Weekly Vulnerabilities Reports > May 15 to 21, 2006

Overview

120 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 30 high severity vulnerabilities. This weekly summary report vulnerabilities in 88 products from 79 vendors including BEA, IBM, Ipswitch, Raydium, and Linux. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Use of Externally-Controlled Format String", "SQL Injection", and "Code Injection".

  • 111 reported vulnerabilities are remotely exploitables.
  • 9 reported vulnerabilities have public exploit available.
  • 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 117 reported vulnerabilities are exploitable by an anonymous user.
  • BEA has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

4 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-05-20 CVE-2006-2496 Novell Buffer Overflow vulnerability in Novell Edirectory and Imonitor

Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors.

10.0
2006-05-17 CVE-2006-2433 IBM Remote Security vulnerability in Websphere Application Server

Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and attack vectors related to the "administrative console".

10.0
2006-05-17 CVE-2006-2430 IBM Remote Security vulnerability in Websphere Application Server

IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges.

10.0
2006-05-17 CVE-2006-2429 IBM Remote Security vulnerability in Websphere Application Server

Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and remote attack vectors related to "HTTP request handlers".

10.0

30 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-05-19 CVE-2006-2475 Cosmoshop Directory Traversal vulnerability in Cosmoshop 8.10.78

Directory traversal vulnerability in (1) edit_mailtexte.cgi and (2) bestmail.cgi in Cosmoshop 8.11.106 and earlier allows remote administrators to read arbitrary files via ".." sequences in the file parameter.

7.8
2006-05-17 CVE-2006-1953 Caucho Technology Remote Directory Traversal vulnerability in Caucho Technology Resin 3.0.17/3.0.18

Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 for Windows allows remote attackers to read arbitrary files via a "C:%5C" (encoded drive letter) in a URL.

7.8
2006-05-16 CVE-2006-2401 Outgun Remote Buffer Overflow and Denial of Service vulnerability in Outgun 1.0/1.0.3

The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and earlier allow remote attackers to cause a denial of service (application crash) via packets with incorrect message sizes, which triggers a buffer over-read.

7.8
2006-05-16 CVE-2006-2400 Outgun Remote Buffer Overflow and Denial of Service vulnerability in Outgun 1.0/1.0.3

The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and earlier allow remote attackers to cause a denial of service (game interruption) via large packets, which cause an exception to be thrown.

7.8
2006-05-20 CVE-2006-2492 Microsoft Remote Code Execution vulnerability in Microsoft Word 2003

Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.

7.6
2006-05-20 CVE-2006-2499 Xfairguy SQL Injection vulnerability in Xfairguy Codeavalanche News 1.2

SQL injection vulnerability in default.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to execute arbitrary SQL commands via the password field.

7.5
2006-05-20 CVE-2006-2495 S9Y Cross-Site Request Forgery vulnerability in Serendipity

Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag.

7.5
2006-05-19 CVE-2006-2489 Nagios Remote Content-Length Integer Overflow vulnerability in Nagios

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header.

7.5
2006-05-19 CVE-2006-2487 Scoznet Remote File Include vulnerability in ScozNet ScozNews

Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[main_path] parameter in (1) functions.php, (2) template.php, (3) news.php, (4) help.php, (5) mail.php, (6) Admin/admin_cats.php, (8) Admin/admin_edit.php, (9) Admin/admin_import.php, and (10) Admin/admin_templates.php.

7.5
2006-05-19 CVE-2006-2485 Quezza Remote File Include vulnerability in Quezza BB 1.1.0

PHP remote file inclusion vulnerability in includes/class_template.php in Quezza 1.0 and earlier, and possibly 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the quezza_root_path parameter.

7.5
2006-05-19 CVE-2006-1856 Linux Unspecified vulnerability in Linux Kernel

Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules (LSM) file_permission hooks to the (1) readv and (2) writev functions, which might allow attackers to bypass intended access restrictions.

