | Arki DB | SQL Injection vulnerability in Arki-DB SQL injection vulnerability in Arki-DB 1.0 and 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a view action (view.php) to index.php. | 7.5 |
2005-11-19 | CVE-2005-3690 | Mailenable | Buffer Overflow vulnerability in MailEnable IMAP Mailbox Name Stack-based buffer overflow in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to execute arbitrary code via a long mailbox name in the (1) select, (2) create, (3) delete, (4) rename, (5) subscribe, or (6) unsubscribe commands. | 7.5 |
2005-11-19 | CVE-2005-3686 | Newsboard | SQL Injection vulnerability in Newsboard Unclassified Newsboard SQL injection vulnerability in search.inc.php in Unclassified NewsBoard before 1.5.3 Patch 4 allows remote attackers to execute arbitrary SQL commands via the (1) DateFrom or (2) DateUntil parameter to forum.php. | 7.5 |
2005-11-19 | CVE-2005-3684 | Freeftpd | Buffer Overflow vulnerability in Freeftpd 1.0.8 Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, allow remote authenticated attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via long (1) MKD and (2) DELE commands. | 7.5 |
2005-11-19 | CVE-2005-3683 | Freeftpd | Buffer Overflow vulnerability in FreeFTPD User Command Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enabled, allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a long USER command. | 7.5 |
2005-11-18 | CVE-2005-3682 | Wizz Forum | Unspecified vulnerability in Wizz Forum Wizz Forum 1.20 Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote attackers to execute arbitrary SQL commands via (1) the AuthID parameter in ForumAuthDetails.php, and the TopicID parameter in (2) ForumTopicDetails.php and (3) ForumReply.php. | 7.5 |
2005-11-18 | CVE-2005-3681 | Xoops | Unspecified vulnerability in Xoops Wf-Downloads 2.05 SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads module 2.05 allows remote attackers to execute arbitrary SQL commands via the list parameter. | 7.5 |
2005-11-18 | CVE-2005-3679 | Activecampaign | Unspecified vulnerability in Activecampaign 1-2-All Broadcast Email 4.07 SQL injection vulnerability in admin/index.php in ActiveCampaign 1-2-All Broadcast Email allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username field in the admin control panel. | 7.5 |
2005-11-18 | CVE-2005-3677 | Realnetworks | Unspecified vulnerability in Realnetworks Realplayer Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote attackers to execute arbitrary code via a crafted image in a RealPlayer Skin (RJS) file. | 7.5 |
2005-11-18 | CVE-2005-3676 | Phpwebthings | Unspecified vulnerability in PHPwebthings 1.4.4 SQL injection vulnerability in download.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the file parameter. | 7.5 |
2005-11-18 | CVE-2005-3314 | Novell | Buffer Errors vulnerability in Novell Netmail 3.5.2 Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 allows remote attackers to execute arbitrary code via "long verb arguments." | 7.5 |
2005-11-18 | CVE-2005-3664 | F Secure Kaspersky LAB | Remote Buffer Overflow vulnerability in Kaspersky Anti-Virus Engine CHM File Parser Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in Kaspersky Personal 5.0.227, Anti-Virus On-Demand Scanner for Linux 5.0.5, and F-Secure Anti-Virus for Linux 4.50 allows remote attackers to execute arbitrary code via a crafted CHM file. | 7.5 |
2005-11-18 | CVE-2005-3186 | Gnome GTK | Buffer Overflow vulnerability in GDK-Pixbuf/GTK XPM Images Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow. | 7.5 |
2005-11-18 | CVE-2005-2929 | University OF Kansas | Permissions, Privileges, and Access Controls vulnerability in University of Kansas Lynx 2.8.5/2.8.6/2.8.6Dev13 Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments. | 7.5 |
2005-11-18 | CVE-2005-1925 | Tiki | Path Traversal vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1/1.9.0 Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php. | 7.5 |
2005-11-17 | CVE-2005-3648 | Moodle | Unspecified vulnerability in Moodle 1.5.2 Multiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php. | 7.5 |
