Weekly Vulnerabilities Reports > December 12 to 18, 2005

Overview

161 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 73 high severity vulnerabilities. This weekly summary report vulnerabilities in 223 products from 119 vendors including Microsoft, Horde, Trend Micro, Limbo CMS, and Coinsoft Technologies. Vulnerabilities are notably categorized as "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Information Exposure", and "Resource Management Errors".

  • 151 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 12 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 156 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 5 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

4 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-12-17 CVE-2005-4325 Driverse Remote Security vulnerability in Driverse

Multiple unspecified vulnerabilities in Driverse before 0.56b have unknown impact and attack vectors, related to (1) a "ptrace exploit" and (2) "some other potential security problems."

10.0
2005-12-15 CVE-2005-4272 IBM Local Buffer Overflow vulnerability in IBM AIX slocal

Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote attackers to execute arbitrary code via (1) muxatmd and (2) slocal.

10.0
2005-12-13 CVE-2005-4200 Mybulletinboard SQL Injection vulnerability in MyBB

Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0 have unknown impact and attack vectors, a different set of vulnerabilities than those identified by CVE-2005-4199.

10.0
2005-12-17 CVE-2005-4332 Cisco JSP Pages Access Validation vulnerability in Cisco Clean Access

Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_firmware_action.jsp, and (3) file.jsp.

9.4

73 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-12-17 CVE-2005-4335 Courseforum Denial-Of-Service vulnerability in Projectforum

ProjectForum 4.7.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted pageid parameter to admin/versions.html.

7.8
2005-12-17 CVE-2005-4324 Hitachi Unspecified vulnerability in Hitachi Groupmax Mail Smtp 0650/0700

Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through 07-20 allows remote attackers to cause a denial of service (service stop) via an e-mail message with an "invalid format."

7.8
2005-12-17 CVE-2005-4323 Hitachi Unspecified vulnerability in Hitachi products

Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attackers to cause a denial of service of unspecified impact via repeated invalid requests to the Schedule component.

7.8
2005-12-17 CVE-2005-4321 Apani Networks Unspecified vulnerability in Apani Networks Epiforce Agent

The Internet Key Exchange version 1 (IKEv1) implementation in Apani Networks EpiForce 1.9 and earlier running IPSec, allow remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

7.8
2005-12-17 CVE-2005-4316 HP Denial Of Service vulnerability in Multiple Vendor TCP Packet Fragmentation Handling

HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet.

7.8
2005-12-16 CVE-2005-4296 Appserv Open Project Remote Denial of Service vulnerability in AppServ Open Project

AppServ Open Project 2.5.3 allows remote attackers to cause a denial of service via a large HTTP request.

7.8
2005-12-16 CVE-2005-4276 Westell Denial Of Service vulnerability in Westell Versalink 327W

Westell Versalink 327W allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD).

7.8
2005-12-16 CVE-2005-4275 Scientific Atlanta Denial Of Service vulnerability in Scientific Atlanta DPX2100 Cable Modem LanD Packet

Scientific Atlanta DPX2100 Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD), as demonstrated using hping2.

7.8
2005-12-15 CVE-2005-4269 Microsoft Denial-Of-Service vulnerability in Microsoft IE, Windows 2003 Server and Windows XP

mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form.

7.8
2005-12-15 CVE-2005-4261 Positive Software Perl Security vulnerability in Positive Software Corporation CP+

Unspecified vulnerability in Positive Software Corporation CP+ (cpplus) before 2.5.5 allows attackers to have unknown impact and attack vectors, related to "a possible security flaw caused by a bug in Perl." NOTE: unless CP+ includes its own copy of Perl with CVE-2005-3962, this is a different vulnerability than CVE-2005-3962; however, there is insufficient information to be sure.

7.8
2005-12-15 CVE-2005-4258 Cisco Cisco Catalyst Switches LanD Packet Denial Of Service vulnerability in Multiple

Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD).

7.8
2005-12-15 CVE-2005-4257 Linksys Denial Of Service vulnerability in Multiple Linksys Routers LanD Packet

Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND).

7.8
2005-12-14 CVE-2005-1928 Trend Micro Resource Management Errors vulnerability in Trend Micro Serverprotect Earthagent 5.58

Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager 2.5 and 3.0, and Damage Cleanup Server 1.1, allows remote attackers to cause a denial of service (CPU consumption) via a flood of crafted packets with a certain "magic value" to port 5005, which also leads to a memory leak.

7.8
2005-12-14 CVE-2005-4220 Netgear Buffer Errors vulnerability in Netgear Rp114 3.26

Netgear RP114, and possibly other versions and devices, allows remote attackers to cause a denial of service via a SYN flood attack between one system on the internal interface and another on the external interface, which temporarily stops routing between the interfaces, as demonstrated using nmap.

7.8
2005-12-14 CVE-2005-4216 Macromedia Remote Denial of Service vulnerability in Macromedia Flash Media Server 2.0/2.0R1145

The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111.

7.8
2005-12-14 CVE-2005-4215 Motorola Denial Of Service vulnerability in Motorola Cable Modem Sb5100E

Motorola SB5100E Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND).

