Weekly Vulnerabilities Reports > November 21 to 27, 2005
Overview
138 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 65 high severity vulnerabilities. This weekly summary report vulnerabilities in 119 products from 86 vendors including Vtiger, Exponent, Linux, Alstrasoft, and Google. Vulnerabilities are notably categorized as "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Use of Hard-coded Credentials", "Information Exposure", and "Code Injection".
- 129 reported vulnerabilities are remotely exploitables.
- 6 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 134 reported vulnerabilities are exploitable by an anonymous user.
- Vtiger has the most reported vulnerabilities, with 7 reported vulnerabilities.
- Joomla has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
4 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-11-23 | CVE-2005-3773 | Joomla | Input Validation vulnerability in Joomla Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact and attack vectors, related to "Potential misuse of Media component file management functions." | 10.0 |
2005-11-22 | CVE-2005-3764 | Exponent | Remote Security vulnerability in Exponent The image gallery (imagegallery) component in Exponent CMS 0.96.3 and later versions does not properly check the MIME type of uploaded files, with unknown impact from the preview icon, possibly involving injection of HTML. | 10.0 |
2005-11-22 | CVE-2005-3752 | Ldapdiff | Remote Security vulnerability in Ldapdiff Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact and attack vectors, related to "ldapdiff.conf path construction". | 10.0 |
2005-11-21 | CVE-2005-3731 | Yassl | Certificate Chain Processing vulnerability in yaSSL Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and attack vectors, related to "certificate chain processing." | 10.0 |
65 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-11-27 | CVE-2005-3858 | Linux | Remote Denial Of Service vulnerability in Linux Kernel IP6_Input_Finish Memory leak in the ip6_input_finish function in ip6_input.c in Linux kernel 2.6.12 and earlier might allow attackers to cause a denial of service via malformed IPv6 packets with unspecified parameter problems, which prevents the SKB from being freed. | 7.8 |
2005-11-26 | CVE-2005-3829 | Activecampaign | SQL-Injection vulnerability in Activecampaign Knowledgebuilder 2.4 index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an invalid category parameter, which causes a large number of SQL queries to be processed. | 7.8 |
2005-11-25 | CVE-2005-3810 | Linux | Denial-Of-Service vulnerability in kernel ip_conntrack_proto_icmp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via a message without ICMP ID (ICMP_ID) information, which leads to a null dereference. | 7.8 |
2005-11-25 | CVE-2005-3809 | Linux | Denial-Of-Service vulnerability in kernel The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via an update message without private protocol information, which triggers a null dereference. | 7.8 |
2005-11-22 | CVE-2005-3760 | IBM | Buffer Errors vulnerability in IBM Websphere Application Server 5.0 Double free vulnerability in the BBOORB module in IBM WebSphere Application Server for z/OS 5.0 allows attackers to cause a denial of service (ABEND). | 7.8 |
2005-11-22 | CVE-2005-3753 | Linux | Denial-Of-Service vulnerability in kernel Linux kernel before after 2.6.12 and before 2.6.13.1 might allow attackers to cause a denial of service (Oops) via certain IPSec packets that cause alignment problems in standard multi-block cipher processors. | 7.8 |
2005-11-21 | CVE-2005-3732 | Ipsec Tools | Resource Management Errors vulnerability in Ipsec-Tools The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in racoon in ipsec-tools before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 7.8 |
2005-11-27 | CVE-2005-3855 | Easybe | SQL Injection vulnerability in Easybe 1-2-3 Music Store 1.0 SQL injection vulnerability in process.php in 1-2-3 music store allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter. | 7.5 |
2005-11-27 | CVE-2005-3853 | Solucija | SQL-Injection vulnerability in Solucija Snews 1.2 SQL injection vulnerability in snews.php in sNews 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category parameters to index.php. | 7.5 |
2005-11-27 | CVE-2005-3852 | Onlinetechtools COM | SQL-Injection vulnerability in Onlinetechtools.Com Owos Lite 3.0 SQL injection vulnerability in search.asp in Online Work Order Suite (OWOS) Lite Edition for ASP 3.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | 7.5 |
