Weekly Vulnerabilities Reports > January 9 to 15, 2006
Overview
97 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 35 high severity vulnerabilities. This weekly summary report vulnerabilities in 91 products from 73 vendors including Microsoft, IBM, PHP, Rockliffe, and SUN. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", and "Use of Externally-Controlled Format String".
- 81 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 10 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 92 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 5 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
4 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-01-09 | CVE-2006-0128 | Rockliffe | Remote Security vulnerability in MailSite Buffer overflow in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote attackers to have an unknown impact via unknown attack vectors. | 10.0 |
2006-01-13 | CVE-2006-0200 | PHP | USE of Externally-Controlled Format String vulnerability in PHP 5.1.0/5.1.1 Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages. | 9.3 |
2006-01-10 | CVE-2006-0010 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression. | 9.3 |
2006-01-10 | CVE-2006-0020 | Microsoft | Numeric Errors vulnerability in Microsoft products An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability." | 9.3 |
35 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-01-15 | CVE-2006-0214 | Indexcor | Unspecified vulnerability in Indexcor Ezdatabase 2.0/2.1.2 Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and include function calls. | 7.5 |
2006-01-14 | CVE-2006-0209 | Tanklogger | SQL Injection vulnerability in Tanklogger 2.4 SQL injection vulnerability in general_functions.php in TankLogger 2.4 allows remote attackers to execute arbitrary SQL commands via the (1) livestock_id parameter to showInfo.php and (2) tank_id parameter, possibly to livestock.php. | 7.5 |
2006-01-13 | CVE-2006-0206 | Light Weight Calendar | Remote Command Execution vulnerability in Light Weight Calendar Light Weight Calendar 1.0 Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php. | 7.5 |
2006-01-13 | CVE-2006-0199 | Mini Nuke | SQL Injection vulnerability in Mini-Nuke CMS System SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter. | 7.5 |
2006-01-13 | CVE-2006-0192 | Philip Loftin | SQL Injection vulnerability in Philip Loftin Aspsurvey 1.10 SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp. | 7.5 |
2006-01-13 | CVE-2006-0189 | Estara | Remote Buffer Overflow vulnerability in Estara Softphone 3.0.1.14/3.0.1.46 Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows remote attackers to execute arbitrary code via a long attribute (aka "a") field in the SDP data of a SIP packet on UDP port 5060. | 7.5 |
2006-01-12 | CVE-2006-0184 | Mainenet Enterprises | SQL-Injection vulnerability in Asptopsites Multiple SQL injection vulnerabilities in AspTopSites allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to goto.asp or (2) password parameter to includeloginuser.asp. | 7.5 |
2006-01-12 | CVE-2006-0182 | Acal | Security Bypass vulnerability in Acal Calendar Project 2.2.5 login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting the ACalAuthenticate cookie variable to "inside". | 7.5 |
2006-01-11 | CVE-2006-0171 | Orjinweb | Remote File Include vulnerability in Orjinweb PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote attackers to execute arbitrary code via a URL in the page parameter. | 7.5 |
2006-01-11 | CVE-2006-0169 | Myphpim | Unspecified vulnerability in Myphpim 01.05 addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory. | 7.5 |
2006-01-11 | CVE-2006-0167 | Myphpim | Input Validation vulnerability in Myphpim 01.05 SQL injection vulnerability in MyPhPim 01.05 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter in calendar.php3 and the (2) password field on the login page. | 7.5 |
2006-01-11 | CVE-2006-0166 | Symantec | Remote Security vulnerability in Norton SystemWorks 2006 Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus scanners and other products. | 7.5 |
2006-01-11 | CVE-2006-0164 | Woah Projekt | Remote File Include vulnerability in Phgstats Phgstats.Inc.PHP phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable. | 7.5 |
