Weekly Vulnerabilities Reports > March 6 to 12, 2006

Overview

171 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 49 high severity vulnerabilities. This weekly summary report vulnerabilities in 144 products from 109 vendors including Joomla, Linux, PHP Stats, Xerox, and Sauerbraten. Vulnerabilities are notably categorized as "SQL Injection", "Code Injection", "Resource Management Errors", "Permissions, Privileges, and Access Controls", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 154 reported vulnerabilities are remotely exploitables.
  • 7 reported vulnerabilities have public exploit available.
  • 4 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 162 reported vulnerabilities are exploitable by an anonymous user.
  • Joomla has the most reported vulnerabilities, with 7 reported vulnerabilities.
  • Joomla has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

8 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-03-09 CVE-2006-1123 D2Ksoft Input Validation vulnerability in D2KBlog

SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the memName parameter in a cookie.

10.0
2006-03-09 CVE-2006-1085 PHP Stats Input Validation and Information Disclosure vulnerability in PHP-Stats

admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to bypass authentication, gain administrator privileges, and execute arbitrary PHP code by modifying the option[admin_pass] parameter and setting the pass_cookie to the MD5 hash of the specified password.

10.0
2006-03-07 CVE-2006-1069 Geeklog Unspecified vulnerability in Geeklog

Unspecified vulnerability in the session handling for Geeklog 1.4.x before 1.4.0sr2, 1.3.11 before 1.3.11sr5, 1.3.9 before 1.3.9sr5, and possibly earlier versions allows attackers to gain privileges as arbitrary users via unknown vectors.

10.0
2006-03-07 CVE-2006-1047 Joomla Remote Security vulnerability in Joomla

Unspecified vulnerability in the "Remember Me login functionality" in Joomla! 1.0.7 and earlier has unknown impact and attack vectors.

10.0
2006-03-07 CVE-2006-1038 VAN Dyke Technologies Buffer Overflow vulnerability in Van Dyke SecureCRT and SecureFX

Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and earlier allows remote attackers to have an unknown impact when a Unicode string is converted to a "narrow" string.

10.0
2006-03-06 CVE-2006-1002 Netgear Credentials Management vulnerability in Netgear Wgt624

NETGEAR WGT624 Wireless DSL router has a default account of super_username "Gearguy" and super_passwd "Geardog", which allows remote attackers to modify the configuration.

10.0
2006-03-06 CVE-2006-1000 G2Soft SQL Injection vulnerability in G2Soft Pentacle In-Out Board 6.03

Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp.

10.0
2006-03-07 CVE-2006-1017 PHP Unspecified vulnerability in PHP

The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions.

9.3

49 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-03-12 CVE-2006-1159 EFS Software Input Validation vulnerability in EFS Software EFS web Server 3.2

Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in the query string argument in an HTTP GET request.

7.8
2006-03-12 CVE-2006-1158 Kerio Remote Denial of Service vulnerability in Kerio MailServer

Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause a denial of service (application crash) via a crafted IMAP LOGIN command.

7.8
2006-03-10 CVE-2006-1150 TEG Remote Denial Of Service vulnerability in TEG Tenes Empanadas Graciela 0.11.1

Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, automatically appends an _ (underscore) to the end of duplicate nicknames, which allows remote attackers to cause a denial of service (application crash) by creating multiple users with long, identical nicknames, which triggers an off-by-one error.

7.8
2006-03-09 CVE-2006-1091 Kaspersky LAB Denial Of Service vulnerability in Kaspersky Anti-Virus 5.0.5/5.5.3

Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via unknown attack vectors.

7.8
2006-03-09 CVE-2006-1090 Punbb Denial-Of-Service vulnerability in Punbb 1.2.10

register.php in PunBB 1.2.10 allows remote attackers to cause an unspecified denial of service via a flood of new user registrations.

7.8
2006-03-07 CVE-2006-1028 Joomla Denial-Of-Service vulnerability in Joomla 1.0.7

feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to cause a denial of service (stressed file cache) by creating many files via filenames in the feed parameter to index.php.

7.8
2006-03-12 CVE-2006-1164 Nodez Input Validation vulnerability in Nodez 4.6.1.1

Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing list.gtdat.

7.5
2006-03-10 CVE-2006-1154 Fscripts Code Injection vulnerability in Fscripts Fantastic News 2.1.1/2.1.2/2.1.4

PHP remote file inclusion vulnerability in archive.php in Fantastic News 2.1.2 allows remote attackers to include arbitrary files via the CONFIG[script_path] variable.

7.5
2006-03-10 CVE-2006-1149 OWL Remote File Include vulnerability in Owl Intranet Engine

PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized before use.

7.5
2006-03-10 CVE-2006-1148 Peercast Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Peercast 0.1211/0.1212

Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1) parameter name or (2) value in a URL, which triggers the overflow in the nextCGIarg function in servhs.cpp.

7.5
2006-03-10 CVE-2006-1141 Inter7 Buffer Overflow vulnerability in Inter7 QmailAdmin PATH_INFO

Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable.

7.5
2006-03-10 CVE-2006-1140 Redblog SQL Injection vulnerability in Redblog 0.5

SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

7.5
2006-03-10 CVE-2006-1132 Vbzoom SQL Injection vulnerability in Vbzoom 1.11

SQL injection vulnerability in show.php in vbzoom 1.11 allow remote attackers to execute arbitrary SQL commands via the MainID parameter.

