Weekly Vulnerabilities Reports > April 17 to 23, 2006

Overview

172 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 38 high severity vulnerabilities. This weekly summary report vulnerabilities in 141 products from 109 vendors including Oracle, Apple, Linux, Cisco, and Flexbb. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", and "Code Injection".

  • 155 reported vulnerabilities are remotely exploitables.
  • 11 reported vulnerabilities have public exploit available.
  • 6 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 162 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 21 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 16 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

16 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-04-20 CVE-2006-1887 Oracle Multiple vulnerability in Oracle Enterpriseone 8.95.J1

Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Security Server 8.95.J1 has unknown impact and attack vectors, aka Vuln# JDE01.

10.0
2006-04-20 CVE-2006-1886 Oracle Multiple vulnerability in Oracle Peoplesoft Enterprise 8.46.12/8.47.04

Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.46.12 and 8.47.04 has unknown impact and attack vectors, aka Vuln# PSE01.

10.0
2006-04-20 CVE-2006-1885 Oracle Multiple vulnerability in Oracle April 2006 Security Update

Multiple unspecified vulnerabilities in the Reporting Framework component in Oracle Enterprise Manager 9.0.1.5 and 9.2.0.7 have unknown impact and attack vectors, aka Vuln# (1) EM01 and (2) EM02.

10.0
2006-04-20 CVE-2006-1884 Jdedwards
Oneworld
Oracle
Multiple vulnerability in Oracle April 2006 Security Update

Unspecified vulnerability in the Oracle Thesaurus Management System component in Oracle E-Business Suite and OPA 4.5.2 Applications has unknown impact and attack vectors, aka Vuln# OPA01.

10.0
2006-04-20 CVE-2006-1883 Oracle Multiple vulnerability in Oracle E-Business Suite 11.5.10.1

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite and Applications 11.5.10CU1 has unknown impact and attack vectors, aka Vuln# APPS05.

10.0
2006-04-20 CVE-2006-1882 Oracle Multiple vulnerability in Oracle E-Business Suite 11.5.10

Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unknown impact and attack vectors, as identified by Vuln# (1) APPS03 in (a) iProcurement; (2) APPS04 in (b) Oracle Application Object Library; (3) APPS06, (4) APPS07, and (5) APPS08 in (c) Oracle Applications Technology Stack; and (6) APPS11 in (d) Oracle Order Capture.

10.0
2006-04-20 CVE-2006-1881 Oracle Multiple vulnerability in Oracle E-Business Suite 11.5.9

Unspecified vulnerability in the Financials for Asia/Pacific component in Oracle E-Business Suite and Applications 11.5.9 has unknown impact and attack vectors.

10.0
2006-04-20 CVE-2006-1880 Oracle Multiple vulnerability in Oracle E-Business Suite 11.5.10.2

Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, as identified by Vuln# (1) APPS01 in the (a) Application Install component; (2) APPS09 in the (b) Oracle Diagnostics Interfaces component; (3) APPS10 in the (c) Oracle General Ledger component; (4) APPS12 and (5) APPS13 in the (d) Oracle Receivables component.

10.0
2006-04-20 CVE-2006-1879 Oracle Multiple vulnerability in Oracle April 2006 Security Update

Multiple unspecified vulnerabilities in the Email Server component in Oracle Collaboration Suite 9.0.4.2, 10.1.1, 10.1.2.0, and 10.1.2.1 have unknown impact and attack vectors, aka Vuln# (1) OCS01, (2) OCS02, (3) OCS03, and (4) OCS04.

10.0
2006-04-20 CVE-2006-1875 Oracle Multiple vulnerability in Oracle Database Server 10.1.0.5/9.0.1.5/9.2.0.7

Unspecified vulnerability in Oracle Database Server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB11.

10.0
2006-04-20 CVE-2006-1869 Oracle Multiple vulnerability in Oracle Database Server 8.1.7.4/9.0.1.5

Unspecified vulnerability in Oracle Database Server 8.1.7.4 and 9.0.1.5 has unknown impact and attack vectors in the Dictionary component, aka Vuln# DB04.

10.0
2006-04-20 CVE-2006-1867 Oracle Multiple vulnerability in Oracle Database Server 9.2.0.6

Unspecified vulnerability in Oracle Database Server 9.2.0.6 has unknown impact and attack vectors in the Advanced Replication component, aka Vuln# DB02.

10.0
2006-04-20 CVE-2006-1866 Oracle Multiple vulnerability in Oracle April 2006 Security Update

Multiple unspecified vulnerabilities in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and other versions have unknown impact and attack vectors in the (1) Advanced Replication component, as identified by Vuln# DB01, and (2) Oracle Spatial component, as identified by Vuln# DB10.

9.7
2006-04-20 CVE-2006-1876 Oracle Multiple vulnerability in Oracle Database Server 10.1.0.4/9.2.0.7

Unspecified vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB12.

9.0
2006-04-20 CVE-2006-1873 Oracle Multiple vulnerability in Oracle Database Server 10.1.0.4/10.2.0.1/9.2.0.7

Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, and 10.2.0.1 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB08.

9.0
2006-04-20 CVE-2006-1870 Oracle Multiple vulnerability in Oracle April 2006 Security Update

Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors in the Export component, aka Vuln# DB05.