2005-11-26 | CVE-2005-3846 | Fscripts | SQL Injection vulnerability in Fantastic Scripts Fantastic News News.PHP SQL injection vulnerability in news.php in Fantastic News 2.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter. | 7.5 |
2005-11-26 | CVE-2005-3845 | Ezinvoiceinc | SQL Injection vulnerability in Ezinvoiceinc EZ Invoice INC 2.0 SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allows remote attackers to execute arbitrary SQL commands via the i parameter. | 7.5 |
2005-11-26 | CVE-2005-3844 | Phpwordpress | SQL Injection vulnerability in PHPwordpress PHP News and Article Manager 3.0 SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action. | 7.5 |
2005-11-26 | CVE-2005-3843 | Nicecoder | SQL Injection vulnerability in Nicecoder Idesk 1.0 SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | 7.5 |
2005-11-26 | CVE-2005-3842 | Pdjkeelan COM | SQL Injection vulnerability in Pdjkeelan.Com Pdjk-Support Suite 1.1A SQL injection vulnerability in index.php in pdjk-support suite 1.1a and earlier allows remote attackers to execute arbitrary SQL commands via the (1) rowstart, (2) news_id, and (3) faq_id parameters. | 7.5 |
2005-11-26 | CVE-2005-3840 | Omnistar Interactive | SQL Injection vulnerability in Omnistar Interactive Omnistar Live SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category_id parameter. | 7.5 |
2005-11-26 | CVE-2005-3838 | Isolsoft | SQL Injection vulnerability in Isolsoft Support Center 2.2 Multiple SQL injection vulnerabilities in search.php in IsolSoft Support Center 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) lorder, (2) Priority, (3) Status, (4) Category, (5) searchvalue, and (6) field parameter. | 7.5 |
2005-11-26 | CVE-2005-3836 | Desklance | SQL-Injection vulnerability in Desklance SQL injection vulnerability in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the announce parameter. | 7.5 |
2005-11-26 | CVE-2005-3835 | Desklance | Code Injection vulnerability in Desklance PHP remote file inclusion vulnerability in support/index.php in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the main parameter. | 7.5 |
2005-11-26 | CVE-2005-3833 | Tunez | Input Validation vulnerability in Tunez SQL injection vulnerability in songinfo.php in Tunez 1.21 and earlier allows remote attackers to execute arbitrary SQL commands via the song_id parameter. | 7.5 |
2005-11-26 | CVE-2005-3828 | Activecampaign | SQL-Injection vulnerability in Activecampaign Knowledgebuilder 2.4 SQL injection vulnerability in index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the article parameter. | 7.5 |
2005-11-26 | CVE-2005-3827 | Agileco | SQL Injection vulnerability in AgileBill Product_Cat SQL injection vulnerability in product_cat in AgileBill 1.4.92 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2005-11-26 | CVE-2005-3826 | EZY Helpdesk | SQL Injection vulnerability in EZY Helpdesk Ezyhelpdesk 1.0 Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) edit_id, (2) faq_id, and (3) c_id parameters in a query string, and (4) the search engine, possibly involving the search_string parameter. | 7.5 |
2005-11-26 | CVE-2005-3825 | Comdev | SQL Injection vulnerability in Comdev Vote Caster SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a result action. | 7.5 |
2005-11-26 | CVE-2005-3823 | Vtiger | Input Validation vulnerability in VTiger CRM The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function. | 7.5 |
2005-11-26 | CVE-2005-3822 | Vtiger | Input Validation vulnerability in VTiger CRM Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module. | 7.5 |
2005-11-26 | CVE-2005-3819 | Vtiger | Input Validation vulnerability in VTiger CRM Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the (1) user_name and (2) date parameter in the HelpDesk module. | 7.5 |
2005-11-26 | CVE-2005-3817 | Softbiz | SQL Injection vulnerability in Softbiz web Hosting Directory Script Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module. | 7.5 |
2005-11-26 | CVE-2005-3816 | Zoneo Soft | SQL Injection vulnerability in FreeForum Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 and earlier and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter or (2) thread parameter in thread mode. | 7.5 |
2005-11-26 | CVE-2005-3815 | Greywyvern | SQL Injection vulnerability in Orca Forum Forum.PHP SQL injection vulnerability in forum.php in Orca Forum 4.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter. | 7.5 |