7.8
2005-12-13 CVE-2005-4203 Logisphere Directory Traversal vulnerability in Logisphere 0.9.9J

LogiSphere 0.9.9j does not restrict the number of messages that can be sent, which allows remote attackers to cause a denial of service by sending a large number of messages via the msg command.

7.8
2005-12-17 CVE-2005-4334 John Andersson SQL Injection vulnerability in John Andersson Zixforum 1.12

SQL injection vulnerability in ZixForum 1.12 allows remote attackers to execute arbitrary SQL commands via the H_ID parameter to (1) zixforum/forum.asp, as used in (2) Headforums.asp and (3) Subject.asp.

7.5
2005-12-17 CVE-2005-4331 Ihtml Merchant SQL Injection vulnerability in Ihtml Merchant Ihtml Merchant 2Pro

SQL injection vulnerability in merchant.ihtml in iHTML Merchant Version 2 Pro allows remote attackers to execute arbitrary SQL commands via the (1) step, (2) id, and (3) pid parameters.

7.5
2005-12-17 CVE-2005-4330 Ihtml Merchant SQL Injection vulnerability in IHTML Merchant Mall

SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall allows remote attackers to execute arbitrary SQL commands via the (1) id, (2) store, and (3) step parameters.

7.5
2005-12-17 CVE-2005-4329 PHP Arena SQL Injection vulnerability in PHP Arena PAFileDB Extreme Edition

SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB Extreme Edition RC 5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) newsid and (2) id parameter.

7.5
2005-12-17 CVE-2005-4318 Limbo CMS SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earlier, with register_globals off, allows remote attackers to execute arbitrary SQL commands via the _SERVER[REMOTE_ADDR] parameter, which modifies the underlying $_SERVER variable.
7.5
2005-12-17 CVE-2005-4315 Nicplex SQL Injection vulnerability in Nicplex Plexcart X3

SQL injection vulnerability in the search function in Plexum PLEXCART X3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly involving the (1) s_itemname and (2) s_orderby parameters to plexcart.pl.

7.5
2005-12-17 CVE-2005-4313 Almondsoft SQL Injection vulnerability in Almondsoft Almond Personals 4.05

SQL injection vulnerability in index.php in AlmondSoft Almond Personals 4.05 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2005-12-17 CVE-2005-4312 Almondsoft SQL Injection vulnerability in AlmondSoft Almond Classifieds

SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds 5.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2005-12-17 CVE-2005-4310 SSH Authentication Authorization Bypass vulnerability in SSH Tectia Server 5.0.0A/5.0.0F/5.0.0T

SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based authentication only, allows users to log in with the wrong credentials.

7.5
2005-12-17 CVE-2005-4309 Scriptscenter SQL Injection vulnerability in EZUpload

SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters.

7.5
2005-12-17 CVE-2005-4308 Scriptscenter Remote File Include vulnerability in EZUpload

index.php in ezUpload Pro 2.2 and earlier allows remote attackers to include files via the mode parameter.

7.5
2005-12-17 CVE-2005-4303 Indexcor Input Validation vulnerability in EZDatabase

SQL injection vulnerability in index.php for ezDatabase 2.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the db_id parameter.

7.5
2005-12-16 CVE-2005-4300 Libremail Remote Format String vulnerability in Libremail Pop.c

Format string vulnerability in the lire_pop function in pop.c in libremail 1.1.0 and earlier, with compiled with the debug option, allows remote attackers to execute arbitrary code via a crafted e-mail or POP server response.

7.5
2005-12-16 CVE-2005-3652 Citrix Buffer Overflow vulnerability in Citrix ICA Program Neighborhood Client 9.1

Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 and earlier allows remote attackers to execute arbitrary code via a long name value in an Application Set response.

7.5
2005-12-16 CVE-2005-4287 Marmaraweb Remote File Include vulnerability in MarmaraWeb E-Commerce

PHP remote file include vulnerability in MarmaraWeb E-commerce allows remote attackers to execute arbitrary code via the page parameter to index.php.

7.5
2005-12-16 CVE-2005-4286 Phplogcon SQL-Injection vulnerability in PhpLogCon

Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote attackers to use arbitrary profiles via unknown vectors involving "'smart' values for userid and password," probably involving an SQL injection vulnerability in the (1) pass and (2) usr parameters in submit.php.

7.5
2005-12-16 CVE-2005-3253 Avaya
Proxim
Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5.4, and AP-7/AP-8 2.5 and other versions before 3.1, and (2) Proxim AP-600 and AP-2000 before 2.5.5, and Proxim AP-700 and AP-4000 after 2.4.11 and before 3.1, use a static WEP key of "12345", which allows remote attackers to bypass authentication.
7.5
2005-12-15 CVE-2005-4270 Watchfire Remote Buffer Overflow vulnerability in Watchfire Appscan QA 5.0.134/5.0.609

Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows remote web servers to execute arbitrary code via an HTTP 401 response with a WWW-Authenticate header containing a long Realm field.

7.5
2005-12-15 CVE-2005-4266 ALT N Remote Security vulnerability in Mdaemon

WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value.

