Weekly Vulnerabilities Reports > January 30 to February 5, 2006

Overview

94 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 36 high severity vulnerabilities. This weekly summary report vulnerabilities in 97 products from 64 vendors including Mozilla, Oracle, Mybulletinboard, Cisco, and Spip. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "SQL Injection", and "Improper Input Validation".

  • 80 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 3 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 92 reported vulnerabilities are exploitable by an anonymous user.
  • Mozilla has the most reported vulnerabilities, with 9 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

36 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-01-31 CVE-2006-0483 Cisco Remote Denial of Service vulnerability in Cisco products

Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7.2.A allow remote attackers to cause a denial of service (device reload or user disconnect) via a crafted HTTP packet.

7.8
2006-01-31 CVE-2006-0476 Nullsoft Remote Buffer Overflow vulnerability in Nullsoft Winamp 5.12

Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).

7.6
2006-02-04 CVE-2006-0552 Oracle Multiple vulnerability in Oracle January Security Update

Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11.

7.5
2006-02-04 CVE-2006-0551 Oracle SQL-Injection vulnerability in Oracle10g Standard Edition

SQL injection vulnerability in the Data Pump Metadata API in Oracle Database 10g and possibly earlier might allow remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2006-02-04 CVE-2006-0550 Oracle Denial-Of-Service vulnerability in Oracle Client

Buffer overflow in an unspecified Oracle Client utility might allow remote attackers to execute arbitrary code or cause a denial of service.

7.5
2006-02-04 CVE-2006-0549 Oracle SQL-Injection vulnerability in Oracle Database Server 10.1.0.5

SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2006-02-04 CVE-2006-0548 Oracle SQL-Injection vulnerability in Oracle Database Server 10.1.0.4.2

SQL injection vulnerability in the Oracle Text component of Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2006-02-04 CVE-2006-0547 Oracle SQL-Injection vulnerability in Oracle10g Personal Edition

Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit logging, including statements to create new privileged database accounts, via a modified AUTH_ALTER_SESSION attribute in the authentication phase of the Transparent Network Substrate (TNS) protocol.

7.5
2006-02-04 CVE-2006-0546 Egeinternet Remote Security vulnerability in Egeinternet

Unspecified vulnerability in index.php in a certain application available from /v1/tr/portfoy.php on www.egeinternet.com allows remote attackers to execute arbitrary code via "evilcode" in the key parameter, possibly a PHP remote file include vulnerability in which the attack vector is a URL in the key parameter.

7.5
2006-02-04 CVE-2006-0545 Ubbcentral SQL Injection vulnerability in UBB.Threads Showflat.PHP

SQL injection vulnerability in showflat.php in Groupee (formerly known as Infopop) UBB.threads 6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Number parameter.

7.5
2006-02-04 CVE-2006-0544 Microsoft Denial Of Service vulnerability in Microsoft IE 7.0

urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.

7.5
2006-02-04 CVE-2006-0542 Nukedweb SQL Injection vulnerability in Nukedweb Guestbookhost 20050425

Multiple SQL injection vulnerabilities in config.php in NukedWeb GuestBookHost 2005.04.25 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters.

7.5
2006-02-04 CVE-2006-0540 Tachyon Input Validation vulnerability in Tachyon Vanilla Guestbook 1.0Beta

Multiple SQL injection vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2006-02-04 CVE-2006-0537 Kinesphere Corporation Remote RCPT TO Buffer Overflow vulnerability in Kinesphere Corporation Exchange Pop3 5.0Build050203

Buffer overflow in the POP3 server in Kinesphere Corporation eXchange before 5.0.060125 allows remote attackers to execute arbitrary code via a long RCPT TO argument.

7.5
2006-02-02 CVE-2006-0294 Mozilla Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory.

7.5
2006-02-02 CVE-2006-0293 Mozilla Unspecified vulnerability in Mozilla Firefox 1.5

The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects.

7.5
2006-02-02 CVE-2006-0292 Mozilla Unspecified vulnerability in Mozilla Firefox and Mozilla

The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.

7.5
2006-02-02 CVE-2006-0527 ISC Permissions, Privileges, and Access Controls vulnerability in ISC Bind 4/8

BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain privileged access via a "Kashpureff-style DNS cache corruption" attack.

7.5
2006-02-02 CVE-2006-0523 Mybulletinboard SQL-Injection vulnerability in MyBulletinBoard

SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable.

