Weekly Vulnerabilities Reports > March 13 to 19, 2006

Overview

114 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 37 high severity vulnerabilities. This weekly summary report vulnerabilities in 93 products from 78 vendors including Apple, Microsoft, Dsportal, Drupal, and Gnome. Vulnerabilities are notably categorized as "Code Injection", "Resource Management Errors", "Numeric Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "SQL Injection".

  • 97 reported vulnerabilities are remotely exploitables.
  • 8 reported vulnerabilities have public exploit available.
  • 4 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 110 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 7 reported vulnerabilities.
  • Himpfen Consulting has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

4 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-03-19 CVE-2006-1276 Himpfen Consulting Authentication Bypass vulnerability in PHP SimpleNEWS

admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows remote attackers to bypass authentication by setting the admin parameter in a cookie.

10.0
2006-03-19 CVE-2006-1255 Mercur Remote Buffer Overflow vulnerability in MERCUR Messaging 2005 IMAP

Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string to the (1) LOGIN or (2) SELECT command, a different set of attack vectors and possibly a different vulnerability than CVE-2003-1177.

10.0
2006-03-19 CVE-2006-1254 Borderware Remote vulnerability in BorderWare MXtreme Web Administration

Unspecified vulnerability in BorderWare MXtreme 5.0 and 6.0 allows remote attackers to have an unknown impact via unknown attack vectors.

10.0
2006-03-19 CVE-2006-1250 Amax Information Technologies Multiple Unspecified vulnerability in Amax Information Technologies Winmail 4.3

Unspecified vulnerability in the Webmail module in Winmail before 4.3 has unknown impact and unknown remote attack vectors.

10.0

37 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-03-19 CVE-2006-1268 Funkwerk Denial Of Service vulnerability in Funkwerk X2300 7.2.1

The Internet Key Exchange implementation in Funkwerk X2300 7.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite.

7.8
2006-03-13 CVE-2006-0819 Gnome Input Validation vulnerability in Gnome Dwarf Http Server 1.3.2

Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request.

7.8
2006-03-15 CVE-2006-1244 Gnome
Libextractor
Xpdf
Debian
Multiple Unspecified vulnerability in XPDF

Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc.

7.6
2006-03-19 CVE-2006-1296 Beagle Project Unspecified vulnerability in Beagle-Project Beagle 0.2.2.1

Untrusted search path vulnerability in Beagle 0.2.2.1 might allow local users to gain privileges via a malicious beagle-info program in the current working directory, or possibly directories specified in the PATH.

7.5
2006-03-19 CVE-2006-1294 Knowledgebasepublisher Remote File Include vulnerability in Knowledgebasepublisher 1.2

PHP remote file include vulnerability in PageController.php in KnowledgebasePublisher 1.2 allows remote attackers to include and execute arbitrary PHP code via a URL in the dir parameter.

7.5
2006-03-19 CVE-2006-1291 PHP Icalendar Unspecified vulnerability in PHP Icalendar PHP Icalendar

publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character.

7.5
2006-03-19 CVE-2006-1289 Milkeyway Input Validation vulnerability in Milkeyway Captive Portal 0.1/0.1.1

Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) password, (3) team, (4) level, (5) status, (6) teamname, and (7) teamlead parameters in (a) auth.php; the (8) username, (9) action, and (10) filter parameters in (b) authuser.php; the (11) username parameter in (c) utils.php; the (12) id and (13) date parameters in (d) traffic.php; the (14) username parameter in (e) userstatistics.php; and the (15) USERNAME and (16) PASSWORD parameters in a cookie to (f) chgpwd.php.

7.5
2006-03-19 CVE-2006-1288 Invision Power Services SQL-Injection vulnerability in Invision Power Services Invision Power Board 2.0.4/2.1.4

Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3) the topics variable in usercp.php; and the topicsread cookie in (4) topics.php, (5) search.php, and (6) forums.php.

7.5
2006-03-19 CVE-2006-1280 Sherzod Ruzmetov Information Disclosure vulnerability in CGI::Session

CGI::Session 4.03-1 does not set proper permissions on temporary files created in (1) Driver::File and (2) Driver::db_file, which allows local users to obtain privileged information, such as session keys, by viewing the files.

