Weekly Vulnerabilities Reports > January 16 to 22, 2006

Overview

145 new vulnerabilities reported during this period, including 37 critical vulnerabilities and 36 high severity vulnerabilities. This weekly summary report vulnerabilities in 123 products from 89 vendors including Oracle, Cisco, Mike Helton, Broadcom, and Hitachi. Vulnerabilities are notably categorized as "Resource Management Errors", "SQL Injection", "Code Injection", "Information Exposure", and "Cross-site Scripting".

  • 135 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 137 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 36 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 33 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

37 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-01-19 CVE-2006-0316 AOL Buffer Overflow vulnerability in AOL Client Software 8.0/9.0

Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control, as used in AOL 8.0, 8.0 Plus, and 9.0 Classic, allows remote attackers to execute arbitrary code via unspecified vectors.

10.0
2006-01-19 CVE-2006-0226 Freebsd Remote Buffer Overflow vulnerability in Freebsd 6.0

Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames.

10.0
2006-01-19 CVE-2006-0303 Joomla Remote Security vulnerability in Joomla

Multiple unspecified vulnerabilities in the (1) publishing component, (2) Contact Component, (3) TinyMCE Compressor, and (4) other components in Joomla! 1.0.5 and earlier have unknown impact and attack vectors.

10.0
2006-01-18 CVE-2006-0291 Oracle Multiple vulnerability in Oracle January Security Update

Multiple unspecified vulnerabilities in Oracle Database Server 10.2.0.1, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i), and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) WF02 and (2) WF03 in the Oracle Workflow Cartridge component.

10.0
2006-01-18 CVE-2006-0290 Oracle Multiple vulnerability in Oracle January Security Update

Unspecified vulnerability in Oracle Database Server 9.2.0.7, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i), and E-Business Suite and Applications 11.5.10 has unspecified impact and attack vectors, as identified by Oracle Vuln# WF01 in the Oracle Workflow Cartridge component.

10.0
2006-01-18 CVE-2006-0289 Oracle Multiple vulnerability in Oracle Application Server and E-Business Suite

Multiple unspecified vulnerabilities in Oracle Application Server 6.0.8.26(PS17) and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP05 and (2) REP06 in the Oracle Reports Developer component.

10.0
2006-01-18 CVE-2006-0288 Oracle Multiple vulnerability in Oracle Application Server and E-Business Suite

Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP01 and (2) REP02.

10.0
2006-01-18 CVE-2006-0287 Oracle Multiple vulnerability in Oracle Application Server and Database Server

Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 10.1.0.5 and Application Server 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS02.

10.0
2006-01-18 CVE-2006-0286 Oracle Multiple vulnerability in Oracle Application Server and Database Server

Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS01.

10.0
2006-01-18 CVE-2006-0285 Oracle Multiple vulnerability in Oracle Application Server and Database Server

Unspecified vulnerability in the Java Net component of Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.4, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by Oracle Vuln# JN01.

10.0
2006-01-18 CVE-2006-0284 Oracle Multiple vulnerability in Oracle Application Server and E-Business Suite

Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.2 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10, have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) FORM01 and (2) FORM02 in the Oracle Forms component.

10.0
2006-01-18 CVE-2006-0283 Oracle Multiple vulnerability in Oracle products

Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, Application Server 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and attack vectors, as identified by Oracle Vuln# DBC02 in the Reorganize Objects & Convert Tablespace component.

10.0
2006-01-18 CVE-2006-0282 Oracle Multiple vulnerability in Oracle products

Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and attack vectors, as identified by Oracle Vuln# DBC01 in the Protocol Support component.

10.0
2006-01-18 CVE-2006-0281 Oracle Multiple vulnerability in Oracle Enterpriseone 8.95.F1/Sp23L1

Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 SP23_L1 has unspecified impact and attack vectors, as identified by Oracle Vuln# JDE01.

10.0
2006-01-18 CVE-2006-0280 Oracle Multiple vulnerability in Oracle Peoplesoft Enterprise Portal 8.4/8.8/8.9

Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 Bundle 15, 8.8 Bundle 10, and 8.9 Bundle 2 has unspecified impact and attack vectors, as identified by Oracle Vuln# PSE01.

10.0
2006-01-18 CVE-2006-0279 Oracle Multiple vulnerability in Oracle E-Business Suite 4.3

Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 4.3 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS13 and (2) APPS14 in the Oracle iLearning component.

10.0
2006-01-18 CVE-2006-0278 Oracle Multiple vulnerability in Oracle E-Business Suite 11.5.9

Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.9 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS02 in the (a) CRM Technical Foundation component; (2) APPS03 in the (b) iProcurement component; and (3) APPS04, (4) APPS05, and (5) APPS06 in the Oracle Application Object Library component.