2005-11-17 | CVE-2005-3646 | Phpadsnew Phppgads | SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php. | 7.5 |
2005-11-16 | CVE-2005-3643 | IBM | Authentication Bypass vulnerability in IBM DB2 Windows XP Simple File Sharing IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password. | 7.5 |
2005-11-16 | CVE-2005-3642 | IBM | Authentication Bypass vulnerability in IBM Informix Dynamic Server Windows XP Simple File Sharing IBM Informix Dynamic Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account by supplying an invalid username. | 7.5 |
2005-11-16 | CVE-2005-3641 | Oracle | Authentication Bypass vulnerability in Oracle Database Windows XP Simple File Sharing Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username. | 7.5 |
2005-11-16 | CVE-2005-3639 | Ubertec | Local File Include vulnerability in Help Center Live PHP file inclusion vulnerability in the osTicket module in Help Center Live before 2.0.3 allows remote attackers to access or include arbitrary files via the file parameter, possibly due to a directory traversal vulnerability. | 7.5 |
2005-11-16 | CVE-2005-3596 | Iisworks | Unspecified vulnerability in Iisworks Aspknowledgebase SQL injection vulnerability in ASPKnowledgebase allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password fields in adminlogin.asp. | 7.5 |
2005-11-16 | CVE-2005-3591 | Macromedia | Improper Input Validation vulnerability in Macromedia Flash Player Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file, which causes an improper memory access condition, a different vulnerability than CVE-2005-2628. | 7.5 |
2005-11-16 | CVE-2005-3588 | Advanced Guestbook | SQL-Injection vulnerability in Advanced Guestbook Advanced Guestbook 2.2 SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the username field. | 7.5 |
2005-11-16 | CVE-2005-3585 | Phpwebthings | SQL Injection vulnerability in PHPwebthings 1.4.4 SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the forum parameter. | 7.5 |
2005-11-16 | CVE-2005-3578 | Walla Telesite | Input Validation vulnerability in Walla TeleSite SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary SQL commands via the sug parameter. | 7.5 |
2005-11-16 | CVE-2005-3575 | Cynox | SQL Injection vulnerability in Cyphor Show.PHP SQL injection vulnerability in show.php in Cyphor 0.19 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2005-11-16 | CVE-2005-3572 | Peel | SQL Injection vulnerability in Peel 2.6/2.7 SQL injection vulnerability in index.php in Peel 2.6 through 2.7 allows remote attackers to execute arbitrary SQL commands via the rubid parameter. | 7.5 |
2005-11-16 | CVE-2005-3565 | HP | Unauthorized Access vulnerability in HP Hp-Ux 11.00/11.11/11.23 Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors. | 7.5 |
2005-11-16 | CVE-2005-3560 | Zonelabs | Unspecified vulnerability in Zonelabs products Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite 6.0, (3) ZoneAlarm Anti-Virus 6.0, (4) ZoneAlarm Anti-Spyware 6.0 through 6.1, and (5) ZoneAlarm 6.0 allow remote attackers to bypass the "Advanced Program Control and OS Firewall filters" setting via URLs in "HTML Modal Dialogs" (window.location.href) contained within JavaScript tags. | 7.5 |
2005-11-16 | CVE-2005-3558 | Oste | Remote File Include vulnerability in Oste 1.0 PHP file inclusion vulnerability in index.php in OSTE 1.0 allows remote attackers to execute arbitrary code via the (1) page and (2) site parameters. | 7.5 |
2005-11-16 | CVE-2005-3553 | Phpkit | SQL Injection vulnerability in PHPkit Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka the PHPKITSID variable). | 7.5 |
2005-11-20 | CVE-2005-3346 | OSH | Buffer Overflow vulnerability in OSH 1.7.14 Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv function call. | 7.2 |
2005-11-18 | CVE-2005-3663 | Kaspersky LAB | Local Security vulnerability in Kaspersky LAB Kaspersky Anti-Virus 5.0 Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder. | 7.2 |
2005-11-18 | CVE-2005-2940 | Microsoft | Unspecified vulnerability in Microsoft Antispyware 1.0.509 Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (3) gcasServ.exe, (4) gcasSWUpdater.exe, or (5) GIANTAntiSpywareUpdater.exe. | 7.2 |
