Weekly Vulnerabilities Reports > May 22 to 28, 2006
Overview
114 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 31 high severity vulnerabilities. This weekly summary report vulnerabilities in 96 products from 79 vendors including Alstrasoft, Greg Donald, Linux, HP, and Yourfreeworld. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Information Exposure", "Code Injection", and "Use of Externally-Controlled Format String".
- 103 reported vulnerabilities are remotely exploitables.
- 9 reported vulnerabilities have public exploit available.
- 4 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 109 reported vulnerabilities are exploitable by an anonymous user.
- Alstrasoft has the most reported vulnerabilities, with 7 reported vulnerabilities.
- Linux has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
3 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-05-27 | CVE-2006-2630 | Symantec | Remote Stack Buffer Overflow vulnerability in Symantec Client Security and Norton Antivirus Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors. | 10.0 |
2006-05-23 | CVE-2006-2547 | SAP | Local Privilege Escalation vulnerability in SAP SAPDBA Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling. | 10.0 |
2006-05-22 | CVE-2006-1857 | Linux | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk. | 9.0 |
31 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-05-22 | CVE-2006-1858 | Linux | Improper Input Validation vulnerability in Linux Kernel SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters. | 7.8 |
2006-05-28 | CVE-2006-2453 | DIA | USE of Externally-Controlled Format String vulnerability in DIA Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480. | 7.5 |
2006-05-26 | CVE-2006-2616 | Alstrasoft | SQL-Injection vulnerability in Alstrasoft Webhost Directory 1.2 SQL injection vulnerability in the search script in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to execute arbitrary SQL commands via the uri parameter. | 7.5 |
2006-05-26 | CVE-2006-2615 | Russcom Network | Remote Arbitrary Command Execution vulnerability in Russcom Ping ping.php in Russcom.Ping allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter. | 7.5 |
2006-05-25 | CVE-2006-2592 | Dschat | Remote Security vulnerability in Dschat 1.0 Unspecified vulnerability in DSChat 1.0 allows remote attackers to execute arbitrary PHP code via the Nickname field, which is not sanitized before creating a file in a user directory. | 7.5 |
2006-05-25 | CVE-2006-2582 | Rwiki | Remote Security vulnerability in Rwiki The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to execute arbitrary Ruby code via unknown attack vectors. | 7.5 |
2006-05-24 | CVE-2006-2580 | HP | Remote vulnerability in HP OpenView Network Node Manager Multiple unspecified vulnerabilities in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allow remote attackers to gain privileged access, execute arbitrary commands, or create arbitrary files via unknown vectors. | 7.5 |
2006-05-24 | CVE-2006-2579 | HP | Remote Arbitrary Command Execution vulnerability in HP Openview Storage Data Protector 5.1/5.5 Unspecified vulnerability in HP OpenView Storage Data Protector 5.1 and 5.5 allows remote attackers to execute arbitrary code via unknown vectors. | 7.5 |
2006-05-24 | CVE-2006-2570 | Calogic | Remote File Include vulnerability in Calogic Calendars 1.2.2 PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS["CLPath"] parameter to (1) reconfig.php and (2) srxclr.php. | 7.5 |
2006-05-24 | CVE-2006-2569 | 4R Linklist Woltlab | SQL Injection vulnerability in Woltlab Burning Board Links.PHP SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and earlier, a module for Woltlab Burning Board, allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
2006-05-24 | CVE-2006-2549 | PDF Tools AG | Denial-Of-Service vulnerability in PDF Tools AG PDF Form Filling and Flattening Tool 3.0 Stack-based buffer overflow in PDF Form Filling and Flattening Tool before 3.1.0.12 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long field names. | 7.5 |
2006-05-24 | CVE-2006-2565 | Alstrasoft | SQL-Injection vulnerability in Alstrasoft Article Manager PRO 1.6 SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter in userarticles.php. | 7.5 |
