Weekly Vulnerabilities Reports > May 22 to 28, 2006

Overview

120 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 37 high severity vulnerabilities. This weekly summary report vulnerabilities in 102 products from 83 vendors including Alstrasoft, Greg Donald, Linux, HP, and Yourfreeworld. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Numeric Errors", "Information Exposure", and "Code Injection".

  • 109 reported vulnerabilities are remotely exploitables.
  • 9 reported vulnerabilities have public exploit available.
  • 4 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 115 reported vulnerabilities are exploitable by an anonymous user.
  • Alstrasoft has the most reported vulnerabilities, with 7 reported vulnerabilities.
  • Linux has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-05-27 CVE-2006-2630 Symantec Remote Stack Buffer Overflow vulnerability in Symantec Client Security and Norton Antivirus

Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors.

10.0
2006-05-23 CVE-2006-2547 SAP Local Privilege Escalation vulnerability in SAP SAPDBA

Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling.

10.0
2006-05-22 CVE-2006-1857 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk.

9.0

37 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-05-25 CVE-2006-2444 Linux Remote Denial of Service vulnerability in Linux Kernel SNMP NAT Helper

The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees of previously-freed memory (double-free) by snmp_trap_decode as well as its calling function, as demonstrated via certain test cases of the PROTOS SNMP test suite.

7.8
2006-05-22 CVE-2006-1858 Linux Improper Input Validation vulnerability in Linux Kernel

SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters.

7.8
2006-05-28 CVE-2006-2453 DIA USE of Externally-Controlled Format String vulnerability in DIA

Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480.

7.5
2006-05-26 CVE-2006-2616 Alstrasoft SQL-Injection vulnerability in Alstrasoft Webhost Directory 1.2

SQL injection vulnerability in the search script in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to execute arbitrary SQL commands via the uri parameter.

7.5
2006-05-26 CVE-2006-2615 Russcom Network Remote Arbitrary Command Execution vulnerability in Russcom Ping

ping.php in Russcom.Ping allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter.

7.5
2006-05-25 CVE-2006-2592 Dschat Remote Security vulnerability in Dschat 1.0

Unspecified vulnerability in DSChat 1.0 allows remote attackers to execute arbitrary PHP code via the Nickname field, which is not sanitized before creating a file in a user directory.

7.5
2006-05-25 CVE-2006-2582 Rwiki Remote Security vulnerability in Rwiki

The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to execute arbitrary Ruby code via unknown attack vectors.

7.5
2006-05-24 CVE-2006-2580 HP Remote vulnerability in HP OpenView Network Node Manager

Multiple unspecified vulnerabilities in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allow remote attackers to gain privileged access, execute arbitrary commands, or create arbitrary files via unknown vectors.

7.5
2006-05-24 CVE-2006-2579 HP Remote Arbitrary Command Execution vulnerability in HP Openview Storage Data Protector 5.1/5.5

Unspecified vulnerability in HP OpenView Storage Data Protector 5.1 and 5.5 allows remote attackers to execute arbitrary code via unknown vectors.

7.5
2006-05-24 CVE-2006-2570 Calogic Remote File Include vulnerability in Calogic Calendars 1.2.2

PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS["CLPath"] parameter to (1) reconfig.php and (2) srxclr.php.

7.5
2006-05-24 CVE-2006-2569 4R Linklist
Woltlab
SQL Injection vulnerability in Woltlab Burning Board Links.PHP

SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and earlier, a module for Woltlab Burning Board, allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2006-05-24 CVE-2006-2549 PDF Tools AG Denial-Of-Service vulnerability in PDF Tools AG PDF Form Filling and Flattening Tool 3.0

Stack-based buffer overflow in PDF Form Filling and Flattening Tool before 3.1.0.12 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long field names.

7.5
2006-05-24 CVE-2006-2565 Alstrasoft SQL-Injection vulnerability in Alstrasoft Article Manager PRO 1.6

SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter in userarticles.php.

7.5
2006-05-24 CVE-2006-2314 Postgresql SQL Injection vulnerability in PostgreSQL Multibyte Character Encoding

PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem.