10.0
2006-01-18 CVE-2006-0277 Oracle Multiple vulnerability in Oracle E-Business Suite 11.5.10

Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in the (a) Application Install component; (2) APPS07 in the (b) Oracle Applications Framework component; (3) APPS08, (4) APPS09, (5) APPS10, and (6) APPS11 in the (c) Oracle Applications Technology Stack component; (7) APPS12 in the (d) Oracle Human Resources component; (8) APPS15 and (9) APPS16 in the (e) Oracle Marketing component; (10) APPS17 in the (f) Marketing Encyclopedia System component; (11) APPS18 in the (g) Oracle Trade Management component; and (12) APPS19 in the (h) Oracle Web Applications Desktop Integration component.

10.0
2006-01-18 CVE-2006-0276 Oracle Multiple vulnerability in Oracle Collaboration Suite 9.0.4.2

Multiple unspecified vulnerabilities in Oracle Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) OCS01, 2) OCS02, 3) OCS03, 4) OCS04, 5) OCS05, 6) OCS06, 7) OCS07, (8) OCS08, and (9) OCS09 in the (a) Email Server component; 10) OCS10 (and (11) OCS11 in the (b) Oracle Collaboration Suite Wireless & Voice (component; 12) OCS12 and (13) OCS13 in the (c) Oracle Content (Management SDK component; 14) OCS14 and (15) OCS15 in the (d) Oracle (Content Services component.

10.0
2006-01-18 CVE-2006-0274 Oracle Multiple vulnerability in Oracle Application Server 10.1.2.0.2/9.0.4.2

Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 and 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP03.

10.0
2006-01-18 CVE-2006-0273 Oracle Multiple vulnerability in Oracle January Security Update

Unspecified vulnerability in the Portal component of Oracle Application Server 9.0.4.2 and 10.1.2.0 has unspecified impact and attack vectors, as identified by Oracle Vuln# AS01.

10.0
2006-01-18 CVE-2006-0271 Oracle Multiple vulnerability in Oracle January Security Update

Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28.

10.0
2006-01-18 CVE-2006-0270 Oracle Multiple vulnerability in Oracle Database Server 10.2.0.1

Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27.

10.0
2006-01-18 CVE-2006-0265 Oracle Multiple vulnerability in Oracle January Security Update

Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB17 in the Oracle Text component and (2) DB18 in the Program Interface Network component.

10.0
2006-01-18 CVE-2006-0263 Oracle Multiple vulnerability in Oracle January Security Update

Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB09 in the (a) Net Listener component; and (2) DB12 and (3) DB13 in the Network Communications (RPC) component.

10.0
2006-01-18 CVE-2006-0262 Oracle Multiple vulnerability in Oracle January Security Update

Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08.

10.0
2006-01-18 CVE-2006-0261 Oracle Multiple vulnerability in Oracle January Security Update

Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB07 in the Dictionary component and (2) DB14 in the Oracle Label Security component.

10.0
2006-01-18 CVE-2006-0260 Oracle Multiple vulnerability in Oracle Database Server 10.1.0.5/9.2.0.7

Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB05 in the (a) Data Pump component; (2) DB15 in the (b) Oracle Text component; (3) DB22 in the (c) Streams Apply component; (4) DB23 and (5) DB24 in the (d) Streams Capture component; and (6) DB26 in the (e) Streams Subcomponent.

10.0
2006-01-18 CVE-2006-0259 Oracle Multiple vulnerability in Oracle Database Server 10.1.0.5

Multiple unspecified vulnerabilities in Oracle Database server 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB04 and (2) DB06 in the (a) Data Pump component; (3) DB10 in the (b) Net Listener component; and (4) DB16 in the (c) Oracle Text component.

10.0
2006-01-18 CVE-2006-0258 Oracle Multiple vulnerability in Oracle Database Server 8.1.7.4/9.0.1.5

Unspecified vulnerability in the Connection Manager component of Oracle Database server 8.1.7.4 and 9.0.1.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB03.

10.0
2006-01-18 CVE-2006-0257 Oracle Multiple vulnerability in Oracle Database Server 10.1.0.5/10.2.0.1/9.2.0.7

Unspecified vulnerability in the Change Data Capture component of Oracle Database server 9.2.0.7, 10.1.0.5, and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB02.

10.0
2006-01-18 CVE-2006-0256 Oracle Multiple vulnerability in Oracle January Security Update

Unspecified vulnerability in the Advanced Queuing component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.6, 10.1.0.3 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB01.

10.0
2006-01-16 CVE-2006-0218 Mybb SQL-Injection vulnerability in MyBB

Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection.

10.0
2006-01-18 CVE-2006-0272 Oracle Multiple vulnerability in Oracle January Security Update

Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29.