2005-11-24 | CVE-2005-3803 | Cisco | Use of Hard-coded Credentials vulnerability in Cisco Unified Wireless IP Phone 7920 Firmware 1.0(8) Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information. | 7.5 |
2005-11-24 | CVE-2005-3798 | Alstrasoft | Unspecified vulnerability in Alstrasoft Template Seller 3.25 SQL injection vulnerability in admin/index.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary SQL commands via the username field. | 7.5 |
2005-11-24 | CVE-2005-3797 | Alstrasoft | Remote File Include vulnerability in Alstrasoft Template Seller 3.25 PHP remote file inclusion vulnerability in payment_paypal.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary PHP code via the config[basepath] parameter. | 7.5 |
2005-11-24 | CVE-2005-3796 | Alstrasoft | Remote Security vulnerability in Alstrasoft Affiliate Network PRO 7.2 Direct static code injection vulnerability in admin_options_manage.php in AlstraSoft Affiliate Network Pro 7.2 allows attackers to execute arbitrary PHP code via the number parameter. | 7.5 |
2005-11-24 | CVE-2005-3793 | Alstrasoft | SQL-Injection vulnerability in Alstrasoft Affiliate Network PRO 7.2 Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to bypass authentication and execute arbitrary SQL commands via the (1) username or (2) password to admin/admin_validate_login, or the (3) login, (4) password, and (5) flag parameters to login_validate.php. | 7.5 |
2005-11-24 | CVE-2005-3792 | Francisco Burzi | SQL Injection vulnerability in PHPNuke Search Module Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type. | 7.5 |
2005-11-23 | CVE-2005-3780 | Ipupdate | Remote Buffer Overflow vulnerability in IPUpdate Multiple buffer overflows in IPUpdate 1.1 might allow attackers to execute arbitrary code via (1) memmcat in the memm module or (2) certain TSIG format records. | 7.5 |
2005-11-23 | CVE-2005-3775 | Pollvote | Code Injection vulnerability in Pollvote PHP remote file inclusion vulnerability in pollvote.php in PollVote allows remote attackers to include arbitrary files via a URL in the pollname parameter. | 7.5 |
2005-11-23 | CVE-2005-3772 | Joomla | Input Validation vulnerability in Joomla Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the (1) Itemid variable in the Polls modules and (2) multiple unspecified methods in the mosDBTable class. | 7.5 |
2005-11-23 | CVE-2005-3769 | PHP Download Manager | SQL Injection vulnerability in PHP Download Manager PHP Download Manager 1.1/1.1.2/1.1.3 SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
2005-11-23 | CVE-2005-3768 | Symantec | Denial-Of-Service vulnerability in Gateway Security 400 Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Services, as used in Enterprise Firewall, Gateway Security, and Firewall /VPN Appliance products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 7.5 |
2005-11-22 | CVE-2005-3765 | Exponent | Improper File Permission vulnerability in Exponent Content Management System Exponent CMS 0.96.3 and later versions performs a chmod on uploaded files to give them execute permissions, which allows remote attackers to execute arbitrary code. | 7.5 |
2005-11-22 | CVE-2005-3762 | Exponent | SQL Injection vulnerability in Exponent CMS SQL injection vulnerability in the navigation module (navigationmodule) in Exponent CMS 0.96.3 and later versions allows remote attackers to execute arbitrary SQL commands via the parent parameter. | 7.5 |
2005-11-22 | CVE-2005-3757 | Remote vulnerability in Google Mini Search Appliance and Search Appliance The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec. | 7.5 | |
2005-11-22 | CVE-2005-3750 | Opera | Injection vulnerability in Opera Browser Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via shell metacharacters (backticks) in a URL that another product provides in a command line argument when launching Opera. | 7.5 |
2005-11-22 | CVE-2005-3748 | TRU Zone | SQL Injection vulnerability in Tru-Zone Nukeet 3.0/3.1/3.2 SQL injection vulnerability in the Search module in Tru-Zone Nuke ET 3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the query parameter. | 7.5 |
2005-11-22 | CVE-2005-3746 | Apboard | SQL Injection vulnerability in APBoard Thread.PHP SQL injection vulnerability in thread.php in APBoard allows remote attackers to execute arbitrary SQL commands via the start parameter. | 7.5 |
