Weekly Vulnerabilities Reports > November 21 to 27, 2005

Overview

138 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 65 high severity vulnerabilities. This weekly summary report vulnerabilities in 119 products from 86 vendors including Vtiger, Exponent, Linux, Alstrasoft, and Google. Vulnerabilities are notably categorized as "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Use of Hard-coded Credentials", "Information Exposure", and "Code Injection".

  • 129 reported vulnerabilities are remotely exploitables.
  • 6 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 134 reported vulnerabilities are exploitable by an anonymous user.
  • Vtiger has the most reported vulnerabilities, with 7 reported vulnerabilities.
  • Joomla has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

4 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-11-23 CVE-2005-3773 Joomla Input Validation vulnerability in Joomla

Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact and attack vectors, related to "Potential misuse of Media component file management functions."

10.0
2005-11-22 CVE-2005-3764 Exponent Remote Security vulnerability in Exponent

The image gallery (imagegallery) component in Exponent CMS 0.96.3 and later versions does not properly check the MIME type of uploaded files, with unknown impact from the preview icon, possibly involving injection of HTML.

10.0
2005-11-22 CVE-2005-3752 Ldapdiff Remote Security vulnerability in Ldapdiff

Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact and attack vectors, related to "ldapdiff.conf path construction".

10.0
2005-11-21 CVE-2005-3731 Yassl Certificate Chain Processing vulnerability in yaSSL

Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and attack vectors, related to "certificate chain processing."

10.0

65 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-11-27 CVE-2005-3858 Linux Remote Denial Of Service vulnerability in Linux Kernel IP6_Input_Finish

Memory leak in the ip6_input_finish function in ip6_input.c in Linux kernel 2.6.12 and earlier might allow attackers to cause a denial of service via malformed IPv6 packets with unspecified parameter problems, which prevents the SKB from being freed.

7.8
2005-11-26 CVE-2005-3829 Activecampaign SQL-Injection vulnerability in Activecampaign Knowledgebuilder 2.4

index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an invalid category parameter, which causes a large number of SQL queries to be processed.

7.8
2005-11-25 CVE-2005-3810 Linux Denial-Of-Service vulnerability in kernel

ip_conntrack_proto_icmp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via a message without ICMP ID (ICMP_ID) information, which leads to a null dereference.

7.8
2005-11-25 CVE-2005-3809 Linux Denial-Of-Service vulnerability in kernel

The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via an update message without private protocol information, which triggers a null dereference.

7.8
2005-11-22 CVE-2005-3760 IBM Buffer Errors vulnerability in IBM Websphere Application Server 5.0

Double free vulnerability in the BBOORB module in IBM WebSphere Application Server for z/OS 5.0 allows attackers to cause a denial of service (ABEND).

7.8
2005-11-22 CVE-2005-3753 Linux Denial-Of-Service vulnerability in kernel

Linux kernel before after 2.6.12 and before 2.6.13.1 might allow attackers to cause a denial of service (Oops) via certain IPSec packets that cause alignment problems in standard multi-block cipher processors.

7.8
2005-11-21 CVE-2005-3732 Ipsec Tools Resource Management Errors vulnerability in Ipsec-Tools

The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in racoon in ipsec-tools before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

7.8
2005-11-27 CVE-2005-3855 Easybe SQL Injection vulnerability in Easybe 1-2-3 Music Store 1.0

SQL injection vulnerability in process.php in 1-2-3 music store allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter.

7.5
2005-11-27 CVE-2005-3853 Solucija SQL-Injection vulnerability in Solucija Snews 1.2

SQL injection vulnerability in snews.php in sNews 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category parameters to index.php.

7.5
2005-11-27 CVE-2005-3852 Onlinetechtools COM SQL-Injection vulnerability in Onlinetechtools.Com Owos Lite 3.0

SQL injection vulnerability in search.asp in Online Work Order Suite (OWOS) Lite Edition for ASP 3.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter.

7.5
2005-11-26 CVE-2005-3846 Fscripts SQL Injection vulnerability in Fantastic Scripts Fantastic News News.PHP

SQL injection vulnerability in news.php in Fantastic News 2.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.

