Weekly Vulnerabilities Reports > December 19 to 25, 2005

Overview

181 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 61 high severity vulnerabilities. This weekly summary report vulnerabilities in 181 products from 134 vendors including Macromedia, Blackboard, Iatek, Phpbb Group, and Mailenable. Vulnerabilities are notably categorized as "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Unchecked Return Value", and "Resource Management Errors".

  • 171 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 10 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 172 reported vulnerabilities are exploitable by an anonymous user.
  • Macromedia has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Vmware has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

6 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-12-21 CVE-2005-4459 Vmware Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare products

Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.

10.0
2005-12-21 CVE-2005-4448 Flatnuke Directory Traversal vulnerability in Flatnuke 2.5.6

FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext password, which allows attackers to gain privileges by obtaining the password hash (possibly via CVE-2005-2813), then calculating the credentials and including them in the secid cookie.

10.0
2005-12-20 CVE-2005-4414 Open LAB Remote Security vulnerability in Open LAB Teamwork Alpha1.2/Alpha1.4/Alpha1.6

Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown impact and attack vectors, related to "a menu security bug."

10.0
2005-12-19 CVE-2005-4338 Blackboard Remote Security vulnerability in Blackboard Academic Suite 6.2.3.23/6.3.1.424

announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to "admin".

10.0
2005-12-21 CVE-2005-4458 Metadot Privilege Escalation vulnerability in MetaDot Portal Server Site_Mgr Group

Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group.

9.0
2005-12-21 CVE-2005-4453 Ultraapps Privilege Escalation vulnerability in Ultraapps Issue Manager 2.1

UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote authenticated users to gain administrator privileges by modifying the original (1) p_User_user_id and (2) User_user_id parameters to UserProfile.aspx, then modifying the password field.

9.0

61 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-12-22 CVE-2005-4504 Apple Remote Denial of Service vulnerability in Apple Mac OS X KHTMLParser

The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag.

7.8
2005-12-22 CVE-2005-4464 Ingate Remote Kernel Deadlock Denial Of Service vulnerability in Ingate Firewall and SIParator

Ingate Firewall before 4.3.4 and SIParator before 4.3.4 allows remote attackers to cause a denial of service (kernel deadlock) by sending a SYN packet for a TCP stream, which requires an RST packet in response.

7.8
2005-12-21 CVE-2005-4456 Mailenable IMAP Remote Buffer Overflow vulnerability in MailEnable

Multiple buffer overflows in MailEnable Professional 1.71 and Enterprise 1.1 before patch ME-10009 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) LIST, (2) LSUB, and (3) UID FETCH commands.

7.8
2005-12-21 CVE-2005-4439 Elog Remote Buffer Overflow vulnerability in Elog Elogd 2.6.0Beta4

Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a URL with a long (1) cmd or (2) mode parameter.

7.8
2005-12-21 CVE-2005-4436 Extended Interior Gateway Routing Protocol Remote Denial Of Service vulnerability in Cisco EIGRP Protocol Unauthenticated Goodbye Packet

Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS after 12.3(2), 12.3(3)B, and 12.3(2)T and other products, allows remote attackers to cause a denial of service by sending a "spoofed neighbor announcement" with (1) mismatched k values or (2) "goodbye message" Type-Length-Value (TLV).

7.8
2005-12-21 CVE-2005-4348 Fetchmail Resource Management Errors vulnerability in Fetchmail

fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.

7.8
2005-12-20 CVE-2005-4425 Kerio Denial of Service vulnerability in Kerio WinRoute Firewall RTSP Stream

Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to cause a denial of service (crash) via certain RTSP streams.

7.8
2005-12-20 CVE-2005-4360 Microsoft Unchecked Return Value vulnerability in Microsoft Internet Information Services 5.1

The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0".

7.8
2005-12-20 CVE-2005-4350 SUN Denial of Service vulnerability in SUN Wbem Services A.01.05.11/A.02.00.07

Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 and A.02.x before A.02.00.08 on HP-UX B.11.00 through B.11.23 allows remote attackers to cause an unspecified denial of service via unknown attack vectors.

7.8
2005-12-23 CVE-2005-4515 Lois Software SQL Injection vulnerability in Lois Software Webdb 1.0

** DISPUTED ** SQL injection vulnerability in WebDB 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search parameters, possibly Search0.

7.5
2005-12-23 CVE-2005-4509 Parallel Tools Consortium SQL Injection vulnerability in pTools Index.ASP

SQL injection vulnerability in index.asp in pTools allows remote attackers to execute arbitrary SQL commands via the docID parameter.

7.5
2005-12-22 CVE-2005-3536 Phpbb Group Multiple Unspecified vulnerability in PHPBB

SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type.

7.5
2005-12-22 CVE-2005-4500 Musicbox SQL Injection vulnerability in Musicbox 2.3

SQL injection vulnerability in MusicBox 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) show and (2) type parameter.

7.5
2005-12-22 CVE-2005-3534 Wouter Verhelst Buffer Errors vulnerability in Wouter Verhelst NBD 2.7.5/2.8.0/2.8.2

Buffer overflow in the Network Block Device (nbd) server 2.7.5 and earlier, and 2.8.0 through 2.8.2, allows remote attackers to execute arbitrary code via a large request, which is written past the end of the buffer because nbd does not account for memory taken by the reply header.

7.5
2005-12-22 CVE-2005-4499 Cisco Information Disclosure vulnerability in Cisco Downloadable RADIUS Policies

The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS.

