Weekly Vulnerabilities Reports > May 15 to 21, 2006
Overview
111 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 28 high severity vulnerabilities. This weekly summary report vulnerabilities in 80 products from 72 vendors including BEA, IBM, Ipswitch, Raydium, and Bitrix. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Use of Externally-Controlled Format String", "SQL Injection", and "Permissions, Privileges, and Access Controls".
- 105 reported vulnerabilities are remotely exploitables.
- 8 reported vulnerabilities have public exploit available.
- 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 108 reported vulnerabilities are exploitable by an anonymous user.
- BEA has the most reported vulnerabilities, with 10 reported vulnerabilities.
- IBM has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
4 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-05-20 | CVE-2006-2496 | Novell | Buffer Overflow vulnerability in Novell Edirectory and Imonitor Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors. | 10.0 |
2006-05-17 | CVE-2006-2433 | IBM | Remote Security vulnerability in Websphere Application Server Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and attack vectors related to the "administrative console". | 10.0 |
2006-05-17 | CVE-2006-2430 | IBM | Remote Security vulnerability in Websphere Application Server IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges. | 10.0 |
2006-05-17 | CVE-2006-2429 | IBM | Remote Security vulnerability in Websphere Application Server Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and remote attack vectors related to "HTTP request handlers". | 10.0 |
28 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-05-20 | CVE-2006-2492 | Microsoft | Classic Buffer Overflow vulnerability in Microsoft Office and Works Suite Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack. | 8.8 |
2006-05-19 | CVE-2006-2475 | Cosmoshop | Directory Traversal vulnerability in Cosmoshop 8.10.78 Directory traversal vulnerability in (1) edit_mailtexte.cgi and (2) bestmail.cgi in Cosmoshop 8.11.106 and earlier allows remote administrators to read arbitrary files via ".." sequences in the file parameter. | 7.8 |
2006-05-17 | CVE-2006-1953 | Caucho Technology | Remote Directory Traversal vulnerability in Caucho Technology Resin 3.0.17/3.0.18 Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 for Windows allows remote attackers to read arbitrary files via a "C:%5C" (encoded drive letter) in a URL. | 7.8 |
2006-05-16 | CVE-2006-2401 | Outgun | Remote Buffer Overflow and Denial of Service vulnerability in Outgun 1.0/1.0.3 The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and earlier allow remote attackers to cause a denial of service (application crash) via packets with incorrect message sizes, which triggers a buffer over-read. | 7.8 |
2006-05-16 | CVE-2006-2400 | Outgun | Remote Buffer Overflow and Denial of Service vulnerability in Outgun 1.0/1.0.3 The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and earlier allow remote attackers to cause a denial of service (game interruption) via large packets, which cause an exception to be thrown. | 7.8 |
2006-05-20 | CVE-2006-2499 | Xfairguy | SQL Injection vulnerability in Xfairguy Codeavalanche News 1.2 SQL injection vulnerability in default.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to execute arbitrary SQL commands via the password field. | 7.5 |
2006-05-20 | CVE-2006-2495 | S9Y | Cross-Site Request Forgery vulnerability in Serendipity Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag. | 7.5 |
2006-05-19 | CVE-2006-2489 | Nagios | Remote Content-Length Integer Overflow vulnerability in Nagios Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. | 7.5 |
2006-05-19 | CVE-2006-2487 | Scoznet | Remote File Include vulnerability in ScozNet ScozNews Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[main_path] parameter in (1) functions.php, (2) template.php, (3) news.php, (4) help.php, (5) mail.php, (6) Admin/admin_cats.php, (8) Admin/admin_edit.php, (9) Admin/admin_import.php, and (10) Admin/admin_templates.php. | 7.5 |
2006-05-19 | CVE-2006-2485 | Quezza | Remote File Include vulnerability in Quezza BB 1.1.0 PHP remote file inclusion vulnerability in includes/class_template.php in Quezza 1.0 and earlier, and possibly 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the quezza_root_path parameter. | 7.5 |
2006-05-19 | CVE-2006-1856 | Linux | Unspecified vulnerability in Linux Kernel Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules (LSM) file_permission hooks to the (1) readv and (2) writev functions, which might allow attackers to bypass intended access restrictions. | 7.5 |