7.5
2005-11-26 CVE-2005-3845 Ezinvoiceinc SQL Injection vulnerability in Ezinvoiceinc EZ Invoice INC 2.0

SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allows remote attackers to execute arbitrary SQL commands via the i parameter.

7.5
2005-11-26 CVE-2005-3844 Phpwordpress SQL Injection vulnerability in PHPwordpress PHP News and Article Manager 3.0

SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action.

7.5
2005-11-26 CVE-2005-3843 Nicecoder SQL Injection vulnerability in Nicecoder Idesk 1.0

SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

7.5
2005-11-26 CVE-2005-3842 Pdjkeelan COM SQL Injection vulnerability in Pdjkeelan.Com Pdjk-Support Suite 1.1A

SQL injection vulnerability in index.php in pdjk-support suite 1.1a and earlier allows remote attackers to execute arbitrary SQL commands via the (1) rowstart, (2) news_id, and (3) faq_id parameters.

7.5
2005-11-26 CVE-2005-3840 Omnistar Interactive SQL Injection vulnerability in Omnistar Interactive Omnistar Live

SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category_id parameter.

7.5
2005-11-26 CVE-2005-3838 Isolsoft SQL Injection vulnerability in Isolsoft Support Center 2.2

Multiple SQL injection vulnerabilities in search.php in IsolSoft Support Center 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) lorder, (2) Priority, (3) Status, (4) Category, (5) searchvalue, and (6) field parameter.

7.5
2005-11-26 CVE-2005-3836 Desklance SQL-Injection vulnerability in Desklance

SQL injection vulnerability in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the announce parameter.

7.5
2005-11-26 CVE-2005-3835 Desklance Code Injection vulnerability in Desklance

PHP remote file inclusion vulnerability in support/index.php in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the main parameter.

7.5
2005-11-26 CVE-2005-3833 Tunez Input Validation vulnerability in Tunez

SQL injection vulnerability in songinfo.php in Tunez 1.21 and earlier allows remote attackers to execute arbitrary SQL commands via the song_id parameter.

7.5
2005-11-26 CVE-2005-3828 Activecampaign SQL-Injection vulnerability in Activecampaign Knowledgebuilder 2.4

SQL injection vulnerability in index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the article parameter.

7.5
2005-11-26 CVE-2005-3827 Agileco SQL Injection vulnerability in AgileBill Product_Cat

SQL injection vulnerability in product_cat in AgileBill 1.4.92 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2005-11-26 CVE-2005-3826 EZY Helpdesk SQL Injection vulnerability in EZY Helpdesk Ezyhelpdesk 1.0

Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) edit_id, (2) faq_id, and (3) c_id parameters in a query string, and (4) the search engine, possibly involving the search_string parameter.

7.5
2005-11-26 CVE-2005-3825 Comdev SQL Injection vulnerability in Comdev Vote Caster

SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a result action.

7.5
2005-11-26 CVE-2005-3823 Vtiger Input Validation vulnerability in VTiger CRM

The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function.

7.5
2005-11-26 CVE-2005-3822 Vtiger Input Validation vulnerability in VTiger CRM

Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module.

7.5
2005-11-26 CVE-2005-3819 Vtiger Input Validation vulnerability in VTiger CRM

Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the (1) user_name and (2) date parameter in the HelpDesk module.

7.5
2005-11-26 CVE-2005-3817 Softbiz SQL Injection vulnerability in Softbiz web Hosting Directory Script

Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module.

7.5
2005-11-26 CVE-2005-3816 Zoneo Soft SQL Injection vulnerability in FreeForum

Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 and earlier and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter or (2) thread parameter in thread mode.

7.5
2005-11-26 CVE-2005-3815 Greywyvern SQL Injection vulnerability in Orca Forum Forum.PHP

SQL injection vulnerability in forum.php in Orca Forum 4.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter.

7.5
2005-11-24 CVE-2005-3803 Cisco Use of Hard-coded Credentials vulnerability in Cisco Unified Wireless IP Phone 7920 Firmware 1.0(8)

Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information.