7.5
2006-03-19 CVE-2006-1271 Oxynews SQL Injection vulnerability in Oxynews

SQL injection vulnerability in index.php in OxyNews allows remote attackers to execute arbitrary SQL commands via the oxynews_comment_id parameter.

7.5
2006-03-19 CVE-2006-1265 Xhawk NET SQL Injection vulnerability in Xhawk.Net Discussion 2.0Beta2

SQL injection vulnerability in discussion.class.php in xhawk.net discussion 2.0 beta2 allows remote attackers to execute arbitrary SQL commands via the view parameter.

7.5
2006-03-19 CVE-2006-1262 Aspportal Input Validation vulnerability in Aspportal 3.0.0

Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors.

7.5
2006-03-19 CVE-2006-1259 Maian SQL-Injection vulnerability in Maian Support 1.0

Multiple SQL injection vulnerabilities in Maian Support 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) pass parameter to admin/index.php.

7.5
2006-03-19 CVE-2006-1257 Microsoft Authentication Bypass vulnerability in Microsoft Commerce Server 2002

The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.

7.5
2006-03-19 CVE-2006-1252 Light Weight Calendar Remote Command Execution vulnerability in Light Weight Calendar Light Weight Calendar 1.0

Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php.

7.5
2006-03-17 CVE-2006-1245 Microsoft Buffer Overflow vulnerability in Microsoft IE 6.0

Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."

7.5
2006-03-15 CVE-2006-1243 Alexander Palmo Local File Include vulnerability in Simple PHP Blog

Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.

7.5
2006-03-15 CVE-2006-1237 Dsportal SQL Injection vulnerability in Dsportal Dsnewsletter 1.0

Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the email parameter to (1) include/sub.php, (2) include/confirm.php, or (3) include/unconfirm.php.

7.5
2006-03-15 CVE-2006-1236 Crossfire Unspecified vulnerability in Crossfire 1.9.0

Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010.

7.5
2006-03-14 CVE-2006-1232 Dsportal SQL-Injection vulnerability in Dsportal Dsdownload 1.0

Multiple SQL injection vulnerabilities in DSDownload 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) key and (2) category parameters to (a) search.php and (b) downloads.php.

7.5
2006-03-14 CVE-2006-1229 Hosting Controller SQL-Injection vulnerability in Hosting Controller Hosting Controller 6.1Hotfix2.9

SQL injection vulnerability in search.asp in Hosting Controller 6.1 (Hotfix 2.9) allows remote attackers to execute arbitrary SQL commands via the search parameter.

7.5
2006-03-14 CVE-2006-0400 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives."

7.5
2006-03-14 CVE-2006-0399 Apple Code Injection vulnerability in Apple mac OS X and mac OS X Server

Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type.

7.5
2006-03-14 CVE-2006-0398 Apple Code Injection vulnerability in Apple mac OS X and mac OS X Server

Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type.

7.5
2006-03-14 CVE-2006-0397 Apple Code Injection vulnerability in Apple mac OS X and mac OS X Server

Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type.

7.5
2006-03-14 CVE-2006-1217 Dsportal SQL Injection vulnerability in Dsportal Dspoll 1.1

SQL injection vulnerability in DSPoll 1.1 allows remote attackers to execute arbitrary SQL commands via the pollid parameter to (1) results.php, (2) topolls.php, (3) pollit.php.

7.5
2006-03-14 CVE-2006-1213 Jiro Unspecified vulnerability in Jiro Banner System 1.0Experience/1.0Professional

JiRo's Banner System Experience and Professional 1.0 and earlier allows remote attackers to bypass access restrictions and gain privileges via a direct request to certain scripts in the files directory, as demonstrated by using addadmin.asp to create a new administrator account.

7.5
2006-03-14 CVE-2006-1212 Corenews Remote Code Execution vulnerability in Corenews 2.0.1

Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability.