2006-05-24 | CVE-2006-2314 | Postgresql | SQL Injection vulnerability in PostgreSQL Multibyte Character Encoding PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem. | 7.5 |
2006-05-24 | CVE-2006-2313 | Postgresql | SQL Injection vulnerability in PostgreSQL Multibyte Character Encoding PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection." | 7.5 |
2006-05-23 | CVE-2006-2548 | Perlpodder Prodder | Code Injection vulnerability in multiple products Prodder before 0.5, and perlpodder before 0.5, allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast (url attribute of an enclosure tag, or $enc_url variable), which is executed when running wget. | 7.5 |
2006-05-23 | CVE-2006-2541 | John Andersson | SQL Injection vulnerability in John Andersson Zixforum 1.12 SQL injection vulnerability in settings.asp in Zixforum 1.12 allows remote attackers to execute arbitrary SQL commands via the layid parameter to (1) login.asp and (2) main.asp. | 7.5 |
2006-05-22 | CVE-2006-2537 | Horizontal Shooter BOR Openbor Senile Team | Format String vulnerability in Beats Of Rage Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and earlier, (b) Beats of Rage (BOR) 1.0029 and earlier, and (c) Horizontal Shooter BOR (HOR) 2.0000 and earlier allow remote attackers to execute code via format string specifiers in configurations used in various mod files, as demonstrated by the (1) music identifier in data/scenes/intro.txt, which is not properly handled in the update function, and (2) background identifier in data/easy/1aeasy.txt, which is not properly handled in the shutdown function. | 7.5 |
2006-05-22 | CVE-2006-2531 | Ipswitch | Authentication Bypass vulnerability in Ipswitch Whatsup Professional2006 Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole". | 7.5 |
2006-05-22 | CVE-2006-2527 | Smartisoft | Unspecified vulnerability in Smartisoft PHPbazar 2.1.0 Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter to edit_member and the value parameter to 1. | 7.5 |
2006-05-22 | CVE-2006-2523 | Smartisoft | Remote Security vulnerability in Smartisoft PHPlistpro 2.0 PHP remote file inclusion vulnerability in config.php in phpListPro 2.0.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the Language cookie. | 7.5 |
2006-05-22 | CVE-2006-2522 | Dayfox Designs | Remote Security vulnerability in Dayfox Blog Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges. | 7.5 |
2006-05-22 | CVE-2006-2521 | Accomplishtechnology | Code Injection vulnerability in Accomplishtechnology PHPmydirectory PHP remote file inclusion vulnerability in cron.php in phpMyDirectory 10.4.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter. | 7.5 |
2006-05-22 | CVE-2006-2517 | Fujitsu | SQL-Injection vulnerability in Myweb Portal Office SQL injection vulnerability in MyWeb Portal Office, Standard Edition, Public Edition, Medical Edition, Citizen Edition, School Edition, and Light Edition allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | 7.5 |
2006-05-22 | CVE-2006-2514 | Coppermine | File-Upload vulnerability in Coppermine Photo Gallery Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions. | 7.5 |
2006-05-22 | CVE-2006-2513 | SUN | Authentication Bypass vulnerability in SUN Java System Directory Server 5.2 Unspecified vulnerability in the installation process in Sun Java System Directory Server 5.2 causes wrong user data to be written to a file created by the installation, which allows remote attackers or local users to gain privileges. | 7.5 |
2006-05-22 | CVE-2006-2509 | Yourfreeworld | HTML Injection vulnerability in YourFreeWorld Short Url & Url Tracker Script SQL injection vulnerability in login.php in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2006-05-22 | CVE-2006-2507 | Teake Nutma | Remote File Include vulnerability in Foing Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing 0.2.0 through 0.7.0, as used with phpBB, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) index.php, (2) song.php, (3) faq.php, (4) list.php, (5) gen_m3u.php, and (6) playlist.php. | 7.5 |
2006-05-22 | CVE-2006-2504 | Azboard | SQL Injection vulnerability in AZBoard List.ASP Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search and (2) cate parameters to (a) list.asp, and the (3) id and cate parameters to (b) admin_ok.asp. | 7.5 |
