Weekly Vulnerabilities Reports > February 6 to 12, 2006
Overview
79 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 27 high severity vulnerabilities. This weekly summary report vulnerabilities in 60 products from 47 vendors including Hinton Design, QNX, SUN, Microsoft, and Jaia Interactive. Vulnerabilities are notably categorized as "Resource Management Errors", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", and "Cross-site Scripting".
- 62 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 76 reported vulnerabilities are exploitable by an anonymous user.
- Hinton Design has the most reported vulnerabilities, with 9 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
27 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-02-10 | CVE-2006-0645 | Free Software Foundation INC | Denial of Service vulnerability in GNUTLS LibTASN1 DER Decoding Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite. | 7.5 |
2006-02-10 | CVE-2006-0644 | CPG Nuke | Remote Command Execution vulnerability in Cpg-Nuke Dragonfly CMS 9.0.6.1 Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in (1) the newlang parameter and (2) the installlang parameter in a cookie, as demonstrated by using error.php to insert malicious code into a log file, or uploading a malicious .png file, which is then included using install.php. | 7.5 |
2006-02-10 | CVE-2006-0637 | Qualcomm | Remote Security vulnerability in Qualcomm Eudora Worldmail 3.0 Buffer overflow in cram.dll in QUALCOMM Eudora WorldMail 3.0 allows remote attackers to execute arbitrary code via an IMAP APPEND command with a long message literal argument, as demonstrated by Worldmail.pl. | 7.5 |
2006-02-10 | CVE-2006-0636 | Eyeos Project | Remote Command Execution vulnerability in EyeOS Session desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the _SESSION variable before calling the session_start function, which allows remote attackers to execute arbitrary PHP code and possibly conduct other attacks by modifying critical assumed-immutable variables, as demonstrated using PHP code in the _SESSION[apps][eyeOptions.eyeapp][wrapup] variable. | 7.5 |
2006-02-10 | CVE-2006-0628 | Dale RAY | Remote Security vulnerability in Dale RAY Myquiz 1.01 myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute arbitrary commands via shell metacharacters in the URL, which are not properly handled as part of the PATH_INFO environment variable. | 7.5 |
2006-02-09 | CVE-2006-0626 | Spip | SQL Injection vulnerability in Spip 1.8.2G SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter. | 7.5 |
2006-02-09 | CVE-2006-0624 | Webeveyn | SQL Injection vulnerability in Webeveyn Whomp! Real Estate Manager Login SQL injection vulnerability in check.asp in Whomp Real Estate Manager XP 2005 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | 7.5 |
2006-02-09 | CVE-2006-0611 | Atmail | Directory Traversal vulnerability in Atmail 4.3 Directory traversal vulnerability in compose.pl in @Mail 4.3 and earlier for Windows allows remote attackers to upload arbitrary files to arbitrary locations via a .. | 7.5 |
2006-02-09 | CVE-2006-0610 | 2200Net | SQL Injection vulnerability in 2200Net Calendar 1.2 Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, with gpc_magic_quotes disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the fm_data[id] parameter to calendar.php and (2) the $ad['acc'] variable in adminlogin.php. | 7.5 |
2006-02-08 | CVE-2006-0608 | Hinton Design | Input Validation And Authentication Bypass vulnerability in Hinton Design PHPhd 1.0 Multiple SQL injection vulnerabilities in Hinton Design phphd 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to check.php or (2) unknown attack vectors to scripts that display information from the database. | 7.5 |
2006-02-08 | CVE-2006-0607 | Hinton Design | Input Validation And Authentication Bypass vulnerability in Hinton Design PHPhd 1.0 check.php in Hinton Design phphd 1.0 does not check passwords when certain cookies are provided, which allows remote attackers to bypass authentication. | 7.5 |
2006-02-08 | CVE-2006-0606 | Unknown Domain | Input Validation vulnerability in Unknown Domain Shoutbox 20050721 SQL injection vulnerability in Unknown Domain Shoutbox 2005.07.21 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | 7.5 |
2006-02-08 | CVE-2006-0604 | Hinton Design | Input Validation vulnerability in Hinton Design PHPhg Guestbook 1.2 check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access. | 7.5 |
