Weekly Vulnerabilities Reports > February 13 to 19, 2006

Overview

160 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 45 high severity vulnerabilities. This weekly summary report vulnerabilities in 137 products from 106 vendors including Microsoft, IBM, Stefan Ritt, Imagevue, and Virtual Hosting Control System. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "SQL Injection", "Cross-site Scripting", and "Code Injection".

  • 152 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 152 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

11 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-02-19 CVE-2006-0789 Kyocera Remote Security vulnerability in Fs-3830N

Certain unspecified Kyocera printers have a default "admin" account with a blank password, which allows remote attackers to access an administrative menu via a telnet session.

10.0
2006-02-18 CVE-2006-0751 Noofs Team Remote Security vulnerability in Noofs Team Network Object Oriented File System 0.7/0.8/0.8.1

Multiple unspecified vulnerabilities in the (1) Filesystem in USErspace (FUSE) client and (2) NOOFS daemon in in Network Object Oriented File System (NOOFS) before 0.9.0 have unspecified impact and attack vectors.

10.0
2006-02-15 CVE-2006-0698 ZEN Cart SQL-Injection vulnerability in Zen Cart

Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection.

10.0
2006-02-15 CVE-2006-0697 ZEN Cart Permissions, Privileges, and Access Controls vulnerability in Zen-Cart ZEN Cart

Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests.

10.0
2006-02-15 CVE-2006-0686 Virtual Hosting Control System Input Validation And Access Validation vulnerability in Virtual Hosting Control System

add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not check user privileges when adding a new administrative user, which allows remote attackers to gain unauthorized access.

10.0
2006-02-15 CVE-2006-0685 Virtual Hosting Control System Input Validation And Access Validation vulnerability in Virtual Hosting Control System

The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access.

10.0
2006-02-13 CVE-2006-0672 HP Unspecified vulnerability in HP PSC 1210 All-in-One Driver

Unspecified vulnerability in HP PSC 1210 All-in-One Drivers before 1.0.06 has unknown impact and attack vectors.

10.0
2006-02-13 CVE-2006-0665 Mantis Cross-Site Scripting vulnerability in Mantis Config_Defaults_Inc.PHP

Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors.

10.0
2006-02-15 CVE-2006-0708 Nullsoft Denial of Service vulnerability in Nullsoft Winamp M3U File

Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476.

9.3
2006-02-14 CVE-2006-0006 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.

9.3
2006-02-14 CVE-2006-0005 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute.

9.3

45 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-02-19 CVE-2006-0797 Nokia Remote Denial of Service vulnerability in Nokia N70 L2CAP Packets

Nokia N70 cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet, possibly triggering a buffer overflow, as demonstrated using the Bluetooth Stack Smasher (BSS).

7.8
2006-02-14 CVE-2006-0453 Redhat Remote Denial Of Service vulnerability in Redhat Fedora Core 1.0

The LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (crash) via a certain "bad BER sequence" that results in a free of uninitialized memory, as demonstrated using the ProtoVer LDAP test suite.

7.8
2006-02-14 CVE-2006-0021 Microsoft Buffer Errors vulnerability in Microsoft Windows 2003 Server and Windows XP

Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."

7.8
2006-02-14 CVE-2006-0677 KTH Denial Of Service vulnerability in Heimdal TelnetD

telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows remote unauthenticated attackers to cause a denial of service (server crash) via unknown vectors that trigger a null dereference.

7.8
2006-02-13 CVE-2006-0671 Sony Ericsson Phones Remote Denial of Service vulnerability in Sony Ericsson

Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet.

7.8
2006-02-13 CVE-2006-0046 Cameron Simpson Remote Denial of Service vulnerability in Adzapper Squid_Redirect URI Handling

squid_redirect script in adzapper before 2006-01-29 allows remote attackers to cause a denial of service (CPU consumption) via a URL with a large number of trailing / (forward slashes), which might produce inefficient regular expressions.

7.8
2006-02-19 CVE-2006-0791 Dreamcost Remote File Include vulnerability in Dreamcost Hostadmin 3.0

PHP remote file inclusion vulnerability in index.php in DreamCost HostAdmin allows remote attackers to include arbitrary files via the $path variable, which is not initialized before use.

7.5
2006-02-19 CVE-2006-0782 Perlblog Input Validation and Information Disclosure vulnerability in Perlblog 1.08/1.09/1.09B

Unspecified vulnerability in weblog.pl in PerlBlog 1.09b and earlier allows remote attackers to create arbitrary files and possibly execute arbitrary code via unspecified attack vectors related to improper handling of (1) the reply parameter, possibly involving injection of (2) the name parameter and (3) the body parameter.

7.5
2006-02-19 CVE-2006-0778 XMB Forum Unspecified vulnerability in XMB Forum XMB

Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) $u2u_select array parameter to u2u.inc.php and (2) $val variable (fidpw0 cookie value) in today.php.