7.5
2006-03-14 CVE-2006-1211 Micromuse SQL-Injection vulnerability in Micromuse Netcool Neusecure 3.0.236

IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions.

7.5
2006-03-14 CVE-2006-1210 Micromuse Unspecified vulnerability in Micromuse Netcool Neusecure 3.0.236

The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the source.

7.5
2006-03-14 CVE-2006-1203 Txtforum Remote PHP Script Code Injection vulnerability in txtForum

PHP remote file include vulnerability in common.php in txtForum 1.0.4-dev and earlier allows remote attackers to include and execute arbitrary PHP code via a URL in the skin parameter to login.php, and possibly other parameters to other PHP scripts, related to include statements in common.php.

7.5
2006-03-14 CVE-2006-1200 Daverave Remote PHP Script Code Injection vulnerability in Link Bank

Direct static code injection vulnerability in add_link.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the url_name parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement.

7.5
2006-03-19 CVE-2006-1274 Avira Local Privilege Escalation vulnerability in Avira Antivir Personal 7

Classic Planer in AntiVir PersonalEdition Classic 7 does not drop privileges before executing external programs, which allows local users to gain privileges via notepad.exe, which is used to display scan reports.

7.2
2006-03-17 CVE-2006-1246 IBM Local Privilege Escalation vulnerability in IBM AIX 5.3

Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 allows local users to execute arbitrary commands when mklvcopy calls external commands, possibly due to an untrusted search path vulnerability.

7.2
2006-03-13 CVE-2006-1197 Macrovision Local Privilege Escalation vulnerability in SafeDisc Secdrv.SYS

SafeDisc installs the driver service for the secdrv.sys driver with insecure permissions, which allows local users to gain privileges by changing the configuration to reference a malicious program.

7.2
2006-03-13 CVE-2006-1183 Ubuntu Local Installation Password Disclosure vulnerability in Ubuntu Linux 5.10

The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges.

7.2
2006-03-14 CVE-2006-0457 Linux Local Copy_To_User Race vulnerability in Linux Kernel Security Key Functions

Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions in Linux kernel 2.6.x allows local users to cause a denial of service (crash) or read sensitive kernel memory by modifying the length of a string argument between the time that the kernel calculates the length and when it copies the data into kernel memory.

7.1

63 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-03-19 CVE-2006-1278 Upoint SQL Injection vulnerability in Upoint @1 File Store 2006.03.07

SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) functions.php and (2) user.php in the libs directory, (3) edit.php and (4) delete.php in control/files/, (5) edit.php and (6) delete.php in control/users/, (7) edit.php, (8) access.php, and (9) in control/folders/, (10) access.php and (11) delete.php in control/groups/, (12) confirm.php, and (13) download.php; (14) the email parameter in password.php, and (15) the id parameter in folder.php.

6.8
2006-03-19 CVE-2006-1249 Apple Numeric Errors vulnerability in Apple Itunes and Quicktime

Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks.

6.8
2006-03-19 CVE-2006-1269 Rahul Dhesi Local Buffer Overflow vulnerability in Rahul Dhesi ZOO 2.10

Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation.

6.2
2006-03-14 CVE-2006-1221 Zonelabs Local Privilege Escalation vulnerability in Zonelabs Zonealarm Security Suite 6.1.744.000

Untrusted search path vulnerability in the TrueVector service (VSMON.exe) in Zone Labs ZoneAlarm 6.x and Integrity does not search ZoneAlarm's own folders before other folders that are specified in a user's PATH, which might allow local users to execute code as SYSTEM by placing malicious DLLs into a folder that has insecure permissions, but is searched before ZoneAlarm's folder.

6.2
2006-03-19 CVE-2006-1287 Invision Power Services Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board 2.0.4/2.1.4

Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using Internet Explorer.

5.8
2006-03-19 CVE-2006-1277 Upoint Input Validation vulnerability in @1 File Store

Cross-site scripting (XSS) vulnerability in signup.php in @1 File Store 2006.03.07 allows remote attackers to inject arbitrary web script or HTML via the (1) real_name, (2) email, and (3) login parameters.