2006-02-08 | CVE-2006-0602 | Hinton Design | SQL Injection vulnerability in Hinton Design PHPhg Guestbook 1.2 Multiple SQL injection vulnerabilities in Hinton Design phphg Guestbook 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to check.php or the id parameter to (2) admin/edit_smilie.php, (3) admin/add_theme.php, (4) admin/ban_ip.php, (5) admin/add_lang.php, or (6) admin/edit_filter.php. | 7.5 |
2006-02-08 | CVE-2006-0592 | Lexmark | Remote Security vulnerability in Printer Sharing 8.29/9.41 Unspecified vulnerability in the Lexmark Printer Sharing LexBce Server Service (LexPPS), possibly 8.29 and 9.41, allows remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
2006-02-08 | CVE-2006-0588 | Jaia Interactive | SQL-Injection vulnerability in Jaia Interactive Mytopix 1.2.3 SQL injection vulnerability in search.php in MyTopix 1.2.3 allows remote attackers to execute arbitrary SQL commands via the (1) mid and (2) keywords parameters. | 7.5 |
2006-02-08 | CVE-2006-0583 | Clever Copy | SQL-Injection vulnerability in Clever Copy SQL injection vulnerability in mailarticle.php in Clever Copy 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
2006-02-08 | CVE-2006-0579 | Mplayer | Unspecified vulnerability in Mplayer Multiple integer overflows in (1) the new_demux_packet function in demuxer.h and (2) the demux_asf_read_packet function in demux_asf.c in MPlayer 1.0pre7try2 and earlier allow remote attackers to execute arbitrary code via an ASF file with a large packet length value. | 7.5 |
2006-02-07 | CVE-2006-0572 | Hinton Design | Input Validation vulnerability in Hinton Design PHPstatus 1.0 phpstatus 1.0 does not require passwords when using cookies to identify a user, which allows remote attackers to bypass authentication. | 7.5 |
2006-02-07 | CVE-2006-0570 | Hinton Design | Input Validation vulnerability in Hinton Design PHPstatus 1.0 Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magic_quotes is disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the username parameter in check.php and (2) unknown attack vectors in the administrative interface. | 7.5 |
2006-02-06 | CVE-2006-0565 | Gerrit VAN Aaken | Code Injection vulnerability in Gerrit VAN Aaken Loudblog 0.1/0.2/0.3 PHP remote file include vulnerability in inc/backend_settings.php in Loudblog 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the $GLOBALS[path] parameter. | 7.5 |
2006-02-06 | CVE-2006-0564 | Microsoft | Remote Security vulnerability in HTML Help Workshop Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Contents file field. | 7.5 |
2006-02-06 | CVE-2006-0563 | Pluggedout | SQL-Injection vulnerability in Pluggedout Blog 1.9.9C SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c allows remote attackers to execute arbitrary SQL commands via the entryid parameter in a comment_add action. | 7.5 |
2006-02-09 | CVE-2006-0623 | QNX | Local Privilege Escalation and Denial Of Service vulnerability in QNX Rtos 6.3.0 QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with world-writable permissions, which allows local users to modify the file and execute arbitrary code at system startup. | 7.2 |
2006-02-09 | CVE-2006-0621 | QNX | Local Privilege Escalation and Denial Of Service vulnerability in QNX Rtos 6.2.0 Multiple buffer overflows in QNX Neutrino RTOS 6.2.0 allow local users to execute arbitrary code via a long first argument to the (1) su or (2) passwd commands. | 7.2 |
2006-02-08 | CVE-2006-0577 | Lexmark | Local Privilege Escalation vulnerability in Lexmark X1185 Lexmark X1185 printer allows local users to gain SYSTEM privileges by navigating to the "Appearance" dialog and selecting the "Additional styles (skins) are available on the Lexmark web site" option, which launches a web browser that is running with SYSTEM privileges. | 7.2 |
2006-02-08 | CVE-2006-0576 | Maynard Johnson | Local Privilege Escalation vulnerability in OProfile OPControl Path Specification Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. | 7.2 |
47 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-02-10 | CVE-2006-0638 | Mybulletinboard | SQL Injection vulnerability in Mybulletinboard 1.0.3 SQL injection vulnerability in moderation.php in MyBB (aka MyBulletinBoard) 1.0.3 allows remote authenticated users, with certain privileges for moderating and merging posts, to execute arbitrary SQL commands via the posts parameter. | 6.5 |
2006-02-08 | CVE-2006-0581 | Hosting Controller | SQL-Injection vulnerability in Hosting Controller Hosting Controller 6.1Hotfix2.8 SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 allows remote authenticated users to execute arbitrary SQL commands via the (1) GatewayID parameter in an add action in AddGatewaySettings.asp and (2) IP parameter in IPManager.asp. | 6.5 |