9.0

38 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-04-20 CVE-2006-1900 W3C Remote Buffer Overflow vulnerability in W3C Amaya 9.4

Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element; and via other unspecified attack vectors consisting of "dozens of possible snippets."

7.6
2006-04-17 CVE-2006-1794 Mambo SQL Injection vulnerability in Mambo Open Source

SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php).

7.6
2006-04-17 CVE-2006-1793 Runcms Remote Code Execution vulnerability in Runcms 1.1/1.1A

Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php.

7.6
2006-04-21 CVE-2006-1987 Apple Multiple Security vulnerability in Apple Mac OS X

Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to (1) multiple SCROLLING attributes with no values, or (2) a SRC attribute with no value.

7.5
2006-04-21 CVE-2006-1986 Apple Multiple Security vulnerability in Apple Mac OS X

Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via a large CELLSPACING attribute in a TABLE tag, which triggers an error in KWQListIteratorImpl::KWQListIteratorImpl.

7.5
2006-04-21 CVE-2006-1982 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images.

7.5
2006-04-21 CVE-2006-1978 Flexbb SQL Injection vulnerability in Flexbb

SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_username COOKIE parameter.

7.5
2006-04-21 CVE-2006-1974 Mybulletinboard SQL Injection vulnerability in MyBB Index.PHP Referrer Cookie

SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter.

7.5
2006-04-21 CVE-2006-1964 Aspsitem SQL Injection vulnerability in Aspsitem 1.83

SQL injection vulnerability in Haberler.asp in ASPSitem 1.83 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-04-21 CVE-2006-1962 Pcpin SQL Injection vulnerability in Pcpin Chat

SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (login parameter) to main.php.

7.5
2006-04-21 CVE-2006-1961 Cisco Local Privilege Escalation vulnerability in Multiple Linux-Based Cisco Products

Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the "show" command in the application's command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE).

7.5
2006-04-21 CVE-2006-1959 Actualscripts Remote File Include vulnerability in ActualScripts Actualanalyzer 2.72/7.63

PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter.

7.5
2006-04-20 CVE-2006-1949 Nicplex SQL-Injection vulnerability in Plexcart

SQL injection vulnerability in plexcart.pl in NicPlex PlexCart X3 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2006-04-20 CVE-2006-1947 Nicplex SQL Injection vulnerability in Plexum

Multiple SQL injection vulnerabilities in plexum.php in NicPlex Plexum X5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pagesize, (2) maxrec, and (3) startpos parameters.

7.5
2006-04-20 CVE-2006-1919 Thomas Voecking Remote File Include vulnerability in Thomas Voecking Internet Photoshow 1.3

PHP remote file inclusion vulnerability in index.php in Internet Photoshow 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

7.5
2006-04-20 CVE-2006-1917 Blackorpheus SQL Injection vulnerability in Blackorpheus Clanmemberskript 1.0

SQL injection vulnerability in member.php in Blackorpheus ClanMemberSkript 1.0 allows remote attackers to execute arbitrary SQL commands via the userID parameter.

7.5
2006-04-20 CVE-2006-1910 S9Y Unspecified vulnerability in S9Y Serendipity 1.0Beta2

config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed.

7.5
2006-04-20 CVE-2006-1907 Mywebland SQL-Injection vulnerability in myEvent

Multiple SQL injection vulnerabilities in myEvent 1.x allow remote attackers to inject arbitrary SQL commands via the event_id parameter to (1) addevent.php or (2) del.php or (3) event_desc parameter to addevent.php.

7.5
2006-04-20 CVE-2006-1905 Xine Remote Format String vulnerability in Xine Playlist Handling

Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.

7.5
2006-04-20 CVE-2006-1890 Mywebland Code Injection vulnerability in Mywebland Myevent 1.2/1.4

Multiple PHP remote file inclusion vulnerabilities in myWebland myEvent 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter in (1) event.php and (2) initialize.php.

7.5
2006-04-20 CVE-2006-1874 Oracle Multiple vulnerability in Oracle Database Server 8.1.7.4/9.0.1.5/9.2.0.6

Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB09.

7.5
2006-04-20 CVE-2006-1872 Oracle Multiple vulnerability in Oracle April 2006 Security Update

Unspecified vulnerability in Oracle Database Server 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors in the Oracle Enterprise Manager Intelligent Agent component, aka Vuln# DB07.

7.5
2006-04-20 CVE-2006-1868 Oracle Buffer Errors vulnerability in Oracle Database Server 10.1.0.4

Buffer overflow in the Advanced Replication component in Oracle Database Server 10.1.0.4 allows database users to execute arbitrary code via the VERIFY_LOG procedure of the DBMS_SNAPSHOT_UTL package, aka Vuln# DB03.

7.5
2006-04-19 CVE-2006-1852 Scriptsfrenzy SQL-Injection vulnerability in Article Publisher Pro

SQL injection vulnerability in category.php in Article Publisher Pro 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cname parameter.

7.5
2006-04-19 CVE-2006-1849 Skymarx Solutions Input Validation vulnerability in xFlow

Multiple SQL injection vulnerabilities in members_only/index.cgi in xFlow 5.46.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) position and (2) id parameter.

7.5
2006-04-19 CVE-2006-1847 Francisco Burzi Input Validation vulnerability in Francisco Burzi PHP-Nuke 7.8

SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality.

7.5
2006-04-19 CVE-2006-1839 PHP Album Unspecified vulnerability in PHP Album PHP Album 0.3.2.3

PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call.