7.5
2006-03-10 CVE-2006-1129 Ekinboard Input Validation vulnerability in Ekinboard 1.0.3

SQL injection vulnerability in config.php in EKINboard 1.0.3 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username cookie.

7.5
2006-03-09 CVE-2006-1124 Revilloc Solutions Remote Buffer Overflow vulnerability in RevilloC MailServer

Buffer overflow in RevilloC MailServer and Proxy 1.21 allows remote attackers to execute arbitrary code via a long USER command.

7.5
2006-03-09 CVE-2006-1111 Aztek Forum HTML Injection vulnerability in Aztek Forum Aztek Forum 4.0

Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a "*/*" in the msg parameter to index.php, which reveals usernames and passwords in a MySQL error message, possibly due to a forced SQL error or SQL injection.

7.5
2006-03-09 CVE-2006-1109 Totalecommerce SQL Injection vulnerability in Totalecommerce 1.0

SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-03-09 CVE-2006-1108 Nmdeluxe Input Validation vulnerability in Nmdeluxe 1.0

SQL injection vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-03-09 CVE-2006-1104 Pixelpost Input Validation vulnerability in Pixelpost

Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the showimage parameter in index.php; and the (2) USER_AGENT, (3) HTTP_REFERER, and (4) HTTP_HOST HTTP header fields as used in the book_vistor function in includes/functions.php.

7.5
2006-03-09 CVE-2006-1100 Sauerbraten Remote vulnerability in Sauerbraten Cube and Sauerbraten

Buffer overflow in the sgetstr function in shared/cube.h in Sauerbraten 2006_02_28 and earlier, as derived from the Cube engine, allows remote attackers to execute arbitrary code via long streams of input data.

7.5
2006-03-09 CVE-2006-1099 Logit Remote File Include vulnerability in Logit 1.3/1.4

PHP remote file include vulnerability in logIT 1.3 and 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter.

7.5
2006-03-09 CVE-2006-1098 Digital Builder Input Validation vulnerability in NZ Ecommerce

** DISPUTED ** Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers to execute arbitrary SQL commands via the (1) informationID or (2) ParentCategory parameter to index.php.

7.5
2006-03-09 CVE-2006-1094 Datenbank Module
Woltlab
SQL Injection vulnerability in Woltlab Burning Board

SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allows remote attackers to execute arbitrary SQL commands via the fileid parameter to (1) info_db.php or (2) database.php.

7.5
2006-03-09 CVE-2006-1084 PHP Stats Input Validation and Information Disclosure vulnerability in PHP-Stats

Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the option[prefix] parameter in admin.php and other unspecified PHP scripts, and (2) the PC_REMOTE_ADDR HTTP header to click.php.

7.5
2006-03-09 CVE-2006-1083 PHP Stats Input Validation and Information Disclosure vulnerability in PHP-Stats

Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to read and possibly execute arbitrary files via a ..

7.5
2006-03-09 CVE-2006-1081 Jonathan Beckett SQL Injection vulnerability in Jonathan Beckett Pluggedout Nexus 0.1

SQL injection vulnerability in forgotten_password.php in Jonathan Beckett PluggedOut Nexus 0.1 allows remote attackers to execute arbitrary SQL commands via the email parameter.

7.5
2006-03-09 CVE-2006-1076 Invision Power Services SQL Injection vulnerability in Invision Power Services Invision Power Board 2.1.5

SQL injection vulnerability in index.php, possibly during a showtopic operation, in Invision Power Board (IPB) 2.1.5 allows remote attackers to execute arbitrary SQL commands via the st parameter.

7.5
2006-03-09 CVE-2006-1075 Jason Boettcher Remote Format String vulnerability in Liero Xtreme

Format string vulnerability in the visualization function in Jason Boettcher Liero Xtreme 0.62b and earlier allows remote attackers to execute arbitrary code via format string specifiers in (1) a nickname, (2) a dedicated server name, or (3) a mapname in a level (aka .lxl) file.

7.5
2006-03-09 CVE-2006-0746 Xpdf Multiple Unspecified vulnerability in Retired - KPDF

Certain patches for kpdf do not include all relevant patches from xpdf that were associated with CVE-2005-3627, which allows context-dependent attackers to exploit vulnerabilities that were present in CVE-2005-3627.

7.5
2006-03-07 CVE-2006-1051 Akarru SQL Injection vulnerability in Akarru Social BookMarking Engine 0.4.3.2/0.4.3.3

SQL injection vulnerability in Akarru Social BookMarking Engine before 0.4.3.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors, possibly involving the username parameter to akarru.lib/users.php.

7.5
2006-03-07 CVE-2006-1049 Joomla SQL Injection vulnerability in Joomla

Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors.

7.5
2006-03-07 CVE-2006-1044 Lsoft Multiple Unspecified vulnerability in Lsoft Listserv 14.3/14.4

Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI.

7.5
2006-03-07 CVE-2006-1037 Oracle Multiple vulnerability in Oracle Diagnostics and E-Business Suite

SQL injection vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.