9.0
2006-01-18 CVE-2006-0268 Oracle Multiple vulnerability in Oracle Database Server 10.1.0.4/9.0.1.5/9.2.0.6

Unspecified vulnerability in the Security component of Oracle Database server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB21.

9.0
2006-01-18 CVE-2006-0267 Oracle Multiple vulnerability in Oracle Database Server 10.1.0.4/9.2.0.6

Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.2.0.6 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB20.

9.0
2006-01-18 CVE-2006-0266 Oracle Multiple vulnerability in Oracle Database Server 10.1.0.5/9.0.1.5/9.2.0.7

Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB19.

9.0

36 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-01-22 CVE-2006-0368 Cisco Remote Denial Of Service vulnerability in Cisco CallManager

Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727.

7.8
2006-01-21 CVE-2006-0342 Rockliffe Resource Management Errors vulnerability in Rockliffe Mailsite 7.0.3.1

RockLiffe MailSite HTTP Mail management agent (httpma) 7.0.3.1 allows remote attackers to cause a denial of service (CPU consumption and crash) via a malformed query string containing special characters such as "|".

7.8
2006-01-22 CVE-2006-0376 Microsoft Remote Security vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

The 802.11 wireless client in certain operating systems including Windows 2000, Windows XP, and Windows Server 2003 does not warn the user when (1) it establishes an association with a station in ad hoc (aka peer-to-peer) mode or (2) a station in ad hoc mode establishes an association with it, which allows remote attackers to put unexpected wireless communication into place.

7.5
2006-01-22 CVE-2006-0374 Advantage Century Telecommunication Improper Authentication vulnerability in Advantage Century Telecommunication P202S 1.01.21Firmware1.1.21

Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which (1) might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-system data, by directly accessing the VxWorks WDB remote debugging ONCRPC (aka wdbrpc) on UDP 17185, (2) reflect network data using echo (TCP 7), or (3) gain access without authentication using rlogin (TCP 513).

7.5
2006-01-22 CVE-2006-0372 Insane Visions SQL Injection vulnerability in Insane Visions Blogphp 1.0

Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) blogphp_username or (2) blogphp_password parameter in a cookie.

7.5
2006-01-22 CVE-2006-0359 Counterpath Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Counterpath Eyebeam SIP Softphone

Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote attackers to (1) cause a denial of service (device crash) via SIP INVITE commands with a long header field name sent during startup and (2) cause a denial of service (device hang or crash) via SIP INVITE commands with a long header field name sent during a call.

7.5
2006-01-22 CVE-2006-0358 Powerportal Cross-Site Scripting vulnerability in Powerportal 1.1B/1.3/1.3B

Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 beta through 1.3, allow remote attackers to execute arbitrary SQL commands via the search parameter in (1) index.php and (2) search.php.

7.5
2006-01-21 CVE-2006-0349 Epic Designs Input Validation vulnerability in Epic Designs Eggblog 2.0

SQL injection vulnerability in eggblog 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to blog.php.

7.5
2006-01-21 CVE-2006-0345 Saral Kaushik Input Validation vulnerability in Saral Kaushik Saralblog 1.0

Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote attackers to execute arbitrary SQL commands via the search parameter to search.php.

7.5
2006-01-21 CVE-2006-0339 Bitcomet Remote Buffer Overflow vulnerability in Bitcomet 0.60

Buffer overflow in BitComet Client 0.60 allows remote attackers to execute arbitrary code, when the publisher's name link is clicked, via a long publisher URI in a torrent file.

7.5
2006-01-21 CVE-2006-0337 F Secure Archive Handling vulnerability in F-Secure

Buffer overflow in multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allows remote attackers to execute arbitrary code via crafted ZIP archives.

7.5
2006-01-21 CVE-2006-0329 Hitachi SQL Injection vulnerability in Hitachi HITSENSER Data Mart Server

SQL injection vulnerability in HITSENSER Data Mart Server BS, BS-S, BS-M, BS-L, and EX allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.

7.5
2006-01-20 CVE-2006-0325 Etomite OS Command Injection vulnerability in Etomite

Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the "cij" parameter.

7.5
2006-01-20 CVE-2006-0019 KDE Remote Heap Overflow vulnerability in KDE KJS Encodeuri / Decodeuri

Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.

7.5
2006-01-19 CVE-2006-0324 Webspot SQL Injection vulnerability in Webspot Webspotblogging 3.0

SQL injection vulnerability in WebspotBlogging 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter to login.php.

7.5
2006-01-19 CVE-2006-0320 BIT 5 Blog SQL Injection vulnerability in Bit 5 Blog

SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameter.