7.5
2006-02-19 CVE-2006-0777 Teca Scripts Input Validation vulnerability in Teca Scripts Guestex 1.0

Unspecified vulnerability in guestex.pl in Teca Scripts Guestex 1.0 allows remote attackers to execute arbitrary shell commands via the email parameter, possibly involving shell metacharacters.

7.5
2006-02-19 CVE-2006-0775 Ridder Roeland SQL Injection vulnerability in Ridder Roeland Birthsys 3.1

Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 allow remote attackers to execute arbitrary SQL commands via the $month variable.

7.5
2006-02-19 CVE-2006-0774 Lawrence Osiris SQL Injection vulnerability in Lawrence Osiris DB_eSession Class

SQL injection vulnerability in deleteSession() in DB_eSession library 1.0.2 and earlier, as used in multiple products, allows remote attackers to execute arbitrary SQL commands via the $_sess_id_set variable, which is usually derived from PHPSESSID.

7.5
2006-02-19 CVE-2006-0772 Hitachi SQL Injection vulnerability in Hitachi Business Logic 0203/0300

SQL injection vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to execute arbitrary SQL commands via unspecified vectors in the extended receiving box function.

7.5
2006-02-18 CVE-2006-0759 Hivemail Unspecified vulnerability in Hivemail

Multiple SQL injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts; and allow remote authenticated users to execute arbitrary SQL commands via (11) the folderid parameter in index.php and (12) possibly other parameters in certain other scripts, because $_SERVER['PHP_SELF'] is improperly handled.

7.5
2006-02-18 CVE-2006-0757 Hivemail Unspecified vulnerability in Hivemail

Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts, as demonstrated by an addressbook.update.php request with a contactgroupid value of phpinfo() preceded by facilitators.

7.5
2006-02-18 CVE-2006-0750 Supersmashbrothers SQL Injection vulnerability in Supersmashbrothers Army System 2.1.0Foripb

SQL injection vulnerability in army.php in supersmashbrothers (SSB) Army System 2.1.0 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the userstat parameter in an army action to index.php.

7.5
2006-02-17 CVE-2006-0460 Bomberclone Buffer Overflow vulnerability in BomberClone Error Messages

Multiple buffer overflows in BomberClone before 0.11.6.2 allow remote attackers to execute arbitrary code via long error messages.

7.5
2006-02-16 CVE-2006-0679 Francisco Burzi SQL Injection vulnerability in Francisco Burzi PHP-Nuke EV 7.8

SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field).

7.5
2006-02-16 CVE-2006-0729 Teca Scripts SQL Injection vulnerability in Teca Scripts Teca Diary Personal1.0

SQL injection vulnerability in functions.php in Teca Diary PE 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) yy, (2) mm, and (3) dd parameters.

7.5
2006-02-16 CVE-2006-0728 Webspell SQL Injection vulnerability in WebSPELL Search.PHP

SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the title_op parameter.

7.5
2006-02-16 CVE-2006-0727 Musox SQL Injection vulnerability in Musox DF Msanalysis 1.0.1

SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFMSA), as used in some environments that use CPG-Nuke Dragonfly CMS, allows remote attackers to trigger path disclosure from a SQL syntax error, and possibly execute arbitrary SQL commands, via certain query data, probably involving the profile name.

7.5
2006-02-16 CVE-2006-0721 Runcms SQL Injection vulnerability in Runcms 1.2/1.3A/1.3A2

SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allows remote attackers to execute arbitrary SQL commands via the to_userid parameter.

7.5
2006-02-15 CVE-2006-0719 Deltascripts SQL Injection vulnerability in Deltascripts PHP Classifieds 6.18/6.19/6.20

SQL injection vulnerability in member_login.php in PHP Classifieds 6.18 through 6.20 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter, which is used by the E-mail address field, and (2) password parameter.

7.5
2006-02-15 CVE-2006-0716 Solucija Input Validation vulnerability in Solucija Snews 1.3

SQL injection vulnerability in index.php in sNews 1.3 allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters.

7.5
2006-02-15 CVE-2006-0710 Isode Buffer Errors vulnerability in Isode M-Vault Server 11.3

Double free vulnerability in isode.eddy in Isode M-Vault Server 11.3 allows remote attackers to execute arbitrary code via a crafted LDAP request, as demonstrated by ProtoVer Sample LDAP.

7.5
2006-02-15 CVE-2006-0709 Metamail Corporation Remote Buffer Overflow vulnerability in Metamail Corporation Metamail 2.7.50

Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via e-mail messages with a long boundary attribute, a different vulnerability than CVE-2004-0105.

