Weekly Vulnerabilities Reports > November 28 to December 4, 2005
Overview
133 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 87 high severity vulnerabilities. This weekly summary report vulnerabilities in 142 products from 97 vendors including Apple, Gadu Gadu, SUN, Webcalendar, and Microsoft. Vulnerabilities are notably categorized as "SQL Injection", "Code Injection", "Cross-site Scripting", "Numeric Errors", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 127 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 131 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 7 reported vulnerabilities.
- Dotclear has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-12-01 | CVE-2005-3957 | Dotclear | Trackback vulnerability in Dotclear 1.2.1 Unspecified vulnerability in the Trackback functionality in DotClear 1.2.1 has unknown impact and attack vectors. | 10.0 |
87 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-12-04 | CVE-2005-3989 | Avaya | Remote Denial of Service vulnerability in Avaya TN2602AP IP Media Resource 320 Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets. | 7.8 |
2005-12-04 | CVE-2005-3985 | Astaro | Denial of Service vulnerability in Astaro Security Linux 6.001/6.002/6.101 The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 7.8 |
2005-12-04 | CVE-2005-3983 | HP | Denial-Of-Service vulnerability in Systems Insight Manager 4.0/4.1 Unknown vulnerability in the login page for HP Systems Insight Manager (SIM) 4.0 and 4.1, when accessed by Microsoft Internet Explorer with the MS04-025 patch, leads to a denial of service (browser hang). | 7.8 |
2005-12-01 | CVE-2005-3960 | Kadu | Remote Denial of Service vulnerability in Kadu Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of service (crash or generated traffic) via a malformed message, possibly with incomplete information. | 7.8 |
2005-12-01 | CVE-2005-3945 | Microsoft | Remote Denial of Service vulnerability in Microsoft Windows 2000 and Windows 2003 Server The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups. | 7.8 |
2005-12-01 | CVE-2005-3934 | Symantec | Denial of Service vulnerability in pcAnywhere Authentication Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 32-bit versions allows remote attackers to cause a denial of service (application crash) via unknown attack vectors. | 7.8 |
2005-11-29 | CVE-2005-3901 | Macromedia | Unspecified vulnerability in Macromedia Flash Communication Server 1.0/1.5 Macromedia Flash Communication Server MX 1.0 and 1.5 does not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133). | 7.8 |
2005-11-29 | CVE-2005-3900 | Macromedia | Macromedia Breeze Communication Server and Breeze Live Server does 5.1 and earlier not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133). | 7.8 |
2005-11-29 | CVE-2005-3897 | Apple | Denial-Of-Service vulnerability in Apple Safari 2.0.2 Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function. | 7.8 |
2005-11-29 | CVE-2005-3896 | Mozilla | Unspecified vulnerability in Mozilla Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function. | 7.8 |
2005-11-29 | CVE-2005-3891 | Gadu Gadu | Unspecified vulnerability in Gadu-Gadu Instant Messenger 7.20 Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash) via an image filename between exactly 192 to 200 characters, which does not account for the "imgcache\" string that is added to the end of the buffer. | 7.8 |
2005-11-29 | CVE-2005-3890 | Gadu Gadu | Unspecified vulnerability in Gadu-Gadu Instant Messenger 7.20 Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash and configuration loss) via a page with a large number of gg: URIs. | 7.8 |
2005-11-29 | CVE-2005-3889 | Gadu Gadu | Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code of 6 or 7, which triggers a large number of popup windows to the user and creates a large number of threads. | 7.8 |
2005-11-29 | CVE-2005-3888 | Gadu Gadu | Unspecified vulnerability in Gadu-Gadu Instant Messenger 7.20 Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service via multiple DCC packets with a code other than 2 and a large size field, which allocates memory for the packet but does not free it after the packet has been dropped. | 7.8 |
