Weekly Vulnerabilities Reports > May 29 to June 4, 2006

Overview

177 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 44 high severity vulnerabilities. This weekly summary report vulnerabilities in 123 products from 115 vendors including Mozilla, Secure Elements, Epic Designs, Geeklog, and Open Searchable Image Catalogue. Vulnerabilities are notably categorized as "Cross-site Scripting", "Code Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", and "NULL Pointer Dereference".

  • 171 reported vulnerabilities are remotely exploitables.
  • 16 reported vulnerabilities have public exploit available.
  • 11 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 169 reported vulnerabilities are exploitable by an anonymous user.
  • Mozilla has the most reported vulnerabilities, with 15 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-06-02 CVE-2006-2787 Mozilla Unspecified vulnerability in Mozilla Firefox and Thunderbird

EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox.

9.3
2006-06-02 CVE-2006-2780 Mozilla Code Injection vulnerability in Mozilla Firefox and Thunderbird

Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption.

9.3
2006-06-02 CVE-2006-2779 Mozilla Code Injection vulnerability in Mozilla Firefox and Thunderbird

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.

9.3

44 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-06-03 CVE-2006-2794 Aspsitem Remote Security vulnerability in Aspsitem 1.83

Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to read private messages of other users via a modified id parameter.

7.8
2006-05-31 CVE-2006-2698 Geeklog Input Validation vulnerability in Geeklog

Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to (1) layout/professional/functions.php or (2) getimage.php.

7.8
2006-05-31 CVE-2006-2690 EVA WEB Remote Security vulnerability in Eva-Web

An unspecified script in EVA-Web 2.1.2 and earlier, probably index.php, allows remote attackers to obtain the full path of the web server via invalid (1) perso or (2) aide parameters.

7.8
2006-05-30 CVE-2006-2659 Double Precision Incorporated Remote Denial Of Service vulnerability in Courier Mail Server Username Encoding

libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.

7.8
2006-06-01 CVE-2006-2439 Zipcentral Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Zipcentral

Stack-based buffer overflow in ZipCentral 4.01 allows remote user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename.

7.6
2006-06-03 CVE-2006-2801 Unak Input Validation vulnerability in Unak CMS

Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) u_a or (2) u_s parameters.

7.5
2006-06-03 CVE-2006-2797 Phpcommunitycalendar SQL-Injection vulnerability in PHPcommunitycalendar 4.0.3

Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) CalendarDetailsID parameter in (a) month.php, (b) day.php, and (c) delCalendar.php; (2) ID parameter in (d) event.php; (3) AdminUserID parameter in (e) delAdmin.php; (4) EventLocationID parameter in (f) delAddress.php; and (5) LocationID parameter in (g) delCategory.php.

7.5
2006-06-03 CVE-2006-2793 Aspsitem SQL-Injection vulnerability in Aspsitem 1.83

SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter.

7.5
2006-06-03 CVE-2006-2792 Woltlab SQL-Injection vulnerability in Woltlab Burning Board 2.3.4

SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) 2.3.4 allows remote attackers to execute arbitrary SQL commands via the sid parameter.

7.5
2006-06-02 CVE-2006-2788 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox

Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code.

7.5
2006-06-02 CVE-2006-2777 Mozilla Unspecified vulnerability in Mozilla Firefox and Seamonkey

Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context.

7.5
2006-06-02 CVE-2006-2776 Mozilla Unspecified vulnerability in Mozilla Firefox and Thunderbird

Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended.

7.5
2006-06-02 CVE-2006-2775 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Thunderbird

Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL.

7.5
2006-06-02 CVE-2006-2760 Warpspeed SQL Injection vulnerability in Warpspeed 4Nforum 0.91

SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter.

7.5
2006-06-01 CVE-2006-2753 Mysql
Oracle
SQL Injection vulnerability in MySQL Mysql_real_escape Function

SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.

7.5
2006-06-01 CVE-2006-2744 Facile Interactive WEB Remote File Include vulnerability in F@cile Interactive web 0.8.41/0.8.5

PHP remote file inclusion vulnerability in p-popupgallery.php in F@cile Interactive Web 0.8.41 through 0.8.5 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter.

7.5
2006-06-01 CVE-2006-2742 Drupal Input Validation vulnerability in Drupal

SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc.

7.5
2006-06-01 CVE-2006-2738 Open Xchange Unspecified vulnerability in Open-Xchange 0.8.1.6

The open source version of Open-Xchange 0.8.2 and earlier uses a static default username and password with a valid login shell in the initfile for the ldap-server, which allows remote attackers to access any server where the default has not been changed.

7.5
2006-06-01 CVE-2006-2737 Nukedit Unspecified vulnerability in Nukedit

utilities/register.asp in Nukedit 4.9.6 and earlier allows remote attackers to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action.

7.5
2006-06-01 CVE-2006-2732 Mini Nuke SQL Injection vulnerability in Mini-NUKE Your_Account.ASP

SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) yas_1, (2) yas_2, and (3) yas_3 parameters.

7.5
2006-06-01 CVE-2006-2731 Enigma Haber SQL Injection vulnerability in Enigma Haber Enigma Haber 4.2

Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) e_mesaj_yas.asp, (b) edi_haber.asp, and (c) haber_devam.asp; (2) hid parameter in (d) yazdir.asp and (e) yorum.asp, and the (3) e parameter in (f) arsiv.asp.

