Weekly Vulnerabilities Reports > January 9 to 15, 2006

Overview

105 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 38 high severity vulnerabilities. This weekly summary report vulnerabilities in 96 products from 78 vendors including IBM, Microsoft, PHP, Rockliffe, and SUN. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Use of Externally-Controlled Format String", "Resource Management Errors", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 88 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 11 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 100 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

5 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-01-09 CVE-2006-0128 Rockliffe Remote Security vulnerability in MailSite

Buffer overflow in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote attackers to have an unknown impact via unknown attack vectors.

10.0
2006-01-09 CVE-2006-0119 IBM Multiple Unspecified vulnerability in IBM products

Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown impact and attack vectors, due to "potential security issues" as identified by SPR numbers (1) GPKS6C9J67 in Agents, (2) JGAN6B6TZ3 and (3) KSPR699NBP in the Router, (4) GPKS5YQGPT in Security, or (5) HSAO6BNL6Y in the Web Server.

10.0
2006-01-13 CVE-2006-0200 PHP USE of Externally-Controlled Format String vulnerability in PHP 5.1.0/5.1.1

Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages.

9.3
2006-01-10 CVE-2006-0010 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.

9.3
2006-01-10 CVE-2006-0020 Microsoft Numeric Errors vulnerability in Microsoft products

An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."

9.3

38 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-01-09 CVE-2006-0121 IBM Multiple Unspecified vulnerability in IBM products

Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption and crash) via unknown vectors related to (1) unspecified vectors during the SSL handshake (SPR# MKIN67MQVW), (2) the stash file during the SSL handshake (SPR# MKIN693QUT), and possibly other vectors.

7.8
2006-01-15 CVE-2006-0214 Indexcor Unspecified vulnerability in Indexcor Ezdatabase 2.0/2.1.2

Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and include function calls.

7.5
2006-01-14 CVE-2006-0209 Tanklogger SQL Injection vulnerability in Tanklogger 2.4

SQL injection vulnerability in general_functions.php in TankLogger 2.4 allows remote attackers to execute arbitrary SQL commands via the (1) livestock_id parameter to showInfo.php and (2) tank_id parameter, possibly to livestock.php.

7.5
2006-01-13 CVE-2006-0206 Light Weight Calendar Remote Command Execution vulnerability in Light Weight Calendar Light Weight Calendar 1.0

Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php.

7.5
2006-01-13 CVE-2006-0199 Mini Nuke SQL Injection vulnerability in Mini-Nuke CMS System

SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter.

7.5
2006-01-13 CVE-2006-0192 Philip Loftin SQL Injection vulnerability in Philip Loftin Aspsurvey 1.10

SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp.

7.5
2006-01-13 CVE-2006-0189 Estara Remote Buffer Overflow vulnerability in Estara Softphone 3.0.1.14/3.0.1.46

Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows remote attackers to execute arbitrary code via a long attribute (aka "a") field in the SDP data of a SIP packet on UDP port 5060.

7.5
2006-01-12 CVE-2006-0184 Mainenet Enterprises SQL-Injection vulnerability in Asptopsites

Multiple SQL injection vulnerabilities in AspTopSites allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to goto.asp or (2) password parameter to includeloginuser.asp.

7.5
2006-01-12 CVE-2006-0182 Acal Security Bypass vulnerability in Acal Calendar Project 2.2.5

login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting the ACalAuthenticate cookie variable to "inside".

7.5
2006-01-11 CVE-2006-0171 Orjinweb Remote File Include vulnerability in Orjinweb

PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote attackers to execute arbitrary code via a URL in the page parameter.

7.5
2006-01-11 CVE-2006-0169 Myphpim Unspecified vulnerability in Myphpim 01.05

addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory.

7.5
2006-01-11 CVE-2006-0167 Myphpim Input Validation vulnerability in Myphpim 01.05

SQL injection vulnerability in MyPhPim 01.05 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter in calendar.php3 and the (2) password field on the login page.

7.5
2006-01-11 CVE-2006-0166 Symantec Remote Security vulnerability in Norton SystemWorks 2006

Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus scanners and other products.