2006-01-11 | CVE-2006-0163 | Francisco Burzi | SQL Injection vulnerability in Francisco Burzi PHP-Nuke EV 7.7R1 SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. | 7.5 |
2006-01-10 | CVE-2006-0002 | Microsoft | Remote Code Execution vulnerability in Microsoft Outlook / Microsoft Exchange TNEF Decoding Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation. | 7.5 |
2006-01-10 | CVE-2006-0162 | Clam Anti Virus | Buffer Overflow vulnerability in Clam Anti-Virus ClamAV UPX Compressed File Heap Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files. | 7.5 |
2006-01-10 | CVE-2006-0160 | Venom Board | SQL Injection vulnerability in Venom Board Venom Board 1.22 SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute arbitrary SQL commands via the (1) parent, (2) root, and (3) topic_id parameters to post.php3. | 7.5 |
2006-01-10 | CVE-2006-0159 | Javier Suarez Sanz | SQL Injection vulnerability in Javier Suarez Sanz Foro Domus 2.10 SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to execute arbitrary SQL commands via the email parameter. | 7.5 |
2006-01-10 | CVE-2006-0158 | Cyberdoc | SQL-Injection vulnerability in Sitesuite Cms SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 |
2006-01-10 | CVE-2006-0154 | 427Bb | SQL Injection vulnerability in 427BB Showthread.PHP SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the ForumID parameter. | 7.5 |
2006-01-10 | CVE-2006-0153 | 427Bb | Authentication Bypass vulnerability in 427BB 427BB 2.2 and 2.2.1 verifies authentication credentials based on the username, authenticated, and usertype cookies, which allows remote attackers to bypass authentication by using a valid username and usertype and setting the authenticated cookie. | 7.5 |
2006-01-09 | CVE-2006-0147 | John LIM Mantis Moodle Postnuke Software Foundation THE Cacti Group | Remote Security vulnerability in Moodle Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo. | 7.5 |
2006-01-09 | CVE-2006-0144 | Apache2Triad PHP | Code Injection vulnerability in multiple products The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function. | 7.5 |
2006-01-09 | CVE-2006-0143 | Microsoft | Resource Management Errors vulnerability in Microsoft products Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths. | 7.5 |
2006-01-09 | CVE-2006-0137 | Phanatic Softwares | Input Validation vulnerability in Phanatic Softwares Chimera web Portal 0.2 SQL injection vulnerability in linkcategory.php in Phanatic Softwares Chimera Web Portal System 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2006-01-09 | CVE-2006-0135 | Thewebforum | Input Validation vulnerability in TheWebForum SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the username parameter (aka the u variable). | 7.5 |
2006-01-09 | CVE-2006-0130 | Rockliffe | Remote Security vulnerability in MailSite Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier allows remote attackers to attempt authentication with an unlimited number of user account names and passwords without denying connections, limiting the rate of connections, or locking out an account. | 7.5 |
2006-01-09 | CVE-2006-0123 | ADN Forum | SQL Injection vulnerability in ADN Forum ADN Forum 1.0/1.0B Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter in index.php and (2) pagid parameter in verpag.php, and possibly other vectors. | 7.5 |
2006-01-09 | CVE-2006-0115 | Oneplug Solutions | SQL Injection vulnerability in Oneplug Solutions Oneplug CMS Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Service_ID parameter in services/details.asp, and (3) Product_ID parameter in products/details.asp. | 7.5 |
2006-01-13 | CVE-2006-0190 | SUN | Privilege Escalation vulnerability in SUN Solaris 10.0/9.0 Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions from the mm driver. | 7.2 |
2006-01-12 | CVE-2006-0181 | Cisco | Unspecified vulnerability in Cisco Cs-Mars 4.1/4.1.2 Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.1.3 has an undocumented administrative account with a default password, which allows local users to gain privileges via the expert command. | 7.2 |
2006-01-11 | CVE-2006-0178 | Cray | Local Command Line Argument Buffer Overflow vulnerability in Cray Unicos 9.0.2.2 Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local users to have an unknown impact via format string specifiers in the quote command. | 7.2 |
