Weekly Vulnerabilities Reports > May 1 to 7, 2006
Overview
113 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 24 high severity vulnerabilities. This weekly summary report vulnerabilities in 100 products from 93 vendors including Phpbb Group, Oracle, Mysql, Invision Power Services, and Linux. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Improper Input Validation".
- 102 reported vulnerabilities are remotely exploitables.
- 11 reported vulnerabilities have public exploit available.
- 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 108 reported vulnerabilities are exploitable by an anonymous user.
- Phpbb Group has the most reported vulnerabilities, with 4 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
3 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-05-05 | CVE-2006-2206 | Ultravnc | Authentication vulnerability in Ultravnc 1.0.1 The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allows remote attackers to gain privileges by sniffing and decrypting passwords. | 10.0 |
2006-05-04 | CVE-2006-2189 | Servous | SQL Injection vulnerability in Servous Sblog 0.7.2 SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | 10.0 |
2006-05-05 | CVE-2006-2218 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992. | 9.3 |
24 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-05-05 | CVE-2006-2235 | Codemunkyx | Authentication Bypass vulnerability in Codemunkyx Simple Poll 1.0 CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is not required for the admin directory, allows remote attackers to gain administrative privileges by appending /admin/ to the top-level URI of the application. | 7.6 |
2006-05-05 | CVE-2006-2233 | Banktown | Remote Buffer Overflow vulnerability in Banktown Btcxctl20Com Activex Control 1.4.2.51817/1.5.2.50209 Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) 1.4.2.51817, and possibly 1.5.2.50209, allows remote attackers to execute arbitrary code via a long string in the first argument to SetBannerUrl. | 7.5 |
2006-05-05 | CVE-2006-2225 | Dxmsoft | Authentication Buffer Overflow vulnerability in XM Easy Personal FTP Server Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows remote attackers to execute arbitrary code, probably via a USER command with a long username. | 7.5 |
2006-05-05 | CVE-2006-2217 | Invision Power Services | SQL Injection vulnerability in Invision Power Board SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. | 7.5 |
2006-05-05 | CVE-2006-2214 | 4Images | SQL Injection vulnerability in 4Images Image Gallery Management System 1.7.1 Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sessionid parameter in (1) top.php and (2) member.php. | 7.5 |
2006-05-04 | CVE-2006-2179 | Smartwin Technology | Input Validation vulnerability in CyberBuild Multiple SQL injection vulnerabilities in CyberBuild allow remote attackers to execute arbitrary SQL commands via the (1) SessionID parameter to login.asp or (2) ProductIndex parameter to browse0.htm. | 7.5 |
2006-05-04 | CVE-2006-2172 | Gene6 | Commands Remote Buffer Overflow vulnerability in Gene6 G6 FTP Server 3.1 Buffer overflow in Gene6 FTP Server 3.1.0 allows remote authenticated attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to (1) MKD or (2) XMKD, as demonstrated by the Infigo FTPStress Fuzzer. | 7.5 |
2006-05-04 | CVE-2006-2168 | Fileprotection Express | Authentication Bypass vulnerability in FileProtection Express 1.0/1.0.1 FileProtection Express 1.0.1 and earlier allows remote attackers to bypass authentication via a cookie with an Admin value of 1. | 7.5 |
2006-05-04 | CVE-2006-2164 | Pentasoft Corp | SQL-Injection vulnerability in Avactis Shopping Cart Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php, and (2) prod_id parameter in (c) cart.php and (d) product_info.php. | 7.5 |
2006-05-03 | CVE-2006-2157 | Plogger | SQL Injection vulnerability in Plogger 2.1 SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, when the level is set to "slideshow". | 7.5 |
2006-05-03 | CVE-2006-2152 | Phpbb Group | Remote File Include vulnerability in Advanced GuestBook Addentry.PHP PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. | 7.5 |