7.5
2006-01-11 CVE-2006-0164 Woah Projekt Remote File Include vulnerability in Phgstats Phgstats.Inc.PHP

phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable.

7.5
2006-01-11 CVE-2006-0163 Francisco Burzi SQL Injection vulnerability in Francisco Burzi PHP-Nuke EV 7.7R1

SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field.

7.5
2006-01-10 CVE-2006-0002 Microsoft Remote Code Execution vulnerability in Microsoft Outlook / Microsoft Exchange TNEF Decoding

Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.

7.5
2006-01-10 CVE-2006-0162 Clam Anti Virus Buffer Overflow vulnerability in Clam Anti-Virus ClamAV UPX Compressed File Heap

Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files.

7.5
2006-01-10 CVE-2006-0160 Venom Board SQL Injection vulnerability in Venom Board Venom Board 1.22

SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute arbitrary SQL commands via the (1) parent, (2) root, and (3) topic_id parameters to post.php3.

7.5
2006-01-10 CVE-2006-0159 Javier Suarez Sanz SQL Injection vulnerability in Javier Suarez Sanz Foro Domus 2.10

SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to execute arbitrary SQL commands via the email parameter.

7.5
2006-01-10 CVE-2006-0158 Cyberdoc SQL-Injection vulnerability in Sitesuite Cms

SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS allows remote attackers to execute arbitrary SQL commands via the page parameter.

7.5
2006-01-10 CVE-2006-0154 427Bb SQL Injection vulnerability in 427BB Showthread.PHP

SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the ForumID parameter.

7.5
2006-01-10 CVE-2006-0153 427Bb Authentication Bypass vulnerability in 427BB

427BB 2.2 and 2.2.1 verifies authentication credentials based on the username, authenticated, and usertype cookies, which allows remote attackers to bypass authentication by using a valid username and usertype and setting the authenticated cookie.

7.5
2006-01-09 CVE-2006-0150 Dave Carrigan USE of Externally-Controlled Format String vulnerability in Dave Carrigan Auth Ldap

Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.

7.5
2006-01-09 CVE-2006-0147 John LIM
Mantis
Moodle
Postnuke Software Foundation
THE Cacti Group
Remote Security vulnerability in Moodle

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.

7.5
2006-01-09 CVE-2006-0146 John LIM
Mantis
Mediabeez
Moodle
Postnuke Software Foundation
THE Cacti Group
SQL Injection vulnerability in multiple products

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

7.5
2006-01-09 CVE-2006-0144 Apache2Triad
PHP
Code Injection vulnerability in multiple products

The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.

7.5
2006-01-09 CVE-2006-0143 Microsoft Resource Management Errors vulnerability in Microsoft products

Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths.

7.5
2006-01-09 CVE-2006-0137 Phanatic Softwares Input Validation vulnerability in Phanatic Softwares Chimera web Portal 0.2

SQL injection vulnerability in linkcategory.php in Phanatic Softwares Chimera Web Portal System 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-01-09 CVE-2006-0135 Thewebforum Input Validation vulnerability in TheWebForum

SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the username parameter (aka the u variable).

7.5
2006-01-09 CVE-2006-0130 Rockliffe Remote Security vulnerability in MailSite

Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier allows remote attackers to attempt authentication with an unlimited number of user account names and passwords without denying connections, limiting the rate of connections, or locking out an account.

7.5
2006-01-09 CVE-2006-0123 ADN Forum SQL Injection vulnerability in ADN Forum ADN Forum 1.0/1.0B

Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter in index.php and (2) pagid parameter in verpag.php, and possibly other vectors.

7.5
2006-01-09 CVE-2006-0115 Oneplug Solutions SQL Injection vulnerability in Oneplug Solutions Oneplug CMS

Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Service_ID parameter in services/details.asp, and (3) Product_ID parameter in products/details.asp.

7.5
2006-01-13 CVE-2006-0190 SUN Privilege Escalation vulnerability in SUN Solaris 10.0/9.0

Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions from the mm driver.

