Weekly Vulnerabilities Reports > February 20 to 26, 2006

Overview

95 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 28 high severity vulnerabilities. This weekly summary report vulnerabilities in 75 products from 64 vendors including Phpoutsourcing, Nocc, Xerox, Leif M Wright, and Squirrelmail. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", "Permissions, Privileges, and Access Controls", and "Information Exposure".

  • 91 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 9 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 92 reported vulnerabilities are exploitable by an anonymous user.
  • Phpoutsourcing has the most reported vulnerabilities, with 5 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-02-24 CVE-2006-0874 Intensive Point Unspecified vulnerability in Intensive Point Iuser Ecommerce

Multiple unspecified vulnerabilities in Intensive Point iUser Ecommerce before 2.2 have unspecified vectors and impact, as addressed by "Urgent secure fixes".

10.0
2006-02-23 CVE-2006-0864 Hauri Authentication Bypass vulnerability in Hauri Virobot 2.020050817

filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cookie HTTP header, which allows remote attackers to gain administrative privileges via an arbitrary cookie value.

10.0
2006-02-24 CVE-2006-0884 Mozilla Improper Input Validation vulnerability in Mozilla Thunderbird

The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.

9.3

28 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-02-23 CVE-2006-0720 Nullsoft Buffer Overflow vulnerability in Nullsoft Winamp M3U File Processing

Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file.

7.6
2006-02-25 CVE-2006-0897 Virtual Communication Services SQL Injection vulnerability in Virtual Communication Services Vpmi Enterprise 3.3

** DISPUTED ** SQL injection vulnerability in VCS Virtual Program Management Intranet (VPMi) Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to Service_Requests.asp.

7.5
2006-02-25 CVE-2006-0892 Nocc Input Validation vulnerability in Nocc 1.0

NOCC Webmail 1.0 stores e-mail attachments in temporary files with predictable filenames, which makes it easier for remote attackers to execute arbitrary code by accessing the e-mail attachment via directory traversal vulnerabilities.

7.5
2006-02-25 CVE-2006-0887 Phplib Team Code Injection vulnerability in PHPlib Team PHPlib 7.4

Eval injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie.

7.5
2006-02-24 CVE-2006-0881 Phpoutsourcing Remote File Include vulnerability in Noah's Classifieds

Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php in Noah's Classifieds 1.3, when register_globals is enabled, allow remote attackers to include arbitrary PHP files via the (1) upperTemplate and (2) lowerTemplate parameters, as demonstrated using the lowerTemplate parameter to index.php.

7.5
2006-02-24 CVE-2006-0879 Phpoutsourcing SQL Injection vulnerability in Noah's Classifieds Search Page

SQL injection vulnerability in the search tool in Noah's Classifieds 1.3 allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors.

7.5
2006-02-23 CVE-2006-0870 Mini Nuke SQL Injection vulnerability in MiniNuke CMS Pages.ASP

SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-02-23 CVE-2006-0868 Pear SQL Injection vulnerability in PEAR::Auth

Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credentials," related to the "underlying storage containers."

7.5
2006-02-23 CVE-2006-0856 Scriptme SQL Injection vulnerability in Scriptme SME GB Host 1.21

SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the Username parameter.

7.5
2006-02-23 CVE-2006-0854 Intensive Point Code Injection vulnerability in Intensive Point Iuser Ecommerce

PHP remote file inclusion vulnerability in common.php in Intensive Point iUser Ecommerce allows remote attackers to include arbitrary files via a URL in the include_path variable, which is not initialized before being used.

7.5
2006-02-23 CVE-2006-0852 Devscripts Remote PHP Script Code Execution vulnerability in Admbook

Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php.

7.5
2006-02-23 CVE-2006-0851 Ilch DE SQL Injection vulnerability in IlchClan

SQL injection vulnerability in the forum module of ilchClan 1.05g and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, when creating a newpost.

7.5
2006-02-23 CVE-2006-0850 Ilch DE SQL-Injection vulnerability in ilchClan

SQL injection vulnerability in include/includes/user/login.php in ilchClan before 1.05g allows remote attackers to execute arbitrary SQL commands via the login_name parameter.

7.5
2006-02-22 CVE-2006-0844 Leif M Wright Unspecified vulnerability in Leif M. Wright web Blog 3.5

Leif M.

7.5
2006-02-22 CVE-2006-0835 Mitridat SQL Injection vulnerability in Web Calendar Pro Dropbase.PHP

SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar Pro allows remote attackers to modify internal SQL queries and cause a denial of service (inaccessible database) via the tabls parameter.