7.5
2005-11-24 CVE-2005-3798 Alstrasoft Unspecified vulnerability in Alstrasoft Template Seller 3.25

SQL injection vulnerability in admin/index.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary SQL commands via the username field.

7.5
2005-11-24 CVE-2005-3797 Alstrasoft Remote File Include vulnerability in Alstrasoft Template Seller 3.25

PHP remote file inclusion vulnerability in payment_paypal.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary PHP code via the config[basepath] parameter.

7.5
2005-11-24 CVE-2005-3796 Alstrasoft Remote Security vulnerability in Alstrasoft Affiliate Network PRO 7.2

Direct static code injection vulnerability in admin_options_manage.php in AlstraSoft Affiliate Network Pro 7.2 allows attackers to execute arbitrary PHP code via the number parameter.

7.5
2005-11-24 CVE-2005-3793 Alstrasoft SQL-Injection vulnerability in Alstrasoft Affiliate Network PRO 7.2

Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to bypass authentication and execute arbitrary SQL commands via the (1) username or (2) password to admin/admin_validate_login, or the (3) login, (4) password, and (5) flag parameters to login_validate.php.

7.5
2005-11-24 CVE-2005-3792 Francisco Burzi SQL Injection vulnerability in PHPNuke Search Module

Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type.

7.5
2005-11-23 CVE-2005-3780 Ipupdate Remote Buffer Overflow vulnerability in IPUpdate

Multiple buffer overflows in IPUpdate 1.1 might allow attackers to execute arbitrary code via (1) memmcat in the memm module or (2) certain TSIG format records.

7.5
2005-11-23 CVE-2005-3775 Pollvote Code Injection vulnerability in Pollvote

PHP remote file inclusion vulnerability in pollvote.php in PollVote allows remote attackers to include arbitrary files via a URL in the pollname parameter.

7.5
2005-11-23 CVE-2005-3772 Joomla Input Validation vulnerability in Joomla

Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the (1) Itemid variable in the Polls modules and (2) multiple unspecified methods in the mosDBTable class.

7.5
2005-11-23 CVE-2005-3769 PHP Download Manager SQL Injection vulnerability in PHP Download Manager PHP Download Manager 1.1/1.1.2/1.1.3

SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2005-11-23 CVE-2005-3768 Symantec Denial-Of-Service vulnerability in Gateway Security 400

Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Services, as used in Enterprise Firewall, Gateway Security, and Firewall /VPN Appliance products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

7.5
2005-11-22 CVE-2005-3765 Exponent Improper File Permission vulnerability in Exponent Content Management System

Exponent CMS 0.96.3 and later versions performs a chmod on uploaded files to give them execute permissions, which allows remote attackers to execute arbitrary code.

7.5
2005-11-22 CVE-2005-3762 Exponent SQL Injection vulnerability in Exponent CMS

SQL injection vulnerability in the navigation module (navigationmodule) in Exponent CMS 0.96.3 and later versions allows remote attackers to execute arbitrary SQL commands via the parent parameter.

7.5
2005-11-22 CVE-2005-3757 Google Remote vulnerability in Google Mini Search Appliance and Search Appliance

The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.

7.5
2005-11-22 CVE-2005-3750 Opera Injection vulnerability in Opera Browser

Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via shell metacharacters (backticks) in a URL that another product provides in a command line argument when launching Opera.

7.5
2005-11-22 CVE-2005-3748 TRU Zone SQL Injection vulnerability in Tru-Zone Nukeet 3.0/3.1/3.2

SQL injection vulnerability in the Search module in Tru-Zone Nuke ET 3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the query parameter.

7.5
2005-11-22 CVE-2005-3746 Apboard SQL Injection vulnerability in APBoard Thread.PHP

SQL injection vulnerability in thread.php in APBoard allows remote attackers to execute arbitrary SQL commands via the start parameter.

7.5
2005-11-22 CVE-2005-3744 Phpcomasy SQL Injection vulnerability in PHPcomasy 0.7.4

SQL injection vulnerability in index.php in phpComasy 0.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2005-11-22 CVE-2005-3743 Simplepoll SQL Injection vulnerability in SimplePoll Results.PHP

SQL injection vulnerability in results.php in SimplePoll allows remote attackers to execute arbitrary SQL commands via the pollid parameter.