7.2
2006-01-12 CVE-2006-0181 Cisco Unspecified vulnerability in Cisco Cs-Mars 4.1/4.1.2

Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.1.3 has an undocumented administrative account with a default password, which allows local users to gain privileges via the expert command.

7.2
2006-01-11 CVE-2006-0178 Cray Local Command Line Argument Buffer Overflow vulnerability in Cray Unicos 9.0.2.2

Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local users to have an unknown impact via format string specifiers in the quote command.

7.2
2006-01-11 CVE-2006-0177 Cray Local Command Line Argument Buffer Overflow vulnerability in Cray Unicos 9.0.2.2

Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local users to gain privileges by (1) invoking /usr/bin/script with a long command line argument or (2) setting the -c option of /etc/nu to the name of a file containing a long line.

7.2
2006-01-11 CVE-2006-0176 Xmame Local Command Line Argument Buffer Overflow vulnerability in Xmame 0.102

Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long (1) -lang, (2) -ctrlr, (3) -pb, or (4) -rec argument on many operating systems, and via a long (5) -jdev argument on Ubuntu Linux.

7.2
2006-01-09 CVE-2006-0151 Todd Miller
Ubuntu
sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.
7.2

57 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-01-12 CVE-2006-0183 Acal Remote Security vulnerability in Acal Calendar Project 2.2.5

Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via (1) the edit=header value, which modifies header.php, or (2) the edit=footer value, which modifies footer.php.

6.5
2006-01-13 CVE-2006-0205 Wordcircle SQL Injection vulnerability in Wordcircle 2.17

Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote attackers to (1) execute arbitrary SQL commands and bypass authentication via the password field in the login action to index.php (involving v_login.php and s_user.php) and (2) have other unknown impact via certain other fields in unspecified scripts.

5.1
2006-01-12 CVE-2006-0187 Microsoft Remote Code Execution vulnerability in Microsoft Visual Studio .Net 2005

By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.

5.1
2006-01-14 CVE-2006-0212 Toshiba Directory Traversal vulnerability in Toshiba Bluetooth Stack Object Push Service File Upload

Directory traversal vulnerability in OBEX Push services in Toshiba Bluetooth Stack 4.00.23(T) and earlier allows remote attackers to upload arbitrary files to arbitrary remote locations specified by ..

5.0
2006-01-13 CVE-2006-0207 PHP Code Injection vulnerability in PHP

Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.

5.0
2006-01-13 CVE-2006-0203 Mini Nuke Improper Input Validation vulnerability in Mini-Nuke CMS System

membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does not verify the old password when changing a password, which allows remote attackers to change the passwords of other members via a lostpassnew action with a modified x parameter.

5.0
2006-01-13 CVE-2006-0201 Paypal Unspecified vulnerability in Paypal PHP Toolkit

Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php.

5.0
2006-01-13 CVE-2006-0197 X ORG Denial-Of-Service vulnerability in X.org

The XClientMessageEvent struct used in certain components of X.Org 6.8.2 and earlier, possibly including (1) the X server and (2) Xlib, uses a "long" specifier for elements of the l array, which results in inconsistent sizes in the struct on 32-bit versus 64-bit platforms, and might allow attackers to cause a denial of service (application crash) and possibly conduct other attacks.

5.0
2006-01-12 CVE-2006-0185 PHP Nuke Modules IMG Tag HTML Injection vulnerability in PHP-Nuke News Module and Pool Module

Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.

5.0
2006-01-11 CVE-2006-0179 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IP Phone 7940

The Cisco IP Phone 7940 allows remote attackers to cause a denial of service (reboot) via a large amount of TCP SYN packets (syn flood) to arbitrary ports, as demonstrated to port 80.

5.0
2006-01-11 CVE-2006-0054 Freebsd Remote Denial Of Service vulnerability in Freebsd 6.0

The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an access of an uninitialized pointer.

5.0
2006-01-10 CVE-2006-0105 Postgresql Denial Of Service vulnerability in PostgreSQL Postmaster

PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on Windows, allows remote attackers to cause a denial of service (postmaster exit and no new connections) via a large number of simultaneous connection requests.