7.5
2006-05-19 CVE-2006-0059 Livedata Remote Heap Overflow vulnerability in Livedata Iccp Server 5.00.045

Heap-based buffer overflow in the ISO Transport Service over TCP (RFC 1006) implementation of LiveData ICCP Server before 5.00.035 allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets.

7.5
2006-05-19 CVE-2006-2474 Cosmoshop SQL Injection vulnerability in Cosmoshop 8.10.78

SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106 and earlier allows remote attackers to execute arbitrary SQL commands via the artnum parameter.

7.5
2006-05-19 CVE-2006-2470 BEA Security Bypass vulnerability in BEA Weblogic Server 9.0

Unspecified vulnerability in the WebLogic Server Administration Console for BEA WebLogic Server 9.0 prevents the console from setting custom JDBC security policies correctly, which could allow attackers to bypass intended policies.

7.5
2006-05-19 CVE-2006-2469 BEA Remote Security vulnerability in Weblogic Server

The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows attackers to gain privileges.

7.5
2006-05-18 CVE-2006-2440 Imagemagick Remote Security vulnerability in Imagemagick 6.0.6.2/6.2.4

Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.

7.5
2006-05-17 CVE-2006-2436 IBM Remote Security vulnerability in IBM Websphere Application Server 5.0.0/5.0.1/5.0.2

WebSphere Application Server 5.0.2 (or any earlier cumulative fix) stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges.

7.5
2006-05-17 CVE-2006-2432 IBM Remote Security vulnerability in Websphere Application Server

IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) and 5.1.1 (or any earlier cumulative fix) allows EJB access on Solaris systems via a crafted LTPA token.

7.5
2006-05-17 CVE-2006-2421 Pragma Systems Remote Buffer Overflow vulnerability in Pragma FortressSSH SSH_MSG_KEXINIT

Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20 allows remote attackers to execute arbitrary code via long SSH_MSG_KEXINIT messages, which may cause an overflow when being logged.

7.5
2006-05-16 CVE-2006-2411 Raydium Remote Buffer Overflow and Denial Of Service vulnerability in Raydium

Buffer overflow in raydium_network_read function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to execute arbitrary code by sending packets with long global variables to the client.

7.5
2006-05-16 CVE-2006-2408 Raydium Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Raydium

Multiple buffer overflows in Raydium before SVN revision 310 allow remote attackers to execute arbitrary code via a large packet when logged via (1) the raydium_log function in log.c or (2) the raydium_console_line_add function in console.c, possibly from a long player name.

7.5
2006-05-16 CVE-2006-2407 Freeftpd
Freesshd
Weonlydo
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string.

7.5
2006-05-16 CVE-2006-2403 Filezilla Remote Buffer Overflow vulnerability in FileZilla Client

Buffer overflow in FileZilla before 2.2.23 allows remote attackers to execute arbitrary commands via unknown attack vectors.

7.5
2006-05-16 CVE-2006-2399 Outgun Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Outgun 1.0/1.0.3

Stack-based buffer overflow in the ServerNetworking::incoming_client_data function in servnet.cpp in Outgun 1.0.3 bot 2 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a data_file_request command with a long (1) type or (2) name string.

7.5
2006-05-16 CVE-2006-2391 EMC Remote Buffer Overflow vulnerability in EMC Dantz Retrospect Backup Client

Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to port 497.

7.5
2006-05-15 CVE-2006-2369 VNC Improper Authentication vulnerability in VNC Realvnc 4.1.1

RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.

7.5
2006-05-15 CVE-2006-2362 GNU Buffer Overflow vulnerability in GNU BinUtils

Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.

7.5
2006-05-15 CVE-2006-2361 Mxbb
PHP Arena
Remote File Include vulnerability in PAFileDB Pafiledb_Constants.PHP

PHP remote file inclusion vulnerability in pafiledb_constants.php in Download Manager (mxBB pafiledb) integration, as used with phpBB, allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

7.5
2006-05-15 CVE-2006-2360 Phpbb Group Input Validation vulnerability in Chart Mod

SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-05-17 CVE-2006-2427 Clam Anti Virus Local Security vulnerability in Clam Anti-Virus Clamav and Clamxav

freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file.

