Weekly Vulnerabilities Reports > April 3 to 9, 2006

Overview

90 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 27 high severity vulnerabilities. This weekly summary report vulnerabilities in 87 products from 61 vendors including Cisco, Exponent, Aweb Labs, Microsoft, and Netbsd. Vulnerabilities are notably categorized as "Code Injection", "Use of Externally-Controlled Format String", "Resource Management Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Improper Input Validation".

  • 80 reported vulnerabilities are remotely exploitables.
  • 11 reported vulnerabilities have public exploit available.
  • 84 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 4 reported vulnerabilities.
  • Openvpn has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

6 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-04-06 CVE-2006-1615 Clamav USE of Externally-Controlled Format String vulnerability in Clamav

Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code.

10.0
2006-04-04 CVE-2006-0559 Mcafee Remote Format String vulnerability in McAfee Webshield SMTP

Format string vulnerability in the SMTP server for McAfee WebShield 4.5 MR2 and earlier allows remote attackers to execute arbitrary code via format strings in the domain name portion of a destination address, which are not properly handled when a bounce message is constructed.

10.0
2006-04-04 CVE-2006-1604 Exponent Unspecified vulnerability in Exponent CMS

Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has unknown impact and remote attack vectors related to variables that are not "typecasted."

10.0
2006-04-07 CVE-2006-1668 Crafty Syntax Image Gallery SQL Injection vulnerability in Crafty Syntax Image Gallery Slides.PHP

newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php.

9.0
2006-04-06 CVE-2006-1629 Openvpn Remote Code Execution vulnerability in Openvpn and Openvpn Access Server

OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.

9.0
2006-04-06 CVE-2006-1652 Ultravnc Buffer Errors vulnerability in Ultravnc Tabbed Viewer and VNC Viewer

Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that sends a long string to a client that connects on TCP port 5900, which triggers an overflow in Log::ReallyPrint; and (2) allow remote attackers to cause a denial of service (server crash) via a long HTTP GET request to TCP port 5800, which triggers an overflow in VNCLog::ReallyPrint.

9.0

27 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-04-07 CVE-2006-1670 Cisco Multiple vulnerability in Cisco Optical Networking System and Transport Controller

Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (memory exhaustion and possibly card reset) by sending an invalid response when the final ACK is expected, aka bug ID CSCei45910.

7.8
2006-04-06 CVE-2006-1647 Smart Technologies Remote Denial of Service vulnerability in SMART Technologies SynchronEyes

An unspecified "logical programming mistake" in SMART SynchronEyes Student and Teacher 6.0, and possibly earlier versions, allows remote attackers to cause a denial of service via a large packet to the Teacher discovery port (UDP port 5496), which causes a thread to terminate and prevents communications on that port.

7.8
2006-04-05 CVE-2006-1624 Linux Denial-Of-Service vulnerability in Linux Kernel 2.6.20.1

The default configuration of syslogd in the Linux sysklogd package does not enable the -x (disable name lookups) option, which allows remote attackers to cause a denial of service (traffic amplification) via messages with spoofed source IP addresses.

7.8
2006-04-03 CVE-2006-1598 AN Unspecified vulnerability in AN An-Httpd

AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remote attackers to obtain source code of scripts via crafted requests with (1) dot and (2) space characters in the file extension.

7.8
2006-04-07 CVE-2006-1672 Cisco Multiple vulnerability in Cisco Optical Networking System and Transport Controller

The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission to any http URL containing "fs/LAUNCHER.jar", which allows remote attackers to execute arbitrary code on a CTC workstation, aka bug ID CSCea25049.

7.5
2006-04-07 CVE-2006-1667 Crafty Syntax Image Gallery SQL Injection vulnerability in Crafty Syntax Image Gallery Crafty Syntax Image Gallery 3.1G

SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquery_s parameter when the $projectid variable is less than 1, which prevents the $limitquery_s from being set within slides.php.

7.5
2006-04-07 CVE-2006-1666 Arab Portal Input Validation vulnerability in Arab Portal Arab Portal 2.0.1Stable

SQL injection vulnerability in forum.php in Arab Portal 2.0.1 stable allows remote attackers to execute arbitrary SQL commands via the mineID parameter.