2006-05-19 | CVE-2006-0059 | Livedata | Remote Heap Overflow vulnerability in Livedata Iccp Server 5.00.045 Heap-based buffer overflow in the ISO Transport Service over TCP (RFC 1006) implementation of LiveData ICCP Server before 5.00.035 allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets. | 7.5 |
2006-05-19 | CVE-2006-2474 | Cosmoshop | SQL Injection vulnerability in Cosmoshop 8.10.78 SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106 and earlier allows remote attackers to execute arbitrary SQL commands via the artnum parameter. | 7.5 |
2006-05-19 | CVE-2006-2470 | BEA | Security Bypass vulnerability in BEA Weblogic Server 9.0 Unspecified vulnerability in the WebLogic Server Administration Console for BEA WebLogic Server 9.0 prevents the console from setting custom JDBC security policies correctly, which could allow attackers to bypass intended policies. | 7.5 |
2006-05-19 | CVE-2006-2469 | BEA | Remote Security vulnerability in Weblogic Server The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows attackers to gain privileges. | 7.5 |
2006-05-18 | CVE-2006-2440 | Imagemagick | Remote Security vulnerability in Imagemagick 6.0.6.2/6.2.4 Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function. | 7.5 |
2006-05-17 | CVE-2006-2436 | IBM | Remote Security vulnerability in IBM Websphere Application Server 5.0.0/5.0.1/5.0.2 WebSphere Application Server 5.0.2 (or any earlier cumulative fix) stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges. | 7.5 |
2006-05-17 | CVE-2006-2432 | IBM | Remote Security vulnerability in Websphere Application Server IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) and 5.1.1 (or any earlier cumulative fix) allows EJB access on Solaris systems via a crafted LTPA token. | 7.5 |
2006-05-17 | CVE-2006-2421 | Pragma Systems | Remote Buffer Overflow vulnerability in Pragma FortressSSH SSH_MSG_KEXINIT Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20 allows remote attackers to execute arbitrary code via long SSH_MSG_KEXINIT messages, which may cause an overflow when being logged. | 7.5 |
2006-05-16 | CVE-2006-2411 | Raydium | Remote Buffer Overflow and Denial Of Service vulnerability in Raydium Buffer overflow in raydium_network_read function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to execute arbitrary code by sending packets with long global variables to the client. | 7.5 |
2006-05-16 | CVE-2006-2408 | Raydium | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Raydium Multiple buffer overflows in Raydium before SVN revision 310 allow remote attackers to execute arbitrary code via a large packet when logged via (1) the raydium_log function in log.c or (2) the raydium_console_line_add function in console.c, possibly from a long player name. | 7.5 |
2006-05-16 | CVE-2006-2407 | Freeftpd Freesshd Weonlydo | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string. | 7.5 |
2006-05-16 | CVE-2006-2403 | Filezilla | Remote Buffer Overflow vulnerability in FileZilla Client Buffer overflow in FileZilla before 2.2.23 allows remote attackers to execute arbitrary commands via unknown attack vectors. | 7.5 |
2006-05-16 | CVE-2006-2399 | Outgun | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Outgun 1.0/1.0.3 Stack-based buffer overflow in the ServerNetworking::incoming_client_data function in servnet.cpp in Outgun 1.0.3 bot 2 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a data_file_request command with a long (1) type or (2) name string. | 7.5 |
2006-05-16 | CVE-2006-2391 | EMC | Remote Buffer Overflow vulnerability in EMC Dantz Retrospect Backup Client Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to port 497. | 7.5 |
2006-05-15 | CVE-2006-2369 | VNC | Improper Authentication vulnerability in VNC Realvnc 4.1.1 RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password. | 7.5 |
2006-05-15 | CVE-2006-2361 | Mxbb PHP Arena | Remote File Include vulnerability in PAFileDB Pafiledb_Constants.PHP PHP remote file inclusion vulnerability in pafiledb_constants.php in Download Manager (mxBB pafiledb) integration, as used with phpBB, allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | 7.5 |
2006-05-15 | CVE-2006-2360 | Phpbb Group | Input Validation vulnerability in Chart Mod SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
75 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-05-20 | CVE-2006-2501 | SUN | Cross-Site Scripting vulnerability in Sun ONE and Sun Java System Applications Error Page Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages. | 6.8 |
2006-05-20 | CVE-2006-2500 | Xfairguy | HTML Injection vulnerability in Xfairguy Codeavalanche News 1.2 Cross-site scripting (XSS) vulnerability in add_news.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to inject arbitrary web script or HTML via the Headline field. | 6.8 |