7.5
2006-02-02 CVE-2006-0522 Symantec SQL Injection vulnerability in Symantec Sygate Management Server SMS Authentication Servlet

SQL injection vulnerability in the Authentication Servlet in Symantec Sygate Management Server (SMS) version 4.1 build 1417 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via unknown attack vectors related to a URL.

7.5
2006-02-02 CVE-2006-0520 Dragoran SQL Injection vulnerability in Dragoran Portal Module 1.3

SQL injection vulnerability index.php in Dragoran Portal module 1.3 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the site parameter.

7.5
2006-02-02 CVE-2006-0517 Spip SQL Injection vulnerability in SPIP

Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3; (4) unspecified vectors related to "session handling"; and (5) when posting "petitions".

7.5
2006-02-01 CVE-2006-0510 Daffodil Software SQL Injection vulnerability in Daffodil Software Daffodil CRM 1.5

SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified parameters in a login action.

7.5
2006-02-01 CVE-2006-0502 Farsinews Remote File Include vulnerability in FarsiNews Loginout.PHP

PHP remote file inclusion vulnerability in loginout.php in FarsiNews 2.1 Beta 2 and earlier, with register_globals enabled, allows remote attackers to include arbitrary files via a URL in the cutepath parameter.

7.5
2006-02-01 CVE-2006-0500 Punctweb Remote Security vulnerability in Punctweb Myco Guestbook 1.0

MyCO Guestbook 1.0 stores the admin directory under the web document root with insufficient access control, which allows remote attackers to perform unspecified privileged actions by directly accessing files via a URL.

7.5
2006-02-01 CVE-2006-0497 PHP GEN Cross-Site Scripting vulnerability in PHP GEN

Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow remote attackers to inject arbitrary SQL commands via unknown attack vectors.

7.5
2006-02-01 CVE-2006-0492 Vincent HOR SQL Injection vulnerability in Vincent HOR Calendarix 0.6.20050830

Multiple SQL injection vulnerabilities in Calendarix allow remote attackers to execute arbitrary SQL commands via (1) the catview parameter in cal_functions.inc.php and (2) the login parameter in cal_login.php.

7.5
2006-02-01 CVE-2006-0491 Subzane SQL Injection vulnerability in Subzane Szusermgnt 1.4

SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2006-02-01 CVE-2006-0490 Aspthai NET SQL Injection vulnerability in ASPThai Forums Login.ASP

SQL injection vulnerability in login.asp in ASPThai.Net ASPThai Forums 8.0 and earlier allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the password field.

7.5
2006-01-31 CVE-2006-0478 CRE Loaded Unspecified vulnerability in CRE Loaded CRE Loaded 6.15

CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php.

7.5
2006-01-31 CVE-2006-0477 GIT Remote Buffer Overflow vulnerability in GIT

Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link.

7.5
2006-01-31 CVE-2006-0474 Shareaza Remote Integer Overflow vulnerability in Shareaza 2.2.1.0

Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers to execute arbitrary code via (1) a large packet length field, which causes an overflow in the ReadBuffer function in (a) BTPacket.cpp and (b) EDPacket.cpp, or (2) a large packet, which causes a heap-based overflow in the Write function in (c) Packet.h.

7.5
2006-01-30 CVE-2006-0301 Xpdf Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xpdf

Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.

7.5
2006-01-30 CVE-2006-0468 Stalker Denial of Service vulnerability in Communigate Pro Server LDAP

CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly other vectors, as demonstrated by the ProtoVer LDAP test suite.

7.5
2006-02-04 CVE-2006-0531 SUN Local Authentication Bypass vulnerability in SUN Java System Access Manager 7.0

Unspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool.

7.2
2006-02-02 CVE-2006-0526 AOL Local Privilege Escalation vulnerability in AOL Client Software 8.0/9.0

The default configuration of the America Online (AOL) client software allows all users to modify a certain registry value that specifies a DLL file name, which might allow local users to gain privileges via a Trojan horse program.

7.2

53 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-02-02 CVE-2006-0299 Mozilla Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions.

6.4
2006-02-02 CVE-2006-0298 Mozilla Improper Input Validation vulnerability in Mozilla Firefox and Seamonkey

The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read.

5.8
2006-02-02 CVE-2006-0297 Mozilla Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas.

5.1
2006-02-02 CVE-2006-0295 Mozilla Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.

5.1
2006-02-04 CVE-2006-0543 Cerulean Studios Denial-Of-Service vulnerability in Cerulean Studios Trillian 3.1.0.120

Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM message containing the Mac encoded Rich Text Format (RTF) escape sequences (1) \'d1, (2) \'d2, (3) \'d3, (4) \'d4, and (5) \'d5.

