Weekly Vulnerabilities Reports > May 1 to 7, 2006

Overview

115 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 24 high severity vulnerabilities. This weekly summary report vulnerabilities in 103 products from 95 vendors including Phpbb Group, Oracle, Mysql, Invision Power Services, and Microsoft. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Improper Input Validation".

  • 104 reported vulnerabilities are remotely exploitables.
  • 11 reported vulnerabilities have public exploit available.
  • 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 110 reported vulnerabilities are exploitable by an anonymous user.
  • Phpbb Group has the most reported vulnerabilities, with 4 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-05-05 CVE-2006-2206 Ultravnc Authentication vulnerability in Ultravnc 1.0.1

The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allows remote attackers to gain privileges by sniffing and decrypting passwords.

10.0
2006-05-04 CVE-2006-2189 Servous SQL Injection vulnerability in Servous Sblog 0.7.2

SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 allows remote attackers to execute arbitrary SQL commands via the keyword parameter.

10.0
2006-05-05 CVE-2006-2218 Microsoft OBJECT Tag Memory Corruption Variant vulnerability in Microsoft IE 6.0

Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.

9.3

24 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-05-05 CVE-2006-2235 Codemunkyx Authentication Bypass vulnerability in Codemunkyx Simple Poll 1.0

CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is not required for the admin directory, allows remote attackers to gain administrative privileges by appending /admin/ to the top-level URI of the application.

7.6
2006-05-05 CVE-2006-2233 Banktown Remote Buffer Overflow vulnerability in Banktown Btcxctl20Com Activex Control 1.4.2.51817/1.5.2.50209

Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) 1.4.2.51817, and possibly 1.5.2.50209, allows remote attackers to execute arbitrary code via a long string in the first argument to SetBannerUrl.

7.5
2006-05-05 CVE-2006-2225 Dxmsoft Authentication Buffer Overflow vulnerability in XM Easy Personal FTP Server

Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows remote attackers to execute arbitrary code, probably via a USER command with a long username.

7.5
2006-05-05 CVE-2006-2217 Invision Power Services SQL Injection vulnerability in Invision Power Board

SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action.

7.5
2006-05-05 CVE-2006-2214 4Images SQL Injection vulnerability in 4Images Image Gallery Management System 1.7.1

Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sessionid parameter in (1) top.php and (2) member.php.

7.5
2006-05-04 CVE-2006-2179 Smartwin Technology Input Validation vulnerability in CyberBuild

Multiple SQL injection vulnerabilities in CyberBuild allow remote attackers to execute arbitrary SQL commands via the (1) SessionID parameter to login.asp or (2) ProductIndex parameter to browse0.htm.

7.5
2006-05-04 CVE-2006-2172 Gene6 Commands Remote Buffer Overflow vulnerability in Gene6 G6 FTP Server 3.1

Buffer overflow in Gene6 FTP Server 3.1.0 allows remote authenticated attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to (1) MKD or (2) XMKD, as demonstrated by the Infigo FTPStress Fuzzer.

7.5
2006-05-04 CVE-2006-2168 Fileprotection Express Authentication Bypass vulnerability in FileProtection Express 1.0/1.0.1

FileProtection Express 1.0.1 and earlier allows remote attackers to bypass authentication via a cookie with an Admin value of 1.

7.5
2006-05-04 CVE-2006-2164 Pentasoft Corp SQL-Injection vulnerability in Avactis Shopping Cart

Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php, and (2) prod_id parameter in (c) cart.php and (d) product_info.php.

7.5
2006-05-03 CVE-2006-2157 Plogger SQL Injection vulnerability in Plogger 2.1

SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, when the level is set to "slideshow".

7.5
2006-05-03 CVE-2006-2152 Phpbb Group Remote File Include vulnerability in Advanced GuestBook Addentry.PHP

PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter.

7.5
2006-05-03 CVE-2006-2151 Phpbb Group Remote Security vulnerability in Phpbb Toplist

PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter.