7.5
2005-12-22 CVE-2005-4495 Spiremedia SQL Injection vulnerability in Spiremedia MX7

** DISPUTED ** SQL injection vulnerability in index.cfm in SpireMedia mx7 allows remote attackers to execute arbitrary SQL commands via the cid parameter.

7.5
2005-12-22 CVE-2005-4486 Quantum ART SQL Injection vulnerability in Quantum Art QP7.Enterprise

** DISPUTED ** SQL injection vulnerability in Quantum Art QP7.Enterprise (formerly Q-Publishing) allows remote attackers to execute arbitrary SQL commands via the p_news_id parameter to (1) news_and_events_new.asp and (2) news.asp.

7.5
2005-12-22 CVE-2005-4479 Phpslash SQL Injection vulnerability in PHPslash 0.8.1

SQL injection vulnerability in article.php in phpSlash 0.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the story_id parameter.

7.5
2005-12-22 CVE-2005-4478 Papoo SQL Injection vulnerability in Papoo

Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) menuid parameter to (a) index.php and (b) guestbook.php, and the (2) forumid and (3) reporeid_print parameters to (c) print.php.

7.5
2005-12-22 CVE-2005-4472 Macromedia Multiple vulnerability in Macromedia JRun

Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request that is not properly handled during conversion to wide characters.

7.5
2005-12-22 CVE-2005-4470 Blender Integer Overflow vulnerability in Blender BlenLoader File Processing

Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow.

7.5
2005-12-22 CVE-2005-4469 Phpgedview Remote Script Code Execution vulnerability in PHPGedView

Multiple direct static code injection vulnerabilities in PHPGedView 3.3.7 and earlier allow remote attackers to execute arbitrary PHP code via (1) the username field in login.php, or the (2) user_language, (3) user_email, and (4) user_gedcomid parameters in login_register.php, which is directly inserted into authenticate.php.

7.5
2005-12-22 CVE-2005-4468 Phpgedview Remote Script Code Execution vulnerability in PHPGedView

PHP remote file include vulnerability in help_text_vars.php in PHPGedView 3.3.7 and earlier allows remote attackers to execute arbitrary code via a URL in the PGV_BASE_DIRECTORY parameter.

7.5
2005-12-22 CVE-2005-4466 Interactive Intelligence Remote Heap Corruption Denial Of Service vulnerability in Interactive Intelligence Interaction SIP Proxy 3.0.010

Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll in Interaction SIP Proxy before 3.0.011 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a REGISTER request with a SPI version number that contains a large number of space or tab characters.

7.5
2005-12-22 CVE-2005-4465 NEC Denial Of Service vulnerability in NEC UNIVERGE IX1000/IX2000/IX3000 IKE Exchange

The Internet Key Exchange version 1 (IKEv1) implementation in NEC UNIVERGE IX1000, IX2000, and IX3000 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

7.5
2005-12-21 CVE-2005-4462 Tolva Remote File Include vulnerability in Tolva 0.1.0

PHP remote file include vulnerability in usermods.php in Tolva PHP website system 0.1.0 allows remote attackers to execute arbitrary code via a URL in the ROOT parameter.

7.5
2005-12-21 CVE-2005-4461 Beehive Forum SQL Injection vulnerability in Beehive Forum

SQL injection vulnerability in index.php in Beehive Forum 0.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_sess parameter.

7.5
2005-12-21 CVE-2005-4457 Mailenable Denial-Of-Service vulnerability in Mailenable Enterprise 1.1

MailEnable Enterprise 1.1 before patch ME-10009 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via several "..." (triple dot) sequences in a UID FETCH command.

7.5
2005-12-21 CVE-2005-4451 HP Remote Unauthorized Access vulnerability in HP Hp-Ux 11.11

Unspecified vulnerability in Software Distributor in HP-UX B.11.11 allows remote attackers to gain access via unspecified attack vectors.

7.5
2005-12-21 CVE-2005-4450 Phpmyadmin Cross-Site Request Forgery vulnerability in PHPmyadmin 2.7.0Pl1

Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters.

7.5
2005-12-21 CVE-2005-4267 Qualcomm Buffer Errors vulnerability in Qualcomm Worldmail 3.0

Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote attackers to execute arbitrary code via a long IMAP command that ends with a "}" character, as demonstrated using long (1) LIST, (2) LSUB, (3) SEARCH TEXT, (4) STATUS INBOX, (5) AUTHENTICATE, (6) FETCH, (7) SELECT, and (8) COPY commands.

7.5
2005-12-21 CVE-2005-4447 Coinsoft Technologies SQL-Injection vulnerability in phpCOIN

SQL injection vulnerability in articles\articles_funcs.php in phpCOIN 1.2.2 allows remote attackers to modify SQL syntax and possibly execute SQL in limited circumstances via the rec_next parameter.

7.5
2005-12-21 CVE-2005-4438 Dec2Rar DLL Heap Overflow vulnerability in Dec2Rar.Dll 3.2.14.3

Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in the Symantec Antivirus Library and used by various Symantec products, allows remote attackers to execute arbitrary code via RAR archives with sub-block headers that contain incorrect values in the length field.

7.5
2005-12-21 CVE-2005-4437 Extended Interior Gateway Routing Protocol Unspecified vulnerability in Extended Interior Gateway Routing Protocol Extended Interior Gateway Routing Protocol 1.2

MD5 Neighbor Authentication in Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS 11.3 and later, does not include the Message Authentication Code (MAC) in the checksum, which allows remote attackers to sniff message hashes and (1) replay EIGRP HELLO messages or (2) cause a denial of service by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network.