2006-01-11 | CVE-2006-0177 | Cray | Local Command Line Argument Buffer Overflow vulnerability in Cray Unicos 9.0.2.2 Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local users to gain privileges by (1) invoking /usr/bin/script with a long command line argument or (2) setting the -c option of /etc/nu to the name of a file containing a long line. | 7.2 |
2006-01-11 | CVE-2006-0176 | Xmame | Local Command Line Argument Buffer Overflow vulnerability in Xmame 0.102 Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long (1) -lang, (2) -ctrlr, (3) -pb, or (4) -rec argument on many operating systems, and via a long (5) -jdev argument on Ubuntu Linux. | 7.2 |
2006-01-09 | CVE-2006-0151 | Todd Miller Ubuntu | sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158. | 7.2 |
53 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-01-12 | CVE-2006-0183 | Acal | Remote Security vulnerability in Acal Calendar Project 2.2.5 Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via (1) the edit=header value, which modifies header.php, or (2) the edit=footer value, which modifies footer.php. | 6.5 |
2006-01-13 | CVE-2006-0205 | Wordcircle | SQL Injection vulnerability in Wordcircle 2.17 Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote attackers to (1) execute arbitrary SQL commands and bypass authentication via the password field in the login action to index.php (involving v_login.php and s_user.php) and (2) have other unknown impact via certain other fields in unspecified scripts. | 5.1 |
2006-01-12 | CVE-2006-0187 | Microsoft | Remote Code Execution vulnerability in Microsoft Visual Studio .Net 2005 By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file. | 5.1 |
2006-01-14 | CVE-2006-0212 | Toshiba | Directory Traversal vulnerability in Toshiba Bluetooth Stack Object Push Service File Upload Directory traversal vulnerability in OBEX Push services in Toshiba Bluetooth Stack 4.00.23(T) and earlier allows remote attackers to upload arbitrary files to arbitrary remote locations specified by .. | 5.0 |
2006-01-13 | CVE-2006-0207 | PHP | Code Injection vulnerability in PHP Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function. | 5.0 |
2006-01-13 | CVE-2006-0203 | Mini Nuke | Improper Input Validation vulnerability in Mini-Nuke CMS System membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does not verify the old password when changing a password, which allows remote attackers to change the passwords of other members via a lostpassnew action with a modified x parameter. | 5.0 |
2006-01-13 | CVE-2006-0201 | Paypal | Unspecified vulnerability in Paypal PHP Toolkit Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php. | 5.0 |
2006-01-13 | CVE-2006-0197 | X ORG | Denial-Of-Service vulnerability in X.org The XClientMessageEvent struct used in certain components of X.Org 6.8.2 and earlier, possibly including (1) the X server and (2) Xlib, uses a "long" specifier for elements of the l array, which results in inconsistent sizes in the struct on 32-bit versus 64-bit platforms, and might allow attackers to cause a denial of service (application crash) and possibly conduct other attacks. | 5.0 |
2006-01-12 | CVE-2006-0185 | PHP Nuke | Modules IMG Tag HTML Injection vulnerability in PHP-Nuke News Module and Pool Module Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag. | 5.0 |
2006-01-11 | CVE-2006-0179 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IP Phone 7940 The Cisco IP Phone 7940 allows remote attackers to cause a denial of service (reboot) via a large amount of TCP SYN packets (syn flood) to arbitrary ports, as demonstrated to port 80. | 5.0 |
2006-01-10 | CVE-2006-0105 | Postgresql | Denial Of Service vulnerability in PostgreSQL Postmaster PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on Windows, allows remote attackers to cause a denial of service (postmaster exit and no new connections) via a large number of simultaneous connection requests. | 5.0 |