2005-11-22 | CVE-2005-3744 | Phpcomasy | SQL Injection vulnerability in PHPcomasy 0.7.4 SQL injection vulnerability in index.php in phpComasy 0.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2005-11-22 | CVE-2005-3743 | Simplepoll | SQL Injection vulnerability in SimplePoll Results.PHP SQL injection vulnerability in results.php in SimplePoll allows remote attackers to execute arbitrary SQL commands via the pollid parameter. | 7.5 |
2005-11-22 | CVE-2005-3741 | Almondsoft | Unspecified vulnerability in Almondsoft Almond Classifieds Almond Classifieds does not properly verify the password, which allows attackers to bypass access restrictions. | 7.5 |
2005-11-22 | CVE-2005-3740 | PHP Fusion | SQL Injection vulnerability in PHP-Fusion Options.php and Viewforum.php Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter to options.php or (2) lastvisited parameter to viewforum.php. | 7.5 |
2005-11-22 | CVE-2005-3735 | Coastal Data Management | SQL Injection vulnerability in e-Quick Cart Multiple SQL injection vulnerabilities in e-Quick Cart allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in shopaddtocart.asp, (2) strpemail parameter in shopprojectlogin.asp, and (3) id parameter in shoptellafriend.asp. | 7.5 |
2005-11-21 | CVE-2005-3733 | Juniper | Multiple Unspecified vulnerability in Juniper Networks Routers ISAKMP IKE Traffic The Internet Key Exchange version 1 (IKEv1) implementation in Juniper JUNOS and JUNOSe software for M, T, and J-series routers before release 6.4, and E-series routers before 7-1-0, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 7.5 |
2005-11-21 | CVE-2005-3727 | Revize CMS | SQL Injection vulnerability in Revize CMS Query_results.JSP SQL injection vulnerability in debug/query_results.jsp in Idetix Software Systems Revize CMS allows remote attackers to execute arbitrary SQL commands via the query parameter. | 7.5 |
2005-11-21 | CVE-2005-3726 | Interspire | SQL Injection vulnerability in Interspire Articlelive NX 0.3 SQL injection vulnerability in Interspire ArticleLive NX 0.3 allows remote attackers to execute arbitrary SQL commands via the Query parameter. | 7.5 |
2005-11-21 | CVE-2005-3723 | Hitachi | Denial-Of-Service vulnerability in Hitachi Ip5000 Voip Wifi Phone 1.5.6 Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to disable access to (1) SNMP or (2) TCP port 3390, which allows remote attackers to modify configuration using CVE-2005-3722, or access the Unidata Shell to obtain sensitive information or cause a denial of service. | 7.5 |
2005-11-21 | CVE-2005-3722 | Hitachi | Remote Security vulnerability in Ip5000 Voip Wifi Phone The SNMP v1/v2c daemon in Hitachi IP5000 VOIP WIFI Phone 1.5.6 allows remote attackers to gain read or write access to system configuration using arbitrary SNMP credentials. | 7.5 |
2005-11-21 | CVE-2005-3718 | Utstarcom | Remote Access vulnerability in Utstarcom F1000 Voip Wifi Phone 2.0 UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 does not allow users to disable access to (1) SNMP or (2) the rlogin port TCP 513, which allows remote attackers to exploit other vulnerabilities such as CVE-2005-3716, or execute arbitrary shell commands via rlogin, which does not require authentication. | 7.5 |
2005-11-21 | CVE-2005-3717 | Utstarcom | Remote Access vulnerability in Utstarcom F1000 Voip Wifi Phone 2.0 The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has a default username "target" and password "password", which allows remote attackers to gain full access to the system. | 7.5 |
2005-11-21 | CVE-2005-3716 | Utstarcom | Use of Hard-coded Credentials vulnerability in Utstarcom F1000 Wi-Fi Firmware 2.0 The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive information. | 7.5 |
2005-11-21 | CVE-2005-3715 | Senao | Remote Debugger Access vulnerability in Senao Si-680H Wireless Voip Phone 1.7.0Firmware0.03.0839 Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839 leaves the VxWorks debugger UDP port 17185 available without authentication, which allows attackers to access the phone OS, obtain sensitive information, and cause a denial of service. | 7.5 |
2005-11-21 | CVE-2005-3698 | PHP Easy Download | Authentication Bypass vulnerability in PHP Easy Download Edit.PHP PHP Easy Download allows remote attackers to bypass authentication via edit.php. | 7.5 |
2005-11-21 | CVE-2005-3697 | Uresk Links | Authentication Bypass vulnerability in Uresk Links Uresk Links 2.0Lite Unspecified vulnerability in the administration interface in Uresk Links 2.0 Lite allows remote attackers to bypass authentication via unspecified vectors in index.php. | 7.5 |