7.5
2005-12-21 CVE-2005-4431 Wowbb SQL-Injection vulnerability in Wowbb 1.65

SQL injection vulnerability in WowBB 1.65 allows remote attackers to execute arbitrary SQL commands via the q parameter to search.php.

7.5
2005-12-21 CVE-2005-4430 Logicnow SQL Injection vulnerability in LogicBill

SQL injection vulnerability in LogicBill 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) __mode and (2) __id parameters to helpdesk.php.

7.5
2005-12-21 CVE-2005-4429 CS Cart SQL Injection vulnerability in Cs-Cart 1.3.0

SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php.

7.5
2005-12-20 CVE-2005-4427 Cerberus Input Validation vulnerability in Cerberus Helpdesk 2.649

Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address variable in structs.php, (5) kbid parameter to cer_KnowledgebaseHandler.class.php, (6) queues[] parameter to addresses_export.php, (7) $thread variable to display.php, (8) ticket parameter to display_ticket_thread.php.

7.5
2005-12-20 CVE-2005-4421 DEV Editor Unspecified vulnerability in Dev-Editor

Dev-Editor 3.0 allows remote attackers to access any directory outside the web root whose name is a substring of the web root directory name.

7.5
2005-12-20 CVE-2005-4419 Quicksquare Development Input Validation vulnerability in Quick Square Development Honeycomb Archive

Multiple SQL injection vulnerabilities in CategoryResults.cfm in Honeycomb Archive and Honeycomb Archive Enterprise 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) series, (2) cat_parent, (3) cat, and (4) div parameters.

7.5
2005-12-20 CVE-2005-4416 TML Input Validation vulnerability in TML 0.5

SQL injection vulnerability in index.php in TML CMS 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2005-12-20 CVE-2005-4411 David Harris Remote Mailbox Name Service Buffer Overflow vulnerability in David Harris Mercury Mail Transport System 4.01B

Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long request to TCP port 105.

7.5
2005-12-20 CVE-2005-4408 PC Media SQL Injection vulnerability in Miraserver

Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) id parameter to newsitem.php, and (3) cat parameter to article.php.

7.5
2005-12-20 CVE-2005-4406 TMC Visionpool Input Validation vulnerability in Mercury CMS

SQL injection vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.

7.5
2005-12-20 CVE-2005-4404 Media2 CMS SQL-Injection vulnerability in Media2 Cms Shop

SQL injection vulnerability in default.asp in Media2 CMS Shop 18.x allows remote attackers to execute arbitrary SQL commands via the item parameter.

7.5
2005-12-20 CVE-2005-4403 QCM SQL Injection vulnerability in Marwel

SQL injection vulnerability in index.php in Marwel 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the show parameter.

7.5
2005-12-20 CVE-2005-4397 Icms Content Management Systems SQL-Injection vulnerability in Icms

SQL injection vulnerability in RunScript.asp iCMS allows remote attackers to execute arbitrary SQL commands via the Event_ID parameter.

7.5
2005-12-20 CVE-2005-4392 E Publish Input Validation vulnerability in E-Publish

SQL injection vulnerability in printer_friendly.cfm in e-publish CMS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2005-12-20 CVE-2005-4390 Contentserv SQL Injection vulnerability in ContentServ

SQL injection vulnerability in index.php in ContentServ 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the StoryID parameter.

7.5
2005-12-20 CVE-2005-4382 Citysoft SQL Injection vulnerability in Citysoft Community Enterprise

SQL injection vulnerability in CitySoft Community Enterprise 4.x allows remote attackers to execute arbitrary SQL commands via the (1) nodeID, (2) pageID, (3) ID, and (4) parentid parameter to index.cfm; and (5) documentFormatId parameter to document/docWindow.cfm.

7.5
2005-12-20 CVE-2005-4380 Bitweaver SQL Injection vulnerability in Bitweaver 1.1/1.1.1Beta

Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; and the (3) blog_id parameter to (e) blogs/view.php, which are not properly cleansed by the convert_sortmode function in kernel/BitDb.php.

7.5
2005-12-20 CVE-2005-4378 NMA Input Validation vulnerability in Baseline CMS

SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to execute arbitrary SQL commands via the SiteNodeID parameter.

7.5
2005-12-20 CVE-2005-4370 Acidcat Input Validation vulnerability in Acidcat CMS

SQL injection vulnerability in main_content.asp in Acidcat 2.1.13 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter to default.asp.

7.5
2005-12-20 CVE-2005-4356 Xmpie SQL-Injection vulnerability in Ustore

SQL injection vulnerability in UStore allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.

7.5
2005-12-20 CVE-2005-4353 Toenda Software Development SQL-Injection vulnerability in Toenda Software Development Toendacms 0.6.2.1

SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when configured to use a SQL database, allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2005-12-19 CVE-2005-4342 Macromedia Multiple vulnerability in Macromedia Coldfusion 6.0/6.1/7.0

ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability."

7.5
2005-12-19 CVE-2005-4337 Blackboard Security Bypass vulnerability in Blackboard Academic Suite 6.2.3.23/6.3.1.424

The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to bypass authentication and gain privileges as other users via a modified user_id parameter and a "/" in the encoded_pw parameter.

7.5
2005-12-23 CVE-2005-4505 Mcafee Local Privilege Escalation vulnerability in McAfee VirusScan Path Specification

Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path.

7.2
2005-12-21 CVE-2005-4443 Gauche Packages Insecure RUNPATH vulnerability in Gentoo Linux

Untrusted search path vulnerability in Gauche before 0.8.6-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.

7.2
2005-12-21 CVE-2005-4442 Openldap Packages Insecure RUNPATH vulnerability in Gentoo Linux

Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.