7.5
2006-02-22 CVE-2006-0834 Uniden Information Disclosure vulnerability in Uip1868p

Uniden UIP1868P VoIP Telephone and Router has a default password of admin for the web-based configuration utility, which allows remote attackers to obtain sensitive information on the device such as telephone numbers called, and possibly connect to other hosts.

7.5
2006-02-22 CVE-2006-0832 WPC Easy SQL Injection vulnerability in Webpagecity WPC easy

Multiple SQL injection vulnerabilities in admin.asp in WPC.easy allow remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameter.

7.5
2006-02-21 CVE-2006-0831 Tasarim Rehberi Remote Security vulnerability in Tasarim Rehberi

PHP remote file include vulnerability in index.php in Tasarim Rehberi allows remote attackers to execute arbitrary PHP code via a URL in the (1) sayfaadi or (2) sayfa parameter.

7.5
2006-02-21 CVE-2006-0830 Microsoft Buffer Overflow vulnerability in Microsoft IE 6.0.2900

The scripting engine in Internet Explorer allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary code via a web page that contains a recurrent call to an infinite loop in Javascript or VBscript, which consumes the stack, as demonstrated by resetting the "location" variable within the loop.

7.5
2006-02-21 CVE-2006-0825 Xerox Local Authentication Bypass vulnerability in Xerox WorkCentre Products

Multiple unspecified vulnerabilities in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allow remote attackers to bypass authentication or gain "unauthorized network access" via unknown attack vectors.

7.5
2006-02-21 CVE-2006-0824 Geeklog Input Validation vulnerability in Geeklog

Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to include arbitrary local files and execute arbitrary code via (1) absolute paths in unspecified parameters and (2) the language cookie, as demonstrated for code execution using error.log.

7.5
2006-02-21 CVE-2006-0823 Geeklog Input Validation vulnerability in Geeklog

Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to inject arbitrary SQL commands via the (1) userid variable to users.php or (2) sessid variable to lib-sessions.php.

7.5
2006-02-21 CVE-2006-0821 Bxcp SQL-Injection vulnerability in Bxcp 0.299

SQL injection vulnerability in index.php in BXCP 0.299 allows remote attackers to execute arbitrary SQL commands via the tid parameter.

7.5
2006-02-21 CVE-2006-0809 Skate Board Input Validation vulnerability in Skate Board Skate Board 0.9

Multiple SQL injection vulnerabilities in Skate Board 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) usern parameter in (a) sendpass.php, and the (2) usern and (3) passwd parameters and (4) sf_cookie cookie in (b) login.php and (c) logged.php.

7.5
2006-02-21 CVE-2006-0805 Francisco Burzi Unspecified vulnerability in Francisco Burzi PHP-Nuke

The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters.

7.5
2006-02-21 CVE-2006-0804 TIN Buffer Overflow vulnerability in TIN News Reader

Off-by-one error in TIN 1.8.0 and earlier might allow attackers to execute arbitrary code via unknown vectors that trigger a buffer overflow.

7.5
2006-02-23 CVE-2006-0858 Starforce Local Privilege Escalation vulnerability in Safe'n'Sec Path Specification

Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the autostartup mechanism, and (3) an unspecified installation component in StarForce Safe'n'Sec Personal + Anti-Spyware 2.0 and earlier, and possibly other StarForce Safe'n'Sec products, might allow local users to gain privileges via a malicious "program" file in the C: folder.

7.2
2006-02-23 CVE-2006-0812 Visnetic Local Privilege Escalation vulnerability in VisNetic AntiVirus

The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server 4.6.0.4, 4.6.1.1, and possibly other versions before 4.6.1.2, does not drop privileges before executing other programs, which allows local users to gain privileges.

7.2

56 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-02-23 CVE-2006-0853 Truenorth Software Remote Buffer Overflow vulnerability in Truenorth Software IA Emailserver Corporate5.3.4

Buffer overflow in the IMAP service of TrueNorth Internet Anywhere (IA) eMailserver 5.3.4 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long SEARCH argument.

6.5
2006-02-22 CVE-2006-0845 Leif M Wright Remote Security vulnerability in Leif M. Wright web Blog 3.5

Leif M.

6.5
2006-02-24 CVE-2006-0871 Mambo Path Traversal vulnerability in Mambo 4.5.3H

Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter.

6.4
2006-02-23 CVE-2006-0869 Pear Unspecified vulnerability in Pear Liveuser

Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a ..