2006-02-10 | CVE-2006-0633 | Invisionpower | Improper Authentication vulnerability in Invisionpower Invision Power Board 2.1.4 The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests. | 6.4 |
2006-02-10 | CVE-2006-0632 | Phpbb Group | Remote Security vulnerability in phpBB The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts. | 6.4 |
2006-02-09 | CVE-2006-0625 | Spip | Remote Command Execution vulnerability in Spip 1.8.2D/1.8.2E/1.8.2G Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3. | 6.4 |
2006-02-09 | CVE-2006-0614 | SUN | Unspecified vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue." | 6.4 |
2006-02-08 | CVE-2006-0603 | Hinton Design | Cross-Site Scripting vulnerability in Hinton Design PHPhg Guestbook 1.2 Multiple cross-site scripting vulnerabilities in signed.php in Hinton Design phphg Guestbook 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) location, (2) website, or (3) message parameter. | 6.4 |
2006-02-09 | CVE-2006-0620 | QNX | Local Privilege Escalation and Denial Of Service vulnerability in QNX Rtos 6.2.1/6.2.1A/6.2.1B Race condition in phfont in QNX Neutrino RTOS 6.2.1 allows local users to execute arbitrary code via unspecified manipulations of the PHFONT and PHOTON2_PATH environment variables. | 6.2 |
2006-02-10 | CVE-2006-0642 | Trend Micro | Unspecified vulnerability in Trend Micro products Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Security Suite and InterScan Web Security Suite, have a default configuration setting of "Do not scan compressed files when Extracted file count exceeds 500 files," which may be too low in certain circumstances, which allows remote attackers to bypass anti-virus checks by sending compressed archives containing many small files. | 5.1 |
2006-02-10 | CVE-2006-0629 | AOL | Denial-Of-Service vulnerability in AOL Instant Messenger 5.9.3861 Unspecified vulnerability in AOL Instant Messenger (AIM) 5.9.3861 allows user-assisted remote attackers to cause a denial of service (client crash) and possibly execute arbitrary code by tricking the user into requesting Buddy Info about a long screen name, which might cause a buffer overflow. | 5.1 |
2006-02-10 | CVE-2006-0631 | Erik C Thauvin | Remote Security vulnerability in Mailback CRLF injection vulnerability in mailback.pl in Erik C. | 5.0 |
2006-02-10 | CVE-2006-0630 | Ritlabs | Unspecified vulnerability in Ritlabs the BAT RITLabs The Bat! before 3.0.0.15 displays certain important headers from encapsulated data in message/partial MIME messages, instead of the real headers, which is in violation of RFC2046 header merging rules and allows remote attackers to spoof the origin of e-mail by sending a fragmented message, as demonstrated using spoofed Received: and Message-ID: headers. | 5.0 |
2006-02-08 | CVE-2006-0590 | Jaia Interactive | Remote Security vulnerability in Jaia Interactive Mytopix 1.2.3 MyTopix 1.2.3 allows remote attackers to obtain the installation path via an invalid hl parameter to index.php, which leads to path disclosure, possibly related to invalid SQL syntax. | 5.0 |
2006-02-08 | CVE-2006-0589 | Jaia Interactive | Remote Security vulnerability in Jaia Interactive Mytopix 1.2.3 MyTopix 1.2.3 allows remote attackers to obtain the installation path via a direct request to logon.mod.php, which leaks the path in an error message. | 5.0 |
2006-02-08 | CVE-2006-0585 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (application crash) via a Shockwave Flash object that contains ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, which triggers a null dereference. | 5.0 |
2006-02-08 | CVE-2006-0580 | IBM | Denial of Service vulnerability in IBM Lotus Domino Server 7.0 IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted packet to the LDAP port (389/TCP). | 5.0 |
2006-02-07 | CVE-2006-0575 | Thibault Godouet | Directory Traversal vulnerability in Fcron Convert-FCronTab convert-fcrontab in Fcron 2.9.5 and 3.0.0 allows remote attackers to create or overwrite arbitrary files via ".." sequences and a symlink attack on the temporary file that is used during conversion. | 5.0 |
2006-02-07 | CVE-2006-0567 | Curtis Farnham | Directory Traversal vulnerability in Curtis Farnham Files Xaraya Module 0.3.0/0.4.0 Directory traversal vulnerability in Files Xaraya module before 0.5.1, when the Archive Directory field on the Modify Config page is blank, allows remote attackers to access files outside of the web root via ".." (dot dot) sequences. | 5.0 |