7.5
2006-05-02 CVE-2006-2148 Cgiirc Remote Buffer Overflow and Denial Of Service vulnerability in Cgiirc 0.5.4/0.5.7

Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 might allow remote attackers to execute arbitrary code via (1) cookies or (2) the query string.

7.5
2006-05-02 CVE-2006-2137 Openphpnuke Remote File Include vulnerability in OpenPHPnuke

PHP remote file inclusion vulnerability in master.php in OpenPHPNuke and 2.3.3 earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.

7.5
2006-05-02 CVE-2006-2136 Aznews SQL Injection vulnerability in Aznews 1.0

SQL injection vulnerability in news.php in AZNEWS allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2006-05-02 CVE-2006-2135 Ruperts News SQL Injection vulnerability in Ruperts News Script Login.PHP

SQL injection vulnerability in login.php in Ruperts News allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2006-05-01 CVE-2006-2133 Boonex SQL-Injection vulnerability in Barracuda

SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) link_dir_target and (2) link_id_target parameter, possibly involving the link_edit functionality.

7.5
2006-05-01 CVE-2006-2128 Deltascripts SQL Injection vulnerability in Deltascripts PRO Publish 2.0

Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid parameter to (d) cat.php.

7.5
2006-05-01 CVE-2006-2118 JMK WEB Scripts Authentication Bypass vulnerability in JMK Picture Gallery Admin_Gallery.PHP3

JMK's Picture Gallery allows remote attackers to bypass authentication via a direct request to admin_gallery.php3, possibly related to the add action.

7.5
2006-05-01 CVE-2006-2116 Planet Concept Authentication Bypass vulnerability in PlanetGallery Gallery_admin.PHP

planetGallery allows remote attackers to gain administrator privileges via a direct request to admin/gallery_admin.php.

7.5
2006-05-01 CVE-2006-2115 SWS Arbitrary Code Execution vulnerability in SWS Web Server

Format string vulnerability in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via unspecified vectors that are not properly handled in a syslog function call.

7.5
2006-05-01 CVE-2006-2114 SWS Arbitrary Code Execution vulnerability in SWS Web Server

Buffer overflow in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via a long request.

7.5
2006-05-04 CVE-2006-2183 Truecrypt Foundation Local Security vulnerability in Truecrypt Foundation Truecrypt 4.1

Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command.

7.2
2006-05-03 CVE-2006-2154 EMC Local Privilege Escalation vulnerability in EMC Dantz Retrospect Backup Server

EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 does not drop privileges before opening files, which allows local users to execute arbitrary code via the File>Open dialog.

7.2

78 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-05-05 CVE-2006-2234 Tyrocms Cross-Site Scripting vulnerability in Tyrocms Beta1.0

Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS beta 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript URI in an img BBCode tag, or a JavaScript event in a (2) url BBCode tag or (3) color BBCode tag.

6.8
2006-05-04 CVE-2006-2190 Open Webmail Cross-Site Scripting vulnerability in Open Webmail

Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl.

6.8
2006-05-04 CVE-2006-2188 Cmscout HTML Injection vulnerability in CmScout

Multiple cross-site scripting (XSS) vulnerabilities in CMScout 1.10 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Body field of a private message (PM), (2) BBCode, or (3) a forum post.

6.8
2006-05-04 CVE-2006-2187 Zenphoto Cross-Site Scripting vulnerability in Zenphoto

Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php.

6.8
2006-05-02 CVE-2006-2109 Jsboard Cross-Site Scripting vulnerability in JSBoard Login.PHP

Cross-site scripting (XSS) vulnerability in the parse_query_str function in include/print.php in JSBoard 2.0.10 and 2.0.11, and possibly other versions before 2.0.12, allows remote attackers to inject arbitrary web script or HTML via parameters that are set as global variables within the program, as demonstrated using the table parameter to login.php.

6.8
2006-05-01 CVE-2006-2122 Coolmenus Code Injection vulnerability in Coolmenus 4.0

PHP remote file inclusion vulnerability in index.php in CoolMenus allows remote attackers to execute arbitrary code via a URL in the page parameter.

