Weekly Vulnerabilities Reports > March 13 to 19, 2006
Overview
114 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 37 high severity vulnerabilities. This weekly summary report vulnerabilities in 93 products from 78 vendors including Apple, Microsoft, Dsportal, Drupal, and Gnome. Vulnerabilities are notably categorized as "Code Injection", "Resource Management Errors", "Numeric Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "SQL Injection".
- 97 reported vulnerabilities are remotely exploitables.
- 8 reported vulnerabilities have public exploit available.
- 4 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 110 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 7 reported vulnerabilities.
- Himpfen Consulting has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
4 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-03-19 | CVE-2006-1276 | Himpfen Consulting | Authentication Bypass vulnerability in PHP SimpleNEWS admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows remote attackers to bypass authentication by setting the admin parameter in a cookie. | 10.0 |
2006-03-19 | CVE-2006-1255 | Mercur | Remote Buffer Overflow vulnerability in MERCUR Messaging 2005 IMAP Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string to the (1) LOGIN or (2) SELECT command, a different set of attack vectors and possibly a different vulnerability than CVE-2003-1177. | 10.0 |
2006-03-19 | CVE-2006-1254 | Borderware | Remote vulnerability in BorderWare MXtreme Web Administration Unspecified vulnerability in BorderWare MXtreme 5.0 and 6.0 allows remote attackers to have an unknown impact via unknown attack vectors. | 10.0 |
2006-03-19 | CVE-2006-1250 | Amax Information Technologies | Multiple Unspecified vulnerability in Amax Information Technologies Winmail 4.3 Unspecified vulnerability in the Webmail module in Winmail before 4.3 has unknown impact and unknown remote attack vectors. | 10.0 |
37 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-03-19 | CVE-2006-1268 | Funkwerk | Denial Of Service vulnerability in Funkwerk X2300 7.2.1 The Internet Key Exchange implementation in Funkwerk X2300 7.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite. | 7.8 |
2006-03-13 | CVE-2006-0819 | Gnome | Input Validation vulnerability in Gnome Dwarf Http Server 1.3.2 Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request. | 7.8 |
2006-03-15 | CVE-2006-1244 | Gnome Libextractor Xpdf Debian | Multiple Unspecified vulnerability in XPDF Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. | 7.6 |
2006-03-19 | CVE-2006-1296 | Beagle Project | Unspecified vulnerability in Beagle-Project Beagle 0.2.2.1 Untrusted search path vulnerability in Beagle 0.2.2.1 might allow local users to gain privileges via a malicious beagle-info program in the current working directory, or possibly directories specified in the PATH. | 7.5 |
2006-03-19 | CVE-2006-1294 | Knowledgebasepublisher | Remote File Include vulnerability in Knowledgebasepublisher 1.2 PHP remote file include vulnerability in PageController.php in KnowledgebasePublisher 1.2 allows remote attackers to include and execute arbitrary PHP code via a URL in the dir parameter. | 7.5 |
2006-03-19 | CVE-2006-1291 | PHP Icalendar | Unspecified vulnerability in PHP Icalendar PHP Icalendar publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character. | 7.5 |
2006-03-19 | CVE-2006-1289 | Milkeyway | Input Validation vulnerability in Milkeyway Captive Portal 0.1/0.1.1 Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) password, (3) team, (4) level, (5) status, (6) teamname, and (7) teamlead parameters in (a) auth.php; the (8) username, (9) action, and (10) filter parameters in (b) authuser.php; the (11) username parameter in (c) utils.php; the (12) id and (13) date parameters in (d) traffic.php; the (14) username parameter in (e) userstatistics.php; and the (15) USERNAME and (16) PASSWORD parameters in a cookie to (f) chgpwd.php. | 7.5 |
2006-03-19 | CVE-2006-1288 | Invision Power Services | SQL-Injection vulnerability in Invision Power Services Invision Power Board 2.0.4/2.1.4 Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3) the topics variable in usercp.php; and the topicsread cookie in (4) topics.php, (5) search.php, and (6) forums.php. | 7.5 |