2005-11-23 | CVE-2005-3779 | HP | Local Unauthorized Access vulnerability in HP Hp-Ux 11.00/11.11/11.23 Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 allows local users to gain privileges via unknown vectors. | 7.2 |
2005-11-22 | CVE-2005-3749 | IBM | Local Arbitrary Code Execution vulnerability in IBM AIX Diagela.SH Unspecified "absolute path vulnerabilities" in the diagela command (diagela.sh) in IBM AIX 5.2 and 5.3 have unknown impact and attack vectors. | 7.2 |
67 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-11-26 | CVE-2005-3812 | Freeftpd | Denial Of Service vulnerability in Freeftpd 1.0.10 freeFTPd 1.0.10 allows remote authenticated users to cause a denial of service (null dereference and crash) via a PORT command with missing arguments. | 6.8 |
2005-11-26 | CVE-2005-3820 | Vtiger | Input Validation vulnerability in VTiger CRM Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. | 6.4 |
2005-11-24 | CVE-2005-3804 | Cisco | Remote Debugger Access vulnerability in Cisco 7920 Wireless IP Phone 1.0(8)/2.0 Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support a VxWorks debugger, which allows remote attackers to obtain sensitive information and cause a denial of service. | 6.4 |
2005-11-21 | CVE-2005-3725 | Zyxel | Information Disclosure vulnerability in Zyxel Prestige 2000W V.1Voip Wi-Fi Phone Wj.00.10 Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. | 6.4 |
2005-11-21 | CVE-2005-3724 | Zyxel | Information Exposure vulnerability in Zyxel products Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication. | 6.4 |
2005-11-22 | CVE-2005-3759 | Horde | Cross-Site Scripting vulnerability in Horde Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments. | 5.8 |
2005-11-27 | CVE-2005-3847 | Linux Debian | Improper Locking vulnerability in multiple products The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up to other versions before 2.6.13 and 2.6.12.6 allows local users to cause a denial of service (deadlock) by sending a SIGKILL to a real-time threaded process while it is performing a core dump. | 5.5 |
2005-11-26 | CVE-2005-3832 | Speedproject | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Speedproject Speedcommander and Squeez Stack-based buffer overflow in (1) CxUux60.dll and (2) CxUux60u.dll, as used in SpeedProject products including (a) Squeez 5.0 Build 4285, and (b) SpeedCommander 11.0 Build 4430 and 10.51 Build 4430, allows user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename. | 5.1 |
2005-11-26 | CVE-2005-3831 | Speedproject | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Speedproject Speedcommander, Squeez and Zipstar Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, as used in SpeedProject products including (a) ZipStar 5.0 Build 4285, (b) Squeez 5.0 Build 4285, and (c) SpeedCommander 11.0 Build 4430 and 10.51 Build 4430, allows user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename. | 5.1 |
2005-11-24 | CVE-2005-3802 | Belkin | Unspecified vulnerability in Belkin F5D7230-4 and F5D7232-4 Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 and 4.05.03, when a legitimate administrator is logged into the web management interface, allow remote attackers to access the management interface without authentication. | 5.1 |
2005-11-22 | CVE-2005-3737 | Inkscape | Buffer Overflow vulnerability in Inkscape SVG Image Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values. | 5.1 |
2005-11-26 | CVE-2005-3830 | Activecampaign | Directory Traversal vulnerability in ActiveCampaign SupportTrio index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote attackers to read or include arbitrary files via the page parameter, possibly due to a directory traversal vulnerability. | 5.0 |
2005-11-26 | CVE-2005-3824 | Vtiger | Input Validation vulnerability in VTiger CRM The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action. | 5.0 |
2005-11-25 | CVE-2005-3811 | Amax Information Technologies | Unspecified vulnerability in Amax Information Technologies Magic Winmail Server Directory traversal vulnerability in admin/main.php in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to overwrite arbitrary files with session information via the sid parameter. | 5.0 |
2005-11-24 | CVE-2005-3800 | Macromedia | Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak algorithm to encrypt user password in connection keys that use shared FTP login credentials, which allows attackers to obtain sensitive information. | 5.0 |
2005-11-24 | CVE-2005-3799 | Phpbb Group | Information Disclosure vulnerability in PHPbb Group PHPbb 2.0.18 phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path. | 5.0 |
