Weekly Vulnerabilities Reports > January 2 to 8, 2006
Overview
47 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 20 high severity vulnerabilities. This weekly summary report vulnerabilities in 44 products from 41 vendors including Ralph Capper, Enhanced Simple PHP Gallery, Idea Development ID OY, Oaboard, and Vego. Vulnerabilities are notably categorized as "Cross-site Scripting", "Code Injection", "Use of Externally-Controlled Format String", "Resource Management Errors", and "Information Exposure".
- 42 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities have public exploit available.
- 3 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 47 reported vulnerabilities are exploitable by an anonymous user.
- Ralph Capper has the most reported vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
20 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-01-04 | CVE-2006-0081 | Intel | Resource Management Errors vulnerability in Intel Graphics Accelerator Driver 6.14.10.4308 ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics Accelerator Driver 6.14.10.4308 allows attackers to cause a denial of service (crash or screen resolution change) via a long text field, as demonstrated using a long window title. | 7.8 |
2006-01-07 | CVE-2006-0108 | Idea Development ID OY | SQL-Injection vulnerability in Timecan CMS SQL injection vulnerability in mcl_login.asp in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the email parameter. | 7.5 |
2006-01-07 | CVE-2006-0107 | Idea Development ID OY | SQL Injection vulnerability in Timecan CMS ViewID SQL injection vulnerability in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the viewID parameter. | 7.5 |
2006-01-06 | CVE-2006-0106 | Wine | Remote Security vulnerability in Wine gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI Escape function call for Windows Metafile (WMF) files, which allows attackers to execute arbitrary code, the same vulnerability as CVE-2005-4560 but in a different codebase. | 7.5 |
2006-01-06 | CVE-2006-0099 | Valdersoft | Remote File Include vulnerability in Valdersoft Shopping Cart 3.0 PHP remote file include vulnerability in (1) include/templates/categories/default.php and (2) certain other include/templates/categories/ PHP scripts in Valdersoft Shopping Cart 3.0 allows remote attackers to execute arbitrary code via a URL in the catalogDocumentRoot parameter. | 7.5 |
2006-01-06 | CVE-2006-0097 | PHP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function. | 7.5 |
2006-01-05 | CVE-2006-0094 | Oaboard | Code Injection vulnerability in Oaboard 1.0 PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_stat parameter, a different vulnerability than CVE-2006-0076. | 7.5 |
2006-01-05 | CVE-2006-0088 | Intouch | SQL Injection vulnerability in Intouch 0.5.1Alpha SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha allows remote attackers to execute arbitrary SQL commands via the user parameter. | 7.5 |
2006-01-05 | CVE-2006-0087 | Lizard Cart | SQL Injection vulnerability in Lizard Cart Lizard Cart CMS 1.0.4 SQL injection vulnerability in (1) pages.php and (2) detail.php in Lizard Cart CMS 1.04 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2006-01-05 | CVE-2006-0085 | Nkads | SQL-Injection vulnerability in Nkads 1.0Alfa2/1.0Alfa3 SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote attackers to execute arbitrary SQL commands via the (1) usuario_nkads_admin or (2) password_nkads_admin parameters. | 7.5 |
2006-01-04 | CVE-2006-0079 | Scoznet | SQL Injection vulnerability in Scoznet Scozbook 1.1Beta SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 allows remote attackers to execute arbitrary SQL commands via the username field (adminname variable). | 7.5 |
2006-01-04 | CVE-2006-0076 | Oaboard | Remote File Include vulnerability in Oaboard 1.0 PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter. | 7.5 |
2006-01-04 | CVE-2006-0075 | GNU | Unspecified vulnerability in GNU PHPbook Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file. | 7.5 |