5.8
2006-03-19 CVE-2006-1267 Invision Power Services Remote Security vulnerability in Invision Power Services Invision Power Board 2.1.4

Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request.

5.1
2006-03-15 CVE-2006-1238 Dsportal SQL Injection vulnerability in Dsportal Dslogin 1.0

SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the $log_userid variable in (1) index.php and (2) admin/index.php.

5.1
2006-03-15 CVE-2006-0024 Macromedia Security vulnerability in Macromedia Flash

Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file.

5.1
2006-03-14 CVE-2006-0031 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Office

Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.

5.1
2006-03-14 CVE-2006-0030 Microsoft Unspecified vulnerability in Microsoft Excel and Office

Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.

5.1
2006-03-14 CVE-2006-0029 Microsoft Unspecified vulnerability in Microsoft Excel and Office

Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.

5.1
2006-03-14 CVE-2006-0028 Microsoft Unspecified vulnerability in Microsoft Excel and Office

Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.

5.1
2006-03-14 CVE-2006-1234 Dsportal SQL Injection vulnerability in Dsportal Dscounter 1.2

SQL injection vulnerability in index.php in DSCounter 1.2, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header.

5.1
2006-03-14 CVE-2006-1228 Drupal Improper Authentication vulnerability in Drupal

Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier.

5.1
2006-03-14 CVE-2006-0396 Apple Remote Buffer Overflow vulnerability in Apple Mac OS X Mail Message Attachment

Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real Name value in an e-mail attachment sent in AppleDouble format, which triggers the overflow when the user double-clicks on an attachment.

5.1
2006-03-19 CVE-2006-1297 Symantec Veritas Remote Denial of Service vulnerability in Symantec Veritas Backup Exec and Backup Exec Remote Agent

Unspecified vulnerability in Veritas Backup Exec for Windows Server Remote Agent 9.1 through 10.1, for Netware Servers and Remote Agent 9.1 and 9.2, and Remote Agent for Linux Servers 10.0 and 10.1 allow attackers to cause a denial of service (application crash or unavailability) due to "memory errors."

5.0
2006-03-19 CVE-2006-1292 PHP Icalendar Local File Include vulnerability in php iCalendar

Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.

5.0
2006-03-19 CVE-2006-1279 Sherzod Ruzmetov Insecure Temporary File Creation vulnerability in Libcgi-session-perl

CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by (1) Driver::File, (2) Driver::db_file, and possibly (3) Driver::sqlite.

5.0
2006-03-19 CVE-2006-1275 GGZ Gaming Zone Resource Management Errors vulnerability in GGZ Gaming Zone GGZ Gaming Zone 0.0.12

GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of service (client disconnect) via inputs that produce malformed XML, including (1) trailing ' (apostrophe) character on the ID attribute in a PLAYER XML tag, (2) joining with a long ID attribute or non-trailing ' characters, which causes a <none> name to be assigned, and then disconnecting, or (3) a long CDATA message attribute, which prevents closing tags from being added to the string.

5.0
2006-03-19 CVE-2006-1260 Horde Information Disclosure vulnerability in Horde Application Framework

Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.

5.0
2006-03-19 CVE-2006-1251 SA Exim Code Injection vulnerability in Sa-Exim 4.0/4.1/4.2

Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.

5.0
2006-03-15 CVE-2006-1242 Linux Unspecified vulnerability in Linux Kernel

The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to conduct an Idle Scan (nmap -sI) attack, which bypasses intended protections against such attacks.

5.0
2006-03-14 CVE-2006-1235 David Ravenscroft Directory Traversal vulnerability in David Ravenscroft Hithost 1.0.0

Directory traversal vulnerability in admin/deleteuser.php in HitHost 1.0.0 might allow remote attackers to delete directories (possibly only empty directories) via the $deleteuser variable.

5.0
2006-03-14 CVE-2006-1225 Drupal Input Validation vulnerability in Drupal

CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject headers of outgoing e-mail messages and use Drupal as a spam proxy.

5.0
2006-03-14 CVE-2006-1219 Gallery Project Local File Include vulnerability in Gallery

Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php.