2006-03-19 | CVE-2006-1280 | Sherzod Ruzmetov | Information Disclosure vulnerability in CGI::Session CGI::Session 4.03-1 does not set proper permissions on temporary files created in (1) Driver::File and (2) Driver::db_file, which allows local users to obtain privileged information, such as session keys, by viewing the files. | 7.5 |
2006-03-19 | CVE-2006-1271 | Oxynews | SQL Injection vulnerability in Oxynews SQL injection vulnerability in index.php in OxyNews allows remote attackers to execute arbitrary SQL commands via the oxynews_comment_id parameter. | 7.5 |
2006-03-19 | CVE-2006-1265 | Xhawk NET | SQL Injection vulnerability in Xhawk.Net Discussion 2.0Beta2 SQL injection vulnerability in discussion.class.php in xhawk.net discussion 2.0 beta2 allows remote attackers to execute arbitrary SQL commands via the view parameter. | 7.5 |
2006-03-19 | CVE-2006-1262 | Aspportal | Input Validation vulnerability in Aspportal 3.0.0 Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors. | 7.5 |
2006-03-19 | CVE-2006-1259 | Maian | SQL-Injection vulnerability in Maian Support 1.0 Multiple SQL injection vulnerabilities in Maian Support 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) pass parameter to admin/index.php. | 7.5 |
2006-03-19 | CVE-2006-1257 | Microsoft | Authentication Bypass vulnerability in Microsoft Commerce Server 2002 The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice. | 7.5 |
2006-03-19 | CVE-2006-1252 | Light Weight Calendar | Remote Command Execution vulnerability in Light Weight Calendar Light Weight Calendar 1.0 Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php. | 7.5 |
2006-03-17 | CVE-2006-1245 | Microsoft | Buffer Overflow vulnerability in Microsoft IE 6.0 Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability." | 7.5 |
2006-03-15 | CVE-2006-1243 | Alexander Palmo | Local File Include vulnerability in Simple PHP Blog Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php. | 7.5 |
2006-03-15 | CVE-2006-1237 | Dsportal | SQL Injection vulnerability in Dsportal Dsnewsletter 1.0 Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the email parameter to (1) include/sub.php, (2) include/confirm.php, or (3) include/unconfirm.php. | 7.5 |
2006-03-15 | CVE-2006-1236 | Crossfire | Unspecified vulnerability in Crossfire 1.9.0 Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010. | 7.5 |
2006-03-14 | CVE-2006-1232 | Dsportal | SQL-Injection vulnerability in Dsportal Dsdownload 1.0 Multiple SQL injection vulnerabilities in DSDownload 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) key and (2) category parameters to (a) search.php and (b) downloads.php. | 7.5 |
2006-03-14 | CVE-2006-1229 | Hosting Controller | SQL-Injection vulnerability in Hosting Controller Hosting Controller 6.1Hotfix2.9 SQL injection vulnerability in search.asp in Hosting Controller 6.1 (Hotfix 2.9) allows remote attackers to execute arbitrary SQL commands via the search parameter. | 7.5 |
2006-03-14 | CVE-2006-0400 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives." | 7.5 |
2006-03-14 | CVE-2006-0399 | Apple | Code Injection vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. | 7.5 |
2006-03-14 | CVE-2006-0398 | Apple | Code Injection vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. | 7.5 |
2006-03-14 | CVE-2006-0397 | Apple | Code Injection vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. | 7.5 |
2006-03-14 | CVE-2006-1217 | Dsportal | SQL Injection vulnerability in Dsportal Dspoll 1.1 SQL injection vulnerability in DSPoll 1.1 allows remote attackers to execute arbitrary SQL commands via the pollid parameter to (1) results.php, (2) topolls.php, (3) pollit.php. | 7.5 |
2006-03-14 | CVE-2006-1213 | Jiro | Unspecified vulnerability in Jiro Banner System 1.0Experience/1.0Professional JiRo's Banner System Experience and Professional 1.0 and earlier allows remote attackers to bypass access restrictions and gain privileges via a direct request to certain scripts in the files directory, as demonstrated by using addadmin.asp to create a new administrator account. | 7.5 |
2006-03-14 | CVE-2006-1212 | Corenews | Remote Code Execution vulnerability in Corenews 2.0.1 Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability. | 7.5 |
2006-03-14 | CVE-2006-1211 | Micromuse | SQL-Injection vulnerability in Micromuse Netcool Neusecure 3.0.236 IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions. | 7.5 |
