Weekly Vulnerabilities Reports > November 14 to 20, 2005

Overview

122 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 52 high severity vulnerabilities. This weekly summary report vulnerabilities in 119 products from 84 vendors including IBM, SAP, Realnetworks, Walla Telesite, and Microsoft. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Path Traversal", and "Cross-site Scripting".

  • 104 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 11 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 118 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 5 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

9 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-11-18 CVE-2005-3666 Internet KEY Exchange Denial-Of-Service vulnerability in Internet KEY Exchange Internet KEY Exchange 1

Multiple unspecified format string vulnerabilities in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

10.0
2005-11-18 CVE-2005-3116 Symantec Veritas Buffer Overflow vulnerability in VERITAS NetBackup Volume Manager Daemon

Stack-based buffer overflow in a shared library as used by the Volume Manager daemon (vmd) in VERITAS NetBackup Enterprise Server 5.0 MP1 to MP5 and 5.1 up to MP3A allows remote attackers to execute arbitrary code via a crafted packet.

10.0
2005-11-16 CVE-2005-3640 Floosietek Buffer Errors vulnerability in Floosietek Ftgate 44.1

Multiple buffer overflows in the IMAP Groupware Mail server of Floosietek FTGate (FTGate4) 4.1 allow remote attackers to execute arbitrary code via long arguments to various IMAP commands, as demonstrated with the EXAMINE command.

10.0
2005-11-16 CVE-2005-3595 Microsoft Unspecified vulnerability in Microsoft Windows XP Ibmoemversion

By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer.

10.0
2005-11-16 CVE-2005-3587 Clam Anti Virus Remote Security vulnerability in ClamAV

Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors.

10.0
2005-11-16 CVE-2005-3344 Horde Unspecified vulnerability in Horde 3.0.4

The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access.

10.0
2005-11-16 CVE-2005-2659 JED Wing Buffer Overflow vulnerability in JED Wing CHM LIB 0.35

Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as used in products such as KchmViewer, has unknown impact and attack vectors.

10.0
2005-11-19 CVE-2005-3693 Sunncomm Mediamax Remote Security vulnerability in Axwebremovectrl

The AxWebRemoveCtrl ActiveX control for uninstalling the SunnComm MediaMax DRM allows remote attackers to download and execute arbitrary code, a similar vulnerability to CVE-2005-3650.

9.3
2005-11-17 CVE-2005-3650 First4Internet XCP DRM Code Injection vulnerability in First4Internet XCP DRM First4Internet XCP DRM

The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the First4Internet XCP DRM, has "safe for scripting" enabled, which allows remote attackers to execute arbitrary code by calling vulnerable functions such as RebootMachine, IsAdministrator, and ExecuteCode.

9.3

52 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-11-20 CVE-2005-3694 Centericq Remote Denial of Service vulnerability in Centericq 4.20.0R3

centericq 4.20.0-r3 with "Enable peer-to-peer communications" set allows remote attackers to cause a denial of service (segmentation fault and crash) via short zero-length packets, and possibly packets of length 1 or 2, as demonstrated using Nessus.

7.8
2005-11-18 CVE-2005-3675 TCP Unspecified vulnerability in TCP

The Transmission Control Protocol (TCP) allows remote attackers to cause a denial of service (bandwidth consumption) by sending ACK messages for packets that have not yet been received (optimistic ACKs), which can cause the sender to increase its transmission rate until it fills available bandwidth.