7.5
2005-11-22 CVE-2005-3741 Almondsoft Unspecified vulnerability in Almondsoft Almond Classifieds

Almond Classifieds does not properly verify the password, which allows attackers to bypass access restrictions.

7.5
2005-11-22 CVE-2005-3740 PHP Fusion SQL Injection vulnerability in PHP-Fusion Options.php and Viewforum.php

Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter to options.php or (2) lastvisited parameter to viewforum.php.

7.5
2005-11-22 CVE-2005-3735 Coastal Data Management SQL Injection vulnerability in e-Quick Cart

Multiple SQL injection vulnerabilities in e-Quick Cart allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in shopaddtocart.asp, (2) strpemail parameter in shopprojectlogin.asp, and (3) id parameter in shoptellafriend.asp.

7.5
2005-11-21 CVE-2005-3733 Juniper Multiple Unspecified vulnerability in Juniper Networks Routers ISAKMP IKE Traffic

The Internet Key Exchange version 1 (IKEv1) implementation in Juniper JUNOS and JUNOSe software for M, T, and J-series routers before release 6.4, and E-series routers before 7-1-0, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

7.5
2005-11-21 CVE-2005-3727 Revize CMS SQL Injection vulnerability in Revize CMS Query_results.JSP

SQL injection vulnerability in debug/query_results.jsp in Idetix Software Systems Revize CMS allows remote attackers to execute arbitrary SQL commands via the query parameter.

7.5
2005-11-21 CVE-2005-3726 Interspire SQL Injection vulnerability in Interspire Articlelive NX 0.3

SQL injection vulnerability in Interspire ArticleLive NX 0.3 allows remote attackers to execute arbitrary SQL commands via the Query parameter.

7.5
2005-11-21 CVE-2005-3723 Hitachi Denial-Of-Service vulnerability in Hitachi Ip5000 Voip Wifi Phone 1.5.6

Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to disable access to (1) SNMP or (2) TCP port 3390, which allows remote attackers to modify configuration using CVE-2005-3722, or access the Unidata Shell to obtain sensitive information or cause a denial of service.

7.5
2005-11-21 CVE-2005-3722 Hitachi Remote Security vulnerability in Ip5000 Voip Wifi Phone

The SNMP v1/v2c daemon in Hitachi IP5000 VOIP WIFI Phone 1.5.6 allows remote attackers to gain read or write access to system configuration using arbitrary SNMP credentials.

7.5
2005-11-21 CVE-2005-3718 Utstarcom Remote Access vulnerability in Utstarcom F1000 Voip Wifi Phone 2.0

UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 does not allow users to disable access to (1) SNMP or (2) the rlogin port TCP 513, which allows remote attackers to exploit other vulnerabilities such as CVE-2005-3716, or execute arbitrary shell commands via rlogin, which does not require authentication.

7.5
2005-11-21 CVE-2005-3717 Utstarcom Remote Access vulnerability in Utstarcom F1000 Voip Wifi Phone 2.0

The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has a default username "target" and password "password", which allows remote attackers to gain full access to the system.

7.5
2005-11-21 CVE-2005-3716 Utstarcom Use of Hard-coded Credentials vulnerability in Utstarcom F1000 Wi-Fi Firmware 2.0

The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive information.

7.5
2005-11-21 CVE-2005-3715 Senao Remote Debugger Access vulnerability in Senao Si-680H Wireless Voip Phone 1.7.0Firmware0.03.0839

Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839 leaves the VxWorks debugger UDP port 17185 available without authentication, which allows attackers to access the phone OS, obtain sensitive information, and cause a denial of service.

7.5
2005-11-21 CVE-2005-3698 PHP Easy Download Authentication Bypass vulnerability in PHP Easy Download Edit.PHP

PHP Easy Download allows remote attackers to bypass authentication via edit.php.

7.5
2005-11-21 CVE-2005-3697 Uresk Links Authentication Bypass vulnerability in Uresk Links Uresk Links 2.0Lite

Unspecified vulnerability in the administration interface in Uresk Links 2.0 Lite allows remote attackers to bypass authentication via unspecified vectors in index.php.