7.5
2006-03-07 CVE-2006-1036 Oracle Multiple vulnerability in Oracle Diagnostics 2.0/2.1/2.2

Multiple unspecified vulnerabilities in the Oracle Diagnostics module 2.2 and earlier have unknown impact and attack vectors, related to "permissions."

7.5
2006-03-07 CVE-2006-1035 Oracle Multiple vulnerability in Oracle Diagnostics and E-Business Suite

Unspecified vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to access diagnostics tests via unknown attack vectors.

7.5
2006-03-07 CVE-2006-1032 Phprpc Remote Code Execution vulnerability in PHPrpc 0.7/0.8/0.9

Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag.

7.5
2006-03-07 CVE-2006-1031 Igenus Code Injection vulnerability in Igenus Webmail 2.0/2.01/2.02

config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote attackers to include arbitrary local files via the SG_HOME parameter.

7.5
2006-03-07 CVE-2006-1026 Jfacets Remote Security vulnerability in JFacets

JFacets before 0.2 allows remote attackers to gain privileges as any account via a GET request with a modified account profileID.

7.5
2006-03-07 CVE-2006-1024 Addsoft SQL Injection vulnerability in Addsoft Storebot 2005

SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 Professional allows remote attackers to execute arbitrary SQL commands via the Pwd parameter.

7.5
2006-03-07 CVE-2006-1020 Johnny Vegas SQL Injection vulnerability in Johnny Vegas Forum 1.0

SQL injection vulnerability in forumlib.php in Johnny_Vegas Vegas Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter.

7.5
2006-03-07 CVE-2006-1018 DCI Designs SQL Injection vulnerability in Dci-Designs Dawaween 1.03

SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a diwan view action.

7.5
2006-03-07 CVE-2006-1016 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 6.0

Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument.

7.5
2006-03-07 CVE-2006-1013 Smartblog Unspecified vulnerability in Smartblog 1.2

PHP remote file include vulnerability in index.php in SMartBlog (aka SMBlog) 1.2 allows remote attackers to include and execute arbitrary PHP files via (1) the pg parameter and (2) a query string without a parameter.

7.5
2006-03-06 CVE-2006-1012 Wordpress SQL Injection vulnerability in Wordpress 1.5.2

SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment.

7.5
2006-03-06 CVE-2006-1007 Nathan Landry Input Validation vulnerability in Nathan Landry N8Cms Sitesuite CMS 1.1/1.2

Multiple SQL injection vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) dir and (2) page_id parameter to index.php.

7.5
2006-03-06 CVE-2006-1006 Sendcard SQL Injection vulnerability in Sendcard

Multiple SQL injection vulnerabilities in sendcard.php in sendcard before 3.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.

7.5
2006-03-09 CVE-2006-1095 Apache Path Traversal vulnerability in Apache MOD Python 3.2.7

Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.

7.2
2006-03-09 CVE-2006-1079 Acme Labs Permissions, Privileges, and Access Controls vulnerability in Acme Labs Thttpd 2.25B

htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function.

7.2
2006-03-09 CVE-2006-1078 Acme Labs Multiple vulnerability in Acme Labs Thttpd 2.25B

Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file.

7.2

100 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-03-12 CVE-2006-1163 Nodez Input Validation vulnerability in Nodez 4.6.1.1

Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows remote attackers to inject arbitrary web script or HTML via the op parameter.

6.8
2006-03-09 CVE-2006-1122 D2Ksoft Input Validation vulnerability in D2KBlog

Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

6.8
2006-03-09 CVE-2006-1121 Cutephp Cross-Site Scripting vulnerability in Cutephp Cutenews 1.4.1

Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the query string to index.php.

6.8
2006-03-07 CVE-2006-1025 Addsoft Cross-Site Scripting vulnerability in Addsoft Storebot 2002

Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft StoreBot 2002 Standard allows remote attackers to inject arbitrary web script or HTML via the ShipMethod parameter.

6.8
2006-03-12 CVE-2006-1161 EFS Software Input Validation vulnerability in EFS Software EFS web Server 3.2

Absolute path traversal vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote registered users to execute arbitrary code by uploading a malicious file to the Windows startup folder.

6.5
2006-03-10 CVE-2006-1146 COR Entertainment Remote vulnerability in COR Entertainment Alien Arena 2006 Gold5.00

Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code by sending a long message to the server.

6.5
2006-03-10 CVE-2006-1145 COR Entertainment Remote vulnerability in COR Entertainment Alien Arena 2006 Gold5.00

Format string vulnerability in the safe_cprintf function in acebot_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code via unspecified vectors when the server sends crafted messages to the clients.

6.5
2006-03-09 CVE-2006-1087 PHP Stats Input Validation and Information Disclosure vulnerability in PHP-Stats

Direct static code injection vulnerability in the modify_config action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the option_new[compatibility_mode] parameter, which is not filtered before being stored in config.php.

6.5
2006-03-10 CVE-2006-1139 Xerox Remote Security vulnerability in CopyCentre C75

Unspecified vulnerability in the ESS/ Network Controller in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, causes the Immediate Image Overwrite feature to fail after a power loss, which could leave data exposed to attack.

6.4
2006-03-09 CVE-2006-1128 Gallery Project Unspecified vulnerability in Gallery Project Gallery

Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized.