7.5
2006-02-15 CVE-2006-0696 ZEN Cart SQL-Injection vulnerability in Zen Cart

SQL injection vulnerability in Zen Cart before 1.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2006-02-15 CVE-2006-0695 Ansilove Input Validation vulnerability in Ansilove 1.01/1.02

Ansilove before 1.03 does not filter uploaded file extensions, which allows remote attackers to execute arbitrary code by uploading arbitrary files with dangerous extensions, then accessing them directly in the upload directory.

7.5
2006-02-15 CVE-2006-0693 Roberto Butti SQL Injection vulnerability in CALimba RB_auth.PHP

Multiple SQL injection vulnerabilities in rb_auth.php in Roberto Butti CALimba 0.99.2 beta and earlier allow remote attackers to execute arbitrary SQL commands and bypass login authentication via the (1) login and (2) password parameters.

7.5
2006-02-15 CVE-2006-0692 Carey Briggs SQL Injection vulnerability in Carey Briggs PHP Mysql Timesheet 1/2

Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL Timesheet 1 and 2 allow remote attackers to execute arbitrary SQL commands via the (1) yr, (2) month, (3) day, and (4) job parameters in (a) index.php and (b) changehrs.php.

7.5
2006-02-15 CVE-2006-0690 Scheduling Management COM Input Validation vulnerability in Scheduling Management.Com Time Tracking Software 3.0

Multiple SQL injection vulnerabilities in TTS Time Tracking Software 3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2006-02-15 CVE-2006-0688 Nicecoder Remote File Include vulnerability in Nicecoder Indexu 5.0.0/5.0.1

PHP remote file include vulnerability in application.php in nicecoder.com indexu 5.0.0 and 5.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.

7.5
2006-02-15 CVE-2006-0684 Virtual Hosting Control System Input Validation And Access Validation vulnerability in Virtual Hosting Control System

change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access.

7.5
2006-02-15 CVE-2006-0681 Power Daemon Remote Format String vulnerability in PowerD

Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the WHATIDO variable.

7.5
2006-02-13 CVE-2006-0673 Reamday Enterprises SQL Injection vulnerability in Reamday Enterprises Magic Calendar Lite 1.02

Multiple SQL injection vulnerabilities in cms/index.php in Magic Calendar Lite 1.02, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) $total_login and (2) $total_password parameter.

7.5
2006-02-13 CVE-2006-0669 Gasoft SQL Injection vulnerability in GA's Forum Light Archive.ASP

** DISPUTED ** Multiple SQL injection vulnerabilities in archive.asp in GA's Forum Light allow remote attackers to execute arbitrary SQL commands via the (1) Forum and (2) pages parameter.

7.5
2006-02-13 CVE-2006-0668 Pwsphp SQL Injection vulnerability in Pwsphp 1.2.3

SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in message.php in the espace_membre module.

7.5
2006-02-13 CVE-2006-0654 Hinton Design Input Validation vulnerability in Hinton Design PHPht Topsites 1.3

check.php in Hinton Design phpht Topsites 1.3 does not validate passwords when using cookies, which allows remote attackers to bypass authentication via unspecified cookies.

7.5
2006-02-13 CVE-2006-0653 Hinton Design Input Validation vulnerability in Hinton Design PHPht Topsites 1.3

Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites 1.3 allow remote attackers to execute arbitrary SQL commands via multiple vectors including the username parameter.

7.5
2006-02-13 CVE-2006-0651 Vwdev SQL Injection vulnerability in vwdev

SQL injection vulnerability in index.php in vwdev allows remote attackers to execute arbitrary SQL commands via the UID parameter in the definition Page.

7.5
2006-02-13 CVE-2006-0598 Stefan Ritt Remote vulnerability in ELOG Web Logbook

Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows attackers to execute code via unspecified variables, when writing to the log file.

7.5
2006-02-13 CVE-2006-0597 Stefan Ritt Remote vulnerability in ELOG Web Logbook

Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 r1558-4 allow attackers to cause a denial of service (application crash) and possibly execute code via long "revision attributes".

7.5
2006-02-13 CVE-2006-0056 PAM Mysql Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pam-Mysql

Double free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted passwords, which lead to a double free of a pointer that was created by the pam_get_item function.

7.5
2006-02-18 CVE-2006-0769 SUN Local Privilege Escalation vulnerability in SUN Solaris 10.0

Unspecified vulnerability in in.rexecd in Solaris 10 allows local users to gain privileges on Kerberos systems via unknown attack vectors.

7.2
2006-02-14 CVE-2006-0008 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Office, Windows 2003 Server and Windows XP

The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.

7.2

93 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-02-16 CVE-2006-0725 Plume CMS Code Injection vulnerability in Plume-Cms Plume CMS 1.0.2

PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter.

6.8
2006-02-13 CVE-2006-0659 Runcms Code Injection vulnerability in Runcms 1.1/1.1A

Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php.

6.8
2006-02-15 CVE-2006-0705 Attachmatewrq
F Secure
USE of Externally-Controlled Format String vulnerability in multiple products

Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command.