7.5
2005-11-23 CVE-2005-3779 HP Local Unauthorized Access vulnerability in HP Hp-Ux 11.00/11.11/11.23

Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 allows local users to gain privileges via unknown vectors.

7.2
2005-11-22 CVE-2005-3749 IBM Local Arbitrary Code Execution vulnerability in IBM AIX Diagela.SH

Unspecified "absolute path vulnerabilities" in the diagela command (diagela.sh) in IBM AIX 5.2 and 5.3 have unknown impact and attack vectors.

7.2

67 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-11-26 CVE-2005-3812 Freeftpd Denial Of Service vulnerability in Freeftpd 1.0.10

freeFTPd 1.0.10 allows remote authenticated users to cause a denial of service (null dereference and crash) via a PORT command with missing arguments.

6.8
2005-11-26 CVE-2005-3820 Vtiger Input Validation vulnerability in VTiger CRM

Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via ..

6.4
2005-11-24 CVE-2005-3804 Cisco Remote Debugger Access vulnerability in Cisco 7920 Wireless IP Phone 1.0(8)/2.0

Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support a VxWorks debugger, which allows remote attackers to obtain sensitive information and cause a denial of service.

6.4
2005-11-21 CVE-2005-3725 Zyxel Information Disclosure vulnerability in Zyxel Prestige 2000W V.1Voip Wi-Fi Phone Wj.00.10

Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers.

6.4
2005-11-21 CVE-2005-3724 Zyxel Information Exposure vulnerability in Zyxel products

Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication.

6.4
2005-11-22 CVE-2005-3759 Horde Cross-Site Scripting vulnerability in Horde

Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.

5.8
2005-11-27 CVE-2005-3847 Linux
Debian
Improper Locking vulnerability in multiple products

The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up to other versions before 2.6.13 and 2.6.12.6 allows local users to cause a denial of service (deadlock) by sending a SIGKILL to a real-time threaded process while it is performing a core dump.

5.5
2005-11-26 CVE-2005-3832 Speedproject Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Speedproject Speedcommander and Squeez

Stack-based buffer overflow in (1) CxUux60.dll and (2) CxUux60u.dll, as used in SpeedProject products including (a) Squeez 5.0 Build 4285, and (b) SpeedCommander 11.0 Build 4430 and 10.51 Build 4430, allows user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename.

5.1
2005-11-26 CVE-2005-3831 Speedproject Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Speedproject Speedcommander, Squeez and Zipstar

Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, as used in SpeedProject products including (a) ZipStar 5.0 Build 4285, (b) Squeez 5.0 Build 4285, and (c) SpeedCommander 11.0 Build 4430 and 10.51 Build 4430, allows user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename.

5.1
2005-11-24 CVE-2005-3802 Belkin Unspecified vulnerability in Belkin F5D7230-4 and F5D7232-4

Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 and 4.05.03, when a legitimate administrator is logged into the web management interface, allow remote attackers to access the management interface without authentication.

5.1
2005-11-22 CVE-2005-3737 Inkscape Buffer Overflow vulnerability in Inkscape SVG Image

Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.

5.1
2005-11-26 CVE-2005-3830 Activecampaign Directory Traversal vulnerability in ActiveCampaign SupportTrio

index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote attackers to read or include arbitrary files via the page parameter, possibly due to a directory traversal vulnerability.

5.0
2005-11-26 CVE-2005-3824 Vtiger Input Validation vulnerability in VTiger CRM

The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action.

5.0
2005-11-25 CVE-2005-3811 Amax Information Technologies Unspecified vulnerability in Amax Information Technologies Magic Winmail Server

Directory traversal vulnerability in admin/main.php in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to overwrite arbitrary files with session information via the sid parameter.

5.0
2005-11-24 CVE-2005-3800 Macromedia Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak algorithm to encrypt user password in connection keys that use shared FTP login credentials, which allows attackers to obtain sensitive information.
5.0
2005-11-24 CVE-2005-3799 Phpbb Group Information Disclosure vulnerability in PHPbb Group PHPbb 2.0.18

phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path.