7.5
2005-12-15 CVE-2005-4264 Triangle Solutions SQL Injection vulnerability in Triangle Solutions PHP Support Tickets 2.0

Multiple SQL injection vulnerabilities in index.php in PHP Support Tickets 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields, and (3) id parameter.

7.5
2005-12-15 CVE-2005-4263 Envolution SQL Injection vulnerability in Envolution

SQL injection vulnerability in the News module in Envolution allows remote attackers to execute arbitrary SQL commands via the (1) startrow and (2) catid parameter.

7.5
2005-12-15 CVE-2005-4259 Aspbb SQL Injection vulnerability in Aspbb 0.4

Multiple SQL injection vulnerabilities in ASPBB 0.4 allow remote attackers to execute arbitrary SQL commands via the (1) TID parameter in topic.asp, (2) FORUM_ID parameter in forum.asp, and (3) PROFILE_ID parameter in profile.asp.

7.5
2005-12-15 CVE-2005-4254 Dreamlevels SQL Injection vulnerability in Dreamlevels Dream Poll 3.0Final

SQL injection vulnerability in view_Results.php in DreamLevels DreamPoll 3.0 final allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2005-12-15 CVE-2005-4243 Quickpaypro Input Validation vulnerability in Quickpaypro 3.1

Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php.

7.5
2005-12-14 CVE-2005-1929 Trend Micro Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Serverprotect

Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests.

7.5
2005-12-14 CVE-2005-4251 Mcgallery Input Validation vulnerability in Mcgallery PRO 1.0/1.1/2.2

Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) start, and (3) rand parameters to show.php, and the (4) album parameter to index.php.

7.5
2005-12-14 CVE-2005-4246 Plogger SQL Injection vulnerability in Plogger

SQL injection vulnerability in Plogger Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php and (2) page parameter.

7.5
2005-12-14 CVE-2005-4244 Snipegallery SQL Injection vulnerability in Snipegallery Snipe Gallery

SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to image.php.

7.5
2005-12-14 CVE-2005-4240 VCD DB Input Validation vulnerability in VCD-DB

SQL injection vulnerability in search.php in VCD-db 0.98 and earlier allows remote attackers to execute arbitrary SQL commands via the by parameter.

7.5
2005-12-14 CVE-2005-4234 Powerdev SQL Injection vulnerability in EncapsGallery Gallery.PHP

SQL injection vulnerability in gallery.php in EncapsGallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2005-12-14 CVE-2005-4233 PHP WEB Scripts SQL Injection vulnerability in PHP Web Scripts Ad Manager Pro Advertiser_statistic.PHP

SQL injection vulnerability in advertiser_statistic.php in Ad Manager Pro 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ad_number parameter.

7.5
2005-12-14 CVE-2005-4232 Jamit SQL Injection vulnerability in Jamit JOB Board

** DISPUTED ** SQL injection vulnerability in index.php in Jamit Job Board 2.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2005-12-14 CVE-2005-4230 PHP WEB Scripts Input Validation vulnerability in Link Up Gold

SQL injection vulnerability in poll.php in Link Up Gold 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the number parameter.

7.5
2005-12-14 CVE-2005-4228 Phpwebgallery SQL Injection vulnerability in PHPwebgallery

Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to comments.php, (4) the search parameter to category.php, and (5) image_id parameter to picture.php.

7.5
2005-12-14 CVE-2005-4227 Codeworx Technologies Input Validation vulnerability in DCP-Portal

Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via (1) the password and username parameters in advertiser.php, (2) the aid parameter in announcement.php, (3) the dcp5_member_id, year, agid, day, day_s, hour, minute, month, month_s, and year_s parameters in calendar.php, (4) the cid parameter in contents.php, (5) the dcp5_member_id parameter in forums.php, (6) the bid parameter in go.php, (7) the lid parameter in golink.php, (8) the dcp5_member_id and mid parameters in inbox.php, (9) the catid, dcat, and dl parameters in index.php, (10) the dcp5_member_id in informer.php, (11) the nid parameter in news.php, (12) the type and rate parameters in rate.php, (13) the q parameter in search.php, and (14) the dcp5_member_id in update.php.

7.5
2005-12-14 CVE-2005-4226 Phpwebthings SQL-Injection vulnerability in PhpWebThings

Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote attackers to execute arbitrary SQL commands via (1) the ref parameter in download.php, (2) the direction, msg, sforum, reason, subname, and toform parameters in forum.php, (3) the msg and forum parameters in forum_edit.php, (4) the msg and forum parameters in forum_write.php, (5) the tekst parameter in guestbook.php, (6) the menuoption parameter in index.php, and the (7) sel_avatar parameter in myaccount.php.

7.5
2005-12-14 CVE-2005-4225 Mywebland SQL-Injection vulnerability in Mywebland Mybloggie 2.1.3Beta

Multiple "potential" SQL injection vulnerabilities in myBloggie 2.1.3 beta might allow remote attackers to execute arbitrary SQL commands via (1) the category parameter in add.php, (2) the cat_desc parameter in addcat.php, (3) the level and user parameters in adduser.php, (4) the post_id parameter in del.php, (5) the cat_id parameter in delcat.php, (6) the comment_id parameter in delcomment.php, (7) the id parameter in deluser.php, (8) the post_id and category parameter in edit.php, (9) the cat_id and cat_desc parameters in editcat.php, and (10) the id, level, and user parameters in edituser.php.