2006-05-19 | CVE-2006-2491 | Boastmachine Kailash Nadh | Cross-Site Scripting vulnerability in BoastMachine Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $_SERVER["PHP_SELF"] variable. | 6.8 |
2006-05-16 | CVE-2006-2418 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPmyadmin 2.8.0.3 Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts. | 6.8 |
2006-05-16 | CVE-2006-2405 | Unclassified Newsboard | Local File Include vulnerability in Unclassified NewsBoard ABBC.CSS.PHP Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via .. | 6.8 |
2006-05-20 | CVE-2006-2498 | Invision Power Services | Arbitrary PHP Code Execution vulnerability in Invision Power Board Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php. | 6.4 |
2006-05-19 | CVE-2006-2486 | Yapbb | SQL Injection vulnerability in Yapbb 1.1/1.2/1.2Beta2 SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the userID parameter. | 6.4 |
2006-05-19 | CVE-2006-2460 | Sugarcrm | Remote and Local File Include vulnerability in Sugar Suite Open Source Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as $_GLOBALS and $_SESSION from modification, which allows remote attackers to conduct attacks such as directory traversal or PHP remote file inclusion, as demonstrated by modifying the GLOBALS[sugarEntry] parameter. | 6.4 |
2006-05-19 | CVE-2006-2459 | PHP Fusion | SQL Injection vulnerability in PHP Fusion PHP Fusion 6.00.306/6.00.307 SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srch_where parameter. | 6.4 |
2006-05-17 | CVE-2006-2435 | IBM | Remote Security vulnerability in Websphere Application Server Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls [that] may allow unintended execution of scripts." | 6.4 |
2006-05-17 | CVE-2006-2426 | SUN | Remote Denial Of Service vulnerability in SUN Jdk, JRE and SDK Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory. | 6.4 |
2006-05-16 | CVE-2006-2404 | Radscripts | Local File Include vulnerability in Radscripts Radlance 7.0 Directory traversal vulnerability in popup.php in RadScripts RadLance Gold 7.0 allows remote attackers to read arbitrary files via a .. | 6.4 |
2006-05-16 | CVE-2006-2392 | Blue Dragon | Remote File Include vulnerability in Blue Dragon PHP Blue Dragon Platinum2.8.0 PHP remote file inclusion vulnerability in public_includes/pub_popup/popup_finduser.php in PHP Blue Dragon Platinum 2.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter. | 6.4 |
2006-05-20 | CVE-2006-2497 | Aspbb | Cross-Site Scripting vulnerability in Aspbb 0.5.2 Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to default.asp or (2) get parameter to profile.asp. | 5.8 |
2006-05-16 | CVE-2006-2415 | Flexchat | Cross-Site Scripting vulnerability in Flexchat Multiple cross-site scripting (XSS) vulnerabilities in FlexChat 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) CFTOKEN parameter in (a) index.cfm and (3) CFTOKEN and (4) CFID parameter in (b) chat.cfm. | 5.8 |
2006-05-16 | CVE-2006-2397 | Gphotos | Input Validation vulnerability in Gphotos 1.4/1.5 Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. | 5.8 |
2006-05-16 | CVE-2006-2396 | Phpodp | Cross-Site Scripting vulnerability in PHPodp 1.5H Cross-site scripting (XSS) vulnerability in phpODP 1.5h allows remote attackers to inject arbitrary web script via the browse parameter. | 5.8 |
2006-05-16 | CVE-2006-2394 | Turnkey WEB Tools | Cross-Site Scripting vulnerability in Turnkey web Tools PHP Live Helper 1.8 Cross-site scripting (XSS) vulnerability in chat.php in PHP Live Helper allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter. | 5.8 |
2006-05-16 | CVE-2006-2390 | Ozjournals | Cross-Site Scripting vulnerability in Ozjournals 1.2 Cross-site scripting (XSS) vulnerability in OZJournals 1.2 allows remote attackers to inject arbitrary web script or HTML via the vname parameter in the comments functionality. | 5.8 |
2006-05-15 | CVE-2006-2368 | Clansys | Cross-Site Scripting vulnerability in Clansys 1.1 Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka Clanpage System) 1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 5.8 |
2006-05-15 | CVE-2006-2365 | Vizra | Cross-Site Scripting vulnerability in Vizra Cross-site scripting (XSS) vulnerability in a_login.php in Vizra allows remote attackers to inject arbitrary web script or HTML via the message parameter. | 5.8 |
2006-05-15 | CVE-2006-2364 | Macromedia | Cross-Site Scripting vulnerability in Macromedia Coldfusion 5.0 Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message. | 5.8 |
2006-05-20 | CVE-2006-2494 | Lacaveprods | Buffer Overflow vulnerability in IntelliTamper Map Files Stack-based buffer overflow in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a crafted .map file. | 5.1 |