7.5
2006-05-24 CVE-2006-2313 Postgresql SQL Injection vulnerability in PostgreSQL Multibyte Character Encoding

PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection."

7.5
2006-05-24 CVE-2006-2562 Zyxel Permissions, Privileges, and Access Controls vulnerability in Zyxel P-335Wt Router

ZyXEL P-335WT router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.

7.5
2006-05-24 CVE-2006-2561 Edimax Security Bypass vulnerability in Br 6104K

Edimax BR-6104K router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter (possibly within NewInternalClient), which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.

7.5
2006-05-24 CVE-2006-2560 Sitecom Permissions, Privileges, and Access Controls vulnerability in Sitecom Wl-153 and Wl-153 Router Firmware

Sitecom WL-153 router firmware before 1.38 allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.

7.5
2006-05-24 CVE-2006-2559 Linksys Security Bypass vulnerability in Linksys Wrt54G and Wrt54G V5

Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.

7.5
2006-05-23 CVE-2006-2548 Perlpodder
Prodder
Code Injection vulnerability in multiple products

Prodder before 0.5, and perlpodder before 0.5, allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast (url attribute of an enclosure tag, or $enc_url variable), which is executed when running wget.

7.5
2006-05-23 CVE-2006-2541 John Andersson SQL Injection vulnerability in John Andersson Zixforum 1.12

SQL injection vulnerability in settings.asp in Zixforum 1.12 allows remote attackers to execute arbitrary SQL commands via the layid parameter to (1) login.asp and (2) main.asp.

7.5
2006-05-23 CVE-2006-1861 Freetype Numeric Errors vulnerability in Freetype

Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c.

7.5
2006-05-22 CVE-2006-2537 Horizontal Shooter BOR
Openbor
Senile Team
Format String vulnerability in Beats Of Rage

Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and earlier, (b) Beats of Rage (BOR) 1.0029 and earlier, and (c) Horizontal Shooter BOR (HOR) 2.0000 and earlier allow remote attackers to execute code via format string specifiers in configurations used in various mod files, as demonstrated by the (1) music identifier in data/scenes/intro.txt, which is not properly handled in the update function, and (2) background identifier in data/easy/1aeasy.txt, which is not properly handled in the shutdown function.

7.5
2006-05-22 CVE-2006-2531 Ipswitch Authentication Bypass vulnerability in Ipswitch Whatsup Professional2006

Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole".

7.5
2006-05-22 CVE-2006-2527 Smartisoft Unspecified vulnerability in Smartisoft PHPbazar 2.1.0

Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter to edit_member and the value parameter to 1.

7.5
2006-05-22 CVE-2006-2523 Smartisoft Remote Security vulnerability in Smartisoft PHPlistpro 2.0

PHP remote file inclusion vulnerability in config.php in phpListPro 2.0.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the Language cookie.

7.5
2006-05-22 CVE-2006-2522 Dayfox Designs Remote Security vulnerability in Dayfox Blog

Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges.

7.5
2006-05-22 CVE-2006-2521 Accomplishtechnology Code Injection vulnerability in Accomplishtechnology PHPmydirectory

PHP remote file inclusion vulnerability in cron.php in phpMyDirectory 10.4.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter.

7.5
2006-05-22 CVE-2006-2517 Fujitsu SQL-Injection vulnerability in Myweb Portal Office

SQL injection vulnerability in MyWeb Portal Office, Standard Edition, Public Edition, Medical Edition, Citizen Edition, School Edition, and Light Edition allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.

7.5
2006-05-22 CVE-2006-2514 Coppermine File-Upload vulnerability in Coppermine Photo Gallery

Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.

7.5
2006-05-22 CVE-2006-2513 SUN Authentication Bypass vulnerability in SUN Java System Directory Server 5.2

Unspecified vulnerability in the installation process in Sun Java System Directory Server 5.2 causes wrong user data to be written to a file created by the installation, which allows remote attackers or local users to gain privileges.

7.5
2006-05-22 CVE-2006-2509 Yourfreeworld HTML Injection vulnerability in YourFreeWorld Short Url & Url Tracker Script

SQL injection vulnerability in login.php in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-05-22 CVE-2006-2507 Teake Nutma Remote File Include vulnerability in Foing

Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing 0.2.0 through 0.7.0, as used with phpBB, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) index.php, (2) song.php, (3) faq.php, (4) list.php, (5) gen_m3u.php, and (6) playlist.php.