7.5
2006-01-19 CVE-2006-0318 Insane Visions SQL Injection vulnerability in Insane Visions Blogphp 1.0

SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action.

7.5
2006-01-19 CVE-2006-0314 Pdfdirectory SQL-Injection vulnerability in pdfdirectory

PDFdirectory before 1.0 stores sensitive data in plaintext, which allows remote attackers to obtain arbitrary users' passwords by direct queries to the database, possibly via one of the SQL injection vulnerabilities.

7.5
2006-01-19 CVE-2006-0313 Pdfdirectory SQL Injection vulnerability in PDFDirectory

Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors involving (1) util.php, (2) userpref.php, (3) user.php, (4) uploadfrm.php, (5) title.php, (6) team.php, (7) stats.php, (8) page.php, (9) org.php, (10) member.php, (11) index.php, (12) group.php, or (13) anniv.php.

7.5
2006-01-19 CVE-2006-0311 Mike Helton Input Validation vulnerability in Mike Helton Aoblogger 2.3

SQL injection vulnerability in login.php in aoblogger 2.3 allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2006-01-19 CVE-2006-0308 Htmltonuke Code Injection vulnerability in Htmltonuke 2.0Alpha

PHP remote file inclusion vulnerability in htmltonuke.php in the htmltonuke 2.0 alpha, and possibly other versions, module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the filnavn parameter.

7.5
2006-01-19 CVE-2006-0305 Clipcomm Remote Administrative Access vulnerability in Clipcomm Cp-100E Voip Wifi Phone and Cpw-100E Voip Wifi Phone

Clipcomm CPW-100E VoIP 802.11b Wireless Handset Phone running firmware 1.1.12 (051129) and CP-100E VoIP 802.11b Wireless Phone running firmware 1.1.60 allows remote attackers to gain unauthorized access via the debug service on TCP port 60023.

7.5
2006-01-19 CVE-2006-0304 Achal Dhir Remote Buffer Overflow vulnerability in Achal Dhir Dual Dhcp DNS Server 1.0

Buffer overflow in Dual DHCP DNS Server 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the DHCP options field.

7.5
2006-01-18 CVE-2006-0252 Benders Calendar SQL Injection vulnerability in Benders Calendar

SQL injection vulnerability in Benders Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by the (1) year, (2) month, and (3) day parameters.

7.5
2006-01-18 CVE-2006-0249 Bitdamaged SQL Injection vulnerability in Bitdamaged Geoblog Mod1.0

SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD_1.0 allows remote attackers to execute arbitrary SQL commands, then steal credentials and upload files, via the cat parameter ($tmpCategory variable).

7.5
2006-01-18 CVE-2006-0044 Albatross Remote Arbitrary Code Execution vulnerability in Albatross

Unspecified vulnerability in context.py in Albatross web application toolkit before 1.33 allows remote attackers to execute arbitrary commands via unspecified vectors involving template files and the "handling of submitted form fields".

7.5
2006-01-18 CVE-2006-0240 8Pixel NET SQL Injection vulnerability in 8Pixel.Net Simple Blog

Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote attackers to execute arbitrary SQL commands via the month parameter in an archives view operation and possibly certain other parameters in unspecified scripts.

7.5
2006-01-18 CVE-2006-0238 Gamerz SQL Injection vulnerability in WP-Stats Author Parameter

SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 allows remote attackers to execute arbitrary SQL commands via the author parameter.

7.5
2006-01-18 CVE-2006-0235 White Angle SQL Injection vulnerability in White Angle White Album 2.5

SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers to execute arbitrary SQL commands via the dir parameter to pictures.php.

7.5
2006-01-18 CVE-2006-0234 Microblog SQL Injection vulnerability in Microblog 2.0Rc10

SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters.

7.5
2006-01-16 CVE-2006-0221 Ddsn SQL Injection vulnerability in DDSN Interactive CM3CMS Admin Panel Index.ASP

SQL injection vulnerability in index.asp in the Admin Panel in Dragon Design Services Network (DDSN) cm3 content manager (CM3CMS) allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password.

7.5
2006-01-16 CVE-2006-0219 Mybulletinboard SQL Injection vulnerability in MyBB Usercp.PHP

The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php.

7.5
2006-01-20 CVE-2006-0045 Linley Henzell Command Execution vulnerability in Linley Henzell Dungeon Crawl 4.0.0B23

crawl before 4.0.0 does not securely call programs when saving and loading games, which allows local users to gain privileges.

7.2
2006-01-18 CVE-2006-0255 Checkpoint Local Privilege Escalation vulnerability in Checkpoint Vpn-1 4.1

Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program.

