Weekly Vulnerabilities Reports > June 5 to 11, 2006

Overview

119 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 48 high severity vulnerabilities. This weekly summary report vulnerabilities in 113 products from 99 vendors including Particle Soft, Drupal, Pixelpost, Redaxo, and Microsoft. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Improper Input Validation", "Code Injection", and "Resource Management Errors".

  • 115 reported vulnerabilities are remotely exploitables.
  • 18 reported vulnerabilities have public exploit available.
  • 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 117 reported vulnerabilities are exploitable by an anonymous user.
  • Particle Soft has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Alwil has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

2 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-06-06 CVE-2006-2869 Alwil Unspecified vulnerability in Avast! Antivirus CHM Unpacker

Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 has unknown impact and remote attack vectors.

10.0
2006-06-05 CVE-2006-2807 Aspwebsoft Authentication Bypass vulnerability in Speedy Asp Discussion Forum

ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to change the password of any account via a modified account id and possibly arbitrary values of the name, email, country, password, and passwordre parameters to profileupdate.asp.

10.0

48 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-06-09 CVE-2006-2919 Microsoft Remote Memory Corruption Denial of Service vulnerability in Microsoft Netmeeting 3.01

Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via crafted inputs that trigger memory corruption.

7.8
2006-06-05 CVE-2006-2813 Ishopcart Directory Traversal vulnerability in IShopCart Easy-Scart.CGI

Directory traversal vulnerability in easy-scart.cgi in iShopCart allows remote attackers to read arbitrary files via a ..

7.8
2006-06-05 CVE-2006-2806 Apache Denial Of Service vulnerability in Apache James 2.2.0

The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.

7.8
2006-06-06 CVE-2006-2838 F Secure Denial-Of-Service vulnerability in F-Secure Anti-Virus and Internet Gatekeeper

Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors.

7.6
2006-06-09 CVE-2006-2926 Qbik Remote HTTP Request Buffer Overflow vulnerability in Qbik Wingate 6.1.1.1077

Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request.

7.5
2006-06-09 CVE-2006-2912 OUT OF THE Trees WEB Design Input Validation vulnerability in OUT of the Trees web Design Selectapix 1.31

Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the (1) albumID parameter to (a) view_album.php or (b) index.php, (2) imageID parameter to (c) popup.php, or (3) username and (4) password parameters to (d) admin/member.php.

7.5
2006-06-08 CVE-2006-2193 Libtiff Remote Buffer Overflow vulnerability in LibTIFF tiff2pdf

Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call.

7.5
2006-06-08 CVE-2006-2904 Particle Soft SQL Injection vulnerability in Particle Soft Particle Links 1.2.2

SQL injection vulnerability in index.php in Partial Links 1.2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter.

7.5
2006-06-07 CVE-2006-2898 Digium Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Digium Asterisk

The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check.

7.5
2006-06-07 CVE-2006-2888 Wikiwig Remote File Include vulnerability in Wikiwig 4.0/4.1

PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WK[wkPath] parameter.

7.5
2006-06-07 CVE-2006-2887 Aspburst SQL Injection vulnerability in Aspburst Mynewsletter 1.1.2

Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the UserName parameter in (1) validatelogin.asp or (2) adminlogin.asp.

7.5
2006-06-07 CVE-2006-2884 KKE Info Media Input Validation vulnerability in KKE Info Media Kmita FAQ 1.0

SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2006-06-07 CVE-2006-2879 Alex SQL Injection vulnerability in Alex NewsEngine Newscomments.PHP

SQL injection vulnerability in newscomments.php in Alex News-Engine 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter.

7.5
2006-06-07 CVE-2006-2878 Andreas Gohr Remote PHP Script Code Injection vulnerability in DokuWiki

The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier.

7.5
2006-06-07 CVE-2006-2877 Sangwan KIM Remote File Include vulnerability in Sangwan KIM Bookmark4U 2.0

PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php.

7.5
2006-06-07 CVE-2006-2875 ID Software Remote Buffer Overflow vulnerability in Quake 3 Engine CL_ParseDownload

Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion.

