Weekly Vulnerabilities Reports > April 24 to 30, 2006

Overview

137 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 28 high severity vulnerabilities. This weekly summary report vulnerabilities in 115 products from 95 vendors including Ethereal Group, Microsoft, Invision Power Services, Linux, and Symantec. Vulnerabilities are notably categorized as "Resource Management Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "SQL Injection", and "Race Condition".

  • 125 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 132 reported vulnerabilities are exploitable by an anonymous user.
  • Ethereal Group has the most reported vulnerabilities, with 9 reported vulnerabilities.
  • Juniper has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

4 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-04-27 CVE-2006-2077 Pdnsd Buffer Overflow vulnerability in Paul A. Rombouts PDNSD

Buffer overflow in Paul Rombouts pdnsd before 1.2.4 has unknown impact and attack vectors.

10.0
2006-04-27 CVE-2006-2074 Juniper Denial Of Service vulnerability in Juniper JUNOSe DNS Client

Unspecified vulnerability in Juniper Networks JUNOSe E-series routers before 7-1-1 has unknown impact and remote attack vectors related to the DNS "client code," as demonstrated by the OUSPG PROTOS DNS test suite.

10.0
2006-04-25 CVE-2006-1932 Ethereal Group Protocol Dissector vulnerability In Versions Prior To 0.99.0 in Ethereal

Off-by-one error in the OID printing routine in Ethereal 0.10.x up to 0.10.14 has unknown impact and remote attack vectors.

10.0
2006-04-25 CVE-2006-0230 Symantec Remote vulnerability in Symantec Antivirus Scan Engine 5.0.0.24

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.

10.0

28 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-04-29 CVE-2006-2108 OCE North America Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in OCE North America 3121 Printer and 3122 Printer

parser.exe in Océ (OCE) 3121/3122 Printer allows remote attackers to cause a denial of service (crash or reboot) via a long request, possibly triggering a buffer overflow.

7.8
2006-04-29 CVE-2006-2102 Poweriso Directory Traversal vulnerability in Poweriso 2.9

Directory traversal vulnerability in PowerISO 2.9 allows remote attackers to write arbitrary files via a ..

7.8
2006-04-29 CVE-2006-2100 Magic ISO Maker Directory Traversal vulnerability in MagicISO

Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows remote attackers to write arbitrary files via a ..

7.8
2006-04-27 CVE-2006-2078 Furukawa Electric DNS Handling vulnerability in Multiple FITELnet Products

Multiple unspecified vulnerabilities in multiple FITELnet products, including FITELnet-F40, F80, F100, F120, F1000, and E20/E30, allow remote attackers to cause a denial of service via crafted DNS messages that trigger errors in (1) ProxyDNS or (2) PKI-Resolver, as demonstrated by the OUSPG PROTOS DNS test suite.

7.8
2006-04-25 CVE-2006-2020 Asteriskathome Information Disclosure vulnerability in Asterisk Recording Interface

Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8 stores recordings/includes/main.conf under the web document root with insufficient access control, which allows remote attackers to obtain password information.

7.8
2006-04-29 CVE-2006-2107 BL4 Buffer Overflow vulnerability in BL4 SMTP Server

Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the (1) EHLO, (2) MAIL FROM, and (3) RCPT TO commands.

7.5
2006-04-29 CVE-2006-2098 PHP Thumbnail Autoindex Remote Security vulnerability in Php Thumbnail Autoindex

PHP remote file inclusion vulnerability in Thumbnail AutoIndex before 2.0 allows remote attackers to execute arbitrary PHP code via (1) README.html or (2) HEADER.html.

7.5
2006-04-29 CVE-2006-2097 Invision Power Services SQL Injection vulnerability in Invision Power Board Func_msg.PHP

SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM).

7.5
2006-04-29 CVE-2006-2090 Mysmartbb SQL Injection vulnerability in Mysmartbb 1.1.2/1.1.3

Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) username parameters.

7.5
2006-04-29 CVE-2006-2086 Juniper Remote Buffer Overflow vulnerability in Juniper SSL-VPN Client ActiveX Control

Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter.

7.5
2006-04-28 CVE-2006-2083 Andrew Tridgell Integer Overflow vulnerability in RSync Receive_XATTR

Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow.

7.5
2006-04-27 CVE-2006-2067 Mkportal Input Validation vulnerability in Mkportal 1.1

SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, as used with vBulletin 3.5.4 and earlier, allows remote attackers to execute arbitrary SQL commands via the userid parameter.

7.5
2006-04-27 CVE-2006-2065 Phpsurveyor SQL Injection vulnerability in PHPSurveyor SurveyID Parameter

SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie.