6.4
2006-03-09 CVE-2006-1126 Gallery Project Remote Security vulnerability in Gallery Project Gallery 2.0.2

Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR.

6.4
2006-03-09 CVE-2006-1114 Gerrit VAN Aaken Input Validation vulnerability in Gerrit VAN Aaken Loudblog 0.41

Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a ..

6.4
2006-03-09 CVE-2006-1093 IBM Unspecified vulnerability in IBM Websphere Application Server

Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed.

6.4
2006-03-08 CVE-2006-1073 Simplog Information Disclosure vulnerability in Simplog

Directory traversal vulnerability in index.php in Daverave Simplog 1.0.2 and earlier allows remote attackers to include or read arbitrary .txt files via the (1) act and (2) blogid parameters.

6.4
2006-03-07 CVE-2006-1042 Gregarius Input Validation vulnerability in Gregarius 0.5.2

Multiple SQL injection vulnerabilities in Gregarius 0.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) folder parameter to feed.php or (2) rss_query parameter to search.php.

6.4
2006-03-07 CVE-2006-1039 SAP Code Injection vulnerability in SAP web Application Server 6.10/6.20/6.40

SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers.

6.4
2006-03-07 CVE-2006-1015 PHP Security Bypass vulnerability in PHP

Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments.

6.4
2006-03-06 CVE-2006-1010 Crossfire Denial Of Service vulnerability in Crossfire 1.7.0/1.8.0

Buffer overflow in socket/request.c in CrossFire before 1.9.0, when oldsocketmode is enabled, allows remote attackers to cause a denial of service (segmentation fault) and possibly execute code by sending the server a large request.

6.4
2006-03-06 CVE-2006-1005 Cactusoft Information Disclosure vulnerability in Cactusoft Parodia 6.2

agencyprofile.asp in Parodia 6.2 and earlier might allow remote attackers to obtain sensitive information by triggering an SQL error via an invalid AG_ID parameter.

6.4
2006-03-06 CVE-2006-0387 Apple Multiple vulnerability in Apple Mac OS X Security Update 2006-001

Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, and 10.3.9 and earlier, allows remote attackers to execute arbitrary code via unspecified vectors involving a web page with crafted JavaScript, a different vulnerability than CVE-2005-4504.

6.4
2006-03-06 CVE-2006-1008 Nathan Landry Input Validation vulnerability in Nathan Landry N8Cms Sitesuite CMS 1.1/1.12/1.2

Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) dir and (2) page_id parameter to (a) index.php and (3) userid parameter to (b) mailto.php.

5.8
2006-03-12 CVE-2006-1162 Nodez Input Validation vulnerability in Nodez 4.6.1.1

Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a ..

5.1
2006-03-10 CVE-2006-1134 Jason Smith SQL Injection vulnerability in Jason Smith Cyboards PHP Lite 1.25

SQL injection vulnerability in CyBoards PHP Lite 1.25, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the parent parameter to (1) post.php and possibly (2) process_post.php.

5.1
2006-03-07 CVE-2006-1043 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Visual Interdev and Visual Studio

Stack-based buffer overflow in Microsoft Visual Studio 6.0 and Microsoft Visual InterDev 6.0 allows user-assisted attackers to execute arbitrary code via a long DataProject field in a (1) Visual Studio Database Project File (.dbp) or (2) Visual Studio Solution (.sln).

5.1
2006-03-12 CVE-2006-1156 Manas Tungare Input Validation vulnerability in Manas Tungare Site Membership Script

SQL injection vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to execute arbitrary SQL commands via the Username parameter in login.asp.

5.0
2006-03-10 CVE-2006-1153 D2 Shoutbox SQL Injection vulnerability in D2-Shoutbox 4.2

SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers to execute arbitrary SQL commands via the load parameter, when performing a Shoutbox action through Invision Power Board (IPB).

5.0
2006-03-10 CVE-2006-1152 M Phorum Remote File Include vulnerability in M Phorum M Phorum 0.2

PHP remote file inclusion vulnerability in index.php in M-Phorum 0.2 allows remote attackers to include arbitrary files via the go parameter.

5.0
2006-03-10 CVE-2006-1151 M Phorum Cross-Site Scripting vulnerability in M Phorum M Phorum 0.2

Cross-site scripting vulnerability in index.php in M-Phorum 0.2 allows remote attackers to inject arbitrary web script or HTML via the go parameter.

5.0
2006-03-10 CVE-2006-1142 Solido Systems Unspecified vulnerability in Solido Systems Ravenous web Server

Unspecified vulnerability in Ravenous Web Server before 0.7.1 allows remote attackers to access arbitrary rvplg files, with unknown impact.

5.0
2006-03-10 CVE-2006-1138 Xerox Multiple vulnerability in Xerox WorkCentre / CopyCentre

Unspecified vulnerability in the web server code in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows remote attackers to cause a denial of service (memory corruption) via unknown vectors.

5.0
2006-03-10 CVE-2006-1137 Xerox Multiple vulnerability in Xerox WorkCentre / CopyCentre

Multiple unspecified vulnerabilities in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allow remote attackers to cause an unspecified denial of service via a crafted PostScript file that will (1) "navigate through the directory" or (2) a "file sent to expose TCP/IP ports".