7.2
2005-12-19 CVE-2005-4345 Macromedia Multiple vulnerability in Macromedia Coldfusion 7.0

Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges.

7.2

110 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-12-22 CVE-2005-4493 Speartek Cross-Site Scripting vulnerability in Speartek 6.0

Cross-site scripting (XSS) vulnerability in SpearTek 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.

6.8
2005-12-22 CVE-2005-4482 Iatek Cross-Site Scripting vulnerability in Iatek Portalapp 3.3

Cross-site scripting (XSS) vulnerability in login.asp in PortalApp 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the ret_page parameter.

6.8
2005-12-22 CVE-2005-4481 Polopoly Cross-Site Scripting vulnerability in RETIRED: Polopoly Search Module

** DISPUTED ** Cross-site scripting (XSS) vulnerability in Polopoly 9 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.

6.8
2005-12-22 CVE-2005-4480 Plexcor Cross-Site Scripting vulnerability in Plexcor CMS 4.0

Cross-site scripting (XSS) vulnerability in Plexcor CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.

6.8
2005-12-22 CVE-2005-4477 Papaya Cross-Site Scripting vulnerability in Papaya CMS

Cross-site scripting (XSS) vulnerability in papaya CMS 4.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the bab[searchfor] parameter.

6.8
2005-12-22 CVE-2005-4476 Openedit INC Cross-Site Scripting vulnerability in OpenEdit Results.HTML

Cross-site scripting (XSS) vulnerability in store/search/results.html in OpenEdit 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) oe-action and (2) page parameters.

6.8
2005-12-22 CVE-2005-4475 Alkacon Cross-Site Scripting vulnerability in OpenCMS Search Module

Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.

6.8
2005-12-20 CVE-2005-4424 Phpkit Input Validation vulnerability in PHPkit 1.6.02/1.6.03/1.6.1

Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a ..

6.5
2005-12-20 CVE-2005-4423 Phpfm Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, as demonstrated using a file with a .php extension, aka "upload phpshell."
6.5
2005-12-20 CVE-2005-4422 Toenda Software Development Remote File Upload vulnerability in Toenda Software Development Toendacms 0.6.1

Unrestricted file upload vulnerability in toendaCMS before 0.6.2 Stable allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in data/images/albums.

6.5
2005-12-20 CVE-2005-4402 Mailenable Remote Security vulnerability in MailEnable Enterprise

Buffer overflow in MailEnable Professional 1.71 and earlier, and Enterprise 1.1 and earlier, allows remote authenticated users to execute arbitrary code via a long IMAP EXAMINE command.

6.5
2005-12-19 CVE-2005-4349 Phpmyadmin SQL Injection vulnerability in PHPmyadmin 2.7.0

** DISPUTED ** SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters.

6.5
2005-12-20 CVE-2005-4417 Anycom
Belkin
Widcomm
Remote Security vulnerability in Blue Usb-130-250 Software

The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and earlier, as installed on Belkin Bluetooth Software 1.4.2 Build 10 and ANYCOM Blue USB-130-250 Software 4.0.1.1500, and possibly other devices, sets null Authentication and Authorization values, which allows remote attackers to send arbitrary audio and possibly eavesdrop using the microphone via the Hands Free Audio Gateway and Headset profile.

6.4
2005-12-20 CVE-2005-4384 Citysoft Remote Security vulnerability in Citysoft Community Enterprise 4.X

CitySoft Community Enterprise 4.x allows remote attackers to obtain the full path of the server via an invalid (1) fuseaction parameter to index.cfm and (2) documentid parameter to document/docWindow.cfm.

6.4
2005-12-20 CVE-2005-4366 FAD Solutions SQL Injection vulnerability in FAD Solutions Drzes HMS 3.2

Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php; (2) the customerPlanID parameter to viewplan.php; (3) the ref_id parameter to referred_plans.php; (4) customerPlanID parameter to listcharges.php; and (5) the domain parameter to (k) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php.

6.4
2005-12-20 CVE-2005-4359 Oodie SQL-Injection vulnerability in Oodie Odfaq 1.21B/2.1.0

SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 allows remote attackers to execute arbitrary SQL commands via the (1) cat and (2) srcText parameters to faq.php.

6.4
2005-12-20 CVE-2005-4367 FAD Solutions Cross-Site Scripting vulnerability in FAD Solutions Drzes HMS 3.2

Cross-site scripting (XSS) vulnerability in register_domain.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the "Domain Availability" field.

5.8
2005-12-20 CVE-2005-4364 HOT Banana Cross-Site Scripting vulnerability in HOT Banana web Content Management Suite 5.3

Cross-site scripting (XSS) vulnerability in index.cfm in Hot Banana Web Content Management Suite 5.3 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.

5.8
2005-12-20 CVE-2005-4363 Komodo Input Validation vulnerability in Komodo CMS 2.1

Cross-site scripting (XSS) vulnerability in the search engine in Komodo CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.

5.8
2005-12-22 CVE-2005-4474 Rarlab Buffer Overflow vulnerability in Rarlab Winrar 3.51

Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code page and non-ANSI characters, as demonstrated using a Chinese filename, possibly due to buffer expansion when using the WideCharToMultiByte API.

5.1
2005-12-21 CVE-2005-4460 Beehive Forum HTML Injection vulnerability in Beehive Forum

Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Description, and (3) Comment fields to (a) links.php and (b) links_add.php.

5.1
2005-12-21 CVE-2005-4445 David Harris Remote Code Execution vulnerability in Pegasus Mail

Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows remote attackers to execute arbitrary code via a long email message header, which triggers a one-byte buffer overflow.