7.5
2006-04-27 CVE-2006-1514 Abcmidi Remote Buffer Overflow vulnerability in Abcmidi 20041204/20050101

Multiple buffer overflows in the abcmidi-yaps translator in abcmidi 20050101, and other versions, allow remote attackers to execute arbitrary code via crafted ABC music files that trigger the overflows during translation into PostScript.

7.5
2006-04-26 CVE-2006-2044 IP3 Networks Local vulnerability in IP3 Networks IP3 Netaccess 75 4.0.34

na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default username of admin and a default password of admin.

7.5
2006-04-26 CVE-2006-2039 Ubertec SQL Injection vulnerability in Help Center Live OSTicket Module

Multiple SQL injection vulnerabilities in the osTicket module in Help Center Live before 2.1.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2006-04-26 CVE-2006-2038 Amplecom SQL-Injection vulnerability in Ampleshop

Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) RecordID parameter in (a) Customeraddresses_RecordAction.cfm and (b) youraccount.cfm; (2) solus parameter in (c) detail.cfm; and (3) cat parameter in (d) category.cfm.

7.5
2006-04-26 CVE-2006-2034 Flexbb Input Validation vulnerability in Flexbb 0.5.5

SQL injection vulnerability in function/showprofile.php in FlexBB 0.5.5 allows remote attackers to execute arbitrary SQL commands, and view all usernames and passwords, via the id parameter to the showprofile page in index.php.

7.5
2006-04-25 CVE-2006-2022 LS3 Remote Buffer Overflow and Denial Of Service vulnerability in Fenice

Buffer overflow in the parse_url function in the RTSP module (rtsp/parse_url.c) in Fenice 1.10 and earlier allows remote attackers to execute arbitrary code via a long URL.

7.5
2006-04-25 CVE-2006-2018 Jelsoft SQL-Injection vulnerability in vBulletin

SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter.

7.5
2006-04-25 CVE-2006-2013 WEB Provence Input Validation vulnerability in Web-Provence SL Site 1.0

SQL injection vulnerability in page.php in SL_site 1.0 allows remote attackers to execute arbitrary SQL commands via the id_page parameter.

7.5
2006-04-25 CVE-2006-2010 Paras Chopra SQL Injection vulnerability in Bloggage Check_login.ASP

Multiple SQL injection vulnerabilities in check_login.asp in Bloggage allow remote attackers to execute arbitrary SQL commands via the (1) acc_name and (2) password parameter.

7.5
2006-04-25 CVE-2006-2009 Phpmyagenda Remote File Include vulnerability in PHPmyagenda 3.0Final

PHP remote file inclusion vulnerability in agenda.php3 in phpMyAgenda 3.0 Final and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter.

7.5
2006-04-25 CVE-2006-2008 Built2Go Remote File Include vulnerability in Built2go Movie Review Movie_CLS.PHP3

PHP remote file inclusion vulnerability in movie_cls.php in Built2Go PHP Movie Review 2B and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path parameter.

7.5
2006-04-25 CVE-2006-2007 Winny Heap Overflow vulnerability in Winny File Transfer

Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote attackers to execute arbitrary code via long strings to certain commands sent to the file transfer port.

7.5
2006-04-25 CVE-2006-2005 Clansys Remote Code Execution vulnerability in Clansys 1.1

Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement.

7.5
2006-04-25 CVE-2006-2004 Michael Romedahl SQL Injection vulnerability in Michael Romedahl RI Blog 1.1

Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote attackers to execute arbitrary SQL command via the (1) username or (2) password fields.

7.5
2006-04-25 CVE-2006-1994 Dforum Remote File Include vulnerability in Dforum 1.5

PHP remote file inclusion vulnerability in dForum 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DFORUM_PATH parameter to (1) about.php, (2) admin.php, (3) anmelden.php, (4) losethread.php, (5) config.php, (6) delpost.php, (7) delthread.php, (8) dfcode.php, (9) download.php, (10) editanoc.php, (11) forum.php, (12) login.php, (13) makethread.php, (14) menu.php, (15) newthread.php, (16) openthread.php, (17) overview.php, (18) post.php, (19) suchen.php, (20) user.php, (21) userconfig.php, (22) userinfo.php, and (23) verwalten.php.

7.5

90 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-04-29 CVE-2006-2104 Kmail Cross-Site Scripting vulnerability in Kmail 1.7.1

Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email System (kmail) 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter to main.php, ordner parameter to (2) main.php, or (3) webdisk.php, (4) draft parameter to compose.php, or (5) m, or (6) y parameter to calendar.php.