2006-05-22 | CVE-2006-2503 | Deluxebb | SQL Injection vulnerability in Deluxebb 1.06 SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote attackers to execute arbitrary SQL commands via the name parameter. | 7.5 |
2006-05-25 | CVE-2006-2607 | Paul Vixie | Local Privilege Escalation vulnerability in Paul Vixie Cron 4.1 do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf. | 7.2 |
2006-05-24 | CVE-2006-2574 | HP | Local Privilege Escalation vulnerability in Retired: HP-UX Software Distributor Multiple unspecified vulnerabilities in Software Distributor in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allow local users to gain privileges via unspecified attack vectors. | 7.2 |
67 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-05-22 | CVE-2006-2524 | Usebb | Cross-Site Scripting vulnerability in Usebb 1.0Rc1 Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when processing the user date format. | 6.8 |
2006-05-22 | CVE-2006-2515 | Hiox India | Cross-Site Scripting vulnerability in Hiox India Guest Book 3.1 Cross-site scripting (XSS) vulnerability in index.php in Hiox Guestbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input forms for signing the guestbook. | 6.8 |
2006-05-22 | CVE-2006-2510 | Yourfreeworld | HTML Injection vulnerability in YourFreeWorld Short Url & Url Tracker Script Cross-site scripting (XSS) vulnerability in the URL submission form in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to inject arbitrary web script or HTML via an unspecified form for submitting URLs. | 6.8 |
2006-05-22 | CVE-2006-2506 | Sphider | Cross-Site Scripting vulnerability in Sphider Multiple cross-site scripting (XSS) vulnerabilities in search.php in Sphider allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO and (2) the category parameter. | 6.8 |
2006-05-22 | CVE-2006-2512 | Hitachi | SQL Injection vulnerability in Hitachi EUR SQL injection vulnerability in Hitachi EUR Professional Edition, EUR Viewer, EUR Print Service, and EUR Print Service for ILF allows remote authenticated users to execute arbitrary SQL commands via unknown attack vectors. | 6.5 |
2006-05-22 | CVE-2006-2511 | Frontrange | File-Upload vulnerability in Iheat The ActiveX version of FrontRange iHEAT allows remote authenticated users to run arbitrary programs or access arbitrary files on the host machine by uploading a file with an extension that is not associated with an application, and selecting a file from the "Open With..." dialog. | 6.5 |
2006-05-25 | CVE-2006-2590 | E107 | SQL-Injection vulnerability in E107 0.7.5 SQL injection vulnerability in e107 before 0.7.5 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | 6.4 |
2006-05-25 | CVE-2006-2589 | Mybulletinboard | SQL-Injection vulnerability in Mybulletinboard 1.1.1 SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. | 6.4 |
2006-05-25 | CVE-2006-2585 | Greg Donald | SQL-Injection vulnerability in Greg Donald Destiney Links Script 2.1.2 SQL injection vulnerability in Destiney Links Script 2.1.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 6.4 |
2006-05-24 | CVE-2006-2557 | Florian Amrhein | Remote PHP Script Code Injection vulnerability in Florian Amrhein Newsportal 0.36 PHP remote file inclusion vulnerability in extras/poll/poll.php in Florian Amrhein NewsPortal before 0.37, and TR Newsportal (TRanx rebuilded), allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter. | 6.4 |
2006-05-24 | CVE-2006-2554 | Genecys | Remote Buffer Overflow and Denial Of Service vulnerability in Genecys 0.2 Buffer overflow in the tell_player_surr_changes function in Genecys 0.2 and earlier might allow remote attackers to execute arbitrary code via long arguments. | 6.4 |
2006-05-22 | CVE-2006-2532 | Greg Donald | SQL-Injection vulnerability in Greg Donald Destiney Rated Images Script 0.5.0 stats.php in Destiney Rated Images Script 0.5.0 allows remote attackers to obtain the installation path via an invalid s parameter, which displays the path in an error message. | 6.4 |
2006-05-22 | CVE-2006-1520 | Libspf | Remote Security vulnerability in Libspf 1.0.0P4 Format string vulnerability in ANSI C Sender Policy Framework library (libspf) before 1.0.0-p5, when debugging is enabled, allows remote attackers to execute arbitrary code via format string specifiers, possibly in an e-mail address. | 6.4 |