2005-11-24 | CVE-2005-3794 | Alstrasoft | Information Disclosure vulnerability in Alstrasoft Affiliate Network PRO 7.2 AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain sensitive information via a direct request to scripts such as (1) togateway.php and (2) other unspecified scripts. | 5.0 |
2005-11-24 | CVE-2005-3791 | Phpadsnew Phppgads | Remote Security vulnerability in phpAdsNew HTTP response splitting vulnerability in phpAdsNew and phpPgAds 2.0.6 and earlier allows remote attackers to inject arbitrary HTML headers via adclick.php and possibly other unspecified vectors. | 5.0 |
2005-11-24 | CVE-2005-3789 | Phpwcms | Unspecified vulnerability in PHPwcms 1.2.5Dev Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a .. | 5.0 |
2005-11-23 | CVE-2005-3785 | Gentoo | Unspecified vulnerability in Gentoo Linux EIX 0.3 Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix) before 0.5.0_pre2 allows local users to overwrite arbitrary files via a symlink attack on the exi.X.sync temporary file, which is processed by the diff-eix program. | 5.0 |
2005-11-23 | CVE-2005-3781 | SUN | Remote Denial of Service vulnerability in Sun Solaris In.Named Unspecified vulnerability in in.named in Solaris 9 allows attackers to cause a denial of service via unknown manipulations that cause in.named to "make unnecessary queries." | 5.0 |
2005-11-23 | CVE-2005-3778 | Mybulletinboard | Denial-Of-Service vulnerability in MyBulletinBoard Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0 PR2 Rev 686 allows attackers to cause a denial of service via unknown vectors. | 5.0 |
2005-11-23 | CVE-2005-3777 | Mybulletinboard | Remote Security vulnerability in Mybulletinboard Previewrelease2Rev686 MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to delete or move private messages (PM) via modified fields in the inbox form. | 5.0 |
2005-11-23 | CVE-2005-3774 | Cisco | Denial Of Service vulnerability in Cisco PIX 6.3/7.0 Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination. | 5.0 |
2005-11-22 | CVE-2005-3767 | Exponent | Unspecified vulnerability in Exponent Exponent CMS 0.96.3 and later versions does not properly restrict the types of uploaded files, which allows remote attackers to upload and execute PHP files. | 5.0 |
2005-11-22 | CVE-2005-3766 | Exponent | Remote Security vulnerability in Exponent Exponent CMS 0.96.3 and later versions stores sensitive user pages under the web document root with insufficient access control even though certain permissions are specified, which allows attackers to access the pages by browsing uploaded files. | 5.0 |
2005-11-22 | CVE-2005-3763 | Exponent | Information Disclosure vulnerability in Exponent Exponent CMS 0.96.3 and later versions includes the full installation path in the base parameter to thumb.php, which allows remote attackers to obtain sensitive information. | 5.0 |
2005-11-22 | CVE-2005-3756 | Remote vulnerability in Google Mini Search Appliance and Search Appliance Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports. | 5.0 | |
2005-11-22 | CVE-2005-3755 | Remote vulnerability in Google Mini Search Appliance and Search Appliance Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages. | 5.0 | |
2005-11-22 | CVE-2005-3747 | Mortbay | Information Exposure vulnerability in Mortbay Jetty Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash ("%5C") characters. | 5.0 |
2005-11-22 | CVE-2005-3739 | PHP Fusion | Remote Security vulnerability in PHP-Fusion Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and earlier allows remote attackers to obtain the full path via unspecified vectors. | 5.0 |
2005-11-21 | CVE-2005-3729 | Revize CMS | Information Disclosure vulnerability in Revize CMS Idetix Software Systems Revize CMS allows remote attackers to obtain sensitive information via direct requests to files in the revize/debug directory, such as (1) apptables.html and (2) main.html. | 5.0 |
2005-11-21 | CVE-2005-3728 | Revize CMS | Information Disclosure vulnerability in Revize CMS Revize.XML Idetix Software Systems Revize CMS stores conf/revize.xml under the web document root with insufficient access control, which allows remote attackers to obtain sensitive configuration information. | 5.0 |
2005-11-21 | CVE-2005-3721 | Hitachi | Remote Security vulnerability in Ip5000 Voip Wifi Phone The default configuration of the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not require authentication for sensitive configuration pages, which allows remote attackers to modify configuration. | 5.0 |