5.1
2005-12-21 CVE-2005-4444 David Harris Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in David Harris Pegasus Mail

Stack-based buffer overflow in the trace message functionality in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allow remote attackers to execute arbitrary code via a long POP3 reply.

5.1
2005-12-23 CVE-2005-4514 Webwasher Unspecified vulnerability in Webwasher CSM Appliance Suite 5.0

** DISPUTED ** The encapsulation script mechanism in Webwasher CSM Appliance Suite 5.x uses case-sensitive detection of malicious tokens, which allows attackers to bypass script detection by using tokens that can be upper or lower case.

5.0
2005-12-23 CVE-2005-4510 Extensis Directory Traversal vulnerability in Extensis Netpublish Server 7.0

Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via "../" sequences in the template parameter.

5.0
2005-12-23 CVE-2005-4508 Nexus Concepts Remote Security vulnerability in Dev Hound

Nexus Concepts Dev Hound 2.24 and earlier allows remote attackers to obtain the installation path via a URL containing a non-existent .dll file.

5.0
2005-12-22 CVE-2005-3537 Phpbb Group Multiple Unspecified vulnerability in PHPBB

A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs.

5.0
2005-12-22 CVE-2005-4503 NET Square Multiple vulnerability in Net-Square Httprint 202

httprint v202, and possibly other versions before v301, allows remote attackers to cause a denial of service (crash) via a long Server field in an HTTP response.

5.0
2005-12-22 CVE-2005-4473 Macromedia Multiple vulnerability in Macromedia JRun

Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows remote attackers to view web application source code via "a malformed URL."

5.0
2005-12-22 CVE-2005-4471 Avaya Remote Denial of Service vulnerability in Avaya Modular Messaging Message Storage Server 1.1/2.0

POP3 service in Avaya Modular Messaging Message Storage Server (MSS) 2.0 SP 4 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted packets.

5.0
2005-12-22 CVE-2005-4467 Phpgedview Remote Script Code Execution vulnerability in PHPGedView

Directory traversal vulnerability in help_text_vars.php in PHPGedView 3.3.7 and earlier allows remote attackers to read and include arbitrary files via a ..

5.0
2005-12-21 CVE-2005-4463 Wordpress Information Disclosure vulnerability in WordPress

WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, and (6) wp-admin/edit-form-comment.php, which leaks the path in an error message related to undefined functions or failed includes.

5.0
2005-12-21 CVE-2005-4455 Livejournal Remote Security vulnerability in LiveJournal

cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting languages via the XSL namespace in XML, via vectors such as customview.cgi.

5.0
2005-12-21 CVE-2005-4452 Information Call Center Information Disclosure vulnerability in Information Call Center

Information Call Center stores the CallCenterData.mdb database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords.

5.0
2005-12-21 CVE-2005-3657 Mcafee Unspecified vulnerability in Mcafee Mcinsctl.Dll and Virusscan Security Center

The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center does not use the IObjectSafetySiteLock API to restrict access to required domains, which allows remote attackers to create or append to arbitrary files via the StartLog and AddLog methods in the MCINSTALL.McLog object.

5.0
2005-12-21 CVE-2005-4441 Pvlan Protocol Security Bypass vulnerability in Pvlan Protocol

The PVLAN protocol allows remote attackers to bypass network segmentation and spoof PVLAN traffic via a PVLAN message with a target MAC address that is set to a gateway router, which causes the packet to be sent to the router, where the source MAC is modified, aka "Modification of the MAC spoofing PVLAN jumping attack," as demonstrated by pvlan.c.

5.0
2005-12-21 CVE-2005-4440 Vlan Protocol Security Bypass vulnerability in Vlan Protocol Vlan Protocol 802.1Q

The 802.1q VLAN protocol allows remote attackers to bypass network segmentation and spoof VLAN traffic via a message with two 802.1q tags, which causes the second tag to be redirected from a downstream switch after the first tag has been stripped, as demonstrated by Yersinia, aka "double-tagging VLAN jumping attack."

5.0
2005-12-20 CVE-2005-4405 Random Mouse Software Remote Security vulnerability in Red Queen

redqueen.cgi in Red Queen 1.02 and earlier allows remote attackers to obtain the full server path via invalid (1) yellowpage_id, (2) skin_id, (3) supplier_id, and (4) module parameters, which leaks the path in an error message.

5.0
2005-12-20 CVE-2005-4389 Contens Remote Security vulnerability in Contens 2.5/3.0

search.cfm in CONTENS 3.0 and earlier allows remote attackers to obtain the full server path via invalid (1) submit.y, (2) bool, (3) itemsperpage, (4) submit, (5) submit.x, (6) criteria, (7) advanced, and (8) intern parameters.

5.0
2005-12-20 CVE-2005-4376 BOX UK Denial-Of-Service vulnerability in BOX UK Amaxus 3

Directory traversal vulnerability in Amaxus 3 and earlier allows remote attackers to access arbitrary files via ".." sequences in the change parameter.

5.0
2005-12-20 CVE-2005-4373 Liquid Bytes Technologies Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to obtain the full path of the application via an invalid mode parameter to community.html, which leaks the path in an error message.
5.0
2005-12-20 CVE-2005-4371 Acidcat Input Validation vulnerability in Acidcat CMS

Acidcat 2.1.13 and earlier stores the database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a request to databases/acidcat.mdb.

5.0
2005-12-20 CVE-2005-4368 Roundcube Information Exposure vulnerability in Roundcube Webmail

roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message.