6.4
2006-02-21 CVE-2006-0808 Mute Denial-Of-Service vulnerability in Mute 0.4

MUTE 0.4 allows remote attackers to cause a denial of service (messages not forwarded) and obtain sensitive information about a target by filling a client's mWebCache cache with malicious "zombie" nodes.

6.4
2006-02-24 CVE-2006-0813 Winace Buffer Errors vulnerability in Winace 2.60

Heap-based buffer overflow in WinACE 2.60 allows user-assisted attackers to execute arbitrary code via a large header block in an ARJ archive.

5.1
2006-02-24 CVE-2006-0300 GNU Buffer Overflow vulnerability in GNU Tar Invalid Headers

Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.

5.1
2006-02-23 CVE-2006-0855 Rahul Dhesi Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rahul Dhesi ZOO

Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code via a crafted ZOO file that causes the combine function to return a longer string than expected.

5.1
2006-02-22 CVE-2006-0848 Apple Configuration vulnerability in Apple mac OS X and mac OS X Server

The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.

5.1
2006-02-21 CVE-2006-0807 Njstar Buffer Errors vulnerability in Njstar Chinese Word Processor and Japanese Word Processor

Stack-based buffer overflow in NJStar Chinese and Japanese Word Processor 4.x and 5.x before 5.10 allows user-assisted attackers to execute arbitrary code via font names in NJStar (.njx) documents.

5.1
2006-02-20 CVE-2006-0801 Postnuke Software Foundation Input Validation vulnerability in PostNuke

SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php.

5.1
2006-02-25 CVE-2006-0895 Nocc Input Validation vulnerability in Nocc 1.0

NOCC Webmail 1.0 allows remote attackers to obtain the installation path via a direct request to html/header.php.

5.0
2006-02-25 CVE-2006-0893 Nocc Input Validation vulnerability in Nocc 1.0

NOCC Webmail 1.0 allows remote attackers to obtain sensitive information via a direct request to (1) the profiles directory, which leaks e-mail addresses contained in filenames of profiles, and (2) the tmp directory, which lists names of uploaded attachments.

5.0
2006-02-25 CVE-2006-0891 Nocc Input Validation vulnerability in Nocc 1.0

Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow remote attackers to include arbitrary files via ..

5.0
2006-02-25 CVE-2006-0890 Speedproject Remote Directory Traversal vulnerability in Multiple SpeedProject Applications

Directory traversal vulnerability in SpeedProject Squeez 5.1, as used in (1) ZipStar 5.1 and (2) SpeedCommander 11.01.4450, allows remote attackers to overwrite arbitrary files via unspecified manipulations in a (1) JAR or (2) ZIP archive.

5.0
2006-02-24 CVE-2006-0882 Phpoutsourcing Local File Include vulnerability in Noah's Classifieds 1.2/1.3

Directory traversal vulnerability in include.php in Noah's Classifieds 1.3 allows remote attackers to include arbitrary local files via the otherTemplate parameter to index.php.

5.0
2006-02-24 CVE-2006-0878 Phpoutsourcing Remote Security vulnerability in Noahs Classifieds 1.2/1.3

Noah's Classifieds 1.3 allows remote attackers to obtain the installation path via a direct request to include files, as demonstrated by classifieds/gorum/category.php.

5.0
2006-02-24 CVE-2006-0877 Easy Forum HTML Injection vulnerability in Easy Forum Easy Forum 2.5

Cross-site scripting vulnerability in Easy Forum 2.5 allows remote attackers to inject arbitrary web script or HTML via the image variable.

5.0
2006-02-24 CVE-2006-0876 Popfile Denial Of Service vulnerability in POPFile

POPFile before 0.22.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving character sets within e-mail messages.

5.0
2006-02-24 CVE-2006-0875 Runcms Cross-Site Scripting vulnerability in RunCMS

Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter.

5.0
2006-02-24 CVE-2006-0873 Coppermine File Include vulnerability in Coppermine Photo Gallery 1.4.3

Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames.

5.0
2006-02-24 CVE-2006-0872 Coppermine File Include vulnerability in Coppermine Photo Gallery 1.4.3

Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a ..

5.0
2006-02-24 CVE-2006-0377 Squirrelmail Cross-Site Scripting and IMAP Injection vulnerability in SquirrelMail

CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."