6.8
2006-04-27 CVE-2006-2080 Verosky Media Cross-Site Scripting vulnerability in Verosky Media Instant Photo Gallery 1.0.2

SQL injection vulnerability in portfolio_photo_popup.php in Verosky Media Instant Photo Gallery 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, which is not cleansed before calling the count_click function in includes/functions/fns_std.php.

6.8
2006-04-26 CVE-2006-2063 Leadhound Network Cross-Site Scripting vulnerability in Leadhound Network Leadhound Full and Leadhound Lite

Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to inject arbitrary web script or HTML via the login parameter in (1) agent_affil.pl, (2) agent_help.pl, (3) agent_faq.pl, (4) agent_help_insert.pl, (5) sign_out.pl, (6) members.pl, (7) modify_agent_1.pl, (8) modify_agent_2.pl, (9) modify_agent.pl, (10) agent_links.pl, (11) agent_stats_pending_leads.pl, (12) agent_logoff.pl, (13) agent_rev_det.pl, (14) agent_subaffiliates.pl, (15) agent_stats_pending_leads.pl, (16) agent_transactions.pl, (17) agent_payment_history.pl, (18) agent_summary.pl, (19) agent_camp_all.pl, (20) agent_camp_new.pl, (21) agent_camp_notsub.pl, (22) agent_campaign.pl, (23) agent_camp_expired.pl, (24) agent_stats_det.pl, (25) agent_stats.pl, (26) agent_camp_det.pl, (27) agent_camp_sub.pl, (28) agent_affil_list.pl, and (29) agent_affil_code.pl; the logged parameter in (30) agent_faq.pl, (31) agent_help_insert.pl, (32) members.pl, (33) modify_agent_1.pl, (34) modify_agent_2.pl, (35) modify_agent.pl, (36) agent_links.pl, (37) agent_subaffiliates.pl, (38) agent_stats_pending_leads.pl, (39) agent_transactions.pl, (40) agent_summary.pl, (41) agent_camp_all.pl, (42) agent_camp_new.pl, (43) agent_camp_notsub.pl, (44) agent_campaign.pl, (45) agent_camp_expired.pl, (46) agent_stats.pl, (47) agent_camp_det.pl, (48) agent_camp_sub.pl, (49) agent_affil_list.pl, and (50) agent_affil_code.pl; the camp_id parameter in (51) agent_links.pl, (52) agent_subaffiliates.pl, and (53) agent_camp_det.pl; the (54) banner parameter in agent_links.pl; the offset parameter in (55) agent_links.pl, (56) agent_subaffiliates.pl, (57) agent_transactions.pl, and (58) agent_summary.pl; the date parameter in (59) agent_subaffiliates.pl, (60) agent_transactions.pl, and (61) agent_summary.pl; the dates parameter in (62) agent_rev_det.pl and (63) agent_stats_det.pl; the (64) page parameter in agent_camp_det.pl; the (65) agent_id parameter in agent_commission_statement.pl; and the (66) lost password field in lost_pwd.pl.

6.8
2006-04-26 CVE-2006-2027 Pablo Software Solutions Buffer Overflow vulnerability in Pablo Software Solutions Quick N Easy FTP Server 3.0

Buffer overflow in Unicode processing in the logging functionality in Pablo Software Solutions Quick 'n Easy FTP Server Professional and Lite, probably 3.0, allows remote authenticated users to execute arbitrary code by sending a command with a long argument, which triggers a buffer overflow when an admin selects the Logging section in the FTP server main window.

6.5
2006-04-25 CVE-2006-2026 Libtiff Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libtiff

Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions." This vulnerability is addressed in the following product release: libTIFF, libTIFF, 3.8.1

6.5
2006-04-25 CVE-2006-2025 Libtiff Integer Overflow vulnerability in LibTiff TIFFFetchData

Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.

6.5
2006-04-26 CVE-2006-2062 Leadhound Network SQL-Injection vulnerability in Leadhound Network Leadhound Full and Leadhound Lite

Multiple SQL injection vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to execute arbitrary SQL commands via the (1) banner parameter in agent_links.pl; the offset parameter in (2) agent_links.pl, (3) agent_transactions.pl, (4) agent_subaffiliates.pl, and (5) agent_summary.pl; the camp_id parameter in (6) agent_transactions_csv.pl, (7) agent_subaffiliates.pl, and (8) agent_camp_det.pl; the (9) login parameter in agent_commission_statement.pl; the logged parameter in (10) agent_commission_statement.pl and (11) agent_camp_det.pl; the (12) agent_id parameter in agent_commission_statement.pl; and the (13) sub parameter in unspecified files.