6.8
2006-05-05 CVE-2006-1518 Mysql
Oracle
Remote Information Disclosure and Buffer Overflow vulnerability in MySQL

Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values.

6.5
2006-05-05 CVE-2006-2212 Karjasoft Authentication Buffer Overflow vulnerability in Karjasoft Sami FTP Server 2.0.2

Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows remote attackers to execute arbitrary code via a long (1) USER or (2) PASS command.

6.4
2006-05-05 CVE-2006-2209 PHP Arena SQL Injection vulnerability in PHP Arena Pacheckbook 1.1

Multiple SQL injection vulnerabilities in index.php in PHP Arena paCheckBook 1.1 allow remote attackers to execute arbitrary SQL commands via (1) the transtype parameter in an add action or (2) entry parameter in an edit action.

6.4
2006-05-05 CVE-2006-2203 Kerio Remote Security vulnerability in Kerio Mailserver

Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a "possible bypass of attachment filter."

6.4
2006-05-04 CVE-2006-2202 Invision Power Services SQL Injection vulnerability in Invision Power Services Invision Gallery 2.0.6

SQL injection vulnerability in post.php in Invision Gallery 2.0.6 allows remote attackers to execute arbitrary SQL commands via the album parameter.

6.4
2006-05-04 CVE-2006-2182 Albinator Remote File Include vulnerability in Albinator 2.0.8

Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, (2) eshow.php, or (3) forgot.php in albinator 2.0.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Config_rootdir parameter.

6.4
2006-05-04 CVE-2006-2180 Kmint21 Software Buffer Errors vulnerability in Kmint21 Software Golden FTP Server 1.32B/2.70

Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long argument to the (1) NLST or (2) APPE commands, as demonstrated by the Infigo FTPStress Fuzzer.

6.4
2006-05-04 CVE-2006-2175 Ftrainsoft Remote File Include vulnerability in Ftrainsoft Fast Click 2.3.8

PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) show.php or (2) top.php.

6.4
2006-05-04 CVE-2006-2173 Filezilla Remote Buffer Overflow vulnerability in FileZilla FTP Server

Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code via a long (1) PORT or (2) PASS followed by the MLSD command, or (2) the remote server interface, as demonstrated by the Infigo FTPStress Fuzzer.

6.4
2006-05-04 CVE-2006-2171 Jgaa Remote Buffer Overflow vulnerability in Jgaa Warftpd 1.8/1.82Rc10/1.82Rc9

Buffer overflow in WDM.exe in WarFTPD allows remote attackers to execute arbitrary code via unspecified arguments, as demonstrated by the Infigo FTPStress Fuzzer.

6.4
2006-05-04 CVE-2006-2170 Argosoft Remote Buffer Overflow vulnerability in ArGoSoft FTP Server RNTO Command

Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer.

6.4
2006-05-03 CVE-2006-2158 Stadtaus Remote File Include vulnerability in Stadtaus Guestbook

Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when register_globals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remote file inclusion using the include_files array parameter.

6.4
2006-05-03 CVE-2006-2156 X7 Group Local File Include vulnerability in X7 Chat

Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via ..

6.4
2006-05-03 CVE-2006-2150 Phpbb Group Remote Security vulnerability in PHPbb Group PHPbb Toplist 1.3.8

PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter.

6.4
2006-05-03 CVE-2006-2149 Avatic Remote File Include vulnerability in Avatic Aardvark Topsites PHP 4.2.2

PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code.

6.4
2006-05-02 CVE-2006-2145 Harold Bakker Input Validation vulnerability in Harold Bakker Hb-Ns 1.1.6

Multiple SQL injection vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) topic or (2) id parameter.

6.4
2006-05-02 CVE-2006-2144 Dmcounter Remote File Include vulnerability in Dmcounter 0.9.2B

PHP remote file inclusion vulnerability in kopf.php in DMCounter 0.9.2-b allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.