5.0
2006-03-10 CVE-2006-1136 Xerox Multiple vulnerability in Xerox WorkCentre / CopyCentre

Buffer overflow in the PostScript file interpreter code for Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows attackers to cause a denial of service via unknown vectors.

5.0
2006-03-10 CVE-2006-0040 Gnome Denial Of Service vulnerability in Gnome Evolution 2.4.2.1

GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml.

5.0
2006-03-09 CVE-2006-0743 Apache USE of Externally-Controlled Format String vulnerability in Apache Log4Net 1.2.9Beta

Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.

5.0
2006-03-09 CVE-2006-1118 Bmail SQL-Injection vulnerability in Bmail Pr9.0

SQL injection vulnerability in bmail before Aardvark PR9.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving GBK character sets.

5.0
2006-03-09 CVE-2006-1116 Ncipher Unspecified vulnerability in Ncipher Ncore 2.17

The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected.

5.0
2006-03-09 CVE-2006-1113 Gerrit VAN Aaken Input Validation vulnerability in Gerrit VAN Aaken Loudblog 0.41

SQL injection vulnerability in podcast.php in Loudblog before 0.42 allows remote attackers to execute arbitrary SQL commands via the id parameter.

5.0
2006-03-09 CVE-2006-1112 Aztek Forum HTML Injection vulnerability in Aztek Forum Aztek Forum 4.0

Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a long login value in a register form, which displays the installation path in a MySQL error message.

5.0
2006-03-09 CVE-2006-1105 Pixelpost Input Validation vulnerability in Pixelpost

Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function.

5.0
2006-03-09 CVE-2006-1103 Sauerbraten Remote vulnerability in Sauerbraten Cube and Sauerbraten

engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (segmentation fault) via a client that does not completely join the game and times out, which results in a null pointer dereference.

5.0
2006-03-09 CVE-2006-1102 Sauerbraten Remote vulnerability in Sauerbraten Cube and Sauerbraten

Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (client exit) by forcing the server to change to a map (ogz) file whose name contains ".." sequences and has a certain length that prevents the addition of the ".ogz" extension.

5.0
2006-03-09 CVE-2006-1101 Sauerbraten Remote vulnerability in Sauerbraten Cube and Sauerbraten

The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as derived from the Cube engine, allow remote attackers to cause a denial of service (segmentation fault) via long streams of input data that trigger an out-of-bounds read, as demonstrated using SV_EXT tag data in the Cube engine, which is not properly handled by getint.

5.0
2006-03-09 CVE-2006-1088 PHP Stats Input Validation and Information Disclosure vulnerability in PHP-Stats

PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database table_prefix.

5.0
2006-03-09 CVE-2006-1074 Jason Boettcher Remote Denial Of Service vulnerability in Liero Xtreme

Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers to cause a denial of service (application crash or hang) via a long argument to the connect command.

5.0
2006-03-07 CVE-2006-1067 Linksys Remote IRC Denial Of Service vulnerability in Multiple Router Vendor

Linksys WRT54G routers version 5 (running VXWorks) allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value.

5.0
2006-03-07 CVE-2006-1065 Mybulletinboard SQL-Injection vulnerability in Mybulletinboard 1.04

SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter.

5.0
2006-03-07 CVE-2006-1063 Lurker Input Validation vulnerability in Lurker 0.1A/0.2

Unspecified vulnerability in Lurker 2.0 and earlier allows remote attackers to create or overwrite files in any writable directory that is named "mbox".

5.0
2006-03-07 CVE-2006-1062 Lurker Input Validation vulnerability in Lurker 0.1A/0.2

Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier allows attackers to read arbitrary files via unknown vectors.

5.0
2006-03-07 CVE-2006-1048 Joomla Security Bypass vulnerability in Joomla

Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the (1) Weblink, (2) Polls, (3) Newsfeeds, (4) Weblinks, (5) Content, (6) Content Section, (7) Content Category, (8) Contact items, or (9) Contact Search, (10) Content Search, (11) Newsfeed Search, or (12) Weblink Search.

5.0
2006-03-07 CVE-2006-1046 Monopd Remote Denial Of Service vulnerability in Monopd 0.9.3

server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a string containing a large number of characters that are escaped when Monopd produces XML output.

5.0
2006-03-07 CVE-2006-0047 Freeciv Resource Management Errors vulnerability in Freeciv

packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause a denial of service (server crash) via crafted packets with negative compressed size values.

5.0
2006-03-07 CVE-2006-0883 Openbsd
Freebsd
Resource Management Errors vulnerability in multiple products

OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.

5.0
2006-03-07 CVE-2006-1030 Joomla Information Disclosure vulnerability in Joomla 1.0.7

Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via an unspecified attack vector that reveals the path.

5.0
2006-03-07 CVE-2006-1027 Joomla Information Disclosure vulnerability in Joomla 1.0.7

feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via a "/" (slash) in the feed parameter to index.php, which reveals the path in an error message.

5.0
2006-03-07 CVE-2006-1023 HP Directory Traversal vulnerability in HP System Management Homepage 2.0.0/2.1.4

Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to access certain files via unspecified vectors.