7.5
2006-04-19 CVE-2006-1838 Clanscripte NET SQL Injection and Authentication Bypass vulnerability in Clanscripte.Net Fuju News 1.0

edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass authentication by setting the authorized cookie.

7.5
2006-04-19 CVE-2006-1837 Clanscripte NET SQL Injection and Authentication Bypass vulnerability in Clanscripte.Net Fuju News 1.0

SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2006-04-19 CVE-2006-1831 Coder World Input Validation vulnerability in Coder-World Sysinfo 1.21

Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1.21 and possibly other versions before 2.25 allows remote attackers to execute arbitrary commands via a leading ; (semicolon) in the name parameter in a systemdoc action, which is injected into phpinfo.php.

7.5
2006-04-18 CVE-2006-1819 Phpwebsite Unspecified vulnerability in PHPwebsite

Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log.

7.5
2006-04-18 CVE-2006-1807 Musicbox Input Validation vulnerability in MusicBox

Multiple SQL injection vulnerabilities in index.php in Musicbox 2.3.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) start parameter in a search action or (2) type parameter in a top action.

7.5
2006-04-18 CVE-2006-1805 Powerscripts SQL Injection vulnerability in Powerscripts Powerclan 1.14

SQL injection vulnerability in member.php in PowerClan 1.14 allows remote attackers to execute arbitrary SQL commands via the memberid parameter.

7.5
2006-04-18 CVE-2006-1804 Phpmyadmin SQL-Injection vulnerability in PHPmyadmin 2.7.0Pl1/2.8.0.3

SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter.

7.5
2006-04-18 CVE-2006-1800 Simplemedia Remote Arbitrary Command Execution vulnerability in Simplebbs 1.0.6/1.0.7/1.1

Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 through 1.1 allows remote attackers to include and execute arbitrary files via ".." sequences in the language cookie, as demonstrated by by injecting the code into the gl_session cookie of users.php, which is stored in error.log.

7.5
2006-04-18 CVE-2006-1799 Adcentrix Remote Arbitrary Command Execution vulnerability in Censtore

censtore.cgi in Censtore 7.3.002 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.

7.5
2006-04-18 CVE-2006-1798 Rateit SQL Injection vulnerability in Rateit 2.2

SQL injection vulnerability in rateit.php in RateIt 2.2 allows remote attackers to execute arbitrary SQL commands via the rateit_id parameter.

7.5
2006-04-20 CVE-2006-1877 Oracle Multiple vulnerability in Oracle Database Server 8.1.7.4/9.0.1.5/9.2.0.7

Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.7 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB13.

7.2

77 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-04-20 CVE-2006-1916 Dbbs Input Validation vulnerability in Dbbs 2.0

Multiple cross-site scripting (XSS) vulnerabilities in profile.php in DbbS 2.0-alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ulocation or (2) uhobbies parameters.

6.8
2006-04-20 CVE-2006-1913 JAX Scripts Cross-Site Scripting vulnerability in Jax Guestbook Page Parameter

Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax Guestbook 3.1, 3.31, and 3.50 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

6.8
2006-04-20 CVE-2006-1893 AR Blog Cross-Site Scripting vulnerability in Ar-Blog 5.2

Cross-site scripting (XSS) vulnerability in print.php in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

6.8
2006-04-20 CVE-2006-1888 Phpgraphy Permissions, Privileges, and Access Controls vulnerability in PHPgraphy 0.9.10/0.9.9A

phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can then be used to modify the main page to inject arbitrary HTML and web script.

6.8
2006-04-19 CVE-2006-1836 Symantec Local Privilege Escalation vulnerability in Symantec LiveUpdate for Macintosh

Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.

6.8
2006-04-18 CVE-2006-1825 Phplinks Cross-Site Scripting vulnerability in phpLinks

Cross-site scripting (XSS) vulnerability in index.php in phpLinks 2.1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter.

6.8
2006-04-17 CVE-2006-1796 Wordpress Cross-Site Scripting vulnerability in WordPress

Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']).

6.8
2006-04-20 CVE-2006-1895 Phpbb Group Unspecified vulnerability in PHPbb Group PHPbb 2.0.9

Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl.

6.5
2006-04-20 CVE-2006-1871 Oracle SQL Injection vulnerability in Oracle Database Server 10.1.0.5/9.2.0.7

SQL injection vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.5 allows remote attackers to execute arbitrary SQL commands via the DELETE_FROM_TABLE function in the DBMS_LOGMNR_SESSION (Log Miner) package, aka Vuln# DB06.

6.5
2006-04-19 CVE-2006-1853 Moderngigabyte SQL Injection vulnerability in ModernGigabyte ModernBill User.PHP

Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier allow remote attackers or administrators to execute arbitrary SQL commands via the (1) id parameter in (a) user.php, or (2) where and (3) order parameters to (b) admin.php.

6.5
2006-04-21 CVE-2006-1983 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for TIFF or (2) CFAllocatorAllocate function for GIF, as used in applications that use ImageIO or AppKit.

6.4
2006-04-21 CVE-2006-1958 Wired Community Software SQL Injection vulnerability in Wired Community Software Wwwthreads RC3

Multiple SQL injection vulnerabilities in WWWThreads RC 3 allow remote attackers to execute arbitrary SQL commands via (1) the forumreferrer cookie to register.php and (2) the messages parameter in message_list.php.