6.4
2006-04-26 CVE-2006-2060 Invision Power Services Directory Traversal vulnerability in Invision Power Services Invision Power Board 2.0.X/2.1.X

Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a ..

6.4
2006-04-26 CVE-2006-2053 Quickestore SQL-Injection vulnerability in Quickestore 7.9

Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the OrderID parameter in (a) shipping.cfm and (b) checkout.cfm, (2) ItemID parameter in (c) proddetail.cfm, (3) SubCatID parameter in (d) index.cfm, the (4) CategoryID parameter in (e) prodpage.cfm, and (5) ProdID parameter in (f) Details.cfm.

6.4
2006-04-26 CVE-2006-2046 Application Dynamics SQL Injection vulnerability in Application Dynamics Cartweaver ColdFusion

Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm.

6.4
2006-04-26 CVE-2006-2040 Photokorn SQL Injection vulnerability in Photokorn 1.53/1.542

Multiple SQL injection vulnerabilities in photokorn 1.53 and 1.542 allow remote attackers to execute arbitrary SQL commands via the (1) cat, (2) pic and (3) page parameter in index.php; (4) id parameter in postcard.php; and (5) cat parameter in print.php.

6.4
2006-04-26 CVE-2006-2033 Corenews Input Validation vulnerability in Corenews 2.0.1

PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and earlier allows remote authenticated users to execute arbitrary commands via the show parameter.

6.4
2006-04-26 CVE-2006-2032 Corenews Input Validation vulnerability in CoreNews

Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) icon_id and (2) userid parameters in preview.php.

6.4
2006-04-26 CVE-2006-2029 Simplog SQL-Injection vulnerability in Simplog

Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter in (a) preview.php; the (2) cid, (3) pid, and (4) eid parameters in (b) archive.php; and the (5) pid parameter in (c) comments.php.

6.4
2006-04-25 CVE-2006-0231 Symantec Remote vulnerability in Symantec Antivirus Scan Engine 5.0.0.24

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications.

6.4
2006-04-24 CVE-2006-1991 PHP Resource Management Errors vulnerability in PHP 5.1.2

The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument.

6.4
2006-04-26 CVE-2006-2052 Verosky Media Cross-Site Scripting vulnerability in Verosky Media Instant Photo Gallery 1.0

Cross-site scripting (XSS) vulnerability in Verosky Media Instant Photo Gallery allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action in member.php.

5.8
2006-04-26 CVE-2006-2051 Nextage HTML Injection vulnerability in NextAge Shopping Cart

Multiple cross-site scripting (XSS) vulnerabilities in myadmin/index.php in NextAge Shopping Cart allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password parameters.

5.8
2006-04-26 CVE-2006-2028 Simplog Cross-Site Scripting vulnerability in Simplog

Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy Ashcraft Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the imagedir parameter.

5.8
2006-04-29 CVE-2006-2094 Microsoft Race Condition vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.

5.1
2006-04-29 CVE-2006-2085 Speedproject Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Speedproject Speedcommander and Squeez

Multiple buffer overflows in (1) CxAce60.dll and (2) CxAce60u.dll in SpeedProject Squeez 5.10 Build 4460, and SpeedCommander 10.52 Build 4450 and 11.01 Build 4450, allow user-assisted remote attackers to execute arbitrary code via an ACE archive that contains a file with a long filename.

5.1
2006-04-25 CVE-2006-1993 Mozilla Resource Management Errors vulnerability in Mozilla Firefox 1.5.0.2

Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object.

5.1
2006-04-25 CVE-2006-1513 Abc2Ps Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Abc2Ps

Multiple buffer overflows in abc2ps before 1.3.3 allow user-assisted attackers to execute arbitrary code via crafted ABC music files.

5.1
2006-04-29 CVE-2006-2105 Jupiter CMS Local File Include vulnerability in Jupiter CMS 1.1.4/1.1.5

Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 and 1.1.5 allows remote attackers to read arbitrary files via ".." sequences terminated by a %00 (null) character in the n parameter.

5.0
2006-04-29 CVE-2006-2101 Winiso Computing Directory Traversal vulnerability in Winiso Computing Winiso 5.3

Directory traversal vulnerability in WinISO 5.3 allows remote attackers to write arbitrary files via a ..

5.0
2006-04-29 CVE-2006-2099 EZB Systems Directory Traversal vulnerability in EZB Systems Ultraiso 8.0.0.1392

Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote attackers to write arbitrary files via a ..