5.0
2006-02-02 CVE-2006-0530 CA Message Queuing Denial Of Service vulnerability in Computer Associates

Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via spoofed CAM control messages.

5.0
2006-02-02 CVE-2006-0529 CA Message Queuing Denial Of Service vulnerability in Computer Associates

Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via a crafted message to TCP port 4105.

5.0
2006-02-02 CVE-2006-0296 Mozilla Unspecified vulnerability in Mozilla Firefox and Seamonkey

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

5.0
2006-02-02 CVE-2006-0528 Gnome Buffer Overflow vulnerability in GNOME Evolution Inline XML File Attachment

The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment.

5.0
2006-02-02 CVE-2006-0519 Spip Information Disclosure vulnerability in SPIP

SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message.

5.0
2006-02-02 CVE-2006-0433 Freebsd Remote Denial Of Service vulnerability in FreeBSD TCP SACK

Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not properly handle an incoming selective acknowledgement when there is insufficient memory, which might allow remote attackers to cause a denial of service (infinite loop).

5.0
2006-02-01 CVE-2006-0508 Easy CMS Remote Security vulnerability in Easy Cms

Easy CMS stores the images directory under the web document root with insufficient access control and browsing enabled, which allows remote attackers to list and possibly read images that are stored in that directory.

5.0
2006-02-01 CVE-2006-0505 Zbattle NET Denial-Of-Service vulnerability in Zbattle.Net Zbattle Client 1.09Sr1Beta

zbattle.net Zbattle client 1.09 SR-1 beta allows remote attackers to cause an unspecified denial of service by rapidly creating and closing a game.

5.0
2006-02-01 CVE-2006-0504 Mailenable Unspecified vulnerability in Mailenable Enterprise

Unspecified vulnerability in MailEnable Enterprise Edition before 1.2 allows remote attackers to cause a denial of service (CPU utilization) by viewing "formatted quoted-printable emails" via webmail.

5.0
2006-02-01 CVE-2006-0503 Mailenable Remote Denial of Service vulnerability in MailEnable Professional EXAMINE Command

IMAP service in MailEnable Professional Edition before 1.72 allows remote attackers to cause a denial of service (service crash) via unspecified vectors involving the EXAMINE command.

5.0
2006-02-01 CVE-2006-0487 Tumbleweed Remote Security vulnerability in Tumbleweed Mailgate Email Firewall 6.0/6.1/6.2

Multiple unspecified vulnerabilities in Tumbleweed MailGate Email Firewall (EMF) 6.x allow remote attackers to (1) trigger temporarily incorrect processing of an e-mail message under "extremely heavy loads" and (2) cause an "increased number of missed spam" during "spam outbreaks."

5.0
2006-01-31 CVE-2006-0484 Elido Directory Traversal vulnerability in Elido Face Control

Directory traversal vulnerability in Vis.pl, as part of the FACE CONTROL product, allows remote attackers to read arbitrary files via a ..

5.0
2006-01-31 CVE-2006-0481 Greg Roelofs Buffer Errors vulnerability in Greg Roelofs Libpng 1.2.7

Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip alpha channels out of the image.

5.0
2006-01-31 CVE-2006-0475 Theworldsend NET Denial-Of-Service vulnerability in Theworldsend.Net PHP-Ping 1.3

PHP-Ping 1.3 does not properly validate ping counts, which allows remote attackers to cause a denial of service (ping flood) via a negative count parameter.

5.0
2006-01-31 CVE-2006-0467 Pioneers Buffer Denial Of Service vulnerability in Pioneers 0.9.49

Unspecified vulnerability in Pioneers (formerly gnocatan) before 0.9.49 allows remote attackers to cause a denial of service (application crash) via long chat messages.

5.0
2006-02-04 CVE-2006-0539 Thibault Godouet Local Buffer Overflow vulnerability in Thibault Godouet Fcron 3.0.0

The convert-fcrontab program in fcron 3.0.0 might allow local users to gain privileges via a long command-line argument, which causes Linux glibc to report heap memory corruption, possibly because a strcpy in the strdup2 function can "overwrite some data."

4.6
2006-02-02 CVE-2006-0525 Adobe Permissions, Privileges, and Access Controls vulnerability in Adobe products

Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator CS2, and (3) Adobe Help Center, install a large number of .EXE and .DLL files with write-access permission for the Everyone group, which allows local users to gain privileges via Trojan horse programs.