6.4
2006-05-02 CVE-2006-2142 Limbo CMS Remote File Include vulnerability in Limbo CMS 1.0.4/1.0.4.2

PHP remote file inclusion vulnerability in classes/adodbt/sql.php in Limbo CMS 1.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter.

6.4
2006-05-02 CVE-2006-2139 Wilsonncareabusinesses SQL Injection vulnerability in Wilsonncareabusinesses PHP Newsfeed 20040723

Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to (a) deltables.php, (2) select, (3) header, (4) url, (5) source, or (6) time parameters to (b) manualsubmit.php, (7) num parameter to (c) delete.php, or (8) tablename parameter to (d) searchnews.php.

6.4
2006-05-01 CVE-2006-2132 Duware SQL Injection vulnerability in DUclassified Detail.ASP

SQL injection vulnerability in detail.asp in DUclassified allows remote attackers to execute arbitrary SQL commands via the iPro parameter.

6.4
2006-05-01 CVE-2006-2127 Blog MOD SQL Injection vulnerability in Blog MOD Blog MOD 0.2.3/0.2.4/0.2.4B

SQL injection vulnerability in weblog_posting.php in Blog Mod 0.2.x allows remote attackers to execute arbitrary SQL commands via the r parameter.

6.4
2006-05-01 CVE-2006-2126 Avalon LTD SQL Injection vulnerability in Avalon LTD Maxtrade 1.0.1

SQL injection vulnerability in pocategories.php in MaxTrade 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) categori and (2) stranica parameters.

6.4
2006-05-01 CVE-2006-2123 Network Administration Visualized SQL Injection vulnerability in Network Administration Visualized Network Administration Visualized 3.0

Multiple SQL injection vulnerabilities in the report interface in Network Administration Visualized (NAV) before 3.0.1 allow remote attackers to execute arbitrary SQL commands via unknown vectors.

6.4
2006-05-05 CVE-2006-2210 321Soft Input Validation vulnerability in 321Soft PHP-Gallery 0.9

Cross-site scripting (XSS) vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to inject arbitrary web script or HTML via the path parameter.

5.8
2006-05-04 CVE-2006-2178 Smartwin Technology Cross-Site Scripting vulnerability in Smartwin Technology Cyberoffice Warehouse Builder

Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to login.asp, (2) ProductIndex parameter to browse0.htm, (3) rowcolor parameter to result.asp, or (4) heading parameter to result.asp.

5.8
2006-05-04 CVE-2006-2176 PHP Design X Cross-Site Scripting vulnerability in PHP Design X PHP Linkliste 1.0B

Multiple cross-site scripting (XSS) vulnerabilities in links.php in PHP Linkliste 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) new_input, (2) new_url, or (3) new_name parameter.

5.8
2006-05-02 CVE-2006-2146 Harold Bakker Input Validation vulnerability in Harold Bakker Hb-Ns 1.1.6

Multiple cross-site scripting (XSS) vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) poster_name, (2) poster_email, (3) poster_homepage, or (4) message parameter.

5.8
2006-05-02 CVE-2006-2140 Orbitscripts Cross-Site Scripting vulnerability in Orbitscripts Orbithyip 2.0

Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 and earlier allow remote attackers to inject arbitrary web script via the (1) referral parameter to signup.php or (2) id parameter to members.php.

5.8
2006-05-01 CVE-2006-2124 Turnkey Solutions Cross-Site Scripting vulnerability in SunShop Shopping Cart 3.0/3.5

Multiple cross-site scripting (XSS) vulnerabilities in SunShop 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prevaction, (2) previd, (3) prevstart, (4) itemid, (5) id, and (6) action parameters in index.php.

5.8
2006-05-05 CVE-2006-2204 Invision Power Services SQL Injection vulnerability in Invision Power Board Func_mod.PHP

SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array.

5.5
2006-05-01 CVE-2006-2129 Deltascripts SQL Injection vulnerability in Deltascripts PRO Publish 2.0

Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in set_inc.php.