2006-02-07 | CVE-2006-0454 | Linux | Resource Management Errors vulnerability in Linux Kernel Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ICMP response in icmp_send, does not properly handle when the ip_options_echo function in icmp.c fails, which allows remote attackers to cause a denial of service (crash) via vectors such as (1) record-route and (2) timestamp IP options with the needaddr bit set and a truncated value. | 5.0 |
2006-02-06 | CVE-2006-0566 | Communigate | Denial-Of-Service vulnerability in Communigate PRO Core Server 5.0.7 The LDAP component in CommuniGate Pro Core Server 5.0.7 allows remote attackers to cause a denial of service (application crash) via LDAP messages that contain Distinguished Names (DN) fields with a large number of elements. | 5.0 |
2006-02-06 | CVE-2006-0513 | IBM | Directory Traversal vulnerability in IBM Tivoli Access Manager for E-Business 5.1.0.10/6.0.0 Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Access Manager (TAM) 5.1 allows remote attackers to read arbitrary files via a .. | 5.0 |
2006-02-06 | CVE-2006-0438 | Phpbb Group | Cross-Site Request Forgery vulnerability in phpBB Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php. | 5.0 |
2006-02-09 | CVE-2006-0622 | QNX | Resource Management Errors vulnerability in QNX Rtos 6.3.0 QNX Neutrino RTOS 6.3.0 allows local users to cause a denial of service (hang) by supplying a "break *0xb032d59f" command to gdb. | 4.9 |
2006-02-10 | CVE-2006-0635 | Fabrice Bellard | Local Security vulnerability in Fabrice Bellard Tiny C Compiler 0.9.23 Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the "i>sizeof(int)" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers. | 4.6 |
2006-02-10 | CVE-2006-0634 | Borland Software | Local Security vulnerability in Borland Software C++ Builder 6 Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise edition (ent_upd4) evaluates the "i>sizeof(int)" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers. | 4.6 |
2006-02-09 | CVE-2006-0619 | QNX | Buffer Errors vulnerability in QNX Rtos 6.3.0 Multiple stack-based buffer overflows in QNX Neutrino RTOS 6.3.0 allow local users to execute arbitrary code via long (1) ABLPATH or (2) ABLANG environment variables in the libAP library (libAp.so.2) or (3) a long PHOTON_PATH environment variable to the setitem function in the libph library. | 4.6 |
2006-02-09 | CVE-2006-0618 | QNX | Local Privilege Escalation and Denial Of Service vulnerability in QNX Neutrino Rtos 6.3.0 Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 allows local users to execute arbitrary code via format string specifiers in the zeroth argument (program name). | 4.6 |
2006-02-09 | CVE-2006-0612 | Powersave | Local Privilege Escalation vulnerability in Powersave Powersave daemon before 0.10.15.2 allows local users to gain privileges (unauthorized access to an X session) via unspecified vectors. | 4.6 |
2006-02-11 | CVE-2006-0646 | Suse | Unspecified vulnerability in Suse Linux ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other users via by running an ld-linked application from the current directory, which could contain an attacker-controlled library file. | 4.4 |
2006-02-10 | CVE-2006-0643 | Wiredred | HTML Injection vulnerability in Wiredred E POP web Conferencing 4.1.0.755 Cross-site scripting (XSS) vulnerability in WiredRed e/pop Web Conferencing 4.1.0.755 allows remote authenticated users to inject arbitrary web script or HTML via the topic name of a conference. | 4.3 |
2006-02-10 | CVE-2006-0639 | Mybulletinboard | Cross-Site Scripting vulnerability in Mybulletinboard 1.0.2 Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka MyBulletinBoard) 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonstrated by %3Cscript%3E. | 4.3 |
2006-02-09 | CVE-2006-0627 | Clever Copy | HTML Injection vulnerability in Clever Copy Clever Copy 2.0/2.0A/23.0 Cross-site scripting (XSS) vulnerability in Clever Copy 2.0, 2.0a, and 3.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Referer or (2) X-Forwarded-For headers in an HTTP request, which are not properly handled when the administrator accesses Site Stats. | 4.3 |
2006-02-08 | CVE-2006-0609 | Hinton Design | Input Validation And Authentication Bypass vulnerability in Hinton Design PHPhd 1.0 Cross-site scripting (XSS) vulnerability in add.php in Hinton Design phphd 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2006-02-08 | CVE-2006-0605 | Unknown Domain | Input Validation vulnerability in Unknown Domain Shoutbox 20050721 Multiple cross-site scripting (XSS) vulnerabilities in Unknown Domain Shoutbox 2005.07.21 allow remote attackers to inject arbitrary web script or HTML, possibly via the (1) Handle or (2) Message fields. | 4.3 |
