Weekly Vulnerabilities Reports > April 24 to 30, 2006
Overview
122 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 28 high severity vulnerabilities. This weekly summary report vulnerabilities in 112 products from 93 vendors including Invision Power Services, Libtiff, Symantec, WEB Provence, and Verosky Media. Vulnerabilities are notably categorized as "Resource Management Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "SQL Injection", and "Race Condition".
- 112 reported vulnerabilities are remotely exploitables.
- 4 reported vulnerabilities have public exploit available.
- 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 117 reported vulnerabilities are exploitable by an anonymous user.
- Invision Power Services has the most reported vulnerabilities, with 4 reported vulnerabilities.
- Juniper has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
3 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2006-04-27 | CVE-2006-2077 | Pdnsd | Buffer Overflow vulnerability in Paul A. Rombouts PDNSD Buffer overflow in Paul Rombouts pdnsd before 1.2.4 has unknown impact and attack vectors. | 10.0 |
| 2006-04-27 | CVE-2006-2074 | Juniper | Denial Of Service vulnerability in Juniper JUNOSe DNS Client Unspecified vulnerability in Juniper Networks JUNOSe E-series routers before 7-1-1 has unknown impact and remote attack vectors related to the DNS "client code," as demonstrated by the OUSPG PROTOS DNS test suite. | 10.0 |
| 2006-04-25 | CVE-2006-0230 | Symantec | Remote vulnerability in Symantec Antivirus Scan Engine 5.0.0.24 Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests. | 10.0 |
28 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2006-04-29 | CVE-2006-2108 | OCE North America | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in OCE North America 3121 Printer and 3122 Printer parser.exe in Océ (OCE) 3121/3122 Printer allows remote attackers to cause a denial of service (crash or reboot) via a long request, possibly triggering a buffer overflow. | 7.8 |
| 2006-04-29 | CVE-2006-2102 | Poweriso | Directory Traversal vulnerability in Poweriso 2.9 Directory traversal vulnerability in PowerISO 2.9 allows remote attackers to write arbitrary files via a .. | 7.8 |
| 2006-04-29 | CVE-2006-2100 | Magic ISO Maker | Directory Traversal vulnerability in MagicISO Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows remote attackers to write arbitrary files via a .. | 7.8 |
| 2006-04-27 | CVE-2006-2078 | Furukawa Electric | DNS Handling vulnerability in Multiple FITELnet Products Multiple unspecified vulnerabilities in multiple FITELnet products, including FITELnet-F40, F80, F100, F120, F1000, and E20/E30, allow remote attackers to cause a denial of service via crafted DNS messages that trigger errors in (1) ProxyDNS or (2) PKI-Resolver, as demonstrated by the OUSPG PROTOS DNS test suite. | 7.8 |
| 2006-04-25 | CVE-2006-2020 | Asteriskathome | Information Disclosure vulnerability in Asterisk Recording Interface Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8 stores recordings/includes/main.conf under the web document root with insufficient access control, which allows remote attackers to obtain password information. | 7.8 |
| 2006-04-29 | CVE-2006-2107 | BL4 | Buffer Overflow vulnerability in BL4 SMTP Server Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the (1) EHLO, (2) MAIL FROM, and (3) RCPT TO commands. | 7.5 |
| 2006-04-29 | CVE-2006-2098 | PHP Thumbnail Autoindex | Remote Security vulnerability in Php Thumbnail Autoindex PHP remote file inclusion vulnerability in Thumbnail AutoIndex before 2.0 allows remote attackers to execute arbitrary PHP code via (1) README.html or (2) HEADER.html. | 7.5 |
| 2006-04-29 | CVE-2006-2097 | Invision Power Services | SQL Injection vulnerability in Invision Power Board Func_msg.PHP SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM). | 7.5 |
| 2006-04-29 | CVE-2006-2090 | Mysmartbb | SQL Injection vulnerability in Mysmartbb 1.1.2/1.1.3 Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) username parameters. | 7.5 |
| 2006-04-29 | CVE-2006-2086 | Juniper | Remote Buffer Overflow vulnerability in Juniper SSL-VPN Client ActiveX Control Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter. | 7.5 |
| 2006-04-28 | CVE-2006-2083 | Andrew Tridgell | Integer Overflow vulnerability in RSync Receive_XATTR Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow. | 7.5 |