2006-01-04 | CVE-2006-0074 | Jevontech | SQL Injection vulnerability in Jevontech PHPenpals SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary SQL commands via the personalID parameter. | 7.5 |
2006-01-04 | CVE-2006-0072 | SCO | Buffer Overflow vulnerability in SCO OpenServer Termsh Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. | 7.5 |
2006-01-03 | CVE-2006-0068 | Primo Place | SQL Injection vulnerability in Primo Place Primo Cart SQL injection vulnerability in Primo Cart 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) q parameter to search.php and (2) email parameter to user.php. | 7.5 |
2006-01-03 | CVE-2006-0067 | Vego | SQL Injection vulnerability in VEGO Links Builder Login Script SQL injection vulnerability in login.php in VEGO Links Builder 2.00 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2006-01-03 | CVE-2006-0066 | Phpjournaler | SQL Injection vulnerability in PHPjournaler 1.0 SQL injection vulnerability in index.php in PHPjournaler 1.0 allows remote attackers to execute arbitrary SQL commands via the readold parameter. | 7.5 |
2006-01-03 | CVE-2006-0065 | Vego | SQL Injection vulnerability in VEGO Web Forum Theme_ID SQL injection vulnerability in (1) functions.php, (2) functions_update.php, and (3) functions_display.php in VEGO Web Forum 1.26 and earlier allows remote attackers to execute arbitrary SQL commands via the theme_id parameter in index.php. | 7.5 |
2006-01-03 | CVE-2006-0064 | Devellion | Code Injection vulnerability in Devellion Cubecart PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter. | 7.5 |
25 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-01-04 | CVE-2006-0071 | Gentoo | Local Privilege Escalation vulnerability in Gentoo Pinentry The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0. | 6.6 |
2006-01-04 | CVE-2006-0082 | Imagemagick | USE of Externally-Controlled Format String vulnerability in Imagemagick 6.2.3 Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program. | 5.1 |
2006-01-07 | CVE-2006-0113 | Enhanced Simple PHP Gallery | Remote Security vulnerability in Enhanced Simple PHP Gallery Enhanced Simple PHP Gallery 1.7 Enhanced Simple PHP Gallery 1.7 allows remote attackers to obtain the full path of the application via a direct request to sp_helper_functions.php, which leaks the pathname in an error message. | 5.0 |
2006-01-07 | CVE-2006-0111 | Boxcar Media | Cross-Site Scripting vulnerability in Shopping Cart Cross-site scripting vulnerability in index.php in Boxcar Media Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) parent or (2) pg parameter. | 5.0 |
2006-01-07 | CVE-2006-0109 | Modular Merchant | Cross-Site Scripting vulnerability in Modular Merchant Shopping Cart Cross-site scripting vulnerability in category.php in Modular Merchant Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | 5.0 |
2006-01-06 | CVE-2006-0104 | Ralph Capper | Directory Traversal vulnerability in TinyPHPForum Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a new topic, or view the profile of a user account, as demonstrated via a .. | 5.0 |
2006-01-06 | CVE-2006-0103 | Ralph Capper | Information Exposure vulnerability in Ralph Capper Tinyphpforum TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive information. | 5.0 |
2006-01-05 | CVE-2006-0090 | IDV Directory Viewer | Information Disclosure vulnerability in IDV Directory Viewer IDV Directory Viewer 2005.1B1 Directory traversal vulnerability in index.php in IDV Directory Viewer before 2005.1 allows remote attackers to view arbitrary directory contents via a .. | 5.0 |
2006-01-05 | CVE-2006-0089 | Esri | Buffer Overflow vulnerability in Esri Arcpad 7.0.0.156 Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .amp file with a COORDSYS tag with a long string attribute. | 5.0 |
2006-01-05 | CVE-2006-0086 | Next Generation Image Gallery | Cross-Site Scripting vulnerability in Next Generation Image Gallery Next Generation Image Gallery 0.0.1Lite Cross-site scripting vulnerability in index.php in Next Generation Image Gallery 0.0.1 Lite Edition allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 5.0 |