7.5
2006-04-07 CVE-2006-1664 Xine Buffer Overflow vulnerability in Xine-Lib Malformed MPEG Stream

Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.

7.5
2006-04-07 CVE-2006-1662 Limbo CMS Unspecified vulnerability in Limbo CMS Limbo CMS 1.0.4.1/1.0.4.2

The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote attackers to execute arbitrary PHP commands via the Itemid parameter in index.php.

7.5
2006-04-07 CVE-2006-1658 Chucky A Ivey HTML Injection vulnerability in Chucky A. Ivey N.T. 1.1.0

Direct static code injection vulnerability in ticker.db.php in Chucky A.

7.5
2006-04-06 CVE-2006-1653 Angelinecms Remote File Include vulnerability in Angelinecms 0.8.1

PHP remote file inclusion vulnerability in loadkernel.php in AngelineCMS 0.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the installPath parameter.

7.5
2006-04-06 CVE-2006-1651 Microsoft Unspecified vulnerability in Microsoft ISA Server 2004

** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets.

7.5
2006-04-06 CVE-2006-1643 Interact Remote vulnerability in Interact

SQL injection vulnerability in login.php in Interact 2.1.1 allows remote attackers to execute arbitrary SQL commands via the user_name parameter.

7.5
2006-04-06 CVE-2006-1636 Vwar Code Injection vulnerability in Vwar Virtual WAR

PHP remote file inclusion vulnerability in get_header.php in VWar 1.5.0 R12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter.

7.5
2006-04-05 CVE-2006-1618 Doomsday Remote Format String vulnerability in Doomsday 1.8.6

Format string vulnerability in the (1) Con_message and (2) conPrintf functions in con_main.c in Doomsday engine 1.8.6 allows remote attackers to execute arbitrary code via format string specifiers in an argument to the JOIN command, and possibly other command arguments.

7.5
2006-04-05 CVE-2006-1616 Advanced Poll SQL-Injection vulnerability in Advanced Poll Advanced Poll 2.0.2

Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php.

7.5
2006-04-04 CVE-2006-1607 Exponent Unspecified vulnerability in Exponent CMS

Unspecified vulnerability in the banner module in Exponent CMS before 0.96.5 RC 1 allows "php injection" via unknown attack vectors.

7.5
2006-04-04 CVE-2006-1605 Exponent Unspecified vulnerability in Exponent CMS

Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows remote attackers to execute arbitrary code via unknown vectors involving "parsed PHP."

7.5
2006-04-04 CVE-2006-1602 Phpnuke Clan Remote File Include vulnerability in PHPnuke-Clan 3.0.1

PHP remote file inclusion vulnerability in includes/functions_common.php in the VWar Account module (vWar_Account) in PHPNuke Clan 3.0.1 allows remote attackers to include arbitrary files via a URL in the vwar_root2 parameter.

7.5
2006-04-03 CVE-2006-1600 Phpwebgallery SQL-Injection vulnerability in PHPwebgallery 1.4.1

SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.

7.5
2006-04-03 CVE-2006-1599 V Creator COM Remote Shell Code Execution vulnerability in V-Creator.Com V-Creator 1.3Pre2

Unspecified vulnerability in VCEngine.php in v-creator before 1.3-pre3, when the VC_CRYPTO_METHOD option is OPENSSL, allows remote attackers to execute arbitrary commands, possibly due to problems in the (1) encrypt and (2) decrypt functions.

7.5
2006-04-03 CVE-2006-1596 Claroline Unspecified vulnerability in Claroline

PHP remote file inclusion vulnerability in learnPath/include/scormExport.inc.php in Claroline 1.7.4 and earlier allows remote attackers to execute arbitrary PHP code via the includePath parameter.

7.5
2006-04-03 CVE-2006-1594 Claroline Information Disclosure vulnerability in Claroline

Multiple directory traversal vulnerabilities in document/rqmkhtml.php in Claroline 1.7.4 and earlier allow remote attackers to use ".." (dot dot) sequences to (1) read arbitrary files via the file parameter in a rqEditHtml command to document/rqmkhtml.php or (2) execute arbitrary code via the includePath parameter to learnPath/include/scormExport.inc.php.