2005-11-29 | CVE-2005-2124 | Microsoft | Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to "An unchecked buffer" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF) format image, aka "Windows Metafile Vulnerability." | 7.6 |
2005-12-04 | CVE-2005-3992 | Wineggdropshell | Remote Buffer Overflow vulnerability in Wineggdropshell 1.7 Multiple buffer overflows in WinEggDropShell remote access trojan (RAT) 1.7 allow remote attackers to execute arbitrary code via (1) a long GET request to the HTTP server, or a long (2) USER or (3) PASS command to the FTP server. | 7.5 |
2005-12-04 | CVE-2005-3988 | Pineapple Technologies | SQL Injection vulnerability in Pineapple Technologies Lore 1.5.4 SQL injection vulnerability in article.php in Pineapple Technologies Lore 1.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2005-12-04 | CVE-2005-3987 | Tradesoft | SQL Injection vulnerability in Tradesoft CMS Multiple SQL injection vulnerabilities in Tradesoft CMS allow remote attackers to execute arbitrary SQL commands via unspecified attack vectors. | 7.5 |
2005-12-04 | CVE-2005-3986 | Verosky Media | SQL Injection vulnerability in Instant Photo Gallery Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter in portfolio.php and (2) cid parameter in content.php. | 7.5 |
2005-12-04 | CVE-2005-3984 | Webcalendar | SQL Injection vulnerability in Webcalendar 1.0.1 SQL injection vulnerability in WebCalendar 1.0.1 allows remote attackers to execute arbitrary SQL commands via the time_range parameter to edit_report_handler.php. | 7.5 |
2005-12-04 | CVE-2005-3980 | Edgewall Software | Unspecified vulnerability in Edgewall Software Trac SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter. | 7.5 |
2005-12-03 | CVE-2005-3978 | Scriptdevelopers NET | SQL Injection vulnerability in Scriptdevelopers.Net Netclassifieds 1.0.1/1.5.1/1.9.6.3 Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition 1.0.1, Professional Edition 1.5.1, Standard Edition 1.9.6.3, and Free Edition 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter in (a) ViewCat.php and (b) gallery.php, and the (2) ItemNum parameter in (c) ViewItem.php. | 7.5 |
2005-12-03 | CVE-2005-3976 | Duware | Software SQL Injection vulnerability in DUware SQL injection vulnerability in type.asp, as used in multiple DUware products including (1) DUamazon 3.1, (2) DUarticle 1.1, (3) DUclassified 4.2, (4) DUdirectory 3.1 and DUdirectory Pro 3.0 and 3.0 SQL, (5) DUdownload 1.1, (6) DUgallery 3.3, (7) DUnews 1.1, and (8) DUpaypal 3.1 and DUpaypal Pro 3.0, allows remote attackers to execute arbitrary SQL commands via the iType parameter. | 7.5 |
2005-12-03 | CVE-2005-3969 | Mxchange | Input Validation vulnerability in MXChange SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
2005-12-02 | CVE-2005-3964 | Integrated Computer Solutions | Buffer Overflow vulnerability in Integrated Computer Solutions Openmotif 2.2.3 Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c and (2) open_source_file function in UilSrcSrc.c. | 7.5 |
2005-12-02 | CVE-2005-3963 | Dotclear | SQL Injection vulnerability in Dotclear 1.2.1/1.2.2 SQL injection vulnerability in session.php in DotClear before 1.2.3 allows remote attackers to execute arbitrary SQL commands via the dc_xd parameter in a cookie. | 7.5 |
2005-12-01 | CVE-2005-3958 | Entergal MX | SQL Injection vulnerability in Entergal MX Entergal MX 2.0 SQL injection vulnerability in index.php in Entergal MX 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) idcat parameter in a showcat action and (2) the action parameter. | 7.5 |
2005-12-01 | CVE-2005-3956 | Dmanews | SQL Injection vulnerability in Dmanews 0.904/0.91 Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 and 0.910 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a comments action and the (2) sortorder and (3) display_num parameters in a news_list action. | 7.5 |
2005-12-01 | CVE-2005-3953 | Bedeng PSP | SQL Injection vulnerability in Bedeng PSP Bedeng PSP 1.1 SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and (2) download.php, or (3) ckode parameter to baca.php. | 7.5 |
2005-12-01 | CVE-2005-3952 | PHP Labs | SQL Injection vulnerability in PHP Labs TOP Auction 1.0 SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. | 7.5 |