| 2006-04-27 | CVE-2006-2067 | Mkportal | Input Validation vulnerability in Mkportal 1.1 SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, as used with vBulletin 3.5.4 and earlier, allows remote attackers to execute arbitrary SQL commands via the userid parameter. | 7.5 |
| 2006-04-27 | CVE-2006-2065 | Phpsurveyor | SQL Injection vulnerability in PHPSurveyor SurveyID Parameter SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. | 7.5 |
| 2006-04-27 | CVE-2006-1514 | Abcmidi | Remote Buffer Overflow vulnerability in Abcmidi 20041204/20050101 Multiple buffer overflows in the abcmidi-yaps translator in abcmidi 20050101, and other versions, allow remote attackers to execute arbitrary code via crafted ABC music files that trigger the overflows during translation into PostScript. | 7.5 |
| 2006-04-26 | CVE-2006-2044 | IP3 Networks | Local vulnerability in IP3 Networks IP3 Netaccess 75 4.0.34 na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default username of admin and a default password of admin. | 7.5 |
| 2006-04-26 | CVE-2006-2039 | Ubertec | SQL Injection vulnerability in Help Center Live OSTicket Module Multiple SQL injection vulnerabilities in the osTicket module in Help Center Live before 2.1.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
| 2006-04-26 | CVE-2006-2038 | Amplecom | SQL-Injection vulnerability in Ampleshop Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) RecordID parameter in (a) Customeraddresses_RecordAction.cfm and (b) youraccount.cfm; (2) solus parameter in (c) detail.cfm; and (3) cat parameter in (d) category.cfm. | 7.5 |
| 2006-04-26 | CVE-2006-2034 | Flexbb | Input Validation vulnerability in Flexbb 0.5.5 SQL injection vulnerability in function/showprofile.php in FlexBB 0.5.5 allows remote attackers to execute arbitrary SQL commands, and view all usernames and passwords, via the id parameter to the showprofile page in index.php. | 7.5 |
| 2006-04-25 | CVE-2006-2022 | LS3 | Remote Buffer Overflow and Denial Of Service vulnerability in Fenice Buffer overflow in the parse_url function in the RTSP module (rtsp/parse_url.c) in Fenice 1.10 and earlier allows remote attackers to execute arbitrary code via a long URL. | 7.5 |
| 2006-04-25 | CVE-2006-2018 | Jelsoft | SQL-Injection vulnerability in vBulletin SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. | 7.5 |
| 2006-04-25 | CVE-2006-2013 | WEB Provence | Input Validation vulnerability in Web-Provence SL Site 1.0 SQL injection vulnerability in page.php in SL_site 1.0 allows remote attackers to execute arbitrary SQL commands via the id_page parameter. | 7.5 |
| 2006-04-25 | CVE-2006-2010 | Paras Chopra | SQL Injection vulnerability in Bloggage Check_login.ASP Multiple SQL injection vulnerabilities in check_login.asp in Bloggage allow remote attackers to execute arbitrary SQL commands via the (1) acc_name and (2) password parameter. | 7.5 |
| 2006-04-25 | CVE-2006-2009 | Phpmyagenda | Remote File Include vulnerability in PHPmyagenda 3.0Final PHP remote file inclusion vulnerability in agenda.php3 in phpMyAgenda 3.0 Final and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter. | 7.5 |
| 2006-04-25 | CVE-2006-2008 | Built2Go | Remote File Include vulnerability in Built2go Movie Review Movie_CLS.PHP3 PHP remote file inclusion vulnerability in movie_cls.php in Built2Go PHP Movie Review 2B and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path parameter. | 7.5 |
| 2006-04-25 | CVE-2006-2007 | Winny | Heap Overflow vulnerability in Winny File Transfer Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote attackers to execute arbitrary code via long strings to certain commands sent to the file transfer port. | 7.5 |
| 2006-04-25 | CVE-2006-2005 | Clansys | Remote Code Execution vulnerability in Clansys 1.1 Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. | 7.5 |
| 2006-04-25 | CVE-2006-2004 | Michael Romedahl | SQL Injection vulnerability in Michael Romedahl RI Blog 1.1 Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote attackers to execute arbitrary SQL command via the (1) username or (2) password fields. | 7.5 |
| 2006-04-25 | CVE-2006-1994 | Dforum | Remote File Include vulnerability in Dforum 1.5 PHP remote file inclusion vulnerability in dForum 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DFORUM_PATH parameter to (1) about.php, (2) admin.php, (3) anmelden.php, (4) losethread.php, (5) config.php, (6) delpost.php, (7) delthread.php, (8) dfcode.php, (9) download.php, (10) editanoc.php, (11) forum.php, (12) login.php, (13) makethread.php, (14) menu.php, (15) newthread.php, (16) openthread.php, (17) overview.php, (18) post.php, (19) suchen.php, (20) user.php, (21) userconfig.php, (22) userinfo.php, and (23) verwalten.php. | 7.5 |