7.5
2006-05-22 CVE-2006-2504 Azboard SQL Injection vulnerability in AZBoard List.ASP

Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search and (2) cate parameters to (a) list.asp, and the (3) id and cate parameters to (b) admin_ok.asp.

7.5
2006-05-22 CVE-2006-2503 Deluxebb SQL Injection vulnerability in Deluxebb 1.06

SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote attackers to execute arbitrary SQL commands via the name parameter.

7.5
2006-05-25 CVE-2006-2607 Paul Vixie Local Privilege Escalation vulnerability in Paul Vixie Cron 4.1

do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf.

7.2
2006-05-24 CVE-2006-2574 HP Local Privilege Escalation vulnerability in Retired: HP-UX Software Distributor

Multiple unspecified vulnerabilities in Software Distributor in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allow local users to gain privileges via unspecified attack vectors.

7.2

67 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-05-22 CVE-2006-2524 Usebb Cross-Site Scripting vulnerability in Usebb 1.0Rc1

Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when processing the user date format.

6.8
2006-05-22 CVE-2006-2515 Hiox India Cross-Site Scripting vulnerability in Hiox India Guest Book 3.1

Cross-site scripting (XSS) vulnerability in index.php in Hiox Guestbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input forms for signing the guestbook.

6.8
2006-05-22 CVE-2006-2510 Yourfreeworld HTML Injection vulnerability in YourFreeWorld Short Url & Url Tracker Script

Cross-site scripting (XSS) vulnerability in the URL submission form in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to inject arbitrary web script or HTML via an unspecified form for submitting URLs.

6.8
2006-05-22 CVE-2006-2506 Sphider Cross-Site Scripting vulnerability in Sphider

Multiple cross-site scripting (XSS) vulnerabilities in search.php in Sphider allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO and (2) the category parameter.

6.8
2006-05-22 CVE-2006-2512 Hitachi SQL Injection vulnerability in Hitachi EUR

SQL injection vulnerability in Hitachi EUR Professional Edition, EUR Viewer, EUR Print Service, and EUR Print Service for ILF allows remote authenticated users to execute arbitrary SQL commands via unknown attack vectors.

6.5
2006-05-22 CVE-2006-2511 Frontrange File-Upload vulnerability in Iheat

The ActiveX version of FrontRange iHEAT allows remote authenticated users to run arbitrary programs or access arbitrary files on the host machine by uploading a file with an extension that is not associated with an application, and selecting a file from the "Open With..." dialog.

6.5
2006-05-25 CVE-2006-2590 E107 SQL-Injection vulnerability in E107 0.7.5

SQL injection vulnerability in e107 before 0.7.5 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.

6.4
2006-05-25 CVE-2006-2589 Mybulletinboard SQL-Injection vulnerability in Mybulletinboard 1.1.1

SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter.

6.4
2006-05-25 CVE-2006-2585 Greg Donald SQL-Injection vulnerability in Greg Donald Destiney Links Script 2.1.2

SQL injection vulnerability in Destiney Links Script 2.1.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

6.4
2006-05-24 CVE-2006-2557 Florian Amrhein Remote PHP Script Code Injection vulnerability in Florian Amrhein Newsportal 0.36

PHP remote file inclusion vulnerability in extras/poll/poll.php in Florian Amrhein NewsPortal before 0.37, and TR Newsportal (TRanx rebuilded), allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter.

6.4
2006-05-24 CVE-2006-2554 Genecys Remote Buffer Overflow and Denial Of Service vulnerability in Genecys 0.2

Buffer overflow in the tell_player_surr_changes function in Genecys 0.2 and earlier might allow remote attackers to execute arbitrary code via long arguments.

6.4
2006-05-22 CVE-2006-2532 Greg Donald SQL-Injection vulnerability in Greg Donald Destiney Rated Images Script 0.5.0

stats.php in Destiney Rated Images Script 0.5.0 allows remote attackers to obtain the installation path via an invalid s parameter, which displays the path in an error message.