5.0
2005-11-24 CVE-2005-3794 Alstrasoft Information Disclosure vulnerability in Alstrasoft Affiliate Network PRO 7.2

AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain sensitive information via a direct request to scripts such as (1) togateway.php and (2) other unspecified scripts.

5.0
2005-11-24 CVE-2005-3791 Phpadsnew
Phppgads
Remote Security vulnerability in phpAdsNew

HTTP response splitting vulnerability in phpAdsNew and phpPgAds 2.0.6 and earlier allows remote attackers to inject arbitrary HTML headers via adclick.php and possibly other unspecified vectors.

5.0
2005-11-24 CVE-2005-3789 Phpwcms Unspecified vulnerability in PHPwcms 1.2.5Dev

Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a ..

5.0
2005-11-23 CVE-2005-3785 Gentoo Unspecified vulnerability in Gentoo Linux EIX 0.3

Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix) before 0.5.0_pre2 allows local users to overwrite arbitrary files via a symlink attack on the exi.X.sync temporary file, which is processed by the diff-eix program.

5.0
2005-11-23 CVE-2005-3781 SUN Remote Denial of Service vulnerability in Sun Solaris In.Named

Unspecified vulnerability in in.named in Solaris 9 allows attackers to cause a denial of service via unknown manipulations that cause in.named to "make unnecessary queries."

5.0
2005-11-23 CVE-2005-3778 Mybulletinboard Denial-Of-Service vulnerability in MyBulletinBoard

Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0 PR2 Rev 686 allows attackers to cause a denial of service via unknown vectors.

5.0
2005-11-23 CVE-2005-3777 Mybulletinboard Remote Security vulnerability in Mybulletinboard Previewrelease2Rev686

MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to delete or move private messages (PM) via modified fields in the inbox form.

5.0
2005-11-23 CVE-2005-3774 Cisco Denial Of Service vulnerability in Cisco PIX 6.3/7.0

Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination.

5.0
2005-11-22 CVE-2005-3767 Exponent Unspecified vulnerability in Exponent

Exponent CMS 0.96.3 and later versions does not properly restrict the types of uploaded files, which allows remote attackers to upload and execute PHP files.

5.0
2005-11-22 CVE-2005-3766 Exponent Remote Security vulnerability in Exponent

Exponent CMS 0.96.3 and later versions stores sensitive user pages under the web document root with insufficient access control even though certain permissions are specified, which allows attackers to access the pages by browsing uploaded files.

5.0
2005-11-22 CVE-2005-3763 Exponent Information Disclosure vulnerability in Exponent

Exponent CMS 0.96.3 and later versions includes the full installation path in the base parameter to thumb.php, which allows remote attackers to obtain sensitive information.

5.0
2005-11-22 CVE-2005-3756 Google Remote vulnerability in Google Mini Search Appliance and Search Appliance

Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports.

5.0
2005-11-22 CVE-2005-3755 Google Remote vulnerability in Google Mini Search Appliance and Search Appliance

Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages.

5.0
2005-11-22 CVE-2005-3747 Mortbay Information Exposure vulnerability in Mortbay Jetty

Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash ("%5C") characters.

5.0
2005-11-22 CVE-2005-3739 PHP Fusion Remote Security vulnerability in PHP-Fusion

Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and earlier allows remote attackers to obtain the full path via unspecified vectors.

5.0
2005-11-21 CVE-2005-3729 Revize CMS Information Disclosure vulnerability in Revize CMS

Idetix Software Systems Revize CMS allows remote attackers to obtain sensitive information via direct requests to files in the revize/debug directory, such as (1) apptables.html and (2) main.html.

5.0
2005-11-21 CVE-2005-3728 Revize CMS Information Disclosure vulnerability in Revize CMS Revize.XML

Idetix Software Systems Revize CMS stores conf/revize.xml under the web document root with insufficient access control, which allows remote attackers to obtain sensitive configuration information.

5.0
2005-11-21 CVE-2005-3721 Hitachi Remote Security vulnerability in Ip5000 Voip Wifi Phone

The default configuration of the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not require authentication for sensitive configuration pages, which allows remote attackers to modify configuration.