4.6
2006-02-01 CVE-2006-0489 Khaled Mardam BEY Unspecified vulnerability in Khaled Mardam-Bey Mirc 6.16

** DISPUTED ** Buffer overflow in the font command of mIRC, probably 6.16, allows local users to execute arbitrary code via a long string.

4.6
2006-02-01 CVE-2006-0486 Cisco Local Security vulnerability in Cisco IOS 12.2(25)S/12.3T/12.4

Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770.

4.6
2006-02-01 CVE-2006-0485 Cisco Unspecified vulnerability in Cisco IOS

The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may allow local users to execute IOS EXEC commands that were prohibited via the AAA configuration, aka Bug ID CSCeh73049.

4.6
2006-01-31 CVE-2006-0043 Suse Remote Buffer Overflow vulnerability in NFS-SERVER

Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests and symlinks.

4.6
2006-02-04 CVE-2006-0541 Tachyon Input Validation vulnerability in Tachyon Vanilla Guestbook 1.0Beta

Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "posting new messages."

4.3
2006-02-04 CVE-2006-0536 Neomail Cross-Site Scripting vulnerability in Neomail 1.27

Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.

4.3
2006-02-04 CVE-2006-0535 Communityserver ORG Cross-Site Scripting vulnerability in Communityserver.Org Community Server

Multiple cross-site scripting (XSS) vulnerabilities in Community Server allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

4.3
2006-02-04 CVE-2006-0534 Cybershop Cross-Site Scripting vulnerability in CyberShop Ultimate E-commerce

Multiple cross-site scripting (XSS) vulnerabilities in default.asp in CyberShop Ultimate E-commerce allow remote attackers to inject arbitrary web script or HTML via the (1) ortak or (2) kat parameter.

4.3
2006-02-04 CVE-2006-0533 Cpanel Cross-Site Scripting vulnerability in Cpanel

Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter.

4.3
2006-02-04 CVE-2006-0532 Media2 CMS Cross-Site Scripting vulnerability in SoftMaker Shop

Cross-site scripting (XSS) vulnerability in resultat.asp in SoftMaker Shop allows remote attackers to inject arbitrary web script or HTML via a strSok parameter containing a javascript: URI in an IMG SRC attribute.

4.3
2006-02-02 CVE-2006-0524 Ashwebstudio Cross-Site Scripting vulnerability in Ashwebstudio Ashnews 0.83

Cross-site scripting (XSS) vulnerability in ashnews.php in Derek Ashauer ashNews 0.83 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2006-02-02 CVE-2006-0521 Browsercrm Cross-Site Scripting vulnerability in BrowserCRM Results.PHP

Cross-site scripting (XSS) vulnerability in results.php in BrowserCRM allows remote attackers to inject arbitrary web script or HTML via certain manipulations of the query parameter, as demonstrated using an IMG SRC tag.

4.3
2006-02-02 CVE-2006-0518 Spip Cross-Site Scripting vulnerability in SPIP Index.PHP3

Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

4.3
2006-02-01 CVE-2006-0511 Blackboard Unspecified vulnerability in Blackboard and Blackboard Academic Suite

** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges.

4.3
2006-02-01 CVE-2006-0509 Cerberus Cross-Site Scripting vulnerability in Cerberus Helpdesk 2.7/2.7.1Developmentrelease

Multiple cross-site scripting (XSS) vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2.7, allow remote attackers to inject arbitrary web script or HTML via (1) the contact_search parameter and (2) unspecified url fields.

4.3
2006-02-01 CVE-2006-0507 Easy CMS Cross-Site Scripting vulnerability in EasyCMS

Multiple cross-site scripting (XSS) vulnerabilities in Easy CMS allow remote attackers to inject arbitrary web script or HTML via (1) unknown attack vectors in the administrative interface and (2) input fields of the contact form.

4.3
2006-02-01 CVE-2006-0506 Nuked Klan Cross-Site Scripting vulnerability in Nuked-Klan 1.7

Cross-site scripting (XSS) vulnerability in index.php in Nuked-klaN 1.7 allows remote attackers to inject arbitrary web script or HTML via the letter parameter.

4.3
2006-02-01 CVE-2006-0501 Punctweb HTML Injection vulnerability in Punctweb Myco Guestbook 1.0

Cross-site scripting (XSS) vulnerability in MyCO Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the Name field, when registering a user.

4.3
2006-02-01 CVE-2006-0499 Yourboard Cross-Site Scripting vulnerability in Yourboard Rlink 1.0

Cross-site scripting (XSS) vulnerability in rlink.php in Rlink 1.0.0 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the url parameter.