6.4
2006-04-20 CVE-2006-1924 Linpha Input Validation vulnerability in Linpha 1.0/1.1.0

SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

6.4
2006-04-20 CVE-2006-1922 Sweetphp Remote File Include vulnerability in Sweetphp Totalcalendar 2.0/2.1/2.2

PHP remote file inclusion vulnerability in (1) about.php or (2) auth.php in TotalCalendar allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.

6.4
2006-04-20 CVE-2006-1921 PHP NET Tools Unspecified vulnerability in PHP NET Tools PHP NET Tools 2.7.1

nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter.

6.4
2006-04-20 CVE-2006-1920 Pmtool SQL Injection vulnerability in Pmtool 1.2.2

SQL injection vulnerability in index.php in PMTool 1.2.2 allows remote attackers to execute arbitrary SQL commands via the order parameter in the include files (1) user.inc.php, (2) customer.inc.php, and (3) project.inc.php.

6.4
2006-04-19 CVE-2006-1840 Empire Server USE of Externally-Controlled Format String vulnerability in Empire Server Empire Server

Multiple format string vulnerabilities in Empire Server before 4.3.1 allow attackers to cause a denial of service (crash) via the (1) load, (2) spy and (3) bomb functions.

6.4
2006-04-18 CVE-2006-1827 Digium Integer Overflow vulnerability in Asterisk JPEG File Handling

Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length.

6.4
2006-04-18 CVE-2006-1823 Farsinews Directory Traversal vulnerability in FarsiNews

Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier allows remote attackers to obtain the installation path via ".." sequences in the archive parameter to index.php, which leaks the full pathname in an error message.

6.4
2006-04-18 CVE-2006-1821 Modxcms Directory Traversal vulnerability in Modxcms 0.9.1

Directory traversal vulnerability in index.php in ModX 0.9.1 allows remote attackers to read arbitrary files via a ..

6.4
2006-04-18 CVE-2006-1813 Phpwebftp Directory Traversal vulnerability in PHPWebFTP

Directory traversal vulnerability in index.php in phpWebFTP 3.2 and earlier allows remote attackers to read arbitrary files via a ..

6.4
2006-04-18 CVE-2006-1812 Phpwebftp Directory Traversal vulnerability in PHPwebftp 3.2

phpWebFTP 3.2 and earlier stores script.js under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.

6.4
2006-04-18 CVE-2006-1811 Flexbb Input Validation vulnerability in Flexbb 0.5.5Beta

Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) forumid, or (3) threadid parameter to index.php; the (4) ICQ, (5) AIM, (6) MSN, (7) Google Talk, (8) Website Name, (9) Website Address, (10) Email Address, (11) Location, (12) Signature, and (13) Sub-Titles fields in the user profile; or (14) flexbb_password field in a cookie.

6.4
2006-04-20 CVE-2006-1896 Phpbb Group Code Injection vulnerability in PHPbb Group PHPbb

Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight functionality.

6.0
2006-04-21 CVE-2006-1979 Manic WEB HTML Injection vulnerability in Manic web Mwguest 2.1.0

Cross-site scripting (XSS) vulnerability in mwguest.php in Manic Web MWGuest 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter.

5.8
2006-04-21 CVE-2006-1977 Flexbb Cross-Site Scripting vulnerability in FlexBB

Cross-site scripting (XSS) vulnerability in FlexBB 0.5.7 BETA and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) message parameters.

5.8
2006-04-21 CVE-2006-1968 Kcscripts Cross-Site Scripting vulnerability in Portal Pack

Cross-site scripting (XSS) vulnerability in news/NsVisitor.cgi in KCScripts News Publisher, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the sort_order parameter.

5.8
2006-04-21 CVE-2006-1965 Aasi Media Cross-Site Scripting vulnerability in Aasi Media NET Clubs PRO 4.0

Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net Clubs Pro 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) onuser, (2) pass, (3) chatsys, (4) room, (5) username, and (6) to parameters in (a) sendim.cgi; the (7) username parameter in (b) imessage.cgi; the (8) password parameter in (c) login.cgi; and the (9) cat_id parameter in (d) viewcat.cgi.

5.8
2006-04-21 CVE-2006-1960 Cisco Cross-Site Scripting vulnerability in Cisco Wireless Lan Solution Engine ArchiveApplyDisplay.JSP

Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug ID CSCsc01095.

5.8
2006-04-20 CVE-2006-1923 Linpha Input Validation vulnerability in Linpha 1.0/1.1.0

Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) RSS/RSS.php and (2) possibly other vectors.

5.8
2006-04-20 CVE-2006-1912 Mybulletinboard Cross-Site Scripting vulnerability in Mybulletinboard 1.10

MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks.

5.8
2006-04-20 CVE-2006-1889 Script Solution DE Cross-Site Scripting vulnerability in Boardsolution

Cross-site scripting (XSS) vulnerability in the search action handler in index.php in Nils Asmussen (aka SCRIPTSOLUTION) Boardsolution 1.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the "Search for" item (keyword parameter).

5.8
2006-04-18 CVE-2006-1822 Farsinews Cross-Site Scripting vulnerability in FarsiNews Search.PHP

Cross-site scripting (XSS) vulnerability in search.php in FarsiNews 2.5.3 Pro and earlier allows remote attackers to inject arbitrary web script or HTML via the selected_search_arch parameter.