2006-05-03 | CVE-2006-2151 | Phpbb Group | Remote Security vulnerability in Phpbb Toplist PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. | 7.5 |
2006-05-02 | CVE-2006-2148 | Cgiirc | Remote Buffer Overflow and Denial Of Service vulnerability in Cgiirc 0.5.4/0.5.7 Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 might allow remote attackers to execute arbitrary code via (1) cookies or (2) the query string. | 7.5 |
2006-05-02 | CVE-2006-2137 | Openphpnuke | Remote File Include vulnerability in OpenPHPnuke PHP remote file inclusion vulnerability in master.php in OpenPHPNuke and 2.3.3 earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | 7.5 |
2006-05-02 | CVE-2006-2136 | Aznews | SQL Injection vulnerability in Aznews 1.0 SQL injection vulnerability in news.php in AZNEWS allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
2006-05-02 | CVE-2006-2135 | Ruperts News | SQL Injection vulnerability in Ruperts News Script Login.PHP SQL injection vulnerability in login.php in Ruperts News allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2006-05-01 | CVE-2006-2133 | Boonex | SQL-Injection vulnerability in Barracuda SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) link_dir_target and (2) link_id_target parameter, possibly involving the link_edit functionality. | 7.5 |
2006-05-01 | CVE-2006-2128 | Deltascripts | SQL Injection vulnerability in Deltascripts PRO Publish 2.0 Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid parameter to (d) cat.php. | 7.5 |
2006-05-01 | CVE-2006-2118 | JMK WEB Scripts | Authentication Bypass vulnerability in JMK Picture Gallery Admin_Gallery.PHP3 JMK's Picture Gallery allows remote attackers to bypass authentication via a direct request to admin_gallery.php3, possibly related to the add action. | 7.5 |
2006-05-01 | CVE-2006-2116 | Planet Concept | Authentication Bypass vulnerability in PlanetGallery Gallery_admin.PHP planetGallery allows remote attackers to gain administrator privileges via a direct request to admin/gallery_admin.php. | 7.5 |
2006-05-01 | CVE-2006-2115 | SWS | Arbitrary Code Execution vulnerability in SWS Web Server Format string vulnerability in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via unspecified vectors that are not properly handled in a syslog function call. | 7.5 |
2006-05-01 | CVE-2006-2114 | SWS | Arbitrary Code Execution vulnerability in SWS Web Server Buffer overflow in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via a long request. | 7.5 |
2006-05-04 | CVE-2006-2183 | Truecrypt Foundation | Local Security vulnerability in Truecrypt Foundation Truecrypt 4.1 Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command. | 7.2 |
2006-05-03 | CVE-2006-2154 | EMC | Local Privilege Escalation vulnerability in EMC Dantz Retrospect Backup Server EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 does not drop privileges before opening files, which allows local users to execute arbitrary code via the File>Open dialog. | 7.2 |
76 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-05-05 | CVE-2006-2234 | Tyrocms | Cross-Site Scripting vulnerability in Tyrocms Beta1.0 Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS beta 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript URI in an img BBCode tag, or a JavaScript event in a (2) url BBCode tag or (3) color BBCode tag. | 6.8 |
2006-05-04 | CVE-2006-2188 | Cmscout | HTML Injection vulnerability in CmScout Multiple cross-site scripting (XSS) vulnerabilities in CMScout 1.10 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Body field of a private message (PM), (2) BBCode, or (3) a forum post. | 6.8 |
2006-05-04 | CVE-2006-2187 | Zenphoto | Cross-Site Scripting vulnerability in Zenphoto Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php. | 6.8 |
2006-05-02 | CVE-2006-2109 | Jsboard | Cross-Site Scripting vulnerability in JSBoard Login.PHP Cross-site scripting (XSS) vulnerability in the parse_query_str function in include/print.php in JSBoard 2.0.10 and 2.0.11, and possibly other versions before 2.0.12, allows remote attackers to inject arbitrary web script or HTML via parameters that are set as global variables within the program, as demonstrated using the table parameter to login.php. | 6.8 |