6.4
2006-05-22 CVE-2006-1520 Libspf Remote Security vulnerability in Libspf 1.0.0P4

Format string vulnerability in ANSI C Sender Policy Framework library (libspf) before 1.0.0-p5, when debugging is enabled, allows remote attackers to execute arbitrary code via format string specifiers, possibly in an e-mail address.

6.4
2006-05-22 CVE-2006-2528 Smartisoft Remote File Include vulnerability in Smartisoft PHPbazar 2.1.0

PHP remote file inclusion vulnerability in classified_right.php in phpBazar 2.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter.

6.4
2006-05-22 CVE-2006-2526 Power Place Remote File Include vulnerability in Power Place PHP Easy Galerie 1.1

PHP remote file inclusion vulnerability in index.php in PHP Easy Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.

6.4
2006-05-22 CVE-2006-2525 Usebb SQL-Injection vulnerability in Usebb 1.0Rc1

SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to execute arbitrary SQL commands via the member list search module.

6.4
2006-05-22 CVE-2006-2508 Yourfreeworld HTML Injection vulnerability in YourFreeWorld Stylish Text Ads Script

SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly involving an attack vector using advertise.php.

6.4
2006-05-25 CVE-2006-2586 Iplogger Cross-Site Scripting vulnerability in Iplogger 1.7

Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the HTTP_REFERER header in an HTTP request.

5.8
2006-05-24 CVE-2006-2558 Iplogger HTML Injection vulnerability in Iplogger 1.7

Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the User-Agent (useragent) header in an HTTP request, which is not filtered when the log files are viewed.

5.8
2006-05-24 CVE-2006-2556 Florian Amrhein Cross-Site Scripting vulnerability in Florian Amrhein Newsportal 0.36

Cross-site scripting (XSS) vulnerability in Florian Amrhein NewsPortal before 0.37, and possibly TR Newsportal (TRanx rebuilded), allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

5.8
2006-05-22 CVE-2006-2536 Greg Donald HTML Injection vulnerability in Greg Donald Destiney Links Script 2.1.2

Cross-site scripting (XSS) vulnerability in Destiney Links Script 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) "Search" (term parameter in index.php) and (2) "Add a Site" (add.php) fields.

5.8
2006-05-22 CVE-2006-2533 Greg Donald HTML Injection vulnerability in Greg Donald Destiney Rated Images Script 0.5.0

Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) leaveComments.php in Destiney Rated Images Script 0.5.0 does not properly filter all vulnerable HTML tags, which allows remote attackers to inject arbitrary web script or HTML via Javascript in a DIV tag.

5.8
2006-05-26 CVE-2006-2609 Artmedic Webdesign Remote Security vulnerability in Artmedic Webdesign Artmedic Newsletter 4.1.2

artmedic newsletter 4.1.2 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the email parameter to newsletter_log.php.

5.1
2006-05-26 CVE-2006-2608 Artmedic Webdesign Remote Script Execution vulnerability in Artmedic Webdesign Artmedic Newsletter 4.1

artmedic newsletter 4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the logfile parameter in a direct request to log.php, which causes the $logfile variable to be redefined to an attacker-controlled value, as demonstrated by injecting PHP code into info.php.

5.1
2006-05-25 CVE-2006-2583 Nucleus Group Remote File Include vulnerability in Nucleus CMS GLOBALS[DIR_LIBS] Parameter

PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.php in Nucleus 3.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[DIR_LIBS] parameter.

5.1
2006-05-24 CVE-2006-2578 Esyndicat Remote Security vulnerability in Esyndicat Directory 1.2

admin/cron.php in eSyndicat Directory 1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files and possibly execute arbitrary PHP code via a null-terminated value in the path_to_config parameter.

5.1
2006-05-24 CVE-2006-2577 Docebo Remote Security vulnerability in Docebo

Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) where_cms, (2) where_lms, (3) where_upgrade, (4) BBC_LIB_PATH, and (5) BBC_LANGUAGE_PATH parameters in various unspecified scripts.