2006-05-19 | CVE-2006-2480 | DIA | USE of Externally-Controlled Format String vulnerability in DIA 0.94 Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. | 5.1 |
2006-05-19 | CVE-2006-2465 | Mp3Info | Buffer Overflow vulnerability in Mp3Info 0.8.4 Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. | 5.1 |
2006-05-17 | CVE-2006-2424 | Ezusermanager | Remote File Include vulnerability in Ezusermanager 1.5/1.6 PHP remote file inclusion vulnerability in ezUserManager 1.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the ezUserManager_Path parameter to ezusermanager_pwd_forgott.php, possibly due to an issue in ezusermanager_core.inc.php. | 5.1 |
2006-05-16 | CVE-2006-2416 | E107 | SQL Injection vulnerability in E107 SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name']. | 5.1 |
2006-05-15 | CVE-2006-2363 | Limbo CMS | SQL Injection vulnerability in Limbo CMS Limbo CMS 1.0.4.2 SQL injection vulnerability in the weblinks option (weblinks.html.php) in Limbo CMS allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 5.1 |
2006-05-19 | CVE-2006-2479 | Bitrix | Information Disclosure vulnerability in Bitrix Site Manager The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site. | 5.0 |
2006-05-19 | CVE-2006-2478 | Bitrix | Cross-Site Scripting vulnerability in Bitrix Site Manager Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. | 5.0 |
2006-05-19 | CVE-2006-2476 | Bitrix | Information Disclosure vulnerability in Bitrix Site Manager Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | 5.0 |
2006-05-19 | CVE-2006-2471 | BEA | Information Disclosure vulnerability in BEA Weblogic Server 6.1/7.0/8.1 Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain "server details" in exceptions when invalid XML is provided, and (4) a stack trace in a SOAP fault. | 5.0 |
2006-05-19 | CVE-2006-2463 | OUT OF THE Trees WEB Design | Remote Security vulnerability in OUT of the Trees web Design Selectapix 1.31 view_album.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter. | 5.0 |
2006-05-19 | CVE-2006-2462 | BEA | Remote Security vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6, may send sensitive data over non-secure channels when using JTA transactions, which allows remote attackers to read potentially sensitive network traffic. | 5.0 |
2006-05-19 | CVE-2006-2461 | BEA | Remote Security vulnerability in BEA Weblogic Server 8.1 BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote attackers to more easily read potentially sensitive network traffic. | 5.0 |
2006-05-18 | CVE-2006-2441 | Pioneers | Denial-Of-Service vulnerability in Pioneers Meta-Server Pioneers meta-server before 0.9.55, when the server-console is not installed, allows remote attackers to cause a denial of service (crash) via certain requests from an older gnocatan client to create a new game. | 5.0 |
2006-05-17 | CVE-2006-2438 | Caucho Technology | Information Disclosure vulnerability in Caucho Technology Resin 3.0.17/3.0.18 Directory traversal vulnerability in the viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to read arbitrary files under other web roots via the contextpath parameter. | 5.0 |
2006-05-17 | CVE-2006-2437 | Caucho Technology | Information Disclosure vulnerability in Caucho Technology Resin 3.0.17/3.0.18 The viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter. | 5.0 |
2006-05-17 | CVE-2006-2434 | IBM | Information Disclosure vulnerability in IBM Websphere Application Server 5.1.1 Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulative fix) Common Configuration Mode + CommonArchive and J2EE Models might allow attackers to obtain sensitive information via the trace. | 5.0 |
2006-05-17 | CVE-2006-2422 | Coinsoft Technologies | Information Disclosure vulnerability in phpCOIN Email Address phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, which allows remote authenticated users to read messages for other users by adding the sender's e-mail address as an "additional contact". | 5.0 |
2006-05-16 | CVE-2006-2414 | Timo Sirainen | Remote Information Disclosure vulnerability in Dovecot Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command. | 5.0 |
2006-05-16 | CVE-2006-2413 | Gnunet | Remote Denial of Service vulnerability in GNUnet Empty UDP Datagram GNUnet before SVN revision 2781 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an empty UDP datagram, possibly involving FIONREAD errors. | 5.0 |
2006-05-16 | CVE-2006-2412 | Raydium | Remote Buffer Overflow and Denial Of Service vulnerability in Raydium The raydium_network_read function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to cause a denial of service (application crash) via a large ID, which causes an invalid memory access (buffer over-read). | 5.0 |