2006-05-22 | CVE-2006-2528 | Smartisoft | Remote File Include vulnerability in Smartisoft PHPbazar 2.1.0 PHP remote file inclusion vulnerability in classified_right.php in phpBazar 2.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter. | 6.4 |
2006-05-22 | CVE-2006-2526 | Power Place | Remote File Include vulnerability in Power Place PHP Easy Galerie 1.1 PHP remote file inclusion vulnerability in index.php in PHP Easy Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter. | 6.4 |
2006-05-22 | CVE-2006-2525 | Usebb | SQL-Injection vulnerability in Usebb 1.0Rc1 SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to execute arbitrary SQL commands via the member list search module. | 6.4 |
2006-05-22 | CVE-2006-2508 | Yourfreeworld | HTML Injection vulnerability in YourFreeWorld Stylish Text Ads Script SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly involving an attack vector using advertise.php. | 6.4 |
2006-05-25 | CVE-2006-2586 | Iplogger | Cross-Site Scripting vulnerability in Iplogger 1.7 Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the HTTP_REFERER header in an HTTP request. | 5.8 |
2006-05-24 | CVE-2006-2558 | Iplogger | HTML Injection vulnerability in Iplogger 1.7 Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the User-Agent (useragent) header in an HTTP request, which is not filtered when the log files are viewed. | 5.8 |
2006-05-24 | CVE-2006-2556 | Florian Amrhein | Cross-Site Scripting vulnerability in Florian Amrhein Newsportal 0.36 Cross-site scripting (XSS) vulnerability in Florian Amrhein NewsPortal before 0.37, and possibly TR Newsportal (TRanx rebuilded), allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 5.8 |
2006-05-22 | CVE-2006-2536 | Greg Donald | HTML Injection vulnerability in Greg Donald Destiney Links Script 2.1.2 Cross-site scripting (XSS) vulnerability in Destiney Links Script 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) "Search" (term parameter in index.php) and (2) "Add a Site" (add.php) fields. | 5.8 |
2006-05-22 | CVE-2006-2533 | Greg Donald | HTML Injection vulnerability in Greg Donald Destiney Rated Images Script 0.5.0 Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) leaveComments.php in Destiney Rated Images Script 0.5.0 does not properly filter all vulnerable HTML tags, which allows remote attackers to inject arbitrary web script or HTML via Javascript in a DIV tag. | 5.8 |
2006-05-26 | CVE-2006-2609 | Artmedic Webdesign | Remote Security vulnerability in Artmedic Webdesign Artmedic Newsletter 4.1.2 artmedic newsletter 4.1.2 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the email parameter to newsletter_log.php. | 5.1 |
2006-05-26 | CVE-2006-2608 | Artmedic Webdesign | Remote Script Execution vulnerability in Artmedic Webdesign Artmedic Newsletter 4.1 artmedic newsletter 4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the logfile parameter in a direct request to log.php, which causes the $logfile variable to be redefined to an attacker-controlled value, as demonstrated by injecting PHP code into info.php. | 5.1 |
2006-05-25 | CVE-2006-2583 | Nucleus Group | Remote File Include vulnerability in Nucleus CMS GLOBALS[DIR_LIBS] Parameter PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.php in Nucleus 3.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[DIR_LIBS] parameter. | 5.1 |
2006-05-24 | CVE-2006-2578 | Esyndicat | Remote Security vulnerability in Esyndicat Directory 1.2 admin/cron.php in eSyndicat Directory 1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files and possibly execute arbitrary PHP code via a null-terminated value in the path_to_config parameter. | 5.1 |
2006-05-24 | CVE-2006-2577 | Docebo | Remote Security vulnerability in Docebo Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) where_cms, (2) where_lms, (3) where_upgrade, (4) BBC_LIB_PATH, and (5) BBC_LANGUAGE_PATH parameters in various unspecified scripts. | 5.1 |
2006-05-24 | CVE-2006-2576 | Docebo | Remote Security vulnerability in Docebo Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) lib.simplesel.php, (b) lib.filelist.php, (c) tree.documents.php, (d) lib.repo.php, and (e) lib.php, and (2) GLOBALS[where_scs] to (f) lib.teleskill.php. | 5.1 |
2006-05-24 | CVE-2006-2573 | Dian Gemilang | SQL-Injection vulnerability in Dian Gemilang Dgbook 1.0 SQL injection vulnerability in index.php in DGBook 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, (4) address, (5) comment, and (6) ip parameters. | 5.1 |