5.0
2006-03-14 CVE-2006-1218 Novell Remote Denial Of Service vulnerability in Novell Bordermanager 3.8

Unspecified vulnerability in the HTTP proxy in Novell BorderManager 3.8 and earlier allows remote attackers to cause a denial of service (CPU consumption and ABEND) via unknown attack vectors related to "media streaming over HTTP 1.1".

5.0
2006-03-14 CVE-2006-1214 Unreal Remote Denial Of Service vulnerability in Unreal Unrealircd 3.2.3

UnrealIRCd 3.2.3 allows remote attackers to cause an unspecified denial of service by causing a linked server to send malformed TKL Q:Line commands, as demonstrated by "TKL - q\x08Q *\x08PoC."

5.0
2006-03-14 CVE-2006-1206 Dropbear SSH Project Remote Denial Of Service vulnerability in Dropbear

Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, allows remote attackers to cause a denial of service (connection slot exhaustion) via a large number of connection attempts that exceeds the MAX_UNAUTH_CLIENTS defined value of 30.

5.0
2006-03-14 CVE-2006-1201 Eschew NET Directory Traversal vulnerability in Eschew.Net PHPBannerExchange

Directory traversal vulnerability in resetpw.php in eschew.net phpBannerExchange 2.0 and earlier, and other versions before 2.0 Update 5, allows remote attackers to read arbitrary files via a ..

5.0
2006-03-13 CVE-2006-1195 Enet Denial of Service vulnerability in ENet

The enet_protocol_handle_send_fragment function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including (1) Cube, (2) Sauerbraten, and (3) Duke3d_w32, allows remote attackers to cause a denial of service (application crash) via a packet fragment with a large total data size, which triggers an application abort when memory allocation fails.

5.0
2006-03-13 CVE-2006-1194 Enet Denial of Service vulnerability in ENet

Integer signedness error in the enet_protocol_handle_incoming_commands function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including (1) Cube, (2) Sauerbraten, and (3) Duke3d_w32, allows remote attackers to cause a denial of service (application crash) via a packet with a large command length value, which leads to an invalid memory access.

5.0
2006-03-13 CVE-2006-0049 GNU Unspecified vulnerability in GNU Privacy Guard

gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.

5.0
2006-03-19 CVE-2006-1298 Symantec Veritas Remote Format String vulnerability in Veritas Backup Exec Media Server BEngine Service Job Log

Format string vulnerability in the Job Engine service (bengine.exe) in the Media Server in Veritas Backup Exec 10d (10.1) for Windows Servers rev.

4.6
2006-03-19 CVE-2006-1284 Symantec Local Administrative Authentication Credentials Disclosure vulnerability in Symantec Ghost Solutions Suite and Norton Ghost

The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, includes a default administrator login account and password, which allows local users to gain privileges or modify tasks.

4.6
2006-03-17 CVE-2006-1248 HP Local Unauthorized Access vulnerability in HP Hp-Ux 11.00/11.11/11.23

Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.

4.6
2006-03-15 CVE-2006-1241 Firebirdsql Local Inet_Server Buffer Overflow vulnerability in Firebirdsql Firebird 1.5.2.4731

Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) fb_inet_server with setuid firebird permissions, which might allow local users to gain privileges via a buffer overflow as identified by CVE-2006-1240, or possibly other vulnerabilities.

4.6
2006-03-15 CVE-2006-1240 Firebirdsql Local Inet_Server Buffer Overflow vulnerability in Firebirdsql Firebird 1.5/1.5.1/1.5.2

Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) fbserver in Firebird 1.5.2.4731 allows local users to gain privileges via a long value of the -p argument.

4.6
2006-03-14 CVE-2006-1227 Drupal Input Validation vulnerability in Drupal

Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is used to create a menu item, does not implement access control for the page that is referenced, which might allow remote attackers to access administrator pages.

4.6
2006-03-14 CVE-2006-1220 Apple Local Heap Overflow vulnerability in Apple Mac OS X Kernel MACH_MSG_SEND

Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow.