5.0
2006-03-07 CVE-2006-1022 Pehepe Remote PHP Script Code Injection vulnerability in Pehepe Membership Management System 3.0

PHP remote file include vulnerability in sol_menu.php in PeHePe Uyelik Sistemi (aka PeHePe MemberShip Management System) 3 allows remote attackers to include and execute arbitrary PHP code via a URL in the uye_klasor parameter, along with a misafir[] parameter that is set to UYE_SEVIYE.

5.0
2006-03-06 CVE-2006-0815 Networkactiv Remote Script Disclosure vulnerability in Networkactiv web Server 3.5.15

NetworkActiv Web Server 3.5.15 allows remote attackers to read script source code via a crafted URL with a "/" (forward slash) after the file extension.

5.0
2006-03-06 CVE-2006-0458 Irssi Denial of Service vulnerability in Irssi 0.8.10Rc5/0.8.9

The DCC ACCEPT command handler in irssi before 0.8.9+0.8.10rc5-0ubuntu4.1 in Ubuntu Linux, and possibly other distributions, allows remote attackers to cause a denial of service (application crash) via certain crafted arguments in a DCC command.

5.0
2006-03-06 CVE-2006-0949 Raidenhttpd Remote Script Disclosure vulnerability in Raidenhttpd 1.1.47

RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving (1) "." (dot), (2) space, and (3) "/" (slash) characters.

5.0
2006-03-06 CVE-2006-0814 Lighttpd Remote Script Disclosure vulnerability in Lighttpd

response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files.

5.0
2006-03-06 CVE-2006-1003 Netgear Information Disclosure vulnerability in Netgear WGT624 Wireless Firewall Router

The backup configuration option in NETGEAR WGT624 Wireless Firewall Router stores sensitive information in cleartext, which allows remote attackers to obtain passwords and gain privileges.

5.0
2006-03-06 CVE-2006-1001 Lansuite SQL Injection vulnerability in Lansuite Board Module

SQL injection vulnerability in the board module in LanSuite LanParty Intranet System 2.0.6 and 2.1.0 beta allows remote attackers to execute arbitrary SQL commands via the fid parameter.

5.0
2006-03-12 CVE-2006-0557 Linux Local Denial of Service vulnerability in Linux Kernel sys_mbind System Call

sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not sanity check the maxnod variable before making certain computations for the get_nodes function, which has unknown impact and attack vectors.

4.9
2006-03-07 CVE-2006-1068 Netgear Denial-Of-Service vulnerability in Netgear Router

Netgear 614 and 624 routers, possibly running VXWorks, allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value.

4.9
2006-03-10 CVE-2006-0667 IBM Local Security vulnerability in AIX 5.2/5.3

lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack.

4.6
2006-03-09 CVE-2006-1125 Grisoft Local Insecure Permissions vulnerability in AVG Anti-Virus

Grisoft AVG Free 7.1, and other versions including 7.0.308, sets Everyone/Full Control permissions for certain update files including (1) upd_vers.cfg, (2) incavi.avm, and (3) unspecified drivers, which might allow local users to gain privileges.

4.6
2006-03-09 CVE-2006-0742 Linux Local Denial of Service vulnerability in Linux Kernel die_if_kernel

The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux kernel 2.6.x before 2.6.15.6, possibly when compiled with certain versions of gcc, has the "noreturn" attribute set, which allows local users to cause a denial of service by causing user faults on Itanium systems.

4.6
2006-03-06 CVE-2006-1009 M4 Project Local Security vulnerability in Enigma-Suite

M4 Project enigma-suite before 0.73.3 (Windows) has a default password of "nominal" for the "enigma-client" account, which allows local users to gain access.

4.6
2006-03-12 CVE-2006-1165 Andreas Gohr Cross-Site Scripting vulnerability in DokuWiki Mediamanager

Cross-site scripting (XSS) vulnerability in the mediamanager module in DokuWiki before 2006-03-05 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors relating to "handling EXIF data."

4.3
2006-03-12 CVE-2006-1160 EFS Software Input Validation vulnerability in EFS Software EFS web Server 3.2

Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to inject arbitrary web script or HTML via the Description field in creating a folder or uploading a file.

4.3
2006-03-12 CVE-2006-1157 ADP HTML Injection vulnerability in ADP Forum Subject Field

Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Subject field (possibly messaggio parameter) when posting a new message in post.php.

4.3
2006-03-12 CVE-2006-1155 Manas Tungare Input Validation vulnerability in Manas Tungare Site Membership Script

Cross-site scripting (XSS) vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to inject arbitrary web script or HTML via the Error parameter in (1) login.asp and (2) default.asp.

4.3
2006-03-10 CVE-2006-1143 Ftpoed Cross-Site Scripting vulnerability in Ftpoed Blog Engine 1.1

Cross-site scripting (XSS) vulnerability in FTPoed Blog Engine 1.1 allows remote attackers to inject arbitrary web script or HTML via the comment_body parameter, as used by the comment field, when posting a comment.

4.3
2006-03-10 CVE-2006-1135 Sblog HTML Injection vulnerability in Sblog 0.7.2

Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to search.php or (2) username parameter to comments_do.php.

4.3
2006-03-10 CVE-2006-1133 Vbzoom Cross-Site Scripting vulnerability in Vbzoom 1.11

Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to (1) comment.php or (2) contact.php.