2006-03-14 | CVE-2006-1210 | Micromuse | Unspecified vulnerability in Micromuse Netcool Neusecure 3.0.236 The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the source. | 7.5 |
2006-03-14 | CVE-2006-1203 | Txtforum | Remote PHP Script Code Injection vulnerability in txtForum PHP remote file include vulnerability in common.php in txtForum 1.0.4-dev and earlier allows remote attackers to include and execute arbitrary PHP code via a URL in the skin parameter to login.php, and possibly other parameters to other PHP scripts, related to include statements in common.php. | 7.5 |
2006-03-14 | CVE-2006-1200 | Daverave | Remote PHP Script Code Injection vulnerability in Link Bank Direct static code injection vulnerability in add_link.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the url_name parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement. | 7.5 |
2006-03-19 | CVE-2006-1274 | Avira | Local Privilege Escalation vulnerability in Avira Antivir Personal 7 Classic Planer in AntiVir PersonalEdition Classic 7 does not drop privileges before executing external programs, which allows local users to gain privileges via notepad.exe, which is used to display scan reports. | 7.2 |
2006-03-17 | CVE-2006-1246 | IBM | Local Privilege Escalation vulnerability in IBM AIX 5.3 Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 allows local users to execute arbitrary commands when mklvcopy calls external commands, possibly due to an untrusted search path vulnerability. | 7.2 |
2006-03-13 | CVE-2006-1197 | Macrovision | Local Privilege Escalation vulnerability in SafeDisc Secdrv.SYS SafeDisc installs the driver service for the secdrv.sys driver with insecure permissions, which allows local users to gain privileges by changing the configuration to reference a malicious program. | 7.2 |
2006-03-13 | CVE-2006-1183 | Ubuntu | Local Installation Password Disclosure vulnerability in Ubuntu Linux 5.10 The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges. | 7.2 |
2006-03-14 | CVE-2006-0457 | Linux | Local Copy_To_User Race vulnerability in Linux Kernel Security Key Functions Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions in Linux kernel 2.6.x allows local users to cause a denial of service (crash) or read sensitive kernel memory by modifying the length of a string argument between the time that the kernel calculates the length and when it copies the data into kernel memory. | 7.1 |
63 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-03-19 | CVE-2006-1278 | Upoint | SQL Injection vulnerability in Upoint @1 File Store 2006.03.07 SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) functions.php and (2) user.php in the libs directory, (3) edit.php and (4) delete.php in control/files/, (5) edit.php and (6) delete.php in control/users/, (7) edit.php, (8) access.php, and (9) in control/folders/, (10) access.php and (11) delete.php in control/groups/, (12) confirm.php, and (13) download.php; (14) the email parameter in password.php, and (15) the id parameter in folder.php. | 6.8 |
2006-03-19 | CVE-2006-1249 | Apple | Numeric Errors vulnerability in Apple Itunes and Quicktime Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks. | 6.8 |
2006-03-19 | CVE-2006-1269 | Rahul Dhesi | Local Buffer Overflow vulnerability in Rahul Dhesi ZOO 2.10 Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation. | 6.2 |
2006-03-14 | CVE-2006-1221 | Zonelabs | Local Privilege Escalation vulnerability in Zonelabs Zonealarm Security Suite 6.1.744.000 Untrusted search path vulnerability in the TrueVector service (VSMON.exe) in Zone Labs ZoneAlarm 6.x and Integrity does not search ZoneAlarm's own folders before other folders that are specified in a user's PATH, which might allow local users to execute code as SYSTEM by placing malicious DLLs into a folder that has insecure permissions, but is searched before ZoneAlarm's folder. | 6.2 |
2006-03-19 | CVE-2006-1287 | Invision Power Services | Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board 2.0.4/2.1.4 Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using Internet Explorer. | 5.8 |
2006-03-19 | CVE-2006-1277 | Upoint | Input Validation vulnerability in @1 File Store Cross-site scripting (XSS) vulnerability in signup.php in @1 File Store 2006.03.07 allows remote attackers to inject arbitrary web script or HTML via the (1) real_name, (2) email, and (3) login parameters. | 5.8 |