2006-05-01 | CVE-2006-2122 | Coolmenus | Code Injection vulnerability in Coolmenus 4.0 PHP remote file inclusion vulnerability in index.php in CoolMenus allows remote attackers to execute arbitrary code via a URL in the page parameter. | 6.8 |
2006-05-05 | CVE-2006-1518 | Mysql Oracle | Remote Information Disclosure and Buffer Overflow vulnerability in MySQL Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values. | 6.5 |
2006-05-05 | CVE-2006-2212 | Karjasoft | Authentication Buffer Overflow vulnerability in Karjasoft Sami FTP Server 2.0.2 Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows remote attackers to execute arbitrary code via a long (1) USER or (2) PASS command. | 6.4 |
2006-05-05 | CVE-2006-2209 | PHP Arena | SQL Injection vulnerability in PHP Arena Pacheckbook 1.1 Multiple SQL injection vulnerabilities in index.php in PHP Arena paCheckBook 1.1 allow remote attackers to execute arbitrary SQL commands via (1) the transtype parameter in an add action or (2) entry parameter in an edit action. | 6.4 |
2006-05-05 | CVE-2006-2203 | Kerio | Remote Security vulnerability in Kerio Mailserver Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a "possible bypass of attachment filter." | 6.4 |
2006-05-04 | CVE-2006-2202 | Invision Power Services | SQL Injection vulnerability in Invision Power Services Invision Gallery 2.0.6 SQL injection vulnerability in post.php in Invision Gallery 2.0.6 allows remote attackers to execute arbitrary SQL commands via the album parameter. | 6.4 |
2006-05-04 | CVE-2006-2182 | Albinator | Remote File Include vulnerability in Albinator 2.0.8 Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, (2) eshow.php, or (3) forgot.php in albinator 2.0.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Config_rootdir parameter. | 6.4 |
2006-05-04 | CVE-2006-2180 | Kmint21 Software | Buffer Errors vulnerability in Kmint21 Software Golden FTP Server 1.32B/2.70 Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long argument to the (1) NLST or (2) APPE commands, as demonstrated by the Infigo FTPStress Fuzzer. | 6.4 |
2006-05-04 | CVE-2006-2175 | Ftrainsoft | Remote File Include vulnerability in Ftrainsoft Fast Click 2.3.8 PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) show.php or (2) top.php. | 6.4 |
2006-05-04 | CVE-2006-2173 | Filezilla | Remote Buffer Overflow vulnerability in FileZilla FTP Server Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code via a long (1) PORT or (2) PASS followed by the MLSD command, or (2) the remote server interface, as demonstrated by the Infigo FTPStress Fuzzer. | 6.4 |
2006-05-04 | CVE-2006-2171 | Jgaa | Remote Buffer Overflow vulnerability in Jgaa Warftpd 1.8/1.82Rc10/1.82Rc9 Buffer overflow in WDM.exe in WarFTPD allows remote attackers to execute arbitrary code via unspecified arguments, as demonstrated by the Infigo FTPStress Fuzzer. | 6.4 |
2006-05-04 | CVE-2006-2170 | Argosoft | Remote Buffer Overflow vulnerability in ArGoSoft FTP Server RNTO Command Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer. | 6.4 |
2006-05-03 | CVE-2006-2158 | Stadtaus | Remote File Include vulnerability in Stadtaus Guestbook Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when register_globals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remote file inclusion using the include_files array parameter. | 6.4 |
2006-05-03 | CVE-2006-2156 | X7 Group | Local File Include vulnerability in X7 Chat Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. | 6.4 |
2006-05-03 | CVE-2006-2150 | Phpbb Group | Remote Security vulnerability in PHPbb Group PHPbb Toplist 1.3.8 PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter. | 6.4 |
2006-05-03 | CVE-2006-2149 | Avatic | Remote File Include vulnerability in Avatic Aardvark Topsites PHP 4.2.2 PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code. | 6.4 |
2006-05-02 | CVE-2006-2145 | Harold Bakker | Input Validation vulnerability in Harold Bakker Hb-Ns 1.1.6 Multiple SQL injection vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) topic or (2) id parameter. | 6.4 |
2006-05-02 | CVE-2006-2144 | Dmcounter | Remote File Include vulnerability in Dmcounter 0.9.2B PHP remote file inclusion vulnerability in kopf.php in DMCounter 0.9.2-b allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter. | 6.4 |