2006-01-05 | CVE-2006-0084 | Rasmp | HTML Injection vulnerability in Rasmp 2.0.0 Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the $_SERVER[HTTP_USER_AGENT] variable (User-Agent header). | 5.0 |
2006-01-06 | CVE-2006-0100 | Nicosw | Local Security vulnerability in Nicoftp Buffer overflow in NicoFTP 3.0.1.19 and earlier might allow local users to execute arbitrary code via a long string in the "Name of site" field of an FTP account. | 4.6 |
2006-01-06 | CVE-2006-0098 | Openbsd | Unspecified vulnerability in Openbsd 3.7/3.8 The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3.8 allows local users to re-open arbitrary files by using setuid programs to access file descriptors using /dev/fd/. | 4.6 |
2006-01-07 | CVE-2006-0112 | Enhanced Simple PHP Gallery | Cross-Site Scripting vulnerability in Enhanced Simple PHP Gallery Enhanced Simple PHP Gallery 1.7 Cross-site scripting (XSS) vulnerability in index.php in Enhanced Simple PHP Gallery 1.7 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. | 4.3 |
2006-01-07 | CVE-2006-0110 | Javier Suarez Sanz | Input Validation vulnerability in Javier Suarez Sanz Foro Domus 2.10 Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to inject arbitrary web script via the email parameter. | 4.3 |
2006-01-06 | CVE-2006-0102 | Ralph Capper | Cross-Site Scripting vulnerability in Tinyphpforum Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "[a]" bbcode tag, possibly the txt parameter to action.php. | 4.3 |
2006-01-06 | CVE-2006-0101 | Sblog | Cross-Site Scripting vulnerability in Sblog Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p and (2) keyword parameters in (a) index.php and (b) search.php. | 4.3 |
2006-01-06 | CVE-2006-0341 | Rockliffe | Cross-Site Scripting vulnerability in Rockliffe MailSite HTTP Mail Management Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe MailSite 5.x and 6.1.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string. | 4.3 |
2006-01-05 | CVE-2006-0063 | Phpbb Group | Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.19 Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357. | 4.3 |
2006-01-05 | CVE-2006-0093 | Ecardmax COM | Cross-Site Scripting vulnerability in Atcard Me Php Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | 4.3 |
2006-01-05 | CVE-2006-0091 | Open Xchange | Cross-Site Scripting vulnerability in Open-Xchange Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachments, which are rendered inline. | 4.3 |
2006-01-04 | CVE-2006-0080 | Jelsoft | HTML Injection vulnerability in Jelsoft Vbulletin 3.5.2 Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the title of an event, which is not properly filtered by (1) calendar.php and (2) reminder.php. | 4.3 |
2006-01-04 | CVE-2006-0078 | Haddad Said | HTML Injection vulnerability in Haddad Said B-Net Software 1.0 Multiple cross-site scripting (XSS) vulnerabilities in B-net Software 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) shout variables to (a) shout.php, or the (3) title and (4) message variables to (b) guestbook.php. | 4.3 |
2006-01-04 | CVE-2006-0073 | Discusware | Cross-Site Scripting vulnerability in DiscusWare Discus Error Message Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware 3.10.5 and Professional 3.10.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a URL, which is not properly sanitized from the resulting error message. | 4.3 |
2006-01-03 | CVE-2006-0069 | Chipmunk Scripts | HTML Injection vulnerability in Chipmunk Guestbook Homepage Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk Guestbook 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the homepage parameter. | 4.3 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-01-06 | CVE-2006-0095 | Linux | Local Information Disclosure vulnerability in Linux Kernel DM-Crypt dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key. | 2.1 |
2006-01-04 | CVE-2006-0077 | Richard Dawe | Buffer Overflow vulnerability in Richard Dawe File Extattr 0.1/0.2 Off-by-one error in the getfattr function in File::ExtAttr before 0.03 allows attackers to trigger a buffer overflow via unspecified attack vectors. | 2.1 |