7.5
2006-06-06 CVE-2006-2872 Rumble Remote File Include vulnerability in Rumble 1.02

PHP remote file inclusion vulnerability in config.php in Rumble 1.02 allows remote attackers to execute arbitrary PHP code via a URL in the configArr[pathtodir] parameter.

7.5
2006-06-06 CVE-2006-2871 Cyboards Remote File Include vulnerability in Cyboards PHP Lite 1.25

** DISPUTED ** PHP remote file inclusion vulnerability in include/common.php in CyBoards PHP Lite 1.25 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter.

7.5
2006-06-06 CVE-2006-2867 Coolforum SQL Injection vulnerability in CoolForum Editpost.PHP

SQL injection vulnerability in editpost.php in CoolForum 0.8.3 beta and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter.

7.5
2006-06-06 CVE-2006-2865 Phpbb Group Remote File Include vulnerability in PHPBB Template.PHP

** DISPUTED ** PHP remote file inclusion vulnerability in template.php in phpBB 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

7.5
2006-06-06 CVE-2006-2862 Particle Soft SQL Injection vulnerability in Particle Soft Particle Gallery 1.0.0

SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the imageid parameter.

7.5
2006-06-06 CVE-2006-2861 Particle Soft SQL Injection vulnerability in Particle Soft Particle Wiki 1.0.2

SQL injection vulnerability in index.php in Particle Wiki 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.

7.5
2006-06-06 CVE-2006-2859 Mywebland Remote File Include vulnerability in Mywebland Mybloggie 2.1.1

** DISPUTED ** PHP remote file inclusion vulnerability in MyBloggie 2.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mybloggie_root_path parameter to (1) admin.php or (2) scode.php.

7.5
2006-06-06 CVE-2006-2858 Locazo SQL Injection vulnerability in Locazo Locazolist Classifieds 1.03C/1.04D/1.05E

SQL injection vulnerability in viewmsg.asp in LocazoList Classifieds 1.05e allows remote attackers to execute arbitrary SQL commands via the msgid parameter.

7.5
2006-06-06 CVE-2006-2857 Lifetype SQL Injection vulnerability in Lifetype 1.0.2/1.0.3/1.0.4

SQL injection vulnerability in index.php in LifeType 1.0.4 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a ViewArticle action (viewarticleaction.class.php).

7.5
2006-06-06 CVE-2006-2855 Xuebook SQL Injection vulnerability in Xuebook 1.0

SQL injection vulnerability in index.php in xueBook 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter.

7.5
2006-06-06 CVE-2006-2854 Ibwd SQL Injection vulnerability in Ibwd Guestbook 1.0

SQL injection vulnerability in index.php in iBWd Guestbook 1.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter.

7.5
2006-06-06 CVE-2006-2853 Abarcar SQL Injection vulnerability in Abarcar Realty Portal 5.1.5

SQL injection vulnerability in content.php in abarcar Realty Portal 5.1.5 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2006-06-06 CVE-2006-2849 Andrew Godwin Remote File Include vulnerability in ByteHoard Server.PHP

PHP remote file inclusion vulnerability in includes/webdav/server.php in Bytehoard 2.1 Epsilon/Delta allows remote attackers to execute arbitrary PHP code via a URL in the bhconfig[bhfilepath] parameter.

7.5
2006-06-06 CVE-2006-2847 Full Revolution SQL Injection vulnerability in Full Revolution Aspweblinks 2.0

SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows remote attackers to execute arbitrary SQL commands via the linkID parameter.

7.5
2006-06-06 CVE-2006-2845 Redaxo Remote Security vulnerability in Redaxo 3.0/3.2

PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to image_resize/pages/index.inc.php.

7.5
2006-06-06 CVE-2006-2844 Redaxo Remote Security vulnerability in Redaxo 3.0

Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to (1) simple_user/pages/index.inc.php and (2) stats/pages/index.inc.php.

7.5
2006-06-06 CVE-2006-2843 Redaxo Remote File Inclusion vulnerability in Redaxo 2.7.4

PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the (1) REX[INCLUDE_PATH] parameter in (a) addons/import_export/pages/index.inc.php and (b) pages/community.inc.php.