7.8
2005-11-18 CVE-2005-3674 SUN Denial Of Service vulnerability in SUN Solaris 10.0/9.0

The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Sun Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked crash) via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

7.8
2005-11-18 CVE-2005-3673 Checkpoint Denial of Service vulnerability in Check Point Firewall-1 and VPN-1 ISAKMP IKE

The Internet Key Exchange version 1 (IKEv1) implementation in Check Point products allows remote attackers to cause a denial of service via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

7.8
2005-11-18 CVE-2005-3671 Frees WAN
Openswan
Xelerance
Denial Of Service vulnerability in Openswan IKE Traffic

The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

7.8
2005-11-18 CVE-2005-3670 HP Denial Of Service vulnerability in HP Hp-Ux, Jetdirect 635N and Tru64

Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in HP HP-UX B.11.00, B.11.11, and B.11.23 running IPSec, HP Jetdirect 635n IPv6/IPsec Print Server, and HP Tru64 UNIX 5.1B-3 and 5.1B-2/PK4, allow remote attackers to cause a denial of service via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

7.8
2005-11-17 CVE-2005-3644 Microsoft Resource Management Errors vulnerability in Microsoft Windows 2000 and Windows XP

PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.

7.8
2005-11-16 CVE-2005-3589 Filezilla Remote Client-Side Buffer Overflow vulnerability in Filezilla Server Terminal 0.9.4D

Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote attackers to cause a denial of service (terminal crash) via a long USER ftp command.

7.8
2005-11-16 CVE-2005-3583 SUN Remote Denial of Service vulnerability in Sun Java Development Kit Font Serialization

(1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.2_08, 1.4.2_09, and 1.5.0_05 and possibly other versions allow remote attackers to cause a denial of service (JVM unresponsive) via a crafted serialized object, such as a font object as demonstrated on JBoss.

7.8
2005-11-20 CVE-2005-3696 Arki DB SQL Injection vulnerability in Arki-DB

SQL injection vulnerability in Arki-DB 1.0 and 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a view action (view.php) to index.php.

7.5
2005-11-19 CVE-2005-3690 Mailenable Buffer Overflow vulnerability in MailEnable IMAP Mailbox Name

Stack-based buffer overflow in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to execute arbitrary code via a long mailbox name in the (1) select, (2) create, (3) delete, (4) rename, (5) subscribe, or (6) unsubscribe commands.

7.5
2005-11-19 CVE-2005-3686 Newsboard SQL Injection vulnerability in Newsboard Unclassified Newsboard

SQL injection vulnerability in search.inc.php in Unclassified NewsBoard before 1.5.3 Patch 4 allows remote attackers to execute arbitrary SQL commands via the (1) DateFrom or (2) DateUntil parameter to forum.php.

7.5
2005-11-19 CVE-2005-3684 Freeftpd Buffer Overflow vulnerability in Freeftpd 1.0.8

Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, allow remote authenticated attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via long (1) MKD and (2) DELE commands.

7.5
2005-11-19 CVE-2005-3683 Freeftpd Buffer Overflow vulnerability in FreeFTPD User Command

Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enabled, allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a long USER command.

7.5
2005-11-18 CVE-2005-3682 Wizz Forum Unspecified vulnerability in Wizz Forum Wizz Forum 1.20

Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote attackers to execute arbitrary SQL commands via (1) the AuthID parameter in ForumAuthDetails.php, and the TopicID parameter in (2) ForumTopicDetails.php and (3) ForumReply.php.

7.5
2005-11-18 CVE-2005-3681 Xoops Unspecified vulnerability in Xoops Wf-Downloads 2.05

SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads module 2.05 allows remote attackers to execute arbitrary SQL commands via the list parameter.

7.5
2005-11-18 CVE-2005-3679 Activecampaign Unspecified vulnerability in Activecampaign 1-2-All Broadcast Email 4.07

SQL injection vulnerability in admin/index.php in ActiveCampaign 1-2-All Broadcast Email allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username field in the admin control panel.

7.5
2005-11-18 CVE-2005-3677 Realnetworks Unspecified vulnerability in Realnetworks Realplayer

Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote attackers to execute arbitrary code via a crafted image in a RealPlayer Skin (RJS) file.

7.5
2005-11-18 CVE-2005-3676 Phpwebthings Unspecified vulnerability in PHPwebthings 1.4.4

SQL injection vulnerability in download.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the file parameter.