7.5
2006-04-03 CVE-2006-1592 X Doom
Zdaemon
Remote vulnerability in ZDaemon

Buffer overflow in the is_client_wad_ok function in w_wad.cpp for (1) Zdaemon 1.08.01 and (2) X-Doom allows remote attackers to execute arbitrary code via a long filename argument.

7.5
2006-04-08 CVE-2006-0951 Eset Software Local Security vulnerability in Eset Software Nod32 Antivirus 2.5

The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the scheduler runs a scheduled on-demand scan, which allows local users to execute arbitrary code during a scheduled scan via unspecified attack vectors.

7.2
2006-04-06 CVE-2006-1656 Vserver Unspecified vulnerability in Vserver Util-Vserver 0.30.209

vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root.

7.2
2006-04-06 CVE-2006-1649 Eset Software Local Arbitrary File Creation vulnerability in Eset Software NOD32 Antivirus

The "restore to" selection in the "quarantine a file" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users to create new files despite write-access directory permissions.

7.2

49 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-04-07 CVE-2006-1661 SK Soft Cross-Site Scripting vulnerability in SK Soft SKForum

Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) areaID parameter in area.View.action, (2) time parameter in planning.View.action, and (3) userID parameter in user.View.action.

6.8
2006-04-07 CVE-2006-1660 Softbiz Cross-Site Scripting vulnerability in Image Gallery

Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz Image Gallery allows remote attackers to inject arbitrary web script or HTML via msg parameter.

6.8
2006-04-06 CVE-2006-1645 Reloadcms HTML Injection vulnerability in ReloadCMS User-Agent

Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav Gaitkuloff ReloadCMS 1.2.5 and earlier allows remote attackers to inject arbitrary web script or HTML and gain leverage to execute arbitrary PHP code via the User-Agent HTTP header, which is displayed by admin/modules/general/statistic.php in the administration panel.

6.8
2006-04-05 CVE-2006-1625 Mybulletinboard HTML Injection vulnerability in Mybulletinboard 1.10

Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event.

6.8
2006-04-05 CVE-2006-1622 Phpselect Cross-Site Scripting vulnerability in Phpselect

Cross-site scripting (XSS) vulnerability in PHPSelect linksubmit allows remote attackers to inject arbitrary web script or HTML via (1) the description parameter to linklist.php and possibly other vectors involving (2) index.php and (3) linksubmit.php.

6.8
2006-04-03 CVE-2006-1438 Andy Grayndler Cross-Site Scripting vulnerability in Andy Grayndler Andys PHP Knowledgebase 0.57

Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (aphpkb) 0.57 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword_list parameter to (a) index.php; (2) title, (3) article, (4) author, and (5) keywords parameters to (b) submit_article.php; and (6) Question, (7) Name, and (8) Email parameters to (c) submit_question.php.

6.8
2006-04-03 CVE-2006-1435 Accounting Receiving AND Inventory Administration Input Validation vulnerability in Accounting Receiving and Inventory Administration Aria 0.996

Cross-site scripting (XSS) vulnerability in genmessage.php in Accounting Receiving and Inventory Administration (ARIA) 0.99-6 allows remote attackers to inject arbitrary web script or HTML via the Message Field (message parameter).

6.8
2006-04-03 CVE-2006-1434 Annuaire HTML Injection vulnerability in Annuaire Directory 1.0

Cross-site scripting (XSS) vulnerability in inscription.php in Annuaire (Directory) 1.0 allows remote attackers to inject arbitrary web script or HTML via the Comment Field (COMMENTAIRE parameter).

6.8
2006-04-06 CVE-2006-1655 Mpg123 Unspecified vulnerability in Mpg123 0.59R

Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3.

6.5
2006-04-07 CVE-2006-1669 Phpheaven SQL Injection vulnerability in PHPheaven PHPmychat 0.14.4

SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team PHPMyChat 0.14.5 and earlier allows remote attackers to execute arbitrary SQL commands via the T parameter.

6.4
2006-04-07 CVE-2006-1659 Softbiz SQL Injection vulnerability in Softbiz Image Gallery

Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php.