4.3
2006-02-01 CVE-2006-0498 PHP GEN Cross-Site Scripting vulnerability in PHP GEN

Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before 1.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

4.3
2006-02-01 CVE-2006-0496 Mozilla Unspecified vulnerability in Mozilla Firefox and Mozilla

Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts.

4.3
2006-02-01 CVE-2006-0495 Mybulletinboard HTML Injection vulnerability in Mybulletinboard 1.0.2

Cross-site scripting (XSS) vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB (aka MyBulletinBoard) 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header ($url variable).

4.3
2006-02-01 CVE-2006-0494 Mybulletinboard Directory Traversal vulnerability in Mybulletinboard 1.0.2

Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 allows local users with MyBB administrative privileges to include and possibly execute arbitrary local files via directory traversal sequences and a nul (%00) character in the plugin parameter.

4.3
2006-02-01 CVE-2006-0493 Thomas Rybak HTML Injection vulnerability in Thomas Rybak MG2 0.5.1

Cross-site scripting (XSS) vulnerability in MG2 (formerly known as Minigal) 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field in a comment associated with a picture.

4.3
2006-01-31 CVE-2006-0480 Spaiz Cross-Site Scripting vulnerability in Spaiz Spaiz-Nuke CMS 0

Cross-site scripting (XSS) vulnerability in the Articles module in sPaiz-Nuke allows remote attackers to inject arbitrary web script or HTML via the query parameter in the search file.

4.3
2006-01-31 CVE-2006-0479 Pmwiki Input Validation vulnerability in Pmwiki 2.1Beta20

pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS).

4.3
2006-01-31 CVE-2006-0473 MY Little Homepage Unspecified vulnerability in MY Little Homepage MY Little Weblog 20040420

Cross-site scripting (XSS) vulnerability in the bbcode function in weblog.php in my little homepage my little weblog, as last modified in April 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags.

4.3
2006-01-31 CVE-2006-0472 MY Little Homepage Unspecified vulnerability in MY Little Homepage MY Little Guestbook 20040420

Cross-site scripting (XSS) vulnerability in guestbook.php in my little homepage my little guestbook, as last modified in March 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags.

4.3
2006-01-31 CVE-2006-0471 MY Little Homepage Unspecified vulnerability in MY Little Homepage MY Little Forum 20040420

Cross-site scripting (XSS) vulnerability in the bbcode function in functions.php in my little homepage my little forum, as last modified in June 2005, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags.

4.3
2006-01-31 CVE-2006-0470 Mybulletinboard Cross-Site Scripting vulnerability in MyBB

Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection.

4.3
2006-01-30 CVE-2006-0469 Uebimiau HTML Injection vulnerability in Uebimiau 2.7.9

Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG tag.

4.3

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-02-04 CVE-2006-0538 Ciphertrust Remote Denial Of Service vulnerability in CipherTrust IronMail

CipherTrust IronMail 5.0.1, when "Denial of Service Protection" is enabled, allows remote attackers to cause a denial of service (possibly CPU consumption) via a SYN flood with malformed TCP packets from multiple connections.

2.6
2006-02-02 CVE-2006-0516 SUN Denial Of Service vulnerability in SUN Solaris 10.0

Unspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors.

2.1
2006-02-02 CVE-2006-0512 Padl Software Local Security vulnerability in Padl Software Migrationtools 46

PADL MigrationTools 46 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the temporary files, which are not properly created by (1) migrate_all_online.sh, (2) migrate_all_offline.sh, (3) migrate_all_netinfo_online.sh, (4) migrate_all_netinfo_offline.sh, (5) migrate_all_nis_online.sh, (6) migrate_all_nis_offline.sh, (7) migrate_all_nisplus_online.sh, and (8) migrate_all_nisplus_offline.sh.

2.1
2006-02-01 CVE-2006-0488 Microsoft Denial-Of-Service vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

The VDM (Virtual DOS Machine) emulation environment for MS-DOS applications in Windows 2000, Windows XP SP2, and Windows Server 2003 allows local users to read the first megabyte of memory and possibly obtain sensitive information, as demonstrated by dumper.asm.

2.1
2006-01-31 CVE-2006-0482 Linux Local Denial Of Service vulnerability in Linux Kernel Get_Compat_Timespec and PTrace

Linux kernel 2.6.15.1 and earlier, when running on SPARC architectures, allows local users to cause a denial of service (hang) via a "date -s" command, which causes invalid sign extended arguments to be provided to the get_compat_timespec function call.

2.1