7.5
2006-06-06 CVE-2006-2842 Squirrelmail Local File Include vulnerability in Squirrelmail

** DISPUTED ** PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.

7.5
2006-06-06 CVE-2006-2841 Associated Remote File Include vulnerability in Associated CMS 1.1.3

Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka ACID) CMS 1.1.3 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) menu.php, (2) profile.php, (3) users.php, (4) cache_mngt.php, and (5) gallery_functions.php.

7.5
2006-06-06 CVE-2006-2836 Pineapple Technologies SQL Injection vulnerability in Lore Comment.PHP

SQL injection vulnerability in comment.php in Pineapple Technologies Lore 1.5.6 and earlier allows remote attackers to execute arbitrary SQL commands via the article_id parameter.

7.5
2006-06-06 CVE-2006-2835 Arabless SQL Injection vulnerability in Arabless Saphplesson 2.0

SQL injection vulnerability in saphplesson 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) forumid parameter in add.php and (2) lessid parameter in show.php.

7.5
2006-06-06 CVE-2006-2834 Gnopaste Remote File Include vulnerability in Gnopaste 0.5.2/0.5.3

PHP remote file inclusion vulnerability in includes/common.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.

7.5
2006-06-06 CVE-2006-2831 Drupal Input Validation vulnerability in Drupal

Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.

7.5
2006-06-05 CVE-2006-2830 Tibco Remote Buffer Overflow vulnerability in Tibco Hawk, Rendezvous and Runtime Agent

Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface.

7.5
2006-06-05 CVE-2006-2826 Phplib Team Code Execution vulnerability in PHPLIB

SQL injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a allows remote attackers to execute arbitrary SQL commands via the id variable, which is set by a client through a query string or a cookie.

7.5
2006-06-05 CVE-2006-2824 Logicalware Remote Security vulnerability in Mailmanager

Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 followed by a single-quote character) from the data stream to the server, which allows remote attackers to modify data and gain administrative access when PostgreSQL is used, aka "bug #1494281 - Postgres encoding security hole." NOTE: while this issue involves PostgreSQL, it is specific to MailManager's interface to PostgreSQL and is therefore a different vulnerability than CVE-2006-2313 and CVE-2006-2314.

7.5
2006-06-05 CVE-2006-2822 Xfairguy SQL-Injection vulnerability in Xfairguy Codeavalanche Freeforum 1.0

SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeAvalanche FreeForum (aka CAForum) 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter.

7.5
2006-06-05 CVE-2006-2819 Barnraiser Remote File Include vulnerability in Igloo

PHP remote file inclusion vulnerability in Wiki.php in Barnraiser Igloo 0.1.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the c_node[class_path] parameter.

7.5
2006-06-05 CVE-2006-2818 Cameron Mckay Remote File Include vulnerability in Cameron Mckay Informium 0.12.0

PHP remote file inclusion vulnerability in common-menu.php in Cameron McKay Informium 0.12.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONF[local_path] parameter.

7.5
2006-06-05 CVE-2006-2817 Tekno Portal SQL Injection vulnerability in Tekno.Portal Bolum.PHP

SQL injection vulnerability in bolum.php in tekno.Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-06-05 CVE-2006-2814 Ishopcart Buffer Overflow vulnerability in IShopCart

Multiple buffer overflows in the (1) vGetPost and (2) main functions in easy-scart.c through easy-scart6.c in iShopCart allow remote attackers to execute arbitrary code by sending a large amount of data containing "Submit" in an sslinvoice action, and allow remote attackers to have an unknown impact via a large amount of posted data.

7.5
2006-06-05 CVE-2006-2811 Cantico Remote File Include vulnerability in Cantico Ovidentia 5.8.0

Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidentia 5.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the babInstallPath parameter in (1) index.php, (2) topman.php, (3) approb.php, (4) vacadmb.php, (5) vacadma.php, (6) vacadm.php, (7) statart.php, (8) search.php, (9) posts.php, (10) options.php, (11) login.php, (12) frchart.php, (13) flbchart.php, (14) fileman.php, (15) faq.php, (16) event.php, (17) directory.php, (18) articles.php, (19) artedit.php, (20) calday.php, and additional unspecified PHP scripts.

