Weekly Vulnerabilities Reports > March 20 to 26, 2006

Overview

90 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 28 high severity vulnerabilities. This weekly summary report vulnerabilities in 83 products from 68 vendors including Linux, Novell, Microsoft, Motorola, and University OF Washington. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Code Injection", "Resource Exhaustion", and "Resource Management Errors".

  • 76 reported vulnerabilities are remotely exploitables.
  • 8 reported vulnerabilities have public exploit available.
  • 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 87 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 4 reported vulnerabilities.
  • Realnetworks has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

6 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-03-24 CVE-2006-1381 Trend Micro Remote Security vulnerability in Trend Micro Officescan 5.5

Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe.

10.0
2006-03-23 CVE-2006-1368 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory corruption) via a remote NDIS response to OID_GEN_SUPPORTED_LIST, which causes memory to be allocated for the reply data but not the reply structure.

10.0
2006-03-23 CVE-2006-1370 Realnetworks Products Multiple Buffer Overflow vulnerability in RealNetworks

Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file.

9.3
2006-03-23 CVE-2006-0323 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks products

Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.

9.3
2006-03-23 CVE-2006-1359 Microsoft Code Injection vulnerability in Microsoft IE 6.0/7.0

Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.

9.3
2006-03-23 CVE-2006-1371 XHP Code Injection vulnerability in XHP CMS

Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php.

9.0

28 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-03-25 CVE-2006-1389 HP Remote Denial Of Service vulnerability in HP Hp-Ux 11.00/11.11/11.4

Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and B.11.11 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

7.8
2006-03-23 CVE-2006-1366 Motorola Buffer Overflow vulnerability in Motorola PEBL U6 OBEX Setpath

Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other Motorola P2K-based phones, allows remote attackers to cause a denial of service (device shutdown), and possibly execute arbitrary code, via a long OBEX setpath to the OBEX File Transfer (aka FTP) service on Bluetooth channel 9.

7.8
2006-03-23 CVE-2006-1364 Microsoft Resource Exhaustion vulnerability in Microsoft Asp.Net 1.0/1.1

Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.

7.8
2006-03-22 CVE-2006-0058 Sendmail Remote Code Execution vulnerability in Sendmail Asynchronous Signal Handling

Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.

7.6
2006-03-26 CVE-2006-1395 Cholod SQL Injection vulnerability in Cholod MySQL Based Message Board Mb.CGI

SQL injection vulnerability in mb.cgi in Cholod MySQL Based Message Board allows remote attackers to execute arbitrary SQL commands via unspecified vectors in a showmessage action, possibly the username parameter.

7.5
2006-03-26 CVE-2006-1386 Twiki Remote Information Disclosure vulnerability in Twiki 4.0/4.0.1

The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki topics.

7.5
2006-03-24 CVE-2006-1388 Microsoft Remote HTA Execution vulnerability in Microsoft IE 6.0

Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.

7.5
2006-03-24 CVE-2006-1382 Jelsoft Remote File Include vulnerability in VBulletin ImpEx

PHP remote file inclusion vulnerability in impex/ImpExData.php in vBulletin ImpEx module 1.74, when register_globals is disabled, allows remote attackers to include arbitrary files via the systempath parameter.

7.5
2006-03-24 CVE-2006-1374 Brain Book Software SQL Injection vulnerability in AdMan ViewStatement.PHP

SQL injection vulnerability in viewStatement.php in AdMan 1.0.20051221 and earlier allows remote attackers to execute arbitrary SQL commands via the transactions_offset parameter.

7.5
2006-03-23 CVE-2006-1363 Justin White Remote Security vulnerability in Justin White Freewps 2.11

images.php in Justin White (aka YTZ) Free Web Publishing System (FreeWPS) 2.11 allows remote attackers to execute arbitrary PHP code by uploading a .php file into the /upload directory as specified in the dirPath parameter, then performing a direct request to that file.

7.5
2006-03-23 CVE-2006-1362 Mini Nuke SQL-Injection vulnerability in Mini-Nuke Cms

Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter in (a) members.asp, the (2) catid parameter in (b) articles.asp and (c) programs.asp, and the (3) id parameter in (d) hpages.asp and (e) forum.asp.