78 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2006-04-29 | CVE-2006-2104 | Kmail | Cross-Site Scripting vulnerability in Kmail 1.7.1 Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email System (kmail) 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter to main.php, ordner parameter to (2) main.php, or (3) webdisk.php, (4) draft parameter to compose.php, or (5) m, or (6) y parameter to calendar.php. | 6.8 |
| 2006-04-27 | CVE-2006-2080 | Verosky Media | Cross-Site Scripting vulnerability in Verosky Media Instant Photo Gallery 1.0.2 SQL injection vulnerability in portfolio_photo_popup.php in Verosky Media Instant Photo Gallery 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, which is not cleansed before calling the count_click function in includes/functions/fns_std.php. | 6.8 |
| 2006-04-26 | CVE-2006-2063 | Leadhound Network | Cross-Site Scripting vulnerability in Leadhound Network Leadhound Full and Leadhound Lite Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to inject arbitrary web script or HTML via the login parameter in (1) agent_affil.pl, (2) agent_help.pl, (3) agent_faq.pl, (4) agent_help_insert.pl, (5) sign_out.pl, (6) members.pl, (7) modify_agent_1.pl, (8) modify_agent_2.pl, (9) modify_agent.pl, (10) agent_links.pl, (11) agent_stats_pending_leads.pl, (12) agent_logoff.pl, (13) agent_rev_det.pl, (14) agent_subaffiliates.pl, (15) agent_stats_pending_leads.pl, (16) agent_transactions.pl, (17) agent_payment_history.pl, (18) agent_summary.pl, (19) agent_camp_all.pl, (20) agent_camp_new.pl, (21) agent_camp_notsub.pl, (22) agent_campaign.pl, (23) agent_camp_expired.pl, (24) agent_stats_det.pl, (25) agent_stats.pl, (26) agent_camp_det.pl, (27) agent_camp_sub.pl, (28) agent_affil_list.pl, and (29) agent_affil_code.pl; the logged parameter in (30) agent_faq.pl, (31) agent_help_insert.pl, (32) members.pl, (33) modify_agent_1.pl, (34) modify_agent_2.pl, (35) modify_agent.pl, (36) agent_links.pl, (37) agent_subaffiliates.pl, (38) agent_stats_pending_leads.pl, (39) agent_transactions.pl, (40) agent_summary.pl, (41) agent_camp_all.pl, (42) agent_camp_new.pl, (43) agent_camp_notsub.pl, (44) agent_campaign.pl, (45) agent_camp_expired.pl, (46) agent_stats.pl, (47) agent_camp_det.pl, (48) agent_camp_sub.pl, (49) agent_affil_list.pl, and (50) agent_affil_code.pl; the camp_id parameter in (51) agent_links.pl, (52) agent_subaffiliates.pl, and (53) agent_camp_det.pl; the (54) banner parameter in agent_links.pl; the offset parameter in (55) agent_links.pl, (56) agent_subaffiliates.pl, (57) agent_transactions.pl, and (58) agent_summary.pl; the date parameter in (59) agent_subaffiliates.pl, (60) agent_transactions.pl, and (61) agent_summary.pl; the dates parameter in (62) agent_rev_det.pl and (63) agent_stats_det.pl; the (64) page parameter in agent_camp_det.pl; the (65) agent_id parameter in agent_commission_statement.pl; and the (66) lost password field in lost_pwd.pl. | 6.8 |
| 2006-04-26 | CVE-2006-2027 | Pablo Software Solutions | Buffer Overflow vulnerability in Pablo Software Solutions Quick N Easy FTP Server 3.0 Buffer overflow in Unicode processing in the logging functionality in Pablo Software Solutions Quick 'n Easy FTP Server Professional and Lite, probably 3.0, allows remote authenticated users to execute arbitrary code by sending a command with a long argument, which triggers a buffer overflow when an admin selects the Logging section in the FTP server main window. | 6.5 |
| 2006-04-25 | CVE-2006-2026 | Libtiff | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libtiff Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions." This vulnerability is addressed in the following product release: libTIFF, libTIFF, 3.8.1 | 6.5 |
| 2006-04-25 | CVE-2006-2025 | Libtiff | Integer Overflow vulnerability in LibTiff TIFFFetchData Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image. | 6.5 |