5.5
2006-05-02 CVE-2006-2134 Phpbb Group Remote File Include vulnerability in phpBB Knowledge Base Mod KB_constants.PHP

PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

5.1
2006-05-01 CVE-2006-2130 Advanced Poll SQL-Injection vulnerability in Advanced Poll Advanced Poll 2.0.4

SQL injection vulnerability in include/class_poll.php in Advanced Poll 2.0.4 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.

5.1
2006-05-01 CVE-2006-1989 Clam Anti Virus Remote Buffer Overflow vulnerability in Clam Anti-Virus Clamav 0.88/0.88.1

Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.

5.1
2006-05-05 CVE-2006-2230 Xine Remote Format String vulnerability in Xine 0.99.4

Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line.

5.0
2006-05-05 CVE-2006-2226 Dxmsoft Buffer Overflow vulnerability in Dxmsoft XM Easy Personal FTP Server 4.2/5.0.1

Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows remote authenticated users to cause a denial of service via a long argument to the PORT command.

5.0
2006-05-05 CVE-2006-2224 Quagga Improper Authentication vulnerability in Quagga Routing Software Suite

RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.

5.0
2006-05-05 CVE-2006-2223 Quagga Improper Input Validation vulnerability in Quagga 0.98.5/0.99.3

RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.

5.0
2006-05-05 CVE-2006-2222 Norz Remote HTTP GET Denial Of Service vulnerability in Norz Zawhttpd 0.8.23

Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, allows remote attackers to cause a denial of service (daemon crash) via a request for a URI composed of several "\" (backslash) characters.

5.0
2006-05-05 CVE-2006-2216 Devsyn Remote Security vulnerability in Devsyn Open Bulletin Board 1.0.8

Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to obtain the full path of the web server via an invalid pforums parameter to (1) misc.php and (2) member.php.

5.0
2006-05-05 CVE-2006-2213 Hostapd Remote Denial Of Service vulnerability in Hostapd 0.3.72

Hostapd 0.3.7-2 allows remote attackers to cause a denial of service (segmentation fault) via an unspecified value in the key_data_length field of an EAPoL frame.

5.0
2006-05-05 CVE-2006-2211 321Soft Input Validation vulnerability in 321Soft PHP-Gallery 0.9

Absolute path traversal vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to browse arbitrary directories via the path parameter.

5.0
2006-05-05 CVE-2006-1517 Mysql
Oracle
Remote Information Disclosure and Buffer Overflow vulnerability in MySQL

sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message.

5.0
2006-05-05 CVE-2006-1516 Mysql
Oracle
Remote Information Disclosure and Buffer Overflow vulnerability in MySQL

The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.

5.0
2006-05-04 CVE-2006-2186 Zenphoto Cross-Site Scripting vulnerability in Zenphoto 0.9/1.0.1Beta/1.0Beta

zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the (1) /photos/themes/default/ and (2) /photos/themes/testing/ URIs, which reveals the path in an error message.

5.0
2006-05-04 CVE-2006-2169 Best Practical Solutions Information Disclosure vulnerability in Best Practical Solutions Request Tracker 3.5.Head

RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensitive information via the Rows parameter in Dist/Display.html, which reveals the installation path in an error message.

5.0
2006-05-03 CVE-2006-1527 Linux Remote Denial of Service vulnerability in Linux Kernel 2.6.16.12

The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of service (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed by the for_each_sctp_chunk function.

5.0
2006-05-03 CVE-2006-2162 Nagios Remote Negative Content-Length Buffer Overflow vulnerability in Nagios 2.0.1/2.1.3

Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header.

5.0
2006-05-03 CVE-2006-2159 Russcom Network Unspecified vulnerability in Russcom Network Loginphp

CRLF injection vulnerability in help.php in Russcom Network Loginphp allows remote attackers to spoof e-mails and inject MIME headers via CRLF sequences in the email address.

5.0
2006-05-01 CVE-2006-2131 Advanced Poll Remote Security vulnerability in Advanced Poll Advanced Poll 2.0.4

include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDED_FOR (X-Forwarded-For HTTP header) to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions.