7.2

81 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-05-20 CVE-2006-2501 SUN Cross-Site Scripting vulnerability in Sun ONE and Sun Java System Applications Error Page

Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages.

6.8
2006-05-20 CVE-2006-2500 Xfairguy HTML Injection vulnerability in Xfairguy Codeavalanche News 1.2

Cross-site scripting (XSS) vulnerability in add_news.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to inject arbitrary web script or HTML via the Headline field.

6.8
2006-05-19 CVE-2006-2491 Boastmachine
Kailash Nadh
Cross-Site Scripting vulnerability in BoastMachine

Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $_SERVER["PHP_SELF"] variable.

6.8
2006-05-16 CVE-2006-2418 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin 2.8.0.3

Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts.

6.8
2006-05-16 CVE-2006-2405 Unclassified Newsboard Local File Include vulnerability in Unclassified NewsBoard ABBC.CSS.PHP

Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via ..

6.8
2006-05-20 CVE-2006-2498 Invision Power Services Arbitrary PHP Code Execution vulnerability in Invision Power Board

Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php.

6.4
2006-05-19 CVE-2006-2486 Yapbb SQL Injection vulnerability in Yapbb 1.1/1.2/1.2Beta2

SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the userID parameter.

6.4
2006-05-19 CVE-2006-2483 Lighthouse Development Remote File Include vulnerability in Lighthouse Development Squirrelcart 1.5.5/1.6/2.2.2

PHP remote file inclusion vulnerability in cart_content.php in Squirrelcart 2.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cart_isp_root parameter.

6.4
2006-05-19 CVE-2006-2460 Sugarcrm Remote and Local File Include vulnerability in Sugar Suite Open Source

Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as $_GLOBALS and $_SESSION from modification, which allows remote attackers to conduct attacks such as directory traversal or PHP remote file inclusion, as demonstrated by modifying the GLOBALS[sugarEntry] parameter.

6.4
2006-05-19 CVE-2006-2459 PHP Fusion SQL Injection vulnerability in PHP Fusion PHP Fusion 6.00.306/6.00.307

SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srch_where parameter.

6.4
2006-05-17 CVE-2006-2435 IBM Remote Security vulnerability in Websphere Application Server

Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls [that] may allow unintended execution of scripts."

6.4
2006-05-17 CVE-2006-2428 Duware Unspecified vulnerability in Duware Dubanner 3.1

add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, probably due to client-side enforcement that can be bypassed.

6.4
2006-05-17 CVE-2006-2426 SUN Remote Denial Of Service vulnerability in SUN Jdk, JRE and SDK

Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory.

6.4
2006-05-16 CVE-2006-2404 Radscripts Local File Include vulnerability in Radscripts Radlance 7.0

Directory traversal vulnerability in popup.php in RadScripts RadLance Gold 7.0 allows remote attackers to read arbitrary files via a ..

6.4
2006-05-16 CVE-2006-2392 Blue Dragon Remote File Include vulnerability in Blue Dragon PHP Blue Dragon Platinum2.8.0

PHP remote file inclusion vulnerability in public_includes/pub_popup/popup_finduser.php in PHP Blue Dragon Platinum 2.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter.

6.4
2006-05-20 CVE-2006-2497 Aspbb Cross-Site Scripting vulnerability in Aspbb 0.5.2

Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to default.asp or (2) get parameter to profile.asp.

5.8
2006-05-16 CVE-2006-2415 Flexchat Cross-Site Scripting vulnerability in Flexchat

Multiple cross-site scripting (XSS) vulnerabilities in FlexChat 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) CFTOKEN parameter in (a) index.cfm and (3) CFTOKEN and (4) CFID parameter in (b) chat.cfm.