| 2006-04-26 | CVE-2006-2062 | Leadhound Network | SQL-Injection vulnerability in Leadhound Network Leadhound Full and Leadhound Lite Multiple SQL injection vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to execute arbitrary SQL commands via the (1) banner parameter in agent_links.pl; the offset parameter in (2) agent_links.pl, (3) agent_transactions.pl, (4) agent_subaffiliates.pl, and (5) agent_summary.pl; the camp_id parameter in (6) agent_transactions_csv.pl, (7) agent_subaffiliates.pl, and (8) agent_camp_det.pl; the (9) login parameter in agent_commission_statement.pl; the logged parameter in (10) agent_commission_statement.pl and (11) agent_camp_det.pl; the (12) agent_id parameter in agent_commission_statement.pl; and the (13) sub parameter in unspecified files. | 6.4 |
| 2006-04-26 | CVE-2006-2060 | Invision Power Services | Directory Traversal vulnerability in Invision Power Services Invision Power Board 2.0.X/2.1.X Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. | 6.4 |
| 2006-04-26 | CVE-2006-2053 | Quickestore | SQL-Injection vulnerability in Quickestore 7.9 Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the OrderID parameter in (a) shipping.cfm and (b) checkout.cfm, (2) ItemID parameter in (c) proddetail.cfm, (3) SubCatID parameter in (d) index.cfm, the (4) CategoryID parameter in (e) prodpage.cfm, and (5) ProdID parameter in (f) Details.cfm. | 6.4 |
| 2006-04-26 | CVE-2006-2046 | Application Dynamics | SQL Injection vulnerability in Application Dynamics Cartweaver ColdFusion Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm. | 6.4 |
| 2006-04-26 | CVE-2006-2040 | Photokorn | SQL Injection vulnerability in Photokorn 1.53/1.542 Multiple SQL injection vulnerabilities in photokorn 1.53 and 1.542 allow remote attackers to execute arbitrary SQL commands via the (1) cat, (2) pic and (3) page parameter in index.php; (4) id parameter in postcard.php; and (5) cat parameter in print.php. | 6.4 |
| 2006-04-26 | CVE-2006-2033 | Corenews | Input Validation vulnerability in Corenews 2.0.1 PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and earlier allows remote authenticated users to execute arbitrary commands via the show parameter. | 6.4 |
| 2006-04-26 | CVE-2006-2032 | Corenews | Input Validation vulnerability in CoreNews Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) icon_id and (2) userid parameters in preview.php. | 6.4 |
| 2006-04-26 | CVE-2006-2029 | Simplog | SQL-Injection vulnerability in Simplog Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter in (a) preview.php; the (2) cid, (3) pid, and (4) eid parameters in (b) archive.php; and the (5) pid parameter in (c) comments.php. | 6.4 |
| 2006-04-25 | CVE-2006-0231 | Symantec | Remote vulnerability in Symantec Antivirus Scan Engine 5.0.0.24 Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications. | 6.4 |
| 2006-04-24 | CVE-2006-1991 | PHP | Resource Management Errors vulnerability in PHP 5.1.2 The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument. | 6.4 |
| 2006-04-26 | CVE-2006-2052 | Verosky Media | Cross-Site Scripting vulnerability in Verosky Media Instant Photo Gallery 1.0 Cross-site scripting (XSS) vulnerability in Verosky Media Instant Photo Gallery allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action in member.php. | 5.8 |
| 2006-04-26 | CVE-2006-2051 | Nextage | HTML Injection vulnerability in NextAge Shopping Cart Multiple cross-site scripting (XSS) vulnerabilities in myadmin/index.php in NextAge Shopping Cart allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password parameters. | 5.8 |
| 2006-04-26 | CVE-2006-2028 | Simplog | Cross-Site Scripting vulnerability in Simplog Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy Ashcraft Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the imagedir parameter. | 5.8 |
| 2006-04-29 | CVE-2006-2094 | Microsoft | Race Condition vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. | 5.1 |
| 2006-04-29 | CVE-2006-2085 | Speedproject | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Speedproject Speedcommander and Squeez Multiple buffer overflows in (1) CxAce60.dll and (2) CxAce60u.dll in SpeedProject Squeez 5.10 Build 4460, and SpeedCommander 10.52 Build 4450 and 11.01 Build 4450, allow user-assisted remote attackers to execute arbitrary code via an ACE archive that contains a file with a long filename. | 5.1 |
| 2006-04-25 | CVE-2006-1993 | Mozilla | Resource Management Errors vulnerability in Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. | 5.1 |
| 2006-04-25 | CVE-2006-1513 | Abc2Ps | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Abc2Ps Multiple buffer overflows in abc2ps before 1.3.3 allow user-assisted attackers to execute arbitrary code via crafted ABC music files. | 5.1 |