2006-05-02 | CVE-2006-2142 | Limbo CMS | Remote File Include vulnerability in Limbo CMS 1.0.4/1.0.4.2 PHP remote file inclusion vulnerability in classes/adodbt/sql.php in Limbo CMS 1.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter. | 6.4 |
2006-05-02 | CVE-2006-2139 | Wilsonncareabusinesses | SQL Injection vulnerability in Wilsonncareabusinesses PHP Newsfeed 20040723 Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to (a) deltables.php, (2) select, (3) header, (4) url, (5) source, or (6) time parameters to (b) manualsubmit.php, (7) num parameter to (c) delete.php, or (8) tablename parameter to (d) searchnews.php. | 6.4 |
2006-05-01 | CVE-2006-2132 | Duware | SQL Injection vulnerability in DUclassified Detail.ASP SQL injection vulnerability in detail.asp in DUclassified allows remote attackers to execute arbitrary SQL commands via the iPro parameter. | 6.4 |
2006-05-01 | CVE-2006-2127 | Blog MOD | SQL Injection vulnerability in Blog MOD Blog MOD 0.2.3/0.2.4/0.2.4B SQL injection vulnerability in weblog_posting.php in Blog Mod 0.2.x allows remote attackers to execute arbitrary SQL commands via the r parameter. | 6.4 |
2006-05-01 | CVE-2006-2126 | Avalon LTD | SQL Injection vulnerability in Avalon LTD Maxtrade 1.0.1 SQL injection vulnerability in pocategories.php in MaxTrade 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) categori and (2) stranica parameters. | 6.4 |
2006-05-01 | CVE-2006-2123 | Network Administration Visualized | SQL Injection vulnerability in Network Administration Visualized Network Administration Visualized 3.0 Multiple SQL injection vulnerabilities in the report interface in Network Administration Visualized (NAV) before 3.0.1 allow remote attackers to execute arbitrary SQL commands via unknown vectors. | 6.4 |
2006-05-05 | CVE-2006-2210 | 321Soft | Input Validation vulnerability in 321Soft PHP-Gallery 0.9 Cross-site scripting (XSS) vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to inject arbitrary web script or HTML via the path parameter. | 5.8 |
2006-05-04 | CVE-2006-2178 | Smartwin Technology | Cross-Site Scripting vulnerability in Smartwin Technology Cyberoffice Warehouse Builder Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to login.asp, (2) ProductIndex parameter to browse0.htm, (3) rowcolor parameter to result.asp, or (4) heading parameter to result.asp. | 5.8 |
2006-05-04 | CVE-2006-2176 | PHP Design X | Cross-Site Scripting vulnerability in PHP Design X PHP Linkliste 1.0B Multiple cross-site scripting (XSS) vulnerabilities in links.php in PHP Linkliste 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) new_input, (2) new_url, or (3) new_name parameter. | 5.8 |
2006-05-02 | CVE-2006-2146 | Harold Bakker | Input Validation vulnerability in Harold Bakker Hb-Ns 1.1.6 Multiple cross-site scripting (XSS) vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) poster_name, (2) poster_email, (3) poster_homepage, or (4) message parameter. | 5.8 |
2006-05-02 | CVE-2006-2140 | Orbitscripts | Cross-Site Scripting vulnerability in Orbitscripts Orbithyip 2.0 Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 and earlier allow remote attackers to inject arbitrary web script via the (1) referral parameter to signup.php or (2) id parameter to members.php. | 5.8 |
2006-05-01 | CVE-2006-2124 | Turnkey Solutions | Cross-Site Scripting vulnerability in SunShop Shopping Cart 3.0/3.5 Multiple cross-site scripting (XSS) vulnerabilities in SunShop 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prevaction, (2) previd, (3) prevstart, (4) itemid, (5) id, and (6) action parameters in index.php. | 5.8 |
2006-05-05 | CVE-2006-2204 | Invision Power Services | SQL Injection vulnerability in Invision Power Board Func_mod.PHP SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array. | 5.5 |
2006-05-01 | CVE-2006-2129 | Deltascripts | SQL Injection vulnerability in Deltascripts PRO Publish 2.0 Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in set_inc.php. | 5.5 |
2006-05-02 | CVE-2006-2134 | Phpbb Group | Remote File Include vulnerability in phpBB Knowledge Base Mod KB_constants.PHP PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | 5.1 |