7.5

60 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-06-09 CVE-2006-2929 Openemr Remote File Inclusion vulnerability in Openemr

PHP remote file inclusion vulnerability in contrib/forms/evaluation/C_FormEvaluation.class.php in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[fileroot] parameter.

6.8
2006-06-07 CVE-2006-2880 Pyblosxom Cross-Site Scripting vulnerability in Pyblosxom 1.2.1

Cross-site scripting (XSS) vulnerability in the Contributed Packages for PyBlosxom 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the Comments plugin in the (1) url and (2) author fields.

6.8
2006-06-07 CVE-2006-2876 Deltascripts Cross-Site Scripting vulnerability in PHP Pro Publish

Cross-site scripting (XSS) vulnerability in cat.php in PHP Pro Publish 2.0 allows remote attackers to inject arbitrary web script or HTML via the catname parameter.

6.8
2006-06-06 CVE-2006-2852 Dotwidget Code Injection vulnerability in Dotwidget CMS 1.0.6

PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file_path parameter in (1) index.php, (2) feedback.php, and (3) printfriendly.php.

6.8
2006-06-06 CVE-2006-2840 Pmwiki Cross-Site Scripting vulnerability in PmWiki

Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) "url links" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

6.8
2006-06-05 CVE-2006-2829 Tibco Local Buffer Overflow vulnerability in Tibco Hawk, Hawk Monitoring Agent and Runtime Agent

Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before 4.6.1 and TIBCO Runtime Agent (TRA) before 5.4 allows authenticated users to execute arbitrary code via the configuration for tibhawkhma.

6.8
2006-06-05 CVE-2006-2821 Deltascripts Cross-Site Scripting vulnerability in Deltascripts PRO Publish 2.0

Multiple cross-site scripting (XSS) vulnerabilities in DeltaScripts Pro Publish allow remote attackers to inject arbitrary web script or HTML via the (1) artid parameter in art.php and the (2) catname parameter in cat.php.

6.8
2006-06-05 CVE-2006-2815 TWO Shoes Mambo Factory Cross-Site Scripting vulnerability in TWO Shoes Mambo Factory Simpleboard 1.1.0Stable

Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes M-Factory (TSMF) SimpleBoard 1.1.0 Stable (aka com_simpleboard), as used in Mambo and Joomla!, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in "post ne topic" in the Frontend, (2) the Title (aka Community-Title) field in Simpleboard Configuration in the Backend Admin Panel, and the (3) Name (aka Forum-Title) and (4) Name (aka Category-Title) fields in Simpleboard Administration in the Backend Admin Panel.

6.8
2006-06-05 CVE-2006-2812 Dominios Europa Cross-Site Scripting vulnerability in Dominios Europa Picrate 1.0

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dominios Europa PICRATE (aka TAL RateMyPic) 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) name (aka nick), (2) email, and (3) comment boxes; and via the (4) id parameter.

6.8
2006-06-05 CVE-2006-2810 Belchior Foundry Cross-Site Scripting vulnerability in Belchior Foundry Vcard 2.9

Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) toprated.php and (2) newcards.php.

6.8
2006-06-05 CVE-2006-2809 AR Blog Cross-Site Scripting vulnerability in Ar-Blog 5.2

Multiple cross-site scripting (XSS) vulnerabilities in index.php in ar-blog 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) count parameter, and possibly the (2) next, (3) Year_the_news, and (4) mo parameters.

6.8
2006-06-05 CVE-2006-2808 Lycos Cross-Site Scripting vulnerability in htmlGEAR guestGEAR

Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR guestGEAR (aka Guest Gear) allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element, followed by a double ">", which might bypass cleansing operations.

6.8
2006-06-07 CVE-2006-2899 Estsoft Unspecified vulnerability in Estsoft Internetdisk

Unspecified vulnerability in ESTsoft InternetDISK versions before 2006/04/20 allows remote authenticated users to execute arbitrary code, possibly by uploading a file with multiple extensions into the WebLink directory.