2005-12-01 | CVE-2005-3951 | PHP Labs | SQL-Injection vulnerability in Survey Wizard SQL injection vulnerability in survey.php in PHP Labs Survey Wizard allows remote attackers to execute arbitrary SQL commands via the sid parameter. | 7.5 |
2005-12-01 | CVE-2005-3949 | Webcalendar | SQL Injection vulnerability in Webcalendar 1.0.1 Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) startid parameter to activity_log.php, (2) startid parameter to admin_handler.php, (3) template parameter to edit_template.php, and (4) multiple parameters to export_handler.php. | 7.5 |
2005-12-01 | CVE-2005-3944 | FAQ System | SQL Injection vulnerability in Survey System Survey.PHP SQL injection vulnerability in survey.php in ilyav Survey System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the SURVEY_ID parameter. | 7.5 |
2005-12-01 | CVE-2005-3943 | FAQ System | SQL Injection vulnerability in FAQ System Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) FAQ_ID and (2) action parameters in (a) viewFAQ.php; and (3) CATEGORY_ID parameter in (b) index.php. | 7.5 |
2005-12-01 | CVE-2005-3942 | Greywyvern | SQL Injection vulnerability in Orca Knowledgebase Knowledgebase.PHP SQL injection vulnerability in knowledgebase-control.php in Orca Knowledgebase 2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter. | 7.5 |
2005-12-01 | CVE-2005-3941 | Greywyvern | SQL Injection vulnerability in Orca Blog Blog.PHP SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter. | 7.5 |
2005-12-01 | CVE-2005-3940 | Greywyvern | SQL Injection vulnerability in Orca Ringmaker Ringmaker.PHP SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. | 7.5 |
2005-12-01 | CVE-2005-3939 | WSN Knowledge Base | SQL Injection vulnerability in WSN Knowledge Base Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) perpage, (3) ascdesc, and (4) orderlinks in a displaycat action in (a) index.php; and the (5) id parameter in (b) comments.php and (c) memberlist.php. | 7.5 |
2005-12-01 | CVE-2005-3938 | Softbiz | SQL Injection vulnerability in Softbiz FAQ SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the id parameter in (1) index.php, (2) faq_qanda.php, (3) refer_friend.php, (4) print_article.php, or (5) add_comment.php. | 7.5 |
2005-12-01 | CVE-2005-3937 | Softbiz | SQL Injection vulnerability in Softbiz B2B Trading Marketplace SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php, (2) buyoffers.php, (3) products.php, or (4) profiles.php. | 7.5 |
2005-12-01 | CVE-2005-3936 | Socketkb | Unspecified vulnerability in Socketkb PHP file include vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to include arbitrary local files via the __f parameter. | 7.5 |
2005-12-01 | CVE-2005-3935 | Socketkb | SQL Injection vulnerability in SocketKB SQL injection vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) node and (2) art_id parameters. | 7.5 |
2005-12-01 | CVE-2005-3933 | 88Script | SQL Injection vulnerability in 88Script Event Calendar 2.0 SQL injection vulnerability in index.php in 88Script's Event Calendar 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter. | 7.5 |
2005-12-01 | CVE-2005-3932 | O Kiraku Nikki | SQL Injection vulnerability in O-Kiraku Nikki O-Kiraku Nikki 1.3 SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the day_id parameter. | 7.5 |
2005-12-01 | CVE-2005-3931 | ASP Rider | SQL Injection vulnerability in Asp-Rider 1.6 SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows remote attackers to execute arbitrary SQL commands via the HTTP referer. | 7.5 |
2005-12-01 | CVE-2005-3930 | N 13 News | SQL Injection vulnerability in N-13 News N-13 News 1.2 SQL injection vulnerability in index.php in N-13 News 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2005-12-01 | CVE-2005-3705 | Apple | Multiple vulnerability in RETIRED: Apple Mac OS X Security Update 2005-009 Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vectors. | 7.5 |
2005-12-01 | CVE-2005-2757 | Apple | Multiple vulnerability in RETIRED: Apple Mac OS X Security Update 2005-009 Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of URLs." | 7.5 |