| 2006-04-29 | CVE-2006-2105 | Jupiter CMS | Local File Include vulnerability in Jupiter CMS 1.1.4/1.1.5 Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 and 1.1.5 allows remote attackers to read arbitrary files via ".." sequences terminated by a %00 (null) character in the n parameter. | 5.0 |
| 2006-04-29 | CVE-2006-2101 | Winiso Computing | Directory Traversal vulnerability in Winiso Computing Winiso 5.3 Directory traversal vulnerability in WinISO 5.3 allows remote attackers to write arbitrary files via a .. | 5.0 |
| 2006-04-29 | CVE-2006-2099 | EZB Systems | Directory Traversal vulnerability in EZB Systems Ultraiso 8.0.0.1392 Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote attackers to write arbitrary files via a .. | 5.0 |
| 2006-04-29 | CVE-2006-2096 | Neocrome | Information Disclosure vulnerability in Land Down Under plug.php in Land Down Under (LDU) 802 and earlier allows remote attackers to obtain sensitive information via an invalid (1) month or (2) year parameter, which reveals the path in an error message. | 5.0 |
| 2006-04-29 | CVE-2006-2095 | Phex | Permissions, Privileges, and Access Controls vulnerability in Phex Phex before 2.8.6 allows remote attackers to cause a denial of service (application hang) by initiating multiple chat requests to a single user and then logging off. | 5.0 |
| 2006-04-29 | CVE-2006-2092 | HP | Remote Denial Of Service vulnerability in HP Storageworks Secure Path Windows 4.0C Unspecified vulnerability in HP StorageWorks Secure Path for Windows 4.0C-SP2 before 20060419 allows remote attackers to cause an unspecified denial of service via unknown vectors. | 5.0 |
| 2006-04-29 | CVE-2006-2091 | Vwar | Information Disclosure vulnerability in Virtual War admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows remote attackers to obtain sensitive information via an invalid vwar_root parameter, which reveals the path in an error message. | 5.0 |
| 2006-04-29 | CVE-2006-2087 | Hitachi | Denial-Of-Service vulnerability in Groupmax Integrated Desktop The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote attackers to cause a denial of service (application hang or erroneous behavior) via an attachment with an MS-DOS device filename. | 5.0 |
| 2006-04-27 | CVE-2006-2076 | Pdnsd | Denial Of Service vulnerability in Paul A. Rombouts PDNSD DNS Query Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote attackers to cause a denial of service (memory consumption) via a DNS query with an unsupported (1) QTYPE or (2) QCLASS, as demonstrated by the OUSPG PROTOS DNS test suite. | 5.0 |
| 2006-04-27 | CVE-2006-2075 | DON Moore | Denial-Of-Service vulnerability in DON Moore Mydns 1.1.0 Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers to cause a denial of service via a crafted DNS message, aka "Query-of-death," as demonstrated by the OUSPG PROTOS DNS test suite. | 5.0 |
| 2006-04-27 | CVE-2006-2073 | ISC | Denial Of Service vulnerability in ISC BIND TSIG Zone Transfer Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite. | 5.0 |
| 2006-04-27 | CVE-2006-2072 | Delegate | Denial Of Service vulnerability in DeleGate DNS Response Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attackers to cause a denial of service via crafted DNS responses messages that cause (1) a buffer over-read or (2) infinite recursion, which can trigger a segmentation fault or invalid memory access, as demonstrated by the OUSPG PROTOS DNS test suite. | 5.0 |
| 2006-04-27 | CVE-2006-2069 | Powerdns | Resource Management Errors vulnerability in Powerdns 3.0 The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service (application crash) via malformed EDNS0 packets. | 5.0 |
| 2006-04-27 | CVE-2006-2068 | Hitachi | Denial of Service vulnerability in Multiple Hitachi JP1 Products Unspecified vulnerability in Hitachi JP1 products allow remote attackers to cause a denial of service (application stop or fail) via unexpected requests or data. | 5.0 |
| 2006-04-26 | CVE-2006-2061 | Invision Power Services | SQL Injection vulnerability in Invision Power Board Index.PHP CK Parameter SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters. | 5.0 |
| 2006-04-26 | CVE-2006-2059 | Invision Power Services | Unspecified vulnerability in Invision Power Services Invision Power Board 2.1.520060308 action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "#e" (execute) modifier. | 5.0 |