5.0
2006-02-23 CVE-2006-0867 South River Denial-Of-Service vulnerability in South River Webdrive 6.08Build1131/8

Buffer overflow in certain versions of South River (aka SRT) WebDrive, possibly version 6.08 build 1131 and version 8, allows remote attackers to cause a denial of service (application crash and persistent erratic behavior) via a long string in the name entry field.

5.0
2006-02-23 CVE-2006-0866 Punbb Remote Security vulnerability in Punbb

PunBB 1.2.10 and earlier allows remote attackers to conduct brute force guessing attacks for an account's password, which may be as short as 4 characters.

5.0
2006-02-23 CVE-2006-0865 Punbb Denial-Of-Service vulnerability in Punbb

PunBB 1.2.10 and earlier allows remote attackers to cause a denial of service (resource consumption) by registering many user accounts quickly.

5.0
2006-02-23 CVE-2006-0863 Infovista Directory Traversal vulnerability in Infovista Portalse 2.0Build20087

InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote attackers to obtain sensitive information by specifying a nonexistent server in the server field, which reveals the path in an error message.

5.0
2006-02-23 CVE-2006-0862 Infovista Directory Traversal vulnerability in Infovista Portalse 2.0Build20087

Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on Solaris 8 without the IV00038969 hotfix allows remote attackers to read arbitrary files via a crafted URL.

5.0
2006-02-23 CVE-2006-0861 Michael Salzer Information Exposure vulnerability in Michael Salzer Guestbox 0.6

Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to obtain the source IP addresses of guestbook entries via a direct request to /gb/gblog.

5.0
2006-02-23 CVE-2006-0859 Michael Salzer Permissions, Privileges, and Access Controls vulnerability in Michael Salzer Guestbox 0.6

Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to post an admin comment to a guestbook entry via a certain modified form, possibly related to the nummer parameter.

5.0
2006-02-23 CVE-2006-0803 Novell
Suse
The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used.
5.0
2006-02-22 CVE-2006-0847 Cherrypy Directory Traversal vulnerability in CherryPy StaticFilter

Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.

5.0
2006-02-22 CVE-2006-0843 Leif M Wright Information Disclosure vulnerability in Leif M. Wright web Blog 3.5

Leif M.

5.0
2006-02-22 CVE-2006-0840 Mantis Input Validation vulnerability in Mantis

manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie.

5.0
2006-02-22 CVE-2006-0839 Sourcefire Unspecified vulnerability in Sourcefire Snort 2.4.3

The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths.

5.0
2006-02-21 CVE-2006-0829 E Blah HTML Injection vulnerability in E-Blah Platinum 9.7

Cross-site scripting vulnerability in E-Blah Platinum 9.7 allows remote attackers to inject arbitrary web script or HTML via the referer (HTTP_REFERER), which is not sanitized when the log file is viewed by the administrator using "Click Log".

5.0
2006-02-21 CVE-2006-0828 Xerox Remote Security vulnerability in Workcentre 238

Unspecified vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to "reduce effectiveness of security features" via unknown attack vectors.

5.0
2006-02-21 CVE-2006-0827 Xerox HTML Injection vulnerability in Xerox WorkCentre Products

Cross-site scripting vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

5.0
2006-02-21 CVE-2006-0826 Xerox Denial of Service vulnerability in Xerox WorkCentre

Unspecified vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to cause a denial of service via a crafted Postscript request.

5.0
2006-02-21 CVE-2006-0822 Emulinker Kaillera Server Remote Denial Of Service vulnerability in EmuLinker Malformed Packet

Unspecified vulnerability in EmuLinker Kaillera Server before 0.99.17 allows remote attackers to cause a denial of service (probably resource consumption) via a crafted packet that causes a "ghost game" to be left on the server.

5.0
2006-02-25 CVE-2006-0896 Simple Machines Cross-Site Scripting vulnerability in Simple Machines Simple Machines Forum 1.0.6

Cross-site scripting (XSS) vulnerability in Sources/Register.php in Simple Machine Forum (SMF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field.

4.3
2006-02-25 CVE-2006-0894 Nocc Input Validation vulnerability in Nocc 1.0

Multiple cross-site scripting (XSS) vulnerabilities in NOCC Webmail 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the html_error_occurred parameter in error.php, (2) html_filter_select parameter in filter_prefs.php, (3) html_no_mail parameter in no_mail.php, the (4) page_line, (5) prev, and (6) next parameters in html_bottom_table.php, and the (7) _SESSION['nocc_theme'] parameter in footer.php.