7.5
2006-03-23 CVE-2006-1360 Musicbox SQL Injection vulnerability in Musicbox 2.3Beta2

Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) type, or (3) show parameter to (a) index.php; or the (4) message1 or (5) message parameter to (b) cart.php.

7.5
2006-03-23 CVE-2006-0905 Freebsd
Netbsd
A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks.
7.5
2006-03-22 CVE-2006-1354 Freeradius Authentication Bypass vulnerability in FreeRADIUS EAP-MSCHAPv2

Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.

7.5
2006-03-22 CVE-2006-1353 Aspportal SQL Injection vulnerability in Aspportal 3.0.0/3.1.0/3.1.1

Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp.

7.5
2006-03-22 CVE-2006-1350 Articlesone Remote File Include vulnerability in Free Articles Directory Page Parameter Directory

PHP remote file include vulnerability in index.php in 99Articles.com (aka ArticlesOne.com) Free articles directory allows remote attackers to include and execute arbitrary PHP code via a URL in the page parameter.

7.5
2006-03-22 CVE-2006-1347 Greg Neustaetter Input Validation vulnerability in Gcards 1.43/1.44

SQL injection vulnerability in loginfunction.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2006-03-21 CVE-2006-1341 Maian Events SQL-Injection vulnerability in Maian Events Maian Events 1.0

SQL injection vulnerability in events.php in Maian Events 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters.

7.5
2006-03-21 CVE-2006-1337 Mailenable Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mailenable

Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 allows remote attackers to execute arbitrary code via unknown vectors before authentication.

7.5
2006-03-21 CVE-2006-1330 Phpwebsite SQL Injection vulnerability in PHPwebsite 0.7.3/0.8.2/0.8.3

Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php.

7.5
2006-03-21 CVE-2006-1327 Softbb SQL Injection vulnerability in Softbb 0.1

SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter.

7.5
2006-03-21 CVE-2006-1061 Daniel Stenberg Buffer Overflow vulnerability in Daniel Stenberg Curl 7.15.0/7.15.1/7.15.2

Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path.

7.5
2006-03-20 CVE-2006-1320 Rssh Unspecified vulnerability in Rssh 2.3.0

util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to bypass intended access restrictions in rssh.conf.

7.5
2006-03-24 CVE-2006-1380 Trendmicro Permissions, Privileges, and Access Controls vulnerability in Trendmicro Interscan Messaging Security Suite 5.5

ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite (IMSS) 5.5 build 1183 and possibly other versions before 5.7.0.1121, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying ISNTSysMonitor.exe.

7.2
2006-03-24 CVE-2006-1379 Trend Micro Local Security vulnerability in Trend Micro Pc-Cillin 2006 14.00.1485

Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs such as (1) tmntsrv.exe and (2) tmproxy.exe.

7.2
2006-03-23 CVE-2006-1283 Freebsd Unspecified vulnerability in Freebsd

opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd.

7.2
2006-03-22 CVE-2006-1355 Alwil Local Insecure Permissions vulnerability in Avast! Antivirus

avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" permissions to critical system files in the installation folder, which allows local users to gain privileges or disable protection by modifying those files.

7.2
2006-03-21 CVE-2006-0745 X ORG
Mandrakesoft
Redhat
SUN
Suse
Local Privilege Escalation vulnerability in X.Org X Window Server

X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.

7.2

51 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-03-22 CVE-2006-0038 Linux Numeric Errors vulnerability in Linux Kernel

Integer overflow in the do_replace function in netfilter for Linux before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ, allows local users with CAP_NET_ADMIN rights to cause a buffer overflow in the copy_from_user function.

6.9
2006-03-23 CVE-2006-1369 Invision Power Services Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board 2.1/2.1.5/2.1Alpha2

Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances.

6.8
2006-03-23 CVE-2006-1367 Motorola Information Exposure vulnerability in Motorola Pebl U6 and V600

The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the Motorola E398 and other Motorola P2K-based phones does not require pairing for a connection related to the Headset Audio Gateway service, which allows user-assisted remote attackers to obtain AT level access and view phonebook entries and saved SMS messages by connecting on Bluetooth channel 3 and tricking the user into pressing Grant, aka a "Blueline" attack.

6.8
2006-03-21 CVE-2006-1331 Phpoutsourcing Cross-Site Scripting vulnerability in Noah's Classifieds

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) method or (2) list parameter.