5.1
2006-05-24 CVE-2006-2576 Docebo Remote Security vulnerability in Docebo

Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) lib.simplesel.php, (b) lib.filelist.php, (c) tree.documents.php, (d) lib.repo.php, and (e) lib.php, and (2) GLOBALS[where_scs] to (f) lib.teleskill.php.

5.1
2006-05-24 CVE-2006-2573 Dian Gemilang SQL-Injection vulnerability in Dian Gemilang Dgbook 1.0

SQL injection vulnerability in index.php in DGBook 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, (4) address, (5) comment, and (6) ip parameters.

5.1
2006-05-24 CVE-2006-2568 Ubbcentral Remote File Include vulnerability in UBB.threads Addpost_newpoll.PHP

PHP remote file inclusion vulnerability in addpost_newpoll.php in UBB.threads 6.4 through 6.5.2 and 6.5.1.1 (trial) allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter.

5.1
2006-05-23 CVE-2006-2550 Perlpodder Unspecified vulnerability in Perlpodder 0.2/0.3

perlpodder before 0.5 allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast, which are executed when saving the URL to a log file.

5.1
2006-05-23 CVE-2006-2544 Xtreme Scripts SQL-Injection vulnerability in Xtreme Scripts Xtreme Topsites 1.1

Multiple SQL injection vulnerabilities in Xtreme Topsites 1.1, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchthis parameter in lostid.php and (2) id parameter in stats.php.

5.1
2006-05-23 CVE-2006-2543 Xtreme Scripts Input Validation vulnerability in Xtreme Scripts Xtreme Topsites 1.1

Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors and possibly conduct SQL injection attacks via unspecified vectors in join.php.

5.1
2006-05-22 CVE-2006-2516 Xoops Path Traversal vulnerability in Xoops

mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file.

5.1
2006-05-22 CVE-2006-2502 Cyrus Remote Buffer Overflow vulnerability in Cyrus Imapd 2.3.2

Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.

5.1
2006-05-26 CVE-2006-2617 Alstrasoft SQL-Injection vulnerability in Alstrasoft Webhost Directory 1.2

(1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to obtain the installation path via an invalid entry in the Username field on the login page, which causes the path to be displayed in an SQL error.

5.0
2006-05-25 CVE-2006-2591 E107 Remote Security vulnerability in E107 0.7.5

Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit".

5.0
2006-05-25 CVE-2006-2588 Russcom Network Unspecified vulnerability in Russcom Network PHPimages

Russcom PHPImages allows remote attackers to upload files of arbitrary types by uploading a file with a .gif extension.

5.0
2006-05-25 CVE-2006-2587 Even Balance Remote Buffer Overflow vulnerability in Even Balance Punkbuster 1.228

Buffer overflow in the WebTool HTTP server component in (1) PunkBuster before 1.229, as used by multiple products including (2) America's Army 1.228 and earlier, (3) Battlefield 1942 1.158 and earlier, (4) Battlefield 2 1.184 and earlier, (5) Battlefield Vietnam 1.150 and earlier, (6) Call of Duty 1.173 and earlier, (7) Call of Duty 2 1.108 and earlier, (8) DOOM 3 1.159 and earlier, (9) Enemy Territory 1.167 and earlier, (10) Far Cry 1.150 and earlier, (11) F.E.A.R.

5.0
2006-05-24 CVE-2006-2575 Pyrosoft INC Remote Denial of Service vulnerability in Pyrosoft INC Netpanzer 0.8

The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (crash) via a client flag (frameNum) that is greater than 41, which triggers an assert error.

5.0
2006-05-24 CVE-2006-2566 Alstrasoft Information Disclosure vulnerability in Alstrasoft Article Manager PRO 1.6

Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via (1) a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or (2) a login QUERY_STRING to admin.php without any additional parameters, which reveal the path in various error messages.

5.0
2006-05-24 CVE-2006-2555 Genecys Remote Buffer Overflow and Denial Of Service vulnerability in Genecys

The parse_command function in Genecys 0.2 and earlier allows remote attackers to cause a denial of service (crash) via a command with a missing ":" (colon) separator, which triggers a null dereference.

5.0
2006-05-24 CVE-2006-2552 Jemscripts SQL Injection vulnerability in Jemscripts Downloadcontrol 1.0

Jemscripts DownloadControl 1.0 allows remote attackers to obtain sensitive information via an invalid dcid parameter to dc.php, which leaks the pathname in an error message.