6.5
2006-02-14 CVE-2006-0553 Postgresql Permissions, Privileges, and Access Controls vulnerability in Postgresql 8.1.0/8.1.1/8.1.2

PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to gain additional privileges via "knowledge of the backend protocol" using a crafted SET ROLE to other database users, a different vulnerability than CVE-2006-0678.

6.5
2006-02-14 CVE-2006-0013 Microsoft Buffer Overflow vulnerability in Microsoft Windows 2003 Server and Windows XP

Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.

6.5
2006-02-13 CVE-2006-0652 Whmcompletesolution Information Disclosure vulnerability in Whmcompletesolution 2.0/2.1/2.2

WHMCompleteSolution (WHMCS) before 2.3 assigns incorrect permissions to "resellers", which allows remote authenticated users to perform privileged actions or obtain sensitive information.

6.5
2006-02-19 CVE-2006-0785 Phpkit File-Upload vulnerability in PHPKIT

Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to include and execute arbitrary local files via a direct request with a path parameter with a null character and beginning with (1) '/' (slash) for an absolute pathname or (2) a drive letter (such as "C:"), which bypasses checks for ".." sequences and trailing ".php" extensions.

6.4
2006-02-18 CVE-2006-0771 Even Balance USE of Externally-Controlled Format String vulnerability in Even Balance Punkbuster

Format string vulnerability in PunkBuster 1.180 and earlier, as used by Soldier of Fortune II and possibly other games, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in invalid cvar values, which are not properly handled when the server kicks the player and records the reason.

6.4
2006-02-16 CVE-2006-0732 SAP Remote Arbitrary File Access And Deletion vulnerability in SAP Business Connector 4.6/4.7

Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle.

6.4
2006-02-13 CVE-2006-0660 Farsinews Directory Traversal and Local File Include vulnerability in Farsinews 2.1/2.1Beta2/2.5

Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php.

6.4
2006-02-19 CVE-2006-0798 Macallan Directory Traversal vulnerability in Macallan Mail Solution IMAP Commands

Multiple directory traversal vulnerabilities in the IMAP service in Macallan Mail Solution before 4.8.05.004 allow remote authenticated users to read e-mails of other users or create, modify, or delete directories via a ..

5.5
2006-02-19 CVE-2006-0786 Phpkit Remote Security vulnerability in PHPKIT

Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allow_url_fopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a (1) UNC share or (2) ftps URL, which bypasses the check for "http://", "ftp://", and "https://" URLs.

5.1
2006-02-18 CVE-2006-0766 Mirabilis Unspecified vulnerability in Mirabilis ICQ and ICQ Lite

ICQ Inc.

5.1
2006-02-18 CVE-2006-0765 Mirabilis Unspecified vulnerability in Mirabilis ICQ and ICQ Lite

GUI display truncation vulnerability in ICQ Inc.

5.1
2006-02-18 CVE-2006-0764 Cisco Products TACACS+ Authentication Bypass vulnerability in Cisco products

The Authentication, Authorization, and Accounting (AAA) capability in versions 5.0(1) and 5.0(3) of the software used by multiple Cisco Anomaly Detection and Mitigation products, when running with an incomplete TACACS+ configuration without a "tacacs-server host" command, allows remote attackers to bypass authentication and gain privileges, aka Bug ID CSCsd21455.

5.1
2006-02-18 CVE-2006-0761 RIM Buffer Overflow vulnerability in BlackBerry Enterprise Server Malformed Word Attachment

Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device.

5.1
2006-02-18 CVE-2006-0755 Dotproject Remote File Include vulnerability in Dotproject 2.0/2.0.1

** DISPUTED ** Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, and (7) tasks/gantt.php; and the dPconfig[root_dir] parameter in (8) projects/gantt.php, (9) gantt2.php, and (10) vw_files.php.

5.1
2006-02-19 CVE-2006-0795 Thomastsoi Path Traversal vulnerability in Thomastsoi Quirex 2.0

Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 and earlier allows remote attackers to read arbitrary files, and possibly execute arbitrary code, via the (1) quiz_head, (2) quiz_foot, and (3) template variables.

5.0
2006-02-19 CVE-2006-0794 V Webmail Remote Security vulnerability in V-Webmail 1.6.1/1.6.2

help.php in V-webmail 1.6.2 allows remote attackers to obtain the installation path via unspecified invalid parameters.

5.0
2006-02-19 CVE-2006-0793 V Webmail Cross-Site Scripting vulnerability in V-Webmail 1.6.1/1.6.2

frameset.php in V-webmail 1.6.2 allows remote attackers to conduct phishing attacks by referencing arbitrary websites in the rframe parameter.

5.0
2006-02-19 CVE-2006-0790 Rockliffe Remote LDAP vulnerability in Rockliffe MailSite

Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a denial of service by sending crafted LDAP packets to port 389/TCP, as demonstrated by the ProtoVer LDAP testsuite.