2005-11-21 | CVE-2005-3720 | Hitachi | Information Disclosure vulnerability in Hitachi Ip5000 Voip Wifi Phone 1.5.6 The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 lists sensitive information such as software versions. | 5.0 |
2005-11-21 | CVE-2005-3699 | Opera | Unspecified vulnerability in Opera Browser Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. | 5.0 |
2005-11-25 | CVE-2005-3808 | Linux | Local Integer Overflow vulnerability in Linux Kernel INVALIDATE_INODE_PAGES2 Integer overflow in the invalidate_inode_pages2_range function in mm/truncate.c in Linux kernel 2.6.11 to 2.6.14 allows local users to cause a denial of service (hang) via 64-bit mmap calls that are not properly handled on a 32-bit system. | 4.9 |
2005-11-24 | CVE-2005-3801 | Counterpane | Unspecified vulnerability in Counterpane Passwordsafe CounterPane PasswordSafe 1.x and 2.x allows local users to test possible encryption keys against a subset of the stored key data without performing the more expensive key derivation function (KDF) function, which reduces the search time in brute force attacks. | 4.6 |
2005-11-23 | CVE-2005-3786 | Novell | Remote Diagnostics Console One Unauthorized Access vulnerability in Novell ZENworks Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policies by using Console One. | 4.6 |
2005-11-21 | CVE-2005-3632 | Netpbm | Buffer Overflow vulnerability in NetPBM PNMToPNG Long Text Line Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow attackers to execute arbitrary code via a crafted PNM file. | 4.6 |
2005-11-21 | CVE-2005-3719 | Hitachi | Information Disclosure vulnerability in Hitachi Ip5000 Voip Wifi Phone 1.5.6 Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator password of "0000", which allows attackers with physical access to obtain sensitive information and modify the phone's configuration. | 4.6 |
2005-11-27 | CVE-2005-3854 | Easypagecms | Cross-Site Scripting vulnerability in Easypagecms Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | 4.3 |
2005-11-27 | CVE-2005-3851 | Onlinetechtools COM | Cross-Site Scripting vulnerability in Onlinetechtools.Com Oasys Lite 1.0 Cross-site scripting (XSS) vulnerability in search.asp in Online Attendance System (OASYS) Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via certain search parameters, possibly the keyword parameter. | 4.3 |
2005-11-27 | CVE-2005-3850 | Onlinetechtools COM | Cross-Site Scripting vulnerability in Onlinetechtools.Com Okbsys Lite 1.0 Cross-site scripting (XSS) vulnerability in search.asp in Online Knowledge Base System (OKBSYS) Lite Edition 1.0 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the q parameter. | 4.3 |
2005-11-27 | CVE-2005-3849 | Pmwiki | Cross-Site Scripting vulnerability in PmWiki Search Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 4.3 |
2005-11-26 | CVE-2005-3841 | Kplaylist | Cross-Site Scripting vulnerability in Kplaylist 1.6Build400 Cross-site scripting (XSS) vulnerability in kPlaylist 1.6 (build 400), and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the searchfor search parameter. | 4.3 |
2005-11-26 | CVE-2005-3839 | Supportpro | Cross-Site Scripting vulnerability in SupportPro SupportDesk Cross-site scripting (XSS) vulnerability in SupportPRO Supportdesk allows remote attackers to inject arbitrary web script or HTML via the (1) post tickers and (2) view tickets options. | 4.3 |
2005-11-26 | CVE-2005-3837 | Scssboard | Cross-Site Scripting vulnerability in SCSSBoard Search Module Cross-site scripting (XSS) vulnerability in the search module in sCssBoard 1.2 and 1.12, and earlier versions, allows remote attackers to inject arbitrary web script or HTML via the search_term parameter. | 4.3 |
2005-11-26 | CVE-2005-3834 | Tunez | Input Validation vulnerability in Tunez Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter. | 4.3 |
2005-11-26 | CVE-2005-3821 | Vtiger | Input Validation vulnerability in VTiger CRM Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the account name. | 4.3 |
2005-11-26 | CVE-2005-3818 | Vtiger | Input Validation vulnerability in VTiger CRM Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module. | 4.3 |
2005-11-24 | CVE-2005-3795 | Alstrasoft | Cross-Site Scripting vulnerability in Alstrasoft Affiliate Network PRO 7.2 Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to inject arbitrary web script or HTML via (1) the Err parameter in admin/index.php and the (2) firstname and (3) lastname parameters in index.php. | 4.3 |