2006-03-19 | CVE-2006-1267 | Invision Power Services | Remote Security vulnerability in Invision Power Services Invision Power Board 2.1.4 Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request. | 5.1 |
2006-03-15 | CVE-2006-1238 | Dsportal | SQL Injection vulnerability in Dsportal Dslogin 1.0 SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the $log_userid variable in (1) index.php and (2) admin/index.php. | 5.1 |
2006-03-15 | CVE-2006-0024 | Macromedia | Security vulnerability in Macromedia Flash Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file. | 5.1 |
2006-03-14 | CVE-2006-0031 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Office Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption. | 5.1 |
2006-03-14 | CVE-2006-0030 | Microsoft | Unspecified vulnerability in Microsoft Excel and Office Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption. | 5.1 |
2006-03-14 | CVE-2006-0029 | Microsoft | Unspecified vulnerability in Microsoft Excel and Office Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption. | 5.1 |
2006-03-14 | CVE-2006-0028 | Microsoft | Unspecified vulnerability in Microsoft Excel and Office Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers. | 5.1 |
2006-03-14 | CVE-2006-1234 | Dsportal | SQL Injection vulnerability in Dsportal Dscounter 1.2 SQL injection vulnerability in index.php in DSCounter 1.2, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header. | 5.1 |
2006-03-14 | CVE-2006-1228 | Drupal | Improper Authentication vulnerability in Drupal Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier. | 5.1 |
2006-03-14 | CVE-2006-0396 | Apple | Remote Buffer Overflow vulnerability in Apple Mac OS X Mail Message Attachment Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real Name value in an e-mail attachment sent in AppleDouble format, which triggers the overflow when the user double-clicks on an attachment. | 5.1 |
2006-03-19 | CVE-2006-1297 | Symantec Veritas | Remote Denial of Service vulnerability in Symantec Veritas Backup Exec and Backup Exec Remote Agent Unspecified vulnerability in Veritas Backup Exec for Windows Server Remote Agent 9.1 through 10.1, for Netware Servers and Remote Agent 9.1 and 9.2, and Remote Agent for Linux Servers 10.0 and 10.1 allow attackers to cause a denial of service (application crash or unavailability) due to "memory errors." | 5.0 |
2006-03-19 | CVE-2006-1292 | PHP Icalendar | Local File Include vulnerability in php iCalendar Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php. | 5.0 |
2006-03-19 | CVE-2006-1279 | Sherzod Ruzmetov | Insecure Temporary File Creation vulnerability in Libcgi-session-perl CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by (1) Driver::File, (2) Driver::db_file, and possibly (3) Driver::sqlite. | 5.0 |
2006-03-19 | CVE-2006-1275 | GGZ Gaming Zone | Resource Management Errors vulnerability in GGZ Gaming Zone GGZ Gaming Zone 0.0.12 GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of service (client disconnect) via inputs that produce malformed XML, including (1) trailing ' (apostrophe) character on the ID attribute in a PLAYER XML tag, (2) joining with a long ID attribute or non-trailing ' characters, which causes a <none> name to be assigned, and then disconnecting, or (3) a long CDATA message attribute, which prevents closing tags from being added to the string. | 5.0 |
2006-03-19 | CVE-2006-1260 | Horde | Information Disclosure vulnerability in Horde Application Framework Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check. | 5.0 |
2006-03-19 | CVE-2006-1251 | SA Exim | Code Injection vulnerability in Sa-Exim 4.0/4.1/4.2 Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command. | 5.0 |
2006-03-15 | CVE-2006-1242 | Linux | Unspecified vulnerability in Linux Kernel The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to conduct an Idle Scan (nmap -sI) attack, which bypasses intended protections against such attacks. | 5.0 |
2006-03-14 | CVE-2006-1235 | David Ravenscroft | Directory Traversal vulnerability in David Ravenscroft Hithost 1.0.0 Directory traversal vulnerability in admin/deleteuser.php in HitHost 1.0.0 might allow remote attackers to delete directories (possibly only empty directories) via the $deleteuser variable. | 5.0 |
2006-03-14 | CVE-2006-1225 | Drupal | Input Validation vulnerability in Drupal CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject headers of outgoing e-mail messages and use Drupal as a spam proxy. | 5.0 |