5.0
2006-05-01 CVE-2006-2121 I Rater Remote File Include vulnerability in I-RATER Platinum Config_settings.TPL.PHP

PHP remote file include vulnerability in admin/config_settings.tpl.php in I-RATER Platinum allows remote attackers to execute arbitrary code via a URL in the include_path parameter.

5.0
2006-05-01 CVE-2006-2119 Artmedic Webdesign Remote File Include vulnerability in Artmedic Event

PHP remote file inclusion vulnerability in event/index.php in Artmedic Event allows remote attackers to execute arbitrary code via a URL in the page parameter.

5.0
2006-05-03 CVE-2006-2155 EMC Local Security vulnerability in Retrospect for Windows

EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 allows local users to execute arbitrary code by replacing the Retrospect.exe file, possibly due to improper file permissions.

4.6
2006-05-05 CVE-2006-2232 Scriptsez HTML Injection vulnerability in Scriptsez Cute Guestbook 20060211

Cross-site scripting (XSS) vulnerability in Scriptsez Cute Guestbook 20060211 allows remote attackers to inject arbitrary web script or HTML via the Comments field when signing the guestbook.

4.3
2006-05-05 CVE-2006-2231 BIG Webmaster HTML Injection vulnerability in Bigwebmaster Guestbook

Multiple cross-site scripting (XSS) vulnerabilities in addguest.cgi in Big Webmaster Guestbook Script 1.02 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) site, (3) city, (4) state, (5) country, and possibly (6) name fields, which are viewed via viewguest.cgi.

4.3
2006-05-05 CVE-2006-2228 W Agora Unspecified vulnerability in W-Agora 4.2.0

Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' (equals) character, which bypasses a restrictive regular expression that attempts to remove onmouseover and other events.

4.3
2006-05-05 CVE-2006-2227 Punbb Input Validation vulnerability in Punbb 1.2.11

Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 allows remote attackers to inject arbitrary web script or HTML via the req_message parameter, because the value of the redirect_url parameter is not sanitized.

4.3
2006-05-05 CVE-2006-2208 Planetluc Cross-Site Scripting vulnerability in Planetluc Mynews 1.6.2

Multiple cross-site scripting (XSS) vulnerabilities in mynews.inc.php in MyNews 1.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) hash and (2) page parameters.

4.3
2006-05-04 CVE-2006-2201 CA Local Privilege Escalation vulnerability in CA Resource Initialization Manager 1.0

Unspecified vulnerability in CA Resource Initialization Manager (CAIRIM) 1.x before 20060502, as used in z/OS Common Services and the LMP component in multiple products, allows attackers to violate integrity via a certain "problem state program" that uses SVC to gain access to supervisor state, key 0.

4.3
2006-05-04 CVE-2006-2184 Chadha Software Technologies Cross-Site Scripting vulnerability in Phpkb Knowledge Base

Cross-site scripting (XSS) vulnerability in search.php in PHPKB Knowledge Base allows remote attackers to inject arbitrary web script or HTML via the searchkeyword parameter.

4.3
2006-05-04 CVE-2006-2181 Albinator Cross-Site Scripting vulnerability in Albinator

Multiple cross-site scripting (XSS) vulnerabilities in Albinator 2.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to dlisting.php or (2) preloadSlideShow parameter to showpic.php.

4.3
2006-05-04 CVE-2006-2177 Bitdamaged Cross-Site Scripting vulnerability in Bitdamaged Geoblog Mod1.0

Cross-site scripting (XSS) vulnerability in viewcat.php in geoBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

4.3
2006-05-04 CVE-2006-2174 Virtual Hosting Control System Cross-Site Scripting vulnerability in Virtual Hosting Control System Virtual Hosting Control System 2.4.7.1

Multiple cross-site scripting (XSS) vulnerabilities in admin/server_day_stats.php in Virtual Hosting Control System (VHCS) allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, or (3) year parameter.

4.3
2006-05-04 CVE-2006-2167 Sloughflash HTML Injection vulnerability in Sloughflash Sf-Users 1.0

Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain JavaScript in the SRC attribute of an IMG element.