5.0
2006-02-19 CVE-2006-0788 Kyocera Unspecified vulnerability in Kyocera Fs-3830N

Kyocera 3830 (aka FS-3830N) printers have a back door that allows remote attackers to read and alter configuration settings via strings that begin with "!R!SIOP0", as demonstrated using (1) a connection to to TCP port 9100 or (2) the UNIX lp command.

5.0
2006-02-19 CVE-2006-0784 D Link Denial Of Service vulnerability in D-Link DWL-G700AP HTTPD

D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments.

5.0
2006-02-19 CVE-2006-0781 Perlblog Input Validation and Information Disclosure vulnerability in Perlblog 1.08/1.09/1.09B

Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and earlier allows remote attackers to read certain files via the month parameter.

5.0
2006-02-18 CVE-2006-0768 Kadu Denial-Of-Service vulnerability in Kadu 0.4.3

Kadu 0.4.3 allows remote attackers to cause a denial of service (application crash) via a large number of image send requests.

5.0
2006-02-18 CVE-2006-0767 Nathan Neulinger Information Disclosure vulnerability in Nathan Neulinger CGIWrap

CGIWrap before 3.10 allows remote attackers to obtain sensitive information via unknown attack vectors that cause errors in scripts that reveal system information.

5.0
2006-02-18 CVE-2006-0042 Apache
Debian
Denial of Service vulnerability in Apache Libapreq2 Quadratic Behavior

Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.

5.0
2006-02-18 CVE-2006-0756 Dotproject Remote File Include vulnerability in Dotproject 2.0/2.0.1

** DISPUTED ** dotProject 2.0.1 and earlier leaves (1) phpinfo.php and (2) check.php accessible under the /docs/ directory after installation, which allows remote attackers to obtain sensitive configuration information.

5.0
2006-02-18 CVE-2006-0754 Dotproject Remote File Include vulnerability in Dotproject 2.0/2.0.1

** DISPUTED ** dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message.

5.0
2006-02-18 CVE-2006-0752 Niels Provos Remote Virtual Host Detection vulnerability in Honeyd IP Reassembly

Niels Provos Honeyd before 1.5 replies to certain illegal IP packet fragments that other IP stack implementations would drop, which allows remote attackers to identify IP addresses that are being simulated using honeyd.

5.0
2006-02-17 CVE-2006-0739 Estara Denial of Service vulnerability in eStara Softphone

eStara SIP softphone allows remote attackers to cause a denial of service (crash) via an INVITE request with a Content-Length field that has more than 9 digits.

5.0
2006-02-17 CVE-2006-0738 Estara Denial of Service vulnerability in eStara Softphone

Multiple format string vulnerabilities in eStara SIP softphone allow remote attackers to cause a denial of service (hang) via SIP INVITE requests with format string specifiers in the SDP session description, as demonstrated using (1) the field name, (2) the o field (owner/creator and session identifier), or (3) the m field (media name and transport address).

5.0
2006-02-17 CVE-2006-0737 Estara Denial of Service vulnerability in eStara Softphone

eStara SIP softphone allows remote attackers to cause a denial of service (crash) via a SIP OPTIONS request with a negative Expires field.

5.0
2006-02-16 CVE-2006-0730 Timo Sirainen Denial of Service vulnerability in Dovecot Double Free

Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login.

5.0
2006-02-15 CVE-2006-0718 Avaya Denial of Service vulnerability in Avaya VSU/CSU Products ISAKMP IKE Traffic

The Internet Key Exchange version 1 (IKEv1) implementation in Avaya VSU 100, 2000, 7500, 10000, and CSU 5000, when running IPSec, allows remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

5.0
2006-02-15 CVE-2006-0717 IBM LDAP Memory Corruption vulnerability in IBM Tivoli Directory Server 6.0

IBM Tivoli Directory Server 6.0 allows remote attackers to cause a denial of service (crash) via a crafted LDAP request, as demonstrated by test 2532 in the ProtoVer Sample LDAP test suite.

5.0
2006-02-15 CVE-2006-0714 Flyspray Remote File Include vulnerability in Flyspray 0.9.7

Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a ..

5.0
2006-02-15 CVE-2006-0713 Linpha Local File Inclusion and PHP Code Injection vulnerability in LinPHA

Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via ..

5.0
2006-02-15 CVE-2006-0712 Squishdot Unspecified vulnerability in Squishdot

mail_html template in Squishdot 1.5.0 and earlier does not properly validate the (1) email and (2) title variables, which allows remote attackers to bypass spam filters by injecting SMTP headers, probably due to a CRLF injection vulnerability.

5.0
2006-02-15 CVE-2006-0711 Neomail Unspecified vulnerability in Neomail

The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled.

5.0
2006-02-15 CVE-2006-0707 Pyblosxom Information Exposure vulnerability in Pyblosxom 1.2.1/1.3

PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable.