7.2
2006-01-17 CVE-2006-0228 Grsecurity Unspecified vulnerability in Grsecurity Kernel Patch

The RBAC functionality in grsecurity before 2.1.8 does not properly handle when the admin role creates a service and then exits the shell without unauthenticating, which causes the service to be restarted with the admin role still active.

7.2
2006-01-21 CVE-2006-0340 Cisco Improper Input Validation vulnerability in Cisco IOS

Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12.0 through 12.4 running on various Cisco products, when SGBP is enabled, allows remote attackers on the local network to cause a denial of service (device hang and network traffic loss) via a crafted UDP packet to port 9900.

7.1

67 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-01-22 CVE-2006-0367 Cisco Remote Privilege Escalation vulnerability in Cisco CallManager CCMAdmin

Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative privileges via a "crafted URL on the CCMAdmin web page."

6.5
2006-01-22 CVE-2006-0360 MPM Information Disclosure vulnerability in MPM Hp-180W Voip Wifi Phone We.00.17

MPM SIP HP-180W Wireless IP Phone WE.00.17 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication.

6.4
2006-01-21 CVE-2006-0344 Intervations Directory Traversal vulnerability in Intervations Filecopa 1.01

Directory traversal vulnerability in Intervations FileCOPA FTP Server 1.01 allows remote attackers to read and write arbitrary files via a ..

6.4
2006-01-21 CVE-2006-0332 Ecartis Code Injection vulnerability in Ecartis 1.0.0Snapshot20050909

Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments in a publicly accessible directory, which may allow remote attackers to upload arbitrary files.

6.4
2006-01-18 CVE-2006-0250 Carnegie Mellon University Remote Format String vulnerability in CMU SNMP SNMPTRAPD Daemon

Format string vulnerability in the snmp_input function in snmptrapd in CMU SNMP utilities (cmu-snmp) allows remote attackers to execute arbitrary code by sending crafted SNMP messages to UDP port 162.

6.4
2006-01-18 CVE-2006-0242 PHP Fusebox Cross-Site Scripting vulnerability in PHP Fusebox PHP Fusebox 4.0.6

Cross-site scripting vulnerability in index.php in PHP Fusebox 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter.

6.4
2006-01-19 CVE-2006-0315 Indexcor Cross-Site Scripting vulnerability in EZDatabase

index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure.

5.8
2006-01-18 CVE-2006-0239 8Pixel NET Input Validation vulnerability in 8Pixel.Net Simple Blog 2.1

Multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1 allow remote attackers to inject arbitrary web script or HTML via (1) a comment to comments.asp and (2) possibly certain other fields in unspecified scripts.

5.8
2006-01-22 CVE-2006-0354 Cisco Resource Management Errors vulnerability in Cisco products

Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large number of spoofed ARP packets, which creates a large ARP table that exhausts memory, aka Bug ID CSCsc16644.

5.5
2006-01-18 CVE-2006-0269 Oracle Multiple vulnerability in Oracle January Security Update

Unspecified vulnerability in the Streams Capture component of Oracle Database server 10.1.0.5 and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB25.

5.5
2006-01-18 CVE-2006-0253 Ambicom Buffer Overflow vulnerability in Ambicom Blue Neighbors 2.50Build2500

Buffer overflow in the Bluetooth OBEX Object Push service in "Blue Neighbors.EXE" in AmbiCom Blue Neighbors 2.50 Build 2500 and earlier allows remote attackers to execute arbitrary code via a long file name, as demonstrated via a long RFILE argument to ussp-push.

5.1
2006-01-18 CVE-2006-0236 Mozilla Code Injection vulnerability in Mozilla Thunderbird

GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment.

5.1
2006-01-22 CVE-2006-0375 Advantage Century Telecommunication Remote vulnerability in Advantage Century Telecommunication P202S 1.01.21Firmware1.1.21

Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 on VxWorks uses a hardcoded Network Time Protocol (NTP) server in Taiwan, which could allow remote attackers to provide false time information, block access to time information, or conduct other attacks.

5.0
2006-01-22 CVE-2006-0371 Noah Medling Directory Traversal vulnerability in Noah Medling Rcblog 1.03

Directory traversal vulnerability in index.php in Noah Medling RCBlog 1.03 allows remote attackers to read arbitrary .txt files, possibly including one that stores the administrator's account name and password, via a ..

5.0
2006-01-22 CVE-2006-0370 Noah Medling Remote Security vulnerability in Noah Medling Rcblog 1.03

Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes.

5.0
2006-01-22 CVE-2006-0362 3Com Resource Management Errors vulnerability in 3Com Tippingpoint IPS TOS 2.1/2.1.3.6323/2.2.0.6504

TippingPoint Intrusion Prevention System (IPS) TOS before 2.1.4.6324, and TOS 2.2.x before 2.2.1.6506, allow remote attackers to cause a denial of service (CPU consumption) via an unknown vector, probably involving an HTTP request with a negative number in the Content-Length header.