4.6
2006-03-19 CVE-2006-1295 Spip Cross-Site Scripting vulnerability in Spip 1.8.2E/1.8.2G

Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter.

4.3
2006-03-19 CVE-2006-1293 Astalavista IT Engineering Cross-Site Scripting vulnerability in Contrexx 1.0.4/1.0.5/1.0.7

Cross-site scripting (XSS) vulnerability in index.php in Contrexx CMS 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF).

4.3
2006-03-19 CVE-2006-1290 Milkeyway Input Validation vulnerability in Milkeyway Captive Portal 0.1/0.1.1

Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) ipAddress, (2) act, (3) username, and (4) unspecified other parameters in (a) authuser.php; and the (5) username and (6) unspecified other parameters in (b) userstatistics.php.

4.3
2006-03-19 CVE-2006-1282 Mybulletinboard Input Validation vulnerability in MyBB

CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages.

4.3
2006-03-19 CVE-2006-1272 Mybulletinboard Input Validation vulnerability in Mybulletinboard 1.0.3

Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn, or (4) website field.

4.3
2006-03-19 CVE-2006-1266 Virtual Communication Services Cross-Site Scripting vulnerability in Virtual Communication Services Vpmi Enterprise 3.3

Cross-site scripting (XSS) vulnerability in Service_Requests.asp in VPMi Enterprise 3.3 allows remote attackers to inject arbitrary web script or HTML via the Request_Name_Display parameter.

4.3
2006-03-19 CVE-2006-1264 Xhawk NET Unspecified vulnerability in Xhawk.Net Discussion 2.0Beta2

Cross-site scripting (XSS) vulnerability in xhawk.net discussion 2.0 beta2 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag.

4.3
2006-03-19 CVE-2006-1263 Wordpress Cross-Site Scripting vulnerability in WordPress

Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

4.3
2006-03-19 CVE-2006-1261 Aspportal Input Validation vulnerability in Aspportal 3.0.0

Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

4.3
2006-03-19 CVE-2006-1258 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin 2.8.0.1

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter.

4.3
2006-03-15 CVE-2006-1239 Countersoft HTML Injection vulnerability in Countersoft Gemini 2.0

Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in Gemini 2.0 allows remote attackers to inject arbitrary web script or HTML via the rtcDescription$RadEditor1 field.

4.3
2006-03-14 CVE-2006-1233 Mikael Software Cross-Site Scripting vulnerability in WMNews

Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow remote attackers to inject arbitrary web script or HTML via the (1) ArtCat parameter to wmview.php, (2) ctrrowcol parameter to footer.php, or (3) ArtID parameter to wmcomments.php.

4.3
2006-03-14 CVE-2006-1230 Belchior Foundry Cross-Site Scripting vulnerability in Belchior Foundry Vcard 2.6/2.8/2.9

Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter.

4.3
2006-03-14 CVE-2006-1226 Drupal Input Validation vulnerability in Drupal

Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

4.3
2006-03-14 CVE-2006-1223 Jupiter CMS HTML Injection vulnerability in Jupiter CMS Jupiter CMS 1.1.4

Cross-site scripting (XSS) vulnerability in Jupiter Content Manager 1.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in the image BBcode tag.

4.3
2006-03-14 CVE-2006-1222 Zeroboard HTML Injection vulnerability in Zeroboard

Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title, (2) user email, and (3) homepage fields.

4.3
2006-03-14 CVE-2006-1216 Runcms Cross-Site Scripting vulnerability in RunCMS

Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2006-03-14 CVE-2006-1215 Woltlab Cross-Site Scripting vulnerability in Woltlab Burning Board 2.3.4

Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the percent parameter.

4.3
2006-03-14 CVE-2006-1205 Mywebland Cross-Site Scripting vulnerability in Mywebland Mybloggie 2.1.2/2.1.3/2.1.3Beta

Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php.