5.0
2005-12-20 CVE-2005-4362 Komodo Input Validation vulnerability in Komodo CMS 2.1

SQL injection vulnerability in page.php in Komodo CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter.

5.0
2005-12-20 CVE-2005-4358 Phpbb Group Remote Security vulnerability in PHPbb Group PHPbb 2.0.18

admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message.

5.0
2005-12-19 CVE-2005-4346 Anthony Boyd SQL-Injection vulnerability in Phpbb Blog

Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message.

5.0
2005-12-19 CVE-2005-4343 Macromedia Multiple vulnerability in Macromedia Coldfusion 6.0/6.1/7.0

Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability".

5.0
2005-12-19 CVE-2005-4341 Blackboard Remote Security vulnerability in Blackboard Academic Suite 6.2.3.23/6.3.1.424

Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to list all available categories via a blank category_id parameter to category.pl.

5.0
2005-12-22 CVE-2005-3660 Linux Local Socket Buffer Memory Exhaustion Denial of Service vulnerability in Linux Kernel

Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.

4.9
2005-12-23 CVE-2005-4511 Curtis Hawthorne Denial-Of-Service vulnerability in Curtis Hawthorne Tn3270 Resource Gateway 1.0.0/1.0.1/1.1.0

Format string vulnerability in TN3270 Resource Gateway 1.1.0 allows local users to cause a denial of service and possibly execute arbitrary code via format string specifiers in syslog function calls.

4.6
2005-12-23 CVE-2005-4506 Nexus Concepts Multiple vulnerability in Nexus Concepts Dev Hound

Nexus Concepts Dev Hound 2.24 and earlier stores username and password information in cleartext in the devhound.tdbd file, which allows local users to gain privileges.

4.6
2005-12-22 CVE-2005-3631 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop

udev does not properly set permissions on certain files in /dev/input, which allows local users to obtain sensitive data that is entered at the console, such as user passwords.

4.6
2005-12-23 CVE-2005-4513 Wandsoft Cross-Site Scripting vulnerability in WandSoft E-Search

Cross-site scripting (XSS) vulnerability in WANDSOFT e-SEARCH allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the keywords parameter.

4.3
2005-12-23 CVE-2005-4512 Waxtrapp Cross-Site Scripting vulnerability in WaxTrapp Search Module

Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.

4.3
2005-12-23 CVE-2005-4507 Nexus Concepts Multiple vulnerability in Nexus Concepts Dev Hound

Multiple cross-site scripting (XSS) vulnerabilities in Nexus Concepts Dev Hound 2.24 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple unspecified user input fields.

4.3
2005-12-22 CVE-2005-4502 NET Square Multiple vulnerability in Net-Square Httprint 202

Cross-site scripting (XSS) vulnerability in httprint v202, and possibly other versions before v301, allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response, which is not sanitized before being displayed to the user.

4.3
2005-12-22 CVE-2005-4501 Mediawiki Unspecified vulnerability in Mediawiki

MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer.

4.3
2005-12-22 CVE-2005-4498 Text E Cross-Site Scripting vulnerability in Text-E CMS 1.6.4

Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.

4.3
2005-12-22 CVE-2005-4497 Tangora Cross-Site Scripting vulnerability in Tangora Portal CMS Action Parameter

Cross-site scripting (XSS) vulnerability in Tangora Portal CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter in a search page, as demonstrated using (1) page1631.aspx and (2) page496.aspx.

4.3
2005-12-22 CVE-2005-4496 Forum ONE Cross-Site Scripting vulnerability in SyntaxCMS Search Query

Cross-site scripting (XSS) vulnerability in search in SyntaxCMS 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search_query parameter.

4.3
2005-12-22 CVE-2005-4492 Starphire Technologies Cross-SIte Scripting vulnerability in Starphire Technologies SiteSage

Cross-site scripting (XSS) vulnerability in Starphire SiteSage 5.0.18 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the norelay_highlight_words parameter.

4.3
2005-12-22 CVE-2005-4491 Sitekit Solutions Cross-Site Scripting vulnerability in Sitekit Solutions Sitekit CMS

Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) textonly, (3) locID, and (4) lang parameters to (a) Default.aspx, and the (6) ClickFrom parameter to (b) Request-call-back.html and (c) registration-form.html.

4.3
2005-12-22 CVE-2005-4490 Commercial Interactive Media Cross-Site Scripting vulnerability in Commercial Interactive Media SCOOP!

Multiple cross-site scripting (XSS) vulnerabilities in SCOOP! 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword and (2) invalid parameter to articleSearch.asp; (3) username and (4) invalid parameter to lostPassword.asp; (5) Username, (6) Password, and (7) invalid parameter to account_login.asp; (8) area, (9) articleZoneID, (10) r, and (11) invalid parameters to category.asp; and invalid parameters to (12) articleZone.asp, (13) prePurchaserRegistration.asp, and (14) requestDemo.asp.

4.3
2005-12-22 CVE-2005-4489 Scoop Cross-Site Scripting vulnerability in Scoop

Cross-site scripting (XSS) vulnerability in Scoop 1.1 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) type and (2) count parameters, and (3) the query string in a story.

4.3
2005-12-22 CVE-2005-4488 Computeroil Cross-Site Scripting vulnerability in ComputerOil Redakto CMS

Multiple cross-site scripting (XSS) vulnerabilities in index.tpl in Redakto WCMS 3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) iid, (2) iid2, (3) r, (4) cart, (5) str, (6) nf, and (7) a parameters.