7.5
2005-12-14 CVE-2005-4224 E107 SQL-Injection vulnerability in E107 0.7

Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and xupexist parameters in signup.php, (2) the content_comment, content_rating, and content_summary parameters in subcontent.php, (3) the download_category and file_demo in upload.php, and (4) the email, hideemail, user_timezone, and user_xup parameters in usersettings.php.

7.5
2005-12-14 CVE-2005-4223 Utopia Software SQL-Injection vulnerability in Utopia Software Utopia News PRO 1.1.4

Multiple "potential" SQL injection vulnerabilities in Utopia News Pro (UNP) 1.1.4 might allow remote attackers to execute arbitrary SQL commands via (1) the newsid parameter in editnews.php, (2) the catid and question parameters in faq.php, (3) the poster parameter in postnews.php, (4) the tempid parameter in templates.php, and (5) the userid and groupid parameters in users.php.

7.5
2005-12-14 CVE-2005-4221 Arab Portal SQL Injection vulnerability in Arab Portal Arab Portal 2Beta2

SQL injection vulnerability in link.php in Arab Portal System 2 Beta 2 allows remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID (session ID) or (2) REQUEST_URI (query string).

7.5
2005-12-14 CVE-2005-4218 Phpwebthings SQL Injection vulnerability in PHPwebthings 1.4

SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows remote attackers to execute arbitrary SQL commands via the msg parameter, a different vulnerability than CVE-2005-3585.

7.5
2005-12-14 CVE-2005-4217 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Server 10.3.9

Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the "$<" variable to set uid, which allows attackers to gain privileges.

7.5
2005-12-14 CVE-2005-4213 Coinsoft Technologies SQL Injection vulnerability in Coinsoft Technologies PHPcoin 1.2.2

SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary SQL commands via the phpcoinsessid cookie.

7.5
2005-12-14 CVE-2005-4211 Coinsoft Technologies Unspecified vulnerability in Coinsoft Technologies PHPcoin 1.2.2

PHP remote file inclusion vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the $_CCFG[_PKG_PATH_DBSE] variable.

7.5
2005-12-14 CVE-2005-2831 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127.

7.5
2005-12-13 CVE-2005-4207 Btgrup SQL Injection vulnerability in BTGrup Admin WebController

SQL injection vulnerability in BTGrup Admin WebController Script allows remote attackers to execute SQL commands via the (1) Username and (2) Password fields.

7.5
2005-12-13 CVE-2005-4199 Mybb SQL Injection vulnerability in Mybb 1.0

Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php.

7.5
2005-12-13 CVE-2005-4198 Netref SQL Injection vulnerability in Netref 3.0

SQL injection vulnerability in index.php in Netref 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2005-12-13 CVE-2005-4197 Nortel Unspecified vulnerability in Nortel SSL VPN 4.1.2.11/4.1.2.12

tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet.

7.5
2005-12-13 CVE-2005-4195 Internet Scout
Internet Scout Project
SQL Injection vulnerability in multiple products

Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT--BrowseResources.php, (2) ResourceId parameter in SPT--FullRecord.php, (3) ResourceOffset parameter in SPT--Home.php, and (4) F_UserName and (5) F_Password in SPT--UserLogin.php.

7.5
2005-12-16 CVE-2005-4280 Kitware Packages Insecure RUNPATH vulnerability in Gentoo Linux

Untrusted search path vulnerability in CMake before 2.2.0-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.

7.2
2005-12-16 CVE-2005-4279 Gentoo Packages Insecure RUNPATH vulnerability in Gentoo Qt-Unixodbc 3.3.3

Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.

7.2
2005-12-16 CVE-2005-4278 Larry Wall Packages Insecure RUNPATH vulnerability in Gentoo Linux

Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.

7.2
2005-12-15 CVE-2005-4271 IBM Local Buffer Overflow vulnerability in IBM AIX 5.3/5.3L

Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local users to execute arbitrary code.

7.2
2005-12-14 CVE-2005-3360 Trend Micro Products Local Insecure Permissions vulnerability in Trend Micro Pc-Cillin 2005 12.00Build1244

The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 build 1244, and probably previous versions, uses insecure default ACLs, which allows local users to cause a denial of service (disabled service) and gain system privileges by modifying or moving critical program files.

7.2
2005-12-14 CVE-2005-2827 Microsoft Local Privilege Escalation vulnerability in Microsoft Windows 2000 and Windows NT

The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the wrong data, aka the "Windows Kernel Vulnerability."

7.2

78 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-12-17 CVE-2005-4317 Limbo CMS Unspecified vulnerability in Limbo CMS Limbo CMS

Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not protect the $_SERVER variable from external modification, which allows remote attackers to use the _SERVER[REMOTE_ADDR] parameter to (1) conduct cross-site scripting (XSS) attacks in the stats module or (2) execute arbitrary code via an eval injection attack in the wrapper option in index2.php.