| 2006-04-26 | CVE-2006-2054 | 3Com | Remote Denial Of Service vulnerability in 3Com 3C16486 1.0.2 3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware before 1.0.2.0 allows remote attackers to cause a denial of service (unstable operation) via long DHCP packets. | 5.0 |
| 2006-04-26 | CVE-2006-2050 | Dcscripts | Input Validation vulnerability in Dcscripts Dcforumlite 3.0 SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to execute arbitrary SQL commands via the az parameter. | 5.0 |
| 2006-04-26 | CVE-2006-2047 | Application Dynamics | SQL-Injection vulnerability in Application Dynamics Cartweaver Coldfusion 2.16.11 Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows remote attackers to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5) ProdID parameter in (b) Details.cfm; which reveal the path in various error messages. | 5.0 |
| 2006-04-26 | CVE-2006-2041 | Phpwebgallery | Remote Security vulnerability in PHPwebgallery 1.0/1.4.1/1.5.1 PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter. | 5.0 |
| 2006-04-26 | CVE-2006-2030 | Alliedtelesyn | Denial-Of-Service vulnerability in At-9724Ts The Allied Telesyn AT-9724TS switch allows remote attackers to cause a denial of service via a large amount of UDP data to the switch, which leads to unstable operation and possibly failure of the management interface or routing. | 5.0 |
| 2006-04-26 | CVE-2006-0048 | Francesco Stablum | Remote Denial of Service vulnerability in Francesco Stablum Tcpick 0.2.1 Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a denial of service (segmentation fault) via certain fragmented packets, possibly involving invalid headers and an attacker-controlled payload length. | 5.0 |
| 2006-04-25 | CVE-2006-2023 | LS3 | Remote Buffer Overflow and Denial Of Service vulnerability in Fenice Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c in Fenice 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a large HTTP Content-Length value, which leads to an invalid memory access. | 5.0 |
| 2006-04-25 | CVE-2006-2021 | Asteriskathome | Information Disclosure vulnerability in Asterisk Recording Interface Absolute path traversal vulnerability in recordings/misc/audio.php in the Asterisk Recording Interface (ARI) web interface in Asterisk@Home before 2.8 allows remote attackers to read arbitrary MP3, WAV, and GSM files via a full pathname in the recording parameter. | 5.0 |
| 2006-04-25 | CVE-2006-2019 | Apple | Denial Of Service vulnerability in Apple Safari Web Browser Rowspan Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute. | 5.0 |
| 2006-04-25 | CVE-2006-2017 | Dnsmasq | Denial Of Service vulnerability in Dnsmasq 2.29 Dnsmasq 2.29 allows remote attackers to cause a denial of service (application crash) via a DHCP client broadcast reply request. | 5.0 |
| 2006-04-25 | CVE-2006-2014 | WEB Provence | Input Validation vulnerability in Web-Provence SL Site 1.0 Directory traversal vulnerability in gallerie.php in SL_site 1.0 allows remote attackers to list images in arbitrary directories via ".." sequences in the rep parameter, which is used to construct a directory name in admin/config.inc.php. | 5.0 |
| 2006-04-25 | CVE-2006-2012 | Skulltag Team | Remote Format String vulnerability in Skulltag Team Skulltag 0.96D Format string vulnerability in Skulltag 0.96f and earlier allows remote attackers to cause a denial of service via the version string. | 5.0 |
| 2006-04-25 | CVE-2006-2006 | Ivan Zahariev | Unspecified vulnerability in Ivan Zahariev Izarc 3.5Beta3 Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 beta 3 allow remote attackers to write arbitrary files via a ..\ (dot dot backslash) in a (1) .rar, (2) .tar, (3) .zip, (4) .jar, or (5) .gz archive. | 5.0 |
| 2006-04-25 | CVE-2006-2002 | Mygamingladder | Remote File Include vulnerability in Mygamingladder 7.0 PHP remote file inclusion vulnerability in stats.php in MyGamingLadder 7.0 allows remote attackers to execute arbitrary PHP code via a URL in the dir[base] parameter. | 5.0 |
| 2006-04-25 | CVE-2006-1999 | Openttd | Denial Of Service vulnerability in Openttd 0.4.7 The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause a denial of service via a UDP packet with an incorrect size, which causes the client to return to the main menu. | 5.0 |