4.3
2005-12-22 CVE-2005-4487 Ramsite Cross-Site Scripting vulnerability in RAMSite R1 CMS

Cross-site scripting (XSS) vulnerability in RAMSite R|1 CMS 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter.

4.3
2005-12-22 CVE-2005-4485 Iatek Cross-Site Scripting vulnerability in Iatek Projectapp

Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) search_employees.asp, (3) cat.asp, and (4) links.asp; (5) projectid parameter to pmprojects.asp, (6) ret_page parameter to login.asp, and (7) skin_number parameter to default.asp.

4.3
2005-12-22 CVE-2005-4484 Iatek Cross-Site Scripting vulnerability in IntranetApp

Multiple cross-site scripting (XSS) vulnerabilities in IntranetApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ret_page parameter to login.asp or the (2) do_search and (3) search parameters to content.asp.

4.3
2005-12-22 CVE-2005-4483 Iatek Cross-Site Scripting vulnerability in SiteEnable Login.ASP

Cross-site scripting (XSS) vulnerability in login.asp in SiteEnable 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the ret_page parameter.

4.3
2005-12-21 CVE-2005-4454 Livejournal HTML Injection vulnerability in LiveJournal Cleanhtml.PL

Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks via a "\" (backslash) within a "javascript" scheme in a style property (such as "javas\cript"), which bypasses the "javascript" check before the "\" is stripped and then rendered in web browsers that allow scripting in style sheets.

4.3
2005-12-21 CVE-2005-4446 Aspbite Cross-Site Scripting vulnerability in Aspbite 8

Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x allows remote attackers to inject arbitrary web script or HTML via the strSearch parameter.

4.3
2005-12-21 CVE-2005-4435 Abledesign Cross-Site Scripting vulnerability in Abledesign D-Man 3.0

Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter.

4.3
2005-12-21 CVE-2005-4434 Abledesign Cross-Site Scripting vulnerability in Abledesign 2.0

Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch 2.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2005-12-21 CVE-2005-4433 Esselbach Internet Solutions Cross-Site Scripting vulnerability in Esselbach Internet Solutions Esselbach Storyteller CMS 1.8

Cross-site scripting (XSS) vulnerability in search.php in Esselbach Storyteller CMS 1.8 allows remote attackers to inject arbitrary web script or HTML via the query parameter, which is used by the Search field.

4.3
2005-12-21 CVE-2005-4432 Playsms Cross-Site Scripting vulnerability in Playsms 0.8

Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 allows remote attackers to inject arbitrary web script or HTML via the err parameter.

4.3
2005-12-20 CVE-2005-4428 Cerberus Input Validation vulnerability in Cerberus Helpdesk 2.649

Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_ask parameter.

4.3
2005-12-20 CVE-2005-4420 Quicksquare Development Input Validation vulnerability in Quicksquare Development Honeycomb Archive Enterprise 3.0

Cross-site scripting (XSS) vulnerability in Honeycomb Archive Enterprise 3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the keyword parameter in search.cfm.

4.3
2005-12-20 CVE-2005-4415 TML Input Validation vulnerability in TML 0.5

Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 allows remote attackers to inject arbitrary web script or HTML via the form parameter.

4.3
2005-12-20 CVE-2005-4413 IBM HTML Injection vulnerability in IBM Websphere Application Server 6.0

Multiple cross-site scripting (XSS) vulnerabilities in sample scripts in IBM WebSphere Application Server 6 allow remote attackers to inject arbitrary web script or HTML via the (1) E-mail address field to (a) PlantsByWebSphere/login.jsp, (2) message field to (b) TechnologySample/BulletinBoard Script, (3) Email address field to (c) TechnologySamples/Subscription, and the (4) Movie Name, (5) Movie Reviewer, and (6) Movie Review fields to (d) TechnologySamples/MovieReview2_1.

4.3
2005-12-20 CVE-2005-4410 Nqcontent Cross-Site Scripting vulnerability in Nqcontent V3

Cross-site scripting (XSS) vulnerability in NQcontent 3 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the text parameter.

4.3
2005-12-20 CVE-2005-4409 Mmbase Cross-Site Scripting vulnerability in MMBase Search Module

Cross-site scripting (XSS) vulnerability in MMBase 1.7.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.

4.3
2005-12-20 CVE-2005-4407 TMC Visionpool Cross-Site Scripting vulnerability in Mercury Cms

Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) content and (2) criteria parameters.

4.3
2005-12-20 CVE-2005-4401 Lutece Cross-Site Scripting vulnerability in Lutece Search Module

Cross-site scripting (XSS) vulnerability in Lutece 1.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the query parameter.

4.3
2005-12-20 CVE-2005-4400 Liferay Cross-Site Scripting vulnerability in Liferay Portal Enterprise

Cross-site scripting (XSS) vulnerability in downloads/portal_ent in Liferay Portal Enterprise 3.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) _77_struts_action, (2) p_p_mode, and (3) p_p_state parameters.

4.3
2005-12-20 CVE-2005-4399 Libertas Solutions Cross-Site Scripting vulnerability in Libertas Enterprise CMS

Cross-site scripting (XSS) vulnerability in search/index.php in Libertas Enterprise CMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page_search parameter.

4.3
2005-12-20 CVE-2005-4398 Mindroute Software Cross-Site Scripting vulnerability in Retired: Mindroute Lemoon/Damoon Search Module

** DISPUTED ** NOTE: the vendor has disputed this issue.

4.3
2005-12-20 CVE-2005-4396 Icms Content Management Systems Cross-Site Scripting vulnerability in Icms

Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS allows remote attackers to inject arbitrary web script or HTML via the LoginMSG parameter.