5.0
2006-05-23 CVE-2006-2546 BEA Remote Security vulnerability in BEA Weblogic Server 8.1

A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow attackers to gain privileges.

5.0
2006-05-23 CVE-2006-2540 Dieselscripts Information Disclosure vulnerability in Diesel Job Site

Privacy leak in install.php for Diesel PHP Job Site sends sensitive information such as user credentials to an e-mail address controlled by the product developers.

5.0
2006-05-23 CVE-2006-0747 Freetype Numeric Errors vulnerability in Freetype

Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values.

5.0
2006-05-22 CVE-2006-2535 Greg Donald Information Exposure vulnerability in Greg Donald Destiney Links Script 2.1.2

index.php in Destiney Links Script 2.1.2 allows remote attackers to obtain the installation path via an invalid show parameter referencing a non-existent file, which reveals the path in the resulting error message.

5.0
2006-05-22 CVE-2006-2534 Greg Donald Remote Security vulnerability in Greg Donald Destiney Links Script 2.1.2

Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the (1) include and (2) themes/original directories.

5.0
2006-05-22 CVE-2006-2530 Snitz Communications Permissions, Privileges, and Access Controls vulnerability in Snitz Communications Avatar MOD 1.3

avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product.

5.0
2006-05-22 CVE-2006-2529 Fckeditor Unspecified vulnerability in Fckeditor 2.2

editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types.

5.0
2006-05-22 CVE-2006-2520 Bitberry Software Remote Directory Traversal vulnerability in BitZipper

Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier allows remote attackers to create files in arbitrary directories via a ..

5.0
2006-05-24 CVE-2006-1862 Linux Denial-Of-Service vulnerability in Linux Kernel 2.6.9

The virtual memory implementation in Linux kernel 2.6.x allows local users to cause a denial of service (panic) by running lsof a large number of times in a way that produces a heavy system load.

4.9
2006-05-26 CVE-2006-2614 SUN Local Password Disclosure vulnerability in SUN N1 System Manager 1.1

Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 records system passwords in the world-readable scripts (1) /cr/hd_jobs_db.sh, (2) /cr/hd_plan_checkin.sh, and (3) /cr/oracle_plan_checkin.sh, which allows local users to obtain System Manager passwords.

4.6
2006-05-26 CVE-2006-2618 Alstrasoft Cross-Site Scripting vulnerability in Alstrasoft Webhost Directory 1.2

Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, might allow remote attackers to inject arbitrary web script or HTML via the "write a review" box.

4.3
2006-05-26 CVE-2006-2613 Mozilla
Netscape
Information Exposure vulnerability in multiple products

Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents.

4.3
2006-05-26 CVE-2006-2611 Mediawiki Cross-Site Scripting vulnerability in Mediawiki

Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character.

4.3
2006-05-25 CVE-2006-2606 Chatty HTML Injection vulnerability in Chatty 1.0.2

Cross-site scripting (XSS) vulnerability in Chatty, possibly 1.0.2 and other versions, allows remote attackers to inject arbitrary web script or HTML via the username.

4.3
2006-05-25 CVE-2006-2605 Dschat HTML Injection vulnerability in Dschat 1.0

Cross-site scripting (XSS) vulnerability in DSChat 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatbox, probably involving the ctext parameter to send.php.

4.3
2006-05-25 CVE-2006-2584 Skyebox Cross-Site Scripting vulnerability in Skyebox 1.2.0

Multiple cross-site scripting (XSS) vulnerabilities in post.php in SkyeBox 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameters.

4.3
2006-05-25 CVE-2006-2581 Rwiki Cross-Site Scripting vulnerability in Rwiki 2.1.0/2.1.0Pre1/2.1.0Pre2

Cross-site scripting (XSS) vulnerability in Wiki content in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

4.3
2006-05-24 CVE-2006-2567 Alstrasoft Cross-Site Scripting vulnerability in Alstrasoft Article Manager PRO 1.6

Cross-site scripting (XSS) vulnerability in submit_article.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Style Sheets (CSS) property of a STYLE attribute of an element.