2006-05-01 | CVE-2006-2130 | Advanced Poll | SQL-Injection vulnerability in Advanced Poll Advanced Poll 2.0.4 SQL injection vulnerability in include/class_poll.php in Advanced Poll 2.0.4 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | 5.1 |
2006-05-01 | CVE-2006-1989 | Clam Anti Virus | Remote Buffer Overflow vulnerability in Clam Anti-Virus Clamav 0.88/0.88.1 Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers. | 5.1 |
2006-05-05 | CVE-2006-2230 | Xine | Remote Format String vulnerability in Xine 0.99.4 Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. | 5.0 |
2006-05-05 | CVE-2006-2226 | Dxmsoft | Buffer Overflow vulnerability in Dxmsoft XM Easy Personal FTP Server 4.2/5.0.1 Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows remote authenticated users to cause a denial of service via a long argument to the PORT command. | 5.0 |
2006-05-05 | CVE-2006-2224 | Quagga | Improper Authentication vulnerability in Quagga Routing Software Suite RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets. | 5.0 |
2006-05-05 | CVE-2006-2223 | Quagga | Improper Input Validation vulnerability in Quagga 0.98.5/0.99.3 RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE. | 5.0 |
2006-05-05 | CVE-2006-2222 | Norz | Remote HTTP GET Denial Of Service vulnerability in Norz Zawhttpd 0.8.23 Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, allows remote attackers to cause a denial of service (daemon crash) via a request for a URI composed of several "\" (backslash) characters. | 5.0 |
2006-05-05 | CVE-2006-2216 | Devsyn | Remote Security vulnerability in Devsyn Open Bulletin Board 1.0.8 Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to obtain the full path of the web server via an invalid pforums parameter to (1) misc.php and (2) member.php. | 5.0 |
2006-05-05 | CVE-2006-2213 | Hostapd | Remote Denial Of Service vulnerability in Hostapd 0.3.72 Hostapd 0.3.7-2 allows remote attackers to cause a denial of service (segmentation fault) via an unspecified value in the key_data_length field of an EAPoL frame. | 5.0 |
2006-05-05 | CVE-2006-2211 | 321Soft | Input Validation vulnerability in 321Soft PHP-Gallery 0.9 Absolute path traversal vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to browse arbitrary directories via the path parameter. | 5.0 |
2006-05-05 | CVE-2006-1517 | Mysql Oracle | Remote Information Disclosure and Buffer Overflow vulnerability in MySQL sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message. | 5.0 |
2006-05-05 | CVE-2006-1516 | Mysql Oracle | Remote Information Disclosure and Buffer Overflow vulnerability in MySQL The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. | 5.0 |
2006-05-04 | CVE-2006-2186 | Zenphoto | Cross-Site Scripting vulnerability in Zenphoto 0.9/1.0.1Beta/1.0Beta zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the (1) /photos/themes/default/ and (2) /photos/themes/testing/ URIs, which reveals the path in an error message. | 5.0 |
2006-05-04 | CVE-2006-2169 | Best Practical Solutions | Information Disclosure vulnerability in Best Practical Solutions Request Tracker 3.5.Head RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensitive information via the Rows parameter in Dist/Display.html, which reveals the installation path in an error message. | 5.0 |
2006-05-03 | CVE-2006-1527 | Linux | Remote Denial of Service vulnerability in Linux Kernel 2.6.16.12 The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of service (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed by the for_each_sctp_chunk function. | 5.0 |
2006-05-03 | CVE-2006-2162 | Nagios | Remote Negative Content-Length Buffer Overflow vulnerability in Nagios 2.0.1/2.1.3 Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header. | 5.0 |
2006-05-03 | CVE-2006-2159 | Russcom Network | Unspecified vulnerability in Russcom Network Loginphp CRLF injection vulnerability in help.php in Russcom Network Loginphp allows remote attackers to spoof e-mails and inject MIME headers via CRLF sequences in the email address. | 5.0 |
2006-05-01 | CVE-2006-2131 | Advanced Poll | Remote Security vulnerability in Advanced Poll Advanced Poll 2.0.4 include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDED_FOR (X-Forwarded-For HTTP header) to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions. | 5.0 |