7.5
2005-11-18 CVE-2005-3314 Novell Buffer Errors vulnerability in Novell Netmail 3.5.2

Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 allows remote attackers to execute arbitrary code via "long verb arguments."

7.5
2005-11-18 CVE-2005-3664 F Secure
Kaspersky LAB
Remote Buffer Overflow vulnerability in Kaspersky Anti-Virus Engine CHM File Parser

Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in Kaspersky Personal 5.0.227, Anti-Virus On-Demand Scanner for Linux 5.0.5, and F-Secure Anti-Virus for Linux 4.50 allows remote attackers to execute arbitrary code via a crafted CHM file.

7.5
2005-11-18 CVE-2005-3186 Gnome
GTK
Buffer Overflow vulnerability in GDK-Pixbuf/GTK XPM Images

Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.

7.5
2005-11-18 CVE-2005-2929 University OF Kansas Permissions, Privileges, and Access Controls vulnerability in University of Kansas Lynx 2.8.5/2.8.6/2.8.6Dev13

Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.

7.5
2005-11-18 CVE-2005-1925 Tiki Path Traversal vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1/1.9.0

Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php.

7.5
2005-11-17 CVE-2005-3648 Moodle Unspecified vulnerability in Moodle 1.5.2

Multiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php.

7.5
2005-11-17 CVE-2005-3646 Phpadsnew
Phppgads
SQL Injection vulnerability in multiple products

Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php.

7.5
2005-11-16 CVE-2005-3643 IBM Authentication Bypass vulnerability in IBM DB2 Windows XP Simple File Sharing

IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password.

7.5
2005-11-16 CVE-2005-3642 IBM Authentication Bypass vulnerability in IBM Informix Dynamic Server Windows XP Simple File Sharing

IBM Informix Dynamic Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account by supplying an invalid username.

7.5
2005-11-16 CVE-2005-3641 Oracle Authentication Bypass vulnerability in Oracle Database Windows XP Simple File Sharing

Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username.

7.5
2005-11-16 CVE-2005-3639 Ubertec Local File Include vulnerability in Help Center Live

PHP file inclusion vulnerability in the osTicket module in Help Center Live before 2.0.3 allows remote attackers to access or include arbitrary files via the file parameter, possibly due to a directory traversal vulnerability.

7.5
2005-11-16 CVE-2005-3596 Iisworks Unspecified vulnerability in Iisworks Aspknowledgebase

SQL injection vulnerability in ASPKnowledgebase allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password fields in adminlogin.asp.

7.5
2005-11-16 CVE-2005-3591 Macromedia Improper Input Validation vulnerability in Macromedia Flash Player

Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file, which causes an improper memory access condition, a different vulnerability than CVE-2005-2628.

7.5
2005-11-16 CVE-2005-3588 Advanced Guestbook SQL-Injection vulnerability in Advanced Guestbook Advanced Guestbook 2.2

SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the username field.

7.5
2005-11-16 CVE-2005-3585 Phpwebthings SQL Injection vulnerability in PHPwebthings 1.4.4

SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the forum parameter.

7.5
2005-11-16 CVE-2005-3578 Walla Telesite Input Validation vulnerability in Walla TeleSite

SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary SQL commands via the sug parameter.

7.5
2005-11-16 CVE-2005-3575 Cynox SQL Injection vulnerability in Cyphor Show.PHP

SQL injection vulnerability in show.php in Cyphor 0.19 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2005-11-16 CVE-2005-3572 Peel SQL Injection vulnerability in Peel 2.6/2.7

SQL injection vulnerability in index.php in Peel 2.6 through 2.7 allows remote attackers to execute arbitrary SQL commands via the rubid parameter.

7.5
2005-11-16 CVE-2005-3565 HP Unauthorized Access vulnerability in HP Hp-Ux 11.00/11.11/11.23

Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors.