7.5
2006-06-01 CVE-2006-2727 Epic Designs Denial-Of-Service vulnerability in Epic Designs Eggblog 2.0/3.0

home/register.php in Eggblog before 3.0 allows remote attackers to change the password of administrators and possibly other users via a modified username parameter.

7.5
2006-06-01 CVE-2006-2726 Fastpublish Remote File Include vulnerability in Fastpublish CMS 1.6.9.D

PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d allows remote attackers to include arbitrary files via the config[fsBase] parameter in (1) drucken.php, (2) drucken2.php, (3) email_an_benutzer.php, (4) rechnung.php, (5) suche/search.php and (6) adminbereich/admin.php.

7.5
2006-06-01 CVE-2006-2722 OUT OF THE Trees WEB Design SQL Injection vulnerability in OUT of the Trees web Design Selectapix 1.4

SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2006-06-01 CVE-2006-2720 Variomat SQL-Injection vulnerability in Variomat

SQL injection vulnerability in news.php in VARIOMAT allows remote attackers to execute arbitrary SQL commands via the subcat parameter.

7.5
2006-05-31 CVE-2006-2716 Secure Elements Remote Security vulnerability in C5 Enterprise Vulnerability Management

Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 uses a hard-coded user ID and password, which allows remote attackers to gain access to the server.

7.5
2006-05-31 CVE-2006-2715 Secure Elements Remote Security vulnerability in C5 Enterprise Vulnerability Management

The Administration Console in Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 does not enforce access control, which allows remote attackers to gain access to servers via the console.

7.5
2006-05-31 CVE-2006-1515 Typespeed Remote Buffer Overflow vulnerability in Typespeed

Buffer overflow in the addnewword function in typespeed 0.4.4 and earlier might allow remote attackers to execute arbitrary code via unknown vectors.

7.5
2006-05-31 CVE-2006-2701 Geeklog SQL-Injection vulnerability in Geeklog (Extended Japanese Package)

SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to story submission.

7.5
2006-05-31 CVE-2006-2694 Scriptscenter Remote File Include vulnerability in Scriptscenter Ezupload PRO 2.10

Multiple PHP remote file inclusion vulnerabilities in EzUpload Pro 2.10 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) form.php, (2) customize.php, and (3) initialize.php.

7.5
2006-05-30 CVE-2006-2674 Tamber Forum SQL-Injection vulnerability in Tamber Forum

Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) frm_id parameter to (a) show_forum.asp, (2) a search field to (b) forum_search.asp, (3) Email address or (4) Password to (c) admin/index.asp, (5) frm_cat_id parameter to (d) browse_forum_cat.asp, or (6) Message Subject or (7) Message Text field to (e) post_message.asp.

7.5
2006-05-30 CVE-2006-2668 Docebolms Remote File Include vulnerability in Docebolms 2.0.5

Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) modules/credits/business.php, (2) modules/credits/credits.php, or (3) modules/credits/help.php.

7.5
2006-05-30 CVE-2006-2667 Wordpress Remote PHP Code Injection vulnerability in WordPress Username

Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument.

7.5
2006-05-30 CVE-2006-2666 V Webmail Remote File Include vulnerability in V-webmail

PHP remote file inclusion vulnerability in includes/mailaccess/pop3.php in V-Webmail 1.5 through 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter.

7.5
2006-05-30 CVE-2006-2665 V Webmail Remote File Include vulnerability in V-webmail

PHP remote file inclusion vulnerability in includes/mailaccess/pop3/core.php in V-Webmail 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter.

7.5
2006-05-30 CVE-2006-2656 Libtiff Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libtiff

Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename.

7.5
2006-05-30 CVE-2006-2650 Cosmicphp Input Validation vulnerability in CosmicShoppingCart

SQL injection vulnerability in cosmicshop/search.php in CosmicShoppingCart allows remote attackers to execute arbitrary SQL commands via the max parameter.

7.5
2006-05-30 CVE-2006-2646 ALT N Remote Pre-Authentication IMAP Buffer Overflow vulnerability in Alt-N MDaemon

Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' (double quote).

7.5
2006-05-30 CVE-2006-2645 Plume CMS Code Injection vulnerability in Plume-Cms Plume CMS 1.0.3

PHP remote file inclusion vulnerability in manager/frontinc/prepend.php for Plume 1.0.3 allows remote attackers to execute arbitrary code via a URL in the _PX_config[manager_path] parameter.

7.5
2006-05-30 CVE-2006-2636 Katy Whitton Improper Authentication vulnerability in Katy Whitton Newscmslite

newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to bypass authentication and gain administrative access by setting the loggedIn cookie to "xY1zZoPQ".

7.5
2006-06-02 CVE-2006-2790 SUN Local Privilege Escalation vulnerability in SUN Storage Automated Diagnostic Environment 2.4

A package component in Sun Storage Automated Diagnostic Environment (StorADE) 2.4 uses world-writable permissions for certain critical files and directories, which allows local users to gain privileges.

7.2
2006-05-31 CVE-2006-2679 Cisco Local Privilege Escalation vulnerability in Cisco VPN Client

Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265.

7.2
2006-05-30 CVE-2006-2647 IBM Local Privilege Escalation vulnerability in IBM AIX 5.1/5.2/5.3

Untrusted search path vulnerability in update_flash for IBM AIX 5.1, 5.2 and 5.3 allows local users to execute arbitrary commands via unknown vectors involving lsmcode and possibly other commands.

7.2
2006-05-31 CVE-2006-2693 Nivisec Information Disclosure vulnerability in Nivisec Hacks List

Directory traversal vulnerability in admin/admin_hacks_list.php in Nivisec Hacks List 1.20 and earlier for phpBB, when register_globals is enabled, allows remote attackers to read arbitrary files via a ".." in the phpEx parameter.