2005-11-18 | CVE-2005-2939 | Vmware | Unspecified vulnerability in VMWare Workstation 5.0.0Build13124 Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder. | 7.2 |
2005-11-18 | CVE-2005-2938 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Itunes 4.7.1.30/5.0 Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file. | 7.2 |
2005-11-18 | CVE-2005-2936 | Realnetworks | Permissions, Privileges, and Access Controls vulnerability in Realnetworks Realone Player and Realplayer Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\program.exe file. | 7.2 |
2005-11-16 | CVE-2005-3582 | Imagemagick | Packages Insecure RUNPATH vulnerability in Gentoo Linux ImageMagick before 6.2.4.2-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime. | 7.2 |
2005-11-16 | CVE-2005-3581 | Gdal | Packages Insecure RUNPATH vulnerability in Gentoo Linux GDAL before 1.3.0-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime. | 7.2 |
2005-11-16 | CVE-2005-3580 | Qdbm | Packages Insecure RUNPATH vulnerability in Gentoo Linux QDBM before 1.8.33-r2 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime. | 7.2 |
2005-11-16 | CVE-2005-3564 | HP | Local Privilege Escalation vulnerability in HP-UX ENVD envd daemon in HP-UX B.11.00 through B.11.11 allows local users to obtain privileges via unknown attack vectors. | 7.2 |
2005-11-16 | CVE-2005-3546 | F Secure | Local Privilege Escalation vulnerability in F-Secure Anti-Virus and Internet Gatekeeper suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before 2.15.484 and (2) Anti-Virus Linux Gateway before 2.16 are installed SUID with world-executable permissions, which allows local users to gain privilege. | 7.2 |
58 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-11-18 | CVE-2005-3347 | Phpgroupware | Path Traversal vulnerability in PHPgroupware 0.9.16 Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. | 6.8 |
2005-11-16 | CVE-2005-3543 | Phorum | SQL Injection vulnerability in Phorum SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter. | 6.8 |
2005-11-16 | CVE-2005-3555 | Tincan | Input Validation vulnerability in PHPList Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page. | 6.5 |
2005-11-16 | CVE-2005-3549 | Invision Power Services | Remote Security vulnerability in Invision Power Services Invision Board 2.0.1 Direct code injection vulnerability in Task Manager in Invision Power Board 2.0.1 allows limited remote attackers to execute arbitrary code by referencing the file in "Task PHP File To Run" field and selecting "Run Task Now". | 6.5 |
2005-11-18 | CVE-2005-3680 | Xoops | Unspecified vulnerability in Xoops 2.2.3 Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote attackers to read or include arbitrary local files via a .. | 6.4 |
2005-11-18 | CVE-2005-3355 | GNU | Path Traversal vulnerability in GNU Gnump3D Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values". | 6.4 |
2005-11-16 | CVE-2005-3567 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Directory Server 5.2.0/6.0 slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0 binds using SASL EXTERNAL, which allows attackers to bypass authentication and modify and delete directory data via unknown attack vectors. | 5.8 |
2005-11-20 | CVE-2005-3354 | Sylpheed | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sylpheed Stack-based buffer overflow in the ldif_get_line function in ldif.c of Sylpheed before 2.1.6 allows user-assisted attackers to execute arbitrary code by having local users import LDIF files with long lines. | 5.1 |
2005-11-18 | CVE-2005-2630 | Realnetworks | Heap Overflow vulnerability in RealNetworks RealPlayer DUNZIP32.DLL Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and 10.5 and RealOne Player 1 and 2 allows remote attackers to execute arbitrary code via a crafted RealPlayer Skin (RJS) file, a different vulnerability than CVE-2004-1094. | 5.1 |
2005-11-18 | CVE-2005-2629 | Realnetworks | Unspecified vulnerability in Realnetworks Helix Player, Realone Player and Realplayer Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481. | 5.1 |