5.0
2006-02-15 CVE-2006-0702 Imagevue Multiple vulnerability in Imagevue 0.16.1

admin/upload.php in imageVue 16.1 allows remote attackers to upload arbitrary files to certain allowed folders via ..

5.0
2006-02-15 CVE-2006-0701 Imagevue Multiple vulnerability in Imagevue 0.16.1

readfolder.php in imageVue 16.1 allows remote attackers to list directories via modified path and ext parameters.

5.0
2006-02-15 CVE-2006-0700 Imagevue Permissions, Privileges, and Access Controls vulnerability in Imagevue 0.16.1

imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions.

5.0
2006-02-15 CVE-2006-0694 Ansilove Input Validation vulnerability in Ansilove 1.01/1.02

Unspecified vulnerability in the loaders (load_*.php) in Ansilove before 1.03 allows remote attackers to read arbitrary files via unspecified vectors involving "converting files accessible by the webserver".

5.0
2006-02-15 CVE-2006-0691 Scheduling Management COM Input Validation vulnerability in Scheduling Management.Com Time Tracking Software 3.0

edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote attackers to overwrite arbitrary data belonging to any account.

5.0
2006-02-15 CVE-2006-0687 Docmgr Remote File Include vulnerability in Docmgr 0.54.2

process.php in DocMGR 0.54.2 does not initialize the $siteModInfo variable when a direct request is made, which allows remote attackers to include arbitrary local files or possibly remote files via a modified includeModule and siteModInfo variable.

5.0
2006-02-15 CVE-2006-0680 Plain Black Unspecified vulnerability in Plain Black Webgui

Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote attackers to create an account, when anonymous registration is disabled, via a certain URL.

5.0
2006-02-14 CVE-2006-0452 Redhat Remote Denial Of Service vulnerability in Redhat Fedora Core 1.0

dn2ancestor in the LDAP component in Fedora Directory Server 1.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via a ModDN operation with a DN that contains a large number of "," (comma) characters, which results in a large amount of recursion, as demonstrated using the ProtoVer LDAP test suite.

5.0
2006-02-14 CVE-2006-0451 Redhat Remote Denial Of Service vulnerability in Redhat Fedora Core 1.0

Multiple memory leaks in the LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (memory consumption) via invalid BER packets that trigger an error, which might prevent memory from being freed if it was allocated during the ber_scanf call, as demonstrated using the ProtoVer LDAP test suite.

5.0
2006-02-14 CVE-2006-0004 Microsoft Remote Information Disclosure vulnerability in Microsoft Office 2000

Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).

5.0
2006-02-13 CVE-2006-0670 Bluez Project Unspecified vulnerability in Bluez Project Hcidump 1.29

Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to cause a denial of service (crash) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet.

5.0
2006-02-13 CVE-2006-0658 Fckeditor Remote Security vulnerability in Fckeditor 2.0/2.2

Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.

5.0
2006-02-13 CVE-2006-0656 HP Directory Traversal vulnerability in HP Systems Insight Manager 4.2/5.0

Directory traversal vulnerability in HP Systems Insight Manager 4.2 through 5.0 SP3 for Windows allows remote attackers to access arbitrary files via unspecified vectors, a different vulnerability than CVE-2005-2006.

5.0
2006-02-13 CVE-2006-0648 PHP Icalendar Remote File Include vulnerability in PHP Icalendar PHP Icalendar 2.0/2.0.1/2.1

Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php.

5.0
2006-02-13 CVE-2006-0647 SUN Remote Denial Of Service vulnerability in SUN Java System Directory Server 5.2

LDAP service in Sun Java System Directory Server 5.2, running on Linux and possibly other platforms, allows remote attackers to cause a denial of service (memory allocation error) via an LDAP packet with a crafted subtree search request, as demonstrated using the ProtoVer LDAP test suite.

5.0
2006-02-13 CVE-2006-0600 Stefan Ritt Remote vulnerability in ELOG Web Logbook

elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of service (infinite redirection) via a request with the fail parameter set to 1, which redirects to the same request.

5.0
2006-02-13 CVE-2006-0599 Stefan Ritt Remote vulnerability in ELOG Web Logbook

The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames.

5.0
2006-02-15 CVE-2006-0666 IBM Local Kernel Denial Of Service vulnerability in IBM AIX 5.3/5.3L

Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels in IBM AIX 5.3 VRMF 5.3.0.30 through 5.3.0.33 allows local users to cause a denial of service (system crash) via unknown vectors related to EMULATE_VMX.

4.9
2006-02-18 CVE-2006-0762 Winability Local Security vulnerability in Winability Folder Guard 4.11

WinAbility Folder Guard 4.11 allows local users to gain unauthorized access to certain capabilities of the application by renaming or moving the password file (FGuard.FGP), which disables the password requirement.