7.1

119 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-06-03 CVE-2006-2804 Goss HTML Injection vulnerability in Goss ICM CMS

Cross-site scripting (XSS) vulnerability in index.cfm in Goss Intelligent Content Management (iCM) 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.

6.8
2006-06-03 CVE-2006-2803 Deltascripts Cross-Site Scripting vulnerability in Deltascripts PHP Manualmaker 1.0

Multiple cross-site scripting (XSS) vulnerabilities in PHP ManualMaker 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) id parameter to index.php, (2) search field (possibly the s parameter), or (3) comment field.

6.8
2006-06-03 CVE-2006-2800 Unak Cross-Site Scripting vulnerability in Unak CMS

Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u_a or (2) u_s parameters.

6.8
2006-06-03 CVE-2006-2799 Toenda Software Development Cross-Site Scripting vulnerability in ToendaCMS

Cross-site scripting (XSS) vulnerability in content_footer.php in toendaCMS 0.7.0 allows remote attackers to inject arbitrary web scripts or HTML via the print_url variable.

6.8
2006-06-03 CVE-2006-2798 Phpcommunitycalendar Cross-Site Scripting vulnerability in PHPcommunitycalendar 4.0.3

Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) LoName parameter in (a) week.php and (b) month.php and (2) AddressLink parameter in (c) event.php.

6.8
2006-06-03 CVE-2006-2796 NEW Place Cross-Site Scripting vulnerability in New-Place Captivate 1.0

Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message.

6.8
2006-06-03 CVE-2006-2795 Xiti Cross-Site Scripting vulnerability in XiTi Tracking Script Xiti.JS

Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking Script 6 and 7 RC allow remote attackers to inject arbitrary web script or HTML via (1) the xtref parameter in xiti.js and (2) an HTTP Referer header field.

6.8
2006-06-02 CVE-2006-2774 Qontentone Cross-Site Scripting vulnerability in QontentOne CMS

Cross-site scripting (XSS) vulnerability in search.php in QontentOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_phrase parameter.

6.8
2006-06-02 CVE-2006-2772 Hogstorps HTML Injection vulnerability in Hogstorps Hogstorp Guestbook 2.0

Cross-site scripting (XSS) vulnerability in add.asp in Hogstorps hogstorp guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) headline parameters.

6.8
2006-06-01 CVE-2006-2746 Facile Interactive WEB Cross-Site Scripting vulnerability in Facile Interactive web Facile Interactive web 0.8.41

Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao.

6.8
2006-06-01 CVE-2006-2741 Epic Designs Input Validation vulnerability in tinyBB

Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 allow remote attackers to inject arbitrary web script or HTML via the q parameter in forgot.php, which is echoed in an error message, and other unspecified vectors.

6.8
2006-06-01 CVE-2006-2740 Epic Designs Input Validation vulnerability in tinyBB

Multiple SQL injection vulnerabilities in Epicdesigns tinyBB 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) q parameter in (a) forgot.php, and the (2) username and (3) password parameters in (b) login.php, and other unspecified vectors.

6.8
2006-06-01 CVE-2006-2724 Punbb Cross-Site Scripting vulnerability in Punbb 1.2.11

Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227.

6.8
2006-06-01 CVE-2006-2721 Variomat Cross-Site Scripting vulnerability in Variomat

Cross-site scripting (XSS) vulnerability in news.php in VARIOMAT allows remote attackers to inject arbitrary HTML or web script via the subcat parameter.

6.8
2006-05-31 CVE-2006-2699 Geeklog Input Validation vulnerability in Geeklog

Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action.

6.8
2006-05-31 CVE-2006-2696 Easy Content Forums Cross-Site Scripting vulnerability in Easy-Content Forums Easy-Content Forums 1.0

Cross-site scripting (XSS) vulnerabilities in Easy-Content Forums 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) startletter parameter in userview.asp and the (2) catid parameter in topics.asp.

6.8
2006-05-31 CVE-2006-2689 EVA WEB Cross-Site Scripting vulnerability in EVA-Web

Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) debut_image parameter in (a) article-album.php3, (2) date parameter in (b) rubrique.php3, and the (3) perso and (4) aide parameters to (c) an unknown script, probably index.php.

6.8
2006-05-31 CVE-2006-2681 Socketmail Code Injection vulnerability in Socketmail 2.2.6

PHP remote file inclusion vulnerability in SocketMail Lite and Pro 2.2.6 and earlier, when register_globals and magic_quotes are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) index.php and (2) inc-common.php.

6.8
2006-05-30 CVE-2006-2673 E Board HTML Injection vulnerability in E-Board Elite-Board 1.1

Cross-site scripting (XSS) vulnerability in search.html in Bulletin Board Elite-Board (E-Board) 1.1 allows remote attackers to inject arbitrary web script or HTML via the search box.

6.8
2006-05-30 CVE-2006-2672 Interquest Internet Services Cross-Site Scripting vulnerability in Realty Pro One

Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One allow remote attackers to inject arbitrary web script or HTML via the (1) listingid parameter to (a) images.php, (b) index_other.php, or (c) request_info.php; (2) propertyid parameter to (d) searchlookup.php, (3) id parameter to (e) images.php, or (4) agentid parameter to (f) request_info.php.

6.8
2006-05-30 CVE-2006-2652 Wikini HTML Injection vulnerability in WikiNi

Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier allows remote attackers to inject arbitrary HTML and web script by editing a Wiki page to contain the script.