7.5
2005-11-16 CVE-2005-3560 Zonelabs Unspecified vulnerability in Zonelabs products

Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite 6.0, (3) ZoneAlarm Anti-Virus 6.0, (4) ZoneAlarm Anti-Spyware 6.0 through 6.1, and (5) ZoneAlarm 6.0 allow remote attackers to bypass the "Advanced Program Control and OS Firewall filters" setting via URLs in "HTML Modal Dialogs" (window.location.href) contained within JavaScript tags.

7.5
2005-11-16 CVE-2005-3558 Oste Remote File Include vulnerability in Oste 1.0

PHP file inclusion vulnerability in index.php in OSTE 1.0 allows remote attackers to execute arbitrary code via the (1) page and (2) site parameters.

7.5
2005-11-16 CVE-2005-3553 Phpkit SQL Injection vulnerability in PHPkit

Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka the PHPKITSID variable).

7.5
2005-11-20 CVE-2005-3346 OSH Buffer Overflow vulnerability in OSH 1.7.14

Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv function call.

7.2
2005-11-18 CVE-2005-3663 Kaspersky LAB Local Security vulnerability in Kaspersky LAB Kaspersky Anti-Virus 5.0

Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder.

7.2
2005-11-18 CVE-2005-2940 Microsoft Unspecified vulnerability in Microsoft Antispyware 1.0.509

Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (3) gcasServ.exe, (4) gcasSWUpdater.exe, or (5) GIANTAntiSpywareUpdater.exe.

7.2
2005-11-18 CVE-2005-2939 Vmware Unspecified vulnerability in VMWare Workstation 5.0.0Build13124

Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder.

7.2
2005-11-18 CVE-2005-2938 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Itunes 4.7.1.30/5.0

Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file.

7.2
2005-11-18 CVE-2005-2936 Realnetworks Permissions, Privileges, and Access Controls vulnerability in Realnetworks Realone Player and Realplayer

Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\program.exe file.

7.2
2005-11-16 CVE-2005-3582 Imagemagick Packages Insecure RUNPATH vulnerability in Gentoo Linux

ImageMagick before 6.2.4.2-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime.

7.2
2005-11-16 CVE-2005-3581 Gdal Packages Insecure RUNPATH vulnerability in Gentoo Linux

GDAL before 1.3.0-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime.

7.2
2005-11-16 CVE-2005-3580 Qdbm Packages Insecure RUNPATH vulnerability in Gentoo Linux

QDBM before 1.8.33-r2 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime.

7.2
2005-11-16 CVE-2005-3564 HP Local Privilege Escalation vulnerability in HP-UX ENVD

envd daemon in HP-UX B.11.00 through B.11.11 allows local users to obtain privileges via unknown attack vectors.

7.2
2005-11-16 CVE-2005-3546 F Secure Local Privilege Escalation vulnerability in F-Secure Anti-Virus and Internet Gatekeeper

suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before 2.15.484 and (2) Anti-Virus Linux Gateway before 2.16 are installed SUID with world-executable permissions, which allows local users to gain privilege.

7.2

58 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-11-18 CVE-2005-3347 Phpgroupware Path Traversal vulnerability in PHPgroupware 0.9.16

Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via ..

6.8
2005-11-16 CVE-2005-3543 Phorum SQL Injection vulnerability in Phorum

SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter.

6.8
2005-11-16 CVE-2005-3555 Tincan Input Validation vulnerability in PHPList

Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page.

6.5
2005-11-16 CVE-2005-3549 Invision Power Services Remote Security vulnerability in Invision Power Services Invision Board 2.0.1

Direct code injection vulnerability in Task Manager in Invision Power Board 2.0.1 allows limited remote attackers to execute arbitrary code by referencing the file in "Task PHP File To Run" field and selecting "Run Task Now".

6.5
2005-11-18 CVE-2005-3680 Xoops Unspecified vulnerability in Xoops 2.2.3

Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote attackers to read or include arbitrary local files via a ..

6.4
2005-11-18 CVE-2005-3355 GNU Path Traversal vulnerability in GNU Gnump3D

Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values".