5.0
2006-01-10 CVE-2006-0157 Reamday Enterprises Unspecified vulnerability in Reamday Enterprises Magic News Plus 1.0.3

settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_password parameters, then declares the new password string in the new_passwd and confirm_passwd parameters.

5.0
2006-01-09 CVE-2006-0148 Netsarang Remote Denial of Service vulnerability in Netsarang Xlpd 2.1

NetSarang Xlpd 2.1 allows remote attackers to cause a denial of service (crash) via a large number of connections from the same IP address.

5.0
2006-01-09 CVE-2006-0141 Eudora Denial of Service vulnerability in Eudora Internet Mail Server 3.2.6/3.2.7/3.2.8

Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote attackers to cause a denial of service (crash) via (1) malformed NTLM authentication requests, or a malformed (2) Incoming Mail X or (3) Temporary Mail file.

5.0
2006-01-09 CVE-2006-0139 PD9 Software Information Disclosure vulnerability in PD9 Software MegaBBS Private Message

The send-private-message functionality (send-private-message.asp) in PD9 Software MegaBBS 2.1 allows remote attackers to read private messages of other users via a modified replyid parameter.

5.0
2006-01-09 CVE-2006-0138 Amsn Remote Denial of Service vulnerability in aMSN

aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denial of service (client hang and termination of client's instant-messaging session) by repeatedly sending crafted data to the default file-transfer port (TCP 6891).

5.0
2006-01-09 CVE-2006-0132 Webftp Local File Include vulnerability in Webftp 1.2.6

Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 and possibly earlier allows remote attackers to include and execute arbitrary local PHP scripts, and possibly read other types of files, via a ..

5.0
2006-01-09 CVE-2006-0131 Boastmachine Information Disclosure vulnerability in Boastmachine 3.1

boastMachine 3.1 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php and (2) side_menu.php, which reveals the path in an error message.

5.0
2006-01-09 CVE-2006-0129 Rockliffe Remote Security vulnerability in MailSite

Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames via user requests to TCP port 106.

5.0
2006-01-09 CVE-2006-0125 Appserv Open Project Remote File Include vulnerability in Appserv Open Project Appserv 2.4.5

Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows remote attackers to include arbitrary files via the appserv_root parameter.

5.0
2006-01-09 CVE-2006-0120 IBM Multiple Unspecified vulnerability in IBM products

Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (application crash) via multiple vectors, involving (1) a malformed message sent to an "Out Of Office" agent (SPR LPEE6DMQWJ), (2) the compact command (RTIN5U2SAJ), (3) malformed bitmap images (MYAA6FH5HW), (4) the "Delete Attachment" action (YPHG6844LD), (5) parsing certificates from a remote Certificate Table (AELE6DZFJW), and (6) creating a SSL key ring with the Domino Administration client (NSUA4FQPTN).

5.0
2006-01-09 CVE-2006-0118 IBM Multiple Unspecified vulnerability in IBM products

Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of service (deep recursion leading to stack overflow and crash) via long formulas.

5.0
2006-01-09 CVE-2006-0117 IBM Multiple Unspecified vulnerability in IBM products

Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allows attackers to cause a denial of service (router crash or hang) via unspecified vectors involving "CD to MIME Conversion".

5.0
2006-01-09 CVE-2006-0116 Inetstore Cross-Site Scripting vulnerability in iNETstore Online Search

Cross-site scripting vulnerability search.inetstore in iNETstore Ebusiness Software 2.0 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter.

5.0
2006-01-09 CVE-2006-0114 Joomla Permissions, Privileges, and Access Controls vulnerability in Joomla 1.0.5

The vCard functions in Joomla! 1.0.5 use predictable sequential IDs for vcards and do not restrict access to them, which allows remote attackers to obtain valid e-mail addresses to conduct spam attacks by modifying the contact_id parameter to index2.php.

5.0
2006-01-13 CVE-2006-0191 SUN Local Denial Of Service vulnerability in SUN Solaris 10.0

Unspecified vulnerability in Sun Solaris 10 allows local users to cause a denial of service (null dereference) via unspecified vectors involving the use of the find command on the "/proc" filesystem.