4.3
2006-05-24 CVE-2006-2564 Alstrasoft HTML Injection vulnerability in Alstrasoft E-Friends 4.0

Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sending a message.

4.3
2006-05-24 CVE-2006-2553 Jemscripts Cross-Site Scripting vulnerability in Jemscripts Downloadcontrol 1.0

Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl 1.0 allows remote attackers to inject arbitrary HTML or web script via the dcid parameter to dc.php.

4.3
2006-05-27 CVE-2006-2631 Phpfox Remote Security vulnerability in phpFox

phpFoX allows remote authenticated users to modify arbitrary accounts via a modified NATIO cookie value, possibly the phpfox_user parameter.

4.0
2006-05-27 CVE-2006-2629 Linux Local Denial of Service vulnerability in Linux Kernel Proc dentry_unused Corruption

Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP platforms, allows local users to cause a denial of service (crash) by creating and exiting a large number of tasks, then accessing the /proc entry of a task that is exiting, which causes memory corruption that leads to a failure in the prune_dcache function or a BUG_ON error in include/linux/list.h.

4.0
2006-05-24 CVE-2006-1466 Apple Remote Access vulnerability in Apple Xcode Tools WebObjects Unauthorized

Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service.

4.0
2006-05-22 CVE-2006-2185 Novell Local Information Disclosure vulnerability in Novell Netware 6.5

PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to gain privileges.

4.0

13 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-05-28 CVE-2006-1174 Debian Permissions, Privileges, and Access Controls vulnerability in Debian Shadow

useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.

3.7
2006-05-22 CVE-2006-2505 Oracle SQL Injection vulnerability in Oracle Database Server Release2

Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTENSION package.

3.6
2006-05-22 CVE-2006-2539 Sybase Unspecified vulnerability in Sybase Easerver 5.0/5.2/5.3

Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText function in javax.swing.JPasswordField component.

3.5
2006-05-26 CVE-2006-2610 Spiffyjr Cross-Site Scripting vulnerability in Spiffyjr PHPraid 2.9.5

Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 allows remote attackers to inject arbitrary web script or HTML via the (1) URL query string and the (2) Sort parameter.

2.6
2006-05-24 CVE-2006-2572 Dian Gemilang HTML Injection vulnerability in Dian Gemilang Dgbook 1.0

Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) email, and (4) address parameters.

2.6
2006-05-24 CVE-2006-2571 Alkacon Cross-Site Scripting vulnerability in Opencms 6.0.0/6.0.2/6.0.3

Cross-site scripting (XSS) vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action.

2.6
2006-05-23 CVE-2006-2545 Xtreme Scripts Cross-Site Scripting vulnerability in Xtreme Scripts Xtreme Topsites 1.1

Multiple cross-site scripting (XSS) vulnerabilities in Xtreme Topsites 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in stats.php and (2) unspecified inputs in lostid.php, probably the searchthis parameter.

2.6
2006-05-22 CVE-2006-2538 IE TAB
Mozilla
Denial-Of-Service vulnerability in Ie Tab

IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote user-assisted attackers to cause a denial of service (application crash), possibly due to a null dereference, via certain Javascript, as demonstrated using a url parameter to the content/reloaded.html page in a chrome:// URI.

2.6
2006-05-22 CVE-2006-2519 Phpwcms Local File Include vulnerability in PHPwcms 1.2.5Dev

Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via ..

2.6
2006-05-22 CVE-2006-2518 Phpwcms Cross-Site Scripting vulnerability in PHPwcms 1.2.5Dev

Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php.

2.6
2006-05-26 CVE-2006-2612 Novell Local Security vulnerability in Novell Client 4.8/4.9

Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the "User Name" field on the login prompt.

2.1
2006-05-23 CVE-2006-2551 HP Local Denial of Service vulnerability in HP Hp-Ux 11.00

Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local users to cause an unspecified denial of service via unknown vectors.

2.1
2006-05-23 CVE-2006-2542 TI KAN Denial-Of-Service vulnerability in TI KAN Xmcd 2.6.17.1

xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb and /var/lib/xmcd/discog with world writable permissions, which allows local users to cause a denial of service (disk consumption).

2.1