2005-11-30 | CVE-2005-3926 | Guppy | Remote File Include and Command Execution vulnerability in GuppY Error.PHP Direct static code injection vulnerability in error.php in GuppY 4.5.9 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via the _SERVER[REMOTE_ADDR] parameter, which is injected into a .inc script that is later included by the main script. | 7.5 |
2005-11-30 | CVE-2005-3925 | Helpdesk Issue Manager | SQL Injection vulnerability in Helpdesk Issue Manager Multiple SQL injection vulnerabilities in Central Manchester CLC Helpdesk Issue Manager 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) detail[], (2) orderdir, and (3) orderby parameters to find.php, and the (4) id parameter to issue.php. | 7.5 |
2005-11-30 | CVE-2005-3922 | Panda | Heap Overflow vulnerability in Panda Software Antivirus Library ZOO Archive Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive. | 7.5 |
2005-11-30 | CVE-2005-3920 | Babe Logger | SQL Injection vulnerability in Babe Logger Babe Logger 2 SQL injection vulnerability in Babe Logger 2 allows remote attackers to execute arbitrary SQL commands via the (1) gal parameter to index.php or (2) id parameter to comments.php. | 7.5 |
2005-11-30 | CVE-2005-3917 | Commodityrentals | SQL-Injection vulnerability in Commodityrentals 2.0 SQL injection vulnerability in usersession in CommodityRentals 2.0 Online Rental Business Creator script allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | 7.5 |
2005-11-30 | CVE-2005-3916 | WSN Forum | SQL Injection vulnerability in WSN Forum WSN Forum 1.21 SQL injection vulnerability in memberlist.php in WSN Forum 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action. | 7.5 |
2005-11-30 | CVE-2005-3915 | Clavister | Denial Of Service vulnerability in Clavister Firewall and Clavister Security Gateway The Internet Key Exchange version 1 (IKEv1) implementation in Clavister Client Web allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 7.5 |
2005-11-30 | CVE-2005-3912 | Webmin Debian | Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. | 7.5 |
2005-11-30 | CVE-2005-3911 | Bosdev | SQL Injection vulnerability in Bosdev Bosdates 4.0 Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) category parameters. | 7.5 |
2005-11-30 | CVE-2005-3909 | Post Affiliate PRO | SQL Injection vulnerability in Post Affiliate Pro SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the sortorder parameter. | 7.5 |
2005-11-30 | CVE-2005-3907 | SUN | Privilege Escalation vulnerability in SUN JDK and JRE Unspecified vulnerability in Java Runtime Environment in Java JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors involving untrusted Java applets. | 7.5 |
2005-11-30 | CVE-2005-3906 | SUN | Privilege Escalation vulnerability in SUN JDK and JRE Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1.4.2_08 and earlier and JDK and JRE 5.0 Update 3 and earlier allow remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors, a different set of vulnerabilities than CVE-2005-3905. | 7.5 |
2005-11-30 | CVE-2005-3905 | SUN | Privilege Escalation vulnerability in SUN JDK and JRE Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.1_15 and earlier, 1.4.2_08 and earlier, and JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors, a different vulnerability than CVE-2005-3906. | 7.5 |
2005-11-30 | CVE-2005-3904 | SUN | Privilege Escalation vulnerability in SUN JDK and JRE Unspecified vulnerability in Java Management Extensions (JMX) in Java JDK and JRE 5.0 Update 3, 1.4.2 and later, 1.3.1 and later allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors. | 7.5 |
2005-11-29 | CVE-2005-3893 | Otrs | Unspecified vulnerability in Otrs Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action. | 7.5 |
2005-11-29 | CVE-2005-2123 | Microsoft | Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord. | 7.5 |
2005-11-29 | CVE-2005-3884 | Zainu | SQL Injection vulnerability in Zainu 2.0 Multiple SQL injection vulnerabilities in the search action in Zainu 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term and (2) start parameters to index.php. | 7.5 |
2005-11-29 | CVE-2005-3882 | Faqsystems | SQL Injection vulnerability in FAQRing Answer.PHP SQL injection vulnerability in answer.php in FAQSystems FAQRing Knowledge Base Software 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2005-11-29 | CVE-2005-3881 | Altantisfaq | SQL Injection vulnerability in Altantisfaq Altantis Knowledge Base Software SQL injection vulnerability in search.php in AtlantisFAQ Knowledge Base Software 2.03 and earlier allows remote attackers to execute arbitrary SQL commands via the searchStr parameter. | 7.5 |