6.8
2005-12-12 CVE-2005-4178 Dropbear SSH Project
Debian
Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.
6.5
2005-12-14 CVE-2005-2829 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the display of the file download box until the user hits a shortcut that activates the "Run" button, aka "File Download Dialog Box Manipulation Vulnerability."

5.1
2005-12-17 CVE-2005-4326 APC Remote Security vulnerability in PowerChute Network Shutdown

The web interface for American Power Conversion (APC) PowerChute Network Shutdown performs all communication in cleartext (base64-encoded), which allows remote attackers to sniff authentication credentials.

5.0
2005-12-17 CVE-2005-4320 Limbo CMS Information Exposure vulnerability in Limbo CMS Limbo CMS

Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the installation path of the application via a direct request to (1) doc.inc.php, (2) element.inc.php, and (3) node.inc.php, which leaks the path in an error message.

5.0
2005-12-17 CVE-2005-4319 Limbo CMS Unspecified vulnerability in Limbo CMS Limbo CMS

Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 and earlier allows remote attackers to include arbitrary PHP files via ".." sequences in the option parameter.

5.0
2005-12-17 CVE-2005-4304 Indexcor Input Validation vulnerability in EZDatabase

index.php in ezDatabase 2.1.2 and earlier allows remote attackers to obtain sensitive information via an invalid cat_id parameter, which leaks the full pathname in an error message.

5.0
2005-12-17 CVE-2005-4302 Indexcor Input Validation vulnerability in EZDatabase

Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and earlier allows remote attackers to include arbitrary local files via ".." sequences in the p parameter.

5.0
2005-12-15 CVE-2005-4274 Businessobjects Denial-Of-Service vulnerability in Businessobjects Webintelligence 6.5

Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause a denial of service (user account lock out) via unknown attack vectors related to "authentication mechanisms" and "form input."

5.0
2005-12-15 CVE-2005-4249 ADP Information Disclosure vulnerability in Adp Forum

ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext files under the web document root with insufficient access control, which allows remote attackers to obtain user credentials via requests to the forum/users directory.

5.0
2005-12-14 CVE-2005-1930 Trend Micro Directory Traversal vulnerability in Trend Micro Serverprotect 5.58

Directory traversal vulnerability in the Crystal Report component (rptserver.asp) in Trend Micro ServerProtect Management Console 5.58, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, and possibly earlier versions, allows remote attackers to read arbitrary files via the IMAGE parameter.

5.0
2005-12-14 CVE-2005-4250 Mcgallery Directory Traversal vulnerability in Mcgallery PRO 1.0/1.1/2.2

Directory traversal vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to read arbitrary files via the language parameter.

5.0
2005-12-14 CVE-2005-4219 Innovative CMS Remote Security vulnerability in Innovative Cms

setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains username and password information in cleartext, which might allow attackers to obtain this information via a direct request to setting.php.

5.0
2005-12-14 CVE-2005-4214 Coinsoft Technologies Information Exposure vulnerability in Coinsoft Technologies PHPcoin 1.2.2

phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined.

5.0
2005-12-14 CVE-2005-4212 Coinsoft Technologies Unspecified vulnerability in Coinsoft Technologies PHPcoin 1.2.2

Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to read arbitrary local files via ".." (dot dot) sequences in the $_CCFG[_PKG_PATH_DBSE] variable.

5.0
2005-12-14 CVE-2005-2830 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."

5.0
2005-12-13 CVE-2005-4210 Opera Software Denial of Service vulnerability in Opera Web Browser Long Title Element Bookmark

Opera before 8.51, when running on Windows with Input Method Editor (IME) installed, allows remote attackers to cause a denial of service (persistent application crash) by bookmarking a site with a long title.

5.0
2005-12-13 CVE-2005-4208 Flatnuke Directory Traversal vulnerability in Flatnuke 2.5.6

Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary files via a ..

5.0
2005-12-13 CVE-2005-4202 Logisphere Directory Traversal vulnerability in Logisphere 0.9.9J

Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allow remote attackers to access arbitrary files via (1) ..

5.0
2005-12-13 CVE-2005-4201 Showalbumonline Directory Traversal vulnerability in Showalbumonline MY Album Online 1.0

Directory traversal vulnerability in My Album Online 1.0 allows remote attackers to access arbitrary files via ".../" (triple dot) sequences in unspecified vectors.

5.0
2005-12-13 CVE-2005-4194 Innovateware Buffer Overflow vulnerability in Sights 'N Sounds Streaming Media Server SWS.EXE

Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming Media Server 2.0.3.a allows remote attackers to cause a denial of service (application crash) via a long query string.

5.0
2005-12-14 CVE-2005-3358 Linux Local Denial of Service vulnerability in Linux Kernel SET_MEMPOLICY

Linux kernel before 2.6.15 allows local users to cause a denial of service (panic) via a set_mempolicy call with a 0 bitmask, which causes a panic when a page fault occurs.