| 2006-04-25 | CVE-2006-1996 | Scry Gallery | Cross-Site Scripting vulnerability in Scry Gallery Scry Gallery 1.1 Scry Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid p parameter, which reveals the path in an error message. | 5.0 |
| 2006-04-25 | CVE-2006-1995 | Scry Gallery | Directory Traversal vulnerability in Scry Gallery Scry Gallery 1.1 Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order. | 5.0 |
| 2006-04-25 | CVE-2006-0232 | Symantec | Remote vulnerability in Symantec Antivirus Scan Engine 5.0.0.24 Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests. | 5.0 |
| 2006-04-24 | CVE-2006-1990 | PHP | Unspecified vulnerability in PHP 4.4.2/5.1.2 Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396. | 5.0 |
| 2006-04-24 | CVE-2006-1952 | Winagents | Directory Traversal vulnerability in WinAgents TFTP Server Directory traversal vulnerability in WinAgents TFTP Server for Windows 3.1 and earlier allows remote attackers to read arbitrary files via "..." (triple dot) sequences in a GET request. | 5.0 |
| 2006-04-24 | CVE-2006-1951 | Solarwinds | Directory Traversal vulnerability in Solarwinds Tftp Server 5.0.55Standard/5.0.60Standard/8.1 Directory traversal vulnerability in SolarWinds TFTP Server 8.1 and earlier allows remote attackers to download arbitrary files via a crafted GET request including "....//" sequences, which are collapsed into "../" sequences by filtering. | 5.0 |
| 2006-04-27 | CVE-2006-2081 | Oracle | SQL Injection vulnerability in Oracle 10g DBMS_EXPORT_EXTENSION Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GET_DOMAIN_INDEX_METADATA function in the DBMS_EXPORT_EXTENSION package. | 4.6 |
| 2006-04-27 | CVE-2006-2064 | SUN | Local Privilege Escalation vulnerability in SUN Solaris 10.0 Unspecified vulnerability in the libpkcs11 library in Sun Solaris 10 might allow local users to gain privileges or cause a denial of service (application failure) via unknown attack vectors that involve the getpwnam family of non-reentrant functions. | 4.6 |
| 2006-04-26 | CVE-2006-2043 | IP3 Networks | Local vulnerability in IP3 Networks IP3 Netaccess 75 4.0.34 na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via "`" (backtick) characters in the appliance's command line interface (CLI). | 4.6 |
| 2006-04-26 | CVE-2006-1864 | Linux | Unspecified vulnerability in Linux Kernel Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1863. | 4.6 |
| 2006-04-29 | CVE-2006-2106 | Edgewall Software | Remote HTML Injection vulnerability in Edgewall Software Trac 0.9.4 Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro." | 4.3 |
| 2006-04-29 | CVE-2006-2089 | Mysmartbb | Input Validation vulnerability in Mysmartbb 1.1.2/1.1.3 Multiple cross-site scripting (XSS) vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) username parameters. | 4.3 |
| 2006-04-29 | CVE-2006-2088 | Devsyn | Cross-Site Scripting vulnerability in Devsyn Open Bulletin Board 1.0.6 Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open Bulletin Board (OpenBB) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via (1) the FID parameter in board.php and (2) the TID parameter in read.php. | 4.3 |
| 2006-04-29 | CVE-2006-2084 | Farsinews | Cross-Site Scripting vulnerability in Farsinews 2.1/2.1Beta2/2.5 Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 Pro and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in (a) index.php, and the (3) mod parameter in (b) admin.php. | 4.3 |
| 2006-04-27 | CVE-2006-2079 | Verosky Media | Cross-Site Scripting vulnerability in Verosky Media Instant Photo Gallery 1.0 Cross-site scripting (XSS) vulnerability in portfolio.php in Verosky Media Instant Photo Gallery, possibly before 1.0.2, allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. | 4.3 |
| 2006-04-27 | CVE-2006-2070 | Mybb | Cross-Site Scripting vulnerability in Mybb Devbb 1.0.0 Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action. | 4.3 |
| 2006-04-27 | CVE-2006-2066 | Mkportal | Cross-Site Scripting vulnerability in Mkportal 1.1Rc1 Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MKPortal 1.1 Rc1 and earlier, as used with vBulletin 3.5.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) u1, (2) m1, (3) m2, (4) m3, (5) m4 parameters. | 4.3 |
| 2006-04-26 | CVE-2006-2049 | Dcscripts | Input Validation vulnerability in Dcscripts Dcforumlite 3.0 Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to inject arbitrary web script or HTML via the az parameter. | 4.3 |