2005-11-29 | CVE-2005-3880 | Omnistar Interactive | SQL Injection vulnerability in KBase Express Multiple SQL injection vulnerabilities in Omnistar KBase 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter in users/comments.php, (2) category_id and (3) id parameters in users/kb.php. | 7.5 |
2005-11-29 | CVE-2005-3879 | Softbiz | SQL Injection vulnerability in Softbiz Resource Repository Script 1.1 Multiple SQL injection vulnerabilities in Softbiz Resource Repository Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sbres_id parameter in (a) details_res.php, (b) refer_friend.php, and (c) report_link.php, and (2) the sbcat_id parameter in (d) showcats.php. | 7.5 |
2005-11-29 | CVE-2005-3877 | Cafuego | SQL Injection vulnerability in Cafuego Simple Document Management System 1.1.4/1.1.5/1.1.6 Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list.php and (2) mid parameter in a view action to messages.php. | 7.5 |
2005-11-29 | CVE-2005-3876 | TD Systems | SQL Injection vulnerability in ADC2000 NG Pro Multiple SQL injection vulnerabilities in adcbrowres.php in AD Center ADC2000 NG Pro 1.2 and NG Pro Lite allow remote attackers to execute arbitrary SQL commands via the (1) cat and (2) lang parameters. | 7.5 |
2005-11-29 | CVE-2005-3875 | Enterprise Heart | SQL Injection vulnerability in Enterprise Connector Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the messageid parameter in (1) send.php or (2) a delete action in messages.php. | 7.5 |
2005-11-29 | CVE-2005-3874 | Weaverslave | SQL Injection vulnerability in Netzbrett P_Entry Parameter SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the p_entry parameter in an entry command to index.php. | 7.5 |
2005-11-29 | CVE-2005-3873 | Sourceshock | SQL Injection vulnerability in ShockBoard Offset Parameter SQL injection vulnerability in topic.php in ShockBoard 3.0 and 4.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter. | 7.5 |
2005-11-29 | CVE-2005-3872 | Ugroup | SQL Injection vulnerability in UGroup Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID parameter in forum.php, and the (2) TOPIC_ID, (3) FORUM_ID, and (4) CAT_ID parameters in topic.php. | 7.5 |
2005-11-29 | CVE-2005-3871 | JBB | SQL Injection vulnerability in JBB Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) 0.9.9rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter in topiczeigen.php, (2) forum and (3) zeigeseite parameters in showforum.php, (4) forum parameter in newtopic.php, and (5) tidnr parameter in neuerbeitrag.php. | 7.5 |
2005-11-29 | CVE-2005-3870 | Edmobbs | SQL Injection vulnerability in EdmoBBS Multiple SQL injection vulnerabilities in edmobbs9r.php in edmoBBS 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) table and (2) messageID parameters. | 7.5 |
2005-11-29 | CVE-2005-3868 | Turn K | SQL Injection vulnerability in K-Search Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term, (2) id, (3) stat, and (4) source parameters to index.php, and (5) through the image parameters with an add request. | 7.5 |
2005-11-29 | CVE-2005-3865 | Scripts Templates | SQL Injection vulnerability in Scripts-Templates Allweb Search 3.0 SQL injection vulnerability in index.php in AllWeb search 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter. | 7.5 |
2005-11-29 | CVE-2005-3864 | Berlios | SQL Injection vulnerability in BerliOS SourceWell SQL injection vulnerability in index.php in SourceWell 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the cnt parameter. | 7.5 |
2005-11-29 | CVE-2005-3863 | Ktools | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ktools Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and earlier, as used in products such as (1) centericq, (2) orpheus, (3) motor, and (4) groan, allows local users or remote attackers to execute arbitrary code via a long parameter to the VGETSTRING macro. | 7.5 |
2005-11-29 | CVE-2005-3862 | Unalz | Buffer Overflow vulnerability in Unalz Archive Filename Buffer overflow in unalz before 0.53 allows remote attackers to execute arbitrary code via long file names in ALZ archives. | 7.5 |