4.9
2006-01-11 CVE-2006-0035 Linux Resource Management Errors vulnerability in Linux Kernel 2.6.14/2.6.15

The netlink_rcv_skb function in af_netlink.c in Linux kernel 2.6.14 and 2.6.15 allows local users to cause a denial of service (infinite loop) via a nlmsg_len field of 0.

4.9
2006-01-14 CVE-2006-0213 Kolab Local Security vulnerability in Kolab Groupware Server 2.0.1/2.0.2

Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges.

4.6
2006-01-13 CVE-2006-0196 Serial Line Sniffer Local Security vulnerability in Serial Line Sniffer Serial Line Sniffer 0.4.4

Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 allows local users to gain privileges via a long value of the HOME environment variable, possibly because of a buffer overflow.

4.6
2006-01-10 CVE-2006-0161 SUN Local Security vulnerability in Solaris

Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown impact and attack vectors.

4.6
2006-01-09 CVE-2006-0145 Netbsd Local Kernel Memory Disclosure vulnerability in Multiple Vendor KernFS LSEEK

The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and OpenBSD 3.8, does not properly validate file offsets against negative 32-bit values that occur as a result of truncation, which allows local users to read arbitrary kernel memory and gain privileges via the lseek system call.

4.6
2006-01-09 CVE-2006-0083 Stefan Frings Local Format String vulnerability in Stefan Frings SMS Server Tools

Format string vulnerability in the logging code of SMS Server Tools (smstools) 1.14.8 and earlier allows local users to execute arbitrary code via unspecified attack vectors.

4.6
2006-01-09 CVE-2006-0126 Rxvt Unicode Local Security vulnerability in Rxvt-Unicode

rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linux and most BSD platforms, does not maintain the intended permissions of tty devices, which allows local users to gain read and write access to the devices.

4.6
2006-01-14 CVE-2006-0211 Helm Hosting Cross-Site Scripting vulnerability in Helm Hosting Helm Hosting Control Panel 3.2.8

Cross-site scripting (XSS) vulnerability in forgotPassword.asp in Helm Hosting Control Panel 3.2.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the txtEmailAddress parameter.

4.3
2006-01-14 CVE-2006-0210 Interspire Cross-Site Scripting vulnerability in Interspire TrackPoint NX

Cross-site scripting (XSS) vulnerability in index.php in Interspire TrackPoint NX before 0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter when using the Login page.

4.3
2006-01-13 CVE-2006-0204 Wordcircle Input Validation vulnerability in Wordcircle 2.17

Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 allow remote attackers to inject arbitrary web script or HTML via (1) the "Course name" field in index.php when the frm parameter has the value "mine" and (2) possibly certain other fields in unspecified scripts.

4.3
2006-01-13 CVE-2006-0198 Xoops HTML Injection vulnerability in Xoops Pool Module IMG Tag

Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment.

4.3
2006-01-13 CVE-2006-0194 FOG Creek Software Cross-Site Scripting vulnerability in Fog Creek Software FogBugz Default.ASP

Cross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.029, and other versions before 4.0.33, allows remote attackers to inject arbitrary web script or HTML via the dest parameter in the pgLogon page.

4.3
2006-01-13 CVE-2006-0193 Positive Software Cross-Site Scripting vulnerability in H-Sphere

Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action.

4.3
2006-01-12 CVE-2006-0180 Calogic HTML Injection vulnerability in Calogic Calendars 1.2.2

Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the Title field on the "Adding New Event" page, and possibly other vectors, involving iframe tags.

4.3
2006-01-11 CVE-2006-0175 Webwiz Cross-Site Scripting vulnerability in Webwiz web WIZ Forums 6.34

Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

4.3
2006-01-11 CVE-2006-0168 Myphpim Input Validation vulnerability in Myphpim 01.05

Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows remote attackers to inject arbitrary web script or HTML via the description field on the "Create New todo" page.

4.3
2006-01-11 CVE-2006-0165 Plain Black Cross-Site Scripting vulnerability in Webgui

Cross-site scripting (XSS) vulnerability in the DataForm Entries functionality in Plain Black WebGUI before 6.8.4 (gamma) allows remote attackers to inject arbitrary Javascript via the (1) url and (2) name field of the default email form.