6.8
2006-05-30 CVE-2006-2649 Cosmicphp Cross-Site Scripting vulnerability in Cosmicphp Cosmicshoppingcart

Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, (b) search_cat.php, (c) search_price.php, and (d) product_details.php in the cosmicshop directory for CosmicShoppingCart allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, as demonstrated by the (1) query parameter in search.php and the (2) data parameter in search_cat.php.

6.8
2006-06-01 CVE-2006-2718 Jiwa Remote Security vulnerability in Jiwa Financials 6.4.14

JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrated by using a stored procedure that provides the username and cleartext password of every account.

6.5
2006-06-02 CVE-2006-2781 Mozilla Buffer Errors vulnerability in Mozilla Seamonkey and Thunderbird

Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters.

6.4
2006-06-02 CVE-2006-2773 Hogstorps Remote Security vulnerability in Hogstorps Hogstorp Guestbook 2.0

admin/redigera/redigera2.asp in Hogstorps hogstorp Guestbook 2.0 does not verify user credentials, which allows remote attackers to edit arbitrary posts via unspecified vectors.

6.4
2006-06-02 CVE-2006-2771 Hogstorps Unspecified vulnerability in Hogstorps Hogstorp Guestbook 2.0

admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not verify user credentials, which allows remote attackers to delete arbitrary posts via a modified delID parameter.

6.4
2006-06-02 CVE-2006-2763 PRE Projects SQL-Injection vulnerability in PRE Projects PRE News Manager 1.0

SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php.

6.4
2006-06-02 CVE-2006-2762 Webcalendar Information Disclosure vulnerability in Webcalendar 1.0.3

PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a user_inc setting that is used in an include_once call.

6.4
2006-06-02 CVE-2006-2761 Hitachi SQL Injection vulnerability in Hitachi Hitsenser3

SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, HITSENSER3/PUP, HITSENSER3/STP, and HITSENSER3/EUP allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.

6.4
2006-06-02 CVE-2006-2655 Freebsd Unspecified vulnerability in Freebsd

The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally disables access restrictions when using the /var/yp/securenets file, which allows remote attackers to bypass intended access restrictions.

6.4
2006-06-02 CVE-2006-2654 Freebsd Unspecified vulnerability in Freebsd

Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to 6.1 allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences.

6.4
2006-06-01 CVE-2006-2752 Suse Remote Security vulnerability in Suse Linux 9.0

The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux Desktop 9 and SUSE SLES 9 has world-readable permissions, which allows attackers to obtain the rc (RedCarpet) password.

6.4
2006-06-01 CVE-2006-2749 Open Searchable Image Catalogue Input Validation vulnerability in Open Searchable Image Catalogue

SQL injection vulnerability in search.php in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the (1) txtCustomField and (2) CustomFieldID array parameters.

6.4
2006-06-01 CVE-2006-2748 Open Searchable Image Catalogue Input Validation vulnerability in Open Searchable Image Catalogue

SQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the (1) type parameter in adminfunctions.php and the (2) catalogue_id parameter in editcatalogue.php.

6.4
2006-06-01 CVE-2006-2725 Epic Designs SQL Injection vulnerability in eggBlog Posts.PHP

SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 allows remote attackers to execute arbitrary SQL commands via the id parameter.

6.4
2006-05-31 CVE-2006-2697 Easy Content Forums SQL-Injection vulnerability in Easy-Content Forums Easy-Content Forums 1.0

Multiple SQL injection vulnerabilities in Easy-Content Forums 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) startletter parameter in userview.asp and the (2) forumname parameter in topics.asp.

6.4
2006-05-31 CVE-2006-2688 Achievo SQL Injection vulnerability in Achievo 1.1.0/1.2.0

SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter.

6.4
2006-05-31 CVE-2006-2686 Actionapps Code Injection vulnerability in Actionapps 2.8.1

PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[AA_INC_PATH] parameter in (1) cached.php3, (2) cron.php3, (3) discussion.php3, (4) filldisc.php3, (5) filler.php3, (6) fillform.php3, (7) go.php3, (8) hiercons.php3, (9) jsview.php3, (10) live_checkbox.php3, (11) offline.php3, (12) post2shtml.php3, (13) search.php3, (14) slice.php3, (15) sql_update.php3, (16) view.php3, (17) multiple files in the (18) admin/ folder, (19) includes folder, and (20) modules/ folder.

6.4
2006-05-31 CVE-2006-2683 Open Medium Remote Security vulnerability in Open-Medium CMS 0.25

PHP remote file inclusion vulnerability in 404.php in open-medium.CMS 0.25 allows remote attackers to execute arbitrary PHP code via a URL in the REDSYS[MYPATH][TEMPLATES] parameter.

6.4
2006-05-31 CVE-2006-2682 Back END Remote Security vulnerability in Back-End CMS 0.7.2.1

PHP remote file inclusion vulnerability in BE_config.php in Back-End CMS 0.7.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _PSL[classdir] parameter.

6.4
2006-05-30 CVE-2006-2638 Qjstudios SQL Injection vulnerability in QJForum Member.ASP

SQL injection vulnerability in member.asp in qjForum allows remote attackers to execute arbitrary SQL commands via the uName parameter.

6.4
2006-05-31 CVE-2006-2684 Hotwebscripts HTML Injection vulnerability in Hotwebscripts CMS Mundo 1.0

Cross-site scripting (XSS) vulnerability in the search module in CMS Mundo 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.