6.5
2006-06-09 CVE-2006-2923 Loudhush Buffer Errors vulnerability in Loudhush 1.3.6

The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush 1.3.6, (b) IDE FISK 1.35 and earlier, (c) Kiax 0.8.5 and earlier, (d) DIAX, (e) Ziaxphone, (f) IAX Phone, (g) X-lite, (h) MediaX, (i) Extreme Networks ePhone, and (j) iaxComm before 1.2.0, allows remote attackers to execute arbitrary code via crafted IAX 2 (IAX2) packets with truncated (1) full frames or (2) mini-frames, which are detected in a length check but still processed, leading to buffer overflows related to negative length values.

6.4
2006-06-06 CVE-2006-2860 Webspot Code Injection vulnerability in Webspot Webspotblogging 3.0/3.0.1

PHP remote file inclusion vulnerability in Webspotblogging 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) inc/logincheck.inc.php, (2) inc/adminheader.inc.php, (3) inc/global.php, or (4) inc/mainheader.inc.php.

6.4
2006-06-06 CVE-2006-2839 Webwork Directory Traversal vulnerability in Webwork

Directory traversal vulnerability in PG Problem Editor module (PGProblemEditor.pm) in WeBWorK Online Homework Delivery System 2.2.0 and earlier allows remote attackers to read and write files outside of the templates directory.

6.4
2006-06-05 CVE-2006-2828 PHP Nuke Remote File Include vulnerability in Ev

Global variable overwrite vulnerability in PHP-Nuke allows remote attackers to conduct remote PHP file inclusion attacks via a modified phpbb_root_path parameter to the admin scripts (1) index.php, (2) admin_ug_auth.php, (3) admin_board.php, (4) admin_disallow.php, (5) admin_forumauth.php, (6) admin_groups.php, (7) admin_ranks.php, (8) admin_styles.php, (9) admin_user_ban.php, (10) admin_words.php, (11) admin_avatar.php, (12) admin_db_utilities.php, (13) admin_forum_prune.php, (14) admin_forums.php, (15) admin_mass_email.php, (16) admin_smilies.php, (17) admin_ug_auth.php, and (18) admin_users.php, which overwrites $phpbb_root_path when the import_request_variables function is executed after $phpbb_root_path has been initialized to a static value.

6.4
2006-06-05 CVE-2006-2827 Qualiteam Unspecified vulnerability in Qualiteam X-Cart 4.1.0Beta1/Gold4.0.18/Pro4.0.18

** DISPUTED ** SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the settings specify only "Search in Detailed description" and "Search also in ISBN." NOTE: the vendor disputed this issue in a comment on the original researcher's blog, saying "the bug does not impose any security threat and remote attackers can't add, modify, or delete information in the back-end database by sending specially-crafted SQL statements to the search.php script using various search parameters." As of 20060605, the original blog entry is unavailable, although ISS also reports the same dispute.

6.4
2006-06-08 CVE-2006-2906 Thomas Boutell Remote Denial of Service vulnerability in Thomas Boutell Graphics Draw Library 2.0.33

The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.

5.4
2006-06-09 CVE-2006-2928 CMS Bandits Remote PHP File Inclusion vulnerability in Cms-Bandits 2.5

Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter in (1) dialogs/img.php and (2) dialogs/td.php.

5.1
2006-06-09 CVE-2006-2922 Miraks Remote File Include vulnerability in Miraks Miraksgalerie 2.62

Multiple PHP remote file inclusion vulnerabilities in MiraksGalerie 2.62 allow remote attackers to execute arbitrary PHP code via a URL in the (1) g_pcltar_lib_dir parameter in (a) pcltar.lib.php when register_globals is enabled, and (2) listconfigfile[] parameter in (b) galsecurity.lib.php and (c) galimage.lib.php.

5.1
2006-06-09 CVE-2006-2921 Cmpro Team Remote File Inclusion vulnerability in Cmpro Team Clan Manager PRO 1.1

PHP remote file inclusion vulnerability in cmpro_header.inc.php in Clan Manager Pro (CMPRO) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) cm_ext_server and (2) sitepath parameters.

5.1
2006-06-07 CVE-2006-2890 Pixelpost SQL Injection vulnerability in Pixelpost 1.5Rc1

Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, allows remote attackers to gain administrator privileges and conduct other attacks by setting the _SESSION["pixelpost_admin"] parameter to 1 in calls to admin scripts such as admin/view_info.php.