5.0
2006-04-29 CVE-2006-2096 Neocrome Information Disclosure vulnerability in Land Down Under

plug.php in Land Down Under (LDU) 802 and earlier allows remote attackers to obtain sensitive information via an invalid (1) month or (2) year parameter, which reveals the path in an error message.

5.0
2006-04-29 CVE-2006-2095 Phex Permissions, Privileges, and Access Controls vulnerability in Phex

Phex before 2.8.6 allows remote attackers to cause a denial of service (application hang) by initiating multiple chat requests to a single user and then logging off.

5.0
2006-04-29 CVE-2006-2092 HP Remote Denial Of Service vulnerability in HP Storageworks Secure Path Windows 4.0C

Unspecified vulnerability in HP StorageWorks Secure Path for Windows 4.0C-SP2 before 20060419 allows remote attackers to cause an unspecified denial of service via unknown vectors.

5.0
2006-04-29 CVE-2006-2091 Vwar Information Disclosure vulnerability in Virtual War

admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows remote attackers to obtain sensitive information via an invalid vwar_root parameter, which reveals the path in an error message.

5.0
2006-04-29 CVE-2006-2087 Hitachi Denial-Of-Service vulnerability in Groupmax Integrated Desktop

The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote attackers to cause a denial of service (application hang or erroneous behavior) via an attachment with an MS-DOS device filename.

5.0
2006-04-27 CVE-2006-2076 Pdnsd Denial Of Service vulnerability in Paul A. Rombouts PDNSD DNS Query

Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote attackers to cause a denial of service (memory consumption) via a DNS query with an unsupported (1) QTYPE or (2) QCLASS, as demonstrated by the OUSPG PROTOS DNS test suite.

5.0
2006-04-27 CVE-2006-2075 DON Moore Denial-Of-Service vulnerability in DON Moore Mydns 1.1.0

Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers to cause a denial of service via a crafted DNS message, aka "Query-of-death," as demonstrated by the OUSPG PROTOS DNS test suite.

5.0
2006-04-27 CVE-2006-2073 ISC Denial Of Service vulnerability in ISC BIND TSIG Zone Transfer

Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite.

5.0
2006-04-27 CVE-2006-2072 Delegate Denial Of Service vulnerability in DeleGate DNS Response

Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attackers to cause a denial of service via crafted DNS responses messages that cause (1) a buffer over-read or (2) infinite recursion, which can trigger a segmentation fault or invalid memory access, as demonstrated by the OUSPG PROTOS DNS test suite.

5.0
2006-04-27 CVE-2006-2069 Powerdns Resource Management Errors vulnerability in Powerdns 3.0

The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service (application crash) via malformed EDNS0 packets.

5.0
2006-04-27 CVE-2006-2068 Hitachi Denial of Service vulnerability in Multiple Hitachi JP1 Products

Unspecified vulnerability in Hitachi JP1 products allow remote attackers to cause a denial of service (application stop or fail) via unexpected requests or data.

5.0
2006-04-26 CVE-2006-2061 Invision Power Services SQL Injection vulnerability in Invision Power Board Index.PHP CK Parameter

SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.

5.0
2006-04-26 CVE-2006-2059 Invision Power Services Unspecified vulnerability in Invision Power Services Invision Power Board 2.1.520060308

action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "#e" (execute) modifier.

5.0
2006-04-26 CVE-2006-2058 Avant Force Remote Security vulnerability in Avant Force Avant Browser 10.1Build17

Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment.

5.0
2006-04-26 CVE-2006-2057 Avant Force
Microsoft
Mozilla
Remote Security vulnerability in Outlook 98

Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment.

5.0
2006-04-26 CVE-2006-2056 Microsoft Remote Security vulnerability in Microsoft IE 6

Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment.

5.0
2006-04-26 CVE-2006-2055 Microsoft Remote Security vulnerability in Microsoft Outlook 2003

Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment.

5.0
2006-04-26 CVE-2006-2054 3Com Remote Denial Of Service vulnerability in 3Com 3C16486 1.0.2

3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware before 1.0.2.0 allows remote attackers to cause a denial of service (unstable operation) via long DHCP packets.

5.0
2006-04-26 CVE-2006-2050 Dcscripts Input Validation vulnerability in Dcscripts Dcforumlite 3.0

SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to execute arbitrary SQL commands via the az parameter.

5.0
2006-04-26 CVE-2006-2047 Application Dynamics SQL-Injection vulnerability in Application Dynamics Cartweaver Coldfusion 2.16.11

Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows remote attackers to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5) ProdID parameter in (b) Details.cfm; which reveal the path in various error messages.