5.8
2006-05-31 CVE-2006-2680 Php4Script Cross-Site Scripting vulnerability in AZ Photo Album Script Pro

Cross-site scripting (XSS) vulnerability in index.php in AZ Photo Album Script Pro allows remote attackers to inject arbitrary web script or HTML via the gazpart parameter.

5.8
2006-05-31 CVE-2006-2678 PRE Projects Cross-Site Scripting vulnerability in PRE Projects PRE News Manager 1.0

Multiple cross-site scripting (XSS) vulnerabilities in Pre News Manager 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php.

5.8
2006-05-30 CVE-2006-2670 Calendarscripts COM Cross-Site Scripting vulnerability in Calendarscripts.Com Chatpat 1.0

Multiple cross-site scripting (XSS) vulnerabilities in ChatPat 1.0 allow remote attackers to inject arbitrary web script or HTML via a chat message in (1) fastchat.php and (2) fastshow.php.

5.8
2006-05-30 CVE-2006-2664 Ifdate COM HTML Injection vulnerability in Ifdate.Com Ifdate 1.2

Cross-site scripting (XSS) vulnerability in iFdate 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) password fields, or certain other input text boxes.

5.8
2006-05-30 CVE-2006-2641 John Frank HTML Injection vulnerability in John Frank Asset Manager 2.4A

** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details.

5.8
2006-05-30 CVE-2006-2640 Omegasoft Cross-Site Scripting vulnerability in Interneserviceslosungen

Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allows remote attackers to inject arbitrary web script or HTML via the WCE parameter.

5.8
2006-06-02 CVE-2006-2308 Etype Input Validation vulnerability in Etype Eserv 3.0/3.25

Directory traversal vulnerability in the IMAP service in EServ/3 3.25 allows remote authenticated users to read other user's email messages, create/rename arbitrary directories on the system, and delete empty directories via directory traversal sequences in the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY or (6) APPEND commands.

5.5
2006-06-02 CVE-2006-2770 Pppblog Directory Traversal vulnerability in PPPBlog

Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a ..

5.4
2006-06-02 CVE-2006-2784 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox

The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs.

5.1
2006-06-02 CVE-2006-2768 IPW Systems Remote File Include vulnerability in IPW Systems Metajour 2.1

PHP remote file inclusion vulnerability in METAjour 2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) system_path parameter in a large number of files in the (a) app/edocument/, (b) app/eproject/, (c) app/erek/, and (d) extension/ directories, and the (2) GLOBALS[system_path] parameter in (e) extension/sitemap/sitemap.datatype.php.

5.1
2006-06-02 CVE-2006-2767 Ottoman Code Injection vulnerability in Ottoman 1.1.2

PHP remote file inclusion vulnerability in Ottoman 1.1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the default_path parameter in (1) error.php, (2) index.php, and (3) classes/main_class.php.

5.1
2006-06-01 CVE-2006-2747 Fredi Bach Local File Include vulnerability in PHPMyDesktop Arcade

Directory traversal vulnerability in index.php in PhpMyDesktop|arcade 1.0 FINAL allows remote attackers to read arbitrary files or execute PHP code via a ..

5.1
2006-06-01 CVE-2006-2745 Facile Interactive WEB Remote File Include vulnerability in Facile Interactive web Facile Interactive web 0.8.41

Multiple PHP remote file inclusion vulnerabilities in F@cile Interactive Web 0.8.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) pathfile parameter in (a) p-editpage.php and (b) p-editbox.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao.

5.1
2006-06-01 CVE-2006-2743 Drupal Input Validation vulnerability in Drupal

Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.

5.1
2006-06-01 CVE-2006-2739 Epic Designs Input Validation vulnerability in tinyBB

PHP remote file inclusion vulnerability in footers.php in Epicdesigns tinyBB 0.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the tinybb_footers parameter.

5.1
2006-06-01 CVE-2006-2736 Phpbb Portal Remote File Include vulnerability in PHPbb-Portal Blend Portal 1.2.0

PHP remote file inclusion vulnerability in blend_data/blend_common.php in Blend Portal 1.2.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

5.1
2006-06-01 CVE-2006-2735 Activity MOD Plus Remote Security vulnerability in Activity MOD Plus Activity MOD Plus 1.1.0

PHP remote file inclusion vulnerability in language/lang_english/lang_activity.php in Activity MOD Plus (Amod) 1.1.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

5.1
2006-06-01 CVE-2006-2730 HOT Open Tickets Remote File Include vulnerability in HOT Open Tickets HOT Open Tickets 2F20041101

PHP remote file inclusion vulnerability in admin/lib_action_step.php in Hot Open Tickets (HOT) 11012004_ver2f, when register_globals is enabled, allows remote attackers to include arbitrary files via the GLOBALS[CLASS_PATH] parameter.

5.1
2006-05-31 CVE-2006-2700 Geeklog Input Validation vulnerability in Geeklog

SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the loginname parameter.

5.1
2006-05-31 CVE-2006-2695 Dgnews Remote Security vulnerability in Dgnews

admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory.

5.1
2006-05-30 CVE-2006-2675 Ubbcentral Remote Security vulnerability in UBB.threads

PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads 5.x and 6.x allows remote attackers to execute arbitrary PHP code via a URL in the (1) thispath or (2) configdir parameters.

5.1
2006-06-03 CVE-2006-2805 Jelsoft SQL Injection vulnerability in Jelsoft Vbulletin 3.0.10

SQL injection vulnerability in VBulletin 3.0.10 allows remote attackers to execute arbitrary SQL commands via the featureid parameter.