2006-05-24 | CVE-2006-2568 | Ubbcentral | Remote File Include vulnerability in UBB.threads Addpost_newpoll.PHP PHP remote file inclusion vulnerability in addpost_newpoll.php in UBB.threads 6.4 through 6.5.2 and 6.5.1.1 (trial) allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter. | 5.1 |
2006-05-23 | CVE-2006-2550 | Perlpodder | Unspecified vulnerability in Perlpodder 0.2/0.3 perlpodder before 0.5 allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast, which are executed when saving the URL to a log file. | 5.1 |
2006-05-23 | CVE-2006-2544 | Xtreme Scripts | SQL-Injection vulnerability in Xtreme Scripts Xtreme Topsites 1.1 Multiple SQL injection vulnerabilities in Xtreme Topsites 1.1, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchthis parameter in lostid.php and (2) id parameter in stats.php. | 5.1 |
2006-05-23 | CVE-2006-2543 | Xtreme Scripts | Input Validation vulnerability in Xtreme Scripts Xtreme Topsites 1.1 Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors and possibly conduct SQL injection attacks via unspecified vectors in join.php. | 5.1 |
2006-05-22 | CVE-2006-2516 | Xoops | Path Traversal vulnerability in Xoops mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file. | 5.1 |
2006-05-22 | CVE-2006-2502 | Cyrus | Remote Buffer Overflow vulnerability in Cyrus Imapd 2.3.2 Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command. | 5.1 |
2006-05-26 | CVE-2006-2617 | Alstrasoft | SQL-Injection vulnerability in Alstrasoft Webhost Directory 1.2 (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to obtain the installation path via an invalid entry in the Username field on the login page, which causes the path to be displayed in an SQL error. | 5.0 |
2006-05-25 | CVE-2006-2591 | E107 | Remote Security vulnerability in E107 0.7.5 Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit". | 5.0 |
2006-05-25 | CVE-2006-2588 | Russcom Network | Unspecified vulnerability in Russcom Network PHPimages Russcom PHPImages allows remote attackers to upload files of arbitrary types by uploading a file with a .gif extension. | 5.0 |
2006-05-25 | CVE-2006-2587 | Even Balance | Remote Buffer Overflow vulnerability in Even Balance Punkbuster 1.228 Buffer overflow in the WebTool HTTP server component in (1) PunkBuster before 1.229, as used by multiple products including (2) America's Army 1.228 and earlier, (3) Battlefield 1942 1.158 and earlier, (4) Battlefield 2 1.184 and earlier, (5) Battlefield Vietnam 1.150 and earlier, (6) Call of Duty 1.173 and earlier, (7) Call of Duty 2 1.108 and earlier, (8) DOOM 3 1.159 and earlier, (9) Enemy Territory 1.167 and earlier, (10) Far Cry 1.150 and earlier, (11) F.E.A.R. | 5.0 |
2006-05-24 | CVE-2006-2575 | Pyrosoft INC | Remote Denial of Service vulnerability in Pyrosoft INC Netpanzer 0.8 The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (crash) via a client flag (frameNum) that is greater than 41, which triggers an assert error. | 5.0 |
2006-05-24 | CVE-2006-2566 | Alstrasoft | Information Disclosure vulnerability in Alstrasoft Article Manager PRO 1.6 Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via (1) a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or (2) a login QUERY_STRING to admin.php without any additional parameters, which reveal the path in various error messages. | 5.0 |
2006-05-24 | CVE-2006-2555 | Genecys | Remote Buffer Overflow and Denial Of Service vulnerability in Genecys The parse_command function in Genecys 0.2 and earlier allows remote attackers to cause a denial of service (crash) via a command with a missing ":" (colon) separator, which triggers a null dereference. | 5.0 |
2006-05-24 | CVE-2006-2552 | Jemscripts | SQL Injection vulnerability in Jemscripts Downloadcontrol 1.0 Jemscripts DownloadControl 1.0 allows remote attackers to obtain sensitive information via an invalid dcid parameter to dc.php, which leaks the pathname in an error message. | 5.0 |
2006-05-23 | CVE-2006-2546 | BEA | Remote Security vulnerability in BEA Weblogic Server 8.1 A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow attackers to gain privileges. | 5.0 |