2006-03-14 | CVE-2006-1219 | Gallery Project | Local File Include vulnerability in Gallery Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php. | 5.0 |
2006-03-14 | CVE-2006-1218 | Novell | Remote Denial Of Service vulnerability in Novell Bordermanager 3.8 Unspecified vulnerability in the HTTP proxy in Novell BorderManager 3.8 and earlier allows remote attackers to cause a denial of service (CPU consumption and ABEND) via unknown attack vectors related to "media streaming over HTTP 1.1". | 5.0 |
2006-03-14 | CVE-2006-1214 | Unreal | Remote Denial Of Service vulnerability in Unreal Unrealircd 3.2.3 UnrealIRCd 3.2.3 allows remote attackers to cause an unspecified denial of service by causing a linked server to send malformed TKL Q:Line commands, as demonstrated by "TKL - q\x08Q *\x08PoC." | 5.0 |
2006-03-14 | CVE-2006-1206 | Dropbear SSH Project | Remote Denial Of Service vulnerability in Dropbear Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, allows remote attackers to cause a denial of service (connection slot exhaustion) via a large number of connection attempts that exceeds the MAX_UNAUTH_CLIENTS defined value of 30. | 5.0 |
2006-03-14 | CVE-2006-1201 | Eschew NET | Directory Traversal vulnerability in Eschew.Net PHPBannerExchange Directory traversal vulnerability in resetpw.php in eschew.net phpBannerExchange 2.0 and earlier, and other versions before 2.0 Update 5, allows remote attackers to read arbitrary files via a .. | 5.0 |
2006-03-13 | CVE-2006-1195 | Enet | Denial of Service vulnerability in ENet The enet_protocol_handle_send_fragment function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including (1) Cube, (2) Sauerbraten, and (3) Duke3d_w32, allows remote attackers to cause a denial of service (application crash) via a packet fragment with a large total data size, which triggers an application abort when memory allocation fails. | 5.0 |
2006-03-13 | CVE-2006-1194 | Enet | Denial of Service vulnerability in ENet Integer signedness error in the enet_protocol_handle_incoming_commands function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including (1) Cube, (2) Sauerbraten, and (3) Duke3d_w32, allows remote attackers to cause a denial of service (application crash) via a packet with a large command length value, which leads to an invalid memory access. | 5.0 |
2006-03-13 | CVE-2006-0049 | GNU | Unspecified vulnerability in GNU Privacy Guard gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455. | 5.0 |
2006-03-19 | CVE-2006-1298 | Symantec Veritas | Remote Format String vulnerability in Veritas Backup Exec Media Server BEngine Service Job Log Format string vulnerability in the Job Engine service (bengine.exe) in the Media Server in Veritas Backup Exec 10d (10.1) for Windows Servers rev. | 4.6 |
2006-03-19 | CVE-2006-1284 | Symantec | Local Administrative Authentication Credentials Disclosure vulnerability in Symantec Ghost Solutions Suite and Norton Ghost The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, includes a default administrator login account and password, which allows local users to gain privileges or modify tasks. | 4.6 |
2006-03-17 | CVE-2006-1248 | HP | Local Unauthorized Access vulnerability in HP Hp-Ux 11.00/11.11/11.23 Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended. | 4.6 |
2006-03-15 | CVE-2006-1241 | Firebirdsql | Local Inet_Server Buffer Overflow vulnerability in Firebirdsql Firebird 1.5.2.4731 Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) fb_inet_server with setuid firebird permissions, which might allow local users to gain privileges via a buffer overflow as identified by CVE-2006-1240, or possibly other vulnerabilities. | 4.6 |
2006-03-15 | CVE-2006-1240 | Firebirdsql | Local Inet_Server Buffer Overflow vulnerability in Firebirdsql Firebird 1.5/1.5.1/1.5.2 Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) fbserver in Firebird 1.5.2.4731 allows local users to gain privileges via a long value of the -p argument. | 4.6 |
2006-03-14 | CVE-2006-1227 | Drupal | Input Validation vulnerability in Drupal Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is used to create a menu item, does not implement access control for the page that is referenced, which might allow remote attackers to access administrator pages. | 4.6 |