4.6
2006-02-15 CVE-2006-0455 GNU Unspecified vulnerability in GNU Privacy Guard

gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded.

4.6
2006-02-13 CVE-2006-0674 IBM Local Buffer Overflow vulnerability in IBM AIX ARP

Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 L, and 5.2 allows local users to cause a denial of service (crash) via a long iftype argument.

4.6
2006-02-19 CVE-2006-0796 Clever Copy HTML Injection vulnerability in Clever Copy Clever Copy 3.0

Cross-site scripting (XSS) vulnerability in default.php in Clever Copy 3.0 allows remote attackers to inject arbitrary web script or HTML via the Subject field when sending private messages (privatemessages.php).

4.3
2006-02-19 CVE-2006-0792 V Webmail Cross-Site Scripting vulnerability in V-Webmail 1.6.1/1.6.2

Cross-site scripting (XSS) vulnerability in preferences.personal.php in V-webmail 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the newid parameter.

4.3
2006-02-19 CVE-2006-0783 Siteframe HTML Injection vulnerability in Siteframe Beaumont 5.0.1/5.0.1A/5.0.2

Cross-site scripting (XSS) vulnerability in page.php in in Siteframe Beaumont, possibly 5.0.2 or 5.0.1a, allows remote attackers to inject arbitrary web script or HTML via the comment_text parameter to the user comment page (/edit/Comment).

4.3
2006-02-19 CVE-2006-0780 Perlblog Input Validation and Information Disclosure vulnerability in Perlblog 1.08/1.09/1.09B

Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in PerlBlog 1.09b and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters.

4.3
2006-02-19 CVE-2006-0779 XMB Forum Cross-Site Scripting vulnerability in XMB Forum XMB

Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter, as demonstrated using a URL-encoded iframe tag.

4.3
2006-02-19 CVE-2006-0776 Teca Scripts Input Validation vulnerability in Teca Scripts Guestex 1.0

Cross-site scripting (XSS) vulnerability in guestex.pl in Teca Scripts Guestex 1.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

4.3
2006-02-19 CVE-2006-0773 Hitachi Input Validation vulnerability in Hitachi Business Logic 0203/0300

Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the extended receiving box function.

4.3
2006-02-18 CVE-2006-0763 Cpanel Cross-Site Scripting vulnerability in cPanel

Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter.

4.3
2006-02-18 CVE-2006-0758 Hivemail Unspecified vulnerability in Hivemail

Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via a URL encoded expression in the query string in (1) index.php and (2) possibly certain other scripts, which is not properly cleansed when accessed from the $_SERVER['PHP_SELF'] variable.

4.3
2006-02-16 CVE-2006-0735 Fuzzymonkey
M Blom
HTML Injection vulnerability in My Blog BBCode

Cross-site scripting (XSS) vulnerability in BBcode.pm in M.

4.3
2006-02-16 CVE-2006-0726 CPG Nuke HTML Injection vulnerability in Cpg-Nuke Dragonfly CMS 9.0.6.1

Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dragonfly CMS 9.0.6.1 allows remote attackers to inject arbitrary web script or HTML via a URI that is generated when creating a list of online users.

4.3
2006-02-15 CVE-2006-0715 Solucija Input Validation vulnerability in Solucija Snews 1.3

Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote attackers to inject arbitrary web script or HTML via the comment field.

4.3
2006-02-15 CVE-2006-0706 Gastebuch Cross-Site Scripting vulnerability in Gastebuch

Cross-site scripting vulnerability in eintrag.php in Gästebuch (Gastebuch) before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the URL, which is used in the homepage parameter.

4.3
2006-02-15 CVE-2006-0703 Imagevue Multiple vulnerability in Imagevue 0.16.1

Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting (XSS) vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter.

4.3
2006-02-15 CVE-2006-0699 David Barrett Cross-Site Scripting vulnerability in QwikiWiki

Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki 1.5, and possibly 1.5.1 and other versions, allows remote attackers to inject arbitrary web script or HTML via the query parameter.

4.3
2006-02-15 CVE-2006-0689 Scheduling Management COM Input Validation vulnerability in Scheduling Management.Com Time Tracking Software 3.0

Cross-site scripting (XSS) vulnerability in the Registration Form in TTS Time Tracking Software 3.0 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter.

4.3
2006-02-15 CVE-2006-0683 Virtual Hosting Control System Input Validation And Access Validation vulnerability in Virtual Hosting Control System Virtual Hosting Control System 2.4.7.1Patchv.1

Cross-site scripting (XSS) vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log utility to read the log file.

4.3
2006-02-15 CVE-2006-0682 E107 HTML Injection vulnerability in E107 Website System BBCode

Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

4.3
2006-02-13 CVE-2006-0676 Francisco Burzi Cross-Site Scripting vulnerability in PHPNuke

Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter.