6.8
2006-03-21 CVE-2006-1325 Streber HTML Injection vulnerability in Streber

Cross-site scripting (XSS) vulnerability in Streber 0.055 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

6.8
2006-03-21 CVE-2006-1324 Woltlab Cross-Site Scripting vulnerability in Woltlab Burning Board

Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error is generated.

6.8
2006-03-22 CVE-2006-1346 Greg Neustaetter Input Validation vulnerability in Gcards 1.43/1.44

Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.

6.4
2006-03-21 CVE-2006-1334 Maian Script World SQL Injection vulnerability in Maian Weblog

Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php.

6.4
2006-03-21 CVE-2006-1333 Betaparticle SQL Injection vulnerability in BetaParticle Blog

Multiple SQL injection vulnerabilities in BetaParticle Blog 6.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp or (2) fldGalleryID parameter to template_gallery_detail.asp.

6.4
2006-03-21 CVE-2006-1332 Phpoutsourcing Information Disclosure vulnerability in Noahs Classifieds

Noah's Classifieds 1.3 and earlier allows remote attackers to obtain sensitive information via an invalid list parameter in the showdetails method to index.php, which reveals the path in an error message.

6.4
2006-03-20 CVE-2006-1319 Runit Privilege Escalation vulnerability in Runit 1.3.3.1

chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little endian i386 machines against dietlibc, does not properly handle when multiple groups are specified in the -u option, which causes chpst to assign permissions for the root group due to inconsistent bit sizes for the gid_t type.

6.2
2006-03-24 CVE-2006-1385 Kismac Remote Buffer Overflow vulnerability in KisMAC Cisco Vendor Tag

Stack-based buffer overflow in the parseTaggedData function in WavePacket.mm in KisMAC R54 through R73p allows remote attackers to execute arbitrary code via multiple SSIDs in a Cisco vendor tag in a 802.11 management frame.

5.1
2006-03-22 CVE-2006-1356 Andrew HSU Buffer Overflow vulnerability in Andrew HSU Libvc and Rolo

Stack-based buffer overflow in the count_vcards function in LibVC 3, as used in Rolo, allows user-assisted attackers to execute arbitrary code via a vCard file (e.g.

5.1
2006-03-20 CVE-2006-1323 Webtoolmaster Software Remote Directory Traversal vulnerability in WinHKI

Directory traversal vulnerability in WinHKI 1.6 and earlier allows user-assisted attackers to overwrite arbitrary files via a (1) RAR, (2) TAR, (3) ZIP, or (4) TAR.GZ archive with a file whose file name contains ".." sequences.

5.1
2006-03-25 CVE-2006-1391 Pablo Software Solutions Unspecified vulnerability in Pablo Software Solutions Baby ASP web Server and Quick and Easy web Server

The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web Server 2.7.2 allows remote attackers to obtain the source code of ASP files via (1) .

5.0
2006-03-24 CVE-2006-0816 Orionserver Unspecified vulnerability in Orionserver Orion Application Server

Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) .

5.0
2006-03-24 CVE-2006-1375 Brain Book Software Remote Security vulnerability in AdMan

AdMan 1.0.20051221 and earlier allows remote attackers to obtain the full path via (1) a blank campaignId parameter to editCampaign.php and (2) a blank schemeId parameter to viewPricingScheme.php.

5.0
2006-03-24 CVE-2006-1372 Benson IT Solutions SQL Injection vulnerability in 1WebCalendar

Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or (3) ThisDate parameter in mainCal.cfm.

5.0
2006-03-23 CVE-2006-1365 Motorola Remote Security vulnerability in Motorola E398, Pebl U6 and V600

The Motorola PEBL U6, the Motorola V600, and possibly the Motorola E398 and other Motorola phones allow remote attackers to add an entry for their own Bluetooth device to a target device's list of trusted devices (aka Device History), and possibly obtain AT level access to the target device, by initiating and interrupting an OBEX Push Profile that pretends to send a vCard, aka a "HeloMoto" attack.

5.0
2006-03-23 CVE-2006-0999 Novell Multiple vulnerability in Novell Netware and Open Enterprise Server

The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt contents of an SSL protected session.

5.0
2006-03-23 CVE-2006-0998 Novell Multiple vulnerability in Novell Netware and Open Enterprise Server

The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session.