2006-03-14 | CVE-2006-1220 | Apple | Local Heap Overflow vulnerability in Apple Mac OS X Kernel MACH_MSG_SEND Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow. | 4.6 |
2006-03-19 | CVE-2006-1295 | Spip | Cross-Site Scripting vulnerability in Spip 1.8.2E/1.8.2G Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter. | 4.3 |
2006-03-19 | CVE-2006-1293 | Astalavista IT Engineering | Cross-Site Scripting vulnerability in Contrexx 1.0.4/1.0.5/1.0.7 Cross-site scripting (XSS) vulnerability in index.php in Contrexx CMS 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF). | 4.3 |
2006-03-19 | CVE-2006-1290 | Milkeyway | Input Validation vulnerability in Milkeyway Captive Portal 0.1/0.1.1 Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) ipAddress, (2) act, (3) username, and (4) unspecified other parameters in (a) authuser.php; and the (5) username and (6) unspecified other parameters in (b) userstatistics.php. | 4.3 |
2006-03-19 | CVE-2006-1282 | Mybulletinboard | Input Validation vulnerability in MyBB CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages. | 4.3 |
2006-03-19 | CVE-2006-1272 | Mybulletinboard | Input Validation vulnerability in Mybulletinboard 1.0.3 Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn, or (4) website field. | 4.3 |
2006-03-19 | CVE-2006-1266 | Virtual Communication Services | Cross-Site Scripting vulnerability in Virtual Communication Services Vpmi Enterprise 3.3 Cross-site scripting (XSS) vulnerability in Service_Requests.asp in VPMi Enterprise 3.3 allows remote attackers to inject arbitrary web script or HTML via the Request_Name_Display parameter. | 4.3 |
2006-03-19 | CVE-2006-1264 | Xhawk NET | Unspecified vulnerability in Xhawk.Net Discussion 2.0Beta2 Cross-site scripting (XSS) vulnerability in xhawk.net discussion 2.0 beta2 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag. | 4.3 |
2006-03-19 | CVE-2006-1263 | Wordpress | Cross-Site Scripting vulnerability in WordPress Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | 4.3 |
2006-03-19 | CVE-2006-1261 | Aspportal | Input Validation vulnerability in Aspportal 3.0.0 Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | 4.3 |
2006-03-19 | CVE-2006-1258 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPmyadmin 2.8.0.1 Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter. | 4.3 |
2006-03-15 | CVE-2006-1239 | Countersoft | HTML Injection vulnerability in Countersoft Gemini 2.0 Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in Gemini 2.0 allows remote attackers to inject arbitrary web script or HTML via the rtcDescription$RadEditor1 field. | 4.3 |
2006-03-14 | CVE-2006-1233 | Mikael Software | Cross-Site Scripting vulnerability in WMNews Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow remote attackers to inject arbitrary web script or HTML via the (1) ArtCat parameter to wmview.php, (2) ctrrowcol parameter to footer.php, or (3) ArtID parameter to wmcomments.php. | 4.3 |
2006-03-14 | CVE-2006-1230 | Belchior Foundry | Cross-Site Scripting vulnerability in Belchior Foundry Vcard 2.6/2.8/2.9 Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. | 4.3 |
2006-03-14 | CVE-2006-1226 | Drupal | Input Validation vulnerability in Drupal Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | 4.3 |
2006-03-14 | CVE-2006-1223 | Jupiter CMS | HTML Injection vulnerability in Jupiter CMS Jupiter CMS 1.1.4 Cross-site scripting (XSS) vulnerability in Jupiter Content Manager 1.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in the image BBcode tag. | 4.3 |
2006-03-14 | CVE-2006-1222 | Zeroboard | HTML Injection vulnerability in Zeroboard Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title, (2) user email, and (3) homepage fields. | 4.3 |
2006-03-14 | CVE-2006-1216 | Runcms | Cross-Site Scripting vulnerability in RunCMS Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
2006-03-14 | CVE-2006-1215 | Woltlab | Cross-Site Scripting vulnerability in Woltlab Burning Board 2.3.4 Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the percent parameter. | 4.3 |
2006-03-14 | CVE-2006-1205 | Mywebland | Cross-Site Scripting vulnerability in Mywebland Mybloggie 2.1.2/2.1.3/2.1.3Beta Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php. | 4.3 |