| 2006-04-26 | CVE-2006-2048 | Phpwebftp | Cross-Site Scripting vulnerability in PHPwebftp 2.3 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Edwin van Wijk phpWebFTP 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) port, (2) server, and (3) user parameters. | 4.3 |
| 2006-04-26 | CVE-2006-2037 | Thwboard | Cross-Site Scripting vulnerability in Thwboard 3.0Beta2.84 Cross-site scripting (XSS) vulnerability in index.php in Thwboard 3.0 Beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the navpath parameter. | 4.3 |
| 2006-04-25 | CVE-2006-2003 | Community Architect | Cross-Site Scripting vulnerability in Community Architect Guestbook Cross-site scripting (XSS) vulnerability in cgi-bin/guest in Community Architect Guestbook allows remote attackers to inject arbitrary web script or HTML by signing the guestbook, which is displayed by fsguestbook.html. | 4.3 |
| 2006-04-25 | CVE-2006-2001 | Scry Gallery | Cross-Site Scripting vulnerability in Scry Gallery Scry Gallery 1.1 Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. | 4.3 |
| 2006-04-25 | CVE-2006-2000 | Logmethods | Cross-Site Scripting vulnerability in Logmethods 0.9 Cross-site scripting (XSS) vulnerability in /lms/a2z.jsp in logMethods 0.9 allows remote attackers to inject arbitrary web script or HTML via the kwd parameter. | 4.3 |
| 2006-04-25 | CVE-2006-2024 | Libtiff | Denial of Service vulnerability in LibTiff Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c. | 4.0 |
13 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2006-04-26 | CVE-2006-2035 | Websense | Local Security vulnerability in Websense Websense, when configured to permit access to the dynamic content category, allows local users to bypass intended blocking of the Uncategorized category by appending a "/?" sequence to a URL. | 3.7 |
| 2006-04-25 | CVE-2006-1057 | Gnome | Race Condition vulnerability in Gnome GDM 2.14 Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file. | 3.7 |
| 2006-04-26 | CVE-2006-2045 | IP3 Networks | Local vulnerability in IP3 Networks IP3 Netaccess 75 4.0.34Firmware The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the (2) NetAccess database file has world readable and writable permissions, which allows local users to view sensitive information and modify data. | 3.6 |
| 2006-04-29 | CVE-2006-2093 | Nessus | Resource Management Errors vulnerability in Nessus Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. | 2.6 |
| 2006-04-26 | CVE-2006-2031 | Phpmyadmin | Cross-Site Scripting vulnerability in phpMyAdmin Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | 2.6 |
| 2006-04-25 | CVE-2006-2016 | Phpldapadmin Project Debian | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php. | 2.6 |
| 2006-04-25 | CVE-2006-2015 | WEB Provence | Input Validation vulnerability in Web-Provence SL Site 1.0 Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote attackers to inject arbitrary web script or HTML via the recherche parameter in recherche.php. | 2.6 |
| 2006-04-25 | CVE-2006-2011 | 4Homepages | Cross-Site Scripting vulnerability in 4Homepages 4Images 1.7 Cross-site scripting (XSS) vulnerability in member.php in 4images 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the nickname, probably involving the user_name parameter in register.php. | 2.6 |
| 2006-04-25 | CVE-2006-1992 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer 6.0.2900 mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. | 2.6 |
| 2006-04-29 | CVE-2006-2103 | Mybulletinboard | SQL Injection vulnerability in Mybulletinboard 1.1.1 SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php. | 2.1 |
| 2006-04-26 | CVE-2006-2036 | Iopus | Unspecified vulnerability in Iopus Secure Email Attachments 1.0 iOpus Secure Email Attachments (SEA), probably 1.0, does not properly handle passwords that consist of repetitions of a substring, which allows attackers to decrypt files by entering only the substring. | 2.1 |
| 2006-04-25 | CVE-2006-1998 | Openttd | Denial Of Service vulnerability in OpenTTD OpenTTD 0.4.7 and earlier allows local users to cause a denial of service (application exit) via a large invalid error number, which triggers an error. | 2.1 |
| 2006-04-25 | CVE-2006-1997 | Sybase | Unspecified vulnerability in Sybase Pylon Anywhere Unspecified vulnerability in Sybase Pylon Anywhere groupware synchronization server before 7.0 allows local users to obtain sensitive information such as email and PIM data of another user via unknown attack vectors. | 2.1 |