2005-11-16 | CVE-2005-3554 | Phpkit | Code Injection vulnerability in PHPkit 1.6.02/1.6.03/1.6.1 Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables. | 5.1 |
2005-11-20 | CVE-2005-3529 | Tiki | Information Exposure vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.0/1.9.1/1.9.2 tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability. | 5.0 |
2005-11-20 | CVE-2005-3351 | Apache | Unspecified vulnerability in Apache Spamassassin 3.0.4 SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl. | 5.0 |
2005-11-19 | CVE-2005-3691 | Mailenable | Directory Traversal vulnerability in MailEnable IMAP Command Directory traversal vulnerability in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to create or rename arbitrary mail directories via the mailbox name argument of the (1) create or (2) rename commands. | 5.0 |
2005-11-19 | CVE-2005-3687 | WHM Autopilot | cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote attackers to cancel requests for arbitrary accounts via a modified c parameter. | 5.0 |
2005-11-18 | CVE-2005-3678 | Improper Input Validation vulnerability in Google Talk Google Talk before 1.0.0.76, with email notification enabled, allows remote attackers to cause a denial of service (connection reset) via email with a blank sender. | 5.0 | |
2005-11-18 | CVE-2005-3353 | PHP | Denial Of Service vulnerability in PHP Group Exif Module Infinite Recursion The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image. | 5.0 |
2005-11-18 | CVE-2005-3672 | Stonesoft | Multiple Unspecified vulnerability in Stonesoft StoneGate Firewall/VPN Client IKEv1 Traffic The Internet Key Exchange version 1 (IKEv1) implementation in Stonesoft StoneGate Firewall before 2.6.1 allows remote attackers to cause a denial of service via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 5.0 |
2005-11-18 | CVE-2005-3668 | Internet KEY Exchange | Denial-Of-Service vulnerability in Internet KEY Exchange Internet KEY Exchange 1 Multiple buffer overflows in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts related to denial of service, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 5.0 |
2005-11-18 | CVE-2005-3667 | Internet KEY Exchange | Denial-Of-Service vulnerability in Internet KEY Exchange Internet KEY Exchange 1 Multiple unspecified vulnerabilities in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts related to denial of service, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 5.0 |
2005-11-18 | CVE-2005-3189 | Qualcomm | Directory Traversal vulnerability in Qualcomm Worldmail Imap Server 3.0 Directory traversal vulnerability in Qualcomm WorldMail IMAP Server allows remote attackers to read arbitrary email messages via ".." sequences in the SELECT command. | 5.0 |
2005-11-17 | CVE-2005-3645 | Phpadsnew Phppgads | Information Exposure vulnerability in multiple products phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php. | 5.0 |
2005-11-16 | CVE-2005-3634 | SAP | Unspecified vulnerability in SAP web Application Server frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. | 5.0 |
2005-11-16 | CVE-2005-3633 | SAP | Unspecified vulnerability in SAP web Application Server HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. | 5.0 |
2005-11-16 | CVE-2005-3622 | Phpmyadmin | Remote Security vulnerability in phpMyAdmin phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory. | 5.0 |
2005-11-16 | CVE-2005-3621 | Phpmyadmin | Unspecified vulnerability in PHPmyadmin CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts. | 5.0 |
2005-11-16 | CVE-2005-3594 | E107 | Remote Security vulnerability in e107 game_score.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables. | 5.0 |
2005-11-16 | CVE-2005-3592 | Cutephp | Remote Security vulnerability in CuteNews index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain the path of the installation path of the application by triggering an error message, such as by entering multiple ../ (dot dot slash) in the archive parameter. | 5.0 |