2006-05-01 | CVE-2006-2121 | I Rater | Remote File Include vulnerability in I-RATER Platinum Config_settings.TPL.PHP PHP remote file include vulnerability in admin/config_settings.tpl.php in I-RATER Platinum allows remote attackers to execute arbitrary code via a URL in the include_path parameter. | 5.0 |
2006-05-01 | CVE-2006-2119 | Artmedic Webdesign | Remote File Include vulnerability in Artmedic Event PHP remote file inclusion vulnerability in event/index.php in Artmedic Event allows remote attackers to execute arbitrary code via a URL in the page parameter. | 5.0 |
2006-05-03 | CVE-2006-2155 | EMC | Local Security vulnerability in Retrospect for Windows EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 allows local users to execute arbitrary code by replacing the Retrospect.exe file, possibly due to improper file permissions. | 4.6 |
2006-05-05 | CVE-2006-2232 | Scriptsez | HTML Injection vulnerability in Scriptsez Cute Guestbook 20060211 Cross-site scripting (XSS) vulnerability in Scriptsez Cute Guestbook 20060211 allows remote attackers to inject arbitrary web script or HTML via the Comments field when signing the guestbook. | 4.3 |
2006-05-05 | CVE-2006-2231 | BIG Webmaster | HTML Injection vulnerability in Bigwebmaster Guestbook Multiple cross-site scripting (XSS) vulnerabilities in addguest.cgi in Big Webmaster Guestbook Script 1.02 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) site, (3) city, (4) state, (5) country, and possibly (6) name fields, which are viewed via viewguest.cgi. | 4.3 |
2006-05-05 | CVE-2006-2228 | W Agora | Unspecified vulnerability in W-Agora 4.2.0 Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' (equals) character, which bypasses a restrictive regular expression that attempts to remove onmouseover and other events. | 4.3 |
2006-05-05 | CVE-2006-2227 | Punbb | Input Validation vulnerability in Punbb 1.2.11 Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 allows remote attackers to inject arbitrary web script or HTML via the req_message parameter, because the value of the redirect_url parameter is not sanitized. | 4.3 |
2006-05-04 | CVE-2006-2201 | Broadcom | Unspecified vulnerability in Broadcom Resource Initialization Manager 1.0 Unspecified vulnerability in CA Resource Initialization Manager (CAIRIM) 1.x before 20060502, as used in z/OS Common Services and the LMP component in multiple products, allows attackers to violate integrity via a certain "problem state program" that uses SVC to gain access to supervisor state, key 0. | 4.3 |
2006-05-04 | CVE-2006-2184 | Chadha Software Technologies | Cross-Site Scripting vulnerability in Phpkb Knowledge Base Cross-site scripting (XSS) vulnerability in search.php in PHPKB Knowledge Base allows remote attackers to inject arbitrary web script or HTML via the searchkeyword parameter. | 4.3 |
2006-05-04 | CVE-2006-2181 | Albinator | Cross-Site Scripting vulnerability in Albinator Multiple cross-site scripting (XSS) vulnerabilities in Albinator 2.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to dlisting.php or (2) preloadSlideShow parameter to showpic.php. | 4.3 |
2006-05-04 | CVE-2006-2177 | Bitdamaged | Cross-Site Scripting vulnerability in Bitdamaged Geoblog Mod1.0 Cross-site scripting (XSS) vulnerability in viewcat.php in geoBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | 4.3 |
2006-05-04 | CVE-2006-2174 | Virtual Hosting Control System | Cross-Site Scripting vulnerability in Virtual Hosting Control System Virtual Hosting Control System 2.4.7.1 Multiple cross-site scripting (XSS) vulnerabilities in admin/server_day_stats.php in Virtual Hosting Control System (VHCS) allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, or (3) year parameter. | 4.3 |
2006-05-04 | CVE-2006-2167 | Sloughflash | HTML Injection vulnerability in Sloughflash Sf-Users 1.0 Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain JavaScript in the SRC attribute of an IMG element. | 4.3 |
2006-05-03 | CVE-2006-2160 | Russcom Network | HTML Injection vulnerability in Russcomm Network LoginPHP Username Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp (Russcom.Loginphp) allows remote attackers to inject arbitrary web script or HTML via the username field when registering. | 4.3 |