5.8
2006-05-16 CVE-2006-2397 Gphotos Input Validation vulnerability in Gphotos 1.4/1.5

Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php.

5.8
2006-05-16 CVE-2006-2396 Phpodp Cross-Site Scripting vulnerability in PHPodp 1.5H

Cross-site scripting (XSS) vulnerability in phpODP 1.5h allows remote attackers to inject arbitrary web script via the browse parameter.

5.8
2006-05-16 CVE-2006-2394 Turnkey WEB Tools Cross-Site Scripting vulnerability in Turnkey web Tools PHP Live Helper 1.8

Cross-site scripting (XSS) vulnerability in chat.php in PHP Live Helper allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter.

5.8
2006-05-16 CVE-2006-2390 Ozjournals Cross-Site Scripting vulnerability in Ozjournals 1.2

Cross-site scripting (XSS) vulnerability in OZJournals 1.2 allows remote attackers to inject arbitrary web script or HTML via the vname parameter in the comments functionality.

5.8
2006-05-15 CVE-2006-2368 Clansys Cross-Site Scripting vulnerability in Clansys 1.1

Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka Clanpage System) 1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

5.8
2006-05-15 CVE-2006-2365 Vizra Cross-Site Scripting vulnerability in Vizra

Cross-site scripting (XSS) vulnerability in a_login.php in Vizra allows remote attackers to inject arbitrary web script or HTML via the message parameter.

5.8
2006-05-15 CVE-2006-2364 Macromedia Cross-Site Scripting vulnerability in Macromedia Coldfusion 5.0

Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message.

5.8
2006-05-20 CVE-2006-2494 Lacaveprods Buffer Overflow vulnerability in IntelliTamper Map Files

Stack-based buffer overflow in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a crafted .map file.

5.1
2006-05-19 CVE-2006-2480 DIA USE of Externally-Controlled Format String vulnerability in DIA 0.94

Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename.

5.1
2006-05-19 CVE-2006-2465 Mp3Info Buffer Overflow vulnerability in Mp3Info 0.8.4

Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument.

5.1
2006-05-17 CVE-2006-2424 Ezusermanager Remote File Include vulnerability in Ezusermanager 1.5/1.6

PHP remote file inclusion vulnerability in ezUserManager 1.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the ezUserManager_Path parameter to ezusermanager_pwd_forgott.php, possibly due to an issue in ezusermanager_core.inc.php.

5.1
2006-05-16 CVE-2006-2416 E107 SQL Injection vulnerability in E107

SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name'].

5.1
2006-05-15 CVE-2006-2363 Limbo CMS SQL Injection vulnerability in Limbo CMS Limbo CMS 1.0.4.2

SQL injection vulnerability in the weblinks option (weblinks.html.php) in Limbo CMS allows remote attackers to execute arbitrary SQL commands via the catid parameter.

5.1
2006-05-19 CVE-2006-2479 Bitrix Information Disclosure vulnerability in Bitrix Site Manager

The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site.

5.0
2006-05-19 CVE-2006-2478 Bitrix Cross-Site Scripting vulnerability in Bitrix Site Manager

Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request.

5.0
2006-05-19 CVE-2006-2476 Bitrix Information Disclosure vulnerability in Bitrix Site Manager

Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.

5.0
2006-05-19 CVE-2006-2471 BEA Information Disclosure vulnerability in BEA Weblogic Server 6.1/7.0/8.1

Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain "server details" in exceptions when invalid XML is provided, and (4) a stack trace in a SOAP fault.

5.0
2006-05-19 CVE-2006-2463 OUT OF THE Trees WEB Design Remote Security vulnerability in OUT of the Trees web Design Selectapix 1.31

view_album.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter.

5.0
2006-05-19 CVE-2006-2462 BEA Remote Security vulnerability in BEA Weblogic Server 7.0/8.1

BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6, may send sensitive data over non-secure channels when using JTA transactions, which allows remote attackers to read potentially sensitive network traffic.