4.3
2006-02-25 CVE-2006-0889 Brown Bear Software Cross-Site Scripting vulnerability in Brown Bear Software Calcium 3.10.1

Cross-site scripting (XSS) vulnerability in Calcium 3.10.1 allows remote attackers to inject arbitrary web script or HTML via the EventText parameter.

4.3
2006-02-25 CVE-2006-0886 DEV HTML Injection vulnerability in DEV web Management System 1.5

Cross-site scripting (XSS) vulnerability in register.php in DEV web management system 1.5 allows remote attackers to inject arbitrary web script or HTML via the "City/Region" field (mesto variable).

4.3
2006-02-25 CVE-2006-0885 Cutephp Cross-Site Scripting vulnerability in Cutephp Cutenews 1.4.1

Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the show parameter.

4.3
2006-02-24 CVE-2006-0880 Phpoutsourcing Cross-Site Scripting vulnerability in Noah's Classifieds

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) inf parameter; or, when register_globals is enabled, the (2) upperTemplate and (3) lowerTemplate parameters.

4.3
2006-02-24 CVE-2006-0195 Squirrelmail Cross-Site Scripting and IMAP Injection vulnerability in SquirrelMail

Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer.

4.3
2006-02-24 CVE-2006-0188 Squirrelmail Cross-Site Scripting and IMAP Injection vulnerability in SquirrelMail

webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter.

4.3
2006-02-23 CVE-2006-0860 Michael Salzer Cross-Site Scripting vulnerability in Michael Salzer Guestbox 0.6

Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags that follow a "http://" string, which bypasses a regular expression check, and (2) other unspecified attack vectors.

4.3
2006-02-23 CVE-2006-0857 E107 Cross-Site Scripting vulnerability in E107 Chatbox Plugin and E107

Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element.

4.3
2006-02-22 CVE-2006-0846 Leif M Wright HTML Injection vulnerability in Leif M. Wright web Blog 3.5

Multiple cross-site scripting (XSS) vulnerabilities in Leif M.

4.3
2006-02-22 CVE-2006-0842 Calacode Cross-Site Scripting vulnerability in Calacode Atmail Webmail System 4.3

Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows remote attackers to inject arbitrary web script or HTML via a modified javascript: string in the SRC attribute of an IMG element in an e-mail message, as demonstrated by "java	script:." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

4.3
2006-02-22 CVE-2006-0841 Mantis Input Validation vulnerability in Mantis

Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php.

4.3
2006-02-22 CVE-2006-0833 Boonex HTML Injection vulnerability in Boonex Barracuda Directory 1.1

Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Directory 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) Add URL and (2) Suggest Category module.

4.3
2006-02-21 CVE-2006-0811 Skate Board Input Validation vulnerability in Skate Board Skate Board 0.9

Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board 0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters involved with the registration form.

4.3
2006-02-21 CVE-2006-0806 John LIM Cross-Site Scripting vulnerability in John LIM Adodb

Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF.

4.3

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-02-21 CVE-2006-0810 Skate Board Input Validation vulnerability in Skate Board Skate Board 0.9

Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection.

3.5
2006-02-25 CVE-2006-0898 Lincoln D Stein Unspecified vulnerability in Lincoln D. Stein Crypt CBC

Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.

2.6
2006-02-25 CVE-2006-0888 Invision Power Services Denial of Service vulnerability in Invision Power Services Invision Power Board 2.0.1

index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users.

2.6
2006-02-22 CVE-2006-0836 Mozilla Remote Denial of Service vulnerability in Mozilla Thunderbird 1.5

Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an unspecified denial of service by tricking the user into importing an LDIF file with a long field into the address book, as demonstrated by a long homePhone field.

2.6
2006-02-20 CVE-2006-0802 Postnuke Software Foundation Input Validation vulnerability in PostNuke

Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation.

2.6
2006-02-20 CVE-2006-0800 Postnuke Software Foundation Cross-Site Scripting vulnerability in Postnuke Software Foundation Postnuke

Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php.

2.6
2006-02-22 CVE-2006-0838 Micromuse Unspecified vulnerability in Micromuse Netcool Neusecure 3.0.236

IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in the (1) CMS_DBPASS, (2) CMSM_DBPASS, and (3) RPT_DBPASS fields in /etc/neusecure.conf, and in (4) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to gain privileges.

2.1
2006-02-22 CVE-2006-0837 Micromuse Unspecified vulnerability in Micromuse Netcool Neusecure 3.0.236

IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable permissions for (1) /etc/neusecure.conf, (2) /opt/NeuSecure/etc/cms-3.0.236.buildconf, and (3) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to read sensitive information such as passwords.

2.1