5.0
2006-03-23 CVE-2006-0997 Novell Multiple vulnerability in Novell Netware and Open Enterprise Server

The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic.

5.0
2006-03-22 CVE-2006-1358 Oracle Information Disclosure vulnerability in Oracle Weblogic Portal 8.1

Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user.

5.0
2006-03-22 CVE-2006-1352 BEA Remote Denial Of Service vulnerability in BEA Weblogic Server 6.1/7.0/8.1

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and WebLogic Server 6.1 SP7 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via crafted non-canonicalized XML documents.

5.0
2006-03-22 CVE-2006-1351 BEA Remote Filesystem Access vulnerability in BEA Weblogic Server 6.1

BEA WebLogic Server 6.1 SP7 and earlier allows remote attackers to read arbitrary files via unknown attack vectors related to a "default internal servlet" accessed through HTTP.

5.0
2006-03-22 CVE-2006-1345 Mybulletinboard Information Disclosure vulnerability in Mybulletinboard 1.10

polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to obtain sensitive information via a vote action with an "option[]=null" parameter value, which reveals the path in an error message.

5.0
2006-03-21 CVE-2006-1340 Cutephp Local File Include vulnerability in CutePHP CuteNews

CuteNews 1.4.1 and possibly other versions allows remote attackers to obtain the installation path via unspecified vectors involving an invalid file path.

5.0
2006-03-21 CVE-2006-1339 Cutephp Local File Include vulnerability in CutePHP CuteNews

Directory traversal vulnerability in inc/functions.inc.php in CuteNews 1.4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to include arbitrary files via a ..

5.0
2006-03-21 CVE-2006-1338 Mailenable Resource Management Errors vulnerability in Mailenable Enterprise and Mailenable Professional

Webmail in MailEnable Professional Edition before 1.73 and Enterprise Edition before 1.21 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors involving "incorrectly encoded quoted-printable emails".

5.0
2006-03-21 CVE-2006-1336 Extcalendar Cross-Site Scripting vulnerability in Extcalendar 1.0

Cross-site scripting vulnerability in calendar.php in ExtCalendar 1.0 and possibly other versions before 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) year, (2) month, (3) next, and (4) prev parameters.

5.0
2006-03-21 CVE-2006-1329 Jabberstudio Remote Denial Of Service vulnerability in Jabber Studio JabberD

The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service ("c2s segfault") by sending a "response stanza before an auth stanza".

5.0
2006-03-21 CVE-2006-1328 Skull Splitter SQL Injection vulnerability in Skull-Splitter Download Counter for Wallpapers Count.PHP

SQL injection vulnerability in count.php in Skull-Splitter PHP Downloadcounter for Wallpapers 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) count_fieldname, (2) url_fieldname, or (3) url parameter.

5.0
2006-03-20 CVE-2006-1322 Novell Denial Of Service vulnerability in Novell Netware FTP Server

Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow.

5.0
2006-03-24 CVE-2006-1378 Counterpane Unspecified vulnerability in Counterpane Password Safe 3.0

PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator (C++ rand function) during generation of the database encryption key, which makes it easier for attackers to decrypt the database and steal passwords by generating keys for all possible rand() seed values and conducting a known plaintext attack.

4.9
2006-03-25 CVE-2006-1390 Gentoo Local Privilege Escalation vulnerability in Gentoo Nethack And Variants

The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks.

4.6
2006-03-26 CVE-2006-1396 Cholod HTML Injection vulnerability in Cholod MySQL Based Message Board

Multiple cross-site scripting (XSS) vulnerabilities in Cholod MySQL Based Message Board allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2006-03-26 CVE-2006-1394 University OF Washington Cross-Site Scripting vulnerability in Pubcookies

Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft IIS ISAPI filter (aka application server module) in University of Washington Pubcookie 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.

4.3
2006-03-26 CVE-2006-1393 University OF Washington Cross-Site Scripting vulnerability in Pubcookies

Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.

4.3
2006-03-26 CVE-2006-1392 University OF Washington Cross-Site Scripting vulnerability in Pubcookies

Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in the login server in University of Washington Pubcookie 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified inputs.