6.4
2006-04-06 CVE-2006-1614 Clam Anti Virus Multiple vulnerability in Clam AntiVirus ClamAV

Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code.

5.1
2006-04-06 CVE-2006-1641 Czaries Network Input Validation vulnerability in Czaries Network Czarnews 1.13B

Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote attackers to execute arbitrary SQL commands via the (1) usern or (2) passw parameters to (a) cn_auth.php, (3) s parameter to (b) news.php, or (4) a parameter to (c) dpost.php.

5.1
2006-04-06 CVE-2006-1639 Wire Plastik Design SQL Injection vulnerability in Wire Plastik Design Wpblog 0.4

SQL injection vulnerability in index.php in wpBlog 0.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter.

5.1
2006-04-06 CVE-2006-1638 Aweb Labs Input Validation vulnerability in Aweb Labs Awebbb 1.2

Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter to (a) accounts.php, (b) changep.php, (c) editac.php, (d) feedback.php, (e) fpass.php, (f) login.php, (g) post.php, (h) reply.php, or (i) reply_log.php; (2) p parameter to (j) dpost.php; (3) c parameter to (k) list.php or (l) ndis.php; or (12) q parameter to (m) search.php.

5.1
2006-04-05 CVE-2006-0051 Kaffeine Remote HTTP_Peek Buffer Overflow vulnerability in Kaffeine

Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is "fetching remote playlists", which triggers the overflow in the http_peek function.

5.1
2006-04-04 CVE-2006-1612 Aweb Labs Unspecified vulnerability in Aweb Labs Awebnews 1.0

Multiple cross-site scripting (XSS) vulnerabilities in visview.php in aWebNews 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) yname, (2) emailadd, (3) subject, and (4) comment parameters.

5.1
2006-04-04 CVE-2006-1610 Squery Code Injection vulnerability in Squery

PHP remote file inclusion vulnerability in lib/armygame.php in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter.

5.1
2006-04-03 CVE-2006-1591 Microsoft Heap Overflow vulnerability in Microsoft Windows Help Image Processing

Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file.

5.1
2006-04-07 CVE-2006-1671 Cisco Multiple vulnerability in Cisco Optical Networking System and Transport Controller

Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (card reset) via (1) a "crafted" IP packet to a device with secure mode EMS-to-network-element access, aka bug ID CSCsc51390; (2) a "crafted" IP packet to a device with IP on the LAN interface, aka bug ID CSCsd04168; and (3) a "malformed" OSPF packet, aka bug ID CSCsc54558.

5.0
2006-04-06 CVE-2006-1630 Clam Anti Virus Multiple vulnerability in Clam AntiVirus ClamAV

The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access."

5.0
2006-04-06 CVE-2006-1654 HP Directory Traversal vulnerability in HP Color LaserJet 2500/4600 Toolbox

Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a ..

5.0
2006-04-06 CVE-2006-1650 Mozilla Denial-Of-Service vulnerability in Mozilla Firefox 1.5.0.1

Firefox 1.5.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading.

5.0
2006-04-06 CVE-2006-1648 Smart Technologies Remote Denial of Service vulnerability in SMART Technologies SynchronEyes

SMART SynchronEyes Student and Teacher 6.0, and possibly earlier versions, allows remote attackers to cause a denial of service (memory consumption) via a certain packet to the Teacher discovery port that causes SynchronEyes to connect to the attacker's machine and read a value that is used as a parameter to malloc.

5.0
2006-04-06 CVE-2006-1646 Internet KEY Exchange Denial-Of-Service vulnerability in Internet KEY Exchange Internet KEY Exchange 1

The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in the Shoichi Sakane KAME Project racoon, as used by NetBSD 1.6, 2.x before 20060119, certain FreeBSD releases, and possibly other distributions of BSD or Linux operating systems, when running in aggressive mode, allows remote attackers to cause a denial of service (daemon crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

5.0
2006-04-06 CVE-2006-1644 Interact Remote Security vulnerability in Interact

login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames.