5.8
2006-04-18 CVE-2006-1820 Modxcms Directory Traversal vulnerability in Modxcms 0.9.1

Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

5.8
2006-04-21 CVE-2006-1963 Pcpin SQL Injection vulnerability in PCPIN Chat Main.PHP

Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." (dot dot) in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code.

5.5
2006-04-21 CVE-2006-1985 Apple Buffer Errors vulnerability in Apple mac OS X, mac OS X Server and Safari

Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop function.

5.1
2006-04-20 CVE-2006-1942 K Meleon Project
Mozilla
Netscape
Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."
5.1
2006-04-19 CVE-2006-1834 Opera Numeric Errors vulnerability in Opera Browser

Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check.

5.1
2006-04-19 CVE-2006-1828 Php121 SQL Injection vulnerability in PHP121 PHP121LOGIN.PHP

SQL injection vulnerability in php121language.php in PHP121 1.4 allows remote attackers to execute arbitrary SQL commands and execute arbitrary code via the sess_username variable, as set by the php121un HTTP COOKIE parameter, which is used in multiple files including php121login.php.

5.1
2006-04-21 CVE-2006-1988 Apple Multiple Security vulnerability in Apple Mac OS X

The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in QPainter::drawText, probably due to a failed memory allocation that uses the VALUE.

5.0
2006-04-21 CVE-2006-1984 Apple Multiple Security vulnerability in Apple Mac OS X

Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X 10.4.6 and earlier, as used in applications that use ImageIO or AppKit, allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a null dereference.

5.0
2006-04-21 CVE-2006-1973 Linksys Remote Malformed SIP Packet Denial Of Service vulnerability in Linksys RT31P2

Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router allow remote attackers to cause a denial of service via malformed Session Initiation Protocol (SIP) messages.

5.0
2006-04-21 CVE-2006-1966 Fortinet Denial-Of-Service vulnerability in Fortinet28

An unspecified Fortinet product, possibly Fortinet28, allows remote attackers to cause a denial of service via a "small synflood" to the SMTP port (TCP port 25), as demonstrated by a 10-microsecond wait between sending packets.

5.0
2006-04-20 CVE-2006-1941 Neon Software Remote Clock Synchronization Denial of Service vulnerability in Neon Software Neon Responder 5.4

Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a denial of service (application outage) via a crafted Clock Synchronisation packet that triggers an access violation.

5.0
2006-04-20 CVE-2006-1931 Yukihiro Matsumoto Denial of Service vulnerability in Yukihiro Matsumoto Ruby XMLRPC Server

The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data.

5.0
2006-04-20 CVE-2006-1929 I Rater Remote File Include vulnerability in I-RATER Platinum Common.PHP

PHP remote file inclusion vulnerability in include/common.php in I-Rater Platinum allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.

5.0
2006-04-20 CVE-2006-1928 Cisco Denial of Service vulnerability in Cisco IOS XR MPLS

Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 routers, allows remote attackers to cause a denial of service (Modular Services Cards (MSC) crash or "MPLS packet handling problems") via certain MPLS packets, as identified by Cisco bug IDs (1) CSCsd15970 and (2) CSCsd55531.

5.0
2006-04-20 CVE-2006-1927 Cisco Denial of Service vulnerability in Cisco IOS XR MPLS

Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 or Cisco 12000 series routers, allows remote attackers to cause a denial of service (Line card crash) via certain MPLS packets, as identified by Cisco bug ID CSCsc77475.

5.0
2006-04-20 CVE-2006-1926 Thwboard SQL Injection vulnerability in ThWboard Showtopic.PHP

SQL injection vulnerability in showtopic.php in ThWboard 2.84 beta 3 and earlier allows remote attackers to execute arbitrary SQL commands via the pagenum parameter.

5.0
2006-04-20 CVE-2006-1915 Dbbs SQL-Injection vulnerability in Dbbs

SQL injection vulnerability in topics.php in DbbS 2.0-alpha and earlier allows remote attackers to execute arbitrary SQL commands via the fcategoryid parameter.

5.0
2006-04-20 CVE-2006-1914 Dbbs Information Disclosure vulnerability in Dbbs

DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive information via an invalid (1) fcategoryid parameter to topics.php or (2) unavariabile, (3) GLOBALS, or (4) _SERVER[] parameters to script.php.

5.0
2006-04-20 CVE-2006-1909 Coppermine Local File Include vulnerability in Coppermine Photo Gallery 1.4.4

Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences.

5.0
2006-04-20 CVE-2006-1901 Mozilla Denial-Of-Service vulnerability in Camino

Mozilla Camino 1.0 and earlier allow remote attackers to cause a denial of service (null dereference and application crash or hang) via HTML with certain improperly nested elements.

5.0
2006-04-20 CVE-2006-1897 Talentsoft Information Disclosure vulnerability in Talentsoft Web+ Shop 5.3.6

Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script Not Found" Error is not configured, allows remote attackers to obtain sensitive information via a quote (') or possibly other invalid value in the storeid parameter in store.wml in webplus.exe, which reveals the path in a "Script Not Found" error message.

5.0
2006-04-19 CVE-2006-1851 Skymarx Solutions Input Validation vulnerability in xFlow

xFlow 5.46.11 and earlier allows remote attackers to determine the installation path of the application via the (1) action parameter to members_only/index.cgi and (2) page parameter customer_area/index.cgi, probably due to invalid values.