2005-11-29 | CVE-2005-3861 | Phpgreetz | Code Injection vulnerability in PHPgreetz PHP remote file inclusion vulnerability in content.php in phpGreetz 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. | 7.5 |
2005-11-29 | CVE-2005-3860 | Oliver MAY | Code Injection vulnerability in Oliver MAY Athena PHP Website Administration 0.1A PHP remote file inclusion vulnerability in athena.php in Oliver May Athena PHP Website Administration 0.1a allows remote attackers to execute arbitrary PHP code via a URL in the athena_dir parameter. | 7.5 |
2005-11-29 | CVE-2005-3859 | Q News | Code Injection vulnerability in Q-News 2.0 PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. | 7.5 |
2005-12-01 | CVE-2005-3701 | Apple | Multiple vulnerability in Apple mac OS X Server 10.3.9/10.4.3 Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 and 10.4.3, when creating an Open Directory master server, allows local users to gain privileges via unknown attack vectors. | 7.2 |
2005-11-29 | CVE-2005-3886 | Cisco | Local Privilege Escalation vulnerability in Cisco Security Agent Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software. | 7.2 |
43 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-12-01 | CVE-2005-3950 | Nufw | Remote Denial Of Service vulnerability in NuFW Malformed Packet nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users to cause a denial of service via malformed packets. | 6.8 |
2005-12-03 | CVE-2005-3974 | Drupal | Unspecified vulnerability in Drupal Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission. | 6.4 |
2005-11-30 | CVE-2005-3927 | Guppy | Local File Include and Information Disclosure vulnerability in GuppY Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlier allow remote attackers to read and include arbitrary files via (1) the meskin parameter to admin/editorTypetool.php, or the lng parameter to the in admin/inc scripts (2) archbatch.php, (3) dbbatch.php, and (4) nwlmail.php. | 6.4 |
2005-11-30 | CVE-2005-3914 | Affcommerce | SQL Injection vulnerability in Affcommerce 1.1.4 Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow remote attackers to execute arbitrary SQL commands via (1) the cl parameter to SubCategory.php and the item_id parameter in (2) ItemInfo.php and (3) ItemReview.php. | 6.4 |
2005-11-29 | CVE-2005-3878 | Alex King | Local File Include vulnerability in PHP Doc System Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 and earlier allows remote attackers to access or include arbitrary files via a .. | 6.4 |
2005-11-29 | CVE-2005-3895 | Otrs | Unspecified vulnerability in Otrs Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary web script or HTML. | 5.8 |
2005-11-29 | CVE-2005-3899 | Denial-Of-Service vulnerability in Talk The automatic update feature in Google Talk allows remote attackers to cause a denial of service (CPU and memory consumption) by poisoning a target's DNS cache and causing a large update file to be sent, which consumes large amounts of CPU and memory during the signature verification, aka BenjiBug. | 5.4 | |
2005-11-29 | CVE-2005-3887 | Gadu Gadu | Unspecified vulnerability in Gadu-Gadu Instant Messenger 7.20 Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenames, which allows remote attackers to (1) cause a denial of service (hang) via an image filename of AUX: sent twice (hang), or (2) write to the LPT1 port via a filename of "LPT1:". | 5.4 |
2005-12-04 | CVE-2005-3982 | Webcalendar | Unspecified vulnerability in Webcalendar 1.0.1 CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests. | 5.0 |
2005-12-03 | CVE-2005-3979 | Coppermine Gallery | Improper Authentication vulnerability in Coppermine-Gallery Coppermine Photo Gallery 1.4/1.4.2 relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request. | 5.0 |
2005-12-01 | CVE-2005-3961 | Webcalendar | File Corruption vulnerability in Webcalendar 1.0.1 export_handler.php in WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar data files via a modified id parameter. | 5.0 |
2005-12-01 | CVE-2005-3948 | Phpalbum NET | Local File Include vulnerability in PHPAlbum Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and earlier allows remote attackers to read arbitrary files via the (1) cmd and (2) var1 parameters. | 5.0 |