5.0
2006-05-19 CVE-2006-2461 BEA Remote Security vulnerability in BEA Weblogic Server 8.1

BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote attackers to more easily read potentially sensitive network traffic.

5.0
2006-05-18 CVE-2006-2441 Pioneers Denial-Of-Service vulnerability in Pioneers Meta-Server

Pioneers meta-server before 0.9.55, when the server-console is not installed, allows remote attackers to cause a denial of service (crash) via certain requests from an older gnocatan client to create a new game.

5.0
2006-05-17 CVE-2006-2438 Caucho Technology Information Disclosure vulnerability in Caucho Technology Resin 3.0.17/3.0.18

Directory traversal vulnerability in the viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to read arbitrary files under other web roots via the contextpath parameter.

5.0
2006-05-17 CVE-2006-2437 Caucho Technology Information Disclosure vulnerability in Caucho Technology Resin 3.0.17/3.0.18

The viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter.

5.0
2006-05-17 CVE-2006-2434 IBM Information Disclosure vulnerability in IBM Websphere Application Server 5.1.1

Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulative fix) Common Configuration Mode + CommonArchive and J2EE Models might allow attackers to obtain sensitive information via the trace.

5.0
2006-05-17 CVE-2006-2422 Coinsoft Technologies Information Disclosure vulnerability in phpCOIN Email Address

phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, which allows remote authenticated users to read messages for other users by adding the sender's e-mail address as an "additional contact".

5.0
2006-05-16 CVE-2006-2414 Timo Sirainen Remote Information Disclosure vulnerability in Dovecot

Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.

5.0
2006-05-16 CVE-2006-2413 Gnunet Remote Denial of Service vulnerability in GNUnet Empty UDP Datagram

GNUnet before SVN revision 2781 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an empty UDP datagram, possibly involving FIONREAD errors.

5.0
2006-05-16 CVE-2006-2412 Raydium Remote Buffer Overflow and Denial Of Service vulnerability in Raydium

The raydium_network_read function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to cause a denial of service (application crash) via a large ID, which causes an invalid memory access (buffer over-read).

5.0
2006-05-16 CVE-2006-2410 Raydium Remote Buffer Overflow and Denial Of Service vulnerability in Raydium

raydium_network_netcall_exec function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to cause a denial of service (application crash) via a packet of type 0xFF, which causes a null dereference.

5.0
2006-05-16 CVE-2006-2402 Outgun Remote Buffer Overflow and Denial of Service vulnerability in Outgun 1.0/1.0.3

Buffer overflow in the changeRegistration function in servernet.cpp for Outgun 1.0.3 bot 2 and earlier allows remote attackers to change the registration information of other players via a long string.

5.0
2006-05-16 CVE-2006-2398 Gphotos Input Validation vulnerability in Gphotos 1.4

Directory traversal vulnerability in index.php in GPhotos 1.5 and earlier allows remote attackers to read arbitrary files via a ..

5.0
2006-05-16 CVE-2006-2395 Popsoft Digital Code Injection vulnerability in Popsoft Digital Popphoto 3.5.4

PHP remote file inclusion vulnerability in resources/includes/popp.config.loader.inc.php in PopSoft Digital PopPhoto Studio 3.5.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter (cfg['popphoto_base_path'] variable).

5.0
2006-05-16 CVE-2006-2393 Empire Server Denial-Of-Service vulnerability in Empire Server Empire Server 4.3.0/4.3.2

The client_cmd function in Empire 4.3.2 and earlier allows remote attackers to cause a denial of service (application crash) by causing long text strings to be appended to the player->client buffer, which causes an invalid memory access.

5.0
2006-05-15 CVE-2006-2357 Ipswitch Remote Security vulnerability in Ipswitch Whatsup Professional 2006/2006Premium

Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp.

5.0
2006-05-15 CVE-2006-2356 Ipswitch Information Exposure vulnerability in Ipswitch Whatsup Professional 2006

NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter.