2006-05-16 | CVE-2006-2410 | Raydium | Remote Buffer Overflow and Denial Of Service vulnerability in Raydium raydium_network_netcall_exec function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to cause a denial of service (application crash) via a packet of type 0xFF, which causes a null dereference. | 5.0 |
2006-05-16 | CVE-2006-2402 | Outgun | Remote Buffer Overflow and Denial of Service vulnerability in Outgun 1.0/1.0.3 Buffer overflow in the changeRegistration function in servernet.cpp for Outgun 1.0.3 bot 2 and earlier allows remote attackers to change the registration information of other players via a long string. | 5.0 |
2006-05-16 | CVE-2006-2398 | Gphotos | Input Validation vulnerability in Gphotos 1.4 Directory traversal vulnerability in index.php in GPhotos 1.5 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
2006-05-16 | CVE-2006-2393 | Empire Server | Denial-Of-Service vulnerability in Empire Server Empire Server 4.3.0/4.3.2 The client_cmd function in Empire 4.3.2 and earlier allows remote attackers to cause a denial of service (application crash) by causing long text strings to be appended to the player->client buffer, which causes an invalid memory access. | 5.0 |
2006-05-15 | CVE-2006-2357 | Ipswitch | Remote Security vulnerability in Ipswitch Whatsup Professional 2006/2006Premium Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp. | 5.0 |
2006-05-15 | CVE-2006-2356 | Ipswitch | Information Exposure vulnerability in Ipswitch Whatsup Professional 2006 NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter. | 5.0 |
2006-05-15 | CVE-2006-2355 | Ipswitch | Remote Security vulnerability in Ipswitch Whatsup Professional 2006/2006Premium Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages. | 5.0 |
2006-05-15 | CVE-2006-2354 | Ipswitch | Remote Security vulnerability in Ipswitch Whatsup Professional 2006/2006Premium NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. | 5.0 |
2006-05-15 | CVE-2006-2353 | Ipswitch | Permissions, Privileges, and Access Controls vulnerability in Ipswitch Whatsup Professional 2006/2006Premium NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters. | 5.0 |
2006-05-19 | CVE-2006-2477 | Bitrix | Cross-Site Scripting vulnerability in Bitrix Site Manager Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs. | 4.9 |
2006-05-19 | CVE-2006-2472 | BEA | Local Security vulnerability in Weblogic Server Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 through SP5, 7.0 through SP6, and 6.1 through SP7 allows untrusted applications to obtain private server keys. | 4.9 |
2006-05-19 | CVE-2006-2464 | BEA | Local Security vulnerability in BEA Weblogic Server 7.0/8.1 stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6 displays the administrator password to stdout when executed, which allows local users to obtain the password by viewing a local display. | 4.6 |
2006-05-18 | CVE-2006-2443 | Knowledgetree | Information Disclosure vulnerability in Knowledgetree 2.0.7 The Debian package of knowledgetree 2.0.7 creates environment.php with world-readable permissions, which allows local users to obtain sensitive information such as the username and password for the KnowledgeTree database. | 4.6 |
2006-05-18 | CVE-2006-2442 | Kphone | Local Information Disclosure vulnerability in Kphone 4.2 kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords. | 4.6 |
2006-05-16 | CVE-2006-2409 | Raydium | USE of Externally-Controlled Format String vulnerability in Raydium Format string vulnerability in the raydium_log function in console.c in Raydium before SVN revision 310 allows local users to execute arbitrary code via format string specifiers in the format parameter, which are not properly handled in a call to raydium_console_line_add. | 4.6 |
2006-05-19 | CVE-2006-2490 | Mobotix | Cross-Site Scripting vulnerability in Mobotix IP Network Camera Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in (1) the query string to help/help, (2) the get_image_info_abspath parameter to control/eventplayer, and (3) the source_ip parameter to events.tar. | 4.3 |
2006-05-19 | CVE-2006-2488 | Spymac | Cross-Site Scripting vulnerability in Spymac web OS 5.0 Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS (WOS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) del_folder, (2) nick, or (3) action parameters to (a) notes/index.php, (4) curr parameter to (b) ipod/get_ipod.php, and in (c) login.php. | 4.3 |
2006-05-19 | CVE-2006-2484 | Icewarp | Cross-Site Scripting vulnerability in IceWarp Universal WebMail PHPSESSID Parameter Cross-site scripting (XSS) vulnerability in index.html in IceWarp WebMail 5.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter. | 4.3 |