5.0
2006-06-03 CVE-2006-2802 Xine Buffer Overflow vulnerability in Xine-Lib HTTP Response

Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.

5.0
2006-06-03 CVE-2006-2791 NET ART Media Directory Traversal vulnerability in Iboutique.Mall

Directory traversal vulnerability in index.php in iBoutique.MALL and possibly iBoutique allows remote attackers to read arbitrary files via ".." sequences in the function parameter.

5.0
2006-06-02 CVE-2006-2778 Mozilla Unspecified vulnerability in Mozilla Firefox and Thunderbird

The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.

5.0
2006-06-02 CVE-2006-2769 Sourcefire Permissions, Privileges, and Access Controls vulnerability in Sourcefire Snort

The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass "uricontent" rules via a carriage return (\r) after the URL and before the HTTP declaration.

5.0
2006-06-02 CVE-2006-2759 Jetty Remote Security vulnerability in Jetty 6.0Beta16

jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations.

5.0
2006-06-02 CVE-2006-2758 Jetty Path Traversal vulnerability in Jetty 6.0

Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL.

5.0
2006-06-02 CVE-2006-2756 Eitsop Remote Denial of Service vulnerability in Eitsop MY web Server 1.0

Eitsop My Web Server 1.0 allows remote attackers to cause a denial of service (application crash) via a long GET request.

5.0
2006-06-01 CVE-2006-2754 Openldap Remote Security vulnerability in OpenLDAP

Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname.

5.0
2006-06-01 CVE-2006-2734 Mini Nuke Remote Security vulnerability in Mini-Nuke

enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote attackers to conduct password guessing attacks by setting the guvenlik parameter to the same value as the hidden gguvenlik parameter, which bypasses a verification step because the gguvenlik parameter is assumed to be immutable by the attacker.

5.0
2006-06-01 CVE-2006-2733 Mini Nuke Remote Security vulnerability in Mini-Nuke

membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security codes, which allows remote attackers to register multiple times via automated scripts.

5.0
2006-06-01 CVE-2006-2703 Suse Man In The Middle vulnerability in Suse Linux 9.0

The RedCarpet command-line client (rug) does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle (MITM) attack.

5.0
2006-06-01 CVE-2006-2723 Mozilla Denial of Service vulnerability in Mozilla Firefox 2.0

Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags.

5.0
2006-05-31 CVE-2006-2714 Secure Elements Remote Security vulnerability in C5 Enterprise Vulnerability Management

Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 does not validate the CEID of an incoming message, which allows remote attackers to send messages to a protected asset without knowing the proper CEID.

5.0
2006-05-31 CVE-2006-2713 Secure Elements Remote Security vulnerability in C5 Enterprise Vulnerability Management

Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 generates predictable CEIDs, which allows remote attackers to determine the CEID of a protected asset, which can be used in other attacks against AVR.

5.0
2006-05-31 CVE-2006-2712 Secure Elements Remote Security vulnerability in Secure Elements Class 5 Enterprise vulnerability Management 2.8.0

Secure Elements Class 5 AVR (aka C5 EVM) client and server before 2.8.1 do not verify the integrity of a message digest, which allows remote attackers to modify and replay messages.

5.0
2006-05-31 CVE-2006-2711 Secure Elements Information Disclosure vulnerability in Secure Elements Class 5 Enterprise vulnerability Management 2.8.0

Secure Elements Class 5 AVR (aka C5 EVM) 2.8.1 and earlier, and possibly later 2.8.x releases, uses the same initialization vector and key for each message session, which allows remote attackers to obtain potentially sensitive information about messages.

5.0
2006-05-31 CVE-2006-2710 Secure Elements Remote Security vulnerability in Secure Elements Class 5 Enterprise vulnerability Management 2.8.0

Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 uses the same invariant RSA key for all installations, which allows remote attackers with the key to decrypt communications.

5.0
2006-05-31 CVE-2006-2709 Secure Elements Remote Security vulnerability in Secure Elements Class 5 Enterprise vulnerability Management 2.8.0

Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 do not validate the source address of a message, which allows remote attackers to (1) execute arbitrary code on a client or (2) forge messages to the server.

5.0
2006-05-31 CVE-2006-2708 Secure Elements Remote Security vulnerability in Secure Elements Class 5 Enterprise vulnerability Management 2.8.0

Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 allows remote attackers to read portions of process memory via a modified size for (1) EM_GET_CE_PARAMETER and (2) EM_SET_CE_PARAMETER messages, which leads to a buffer overflow (probably an over-read).

5.0
2006-05-31 CVE-2006-2707 Secure Elements Remote Security vulnerability in Secure Elements Class 5 Enterprise vulnerability Management 2.8.0

Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not validate the peer certificate when obtaining an update, which could allow remote attackers to distribute malicious updates to clients.

5.0
2006-05-31 CVE-2006-2706 Secure Elements Denial-Of-Service vulnerability in Class 5 Enterprise Vulnerability Management

Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows remote attackers to cause a denial of service via forged "session start" messages that cause AVR to connect to arbitrary hosts.

5.0
2006-05-31 CVE-2006-2705 Secure Elements Denial-Of-Service vulnerability in Secure Elements C5 Enterprise vulnerability Management 2.8.0

Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows remote attackers to cause an unspecified denial of service via a large number of forged client registration messages.