4.3
2006-03-14 CVE-2006-1204 Txtforum Cross-Site Scripting vulnerability in txtForum

Multiple cross-site scripting (XSS) vulnerabilities in txtForum 1.0.4-dev and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prev, (2) next, and (3) rand5 parameters in (a) index.php; the (4) r_username and (5) r_loc parameters in (b) new_topic.php; the (6) r_num, (7) r_family_name, (8) r_icq, (9) r_yahoo, (10) r_aim, (11) r_homepage, (12) r_interests, (13) r_about, (14) selected1, (15) selected0, (16) signature_selected1, (17) signature_selected0, (18) smile_selected1, (19) smile_selected0, (20) ubb_selected1, and (21) ubb_selected0 parameters in (c) profile.php; the (22) quote and (23) tid parameters in (d) reply.php; and the (24) tid, (25) sticked, and (26) mid parameters in (e) view_topic.php.

4.3
2006-03-14 CVE-2006-1199 Daverave Cross-Site Scripting vulnerability in Link Bank

Cross-site scripting (XSS) vulnerability in iframe.php in daverave Link Bank allows remote attackers to inject arbitrary web script or HTML via the site parameter.

4.3
2006-03-13 CVE-2006-1196 David Barrett Cross-Site Scripting vulnerability in David Barrett Qwikiwiki 1.4/1.5/1.5.1

Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) from and (2) help parameters to (a) index.php; (3) action, (4) page, (5) debug, (6) help, (7) username, or (8) password parameters to (b) login.php; the (7) help parameter to (c) pageindex.php; or (8) help parameter to (d) recentchanges.php.

4.3
2006-03-13 CVE-2006-0820 Gnome Input Validation vulnerability in Gnome Dwarf Http Server 1.3.2

Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified error messages.

4.3

10 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-03-14 CVE-2006-1198 Comvigo Unspecified vulnerability in Comvigo IM Lock Home2006/Professional2006

Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a password stored in the msnvs\prc registry value, for which all users have Read permission, which allows local users to bypass the product's blocking functionality by decrypting the password.

3.7
2006-03-19 CVE-2006-1281 Mybulletinboard Input Validation vulnerability in MyBB

Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272.

3.5
2006-03-19 CVE-2006-1270 Inprotect Cross-Site Scripting vulnerability in Inprotect Zones.PHP

Multiple cross-site scripting (XSS) vulnerabilities in zones.php in Inprotect 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Description field.

3.5
2006-03-19 CVE-2006-1285 Symantec Local Information Disclosure and Data Corruption vulnerability in Symantec Ghost Solutions Suite and Norton Ghost

SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information.

3.2
2006-03-19 CVE-2006-1256 Skullsplitter HTML Injection vulnerability in Skullsplitter PHP Guestbook 2.7

Cross-site scripting (XSS) vulnerability in guestbook.php in Soren Boysen (SkullSplitter) PHP Guestbook 2.6 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

2.6
2006-03-16 CVE-2006-1182 Adobe Remote Command Execution vulnerability in Adobe Graphics Server / Document Server

Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe Document Server (ADS) 5.0 and 6.0 allows local users to read files with certain extensions or overwrite arbitrary files and execute code via a crafted SOAP request to the AlterCast web service in which the request uses the (1) saveContent or (2) saveOptimized ADS commands, or the (3) loadContent command.

2.6
2006-03-14 CVE-2006-1224 Guppy Remote Directory Traversal vulnerability in GuppY Dwnld.PHP

Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows remote attackers to overwrite arbitrary files via a "%2E." (mixed encoding) in the pg parameter.

2.6
2006-03-13 CVE-2006-0950 Unalz Path Traversal vulnerability in Unalz 0.53

unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." (dot dot) sequences in a filename.

2.6
2006-03-19 CVE-2006-1286 Symantec Information Disclosure vulnerability in Symantec Ghost Solutions Suite and Norton Ghost

Buffer overflow in the login dialog in dbisqlc.exe in SQLAnywhere for Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, might allow local users to read certain sensitive information from the database.

2.1
2006-03-14 CVE-2006-1231 Julian Pawlowski Unspecified vulnerability in Julian Pawlowski Capi4Hylafax 1.3

CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, allows local users to modify arbitrary files via a symlink attack on the c2faxrecv_dbgdatafile.sff temporary file.

1.2