5.0
2006-04-26 CVE-2006-2041 Phpwebgallery Remote Security vulnerability in PHPwebgallery 1.0/1.4.1/1.5.1

PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter.

5.0
2006-04-26 CVE-2006-2030 Alliedtelesyn Denial-Of-Service vulnerability in At-9724Ts

The Allied Telesyn AT-9724TS switch allows remote attackers to cause a denial of service via a large amount of UDP data to the switch, which leads to unstable operation and possibly failure of the management interface or routing.

5.0
2006-04-26 CVE-2006-0048 Francesco Stablum Remote Denial of Service vulnerability in Francesco Stablum Tcpick 0.2.1

Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a denial of service (segmentation fault) via certain fragmented packets, possibly involving invalid headers and an attacker-controlled payload length.

5.0
2006-04-25 CVE-2006-2023 LS3 Remote Buffer Overflow and Denial Of Service vulnerability in Fenice

Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c in Fenice 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a large HTTP Content-Length value, which leads to an invalid memory access.

5.0
2006-04-25 CVE-2006-2021 Asteriskathome Information Disclosure vulnerability in Asterisk Recording Interface

Absolute path traversal vulnerability in recordings/misc/audio.php in the Asterisk Recording Interface (ARI) web interface in Asterisk@Home before 2.8 allows remote attackers to read arbitrary MP3, WAV, and GSM files via a full pathname in the recording parameter.

5.0
2006-04-25 CVE-2006-2019 Apple Denial Of Service vulnerability in Apple Safari Web Browser Rowspan

Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute.

5.0
2006-04-25 CVE-2006-2017 Dnsmasq Denial Of Service vulnerability in Dnsmasq 2.29

Dnsmasq 2.29 allows remote attackers to cause a denial of service (application crash) via a DHCP client broadcast reply request.

5.0
2006-04-25 CVE-2006-2014 WEB Provence Input Validation vulnerability in Web-Provence SL Site 1.0

Directory traversal vulnerability in gallerie.php in SL_site 1.0 allows remote attackers to list images in arbitrary directories via ".." sequences in the rep parameter, which is used to construct a directory name in admin/config.inc.php.

5.0
2006-04-25 CVE-2006-2012 Skulltag Team Remote Format String vulnerability in Skulltag Team Skulltag 0.96D

Format string vulnerability in Skulltag 0.96f and earlier allows remote attackers to cause a denial of service via the version string.

5.0
2006-04-25 CVE-2006-2006 Ivan Zahariev Unspecified vulnerability in Ivan Zahariev Izarc 3.5Beta3

Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 beta 3 allow remote attackers to write arbitrary files via a ..\ (dot dot backslash) in a (1) .rar, (2) .tar, (3) .zip, (4) .jar, or (5) .gz archive.

5.0
2006-04-25 CVE-2006-2002 Mygamingladder Remote File Include vulnerability in Mygamingladder 7.0

PHP remote file inclusion vulnerability in stats.php in MyGamingLadder 7.0 allows remote attackers to execute arbitrary PHP code via a URL in the dir[base] parameter.

5.0
2006-04-25 CVE-2006-1999 Openttd Denial Of Service vulnerability in Openttd 0.4.7

The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause a denial of service via a UDP packet with an incorrect size, which causes the client to return to the main menu.

5.0
2006-04-25 CVE-2006-1996 Scry Gallery Cross-Site Scripting vulnerability in Scry Gallery Scry Gallery 1.1

Scry Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid p parameter, which reveals the path in an error message.

5.0
2006-04-25 CVE-2006-1995 Scry Gallery Directory Traversal vulnerability in Scry Gallery Scry Gallery 1.1

Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order.

5.0
2006-04-25 CVE-2006-1940 Ethereal Group Protocol Dissector vulnerability In Versions Prior To 0.99.0 in Ethereal

Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows remote attackers to cause a denial of service (abort) via the SNDCP dissector.

5.0
2006-04-25 CVE-2006-1939 Ethereal Group Protocol Dissector vulnerability In Versions Prior To 0.99.0 in Ethereal

Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) an invalid display filter, or the (2) GSM SMS, (3) ASN.1-based, (4) DCERPC NT, (5) PER, (6) RPC, (7) DCERPC, and (8) ASN.1 dissectors.

5.0
2006-04-25 CVE-2006-1938 Ethereal Group Protocol Dissector vulnerability In Versions Prior To 0.99.0 in Ethereal

Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via the (1) Sniffer capture or (2) SMB PIPE dissector.

5.0
2006-04-25 CVE-2006-1937 Ethereal Group Protocol Dissector vulnerability In Versions Prior To 0.99.0 in Ethereal

Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) multiple vectors in H.248, and the (2) X.509if, (3) SRVLOC, (4) H.245, (5) AIM, and (6) general packet dissectors; and (7) the statistics counter.