5.0
2006-04-06 CVE-2006-1635 Lucidcms Information Disclosure vulnerability in Lucidcms 2.0.0Rc4

LucidCMS 2.0.0 RC4 allows remote attackers to obtain sensitive information via a direct request to /lucid_phplib/translator.php, which reveals the path in an error message.

5.0
2006-04-05 CVE-2006-1631 Cisco Remote Denial of Service vulnerability in Cisco 11500 Content Services Switch HTTP Compression

Unspecified vulnerability in the HTTP compression functionality in Cisco CSS 11500 Series Content Services switches allows remote attackers to cause a denial of service (device reload) via (1) "valid, but obsolete" or (2) "specially crafted" HTTP requests.

5.0
2006-04-05 CVE-2006-1620 Hosting Controller Remote vulnerability in Hosting Controller Hosting Controller 2002Rc1

admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE.

5.0
2006-04-05 CVE-2006-1619 IBM Denial-Of-Service vulnerability in IBM Websphere Application Server 4.0.1/4.0.2/4.0.3

IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a large header.

5.0
2006-04-04 CVE-2006-1613 Aweb Labs Unspecified vulnerability in Aweb Labs Awebnews 1.0

Multiple SQL injection vulnerabilities in aWebNews 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user123 variable in (a) login.php or (b) fpass.php; or (2) cid parameter to (c) visview.php.

5.0
2006-04-04 CVE-2006-1611 KGB Unspecified vulnerability in KGB Archiver

Directory traversal vulnerability in KGB Archiver before 1.1.5.22 allows remote attackers to overwrite arbitrary files wile decompressing an archive, possibly due to directory traversal sequences in a filename.

5.0
2006-04-04 CVE-2006-1609 Hitachi Denial of Service vulnerability in XFIT/S

Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA, XFIT/S/ZGN, and XFIT/S ZENGIN TCP/IP Procedure allows remote attackers to cause a denial of service (server process and transfer control process stop) when the products "receive data unexpectedly".

5.0
2006-04-04 CVE-2006-1606 Exponent Unspecified vulnerability in Exponent CMS

Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows "directory disclosure" with unknown attack vectors.

5.0
2006-04-03 CVE-2006-1433 Annuaire Information Disclosure vulnerability in Annuaire Directory 1.0

Annuaire (Directory) 1.0 allows remote attackers to obtain sensitive information via a direct request to include/lang-en.php, which reveals the full installation path.

5.0
2006-04-03 CVE-2006-1593 X Doom
Zdaemon
Resource Management Errors vulnerability in multiple products

The (1) ZD_MissingPlayer, (2) ZD_UseItem, and (3) ZD_LoadNewClientLevel functions in sv_main.cpp for (a) Zdaemon 1.08.01 and (b) X-Doom allows remote attackers to cause a denial of service (crash) via an invalid player slot or item number, which causes an invalid memory access, possibly due to an invalid array index.

5.0
2006-04-05 CVE-2006-1055 Linux Local Denial of Service vulnerability in Linux Kernel SYSFS PAGE_SIZE

The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 up to versions before 2.6.17-rc1 does not zero terminate a buffer when a length of PAGE_SIZE or more is requested, which might allow local users to cause a denial of service (crash) by causing an out-of-bounds read.

4.9
2006-04-03 CVE-2006-1589 Netbsd Denial-Of-Service vulnerability in NetBSD

The elf_load_file function in NetBSD 2.0 through 3.0 allows local users to cause a denial of service (kernel crash) via an ELF interpreter that does not have a PT_LOAD section in its header, which triggers a null dereference.

4.9
2006-04-05 CVE-2006-0401 Apple Local Authentication Bypass vulnerability in Apple Mac OS X Intel-Based

Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors.

4.6
2006-04-07 CVE-2006-1657 Chucky A Ivey HTML Injection vulnerability in Chucky A. Ivey N.T. 1.1.0

Cross-site scripting (XSS) vulnerability in index.php in Chucky A.

4.3
2006-04-06 CVE-2006-1637 Aweb Labs Input Validation vulnerability in Aweb Labs Awebbb 1.2

Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) tname or (2) fpost parameters to (a) post.php; (3) fullname, (4) emailadd, (5) country, (6) sig, or (7) otherav parameters to (b) editac.php; or (8) fullname, (9) emailadd, or (10) country parameters to (c) register.php.