2006-05-23 | CVE-2006-2540 | Dieselscripts | Information Disclosure vulnerability in Diesel Job Site Privacy leak in install.php for Diesel PHP Job Site sends sensitive information such as user credentials to an e-mail address controlled by the product developers. | 5.0 |
2006-05-23 | CVE-2006-0747 | Freetype | Numeric Errors vulnerability in Freetype Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values. | 5.0 |
2006-05-22 | CVE-2006-2535 | Greg Donald | Information Exposure vulnerability in Greg Donald Destiney Links Script 2.1.2 index.php in Destiney Links Script 2.1.2 allows remote attackers to obtain the installation path via an invalid show parameter referencing a non-existent file, which reveals the path in the resulting error message. | 5.0 |
2006-05-22 | CVE-2006-2534 | Greg Donald | Remote Security vulnerability in Greg Donald Destiney Links Script 2.1.2 Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the (1) include and (2) themes/original directories. | 5.0 |
2006-05-22 | CVE-2006-2530 | Snitz Communications | Permissions, Privileges, and Access Controls vulnerability in Snitz Communications Avatar MOD 1.3 avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product. | 5.0 |
2006-05-22 | CVE-2006-2529 | Fckeditor | Unspecified vulnerability in Fckeditor 2.2 editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. | 5.0 |
2006-05-22 | CVE-2006-2520 | Bitberry Software | Remote Directory Traversal vulnerability in BitZipper Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier allows remote attackers to create files in arbitrary directories via a .. | 5.0 |
2006-05-24 | CVE-2006-1862 | Linux | Denial-Of-Service vulnerability in Linux Kernel 2.6.9 The virtual memory implementation in Linux kernel 2.6.x allows local users to cause a denial of service (panic) by running lsof a large number of times in a way that produces a heavy system load. | 4.9 |
2006-05-26 | CVE-2006-2614 | SUN | Local Password Disclosure vulnerability in SUN N1 System Manager 1.1 Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 records system passwords in the world-readable scripts (1) /cr/hd_jobs_db.sh, (2) /cr/hd_plan_checkin.sh, and (3) /cr/oracle_plan_checkin.sh, which allows local users to obtain System Manager passwords. | 4.6 |
2006-05-26 | CVE-2006-2618 | Alstrasoft | Cross-Site Scripting vulnerability in Alstrasoft Webhost Directory 1.2 Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, might allow remote attackers to inject arbitrary web script or HTML via the "write a review" box. | 4.3 |
2006-05-26 | CVE-2006-2613 | Mozilla Netscape | Information Exposure vulnerability in multiple products Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents. | 4.3 |
2006-05-26 | CVE-2006-2611 | Mediawiki | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character. | 4.3 |
2006-05-25 | CVE-2006-2606 | Chatty | HTML Injection vulnerability in Chatty 1.0.2 Cross-site scripting (XSS) vulnerability in Chatty, possibly 1.0.2 and other versions, allows remote attackers to inject arbitrary web script or HTML via the username. | 4.3 |
2006-05-25 | CVE-2006-2605 | Dschat | HTML Injection vulnerability in Dschat 1.0 Cross-site scripting (XSS) vulnerability in DSChat 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatbox, probably involving the ctext parameter to send.php. | 4.3 |
2006-05-25 | CVE-2006-2584 | Skyebox | Cross-Site Scripting vulnerability in Skyebox 1.2.0 Multiple cross-site scripting (XSS) vulnerabilities in post.php in SkyeBox 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameters. | 4.3 |
2006-05-25 | CVE-2006-2581 | Rwiki | Cross-Site Scripting vulnerability in Rwiki 2.1.0/2.1.0Pre1/2.1.0Pre2 Cross-site scripting (XSS) vulnerability in Wiki content in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | 4.3 |
2006-05-24 | CVE-2006-2567 | Alstrasoft | Cross-Site Scripting vulnerability in Alstrasoft Article Manager PRO 1.6 Cross-site scripting (XSS) vulnerability in submit_article.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Style Sheets (CSS) property of a STYLE attribute of an element. | 4.3 |
2006-05-24 | CVE-2006-2564 | Alstrasoft | HTML Injection vulnerability in Alstrasoft E-Friends 4.0 Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sending a message. | 4.3 |