4.9
2005-12-14 CVE-2005-3903 SCO Local Buffer Overflow vulnerability in SCO Unixware 7.1.3/7.1.4

Buffer overflow in uidadmin in SCO Unixware 7.1.3 and 7.1.4 allows local users to execute arbitrary code via a -S (scheme) argument that specifies a large file, a different vulnerability than CVE-2001-1063.

4.6
2005-12-17 CVE-2005-4336 Courseforum Cross-Site Scripting vulnerability in CourseForum Technologies ProjectForum

Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) fwd parameter in admin/adminsignin.html and (2) originalpageid parameter in admin/newpage.html associated with a group.

4.3
2005-12-17 CVE-2005-4333 Binary Concepts Cross-Site Scripting vulnerability in Binary Board System

Multiple cross-site scripting (XSS) vulnerabilities in Binary Board System (BBS) 0.2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) inreplyto, (2) article, and (3) board parameters to reply.pl, (4) branch, (5) board, and (6) stats.pl parameters to (b) stats.pl, and (7) board parameter to (c) toc.pl.

4.3
2005-12-17 CVE-2005-4328 University OF Arizona Cross-Site Scripting vulnerability in WebGlimpse

Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the ID parameter.

4.3
2005-12-17 CVE-2005-4327 Webcal HTML Injection and Cross-Site Scripting vulnerability in WebCal

Multiple cross-site scripting (XSS) vulnerabilities in Michael Arndt WebCal 1.11-3.04 allow remote attackers to inject arbitrary web script or HTML via the (1) function, (2) year, and (3) date parameters to webcal.cgi, (4) new calendar entries, and (5) notes for entries.

4.3
2005-12-17 CVE-2005-4322 Hitachi Cross-Site Scripting vulnerability in Hitachi products

Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attackers to inject arbitrary web script or HTML via the (1) Schedule and (2) Calendar components.

4.3
2005-12-17 CVE-2005-4314 Ppcal Shopping Cart Cross-Site Scripting vulnerability in PPCal Shopping Cart

Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal Shopping Cart 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) stop and (2) user parameters.

4.3
2005-12-17 CVE-2005-4311 Dcscripts Cross-Site Scripting vulnerability in DCForum DCBoard Script Page Parameter

Cross-site scripting (XSS) vulnerability in DCForum 6.25 and earlier, and possibly DCForum+ 1.x, allows remote attackers to inject arbitrary web script or HTML via (1) the page parameter in dcboard.php and (2) unspecified search parameters.

4.3
2005-12-17 CVE-2005-4307 Jonathan Bravata Cross-Site Scripting vulnerability in ScareCrow

Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter to (1) forum.cgi and (2) post.cgi, or (3) the user parameter to profile.cgi.

4.3
2005-12-17 CVE-2005-4306 Focalmedia NET Cross-Site Scripting vulnerability in SiteNet BBS

Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pg, (2) tid, (3) cid, and (4) fid parameters to netboardr.cgi, or (5) cid parameter to search.cgi.

4.3
2005-12-17 CVE-2005-4305 Edgewall Software Cross-Site Scripting vulnerability in Edgewall Software Trac 0.9/0.9.1/0.9.2

Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page.

4.3
2005-12-16 CVE-2005-4301 Phpxplorer Cross-Site Scripting vulnerability in PHPXplorer Adress Bar

Cross-site scripting (XSS) vulnerability in phpXplorer 0.9.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the address bar field.

4.3
2005-12-16 CVE-2005-4299 Atlantpro COM Cross-Site Scripting vulnerability in Atlant Pro

Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) before and (2) ct parameters.

4.3
2005-12-16 CVE-2005-4298 Atlantpro COM Cross-Site Scripting vulnerability in AltantForum

Cross-site scripting (XSS) vulnerability in atl.cgi in AtlantForum 4.02 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) sch_allsubct, (2) before, and (3) ct parameters.

4.3
2005-12-16 CVE-2005-4297 Bbboard Cross-Site Scripting vulnerability in BBBoard V2

Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly via the "keys" parameter.

4.3
2005-12-16 CVE-2005-4295 Xigla Cross-Site Scripting vulnerability in Xigla Absolute Image Gallery XE 2.0

Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE 2.x allows remote attackers to inject arbitrary web script or HTML via the text parameter.

4.3
2005-12-16 CVE-2005-4294 Alkacon Cross-Site Scripting vulnerability in Alkacon OpenCMS Login

Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page.

4.3
2005-12-16 CVE-2005-4293 Kryptronic Cross-Site Scripting vulnerability in Kryptronic ClickCartPro CP-APP.CGI

Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro (CCP) 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the affl parameter.

4.3
2005-12-16 CVE-2005-4292 Internet Express Products Cross-Site Scripting vulnerability in CommerceSQL Search Module

Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keywords parameter in the Quick Find feature.

4.3
2005-12-16 CVE-2005-4291 Ectools Cross-Site Scripting vulnerability in ECTOOLS Onlineshop

Cross-site scripting (XSS) vulnerability in cart.cgi in ECTOOLS Onlineshop 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) product, (2) category, and (3) uid parameters.