5.0
2006-05-31 CVE-2006-2704 Secure Elements Remote Security vulnerability in Secure Elements C5 Enterprise vulnerability Management 2.8.0

Secure Elements Class 5 AVR server and client (aka C5 EVM) before 2.8.1 send messages in cleartext, which allows remote attackers to read sensitive vulnerability information.

5.0
2006-05-31 CVE-2006-2702 Wordpress Remote Security vulnerability in Wordpress 2.0.2

vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR'].

5.0
2006-05-31 CVE-2006-2692 Amule Remote Information Disclosure vulnerability in aMule

Multiple unspecified vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to read arbitrary image, HTML, or PHP files via unknown vectors, probably related to directory traversal.

5.0
2006-05-31 CVE-2006-2691 Amule Remote Information Disclosure vulnerability in aMule

Unspecified "information leakage" vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to access arbitrary images, including dynamically generated images, via unknown vectors.

5.0
2006-05-31 CVE-2006-2677 Sitescape Remote Security vulnerability in Sitescape Forum 7.2

SiteScape Forum 7.2 and possibly earlier stores the avf.rc configuraiton file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive path information.

5.0
2006-05-31 CVE-2006-2676 Sitescape Remote Security vulnerability in Sitescape Forum 7.2

Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly earlier generates different responses in a way that allows remote attackers to enumerate valid usernames.

5.0
2006-05-30 CVE-2006-2671 Calendarscripts COM SQL-Injection vulnerability in Calendarscripts.Com Chatpat 1.0

SQL injection vulnerability in ChatPat 1.0 allows remote attackers to execute arbitrary SQL commands via the nickname field.

5.0
2006-05-30 CVE-2006-2661 Freetype
Debian
Canonical
Null Pointer Dereference vulnerability in multiple products

ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference.

5.0
2006-06-01 CVE-2006-2719 Jiwa Local Security vulnerability in Financials

JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HR_Staff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application's SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords.

4.9
2006-05-31 CVE-2006-2687 Agtc Websolutions HTML Injection vulnerability in Agtc Websolutions PHP-Agtc Membership System 1.1A

Cross-site scripting (XSS) vulnerability in adduser.php in PHP-AGTC Membership System 1.1a and earlier allows remote attackers to inject arbitrary web script or HTML via the email address (useremail parameter).

4.9
2006-06-02 CVE-2006-2662 Vmware Unspecified vulnerability in VMWare Server 1.0.1Build29996

VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges.

4.6
2006-06-02 CVE-2006-2785 Mozilla Unspecified vulnerability in Mozilla Firefox

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL.

4.3
2006-06-02 CVE-2006-2783 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox and Thunderbird

Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT.

4.3
2006-06-02 CVE-2006-2782 Mozilla Improper Input Validation vulnerability in Mozilla Firefox and Seamonkey

Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control.

4.3
2006-06-02 CVE-2006-2764 Xander Ladage Cross-Site Scripting vulnerability in Xander Ladage Guestbookxl 1.3

Cross-site scripting (XSS) vulnerability in GuestbookXL 1.3 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an IMG tag in a comment field to (1) guestwrite.php or (2) guestbook.php.

4.3
2006-06-02 CVE-2006-2757 Chipmunk Scripts Cross-Site Scripting vulnerability in Chipmunk Guestbook

Cross-site scripting (XSS) vulnerability in Chipmunk guestbook allows remote attackers to inject arbitrary web script or HTML via the (1) start parameter in (a) index.php; (2) forumID parameter in index.php, (b) newtopic.php, and (c) reply.php; and (3) ID parameter to (d) edit.php.

4.3
2006-06-02 CVE-2006-2755 Ubbcentral Cross-Site Scripting vulnerability in UBBThreads

Cross-site scripting (XSS) vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords.

4.3
2006-06-01 CVE-2006-2751 Open Searchable Image Catalogue Cross-Site Scripting vulnerability in Open Searchable Image Catalogue

Cross-site scripting (XSS) vulnerability in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary web scripts or HTML via the item_list parameter in search.php.

4.3
2006-06-01 CVE-2006-2750 Open Searchable Image Catalogue Input Validation vulnerability in Open Searchable Image Catalogue

Cross-site scripting (XSS) vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message.

4.3
2006-05-30 CVE-2006-2669 Preprojects COM Cross-Site Scripting vulnerability in Preprojects.Com PRE Shopping Mall 1.0

Multiple cross-site scripting (XSS) vulnerabilities in Pre Shopping Mall 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter in search.php (the "search box"), (2) the prodid parameter in detail.php, and the (3) cid parameter in products.php.

4.3
2006-05-30 CVE-2006-2663 Ifusionservices Cross-Site Scripting vulnerability in Ifusionservices Iflance 1.1

Multiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 allow remote attackers to inject arbitrary web script or HTML via certain inputs to (1) acc_verify.php or (2) project.php.

4.3
2006-05-30 CVE-2006-2643 Circle R Cross-Site Scripting vulnerability in Circle R Monster TOP List 1.4

Cross-site scripting (XSS) vulnerability in index.php in Monster Top List (MTL) 1.4 allows remote attackers to inject arbitrary web script or HTML via the user_error_message parameter.

4.3
2006-05-30 CVE-2006-2642 PHP Residence HTML Injection vulnerability in PHP-Residence 0.6

** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details.

4.3
2006-05-30 CVE-2006-2639 Phpsimplechoose Cross-Site Scripting vulnerability in PHPsimplechoose 0.3

Cross-site scripting (XSS) vulnerability in the input forms in prattmic and Master5006 PHPSimpleChoose 0.3 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element.