5.0
2006-05-15 CVE-2006-2355 Ipswitch Remote Security vulnerability in Ipswitch Whatsup Professional 2006/2006Premium

Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages.

5.0
2006-05-15 CVE-2006-2354 Ipswitch Remote Security vulnerability in Ipswitch Whatsup Professional 2006/2006Premium

NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames.

5.0
2006-05-15 CVE-2006-2353 Ipswitch Permissions, Privileges, and Access Controls vulnerability in Ipswitch Whatsup Professional 2006/2006Premium

NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters.

5.0
2006-05-19 CVE-2006-2477 Bitrix Cross-Site Scripting vulnerability in Bitrix Site Manager

Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs.

4.9
2006-05-19 CVE-2006-2472 BEA Local Security vulnerability in Weblogic Server

Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 through SP5, 7.0 through SP6, and 6.1 through SP7 allows untrusted applications to obtain private server keys.

4.9
2006-05-18 CVE-2006-1528 Linux Improper Input Validation vulnerability in Linux Kernel

Linux kernel before 2.6.13 allows local users to cause a denial of service (crash) via a dio transfer from the sg driver to memory mapped (mmap) IO space.

4.9
2006-05-19 CVE-2006-0039 Linux Race Condition vulnerability in Linux Kernel 2.6.16

Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-read in IPT_ENTRY_ITERATE.

4.7
2006-05-19 CVE-2006-2464 BEA Local Security vulnerability in BEA Weblogic Server 7.0/8.1

stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6 displays the administrator password to stdout when executed, which allows local users to obtain the password by viewing a local display.

4.6
2006-05-18 CVE-2006-2443 Knowledgetree Information Disclosure vulnerability in Knowledgetree 2.0.7

The Debian package of knowledgetree 2.0.7 creates environment.php with world-readable permissions, which allows local users to obtain sensitive information such as the username and password for the KnowledgeTree database.

4.6
2006-05-18 CVE-2006-2442 Kphone Local Information Disclosure vulnerability in Kphone 4.2

kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords.

4.6
2006-05-16 CVE-2006-2409 Raydium USE of Externally-Controlled Format String vulnerability in Raydium

Format string vulnerability in the raydium_log function in console.c in Raydium before SVN revision 310 allows local users to execute arbitrary code via format string specifiers in the format parameter, which are not properly handled in a call to raydium_console_line_add.

4.6
2006-05-19 CVE-2006-2490 Mobotix Cross-Site Scripting vulnerability in Mobotix IP Network Camera

Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in (1) the query string to help/help, (2) the get_image_info_abspath parameter to control/eventplayer, and (3) the source_ip parameter to events.tar.

4.3
2006-05-19 CVE-2006-2488 Spymac Cross-Site Scripting vulnerability in Spymac web OS 5.0

Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS (WOS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) del_folder, (2) nick, or (3) action parameters to (a) notes/index.php, (4) curr parameter to (b) ipod/get_ipod.php, and in (c) login.php.

4.3
2006-05-19 CVE-2006-2484 Icewarp Cross-Site Scripting vulnerability in IceWarp Universal WebMail PHPSESSID Parameter

Cross-site scripting (XSS) vulnerability in index.html in IceWarp WebMail 5.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter.

4.3
2006-05-19 CVE-2006-2473 Openwiki Cross-Site Scripting vulnerability in Openwiki 0.78

** DISPUTED ** Cross-site scripting (XSS) vulnerability in ow.asp in OpenWiki 0.78 allows remote attackers to inject arbitrary web script or HTML via the p parameter.

4.3
2006-05-17 CVE-2006-2431 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page.

4.3
2006-05-17 CVE-2006-2425 Phpremoteview Cross-Site Scripting vulnerability in PHPRemoteView PRV.PHP

Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in PhpRemoteView, possibly 2003-10-23 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) f, (2) d, and (3) ref parameters, and the (4) "MAKE DIR" and (5) "Full file name" fields.