4.3
2005-12-16 CVE-2005-4290 Soft4E Cross-Site Scripting vulnerability in Soft4e ECW-Cart

Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) kword, (2) max, (3) min, (4) comp, and (5) f parameters.

4.3
2005-12-16 CVE-2005-4289 Edatcat Cross-Site Scripting vulnerability in Edatcat Shopping Cart System 0.3

Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 allows remote attackers to inject arbitrary web script or HTML via the user_action parameter.

4.3
2005-12-16 CVE-2005-4288 Marmaraweb Cross-Site Scripting vulnerability in MarmaraWeb E-Commerce

Cross-site scripting (XSS) vulnerability in index.php in MarmaraWeb E-commerce allows remote attackers to inject arbitrary web script or HTML via the page parameter to index.php.

4.3
2005-12-16 CVE-2005-4285 Dick Copits Cross-Site Scripting vulnerability in Dick Copits PDEstore

Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick Copits PDEstore 1.8 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the search module parameter or the (2) product and (3) cart_id parameters.

4.3
2005-12-16 CVE-2005-4284 Static Store Cross-Site Scripting vulnerability in StaticStore Search.CGI

Cross-site scripting (XSS) vulnerability in StaticStore Search Engine 1.189A and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to search.cgi, possibly the keywords parameter.

4.3
2005-12-16 CVE-2005-4283 Nightmedia Cross-Site Scripting vulnerability in The CITY Shop Search

Cross-site scripting (XSS) vulnerability in The CITY Shop 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via parameters to the search module, possibly SKey to store.cgi.

4.3
2005-12-16 CVE-2005-4282 Zaygo Cross-Site Scripting vulnerability in Zaygo DomainCart

Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML, possibly via the root parameter to zaygo.cgi.

4.3
2005-12-16 CVE-2005-4281 Zaygo Cross-Site Scripting vulnerability in HostingCart

Cross-site scripting (XSS) vulnerability in Zaygo HostingCart 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via certain search module parameters, possibly the root parameter to zaygo.cgi.

4.3
2005-12-16 CVE-2005-4277 Toenda Software Development Cross-Site Scripting vulnerability in ToendaCMS

Cross-site scripting (XSS) vulnerability in index.php in toendaCMS before 0.7 Beta allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2005-12-15 CVE-2005-4262 Envolution Input Validation vulnerability in Envolution

Cross-site scripting (XSS) vulnerability in the News module in Envolution allows remote attackers to inject arbitrary web script or HTML via the (1) startrow and (2) catid parameter.

4.3
2005-12-15 CVE-2005-4260 Francisco Burzi Unspecified vulnerability in Francisco Burzi PHP-Nuke

Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers.

4.3
2005-12-15 CVE-2005-4256 ASP DEV Cross-Site Scripting vulnerability in Asp-Dev XM Forum RC3

Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via the forum_title parameter.

4.3
2005-12-15 CVE-2005-4255 Wikkawiki Cross-Site Scripting vulnerability in WikkaWiki

Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded phrase parameter.

4.3
2005-12-15 CVE-2005-4253 Torrential Cross-Site Scripting vulnerability in Torrential 1.2

Cross-site scripting (XSS) vulnerability in getdox.php in Torrential 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL.

4.3
2005-12-15 CVE-2005-4248 Quickpaypro Input Validation vulnerability in Quickpaypro 3.1

Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 allow remote attackers to inject arbitrary web script or HTML via various fields, such as those in (1) communication/subscribers.tracking.add.php, (2) support/tickets.add.php, and (3) mycompany/categories.php.

4.3
2005-12-14 CVE-2005-4242 Horde Cross-Site Scripting vulnerability in Turba H3

Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 2.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the address book and (2) contact data.

4.3
2005-12-14 CVE-2005-4252 Mcgallery Input Validation vulnerability in mcGallery PRO

Cross-site scripting (XSS) vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters.

4.3
2005-12-14 CVE-2005-4247 Plogger Cross-Site Scripting vulnerability in Plogger

Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta 2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter.

4.3
2005-12-14 CVE-2005-4245 Snipegallery Cross-Site Scripting vulnerability in Snipegallery Snipe Gallery

Cross-site scripting (XSS) vulnerability in search.php in Snipe Gallery 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.

4.3
2005-12-14 CVE-2005-4241 VCD DB Input Validation vulnerability in VCD-DB

Cross-site scripting (XSS) vulnerability in the category page in VCD-db 0.98 and earlier allows remote attackers to inject arbitrary web script or HTML via the batch parameter.

4.3
2005-12-14 CVE-2005-4239 PHP Jackknife Cross-Site Scripting vulnerability in PHP JackKnife

Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php in PHP JackKnife 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via URL-encoded values in the sKeywords parameter.

4.3
2005-12-14 CVE-2005-4238 Mantis Cross-Site Scripting vulnerability in Mantis View_filters_page.PHP

Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.

4.3
2005-12-14 CVE-2005-4237 Servers R US Cross-Site Scripting vulnerability in MySQL Auction Search Module

Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keyword parameter in the SearchZoom module.