2005-11-16 | CVE-2005-3579 | Walla Telesite | Input Validation vulnerability in Walla TeleSite ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to access arbitrary local files via the querystring. | 5.0 |
2005-11-16 | CVE-2005-3576 | Walla Telesite | Input Validation vulnerability in Walla TeleSite ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to access privileged information by entering the article number in tsurl parameter. | 5.0 |
2005-11-16 | CVE-2005-3574 | Icms Content Management Systems | Remote Security vulnerability in Icms PHP file inclusion vulnerability in index.php of iCMS allows remote attackers to include arbitrary files via the page parameter. | 5.0 |
2005-11-16 | CVE-2005-3573 | GNU | Denial Of Service vulnerability in GNU Mailman Attachment Scrubber UTF8 Filename Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash). | 5.0 |
2005-11-16 | CVE-2005-3571 | Codegrrl | Code Injection vulnerability in Codegrrl products PHP file inclusion vulnerability in protection.php in CodeGrrl (a) PHPCalendar 1.0, (b) PHPClique 1.0, (c) PHPCurrently 2.0, (d) PHPFanBase 2.1, and (e) PHPQuotes 1.0 allows remote attackers to include arbitrary local files via the siteurl parameter when register_globals is enabled. | 5.0 |
2005-11-16 | CVE-2005-3569 | IBM | Denial of Service vulnerability in IBM DB2 Content Manager 8.2 INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX allows attackers to cause a denial of service (application crash) via unknown attack vectors involving LZH files. | 5.0 |
2005-11-16 | CVE-2005-3559 | Digium | Unspecified vulnerability in Digium Asterisk Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. | 5.0 |
2005-11-16 | CVE-2005-3557 | Tincan | Input Validation vulnerability in PHPList Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. | 5.0 |
2005-11-16 | CVE-2005-3551 | Toenda Software Development | Information Disclosure vulnerability in Toendacms toendaCMS before 0.6.2 stores user account and session data in the web root directory, which allows remote attackers to obtain sensitive information via a direct request to the appropriate XML file. | 5.0 |
2005-11-16 | CVE-2005-3550 | Toenda Software Development | Directory Traversal vulnerability in toendaCMS Directory traversal vulnerability in admin.php in toendaCMS before 0.6.2 allows remote attackers to access arbitrary files via a .. | 5.0 |
2005-11-20 | CVE-2005-2709 | Linux | Resource Management Errors vulnerability in Linux Kernel The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 allows local users to cause a denial of service (kernel oops) and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function pointers in memory that was used for the ctl_table. | 4.6 |
2005-11-18 | CVE-2005-3662 | Greg Roelofs | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Greg Roelofs Pnmtopng Off-by-one buffer overflow in pnmtopng before 2.39, when using the -alpha command line option (Alphas_Of_Color), allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM file with exactly 256 colors. | 4.6 |
2005-11-17 | CVE-2005-3647 | Winability | Local Security vulnerability in Folder Guard Folder Guard allows local users to bypass protections by running from or installing to the temporary files directory. | 4.6 |
2005-11-20 | CVE-2005-3695 | Litespeed Technologies | Cross-Site Scripting vulnerability in Litespeed Technologies Litespeed web Server 2.1.5 Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the m parameter. | 4.3 |
2005-11-20 | CVE-2005-3530 | Antville | Cross-Site Scripting vulnerability in Antville 1.1 Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote attackers to inject arbitrary web script or HTML via the notfound.skin error document. | 4.3 |
2005-11-20 | CVE-2005-3528 | Tiki | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.0/1.9.1/1.9.2 Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to inject arbitrary web script or HTML via the topics_offset parameter. | 4.3 |
2005-11-19 | CVE-2005-3692 | Amax Information Technologies | Input Validation vulnerability in Amax Information Technologies Magic Winmail Server 4.2 Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) retid parameter in badlogin.php, (2) Content-Type headers in HTML mails, and (3) HTML mail attachments. | 4.3 |