2006-05-17 | CVE-2006-2431 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page. | 4.3 |
2006-05-17 | CVE-2006-2425 | Phpremoteview | Cross-Site Scripting vulnerability in PHPRemoteView PRV.PHP Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in PhpRemoteView, possibly 2003-10-23 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) f, (2) d, and (3) ref parameters, and the (4) "MAKE DIR" and (5) "Full file name" fields. | 4.3 |
2006-05-17 | CVE-2006-2423 | Swsoft | Cross-Site Scripting vulnerability in Confixx 3.0.6/3.0.8 Cross-site scripting (XSS) vulnerability in ftplogin/index.php in Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the login parameter. | 4.3 |
2006-05-16 | CVE-2006-2420 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Bugzilla 2.20/2.21/2.21.1 Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows remote attackers to conduct cross-site scripting (XSS) attacks via a title element with HTML encoded sequences such as ">", which are automatically decoded by some RSS readers. | 4.3 |
2006-05-16 | CVE-2006-2419 | PHP | Cross-Site Scripting vulnerability in Directory Listing Script Cross-site scripting (XSS) vulnerability in index.php in Directory Listing Script allows remote attackers to inject arbitrary web script or HTML via the dir parameter. | 4.3 |
2006-05-16 | CVE-2006-2417 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPmyadmin 2.8.0.1/2.8.0.2/2.8.0.3 Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. | 4.3 |
2006-05-15 | CVE-2006-2367 | Clansys | Cross-Site Scripting vulnerability in Clansys 1.0/1.1 Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka Clanpage System) 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the func parameter in a search function. | 4.3 |
2006-05-15 | CVE-2006-2359 | Phpbb Group | Input Validation vulnerability in Chart Mod Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
2006-05-15 | CVE-2006-2358 | WEB Labs | Cross-Site Scripting vulnerability in Web-Labs CMS Multiple cross-site scripting (XSS) vulnerabilities in various scripts in Web-Labs CMS allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter and (2) unspecified fields related to e-mail alerts. | 4.3 |
2006-05-15 | CVE-2006-2352 | Ipswitch | Cross-Site Scripting vulnerability in Ipswitch Whatsup Professional 2006/2006Premium Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/DeviceSelection.asp. | 4.3 |
2006-05-15 | CVE-2006-2351 | Ipswitch | Cross-Site Scripting vulnerability in Ipswitch Whatsup Professional 2006/2006Premium Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp. | 4.3 |
2006-05-19 | CVE-2006-2468 | BEA | Information Disclosure vulnerability in BEA Weblogic Server 7.0/8.1 The WebLogic Server Administration Console in BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 displays the domain name in the Console login form, which allows remote attackers to obtain sensitive information. | 4.0 |
2006-05-19 | CVE-2006-2467 | BEA | Remote Security vulnerability in BEA Weblogic Server 6.1/7.0/8.1 BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 displays the internal IP address of the WebLogic server in the WebLogic Server Administration Console, which allows remote authenticated administrators to determine the address. | 4.0 |
2006-05-18 | CVE-2006-2458 | Libextractor | Heap Buffer Overflow vulnerability in Libextractor 0.5.13 Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c). | 4.0 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-05-19 | CVE-2006-2466 | BEA | Remote Security vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability." | 2.6 |
2006-05-16 | CVE-2006-2406 | Unclassified Newsboard | Directory Traversal vulnerability in Unclassified NewsBoard Directory traversal vulnerability in bb_lib/abbc.css.php in Unclassified NewsBoard (UNB) 1.5.3-d and possibly earlier versions, when register_globals is enabled, allows remote attackers to include arbitrary files via .. | 2.6 |
2006-05-15 | CVE-2006-2366 | Openobex | Unspecified vulnerability in Openobex 1.2 ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r option, does not prompt the user when overwriting files, which allows user-assisted remote attackers to overwrite dangerous files via an arbitrary destination file name in an OBEX File Transfer session. | 2.6 |
2006-05-18 | CVE-2006-1855 | Linux | Local Denial of Service vulnerability in Linux Kernel Choose_New_Parent choose_new_parent in Linux kernel before 2.6.11.12 includes certain debugging code, which allows local users to cause a denial of service (panic) by causing certain circumstances involving termination of a parent process. | 2.1 |