5.0
2006-04-19 CVE-2006-1832 Coder World Input Validation vulnerability in Coder-World Sysinfo 1.21

sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the installation path via the debugger action.

5.0
2006-04-18 CVE-2006-1816 Jelsoft Remote Security vulnerability in Vbulletin 3.5.1/3.5.2/3.5.4

PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and 3.5.4 allows remote attackers to execute arbitrary code via a URL in the systempath parameter to (1) ImpExModule.php, (2) ImpExController.php, and (3) ImpExDisplay.php.

5.0
2006-04-18 CVE-2006-1809 Lifetype Information Disclosure vulnerability in Lifetype 1.0.3

index.php in Lifetype 1.0.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which reveals the path in an error message.

5.0
2006-04-20 CVE-2006-1892 Alwil Unspecified vulnerability in Alwil Avast Antivirus 1.0.5

avast! 4 Linux Home Edition 1.0.5 allows local users to modify permissions of arbitrary files via a symlink attack on the /tmp/_avast4_ temporary directory.

4.9
2006-04-19 CVE-2006-1525 Linux Resource Management Errors vulnerability in Linux Kernel

ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users to cause a denial of service (panic) via a request for a route for a multicast IP address, which triggers a null dereference.

4.9
2006-04-18 CVE-2006-1797 Netbsd Local Denial of Service vulnerability in NetBSD SIOCGIFALIAS IOCTL

The kernel in NetBSD-current before September 28, 2005 allows local users to cause a denial of service (system crash) by using the SIOCGIFALIAS ioctl to gather information on a non-existent alias of a network interface, which causes a NULL pointer dereference.

4.9
2006-04-18 CVE-2006-0744 Linux Improper Input Validation vulnerability in Linux Kernel

Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS.

4.9
2006-04-21 CVE-2006-1972 Wingnut Cross-Site Scripting vulnerability in EasyGallery EasyGallery.PHP

Cross-site scripting (XSS) vulnerability in EasyGallery.php in Wingnut EasyGallery allows remote attackers to inject arbitrary web script or HTML via the ordner parameter.

4.3
2006-04-21 CVE-2006-1971 Krankikom Cross-Site Scripting vulnerability in ContentBoxx Login.PHP

Cross-site scripting (XSS) vulnerability in login.php in KRANKIKOM ContentBoxX allows remote attackers to inject arbitrary web script or HTML via the action parameter.

4.3
2006-04-21 CVE-2006-1970 Kcscripts Cross-Site Scripting vulnerability in Portal Pack

Cross-site scripting (XSS) vulnerability in classifieds/viewcat.cgi in KCScripts Classifieds, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.

4.3
2006-04-20 CVE-2006-1950 Perlcoders Group Cross-Site Scripting vulnerability in Perlcoders Group Bannerfarm 2.3

Multiple cross-site scripting (XSS) vulnerabilities in banners.cgi in PerlCoders BannerFarm 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) aff and (2) cat parameters.

4.3
2006-04-20 CVE-2006-1925 Cutephp Cross-Site Scripting vulnerability in Cutephp Cutenews 1.4.1

Directory traversal vulnerability in the editnews module (inc/editnews.mdu) in index.php in CuteNews 1.4.1 allows remote attackers to read or modify files via the source parameter in the (1) editnews or (2) doeditnews action.

4.3
2006-04-20 CVE-2006-1911 Mybulletinboard Cross-Site Scripting vulnerability in Mybulletinboard 1.1

Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment.

4.3
2006-04-20 CVE-2006-1894 Revoboard Cross-Site Scripting vulnerability in Revoboard 1.8

Cross-site scripting (XSS) vulnerability in RevoBoard 1.8, as derived from PunBB, allows remote attackers to inject arbitrary web script or HTML via a substitution cipher of the email tag, which is transformed when the application's e-mail address obfuscator reverses the transformation.

4.3
2006-04-20 CVE-2006-1891 Betaboard HTML Injection vulnerability in Betaboard 0.1

Cross-site scripting (XSS) vulnerability in Martin Scheffler betaboard 0.1 allows remote attackers to inject arbitrary web script or HTML via a user's profile, possibly using the FormVal_profile parameter.

4.3
2006-04-19 CVE-2006-1846 Francisco Burzi Input Validation vulnerability in Francisco Burzi PHP-Nuke 7.8

Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu.

4.3
2006-04-18 CVE-2006-1826 Snipegallery Cross-Site Scripting vulnerability in Snipegallery Snipe Gallery

Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery 3.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in view.php, (2) keyword parameter in search.php, and (3) image_id parameter in image.php.

4.3
2006-04-18 CVE-2006-1803 Phpmyadmin Cross-Site Scripting vulnerability in PHPMyAdmin

Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter.

4.3
2006-04-18 CVE-2006-1802 Tinywebgallery Cross-Site Scripting vulnerability in Tiny Web Gallery

Cross-site scripting (XSS) vulnerability in index.php in TinyWebGallery 1.3 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the twg_album parameter.

4.3
2006-04-18 CVE-2006-1801 Planet Concept Cross-Site Scripting vulnerability in PlanetSearch+

Cross-site scripting (XSS) vulnerability in planetsearchplus.php in planetSearch+ allows remote attackers to inject arbitrary web script or HTML via the search_exp parameter.