2005-12-01 | CVE-2005-3946 | Opera | Improper Input Validation vulnerability in Opera Browser 8.50 Opera 8.50 allows remote attackers to cause a denial of service (crash) via a Java applet with a large string argument to the removeMember JNI method for the com.opera.JSObject class. | 5.0 |
2005-12-01 | CVE-2005-3704 | Apple | Multiple vulnerability in RETIRED: Apple Mac OS X Security Update 2005-009 System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such as newline (NL). | 5.0 |
2005-12-01 | CVE-2005-3702 | Apple | Multiple vulnerability in RETIRED: Apple Mac OS X Security Update 2005-009 Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name. | 5.0 |
2005-11-30 | CVE-2005-3929 | Xaraya | Directory Traversal vulnerability in Xaraya Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via ".." sequences in the module parameter to index.php. | 5.0 |
2005-11-30 | CVE-2005-3923 | Netobjects | Information Disclosure vulnerability in Netobjects Fusion 9 NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive information, including passwords, by downloading the _versioning_repository_/rollbacklog.xml file, then using it to download and modify the associated ZIP file to edit and republish the site. | 5.0 |
2005-11-30 | CVE-2005-3913 | Vchs | Remote Security vulnerability in Vchs 2.4.6.2 Unspecified vulnerability in the domain alias management in Virtual Hosting Control System (VHCS) 2.4.6.2, related to "creating and deleting forwards for domain aliases," allows users to hijack the forwardings of other users. | 5.0 |
2005-11-30 | CVE-2005-3910 | Post Affiliate PRO | Directory Traversal vulnerability in Post Affiliate PRO Post Affiliate PRO 2.0.4 merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with magic_quotes_gpc disabled, allows remote attackers to include arbitrary local files via the md parameter, possibly due to a directory traversal vulnerability. | 5.0 |
2005-11-29 | CVE-2005-3892 | Gadu Gadu | Unspecified vulnerability in Gadu-Gadu Instant Messenger 7.20 Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a web page that accesses the EasycallLite.oce ActiveX control, which can initiate an outgoing phone call and listen to the microphone. | 5.0 |
2005-11-29 | CVE-2005-3883 | PHP | Unspecified vulnerability in PHP CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument. | 5.0 |
2005-12-01 | CVE-2005-3962 | Perl | Numeric Errors vulnerability in Perl 5.8.6/5.9.2 Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications. | 4.6 |
2005-12-01 | CVE-2005-3700 | Apple | Multiple vulnerability in RETIRED: Apple Mac OS X Security Update 2005-009 Unknown vulnerability in iodbcadmintool in the ODBC Administrator utility in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows local users to execute arbitrary code via unknown attack vectors. | 4.6 |
2005-11-30 | CVE-2005-3928 | QNX | Local Buffer Overflow vulnerability in QNX Rtos 6.2.1/6.3.0 Buffer overflow in phgrafx in QNX 6.2.1 and 6.3.0 allows local users to execute arbitrary code via a long command line argument. | 4.6 |
2005-12-04 | CVE-2005-3991 | Phpheaven | Cross-Site Scripting vulnerability in PHPheaven PHPmychat 0.14.6 Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat 0.14.6 allow remote attackers to inject arbitrary web script or HTML via the medium parameter to (1) start_page.css.php and (2) style.css.php; or the From parameter to users_popupL.php. | 4.3 |
2005-12-03 | CVE-2005-3977 | Qualityebiz | Cross-Site Scripting vulnerability in Qualityebiz Qualityppc 1553 Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC 1553 allows remote attackers to inject web script or HTML via the REQ parameter to the search module. | 4.3 |
2005-12-03 | CVE-2005-3973 | Drupal | HTML Injection vulnerability in Drupal Submitted Content Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allow remote attackers to inject arbitrary web script or HTML via various HTML tags and values, such as the (1) legend tag and the value parameter used in (2) label and (3) input tags, possibly due to an incomplete blacklist. | 4.3 |