4.3
2006-02-13 CVE-2006-0675 Glen Campbell Cross-Site Scripting vulnerability in Glen Campbell Siteframe 5.0.1

Cross-site scripting (XSS) vulnerability in search.php in Siteframe 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

4.3
2006-02-13 CVE-2006-0664 Mantis Cross-Site Scripting vulnerability in Mantis Config_Defaults_Inc.PHP

Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

4.3
2006-02-13 CVE-2006-0663 IBM Cross-Site Scripting vulnerability in IBM Lotus Domino Inotes Client 6.5.4/7.0

Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using "java
script:"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename.

4.3
2006-02-13 CVE-2006-0662 IBM HTML and Script Injection vulnerability in IBM Lotus Domino Inotes Client 6.5.4

Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser.

4.3
2006-02-13 CVE-2006-0661 Scriptme Unspecified vulnerability in Scriptme SME Blog Host and SME GB Host

Cross-site scripting (XSS) vulnerability in Scriptme SmE GB Host 1.21 and SmE Blog Host allows remote attackers to inject arbitrary web script or HTML via the BBcode url tag.

4.3
2006-02-13 CVE-2006-0655 Hinton Design Input Validation vulnerability in Hinton Design PHPht Topsites 1.3

Multiple cross-site scripting (XSS) vulnerabilities in (1) link_edited.php and (2) link_added.php in Hinton Design phpht Topsites 1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2006-02-13 CVE-2006-0650 Cpaint Cross-Site Scripting vulnerability in CPAINT TYPE.PHP

Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaint_response_type parameter, which is displayed in a resulting error message, as demonstrated using a hex-encoded IFRAME tag.

4.3
2006-02-13 CVE-2006-0649 Dataparksearch Cross-Site Scripting vulnerability in DataparkSearch Engine Search Template

Cross-site scripting (XSS) vulnerability in DataparkSearch before 4.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2006-02-19 CVE-2006-0799 Microsoft Remote Security vulnerability in Microsoft IE 6.0.2900

Microsoft Internet Explorer allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate "href" attribute, a form whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL.

4.0
2006-02-19 CVE-2006-0787 Plaino Unspecified vulnerability in Plaino Wimpy MP3

wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and earlier, allows remote attackers to insert arbitrary strings into trackme.txt via the (1) trackFile, (2) trackArtist, and (3) trackTitle parameters, which can result in providing false information about songs, occupying excessive disk space with very long parameter values, and storing executable code that might be invoked through a different vulnerability.

4.0
2006-02-16 CVE-2006-0734 Valve Software Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Valve Software Half-Life Cstrike Dedicated Server

The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.6 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a backslash character at the end of a connection string to UDP port 27015.

4.0
2006-02-16 CVE-2006-0731 SAP Unspecified vulnerability in SAP Business Connector

WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame.

4.0

11 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-02-13 CVE-2006-0657 Softcomplex HTML Injection vulnerability in Softcomplex PHP Event Calendar 1.5

Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the (1) username and (2) password parameters, which are not sanitized before being written to users.php.

3.5
2006-02-18 CVE-2006-0770 Mybulletinboard Cross-Site Scripting vulnerability in MyBulletinBoard

Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details".

2.6
2006-02-18 CVE-2006-0760 Lighttpd Information Disclosure vulnerability in lightrpd

LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for ".php" names.

2.6
2006-02-18 CVE-2006-0753 Microsoft Denial-Of-Service vulnerability in Microsoft IE 6

Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.

2.6
2006-02-16 CVE-2006-0733 Wordpress HTML Injection vulnerability in Wordpress 2.0

** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field.

2.6
2006-02-16 CVE-2006-0724 Reamday Enterprises Variable Overwrite vulnerability in Reamday Enterprises Magic News Lite 1.2.3

profile.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized.

2.6
2006-02-16 CVE-2006-0723 Reamday Enterprises Code Injection vulnerability in Reamday Enterprises Magic News Lite 1.2.3

PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the php_script_path parameter.

2.6
2006-02-16 CVE-2006-0722 Reamday Enterprises Variable Overwrite vulnerability in Reamday Enterprises Magic Downloads 1.1.3

settings.php in Reamday Enterprises Magic Downloads 1.1.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized.

2.6
2006-02-15 CVE-2006-0704 IE Information Disclosure vulnerability in IE Integrator 4.4.220114

iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results in an error message that displays the installation path, web server name, IP, and port, session cookie information, and the IIS system username.

2.6
2006-02-14 CVE-2006-0382 Apple Local Denial Of Service vulnerability in Apple mac OS X 10.4.5

Apple Mac OS X 10.4.5 and allows local users to cause a denial of service (crash) via an undocumented system call.

2.1
2006-02-14 CVE-2006-0678 Postgresql Denial of Service vulnerability in PostgreSQL Set Session Authorization

PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service (server crash) via a crafted SET SESSION AUTHORIZATION command, a different vulnerability than CVE-2006-0553.

1.5