4.3
2006-03-10 CVE-2006-1131 Bitweaver HTML Injection vulnerability in Bitweaver 1.2.1

Cross-site scripting (XSS) vulnerability in read.php in bitweaver CMS 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the comment_title parameter.

4.3
2006-03-10 CVE-2006-1130 Ekinboard Input Validation vulnerability in Ekinboard 1.0.3

Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag.

4.3
2006-03-09 CVE-2006-1127 Gallery Project HTML Injection vulnerability in Gallery Album Comments

Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album.

4.3
2006-03-09 CVE-2006-1110 Aztek Forum HTML Injection vulnerability in Aztek Forum Aztek Forum 4.0

Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0 allows remote attackers to inject arbitrary web script or HTML via the message body in a new message.

4.3
2006-03-09 CVE-2006-1107 Nmdeluxe Input Validation vulnerability in Nmdeluxe 1.0

Cross-site scripting (XSS) vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the nick parameter.

4.3
2006-03-09 CVE-2006-1106 Pixelpost Input Validation vulnerability in Pixelpost

Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) message, (2) name, (3) url, and (4) email parameters when commenting on a post.

4.3
2006-03-09 CVE-2006-1097 Datenbank Module Cross-Site Scripting vulnerability in Datenbank Module Datenbank Module Mod2.7

Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allow remote attackers to inject arbitrary web script or HTML via the fileid parameter to (1) info_db.php or (2) database.php.

4.3
2006-03-09 CVE-2006-1096 Digital Builder Input Validation vulnerability in NZ Ecommerce

** DISPUTED ** Cross-site scripting (XSS) vulnerability in index.php in NZ Ecommerce allows remote attackers to inject arbitrary web script or HTML via the action parameter.

4.3
2006-03-09 CVE-2006-1089 Punbb Cross-Site Scripting vulnerability in PunBB

Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag.

4.3
2006-03-09 CVE-2006-1082 Phparcadescript Cross-Site Scripting vulnerability in PHParcadescript 2.0

Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the gamename parameter in tellafriend.php, (2) the login_status parameter in loginbox.php, (3) the submissionstatus parameter in index.php, the (4) cell_title_background_color and (5) browse_cat_name parameters in browse.php, the (6) gamefile parameter in displaygame.php, and (7) possibly other parameters in unspecified PHP scripts.

4.3
2006-03-09 CVE-2006-1080 Game Panel Cross-Site Scripting vulnerability in Game-Panel 2.6/2.6.1

Cross-site scripting (XSS) vulnerability in login.php in Game-Panel 2.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter, possibly requiring a URL encoded value.

4.3
2006-03-09 CVE-2006-1077 EVO DEV HTML Injection vulnerability in Evo-Dev evoBlog Comment Post

Multiple cross-site scripting (XSS) vulnerabilities in the commentary in Evo-Dev evoBlog allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter and (2) other unspecified parameters.

4.3
2006-03-08 CVE-2006-1072 Simplog Information Disclosure vulnerability in Simplog

Cross-site scripting (XSS) vulnerability in Daverave Simplog 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog post.

4.3
2006-03-08 CVE-2006-1071 Dvguestbook Cross-Site Scripting vulnerability in Dvguestbook 1.2.2

Cross-site scripting (XSS) vulnerability in index.php in DVguestbook 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3
2006-03-08 CVE-2006-1070 Dvguestbook Cross-Site Scripting vulnerability in Dvguestbook 1.0

Cross-site scripting (XSS) vulnerability in dv_gbook.php in DVguestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the f parameter.

4.3
2006-03-07 CVE-2006-1041 Gregarius Input Validation vulnerability in Gregarius 0.5.2

Multiple cross-site scripting (XSS) vulnerabilities in Gregarius 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_query parameter to search.php or (2) tag parameter to tags.php.

4.3
2006-03-07 CVE-2006-1040 Jelsoft HTML Injection vulnerability in Jelsoft Vbulletin 3.0.12/3.5.3

Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php.

4.3
2006-03-07 CVE-2006-1034 Woltlab Cross-Site Scripting vulnerability in Woltlab Burning Board

Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning Board (wBB) allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to galerie_index.php and possibly (2) galerie_onfly.php.

4.3
2006-03-07 CVE-2006-1033 CPG Nuke Cross-Site Scripting vulnerability in CPG Dragonfly CMS

Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) uname, (2) error, (3) profile or (4) the username filed parameter to the (a) Your_Account module, (5) catid, (6) sid, (7) Story Text or (8) Extended text text fields in the (b) News module, (9) month, (10) year or (11) sa parameter to the (c) Stories_Archive module, (12) show, (13) cid, (14) ratetype, or (15) orderby parameter to the (d) Web_Links module, (16) op, or (17) pollid parameter to the (e) Surveys module, (18) c parameter to the (f) Downloads module, (19) meta, or (20) album parameter to the (g) coppermine module, or the search box in the (21) Search, (22) Stories_Archive, (23) Downloads, and (24) Topics module.

4.3
2006-03-07 CVE-2006-1029 Joomla Cross-Site Scripting vulnerability in Joomla 1.0.7

The cross-site scripting (XSS) countermeasures in class.inputfilter.php in Joomla! 1.0.7 allow remote attackers to cause a denial of service via a crafted mosmsg parameter to index.php with a malformed sequence of multiple tags, as demonstrated using "<<>AAA<><>", possibly due to nested or empty tags.