2006-02-08 | CVE-2006-0023 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows XP Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit. | 4.3 |
2006-02-08 | CVE-2006-0593 | PHP Fusion | Cross-Site Scripting vulnerability in PHP-Fusion Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) comments field in comments_include.php. | 4.3 |
2006-02-07 | CVE-2006-0574 | Cpanel | Cross-Site Scripting vulnerability in Cpanel 10 Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type. | 4.3 |
2006-02-07 | CVE-2006-0573 | Cpanel | Cross-Site Scripting vulnerability in cPanel Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to (a) editquota.html or (b) dodelpop.html; (2) showtree parameter to (c) diskusage.html; or the (3) mon, (4) year, (5) target, or (6) domain parameter to (d) stats/detailbw.html. | 4.3 |
2006-02-07 | CVE-2006-0571 | Hinton Design | Input Validation vulnerability in Hinton Design PHPstatus 1.0 Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface. | 4.3 |
2006-02-07 | CVE-2006-0569 | Papoo | Cross-Site Scripting vulnerability in Papoo Cross-site scripting (XSS) vulnerability in user_class.php in Papoo 2.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username field during the registration of a new account. | 4.3 |
2006-02-07 | CVE-2006-0568 | Outblaze | Cross-Site Scripting vulnerability in Outblaze Cross-site scripting (XSS) vulnerability in throw.main in Outblaze allows remote attackers to inject arbitrary web script or HTML via the file parameter. | 4.3 |
2006-02-06 | CVE-2006-0562 | Pluggedout | Cross-Site Scripting vulnerability in Pluggedout Blog 1.9.9C Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut Blog 1.9.9c allows remote attackers to inject arbitrary web script or HTML via the data parameter. | 4.3 |
2006-02-06 | CVE-2006-0437 | Phpbb Group | Cross-Site Scripting vulnerability in phpBB Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters. | 4.3 |
2006-02-09 | CVE-2006-0617 | SUN | Unspecified vulnerability in SUN JDK and JRE Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 5 and earlier allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fifth, sixth, and seventh issues." | 4.0 |
2006-02-09 | CVE-2006-0616 | SUN | Unspecified vulnerability in SUN JDK and JRE Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and earlier allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue." | 4.0 |
2006-02-09 | CVE-2006-0615 | SUN | Unspecified vulnerability in SUN Jdk, JRE and SDK Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and earlier, SDK and JRE 1.4.x through 1.4.2_09 allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "second and third issues." | 4.0 |
2006-02-09 | CVE-2006-0613 | SUN | Unspecified vulnerability in SUN J2Se Unspecified vulnerability in Java Web Start after 1.0.1_02, as used in J2SE 5.0 Update 5 and earlier, allows remote attackers to obtain privileges via unspecified vectors involving untrusted applications. | 4.0 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-02-10 | CVE-2006-0641 | Orbicule | Information Disclosure vulnerability in Undercover Orbicule Undercover uses a third-party web server to determine the IP address through which the computer is accessing the Internet, but does not document this third-party disclosure, which leads to a potential privacy leak that might allow transmission of sensitive information to an unintended remote destination. | 2.6 |
2006-02-10 | CVE-2006-0640 | Orbicule | Denial-Of-Service vulnerability in Undercover Orbicule Undercover allows attackers with physical or root access to disable the protection by using the chmod command to change the permissions of the /private/etc/uc.app/Contents/MacOS/uc file, which prevents the service from being started in LaunchDaemon. | 2.1 |
2006-02-08 | CVE-2006-0584 | Peoplesoft | Unspecified vulnerability in Peoplesoft Peopletools The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 with a fixed DES key to store user passwords, which makes it easier for local users to guess passwords using a dictionary attack that compares output strings. | 2.1 |
2006-02-08 | CVE-2006-0582 | KTH | Local Privilege Escalation vulnerability in Heimdal RSHD Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors. | 2.1 |
2006-02-08 | CVE-2006-0591 | Solar Designer | Cryptographic Issues vulnerability in Solar Designer Crypt Blowfish 0.4.7 The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions. | 1.2 |