4.3
2006-04-20 CVE-2006-1948 IBM Remote Security vulnerability in IBM Lotus Notes 6.0/6.5

The "Add Sender to Address Book" operation (AddSenderToAddressBook.lss) and NameHelper.lss in IBM Lotus Notes 6.0 and 6.5 before 20060331 do not properly store information in the Personal Address Book when multiple messages are checked and a message uses AltFrom, which might allow user-assisted remote attackers to trick a user into sending e-mail to an unauthorized recipient.

4.0
2006-04-19 CVE-2006-1829 Sybase Unspecified vulnerability in Sybase Easerver 5.2/5.3

EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote authenticated users, possibly guests, to obtain password credentials of arbitrary users via unspecified vectors involving (1) connection caches, (2) open password prompts, and (3) stored custom connection profiles.

4.0

41 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-04-19 CVE-2006-1830 SUN Local Privilege Escalation vulnerability in SUN Java Studio Enterprise 8

Sun Java Studio Enterprise 8, when installed as root, creates certain files with world-writable permissions, which allows local users to execute arbitrary commands via unspecified vectors.

3.7
2006-04-19 CVE-2006-1524 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability.

3.6
2006-04-18 CVE-2006-1753 Debian Unspecified vulnerability in Debian Linux 3.1

A cron job in fcheck before 2.7.59 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

3.6
2006-04-19 CVE-2006-1247 IBM Link Following vulnerability in IBM AIX

rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

3.3
2006-04-21 CVE-2006-1980 W2B Cross-Site Scripting vulnerability in W2B Online Banking SID Parameter

Cross-site scripting (XSS) vulnerability in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) SID parameter, or (3) ilang parameter.

2.6
2006-04-21 CVE-2006-1976 Geekforgod NET Cross-Site Scripting vulnerability in Geekforgod.Net Prayer Request Board Beta1

Cross-site scripting (XSS) vulnerability in addRequest.php in Prayer Request Board (PRB) Beta 1 before 20060320 allows remote attackers to inject arbitrary web script or HTML via the Request field.

2.6
2006-04-21 CVE-2006-1975 Stadtaus COM Cross-Site Scripting vulnerability in Stadtaus.Com PHP-Gastebuch 1.61

Cross-site scripting (XSS) vulnerability in guestbook_newentry.php in PHP-Gastebuch 1.61 allows remote attackers to inject arbitrary web script or HTML via the Kommentar field.

2.6
2006-04-21 CVE-2006-1969 Kcscripts Cross-Site Scripting vulnerability in Portal Pack

Cross-site scripting (XSS) vulnerability in search/search.cgi in an unspecified KCScripts script, probably Search Engine or Site Search, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the q parameter.

2.6
2006-04-21 CVE-2006-1967 Kcscripts Cross-Site Scripting vulnerability in Kcscripts Calendar and Portal Pack

Cross-site scripting (XSS) vulnerability in calendar/Visitor.cgi in KCScripts Calendar, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the sort_order parameter.

2.6
2006-04-20 CVE-2006-1946 Visale Cross-Site Scripting vulnerability in Visale

Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the keyval parameter in pbpgst.cgi, (2) the catsubno parameter in pblscg.cgi, and (3) the listno parameter in pblsmb.cgi.

2.6
2006-04-20 CVE-2006-1945 Awstats Cross-Site Scripting vulnerability in AWStats AWstats.PL

Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter.

2.6
2006-04-20 CVE-2006-1944 Sibsoft Cross-Site Scripting vulnerability in CommuniMail

Multiple cross-site scripting (XSS) vulnerabilities in SibSoft CommuniMail 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the list_id parameter in mailadmin.cgi and (2) the form_id parameter in templates.cgi.

2.6
2006-04-20 CVE-2006-1943 Smarter Scripts Cross-Site Scripting vulnerability in Smarter Scripts Intellilink PRO 5.06

Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts IntelliLink Pro 5.06 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter in addlink_lwp.cgi and the (2) id, (3) forgotid, and (4) forgotpass parameters in edit.cgi.

2.6
2006-04-20 CVE-2006-1918 Papoo Cross-Site Scripting vulnerability in Papoo 2.1.5

Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 allow remote attackers to inject arbitrary web script or HTML via the menuid parameter to (1) index.php or (2) forum.php, or the (3) reporeid_print parameter to print.php.

2.6
2006-04-20 CVE-2006-1908 Mywebland Cross-Site Scripting vulnerability in myEvent

Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the event_desc parameter.

2.6
2006-04-20 CVE-2006-1906 Jjgan852 Cross-Site Scripting vulnerability in Jjgan852 PHPlister 0.4.1

Cross-site scripting (XSS) vulnerability in index.php in jjgan852 phpLister 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

2.6
2006-04-20 CVE-2006-1904 Animegenesis Cross-Site Scripting vulnerability in Gallery

Cross-site scripting (XSS) vulnerability in index.php in AnimeGenesis Gallery allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

2.6
2006-04-20 CVE-2006-1903 Userland Cross-Site Scripting vulnerability in Manila

Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila allow remote attackers to inject arbitrary web script or HTML (1) via the referer parameter in sendMail, and via attributes of (2) the A element and certain other HTML elements in web pages edited with the editInBrowser module.