6.4
2005-11-16 CVE-2005-3567 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Directory Server 5.2.0/6.0

slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0 binds using SASL EXTERNAL, which allows attackers to bypass authentication and modify and delete directory data via unknown attack vectors.

5.8
2005-11-20 CVE-2005-3354 Sylpheed Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sylpheed

Stack-based buffer overflow in the ldif_get_line function in ldif.c of Sylpheed before 2.1.6 allows user-assisted attackers to execute arbitrary code by having local users import LDIF files with long lines.

5.1
2005-11-18 CVE-2005-2630 Realnetworks Heap Overflow vulnerability in RealNetworks RealPlayer DUNZIP32.DLL

Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and 10.5 and RealOne Player 1 and 2 allows remote attackers to execute arbitrary code via a crafted RealPlayer Skin (RJS) file, a different vulnerability than CVE-2004-1094.

5.1
2005-11-18 CVE-2005-2629 Realnetworks Unspecified vulnerability in Realnetworks Helix Player, Realone Player and Realplayer

Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481.

5.1
2005-11-16 CVE-2005-3554 Phpkit Code Injection vulnerability in PHPkit 1.6.02/1.6.03/1.6.1

Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables.

5.1
2005-11-20 CVE-2005-3529 Tiki Information Exposure vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.0/1.9.1/1.9.2

tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability.

5.0
2005-11-20 CVE-2005-3351 Apache Unspecified vulnerability in Apache Spamassassin 3.0.4

SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl.

5.0
2005-11-19 CVE-2005-3691 Mailenable Directory Traversal vulnerability in MailEnable IMAP Command

Directory traversal vulnerability in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to create or rename arbitrary mail directories via the mailbox name argument of the (1) create or (2) rename commands.

5.0
2005-11-19 CVE-2005-3687 WHM Autopilot cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote attackers to cancel requests for arbitrary accounts via a modified c parameter.
5.0
2005-11-18 CVE-2005-3678 Google Improper Input Validation vulnerability in Google Talk

Google Talk before 1.0.0.76, with email notification enabled, allows remote attackers to cause a denial of service (connection reset) via email with a blank sender.

5.0
2005-11-18 CVE-2005-3353 PHP Denial Of Service vulnerability in PHP Group Exif Module Infinite Recursion

The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image.

5.0
2005-11-18 CVE-2005-3672 Stonesoft Multiple Unspecified vulnerability in Stonesoft StoneGate Firewall/VPN Client IKEv1 Traffic

The Internet Key Exchange version 1 (IKEv1) implementation in Stonesoft StoneGate Firewall before 2.6.1 allows remote attackers to cause a denial of service via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

5.0
2005-11-18 CVE-2005-3668 Internet KEY Exchange Denial-Of-Service vulnerability in Internet KEY Exchange Internet KEY Exchange 1

Multiple buffer overflows in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts related to denial of service, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

5.0
2005-11-18 CVE-2005-3667 Internet KEY Exchange Denial-Of-Service vulnerability in Internet KEY Exchange Internet KEY Exchange 1

Multiple unspecified vulnerabilities in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts related to denial of service, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

5.0
2005-11-18 CVE-2005-3189 Qualcomm Directory Traversal vulnerability in Qualcomm Worldmail Imap Server 3.0

Directory traversal vulnerability in Qualcomm WorldMail IMAP Server allows remote attackers to read arbitrary email messages via ".." sequences in the SELECT command.

5.0
2005-11-17 CVE-2005-3645 Phpadsnew
Phppgads
Information Exposure vulnerability in multiple products

phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php.

5.0
2005-11-16 CVE-2005-3634 SAP Unspecified vulnerability in SAP web Application Server

frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.

5.0
2005-11-16 CVE-2005-3633 SAP Unspecified vulnerability in SAP web Application Server

HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter.

5.0
2005-11-16 CVE-2005-3622 Phpmyadmin Remote Security vulnerability in phpMyAdmin

phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory.