2005-12-03 | CVE-2005-3972 | Extreme Corporate | Cross-Site Scripting vulnerability in Extreme Corporate Extremesearch.PHP Cross-site scripting (XSS) vulnerability in extremesearch.php in Extreme Search Corporate Edition 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
2005-12-03 | CVE-2005-3971 | Citrix | Applications Login Form Cross-Site Scripting vulnerability in Citrix Metaframe Secure Access Manager and Nfuse Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field. | 4.3 |
2005-12-03 | CVE-2005-3970 | Mxchange | Input Validation vulnerability in MXChange Cross-site scripting (XSS) vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2005-12-03 | CVE-2005-3967 | Atlassian | Cross-Site Scripting vulnerability in Atlassian Confluence 2.0.1Build321 Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter. | 4.3 |
2005-12-03 | CVE-2005-3966 | Java Search Engine | Cross-Site Scripting vulnerability in Java Search Engine Java Search Engine 0.9.34 Cross-site scripting (XSS) vulnerability in search.jsp in Java Search Engine (JSE) 0.9.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 4.3 |
2005-12-01 | CVE-2005-3959 | Freewebstat | Cross-Site Scripting vulnerability in Freewebstat 1.0Rev37 Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1) site, (2) jsref, (3) jsres, and (4) jscolor parameters to pixel.php, which are not sanitized before being included in the logdb.html file, and (5) the search key to stat.php. | 4.3 |
2005-12-01 | CVE-2005-3955 | Blogbuddies Jaws Magpierss | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php. | 4.3 |
2005-12-01 | CVE-2005-3954 | Blogbuddies | Cross-Site Scripting vulnerability in Blogbuddies 0.3 Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php. | 4.3 |
2005-11-30 | CVE-2005-3919 | Pblang | HTML Injection vulnerability in PBLang Bulletin Board System Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote attackers to inject arbitrary web script or HTML via multiple fields in (1) UCP.php and (2) SendPm.php. | 4.3 |
2005-11-30 | CVE-2005-3908 | Amazon Shop | Cross-Site Scripting vulnerability in Amazon Shop Amazon Shop Cross-site scripting (XSS) vulnerability in search.php in GhostScripter Amazon Shop 5.0.0, and other versions before 5.0.2, allows remote attackers to inject web script or HTML via the query parameter. | 4.3 |
2005-11-29 | CVE-2005-3902 | Virtual Hosting Control System | Cross-Site Scripting vulnerability in Virtual Hosting Control System Error Message Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in Virtual Hosting Control System (VHCS) 2.2.0 through 2.4.6.2 allows remote attackers to inject arbitrary web script or HTML via query strings that are included in an error message, as demonstrated using a parameter containing script. | 4.3 |
2005-11-29 | CVE-2005-3894 | Otrs | Unspecified vulnerability in Otrs Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters. | 4.3 |
2005-11-29 | CVE-2005-3869 | Products Cross-Site Scripting vulnerability in Google API Search 1.3.1 Cross-site scripting (XSS) vulnerability in index.php in Google API Search 1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the REQ parameter. | 4.3 | |
2005-11-29 | CVE-2005-3867 | Wwwsearchsolutions | Products Cross-Site Scripting vulnerability in SearchSolutions Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine Script 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the REQ parameter, which is used when performing a search. | 4.3 |
2005-11-29 | CVE-2005-3866 | Wwwsearchsolutions | Products Cross-Site Scripting vulnerability in SearchSolutions Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine 1.3.2 and earlier allows remote attackers to inject arbitrary HTML and web script, possibly via the REQ parameter, which is used when performing a search. | 4.3 |
2005-12-03 | CVE-2005-3975 | Drupal | HTML Injection vulnerability in Drupal Image Upload Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. | 4.0 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-11-30 | CVE-2005-3921 | Cisco | HTML Injection vulnerability in Cisco IOS HTTP Service Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. | 2.6 |
2005-11-29 | CVE-2005-3885 | Inkscape | Unspecified vulnerability in Inkscape 0.41 The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file. | 2.1 |