2005-11-24 | CVE-2005-3790 | Phpwcms | Cross-Site Scripting vulnerability in PHPWCMS Multiple cross-site scripting (XSS) vulnerabilities in act_newsletter.php in phpwcms 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) i and (2) text parameters. | 4.3 |
2005-11-24 | CVE-2005-3787 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPMyAdmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog. | 4.3 |
2005-11-23 | CVE-2005-3776 | Mybulletinboard | Cross-Site Scripting vulnerability in Mybulletinboard Previewrelease2Rev686 Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allow remote attackers to inject arbitrary web script or HTML via (1) the subject field when creating a new thread and (2) information passed to the Reputation system. | 4.3 |
2005-11-23 | CVE-2005-3771 | Joomla | Input Validation vulnerability in Joomla Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) "GET and other variables" and (2) "SEF". | 4.3 |
2005-11-22 | CVE-2005-3761 | Exponent | Unspecified vulnerability in Exponent Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3 and later versions allows remote attackers to inject arbitrary web script or HTML via (1) Javascript in forms produced by the form generator or (2) the parameters to the installer. | 4.3 |
2005-11-22 | CVE-2005-3758 | Remote vulnerability in Google Mini Search Appliance and Search Appliance Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet. | 4.3 | |
2005-11-22 | CVE-2005-3754 | Remote vulnerability in Google Mini Search Appliance and Search Appliance Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the resulting error message. | 4.3 | |
2005-11-22 | CVE-2005-3751 | Apsis | Cross-Site Scripting vulnerability in Pound HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers. | 4.3 |
2005-11-22 | CVE-2005-3742 | Advanced Poll | Cross-Site Scripting vulnerability in Advanced Poll Advanced Poll 2.0.2 Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the poll_ident parameter. | 4.3 |
2005-11-22 | CVE-2005-3736 | Coastal Data Management | Unspecified vulnerability in Coastal Data Management E-Quick Cart Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart allow remote attackers to inject arbitrary web script or HTML via the (1) strgifttoname parameter in shopgift.asp, (2) strfirstname parameter in shopmaillist.asp, (3) strpid parameter in shopprojectlogin.asp, and (4) Custname parameter in shoptellafriend.asp. | 4.3 |
2005-11-22 | CVE-2005-3734 | Phpmyfaq | Cross-Site Scripting vulnerability in PHPMyFAQ Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters. | 4.3 |
2005-11-21 | CVE-2005-2339 | Msearch | Cross-Site Scripting vulnerability in Msearch Unicode Msearch 1.51U1/1.51U1Beta1/1.52U1 Cross-site scripting (XSS) vulnerability in the Unicode version of msearch (unicode-msearch) 1.51(U1)-beta1, 1.51(U1), and 1.52(U1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2005-11-21 | CVE-2005-3730 | Revize CMS | Cross-Site Scripting vulnerability in Revize CMS HTTPTranslatorServlet Multiple cross-site scripting (XSS) vulnerabilities in HTTPTranslatorServlet in Idetix Software Systems Revize CMS allow remote attackers to inject arbitrary web script or HTML via the (1) resourcetype, (2) objectmap, and (3) redirect parameters, possibly involving setWebSpace.jsp. | 4.3 |
2005-11-27 | CVE-2005-3856 | Krusader | Remote Security vulnerability in Krusader 1.60.0/1.70.0Beta1 The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and 1.70.0-beta1 saves passwords in cleartext in the krusaderrc file when the user enters URLs containing passwords in the panel URL field, which might allow attackers to access other sites. | 4.0 |
2005-11-26 | CVE-2005-3813 | Mailenable | Remote Denial of Service vulnerability in MailEnable IMAP Rename Request IMAP service (meimaps.exe) of MailEnable Professional 1.7 and Enterprise 1.1 allows remote authenticated attackers to cause a denial of service (application crash) by using RENAME with a non-existent mailbox, a different vulnerability than CVE-2005-3690. | 4.0 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-11-22 | CVE-2005-3738 | Mambo | Remote File Include vulnerability in Mambo Open Source globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion. | 2.6 |
2005-11-23 | CVE-2005-3531 | Miklos Szeredi | Unspecified vulnerability in Miklos Szeredi Fuse fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain special characters. | 2.1 |