5.0
2006-01-22 CVE-2006-0357 Grant Averett Denial-Of-Service vulnerability in Grant Averett Cerberus FTP Server 2.32

Grant Averett Cerberus FTP Server 2.32, and possibly earlier versions, allows remote attackers to cause an unspecified denial of service via a long string that does not contain a valid FTP command.

5.0
2006-01-22 CVE-2006-0356 ARI Pikivirta Denial-Of-Service vulnerability in ARI Pikivirta Home FTP Server 1.0.7

Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to cause an unspecified denial of service via a long USER command combined with a long PASS command.

5.0
2006-01-22 CVE-2006-0355 Helmsman Research Remote Denial Of Service vulnerability in Helmsman Research Homeftp 1.1

Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote attackers to cause an unspecified denial of service via a long USER command combined with a long PASS command and an NLST command.

5.0
2006-01-21 CVE-2006-0352 Fluffington Information Disclosure vulnerability in Fluffington Flog 1.01/1.1.2

The default configuration of Fluffington FLog 1.01 installs users.0.dat under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (login credentials) via a direct request.

5.0
2006-01-21 CVE-2006-0351 DON Moore Denial Of Service vulnerability in MyDNS DNS Query

Unspecified "critical denial-of-service vulnerability" in MyDNS before 1.1.0 has unknown impact and attack vectors.

5.0
2006-01-21 CVE-2006-0348 Stefan Ritt Remote Input Validation vulnerability in ELOG Web Logbook

Format string vulnerability in the write_logfile function in ELOG before 2.6.1 allows remote attackers to cause a denial of service (server crash) via unknown attack vectors.

5.0
2006-01-21 CVE-2006-0347 Stefan Ritt Remote Input Validation vulnerability in ELOG Web Logbook

Directory traversal vulnerability in ELOG before 2.6.1 allows remote attackers to access arbitrary files outside of the elog directory via "../" (dot dot) sequences in the URL.

5.0
2006-01-21 CVE-2006-0343 Hitachi Denial of Service vulnerability in Hitachi products

Unspecified vulnerability in the Port Discovery Standard and Advanced features in Hitachi JP1/NetInsight II allows attackers to stop the Port Discovery service via unknown vectors involving "invalid format data".

5.0
2006-01-21 CVE-2006-0338 F Secure Archive Handling vulnerability in F-Secure

Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allow remote attackers to hide arbitrary files and data via malformed (1) RAR and (2) ZIP archives, which are not properly scanned.

5.0
2006-01-21 CVE-2006-0336 Kerio Denial of Service vulnerability in Kerio WinRoute Firewall Web Browsing

Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause a denial of service (CPU consumption and hang) via unknown vectors involving "browsing the web".

5.0
2006-01-21 CVE-2006-0335 Kerio Denial of Service vulnerability in Kerio WinRoute Firewall

Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before 6.1.4 Patch 1 allow remote attackers to cause a denial of service via multiple unspecified vectors involving (1) long strings received from Active Directory and (2) the filtering of HTML.

5.0
2006-01-21 CVE-2006-0328 Philippe Jounin Remote Format String vulnerability in Philippe Jounin Tftpd32 2.81

Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request.

5.0
2006-01-21 CVE-2006-0327 Typo3 Information Disclosure vulnerability in Typo3 3.7.1/3.8.1

TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails.

5.0
2006-01-19 CVE-2006-0322 Mediawiki Unspecified vulnerability in Mediawiki

Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via "certain malformed links."

5.0
2006-01-19 CVE-2006-0319 Farmers Wife Directory Traversal vulnerability in Farmers Wife Farmers Wife 4.4Sp1

Directory traversal vulnerability in the FTP server (port 22003/tcp) in Farmers WIFE 4.4 SP1 allows remote attackers to create arbitrary files via ".." (dot dot) sequences in a (1) PUT, (2) SIZE, and possibly other commands.

5.0
2006-01-19 CVE-2006-0312 Mike Helton Input Validation vulnerability in Mike Helton Aoblogger 2.3

create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1.

5.0
2006-01-19 CVE-2006-0307 Broadcom
CA
Resource Management Errors vulnerability in multiple products

The DM Primer in the DM Deployment Common Component in Computer Associates (CA) BrightStor Mobile Backup r4.0, BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, r11.1 SP1, Unicenter Remote Control 6.0, 6.0 SP1, CA Desktop Protection Suite r2, CA Server Protection Suite r2, and CA Business Protection Suite r2 allows remote attackers to cause a denial of service (CPU consumption and log file consumption) via unspecified "unrecognized network messages" that are not properly handled.