4.3
2006-05-17 CVE-2006-2423 Swsoft Cross-Site Scripting vulnerability in Confixx 3.0.6/3.0.8

Cross-site scripting (XSS) vulnerability in ftplogin/index.php in Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the login parameter.

4.3
2006-05-16 CVE-2006-2420 Mozilla Cross-Site Scripting vulnerability in Mozilla Bugzilla 2.20/2.21/2.21.1

Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows remote attackers to conduct cross-site scripting (XSS) attacks via a title element with HTML encoded sequences such as ">", which are automatically decoded by some RSS readers.

4.3
2006-05-16 CVE-2006-2419 PHP Cross-Site Scripting vulnerability in Directory Listing Script

Cross-site scripting (XSS) vulnerability in index.php in Directory Listing Script allows remote attackers to inject arbitrary web script or HTML via the dir parameter.

4.3
2006-05-16 CVE-2006-2417 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin 2.8.0.1/2.8.0.2/2.8.0.3

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts.

4.3
2006-05-15 CVE-2006-2367 Clansys Cross-Site Scripting vulnerability in Clansys 1.0/1.1

Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka Clanpage System) 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the func parameter in a search function.

4.3
2006-05-15 CVE-2006-2359 Phpbb Group Input Validation vulnerability in Chart Mod

Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2006-05-15 CVE-2006-2358 WEB Labs Cross-Site Scripting vulnerability in Web-Labs CMS

Multiple cross-site scripting (XSS) vulnerabilities in various scripts in Web-Labs CMS allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter and (2) unspecified fields related to e-mail alerts.

4.3
2006-05-15 CVE-2006-2352 Ipswitch Cross-Site Scripting vulnerability in Ipswitch Whatsup Professional 2006/2006Premium

Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/DeviceSelection.asp.

4.3
2006-05-15 CVE-2006-2351 Ipswitch Cross-Site Scripting vulnerability in Ipswitch Whatsup Professional 2006/2006Premium

Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp.

4.3
2006-05-19 CVE-2006-2468 BEA Information Disclosure vulnerability in BEA Weblogic Server 7.0/8.1

The WebLogic Server Administration Console in BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 displays the domain name in the Console login form, which allows remote attackers to obtain sensitive information.

4.0
2006-05-19 CVE-2006-2467 BEA Remote Security vulnerability in BEA Weblogic Server 6.1/7.0/8.1

BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 displays the internal IP address of the WebLogic server in the WebLogic Server Administration Console, which allows remote authenticated administrators to determine the address.

4.0
2006-05-18 CVE-2006-2458 Libextractor Heap Buffer Overflow vulnerability in Libextractor 0.5.13

Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-05-19 CVE-2006-2312 Skype Technologies
Microsoft
Code Injection vulnerability in Skype Technologies Skype

Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.

2.6
2006-05-19 CVE-2006-2466 BEA Remote Security vulnerability in BEA Weblogic Server 7.0/8.1

BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability."

2.6
2006-05-16 CVE-2006-2406 Unclassified Newsboard Directory Traversal vulnerability in Unclassified NewsBoard

Directory traversal vulnerability in bb_lib/abbc.css.php in Unclassified NewsBoard (UNB) 1.5.3-d and possibly earlier versions, when register_globals is enabled, allows remote attackers to include arbitrary files via ..

2.6
2006-05-15 CVE-2006-2366 Openobex Unspecified vulnerability in Openobex 1.2

ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r option, does not prompt the user when overwriting files, which allows user-assisted remote attackers to overwrite dangerous files via an arbitrary destination file name in an OBEX File Transfer session.

2.6
2006-05-18 CVE-2006-1855 Linux Local Denial of Service vulnerability in Linux Kernel Choose_New_Parent

choose_new_parent in Linux kernel before 2.6.11.12 includes certain debugging code, which allows local users to cause a denial of service (panic) by causing certain circumstances involving termination of a parent process.

2.1