5.0
2006-04-25 CVE-2006-1936 Ethereal Group Protocol Dissector vulnerability In Versions Prior To 0.99.0 in Ethereal

Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote attackers to execute arbitrary code via the telnet dissector.

5.0
2006-04-25 CVE-2006-1935 Ethereal Group Protocol Dissector vulnerability In Versions Prior To 0.99.0 in Ethereal

Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the COPS dissector.

5.0
2006-04-25 CVE-2006-1934 Ethereal Group Protocol Dissector vulnerability In Versions Prior To 0.99.0 in Ethereal

Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) ALCAP dissector, (2) Network Instruments file code, or (3) NetXray/Windows Sniffer file code.

5.0
2006-04-25 CVE-2006-1933 Ethereal Group Protocol Dissector vulnerability In Versions Prior To 0.99.0 in Ethereal

Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (large or infinite loops) viarafted packets to the (1) UMA and (2) BER dissectors.

5.0
2006-04-25 CVE-2006-0232 Symantec Remote vulnerability in Symantec Antivirus Scan Engine 5.0.0.24

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests.

5.0
2006-04-24 CVE-2006-1990 PHP Unspecified vulnerability in PHP 4.4.2/5.1.2

Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396.

5.0
2006-04-24 CVE-2006-1952 Winagents Directory Traversal vulnerability in WinAgents TFTP Server

Directory traversal vulnerability in WinAgents TFTP Server for Windows 3.1 and earlier allows remote attackers to read arbitrary files via "..." (triple dot) sequences in a GET request.

5.0
2006-04-24 CVE-2006-1951 Solarwinds Directory Traversal vulnerability in Solarwinds Tftp Server 5.0.55Standard/5.0.60Standard/8.1

Directory traversal vulnerability in SolarWinds TFTP Server 8.1 and earlier allows remote attackers to download arbitrary files via a crafted GET request including "....//" sequences, which are collapsed into "../" sequences by filtering.

5.0
2006-04-27 CVE-2006-2081 Oracle SQL Injection vulnerability in Oracle 10g DBMS_EXPORT_EXTENSION

Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GET_DOMAIN_INDEX_METADATA function in the DBMS_EXPORT_EXTENSION package.

4.6
2006-04-27 CVE-2006-2064 SUN Local Privilege Escalation vulnerability in SUN Solaris 10.0

Unspecified vulnerability in the libpkcs11 library in Sun Solaris 10 might allow local users to gain privileges or cause a denial of service (application failure) via unknown attack vectors that involve the getpwnam family of non-reentrant functions.

4.6
2006-04-26 CVE-2006-2043 IP3 Networks Local vulnerability in IP3 Networks IP3 Netaccess 75 4.0.34

na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via "`" (backtick) characters in the appliance's command line interface (CLI).

4.6
2006-04-26 CVE-2006-1864 Linux Unspecified vulnerability in Linux Kernel

Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1863.

4.6
2006-04-29 CVE-2006-2106 Edgewall Software Remote HTML Injection vulnerability in Edgewall Software Trac 0.9.4

Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro."

4.3
2006-04-29 CVE-2006-2089 Mysmartbb Input Validation vulnerability in Mysmartbb 1.1.2/1.1.3

Multiple cross-site scripting (XSS) vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) username parameters.

4.3
2006-04-29 CVE-2006-2088 Devsyn Cross-Site Scripting vulnerability in Devsyn Open Bulletin Board 1.0.6

Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open Bulletin Board (OpenBB) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via (1) the FID parameter in board.php and (2) the TID parameter in read.php.

4.3
2006-04-29 CVE-2006-2084 Farsinews Cross-Site Scripting vulnerability in Farsinews 2.1/2.1Beta2/2.5

Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 Pro and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in (a) index.php, and the (3) mod parameter in (b) admin.php.

4.3
2006-04-27 CVE-2006-2079 Verosky Media Cross-Site Scripting vulnerability in Verosky Media Instant Photo Gallery 1.0

Cross-site scripting (XSS) vulnerability in portfolio.php in Verosky Media Instant Photo Gallery, possibly before 1.0.2, allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.

4.3
2006-04-27 CVE-2006-2070 Mybb Cross-Site Scripting vulnerability in Mybb Devbb 1.0.0

Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action.

4.3
2006-04-27 CVE-2006-2066 Mkportal Cross-Site Scripting vulnerability in Mkportal 1.1Rc1

Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MKPortal 1.1 Rc1 and earlier, as used with vBulletin 3.5.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) u1, (2) m1, (3) m2, (4) m3, (5) m4 parameters.