2006-05-24 | CVE-2006-2553 | Jemscripts | Cross-Site Scripting vulnerability in Jemscripts Downloadcontrol 1.0 Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl 1.0 allows remote attackers to inject arbitrary HTML or web script via the dcid parameter to dc.php. | 4.3 |
2006-05-27 | CVE-2006-2631 | Phpfox | Remote Security vulnerability in phpFox phpFoX allows remote authenticated users to modify arbitrary accounts via a modified NATIO cookie value, possibly the phpfox_user parameter. | 4.0 |
2006-05-27 | CVE-2006-2629 | Linux | Local Denial of Service vulnerability in Linux Kernel Proc dentry_unused Corruption Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP platforms, allows local users to cause a denial of service (crash) by creating and exiting a large number of tasks, then accessing the /proc entry of a task that is exiting, which causes memory corruption that leads to a failure in the prune_dcache function or a BUG_ON error in include/linux/list.h. | 4.0 |
2006-05-24 | CVE-2006-1466 | Apple | Remote Access vulnerability in Apple Xcode Tools WebObjects Unauthorized Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service. | 4.0 |
2006-05-22 | CVE-2006-2185 | Novell | Local Information Disclosure vulnerability in Novell Netware 6.5 PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to gain privileges. | 4.0 |
13 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-05-28 | CVE-2006-1174 | Debian | Permissions, Privileges, and Access Controls vulnerability in Debian Shadow useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox. | 3.7 |
2006-05-22 | CVE-2006-2505 | Oracle | SQL Injection vulnerability in Oracle Database Server Release2 Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTENSION package. | 3.6 |
2006-05-22 | CVE-2006-2539 | Sybase | Unspecified vulnerability in Sybase Easerver 5.0/5.2/5.3 Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText function in javax.swing.JPasswordField component. | 3.5 |
2006-05-26 | CVE-2006-2610 | Spiffyjr | Cross-Site Scripting vulnerability in Spiffyjr PHPraid 2.9.5 Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 allows remote attackers to inject arbitrary web script or HTML via the (1) URL query string and the (2) Sort parameter. | 2.6 |
2006-05-24 | CVE-2006-2572 | Dian Gemilang | HTML Injection vulnerability in Dian Gemilang Dgbook 1.0 Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) email, and (4) address parameters. | 2.6 |
2006-05-24 | CVE-2006-2571 | Alkacon | Cross-Site Scripting vulnerability in Opencms 6.0.0/6.0.2/6.0.3 Cross-site scripting (XSS) vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action. | 2.6 |
2006-05-23 | CVE-2006-2545 | Xtreme Scripts | Cross-Site Scripting vulnerability in Xtreme Scripts Xtreme Topsites 1.1 Multiple cross-site scripting (XSS) vulnerabilities in Xtreme Topsites 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in stats.php and (2) unspecified inputs in lostid.php, probably the searchthis parameter. | 2.6 |
2006-05-22 | CVE-2006-2538 | IE TAB Mozilla | Denial-Of-Service vulnerability in Ie Tab IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote user-assisted attackers to cause a denial of service (application crash), possibly due to a null dereference, via certain Javascript, as demonstrated using a url parameter to the content/reloaded.html page in a chrome:// URI. | 2.6 |
2006-05-22 | CVE-2006-2519 | Phpwcms | Local File Include vulnerability in PHPwcms 1.2.5Dev Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. | 2.6 |
2006-05-22 | CVE-2006-2518 | Phpwcms | Cross-Site Scripting vulnerability in PHPwcms 1.2.5Dev Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php. | 2.6 |
2006-05-26 | CVE-2006-2612 | Novell | Local Security vulnerability in Novell Client 4.8/4.9 Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the "User Name" field on the login prompt. | 2.1 |
2006-05-23 | CVE-2006-2551 | HP | Local Denial of Service vulnerability in HP Hp-Ux 11.00 Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local users to cause an unspecified denial of service via unknown vectors. | 2.1 |
2006-05-23 | CVE-2006-2542 | TI KAN | Denial-Of-Service vulnerability in TI KAN Xmcd 2.6.17.1 xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb and /var/lib/xmcd/discog with world writable permissions, which allows local users to cause a denial of service (disk consumption). | 2.1 |