4.3
2006-05-03 CVE-2006-2160 Russcom Network HTML Injection vulnerability in Russcomm Network LoginPHP Username

Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp (Russcom.Loginphp) allows remote attackers to inject arbitrary web script or HTML via the username field when registering.

4.3
2006-05-03 CVE-2006-2153 Jbmc Software Cross-Site Scripting vulnerability in DirectAdmin

Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin Hosting Management allows remote attackers to inject arbitrary web script or HTML via the domain parameter.

4.3
2006-05-02 CVE-2006-2143 Jcink Tag Script Injection vulnerability in Jcink Textfilebb 1.0.16

Multiple cross-site scripting (XSS) vulnerabilities in TextFileBB 1.0.16 allow remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) color, (2) size, or (3) url bbcode tags.

4.3
2006-05-02 CVE-2006-2141 Collaborative Portal Server Project Cross-Site Scripting vulnerability in Collaborative Portal Server Project Collaborative Portal Server 3.4.0

Cross-site scripting (XSS) vulnerability in popup_image in Collaborative Portal Server (CPS) 3.4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the pos argument.

4.3
2006-05-02 CVE-2006-2138 Neomail Cross-Site Scripting vulnerability in Neomail 1.29

Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.29 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter.

4.3
2006-05-01 CVE-2006-2117 Extrosoft HTML Injection vulnerability in Extrosoft Thyme 1.3

Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the search page.

4.3
2006-05-01 CVE-2006-2111 Microsoft Information Exposure vulnerability in Microsoft Outlook Express 6.0

A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability."

4.3
2006-05-05 CVE-2006-2229 Openvpn Denial-Of-Service vulnerability in Openvpn and Openvpn Access Server

OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service.

4.0

10 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-05-02 CVE-2006-2147 Resmgr Unspecified vulnerability in Resmgr Resmgrd

resmgrd in resmgr for SUSE Linux and other distributions does not properly handle when access to a USB device is granted by using "usb:<bus>,<dev>" notation, which grants access to all USB devices and allows local users to bypass intended restrictions.

3.6
2006-05-04 CVE-2006-2165 Pentasoft Corp Cross-Site Scripting vulnerability in Avactis Shopping Cart

Multiple cross-site scripting (XSS) vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php and (2) prod_id parameter in (c) product_info.php.

2.6
2006-05-04 CVE-2006-2163 Desert DOG Software Cross-Site Scripting vulnerability in Desert DOG Software Pinnacle Cart 3.33

Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart 3.33 and earlier allows remote attackers to inject arbitrary web script or HTML via the setbackurl parameter.

2.6
2006-05-05 CVE-2006-2221 Bitrock
Process ONE
A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file.
2.1
2006-05-05 CVE-2006-2205 Netbsd Local Denial of Service vulnerability in Netbsd 3.0

The audio_write function in NetBSD 3.0 allows local users to cause a denial of service (kernel crash) by using the audiosetinfo ioctl to change the sample rate of an audio device.

2.1
2006-05-05 CVE-2006-1052 Linux Local Denial of Service vulnerability in Linux Kernel SELinux_PTrace

The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows local users with ptrace permissions to change the tracer SID to an SID of another process.

2.1
2006-05-04 CVE-2006-2166 Cisco Privilege Escalation vulnerability in Cisco Unity Express Expired Password

Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.

2.1
2006-05-02 CVE-2006-1526 X ORG Buffer Overflow vulnerability in X.Org XRender Extension

Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator.

2.1
2006-05-01 CVE-2006-2120 Libtiff Denial of Service vulnerability in Libtiff 3.8.1

The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.

2.1
2006-05-01 CVE-2006-2110 Virtual Private Server Local Insecure Guest Context Capabilities vulnerability in Virtual Private Server Vserver 2.0.2/2.1.1

Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x before 2.1.1-rc18 provides certain context capabilities (ccaps) that allow local guest users to perform operations that were only intended to be allowed by the guest-root.

2.1