4.3
2006-05-30 CVE-2006-2637 Tuttophp Products View.PHP Cross-Site Scripting vulnerability in Tuttophp Morris Guestbook, Pretty Guestbook and Smile Guestbook

Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) Morris Guestbook 1, (2) Pretty Guestbook 1, and (3) Smile Guestbook 1 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the pagina parameter.

4.3
2006-05-30 CVE-2006-2635 Tiki Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware

Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "<scr<script>ipt>" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php; and allow remote authenticated users with admin privileges to inject arbitrary web script or HTML via (8) an unspecified field in a metatags action in (e) tiki-admin.php, the (9) offset parameter in (f) tiki-admin_rssmodules.php, the (10) offset and (11) max parameters in (g) tiki-syslog.php, the (12) numrows parameter in (h) tiki-adminusers.php, (13) an unspecified field in (i) tiki-adminusers.php, (14) an unspecified field in (j) tiki-admin_hotwords.php, unspecified fields in (15) "Assign new module" and (16) "Create new user module" in (k) tiki-admin_modules.php, (17) an unspecified field in "Add notification" in (l) tiki-admin_notifications.php, (18) the offset parameter in (m) tiki-admin_notifications.php, the (19) Name and (20) Dsn fields in (o) tiki-admin_dsn.php, the (21) offset parameter in (p) tiki-admin_content_templates.php, (22) an unspecified field in "Create new template" in (q) tiki-admin_content_templates.php, and the (23) offset parameter in (r) tiki-admin_chat.php.

4.3
2006-05-30 CVE-2006-2634 Neocrome HTML Injection vulnerability in Neocrome Seditio 102

Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under (LDU) in Neocrome Seditio 102 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer field.

4.3
2006-06-02 CVE-2006-2309 Etype Input Validation vulnerability in Etype Eserv 3.0/3.25

The HTTP service in EServ/3 3.25 allows remote attackers to obtain sensitive information via crafted HTTP requests containing dot, space, and slash characters, which reveals the source code of script files.

4.0
2006-05-31 CVE-2006-2717 Secure Elements Directory Traversal vulnerability in C5 Enterprise Vulnerability Management

Unspecified vulnerability in Secure Elements Class 5 AVR client and server (aka C5 EVM) before 2.8.1 allows authenticated attackers to overwrite arbitrary files (1) on a server during an update or (2) on a client via modified pathnames, possibly due to a directory traversal issue.

4.0
2006-05-31 CVE-2006-2685 Kevin Johnson Code Injection vulnerability in Kevin Johnson Basic Analysis and Security Engine

PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.php, (2) base_stat_common.php, and (3) includes/base_include.inc.php.

4.0
2006-05-31 CVE-2006-1175 Weonlydo Remote Arbitrary File Access vulnerability in WeOnlyDo SFTP ActiveX Control

The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for scripting, which allows remote attackers to read and write files in arbitrary locations by accessing the control from a web page.

4.0
2006-05-30 CVE-2006-2644 Awstats Remote Arbitrary Command Execution vulnerability in Awstats 6.41/6.5/6.51

AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive.

4.0
2006-05-30 CVE-2006-2633 Andrew Godwin Unspecified vulnerability in Andrew Godwin Bytehoard

Absolute path traversal vulnerability in the copy action in index.php in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to create or overwrite files in other users' directories by specifying the absolute path of the directory in the infolder parameter and simultaneously specifying the filename in the filepath parameter.

4.0

11 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-05-30 CVE-2006-2632 Andrew Godwin HTML Injection vulnerability in ByteHoard

Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via file descriptions.

3.5
2006-06-02 CVE-2006-2789 Gnome Denial Of Service vulnerability in GNOME Evolution Email Attachment

Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used.

2.6
2006-06-02 CVE-2006-2786 Mozilla Unspecified vulnerability in Mozilla Firefox and Thunderbird

HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.

2.6
2006-06-02 CVE-2006-2766 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.

2.6
2006-06-02 CVE-2006-2765 Interlink Advantage Cross-Site Scripting vulnerability in Interlink Advantage

Cross-site scripting (XSS) vulnerability in news_information.php in Interlink Advantage allows remote attackers to inject arbitrary web script or HTML via the flag parameter.

2.6
2006-06-01 CVE-2006-2729 JAN Chmelik Cross-Site Scripting vulnerability in JAN Chmelik Photoalbum Bandw 1.3

Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the gal parameter.

2.6
2006-06-01 CVE-2006-2728 JAN Chmelik Cross-Site Scripting vulnerability in JAN Chmelik Photoalbum Bandw 1.3

Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the pic parameter.

2.6
2006-05-30 CVE-2006-2653 D Link Cross-Site Scripting vulnerability in D-Link Airspot DSA-3100 Gateway Login_error.SHTML

Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter.

2.6
2006-05-30 CVE-2006-2651 Vacation Rentals Cross-Site Scripting vulnerability in Vacation Rentals Vacation Rental Script 1.0

Cross-site scripting (XSS) vulnerability in index.php in Vacation Rental Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the obj parameter.

2.6
2006-05-30 CVE-2006-2648 Aspbb Cross-Site Scripting vulnerability in ASPBB Perform_search.ASP

Cross-site scripting (XSS) vulnerability in perform_search.asp for ASPBB 0.52 and earlier allows remote attackers to inject arbitrary HTML or web script via the search parameter.

2.6
2006-05-29 CVE-2006-2563 PHP Unspecified vulnerability in PHP 4.4.2/5.1.4

The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters.

2.1