5.0
2006-01-19 CVE-2006-0306 Broadcom
CA
Resource Management Errors vulnerability in multiple products

The DM Primer (dmprimer.exe) in the DM Deployment Common Component in Computer Associates (CA) BrightStor Mobile Backup r4.0, BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, r11.1 SP1, Unicenter Remote Control 6.0, 6.0 SP1, CA Desktop Protection Suite r2, CA Server Protection Suite r2, and CA Business Protection Suite r2 allows remote attackers to cause a denial of service (CPU consumption or application hang) via a large network packet, which causes a WSAEMESGSIZE error code that is not handled, leading to a thread exit.

5.0
2006-01-19 CVE-2006-0302 Zyxel Information Disclosure vulnerability in Zyxel P2000W Version 2 Voip Wifi Phone Wv.00.02

ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 allows remote attackers to obtain sensitive information, such as MAC address and software version, by directly accessing UDP port 9090.

5.0
2006-01-18 CVE-2006-0275 Oracle Multiple vulnerability in Oracle Application Server 9.0.4.2

Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP04.

5.0
2006-01-18 CVE-2006-0248 Intracom Remote Security vulnerability in Intracom Jetspeed 500/520

Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed 500 and 520 and (2) Allied Data Technologies CopperJet 811 RouterPlus, allows remote attackers to access privileged information, such as user lists and configuration settings, via direct HTTP requests.

5.0
2006-01-18 CVE-2006-0244 Phpxplorer Directory Traversal vulnerability in PHPxplorer 0.9.33

** DISPUTED ** Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a ..

5.0
2006-01-18 CVE-2006-0241 Webmobo HTML Injection vulnerability in Webmobo Wbnews 1.1.0

Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Name field.

5.0
2006-01-16 CVE-2006-0223 Topcmm Computing Path Traversal vulnerability in Topcmm Computing 123 Flash Chat Server 5.0/5.1

Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via ".." (dot dot) sequences in the username field.

5.0
2006-01-16 CVE-2006-0216 Qualityebiz Information Disclosure vulnerability in Qualityebiz Quality PPC 1.0Build1644

admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to obtain sensitive information, possibly the installation path of the application, via unspecified "meta characters" to the cpage parameter.

5.0
2006-01-21 CVE-2006-0331 Thiago Melo DE Paula Denial-Of-Service vulnerability in Thiago Melo DE Paula Change Passwd 3.1

Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin allows local users to execute arbitrary code via long command line arguments.

4.6
2006-01-22 CVE-2006-0373 Douran Cross-Site Scripting vulnerability in Douran FollowWeb Portal Register.ASPX

Cross-site scripting (XSS) vulnerability in register.aspx in Douran FollowWeb allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

4.3
2006-01-22 CVE-2006-0366 Phpclanwebsite Unspecified vulnerability in PHPclanwebsite 1.23.1

Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka PCW) allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a BBCode img tag.

4.3
2006-01-22 CVE-2006-0365 XMB Software Unspecified vulnerability in XMB Software XMB Forum

Cross-site scripting (XSS) vulnerability in XMB (aka extreme message board) allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element.

4.3
2006-01-22 CVE-2006-0364 Mybulletinboard Cross-Site Scripting vulnerability in Mybulletinboard

Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as demonstrated by "&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116".

4.3
2006-01-22 CVE-2006-0361 BIT 5 Blog HTML Injection vulnerability in BIT 5 Blog BIT 5 Blog 8.01

Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 Blog 8.01 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an <a> tag in the comment parameter, which strips most tags but not <a>.

4.3
2006-01-21 CVE-2006-0350 Epic Designs Input Validation vulnerability in Epic Designs Eggblog 2.0

Cross-site scripting (XSS) vulnerability in eggblog 2.0 allow remote attackers to inject arbitrary web script or HTML via the message field to topic.php.

4.3
2006-01-21 CVE-2006-0346 Saral Kaushik Input Validation vulnerability in Saral Kaushik Saralblog 1.0

Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via a website field in a new comment to view.php, which is not properly handled in the comment function in functions.php.

4.3
2006-01-21 CVE-2006-0334 Freekrai NET Cross-Site Scripting vulnerability in Freekrai.Net MY Amazon Store Manager 1.0

Cross-site scripting (XSS) vulnerability in search.php in My Amazon Store Manager 1.0 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter.

4.3
2006-01-21 CVE-2006-0333 AR Blog Cross-Site Scripting vulnerability in Ar-Blog 5.2

Cross-site scripting (XSS) vulnerability in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) month or (2) year parameter to index.php.

4.3
2006-01-21 CVE-2006-0330 Gallery Project HTML Injection vulnerability in Gallery User Name

Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname).