5.0
2005-11-21 CVE-2005-3720 Hitachi Information Disclosure vulnerability in Hitachi Ip5000 Voip Wifi Phone 1.5.6

The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 lists sensitive information such as software versions.

5.0
2005-11-21 CVE-2005-3699 Opera Unspecified vulnerability in Opera Browser

Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.

5.0
2005-11-25 CVE-2005-3808 Linux Local Integer Overflow vulnerability in Linux Kernel INVALIDATE_INODE_PAGES2

Integer overflow in the invalidate_inode_pages2_range function in mm/truncate.c in Linux kernel 2.6.11 to 2.6.14 allows local users to cause a denial of service (hang) via 64-bit mmap calls that are not properly handled on a 32-bit system.

4.9
2005-11-24 CVE-2005-3801 Counterpane Unspecified vulnerability in Counterpane Passwordsafe

CounterPane PasswordSafe 1.x and 2.x allows local users to test possible encryption keys against a subset of the stored key data without performing the more expensive key derivation function (KDF) function, which reduces the search time in brute force attacks.

4.6
2005-11-23 CVE-2005-3786 Novell Remote Diagnostics Console One Unauthorized Access vulnerability in Novell ZENworks

Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policies by using Console One.

4.6
2005-11-21 CVE-2005-3632 Netpbm Buffer Overflow vulnerability in NetPBM PNMToPNG Long Text Line

Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow attackers to execute arbitrary code via a crafted PNM file.

4.6
2005-11-21 CVE-2005-3719 Hitachi Information Disclosure vulnerability in Hitachi Ip5000 Voip Wifi Phone 1.5.6

Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator password of "0000", which allows attackers with physical access to obtain sensitive information and modify the phone's configuration.

4.6
2005-11-27 CVE-2005-3854 Easypagecms Cross-Site Scripting vulnerability in Easypagecms

Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

4.3
2005-11-27 CVE-2005-3851 Onlinetechtools COM Cross-Site Scripting vulnerability in Onlinetechtools.Com Oasys Lite 1.0

Cross-site scripting (XSS) vulnerability in search.asp in Online Attendance System (OASYS) Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via certain search parameters, possibly the keyword parameter.

4.3
2005-11-27 CVE-2005-3850 Onlinetechtools COM Cross-Site Scripting vulnerability in Onlinetechtools.Com Okbsys Lite 1.0

Cross-site scripting (XSS) vulnerability in search.asp in Online Knowledge Base System (OKBSYS) Lite Edition 1.0 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the q parameter.

4.3
2005-11-27 CVE-2005-3849 Pmwiki Cross-Site Scripting vulnerability in PmWiki Search

Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

4.3
2005-11-26 CVE-2005-3841 Kplaylist Cross-Site Scripting vulnerability in Kplaylist 1.6Build400

Cross-site scripting (XSS) vulnerability in kPlaylist 1.6 (build 400), and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the searchfor search parameter.

4.3
2005-11-26 CVE-2005-3839 Supportpro Cross-Site Scripting vulnerability in SupportPro SupportDesk

Cross-site scripting (XSS) vulnerability in SupportPRO Supportdesk allows remote attackers to inject arbitrary web script or HTML via the (1) post tickers and (2) view tickets options.

4.3
2005-11-26 CVE-2005-3837 Scssboard Cross-Site Scripting vulnerability in SCSSBoard Search Module

Cross-site scripting (XSS) vulnerability in the search module in sCssBoard 1.2 and 1.12, and earlier versions, allows remote attackers to inject arbitrary web script or HTML via the search_term parameter.

4.3
2005-11-26 CVE-2005-3834 Tunez Input Validation vulnerability in Tunez

Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter.

4.3
2005-11-26 CVE-2005-3821 Vtiger Input Validation vulnerability in VTiger CRM

Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the account name.

4.3
2005-11-26 CVE-2005-3818 Vtiger Input Validation vulnerability in VTiger CRM

Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module.

4.3
2005-11-24 CVE-2005-3795 Alstrasoft Cross-Site Scripting vulnerability in Alstrasoft Affiliate Network PRO 7.2

Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to inject arbitrary web script or HTML via (1) the Err parameter in admin/index.php and the (2) firstname and (3) lastname parameters in index.php.