4.3
2006-04-26 CVE-2006-2049 Dcscripts Input Validation vulnerability in Dcscripts Dcforumlite 3.0

Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to inject arbitrary web script or HTML via the az parameter.

4.3
2006-04-26 CVE-2006-2048 Phpwebftp Cross-Site Scripting vulnerability in PHPwebftp 2.3

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Edwin van Wijk phpWebFTP 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) port, (2) server, and (3) user parameters.

4.3
2006-04-26 CVE-2006-2037 Thwboard Cross-Site Scripting vulnerability in Thwboard 3.0Beta2.84

Cross-site scripting (XSS) vulnerability in index.php in Thwboard 3.0 Beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the navpath parameter.

4.3
2006-04-25 CVE-2006-2003 Community Architect Cross-Site Scripting vulnerability in Community Architect Guestbook

Cross-site scripting (XSS) vulnerability in cgi-bin/guest in Community Architect Guestbook allows remote attackers to inject arbitrary web script or HTML by signing the guestbook, which is displayed by fsguestbook.html.

4.3
2006-04-25 CVE-2006-2001 Scry Gallery Cross-Site Scripting vulnerability in Scry Gallery Scry Gallery 1.1

Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter.

4.3
2006-04-25 CVE-2006-2000 Logmethods Cross-Site Scripting vulnerability in Logmethods 0.9

Cross-site scripting (XSS) vulnerability in /lms/a2z.jsp in logMethods 0.9 allows remote attackers to inject arbitrary web script or HTML via the kwd parameter.

4.3
2006-04-25 CVE-2006-2024 Libtiff Denial of Service vulnerability in LibTiff

Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.

4.0

15 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-04-26 CVE-2006-2035 Websense Local Security vulnerability in Websense

Websense, when configured to permit access to the dynamic content category, allows local users to bypass intended blocking of the Uncategorized category by appending a "/?" sequence to a URL.

3.7
2006-04-25 CVE-2006-1057 Gnome Race Condition vulnerability in Gnome GDM 2.14

Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.

3.7
2006-04-26 CVE-2006-2045 IP3 Networks Local vulnerability in IP3 Networks IP3 Netaccess 75 4.0.34Firmware

The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the (2) NetAccess database file has world readable and writable permissions, which allows local users to view sensitive information and modify data.

3.6
2006-04-29 CVE-2006-2093 Nessus Resource Management Errors vulnerability in Nessus

Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter.

2.6
2006-04-26 CVE-2006-2031 Phpmyadmin Cross-Site Scripting vulnerability in phpMyAdmin

Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

2.6
2006-04-25 CVE-2006-2016 Phpldapadmin Project
Debian
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.

2.6
2006-04-25 CVE-2006-2015 WEB Provence Input Validation vulnerability in Web-Provence SL Site 1.0

Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote attackers to inject arbitrary web script or HTML via the recherche parameter in recherche.php.

2.6
2006-04-25 CVE-2006-2011 4Homepages Cross-Site Scripting vulnerability in 4Homepages 4Images 1.7

Cross-site scripting (XSS) vulnerability in member.php in 4images 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the nickname, probably involving the user_name parameter in register.php.

2.6
2006-04-25 CVE-2006-1992 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 6.0.2900

mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences.

2.6
2006-04-29 CVE-2006-2103 Mybulletinboard SQL Injection vulnerability in Mybulletinboard 1.1.1

SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php.

2.1
2006-04-27 CVE-2006-2071 Linux Unspecified vulnerability in Linux Kernel

Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment.

2.1
2006-04-26 CVE-2006-2036 Iopus Unspecified vulnerability in Iopus Secure Email Attachments 1.0

iOpus Secure Email Attachments (SEA), probably 1.0, does not properly handle passwords that consist of repetitions of a substring, which allows attackers to decrypt files by entering only the substring.

2.1
2006-04-25 CVE-2006-1863 Linux Unspecified vulnerability in Linux Kernel

Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1864.

2.1
2006-04-25 CVE-2006-1998 Openttd Denial Of Service vulnerability in OpenTTD

OpenTTD 0.4.7 and earlier allows local users to cause a denial of service (application exit) via a large invalid error number, which triggers an error.

2.1
2006-04-25 CVE-2006-1997 Sybase Unspecified vulnerability in Sybase Pylon Anywhere

Unspecified vulnerability in Sybase Pylon Anywhere groupware synchronization server before 7.0 allows local users to obtain sensitive information such as email and PIM data of another user via unknown attack vectors.

2.1