4.3
2006-03-24 CVE-2006-1384 IBM Cross-Site Scripting vulnerability in IBM Tivoli Business Systems Manager 3.1

Cross-site scripting (XSS) vulnerability in apwc_win_main.jsp in the web console in IBM Tivoli Business Systems Manager (TBSM) before 3.1.0.1 allows remote attackers to inject arbitrary web script or HTML via the skin parameter.

4.3
2006-03-24 CVE-2006-1377 Comoblog Project
Easymoblog
Cross-Site Scripting vulnerability in EasyMoblog Img.PHP

Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog 0.5.1 and (2) CoMoblog 1.1 allows remote attackers to inject arbitrary web script or HTML via the i parameter.

4.3
2006-03-24 CVE-2006-1373 PHP Live Cross-Site Scripting vulnerability in PHP Live PHP Live 2.8.1

Cross-site scripting (XSS) vulnerability in status_image.php in PHP Live! 3.0 allows remote attackers to inject arbitrary web script or HTML via the base_url parameter.

4.3
2006-03-23 CVE-2006-1361 Oswiki HTML Injection vulnerability in OSWiki Username

Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the username field to (1) list.rhtml or (2) show.rhtml.

4.3
2006-03-22 CVE-2006-1357 F5 Cross-Site Scripting vulnerability in F5 Firepass 4100 5.4.2

Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 Firepass 4100 SSL VPN 5.4.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter.

4.3
2006-03-22 CVE-2006-1349 Musicbox Input Validation vulnerability in Musicbox 2.3Beta2

Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) type and (3) show parameters in a top action in (a) index.php; and the (4) message1 parameter in (b) cart.php.

4.3
2006-03-22 CVE-2006-1348 Greg Neustaetter Input Validation vulnerability in Gcards 1.43/1.44

Cross-site scripting (XSS) vulnerability in index.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang[*][file] parameter, which is injected into an error message.

4.3
2006-03-22 CVE-2006-1344 Verisign Cross-Site Scripting vulnerability in Verisign Mpki 6.0

Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, as used in Managed PKI (MPKI) 6.0, allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the VHTML_FILE parameter.

4.3
2006-03-21 CVE-2006-1326 Invision Power Services Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board 2.0.4

Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board 2.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) result_type, (2) search_in, (3) nav, (4) forums, and (5) s parameters in the Search action to index.php; (6) st parameter to index.php with showtopics set to 1; (7) m, (8) y, and (9) d parameters in a calendar action; (10) t parameter in a Print action; (11) MID parameter in a Mail action; (12) HID parameter in a Help action; (13) active parameter in a search action; (14) sort_order, (15) max_results, or (16) sort_key parameter in a Members action.

4.3
2006-03-20 CVE-2006-1321 Webcheck HTML Injection vulnerability in Webcheck Username

Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the (1) url, (2) title, or (3) author name in a crawled page, which is not properly sanitized in the tooltips of a report.

4.3
2006-03-26 CVE-2006-1387 Twiki Remote Denial Of Service vulnerability in TWiki

TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service (infinite recursion leading to CPU and memory consumption) via INCLUDE by URL statements that form a loop, such as a page that includes itself.

4.0
2006-03-24 CVE-2006-1383 Pablo Software Solutions Unspecified vulnerability in Pablo Software Solutions Baby FTP Server 1.24

Directory traversal vulnerability in Baby FTP Server (BabyFTP) 1.24 allows remote authenticated users to determine existence of files outside the intended document root via unspecified manipulations, which generate different error messages depending on whether a file exists or not.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-03-21 CVE-2006-1335 Gnome Denial-Of-Service vulnerability in Screensaver

gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard sequence, which removes the grab from gnome.

3.7
2006-03-24 CVE-2006-1376 Debian Denial-Of-Service vulnerability in Debian Linux 3.1

The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption).

2.1
2006-03-21 CVE-2006-1343 Linux Unspecified vulnerability in Linux Kernel 2.4.0/2.6.0

net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6, does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the getsockopt function with SO_ORIGINAL_DST, which allows local users to obtain portions of potentially sensitive memory.

2.1
2006-03-21 CVE-2006-1342 Linux Unspecified vulnerability in Linux Kernel 2.4.0

net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.

2.1
2006-03-23 CVE-2006-0050 Debian Unspecified vulnerability in Debian Linux 3.0/3.1

snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file.

1.2