4.3
2005-12-20 CVE-2005-4395 Farcry Cross-Site Scripting vulnerability in FarCry Search Module

Cross-site scripting (XSS) vulnerability in FarCry 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the criteria parameter.

4.3
2005-12-20 CVE-2005-4394 Formicary LTD Cross-Site Scripting vulnerability in EPiX Search Module

Cross-site scripting (XSS) vulnerability in EPiX 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search query parameters.

4.3
2005-12-20 CVE-2005-4393 E Publish Input Validation vulnerability in E-Publish

Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) obcatid and (2) comid parameters.

4.3
2005-12-20 CVE-2005-4391 Mindroute Software Cross-Site Scripting vulnerability in Retired: Mindroute Lemoon/Damoon Search Module

Cross-site scripting (XSS) vulnerability in damoon allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the q parameter.

4.3
2005-12-20 CVE-2005-4388 Contens Cross-Site Scripting vulnerability in CONTENS Near Parameter

Cross-site scripting (XSS) vulnerability in search.cfm in CONTENS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the near parameter.

4.3
2005-12-20 CVE-2005-4387 Contenite Cross-Site Scripting vulnerability in Contenite 0.11

Cross-site scripting (XSS) vulnerability in home.php in contenite 0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2005-12-20 CVE-2005-4386 Colony Cross-Site Scripting vulnerability in Colony products

Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.

4.3
2005-12-20 CVE-2005-4385 Cofax Cross-Site Scripting vulnerability in Cofax Search.HTM

Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.

4.3
2005-12-20 CVE-2005-4383 Citysoft Cross-Site Scripting vulnerability in Citysoft Community Enterprise 4.X

Cross-site scripting (XSS) vulnerability in index.cfm in CitySoft Community Enterprise 4.x allows remote attackers to inject arbitrary web script or HTML via the (1) presentationSite, (2) docPublishYear, (3) docDescription, (4) publishState, (5) docAuthor, (6) docTitle, (7) subTopic, (8) topic, (9) topicRadio, (10) topicOnly, (11) startrow, and (12) sortby parameters.

4.3
2005-12-20 CVE-2005-4381 Caravel CMS Cross-Site Scripting vulnerability in Caravel CMS

Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 Beta 1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fileDN and (2) folderviewer_attrs parameters.

4.3
2005-12-20 CVE-2005-4379 Bitweaver Cross-Site Scripting vulnerability in Bitweaver

Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to inject arbitrary web script or HTML via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; the (3) blog_id parameter to (e) blogs/view.php; and the (4) search field to (f) users/my_groups.php.

4.3
2005-12-20 CVE-2005-4377 NMA Cross-Site Scripting vulnerability in Baseline Cms

Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) PageID and (2) SiteNodeID parameters.

4.3
2005-12-20 CVE-2005-4375 BOX UK Cross-Site Scripting vulnerability in Box UK Amaxus CMS

Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the change parameter.

4.3
2005-12-20 CVE-2005-4374 Allinta Cross-Site Scripting vulnerability in Allinta CMS

Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to faq.asp and (2) searchQuery parameter to search.asp.

4.3
2005-12-20 CVE-2005-4372 Liquid Bytes Technologies Cross-Site Scripting vulnerability in Adaptive Website Framework

Cross-site scripting (XSS) vulnerability in account.html in Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3
2005-12-20 CVE-2005-4369 THE Collective Cross-Site Scripting vulnerability in the Collective Acuity CMS 2.6.2

Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly strSearchKeywords to browse.asp.

4.3
2005-12-20 CVE-2005-4365 Flip Cross-Site Scripting vulnerability in Flip 0.9.0.1029

Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in text.php and (2) frame parameter in forum.php.

4.3
2005-12-20 CVE-2005-4361 Magnolia Cross-Site Scripting vulnerability in Magnolia Content Management Suite 2.1

Cross-site scripting (XSS) vulnerability in search.html in Magnolia Content Management Suite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

4.3
2005-12-20 CVE-2005-4355 Xmpie Cross-Site Scripting vulnerability in Ustore

Multiple cross-site scripting (XSS) vulnerabilities in UStore allow remote attackers to inject arbitrary web script or HTML via the (1) Cat parameter in default.asp and the (2) accessdenied parameter in admin/default.asp.

4.3
2005-12-20 CVE-2005-4354 University OF Arizona Cross-Site Scripting vulnerability in Webglimpse

Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter.

4.3
2005-12-19 CVE-2005-4339 Blackboard Cross-Site Scripting vulnerability in Blackboard Academic Suite 6.2.3.23/6.3.1.424

Cross-site scripting (XSS) vulnerability in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to inject arbitrary web script or HTML via the context parameter to announcement.pl, which is reflected in the resulting page.

4.3
2005-12-21 CVE-2005-4449 Flatnuke Remote Security vulnerability in Flatnuke 2.5.6

verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter.

4.0
2005-12-20 CVE-2005-4426 Yabb HTML Injection vulnerability in YaBB Image Upload

Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312.

4.0

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-12-22 CVE-2005-4494 Spip Cross-Site Scripting vulnerability in Spip 1.8.2

Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3.

2.6
2005-12-20 CVE-2005-4357 Phpbb Group Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.18

Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover.

2.6
2005-12-20 CVE-2005-4412 Citrix Local Security vulnerability in Citrix Program Neighborhood Client 9.1

Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the session to obtain the password by using a tool to directly access the field.

2.1
2005-12-19 CVE-2005-4344 Macromedia Multiple vulnerability in Macromedia Coldfusion 7.0

Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration.

2.1