4.3
2006-04-06 CVE-2006-1634 Lucidcms Cross-Site Scripting vulnerability in Lucidcms 2.0.0Rc4

Cross-site scripting (XSS) vulnerability in index.php in LucidCMS 2.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the command parameter.

4.3
2006-04-05 CVE-2006-1626 Microsoft Improper Input Validation vulnerability in Microsoft Internet Explorer 6.0

Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading.

4.3
2006-04-05 CVE-2006-1623 Andries Bruinsma Cross-Site Scripting vulnerability in Flexible Development

Unspecified vulnerability in main.php in an unspecified "file created by Andries Bruinsma," possibly a FleXiBle Development (FXB) application, allows remote attackers to include and execute arbitrary PHP code.

4.3
2006-04-05 CVE-2006-1617 Advanced Poll Cross-Site Scripting vulnerability in Advanced Poll Advanced Poll 2.0.2

Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2.02 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to comments.php or (2) poll_id parameter to page.php.

4.3
2006-04-04 CVE-2006-1603 Phpbb Group Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.19

Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter.

4.3
2006-04-03 CVE-2006-1595 Claroline Cross-Site Scripting vulnerability in Claroline RQMKHTML.PHP

Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command.

4.3
2006-04-03 CVE-2006-1590 Kevin Johnson
Roman Danyliw
Cross-Site Scripting vulnerability in Basic Analysis and Security Engine PrintFreshPage

Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows remote attackers to inject arbitrary web script or HTML via the (a) back parameter to base_graph_main.php, (b) netmask parameter to base_stat_ipaddr.php, or (c) submit parameter to base_qry_alert.php within BASE, or (d) query string to acid_main.php in ACID, which causes the request URI ($_SERVER['REQUEST_URI']) to be inserted into a refresh operation.

4.3
2006-04-05 CVE-2006-1621 Hosting Controller Directory Traversal vulnerability in Hosting Controller Hosting Controller 2002Rc1

Directory traversal vulnerability in admin/folders/saveuploadfiles.asp in Hosting Controller 2002 RC 1 allows remote authenticated users to overwrite arbitrary files via an absolute path in the OpenPath parameter.

4.0

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-04-07 CVE-2006-1673 Jelsoft Cross-Site Scripting vulnerability in vBulletin

Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard vBug Tracker 3.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter.

2.6
2006-04-07 CVE-2006-1665 Arab Portal Input Validation vulnerability in Arab Portal Arab Portal 2.0.1Stable

Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0.1 stable allow remote attackers to inject arbitrary web script or HTML via the (1) adminJump and (2) forum_middle parameters in (a) forum.php, and the (3) form parameter in (b) members.php, (c) pm.php, and (d) mail.php.

2.6
2006-04-06 CVE-2006-1642 Interact Cross-Site Scripting vulnerability in Interact

Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) the search_terms parameter to (a) search.php, and (2) the first_name, (3) last_name, (4) email, (5) password, and (6) confirm_password parameters to (b) userinput.php.

2.6
2006-04-06 CVE-2006-1640 Czaries Network Input Validation vulnerability in Czaries Network Czarnews 1.14

Cross-site scripting (XSS) vulnerability in news.php in CzarNews 1.14 allows remote attackers to inject arbitrary web script or HTML via the email parameter.

2.6
2006-04-04 CVE-2006-1058 Busybox Unspecified vulnerability in Busybox 1.1.1

BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.

2.1
2006-04-03 CVE-2006-1588 Netbsd Unspecified vulnerability in Netbsd

The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory.

2.1
2006-04-03 CVE-2006-1587 Netbsd Local Security vulnerability in NetBSD

NetBSD 1.6 up to 3.0, when a user has "set record" in .mailrc with the default umask set, creates the record file with 0644 permissions, which allows local users to read the record file.

2.1
2006-04-04 CVE-2006-1601 SUN Unspecified vulnerability in SUN Cluster 3.1

Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 allows local users with solaris.cluster.gui authorization to view arbitrary files via unspecified vectors.

1.7