2.6
2006-04-20 CVE-2006-1899 DEV HTML Injection vulnerability in DEV Neuron Blog 1.1

Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) website parameters.

2.6
2006-04-20 CVE-2006-1898 Ralph Capper Cross-Site Scripting vulnerability in Ralph Capper Tinyphpforum 3.6

Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Tiny PHP Forum (TPF) 3.6 allow remote attackers to inject arbitrary web script or HTML via (1) the uname parameter in a view action in profile.php and (2) a login name.

2.6
2006-04-20 CVE-2006-1878 Phpfaber Cross-Site Scripting vulnerability in PHPfaber Topsites 3

Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites allows remote attackers to inject arbitrary web script or HTML via the page parameter.

2.6
2006-04-19 CVE-2006-1850 Skymarx Solutions Input Validation vulnerability in xFlow

Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) level, (2) position, (3) id, and (4) action parameters to members_only/index.cgi, and the (5) page parameter to customer_area/index.cgi.

2.6
2006-04-19 CVE-2006-1848 Linpha Cross-Site Scripting vulnerability in Linpha 1.1.0

Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php in LinPHA 1.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, and (3) date parameter.

2.6
2006-04-19 CVE-2006-1843 Cynical Games Cross-Site Scripting vulnerability in Cynical Games Shoutbook 1.1

Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) LOCATION and (2) URL parameters.

2.6
2006-04-19 CVE-2006-1842 Cynical Games HTML Injection vulnerability in Cynical Games Shoutbook 1.1

Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) NAME and (2) COMMENTS parameters.

2.6
2006-04-19 CVE-2006-1841 Kailash Nadh Cross-Site Scripting vulnerability in BoastMachine Search.PHP

Cross-site scripting (XSS) vulnerability in search.php in boastMachine (bMachine) 2.7, and possibly other versions before 2.9b, allows remote attackers to inject arbitrary web script or HTML via the key parameter, as used by the search field.

2.6
2006-04-19 CVE-2006-1835 Vincent HOR Cross-Site Scripting vulnerability in Calendarix YearCal.PHP

Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter.

2.6
2006-04-19 CVE-2006-1833 Netbsd Unspecified vulnerability in Netbsd

Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the presence of the pchb interface, which will cause it to always generate the same random number, which allows remote attackers to more easily crack encryption keys generated from the interface.

2.6
2006-04-18 CVE-2006-1818 THE WAR Forge Input Validation vulnerability in the WAR Forge Warforge.News 1.0

Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) first_name and (2) last_name parameter in myaccounts.php.

2.6
2006-04-18 CVE-2006-1817 THE WAR Forge Input Validation vulnerability in the WAR Forge Warforge.News 1.0

SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) authusername and possibly the (2) authpassword cookie.

2.6
2006-04-18 CVE-2006-1815 Tritanium Scripts Cross-Site Scripting vulnerability in Tritanium Bulletin Board

Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_realname and (2) newuser_icq parameters, a different vector than CVE-2006-1768.

2.6
2006-04-18 CVE-2006-1808 Lifetype Cross-Site Scripting vulnerability in Lifetype 1.0.3

Cross-site scripting (XSS) vulnerability in index.php in Lifetype 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the show parameter in a Template operation.

2.6
2006-04-18 CVE-2006-1806 Musicbox Input Validation vulnerability in MusicBox

Cross-site scripting (XSS) vulnerability in index.php in Musicbox 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter in a search action.

2.6
2006-04-17 CVE-2006-1795 Updi Network Enterprise HTML Injection vulnerability in Updi Network Enterprise AT1 Event Publisher 20060323

Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI Network Enterprise @1 Table Publisher 2006-03-23 allows remote attackers to inject arbitrary web script or HTML via the Title of Table field.

2.6
2006-04-21 CVE-2006-1981 Apple Local Security vulnerability in Mac OS X

Unspecified vulnerability in Java InputMethods on Mac OS X 10.4.5 may cause InputMethods to send input events for secure fields to the wrong text field, which might reveal the password to others who can view the screen.

2.1
2006-04-20 CVE-2006-1902 GNU Buffer Errors vulnerability in GNU GCC 4.1

fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.NOTE: the vendor states that the essence of the issue is "not correctly interpreting an offset to a pointer as a signed value."

2.1
2006-04-20 CVE-2006-1056 Freebsd
Linux
Cryptographic Issues vulnerability in multiple products

The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys.

2.1
2006-04-19 CVE-2006-1844 Debian Unspecified vulnerability in Debian Base-Config and Shadow

The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.

2.1
2006-04-18 CVE-2006-1814 Netbsd Local Denial of Service vulnerability in NetBSD Sysctl

NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a denial of service (memory exhaustion) by using the sysctl system call to lock a large buffer into physical memory.

2.1
2006-04-18 CVE-2006-1810 Flexbb HTML Injection vulnerability in Flexbb 0.5.5Beta

Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to inject arbitrary web script or HTML via the (1) ICQ, (2) AIM, (3) MSN, (4) Google Talk, (5) Website Name, (6) Website Address, (7) Email Address, (8) Location, (9) Signature, and (10) Sub-Titles fields in the user profile.

1.9
2006-04-18 CVE-2006-1824 Phpguestbook HTML Injection vulnerability in PHPguestbook 1.0

Multiple cross-site scripting (XSS) vulnerabilities in PhpGuestbook.php in PhpGuestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Comment parameter.

1.2