5.0
2005-11-16 CVE-2005-3621 Phpmyadmin Unspecified vulnerability in PHPmyadmin

CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.

5.0
2005-11-16 CVE-2005-3594 E107 Remote Security vulnerability in e107

game_score.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables.

5.0
2005-11-16 CVE-2005-3592 Cutephp Remote Security vulnerability in CuteNews

index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain the path of the installation path of the application by triggering an error message, such as by entering multiple ../ (dot dot slash) in the archive parameter.

5.0
2005-11-16 CVE-2005-3579 Walla Telesite Input Validation vulnerability in Walla TeleSite

ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to access arbitrary local files via the querystring.

5.0
2005-11-16 CVE-2005-3576 Walla Telesite Input Validation vulnerability in Walla TeleSite

ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to access privileged information by entering the article number in tsurl parameter.

5.0
2005-11-16 CVE-2005-3574 Icms Content Management Systems Remote Security vulnerability in Icms

PHP file inclusion vulnerability in index.php of iCMS allows remote attackers to include arbitrary files via the page parameter.

5.0
2005-11-16 CVE-2005-3573 GNU Denial Of Service vulnerability in GNU Mailman Attachment Scrubber UTF8 Filename

Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).

5.0
2005-11-16 CVE-2005-3571 Codegrrl Code Injection vulnerability in Codegrrl products

PHP file inclusion vulnerability in protection.php in CodeGrrl (a) PHPCalendar 1.0, (b) PHPClique 1.0, (c) PHPCurrently 2.0, (d) PHPFanBase 2.1, and (e) PHPQuotes 1.0 allows remote attackers to include arbitrary local files via the siteurl parameter when register_globals is enabled.

5.0
2005-11-16 CVE-2005-3569 IBM Denial of Service vulnerability in IBM DB2 Content Manager 8.2

INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX allows attackers to cause a denial of service (application crash) via unknown attack vectors involving LZH files.

5.0
2005-11-16 CVE-2005-3559 Digium Unspecified vulnerability in Digium Asterisk

Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a ..

5.0
2005-11-16 CVE-2005-3557 Tincan Input Validation vulnerability in PHPList

Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a ..

5.0
2005-11-16 CVE-2005-3551 Toenda Software Development Information Disclosure vulnerability in Toendacms

toendaCMS before 0.6.2 stores user account and session data in the web root directory, which allows remote attackers to obtain sensitive information via a direct request to the appropriate XML file.

5.0
2005-11-16 CVE-2005-3550 Toenda Software Development Directory Traversal vulnerability in toendaCMS

Directory traversal vulnerability in admin.php in toendaCMS before 0.6.2 allows remote attackers to access arbitrary files via a ..

5.0
2005-11-20 CVE-2005-2709 Linux Resource Management Errors vulnerability in Linux Kernel

The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 allows local users to cause a denial of service (kernel oops) and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function pointers in memory that was used for the ctl_table.

4.6
2005-11-18 CVE-2005-3662 Greg Roelofs Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Greg Roelofs Pnmtopng

Off-by-one buffer overflow in pnmtopng before 2.39, when using the -alpha command line option (Alphas_Of_Color), allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM file with exactly 256 colors.

4.6
2005-11-17 CVE-2005-3647 Winability Local Security vulnerability in Folder Guard

Folder Guard allows local users to bypass protections by running from or installing to the temporary files directory.

4.6
2005-11-20 CVE-2005-3695 Litespeed Technologies Cross-Site Scripting vulnerability in Litespeed Technologies Litespeed web Server 2.1.5

Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the m parameter.

4.3
2005-11-20 CVE-2005-3530 Antville Cross-Site Scripting vulnerability in Antville 1.1

Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote attackers to inject arbitrary web script or HTML via the notfound.skin error document.

4.3
2005-11-20 CVE-2005-3528 Tiki Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.0/1.9.1/1.9.2

Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to inject arbitrary web script or HTML via the topics_offset parameter.