2006-01-10 | CVE-2006-0157 | Reamday Enterprises | Unspecified vulnerability in Reamday Enterprises Magic News Plus 1.0.3 settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_password parameters, then declares the new password string in the new_passwd and confirm_passwd parameters. | 5.0 |
2006-01-09 | CVE-2006-0148 | Netsarang | Remote Denial of Service vulnerability in Netsarang Xlpd 2.1 NetSarang Xlpd 2.1 allows remote attackers to cause a denial of service (crash) via a large number of connections from the same IP address. | 5.0 |
2006-01-09 | CVE-2006-0141 | Eudora | Denial of Service vulnerability in Eudora Internet Mail Server 3.2.6/3.2.7/3.2.8 Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote attackers to cause a denial of service (crash) via (1) malformed NTLM authentication requests, or a malformed (2) Incoming Mail X or (3) Temporary Mail file. | 5.0 |
2006-01-09 | CVE-2006-0139 | PD9 Software | Information Disclosure vulnerability in PD9 Software MegaBBS Private Message The send-private-message functionality (send-private-message.asp) in PD9 Software MegaBBS 2.1 allows remote attackers to read private messages of other users via a modified replyid parameter. | 5.0 |
2006-01-09 | CVE-2006-0138 | Amsn | Remote Denial of Service vulnerability in aMSN aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denial of service (client hang and termination of client's instant-messaging session) by repeatedly sending crafted data to the default file-transfer port (TCP 6891). | 5.0 |
2006-01-09 | CVE-2006-0132 | Webftp | Local File Include vulnerability in Webftp 1.2.6 Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 and possibly earlier allows remote attackers to include and execute arbitrary local PHP scripts, and possibly read other types of files, via a .. | 5.0 |
2006-01-09 | CVE-2006-0131 | Boastmachine | Information Disclosure vulnerability in Boastmachine 3.1 boastMachine 3.1 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php and (2) side_menu.php, which reveals the path in an error message. | 5.0 |
2006-01-09 | CVE-2006-0129 | Rockliffe | Remote Security vulnerability in MailSite Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames via user requests to TCP port 106. | 5.0 |
2006-01-09 | CVE-2006-0125 | Appserv Open Project | Remote File Include vulnerability in Appserv Open Project Appserv 2.4.5 Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows remote attackers to include arbitrary files via the appserv_root parameter. | 5.0 |
2006-01-09 | CVE-2006-0120 | IBM | Multiple Unspecified vulnerability in IBM products Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (application crash) via multiple vectors, involving (1) a malformed message sent to an "Out Of Office" agent (SPR LPEE6DMQWJ), (2) the compact command (RTIN5U2SAJ), (3) malformed bitmap images (MYAA6FH5HW), (4) the "Delete Attachment" action (YPHG6844LD), (5) parsing certificates from a remote Certificate Table (AELE6DZFJW), and (6) creating a SSL key ring with the Domino Administration client (NSUA4FQPTN). | 5.0 |
2006-01-09 | CVE-2006-0118 | IBM | Multiple Unspecified vulnerability in IBM products Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of service (deep recursion leading to stack overflow and crash) via long formulas. | 5.0 |
2006-01-09 | CVE-2006-0117 | IBM | Multiple Unspecified vulnerability in IBM products Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allows attackers to cause a denial of service (router crash or hang) via unspecified vectors involving "CD to MIME Conversion". | 5.0 |
2006-01-09 | CVE-2006-0116 | Inetstore | Cross-Site Scripting vulnerability in iNETstore Online Search Cross-site scripting vulnerability search.inetstore in iNETstore Ebusiness Software 2.0 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter. | 5.0 |
2006-01-13 | CVE-2006-0191 | SUN | Local Denial Of Service vulnerability in SUN Solaris 10.0 Unspecified vulnerability in Sun Solaris 10 allows local users to cause a denial of service (null dereference) via unspecified vectors involving the use of the find command on the "/proc" filesystem. | 4.9 |
2006-01-14 | CVE-2006-0213 | Kolab | Local Security vulnerability in Kolab Groupware Server 2.0.1/2.0.2 Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges. | 4.6 |