4.3
2006-01-19 CVE-2006-0317 Redkernel Cross-Site Scripting vulnerability in Redkernel Referrer Tracker 1.1.03

Cross-site scripting (XSS) vulnerability in rkrt_stats.php in RedKernel Referrer Tracker 1.1.0-3 allows remote attackers to inject arbitrary web script or HTML via a query string value as a GET, which is stored in the $QUERY_STRING variable.

4.3
2006-01-19 CVE-2006-0310 Mike Helton Input Validation vulnerability in Mike Helton Aoblogger 2.3

Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows remote attackers to inject arbitrary Javascript via a javascript URI in the BBcode url tag.

4.3
2006-01-18 CVE-2006-0254 Apache Input Validation vulnerability in Apache Geronimo 1.0

Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.

4.3
2006-01-18 CVE-2006-0251 FAQ O Matic Cross-Site Scripting vulnerability in Faq-O-Matic

Cross-site scripting (XSS) vulnerability in fom.cgi in Faq-O-Matic 2.711 allows remote attackers to inject arbitrary web script or HTML via the (1) _duration, (2) file, and (3) cmd parameters.

4.3
2006-01-18 CVE-2006-0247 Netbula Cross-Site Scripting vulnerability in Netbula Anyboard Anyboard.CGI

Cross-site scripting (XSS) vulnerability in anyboard.cgi in Netbula Anyboard 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the tK parameter in a find command.

4.3
2006-01-18 CVE-2006-0246 Widexl Cross-Site Scripting vulnerability in Widexl Download Tracker 1.0.6

Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download Tracker 1.06 allows remote attackers to inject arbitrary web script or HTML via the ID parameter.

4.3
2006-01-18 CVE-2006-0245 Devellion Cross-Site Scripting vulnerability in Devellion Cubecart 3.0.7Pl1

Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) catId parameters in index.php; and the (8) username field in a login action in index.php.

4.3
2006-01-18 CVE-2006-0243 Smbcms Local Site Search Cross-Site Scripting vulnerability in Smbcms 2.1

Cross-site scripting (XSS) vulnerability in SMBCMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the text parameter, which is used by the "Search Site" field.

4.3
2006-01-18 CVE-2006-0237 GTP Cross-Site Scripting vulnerability in GTP iCommerce

Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce allows remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) subcat parameters.

4.3
2006-01-18 CVE-2006-0233 Microblog Cross-Site Scripting vulnerability in Microblog 2.0Rc10

Cross-site scripting (XSS) vulnerability in functions.php in microBlog 2.0 RC-10 allows remote attackers to inject arbitrary web script and HTML via a javascript: URI in a [url] BBcode tag.

4.3
2006-01-16 CVE-2006-0222 Alstrasoft Cross-Site Scripting vulnerability in AlstraSoft Template Seller Pro Fullview.PHP

Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft Template Seller Pro allows remote attackers to inject arbitrary web script or HTML via the tempid parameter.

4.3
2006-01-16 CVE-2006-0220 Codeworx Technologies Input Validation vulnerability in DCP Portal

Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php.

4.3
2006-01-16 CVE-2006-0217 Ultimate Auction Cross-Site Scripting vulnerability in Ultimate Auction Ultimate Auction 3.67

Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category parameter in itemlist.pl, which reflects the XSS in an error message.

4.3
2006-01-16 CVE-2006-0215 Qualityebiz Cross-Site Scripting vulnerability in Qualityebiz Quality PPC 1.0Build1644

Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.

4.3
2006-01-19 CVE-2006-0309 Linksys Remote Denial Of Service vulnerability in Linksys Befvp41 1.01.04

Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-01-22 CVE-2006-0353 GNU Information Exposure vulnerability in GNU LSH 2.0.1

unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys.

3.6
2006-01-17 CVE-2006-0227 SUN Local vulnerability in Sun Solaris LPSCHED

Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors.

2.6
2006-01-22 CVE-2006-0369 Oracle Information Exposure vulnerability in Oracle Mysql 5.0.18

** DISPUTED ** MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views;" query, which returns the query that created the VIEW.

2.1
2006-01-22 CVE-2006-0363 Microsoft Local Security vulnerability in Microsoft MSN Messenger 7.5

The "Remember my Password" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds registry key, which might allow local users to obtain the original passwords via a program that calls CryptUnprotectData, as demonstrated by the "MSN Password Recovery.exe" program.

2.1
2006-01-17 CVE-2006-0229 Wehnus Local Privilege Escalation vulnerability in WehnTrust Path Specification

Unquoted Windows search path vulnerability in Wehntrust might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when Wehntrust creates the autostart key.

2.1