4.3
2005-11-19 CVE-2005-3692 Amax Information Technologies Input Validation vulnerability in Amax Information Technologies Magic Winmail Server 4.2

Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) retid parameter in badlogin.php, (2) Content-Type headers in HTML mails, and (3) HTML mail attachments.

4.3
2005-11-19 CVE-2005-3685 Virtual Programming HTML Injection vulnerability in Virtual Programming Vp-Asp 5.50

Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP Shopping Cart 5.50 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter.

4.3
2005-11-18 CVE-2005-3348 Phpsysinfo Cross-Site Request Forgery (CSRF) vulnerability in PHPsysinfo

HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter.

4.3
2005-11-16 CVE-2005-3636 SAP Cross-Site Scripting vulnerability in SAP web Application Server 6.10

Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages.

4.3
2005-11-16 CVE-2005-3635 SAP Cross-Site Scripting vulnerability in SAP Web Application Server

Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application.

4.3
2005-11-16 CVE-2005-3584 Phpwebthings Cross-Site Scripting vulnerability in PHPwebthings 1.4.4

Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to inject arbitrary web script or HTML via the forum parameter.

4.3
2005-11-16 CVE-2005-3577 Walla Telesite Input Validation vulnerability in Walla TeleSite

Cross-site scripting vulnerability (XSS) in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the sug parameter.

4.3
2005-11-16 CVE-2005-3570 Horde Cross-Site Scripting vulnerability in Horde

Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".

4.3
2005-11-16 CVE-2005-3566 Symantec Veritas Local Buffer Overflow vulnerability in VERITAS Cluster Server for UNIX

Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent, (2) haalert, (3) haattr, (4) hacli, (5) hacli_runcmd, (6) haclus, (7) haconf, (8) hadebug, (9) hagrp, (10) hahb, (11) halog, (12) hareg, (13) hares, (14) hastatus, (15) hasys, (16) hatype, (17) hauser, and (18) tststew.

4.3
2005-11-16 CVE-2005-3556 Tincan Input Validation vulnerability in PHPList

Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listname parameter in (a) admin/editlist.php, (2) title parameter in (b) admin/spageedit.php, (3) title field in (c) admin/template.php, (4) filter, (5) delete, and (6) start parameters in (d) admin/eventlog.php, (7) id parameter in (e) admin/configure.php, (8) find parameter in (f) admin/users.php, (9) start parameter in (g) admin/admin.php, and (10) action parameter in (h) admin/fckphplist.php.

4.3
2005-11-16 CVE-2005-3552 Phpkit Cross-Site Scripting vulnerability in PHPkit

Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple vectors in (1) login/profile.php, (2) login/userinfo.php, (3) admin/admin.php, (4) imcenter.php, and the (5) referer statistics, the (6) HTML title element and (7) logo alt attributes in forum postings, and the (8) Homepage field in the Guestbook.

4.3
2005-11-16 CVE-2005-3547 Invision Power Services Cross-Site Scripting vulnerability in Invision Power Services Invision Board 2.1

Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields.

4.3
2005-11-16 CVE-2005-3544 XMB Forum Unspecified vulnerability in XMB Forum XMB 1.9.3

Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

4.3
2005-11-16 CVE-2005-3548 Invision Power Services Path Traversal vulnerability in Invision Power Services Invision Board 2.0.1

Directory traversal vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 allows limited remote attackers to include files via a ..

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-11-17 CVE-2005-3649 Moodle Remote Security vulnerability in Moodle 1.5.2

jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter.

2.6
2005-11-16 CVE-2005-3568 IBM Denial of Service vulnerability in IBM DB2 Content Manager 8.2

db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allows local users to cause a denial of service (CPU consumption) by importing a corrupted Microsoft Excel file, aka "CORRUPTED EXEL FILE WILL CAUSE TEXT SEARCH PROCESS LOOPING."

2.1
2005-11-18 CVE-2005-3349 GNU Link Following vulnerability in GNU Gnump3D

GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file.

1.9