2006-01-13 | CVE-2006-0196 | Serial Line Sniffer | Local Security vulnerability in Serial Line Sniffer Serial Line Sniffer 0.4.4 Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 allows local users to gain privileges via a long value of the HOME environment variable, possibly because of a buffer overflow. | 4.6 |
2006-01-10 | CVE-2006-0161 | SUN | Local Security vulnerability in Solaris Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown impact and attack vectors. | 4.6 |
2006-01-09 | CVE-2006-0145 | Netbsd | Local Kernel Memory Disclosure vulnerability in Multiple Vendor KernFS LSEEK The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and OpenBSD 3.8, does not properly validate file offsets against negative 32-bit values that occur as a result of truncation, which allows local users to read arbitrary kernel memory and gain privileges via the lseek system call. | 4.6 |
2006-01-09 | CVE-2006-0083 | Stefan Frings | Local Format String vulnerability in Stefan Frings SMS Server Tools Format string vulnerability in the logging code of SMS Server Tools (smstools) 1.14.8 and earlier allows local users to execute arbitrary code via unspecified attack vectors. | 4.6 |
2006-01-09 | CVE-2006-0126 | Rxvt Unicode | Local Security vulnerability in Rxvt-Unicode rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linux and most BSD platforms, does not maintain the intended permissions of tty devices, which allows local users to gain read and write access to the devices. | 4.6 |
2006-01-14 | CVE-2006-0210 | Interspire | Cross-Site Scripting vulnerability in Interspire TrackPoint NX Cross-site scripting (XSS) vulnerability in index.php in Interspire TrackPoint NX before 0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter when using the Login page. | 4.3 |
2006-01-13 | CVE-2006-0204 | Wordcircle | Input Validation vulnerability in Wordcircle 2.17 Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 allow remote attackers to inject arbitrary web script or HTML via (1) the "Course name" field in index.php when the frm parameter has the value "mine" and (2) possibly certain other fields in unspecified scripts. | 4.3 |
2006-01-13 | CVE-2006-0198 | Xoops | HTML Injection vulnerability in Xoops Pool Module IMG Tag Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment. | 4.3 |
2006-01-13 | CVE-2006-0194 | FOG Creek Software | Cross-Site Scripting vulnerability in Fog Creek Software FogBugz Default.ASP Cross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.029, and other versions before 4.0.33, allows remote attackers to inject arbitrary web script or HTML via the dest parameter in the pgLogon page. | 4.3 |
2006-01-13 | CVE-2006-0193 | Positive Software | Cross-Site Scripting vulnerability in H-Sphere Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action. | 4.3 |
2006-01-12 | CVE-2006-0180 | Calogic | HTML Injection vulnerability in Calogic Calendars 1.2.2 Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the Title field on the "Adding New Event" page, and possibly other vectors, involving iframe tags. | 4.3 |
2006-01-11 | CVE-2006-0175 | Webwiz | Cross-Site Scripting vulnerability in Webwiz web WIZ Forums 6.34 Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
2006-01-11 | CVE-2006-0168 | Myphpim | Input Validation vulnerability in Myphpim 01.05 Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows remote attackers to inject arbitrary web script or HTML via the description field on the "Create New todo" page. | 4.3 |
2006-01-11 | CVE-2006-0165 | Plain Black | Cross-Site Scripting vulnerability in Webgui Cross-site scripting (XSS) vulnerability in the DataForm Entries functionality in Plain Black WebGUI before 6.8.4 (gamma) allows remote attackers to inject arbitrary Javascript via the (1) url and (2) name field of the default email form. | 4.3 |
2006-01-10 | CVE-2006-0156 | Foxrum | BBCode Tag Script Injection vulnerability in Foxrum 4.0.4F Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows remote attackers to inject arbitrary Javascript via the javascript URI in bbcode url tags in (1) addpost1.php and (2) addtopic1.php. | 4.3 |
2006-01-10 | CVE-2006-0155 | 427Bb | Cross-Site Scripting vulnerability in Fourtwosevenbb 2.2/2.2.1 Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and 2.2.1 allows remote attackers to inject arbitrary Javascript via a new message with a url bbcode tag containing a javascript URI. | 4.3 |