4.3
2006-03-07 CVE-2006-1021 Pehepe Cross-Site Scripting vulnerability in Pehepe Membership Management System and Uyelik Sistemi

Cross-site scripting (XSS) vulnerability in sol_menu.php in PeHePe Uyelik Sistemi (aka PeHePe MemberShip Management System) 3 allows remote attackers to inject arbitrary web script or HTML via the kuladi parameter ($kul_adi variable).

4.3
2006-03-07 CVE-2006-1019 Ukiweb HTML Injection vulnerability in Ukiweb Ukiboard 3.0.1

Cross-site scripting (XSS) vulnerability in fce.php in UKiBoard 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a BBCode url tag when using the show_post function.

4.3
2006-03-06 CVE-2006-1004 Cactusoft Cross-Site Scripting vulnerability in Cactusoft Parodia 6.2

Cross-site scripting (XSS) vulnerability in agencyprofile.asp in Parodia 6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the AG_ID parameter.

4.3
2006-03-10 CVE-2006-1147 COR Entertainment Remote vulnerability in COR Entertainment Alien Arena 2006 Gold5.00

The Com_sprintf function in q_shared.c in Alien Arena 2006 Gold Edition 5.00 does not properly NULL terminate certain long strings, which allows remote attackers (possibly authenticated) to cause a denial of service (application crash) via a long skin, weapon, or model name.

4.0
2006-03-09 CVE-2006-1119 Netenberg
Cpanel
Permissions, Privileges, and Access Controls vulnerability in Netenberg Fantastico DE Luxe

fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message.

4.0

14 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-03-12 CVE-2006-1166 Monotone Unspecified vulnerability in Monotone 0.25

Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary Lua programs as the user running monotone.

3.7
2006-03-07 CVE-2006-1014 PHP Security Bypass vulnerability in PHP

Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X arguments to sendmail.

3.2
2006-03-10 CVE-2006-1144 David Ravenscroft Cross-Site Scripting vulnerability in David Ravenscroft Hithost 1.0.0

Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows remote attackers to inject arbitrary web script or HTML via (1) the user parameter in deleteuser.php and (2) the hits parameter in viewuser.php.

2.6
2006-03-09 CVE-2006-1120 Codeworx Technologies Cross-Site Scripting vulnerability in DCP Portal

Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in the send_write page of (a) index.php; (3) subject, and (4) images parameters to (b) calendar.php; (5) bid, (6) replying_msg, (7) subject, (8) body, and (9) mid parameters to (c) forums.php; (10) subject and (11) message parameters to (d) inbox.php; (12) subject_color and (13) email parameters to (e) lostpassword.php; and the (14) c_name, (15) content_inicial, and (16) cid parameters to (f) mycontents.php.

2.6
2006-03-09 CVE-2006-1117 Ncipher Unspecified vulnerability in Ncipher products

nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force.

2.6
2006-03-09 CVE-2006-1115 Ncipher Unspecified vulnerability in Ncipher Chil, Mscapi CSP and Ncipher Software CD

nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack.

2.6
2006-03-07 CVE-2006-1064 Lurker Input Validation vulnerability in Lurker 0.1A/2.0

Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

2.6
2006-03-07 CVE-2006-1045 Mozilla Remote Information Disclosure vulnerability in Mozilla Thunderbird 1.5

The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.

2.6
2006-03-09 CVE-2006-1092 SUN Local Denial Of Service vulnerability in Sun Solaris Proc Filesystem Pagedata Subsystem

Unspecified vulnerability in the pagedata subsystem of the process file system (/proc) in Solaris 8 through 10 allows local users to cause a denial of service (system hang or panic) via unknown attack vectors that cause cause the kmem_oversize arena to allocate a large amount of system memory that does not get freed.

2.1
2006-03-07 CVE-2006-1050 Kwik PAY Unspecified vulnerability in Kwik-Pay Payroll 4.2.20

** DISPUTED ** Kwik-Pay Payroll 4.2.20, and possibly other versions, stores the KwikPay.mdb database file with insecure permissions, which allows local users to obtain sensitive information such as employment and payment data.

2.1
2006-03-07 CVE-2006-0555 Linux Denial of Service vulnerability in Linux Kernel NFS Client

The Linux Kernel before 2.6.15.5 allows local users to cause a denial of service (NFS client panic) via unknown attack vectors related to the use of O_DIRECT (direct I/O).

2.1
2006-03-06 CVE-2006-1011 Peters Software Local Information Disclosure vulnerability in Peters Software Lettermerger 1.2

LetterMerger 1.2 stores user information in Access database files with insecure permissions, which allows local users to obtain sensitive information.

2.1
2006-03-07 CVE-2006-0554 Linux Local Information Disclosure vulnerability in Linux Kernel XFS File System

Linux kernel 2.6 before 2.6.15.5 allows local users to obtain sensitive information via a crafted XFS ftruncate call, which may return stale data.

1.7
2006-03-07 CVE-2006-0741 Linux Denial of Service vulnerability in Linux Kernel ELF File Entry Point

Linux kernel before 2.6.15.5, when running on Intel processors, allows local users to cause a denial of service ("endless recursive fault") via unknown attack vectors related to a "bad elf entry address."

1.2