2006-05-03 | CVE-2006-2153 | Jbmc Software | Cross-Site Scripting vulnerability in DirectAdmin Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin Hosting Management allows remote attackers to inject arbitrary web script or HTML via the domain parameter. | 4.3 |
2006-05-02 | CVE-2006-2143 | Jcink | Tag Script Injection vulnerability in Jcink Textfilebb 1.0.16 Multiple cross-site scripting (XSS) vulnerabilities in TextFileBB 1.0.16 allow remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) color, (2) size, or (3) url bbcode tags. | 4.3 |
2006-05-02 | CVE-2006-2141 | Collaborative Portal Server Project | Cross-Site Scripting vulnerability in Collaborative Portal Server Project Collaborative Portal Server 3.4.0 Cross-site scripting (XSS) vulnerability in popup_image in Collaborative Portal Server (CPS) 3.4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the pos argument. | 4.3 |
2006-05-02 | CVE-2006-2138 | Neomail | Cross-Site Scripting vulnerability in Neomail 1.29 Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.29 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter. | 4.3 |
2006-05-01 | CVE-2006-2117 | Extrosoft | HTML Injection vulnerability in Extrosoft Thyme 1.3 Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the search page. | 4.3 |
2006-05-01 | CVE-2006-2111 | Microsoft | Information Exposure vulnerability in Microsoft Outlook Express 6.0 A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability." | 4.3 |
2006-05-05 | CVE-2006-2229 | Openvpn | Denial-Of-Service vulnerability in Openvpn and Openvpn Access Server OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service. | 4.0 |
10 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-05-02 | CVE-2006-2147 | Resmgr | Unspecified vulnerability in Resmgr Resmgrd resmgrd in resmgr for SUSE Linux and other distributions does not properly handle when access to a USB device is granted by using "usb:<bus>,<dev>" notation, which grants access to all USB devices and allows local users to bypass intended restrictions. | 3.6 |
2006-05-04 | CVE-2006-2165 | Pentasoft Corp | Cross-Site Scripting vulnerability in Avactis Shopping Cart Multiple cross-site scripting (XSS) vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php and (2) prod_id parameter in (c) product_info.php. | 2.6 |
2006-05-04 | CVE-2006-2163 | Desert DOG Software | Cross-Site Scripting vulnerability in Desert DOG Software Pinnacle Cart 3.33 Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart 3.33 and earlier allows remote attackers to inject arbitrary web script or HTML via the setbackurl parameter. | 2.6 |
2006-05-05 | CVE-2006-2221 | Bitrock Process ONE | A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. | 2.1 |
2006-05-05 | CVE-2006-2205 | Netbsd | Local Denial of Service vulnerability in Netbsd 3.0 The audio_write function in NetBSD 3.0 allows local users to cause a denial of service (kernel crash) by using the audiosetinfo ioctl to change the sample rate of an audio device. | 2.1 |
2006-05-05 | CVE-2006-1052 | Linux | Local Denial of Service vulnerability in Linux Kernel SELinux_PTrace The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows local users with ptrace permissions to change the tracer SID to an SID of another process. | 2.1 |
2006-05-04 | CVE-2006-2166 | Cisco | Privilege Escalation vulnerability in Cisco Unity Express Expired Password Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password. | 2.1 |
2006-05-02 | CVE-2006-1526 | X ORG | Buffer Overflow vulnerability in X.Org XRender Extension Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. | 2.1 |
2006-05-01 | CVE-2006-2120 | Libtiff | Denial of Service vulnerability in Libtiff 3.8.1 The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read. | 2.1 |
2006-05-01 | CVE-2006-2110 | Virtual Private Server | Local Insecure Guest Context Capabilities vulnerability in Virtual Private Server Vserver 2.0.2/2.1.1 Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x before 2.1.1-rc18 provides certain context capabilities (ccaps) that allow local guest users to perform operations that were only intended to be allowed by the guest-root. | 2.1 |