2006-03-14 | CVE-2006-1204 | Txtforum | Cross-Site Scripting vulnerability in txtForum Multiple cross-site scripting (XSS) vulnerabilities in txtForum 1.0.4-dev and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prev, (2) next, and (3) rand5 parameters in (a) index.php; the (4) r_username and (5) r_loc parameters in (b) new_topic.php; the (6) r_num, (7) r_family_name, (8) r_icq, (9) r_yahoo, (10) r_aim, (11) r_homepage, (12) r_interests, (13) r_about, (14) selected1, (15) selected0, (16) signature_selected1, (17) signature_selected0, (18) smile_selected1, (19) smile_selected0, (20) ubb_selected1, and (21) ubb_selected0 parameters in (c) profile.php; the (22) quote and (23) tid parameters in (d) reply.php; and the (24) tid, (25) sticked, and (26) mid parameters in (e) view_topic.php. | 4.3 |
2006-03-14 | CVE-2006-1199 | Daverave | Cross-Site Scripting vulnerability in Link Bank Cross-site scripting (XSS) vulnerability in iframe.php in daverave Link Bank allows remote attackers to inject arbitrary web script or HTML via the site parameter. | 4.3 |
2006-03-13 | CVE-2006-1196 | David Barrett | Cross-Site Scripting vulnerability in David Barrett Qwikiwiki 1.4/1.5/1.5.1 Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) from and (2) help parameters to (a) index.php; (3) action, (4) page, (5) debug, (6) help, (7) username, or (8) password parameters to (b) login.php; the (7) help parameter to (c) pageindex.php; or (8) help parameter to (d) recentchanges.php. | 4.3 |
2006-03-13 | CVE-2006-0820 | Gnome | Input Validation vulnerability in Gnome Dwarf Http Server 1.3.2 Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified error messages. | 4.3 |
10 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-03-14 | CVE-2006-1198 | Comvigo | Unspecified vulnerability in Comvigo IM Lock Home2006/Professional2006 Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a password stored in the msnvs\prc registry value, for which all users have Read permission, which allows local users to bypass the product's blocking functionality by decrypting the password. | 3.7 |
2006-03-19 | CVE-2006-1281 | Mybulletinboard | Input Validation vulnerability in MyBB Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. | 3.5 |
2006-03-19 | CVE-2006-1270 | Inprotect | Cross-Site Scripting vulnerability in Inprotect Zones.PHP Multiple cross-site scripting (XSS) vulnerabilities in zones.php in Inprotect 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Description field. | 3.5 |
2006-03-19 | CVE-2006-1285 | Symantec | Local Information Disclosure and Data Corruption vulnerability in Symantec Ghost Solutions Suite and Norton Ghost SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information. | 3.2 |
2006-03-19 | CVE-2006-1256 | Skullsplitter | HTML Injection vulnerability in Skullsplitter PHP Guestbook 2.7 Cross-site scripting (XSS) vulnerability in guestbook.php in Soren Boysen (SkullSplitter) PHP Guestbook 2.6 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 2.6 |
2006-03-16 | CVE-2006-1182 | Adobe | Remote Command Execution vulnerability in Adobe Graphics Server / Document Server Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe Document Server (ADS) 5.0 and 6.0 allows local users to read files with certain extensions or overwrite arbitrary files and execute code via a crafted SOAP request to the AlterCast web service in which the request uses the (1) saveContent or (2) saveOptimized ADS commands, or the (3) loadContent command. | 2.6 |
2006-03-14 | CVE-2006-1224 | Guppy | Remote Directory Traversal vulnerability in GuppY Dwnld.PHP Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows remote attackers to overwrite arbitrary files via a "%2E." (mixed encoding) in the pg parameter. | 2.6 |
2006-03-13 | CVE-2006-0950 | Unalz | Path Traversal vulnerability in Unalz 0.53 unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." (dot dot) sequences in a filename. | 2.6 |
2006-03-19 | CVE-2006-1286 | Symantec | Information Disclosure vulnerability in Symantec Ghost Solutions Suite and Norton Ghost Buffer overflow in the login dialog in dbisqlc.exe in SQLAnywhere for Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, might allow local users to read certain sensitive information from the database. | 2.1 |
2006-03-14 | CVE-2006-1231 | Julian Pawlowski | Unspecified vulnerability in Julian Pawlowski Capi4Hylafax 1.3 CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, allows local users to modify arbitrary files via a symlink attack on the c2faxrecv_dbgdatafile.sff temporary file. | 1.2 |