4.3
2005-11-24 CVE-2005-3790 Phpwcms Cross-Site Scripting vulnerability in PHPWCMS

Multiple cross-site scripting (XSS) vulnerabilities in act_newsletter.php in phpwcms 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) i and (2) text parameters.

4.3
2005-11-24 CVE-2005-3787 Phpmyadmin Cross-Site Scripting vulnerability in PHPMyAdmin

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog.

4.3
2005-11-23 CVE-2005-3776 Mybulletinboard Cross-Site Scripting vulnerability in Mybulletinboard Previewrelease2Rev686

Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allow remote attackers to inject arbitrary web script or HTML via (1) the subject field when creating a new thread and (2) information passed to the Reputation system.

4.3
2005-11-23 CVE-2005-3771 Joomla Input Validation vulnerability in Joomla

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) "GET and other variables" and (2) "SEF".

4.3
2005-11-22 CVE-2005-3761 Exponent Unspecified vulnerability in Exponent

Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3 and later versions allows remote attackers to inject arbitrary web script or HTML via (1) Javascript in forms produced by the form generator or (2) the parameters to the installer.

4.3
2005-11-22 CVE-2005-3758 Google Remote vulnerability in Google Mini Search Appliance and Search Appliance

Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet.

4.3
2005-11-22 CVE-2005-3754 Google Remote vulnerability in Google Mini Search Appliance and Search Appliance

Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the resulting error message.

4.3
2005-11-22 CVE-2005-3751 Apsis Cross-Site Scripting vulnerability in Pound

HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers.

4.3
2005-11-22 CVE-2005-3742 Advanced Poll Cross-Site Scripting vulnerability in Advanced Poll Advanced Poll 2.0.2

Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the poll_ident parameter.

4.3
2005-11-22 CVE-2005-3736 Coastal Data Management Unspecified vulnerability in Coastal Data Management E-Quick Cart

Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart allow remote attackers to inject arbitrary web script or HTML via the (1) strgifttoname parameter in shopgift.asp, (2) strfirstname parameter in shopmaillist.asp, (3) strpid parameter in shopprojectlogin.asp, and (4) Custname parameter in shoptellafriend.asp.

4.3
2005-11-22 CVE-2005-3734 Phpmyfaq Cross-Site Scripting vulnerability in PHPMyFAQ

Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters.

4.3
2005-11-21 CVE-2005-2339 Msearch Cross-Site Scripting vulnerability in Msearch Unicode Msearch 1.51U1/1.51U1Beta1/1.52U1

Cross-site scripting (XSS) vulnerability in the Unicode version of msearch (unicode-msearch) 1.51(U1)-beta1, 1.51(U1), and 1.52(U1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2005-11-21 CVE-2005-3730 Revize CMS Cross-Site Scripting vulnerability in Revize CMS HTTPTranslatorServlet

Multiple cross-site scripting (XSS) vulnerabilities in HTTPTranslatorServlet in Idetix Software Systems Revize CMS allow remote attackers to inject arbitrary web script or HTML via the (1) resourcetype, (2) objectmap, and (3) redirect parameters, possibly involving setWebSpace.jsp.

4.3
2005-11-27 CVE-2005-3856 Krusader Remote Security vulnerability in Krusader 1.60.0/1.70.0Beta1

The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and 1.70.0-beta1 saves passwords in cleartext in the krusaderrc file when the user enters URLs containing passwords in the panel URL field, which might allow attackers to access other sites.

4.0
2005-11-26 CVE-2005-3813 Mailenable Remote Denial of Service vulnerability in MailEnable IMAP Rename Request

IMAP service (meimaps.exe) of MailEnable Professional 1.7 and Enterprise 1.1 allows remote authenticated attackers to cause a denial of service (application crash) by using RENAME with a non-existent mailbox, a different vulnerability than CVE-2005-3690.

4.0

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-11-22 CVE-2005-3738 Mambo Remote File Include vulnerability in Mambo Open Source

globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.

2.6
2005-11-23 CVE-2005-3531 Miklos Szeredi Unspecified vulnerability in Miklos Szeredi Fuse

fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain special characters.

2.1