4.3
2005-12-14 CVE-2005-4236 Cartkeeper Cross-Site Scripting vulnerability in CKGold Search.PHP

Cross-site scripting (XSS) vulnerability in search.php in CKGOLD allows remote attackers to inject arbitrary web script or HTML via the search parameters.

4.3
2005-12-14 CVE-2005-4235 Whmcompletesolution Cross-Site Scripting vulnerability in WHMCompleteSolution

Cross-site scripting (XSS) vulnerability in knowledgebase.php in WHMCompleteSolution 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameters.

4.3
2005-12-14 CVE-2005-4231 PHP WEB Scripts Input Validation vulnerability in Link Up Gold

Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) link parameter to tell_friend.php, (2) phrase[] parameter to search.php in a search_links_advanced action, and the (3) direction or (4) sort parameter to articles.php.

4.3
2005-12-14 CVE-2005-4229 Everyauction Cross-Site Scripting vulnerability in EveryAuction Auction.PL

Cross-site scripting (XSS) vulnerability in auction.pl in EveryAuction 1.53 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.

4.3
2005-12-14 CVE-2005-4222 Lars Ellingsen Unspecified vulnerability in Lars Ellingsen Guestserver

Multiple cross-site scripting (XSS) vulnerabilities in guestbook.cgi in Lars Ellingsen Guestserver 4.13 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified message fields.

4.3
2005-12-13 CVE-2005-3352 Apache Unspecified vulnerability in Apache Http Server

Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.

4.3
2005-12-13 CVE-2005-4209 ALT N Code Injection vulnerability in Alt-N Mdaemon and Worldclient

WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to prevent arbitrary users from accessing their inboxes via script tags in the Subject header of an e-mail message, which prevents the user from being able to access the Inbox folder, possibly due to a cross-site scripting (XSS) vulnerability.

4.3
2005-12-13 CVE-2005-4205 Locazo Unspecified vulnerability in Locazo Locazolist Classifieds

Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter.

4.3
2005-12-13 CVE-2005-4204 Logisphere Cross-Site Scripting vulnerability in Logisphere 0.9.9J

Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows remote attackers to inject arbitrary Javascript via the msg command.

4.3
2005-12-13 CVE-2005-4196 Internet Scout Input Validation vulnerability in Internet Scout Portal Toolkit 1.3.0Beta

Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the ss parameter in SPT--QuickSearch.php; (2) ParentId parameter in SPT--BrowseResources.php; (3) the ResourceId parameter in SPT--FullRecord.php; (4) ResourceOffset parameter in SPT--Home.php, (5) F_SearchString parameter in SPT--QuickSearch.php; (6) F_UserName and (7) F_Password parameters in SPT--UserLogin.php; (8) F_SearchCat1, (9) F_TextField1, (10) F_SearchCat2, (11) F_TextField2, (12) F_SearchCat3, (13) F_TextField3, (14) F_SearchCat4, (15) F_TextField4, (16) ResourceType, (17) Language, (18) Audience, (19) Format parameters in SPT--AdvancedSearch.php.

4.3
2005-12-13 CVE-2005-4193 Usebb Cross-Site Scripting vulnerability in UseBB PHP_SELF

Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows remote attackers to inject arbitrary web script or HTML via the $_SERVER['PHP_SELF'] variable.

4.3
2005-12-12 CVE-2005-4177 Cfmagic Cross-Site Scripting vulnerability in Cfmagic Magic Book Personal and Magic Book Professional

Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book Personal and Professional 2.0 allows remote attackers to inject arbitrary web script or HTML via the StartRow parameter.

4.3
2005-12-13 CVE-2005-4206 Blackboard Unspecified vulnerability in Blackboard Learning and Community Post Systems 6.2.3.23/6.3.1.424

Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to appear to be part of a valid page.

4.0

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-12-15 CVE-2005-4268 GNU Buffer Errors vulnerability in GNU Cpio 2.68

Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.

3.7
2005-12-13 CVE-2005-4192 Horde Remote HTML Injection vulnerability in Horde Mnemo

Multiple cross-site scripting (XSS) vulnerabilities in templates/notepads/notepads.inc in Horde Mnemo Note Manager H3 before 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) the notepad's name or (2) description, when creating a new notepad.

3.5
2005-12-13 CVE-2005-4191 Horde Remote HTML Injection vulnerability in Horde Nag

Multiple cross-site scripting (XSS) vulnerabilities in templates/tasklists/tasklists.inc in Horde Nag Task List Manager H3 before 2.0.4 allow remote authenticated users to inject arbitrary web script or HTML via (1) the tasklist's name or (2) description, when creating a new tasklist.

3.5
2005-12-13 CVE-2005-4190 Horde Cross-Site Scripting vulnerability in Horde Application Framework

Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.

3.5
2005-12-13 CVE-2005-4189 Horde HTML Injection vulnerability in Horde Kronolith

Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors.

3.5
2005-12-15 CVE-2005-4273 IBM Unspecified vulnerability in IBM AIX 5.3/5.3L

Multiple unspecified vulnerabilities in (1) getShell and (2) getCommand in IBM AIX 5.3 allow local users to append to arbitrary files.

2.1