2006-01-10 | CVE-2006-0152 | Phpchamber | Cross-Site Scripting vulnerability in PHPChamber Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the needle parameter. | 4.3 |
2006-01-09 | CVE-2006-0149 | Simpbook | Cross-Site Scripting vulnerability in Simpbook 1.0 Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with html_enable on (the default), allows remote attackers to inject arbitrary web script or HTML via the message field. | 4.3 |
2006-01-09 | CVE-2006-0142 | Andromeda Software | Cross-Site Scripting vulnerability in Andromeda Andromeda.PHP Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda 1.9.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the s parameter. | 4.3 |
2006-01-09 | CVE-2006-0140 | Navboard | Cross-Site Scripting vulnerability in Navboard 16/17 Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 Stable(2.6.0) and V17beta2 allows remote attackers to inject arbitrary web script or HTML via the (1) b, (2) textlarge, and (3) url bbcode tags. | 4.3 |
2006-01-09 | CVE-2006-0136 | Phanatic Softwares | Input Validation vulnerability in Phanatic Softwares Chimera web Portal 0.2 Multiple cross-site scripting (XSS) vulnerabilities in the guestbook module in modules.php in Phanatic Softwares Chimera Web Portal System 0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) comment_poster, (2) comment_poster_email, (3) comment_poster_homepage, and (4) comment_text parameters. | 4.3 |
2006-01-09 | CVE-2006-0134 | Thewebforum | Input Validation vulnerability in TheWebForum Cross-site scripting (XSS) vulnerability in register.php in TheWebForum (twf) 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the www parameter. | 4.3 |
2006-01-09 | CVE-2006-0124 | ADN Forum | Input Validation vulnerability in ADN Forum 1.0/1.0B Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to inject arbitrary web script or HTML via the titulo parameter, which is used by the "Topic name" field. | 4.3 |
2006-01-09 | CVE-2006-0122 | Aquifer CMS | Cross-Site Scripting vulnerability in Aquifer CMS Index.ASP Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter. | 4.3 |
2006-01-11 | CVE-2006-0174 | Hummingbird | Multiple vulnerability in Hummingbird Collaboration and Enterprise Collaboration Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to obtain sensitive information (intranet IP addresses and enumerations of valid parameter values) via a direct request to hc, which reveals the information in an error message or a cookie. | 4.0 |
2006-01-11 | CVE-2006-0173 | Hummingbird | Multiple vulnerability in Hummingbird Enterprise Collaboration 5.2/5.21 Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to misrepresent the type and name of a file via modified doc_ext and id parameters, which might trick a user into downloading dangerous or unexpected content. | 4.0 |
2006-01-09 | CVE-2006-0127 | Rockliffe | Directory Traversal vulnerability in MailSite Directory traversal vulnerability in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote authenticated users to rename the folders of other users via a .. | 4.0 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-01-13 | CVE-2006-0202 | Paypal | Unspecified vulnerability in Paypal PHP Toolkit Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data. | 3.6 |
2006-01-09 | CVE-2006-0133 | IBM | Unspecified vulnerability in IBM AIX 5.3Ml03 Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the existence of files and read partial contents of certain files via a .. | 3.6 |
2006-01-11 | CVE-2006-0172 | Hummingbird | Multiple vulnerability in Hummingbird Enterprise Collaboration 5.2/5.21 Cross-site scripting (XSS) vulnerability in the file manager utility in Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML in an uploaded page, which is published without a check for hostile scripting. | 3.5 |
2006-01-13 | CVE-2006-0208 | PHP | Cross-Site Scripting vulnerability in PHP Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message. | 2.6 |
2006-01-11 | CVE-2006-0055 | Freebsd | Unspecified vulnerability in Freebsd The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell. | 2.1 |