2005-11-19 | CVE-2005-3685 | Virtual Programming | HTML Injection vulnerability in Virtual Programming Vp-Asp 5.50 Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP Shopping Cart 5.50 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter. | 4.3 |
2005-11-18 | CVE-2005-3348 | Phpsysinfo | Cross-Site Request Forgery (CSRF) vulnerability in PHPsysinfo HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter. | 4.3 |
2005-11-16 | CVE-2005-3636 | SAP | Cross-Site Scripting vulnerability in SAP web Application Server 6.10 Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages. | 4.3 |
2005-11-16 | CVE-2005-3635 | SAP | Cross-Site Scripting vulnerability in SAP Web Application Server Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application. | 4.3 |
2005-11-16 | CVE-2005-3584 | Phpwebthings | Cross-Site Scripting vulnerability in PHPwebthings 1.4.4 Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to inject arbitrary web script or HTML via the forum parameter. | 4.3 |
2005-11-16 | CVE-2005-3577 | Walla Telesite | Input Validation vulnerability in Walla TeleSite Cross-site scripting vulnerability (XSS) in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the sug parameter. | 4.3 |
2005-11-16 | CVE-2005-3570 | Horde | Cross-Site Scripting vulnerability in Horde Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages". | 4.3 |
2005-11-16 | CVE-2005-3566 | Symantec Veritas | Local Buffer Overflow vulnerability in VERITAS Cluster Server for UNIX Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent, (2) haalert, (3) haattr, (4) hacli, (5) hacli_runcmd, (6) haclus, (7) haconf, (8) hadebug, (9) hagrp, (10) hahb, (11) halog, (12) hareg, (13) hares, (14) hastatus, (15) hasys, (16) hatype, (17) hauser, and (18) tststew. | 4.3 |
2005-11-16 | CVE-2005-3556 | Tincan | Input Validation vulnerability in PHPList Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listname parameter in (a) admin/editlist.php, (2) title parameter in (b) admin/spageedit.php, (3) title field in (c) admin/template.php, (4) filter, (5) delete, and (6) start parameters in (d) admin/eventlog.php, (7) id parameter in (e) admin/configure.php, (8) find parameter in (f) admin/users.php, (9) start parameter in (g) admin/admin.php, and (10) action parameter in (h) admin/fckphplist.php. | 4.3 |
2005-11-16 | CVE-2005-3552 | Phpkit | Cross-Site Scripting vulnerability in PHPkit Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple vectors in (1) login/profile.php, (2) login/userinfo.php, (3) admin/admin.php, (4) imcenter.php, and the (5) referer statistics, the (6) HTML title element and (7) logo alt attributes in forum postings, and the (8) Homepage field in the Guestbook. | 4.3 |
2005-11-16 | CVE-2005-3547 | Invision Power Services | Cross-Site Scripting vulnerability in Invision Power Services Invision Board 2.1 Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields. | 4.3 |
2005-11-16 | CVE-2005-3544 | XMB Forum | Unspecified vulnerability in XMB Forum XMB 1.9.3 Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | 4.3 |
2005-11-16 | CVE-2005-3548 | Invision Power Services | Path Traversal vulnerability in Invision Power Services Invision Board 2.0.1 Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a .. | 4.0 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-11-17 | CVE-2005-3649 | Moodle | Remote Security vulnerability in Moodle 1.5.2 jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter. | 2.6 |
2005-11-16 | CVE-2005-3568 | IBM | Denial of Service vulnerability in IBM DB2 Content Manager 8.2 db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allows local users to cause a denial of service (CPU consumption) by importing a corrupted Microsoft Excel file, aka "CORRUPTED EXEL FILE WILL CAUSE TEXT SEARCH PROCESS LOOPING." | 2.1 |
2005-11-18 | CVE-2005-3349 | GNU | Link Following vulnerability in GNU Gnump3D GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file. | 1.9 |