4.3
2006-01-10 CVE-2006-0156 Foxrum BBCode Tag Script Injection vulnerability in Foxrum 4.0.4F

Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows remote attackers to inject arbitrary Javascript via the javascript URI in bbcode url tags in (1) addpost1.php and (2) addtopic1.php.

4.3
2006-01-10 CVE-2006-0155 427Bb Cross-Site Scripting vulnerability in Fourtwosevenbb 2.2/2.2.1

Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and 2.2.1 allows remote attackers to inject arbitrary Javascript via a new message with a url bbcode tag containing a javascript URI.

4.3
2006-01-10 CVE-2006-0152 Phpchamber Cross-Site Scripting vulnerability in PHPChamber

Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the needle parameter.

4.3
2006-01-09 CVE-2006-0149 Simpbook Cross-Site Scripting vulnerability in Simpbook 1.0

Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with html_enable on (the default), allows remote attackers to inject arbitrary web script or HTML via the message field.

4.3
2006-01-09 CVE-2006-0142 Andromeda Software Cross-Site Scripting vulnerability in Andromeda Andromeda.PHP

Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda 1.9.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the s parameter.

4.3
2006-01-09 CVE-2006-0140 Navboard Cross-Site Scripting vulnerability in Navboard 16/17

Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 Stable(2.6.0) and V17beta2 allows remote attackers to inject arbitrary web script or HTML via the (1) b, (2) textlarge, and (3) url bbcode tags.

4.3
2006-01-09 CVE-2006-0136 Phanatic Softwares Input Validation vulnerability in Phanatic Softwares Chimera web Portal 0.2

Multiple cross-site scripting (XSS) vulnerabilities in the guestbook module in modules.php in Phanatic Softwares Chimera Web Portal System 0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) comment_poster, (2) comment_poster_email, (3) comment_poster_homepage, and (4) comment_text parameters.

4.3
2006-01-09 CVE-2006-0134 Thewebforum Input Validation vulnerability in TheWebForum

Cross-site scripting (XSS) vulnerability in register.php in TheWebForum (twf) 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the www parameter.

4.3
2006-01-09 CVE-2006-0124 ADN Forum Input Validation vulnerability in ADN Forum 1.0/1.0B

Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to inject arbitrary web script or HTML via the titulo parameter, which is used by the "Topic name" field.

4.3
2006-01-09 CVE-2006-0122 Aquifer CMS Cross-Site Scripting vulnerability in Aquifer CMS Index.ASP

Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter.

4.3
2006-01-11 CVE-2006-0174 Hummingbird Multiple vulnerability in Hummingbird Collaboration and Enterprise Collaboration

Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to obtain sensitive information (intranet IP addresses and enumerations of valid parameter values) via a direct request to hc, which reveals the information in an error message or a cookie.

4.0
2006-01-11 CVE-2006-0173 Hummingbird Multiple vulnerability in Hummingbird Enterprise Collaboration 5.2/5.21

Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to misrepresent the type and name of a file via modified doc_ext and id parameters, which might trick a user into downloading dangerous or unexpected content.

4.0
2006-01-09 CVE-2006-0127 Rockliffe Directory Traversal vulnerability in MailSite

Directory traversal vulnerability in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote authenticated users to rename the folders of other users via a ..

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-01-13 CVE-2006-0202 Paypal Unspecified vulnerability in Paypal PHP Toolkit

Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data.

3.6
2006-01-09 CVE-2006-0133 IBM Unspecified vulnerability in IBM AIX 5.3Ml03

Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the existence of files and read partial contents of certain files via a ..

3.6
2006-01-11 CVE-2006-0172 Hummingbird Multiple vulnerability in Hummingbird Enterprise Collaboration 5.2/5.21

Cross-site scripting (XSS) vulnerability in the file manager utility in Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML in an uploaded page, which is published without a check for hostile scripting.

3.5
2006-01-13 CVE-2006-0208 PHP Cross-Site Scripting vulnerability in PHP

Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.

2.6
2006-01-11 CVE-2006-0055 Freebsd Unspecified vulnerability in Freebsd

The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell.

2.1