5.1
2006-06-07 CVE-2006-2889 Pixelpost SQL Injection vulnerability in Pixelpost

Multiple SQL injection vulnerabilities in index.php in Pixelpost 1-5rc1-2 and earlier allow remote attackers to execute arbitrary SQL commands, and leverage them to gain administrator privileges, via the (1) category or (2) archivedate parameter.

5.1
2006-06-07 CVE-2006-2881 Dreamcost Remote File Include vulnerability in DreamAccount

Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the da_path parameter in the (1) auth.cookie.inc.php, (2) auth.header.inc.php, or (3) auth.sessions.inc.php scripts.

5.1
2006-06-06 CVE-2006-2447 Apache Remote Command Execution vulnerability in Apache Spamassassin 3.1.0/3.1.1/3.1.2

SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.

5.1
2006-06-06 CVE-2006-2868 Claroline Remote File Include vulnerability in Claroline 1.7.6

Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the includePath cookie to (1) auth/extauth/drivers/mambo.inc.php or (2) auth/extauth/drivers/postnuke.inc.php.

5.1
2006-06-06 CVE-2006-2866 Dotclear Remote File Include vulnerability in DotClear Prepend.PHP

PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blog_dc_path parameter, which passes file_exists() and is_dir() tests on PHP 5.

5.1
2006-06-06 CVE-2006-2864 Blueshoes Remote File Include vulnerability in Blueshoes Framework 4.5

Multiple PHP remote file inclusion vulnerabilities in BlueShoes Framework 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) APP[path][applications] parameter to (a) Bs_Faq.class.php, (2) APP[path][core] parameter to (b) fileBrowserInner.php, (c) file.php, and (d) viewer.php, and (e) Bs_ImageArchive.class.php, (3) GLOBALS[APP][path][core] parameter to (f) Bs_Ml_User.class.php, or (4) APP[path][plugins] parameter to (g) Bs_Wse_Profile.class.php.

5.1
2006-06-06 CVE-2006-2863 CS Cart Remote File Include vulnerability in CS-Cart Class.cs_phpmailer.PHP

PHP remote file inclusion vulnerability in class.cs_phpmailer.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter.

5.1
2006-06-05 CVE-2006-2825 Cpanel Remote Security vulnerability in cPanel

cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive.

5.1
2006-06-09 CVE-2006-2924 Ingate Remote SSL/TLS Handshake Denial Of Service vulnerability in Ingate Firewall and SIParator

Ingate Firewall in the SIP module before 4.4.1 and SIParator before 4.4.1, when TLS is enabled or when SSL/TLS is enabled in the web server, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake.

5.0
2006-06-08 CVE-2006-2905 Particle Soft Information Disclosure vulnerability in Particle Soft Particle Links 1.2.2

Partial Links 1.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) page_footer.php and (2) page_header.php, which displays the path in an error message.

5.0
2006-06-08 CVE-2006-2902 Particle Soft Directory Traversal vulnerability in Particle Soft Particle Links 1.2.2

Directory traversal vulnerability in Particle Links 1.2.2 might allow remote attackers to access arbitrary files via ".." sequences in an HTTP request.

5.0
2006-06-07 CVE-2006-1173 Sendmail Resource Management Errors vulnerability in Sendmail

Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.

5.0
2006-06-07 CVE-2006-2901 D Link Information Disclosure vulnerability in D-Link DWL-2100AP

The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords.

5.0
2006-06-07 CVE-2006-2896 Funkboard Security Bypass vulnerability in Funkboard Cf0.71

profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action.

5.0
2006-06-07 CVE-2006-2893 Gantty Cross-Site Scripting vulnerability in Gantty 1.0.3

index.php in GANTTy 1.0.3 allows remote attackers to obtain the full path of the web server via an invalid lang parameter in an authenticate action.

5.0
2006-06-06 CVE-2006-2848 Full Revolution Remote Security Bypass vulnerability in Full Revolution Aspweblinks 2.0

links.asp in aspWebLinks 2.0 allows remote attackers to change the administrative password, possibly via a direct request with a modified txtAdministrativePassword field.

5.0
2006-06-05 CVE-2006-2823 A Shopkart Information Disclosure vulnerability in A.Shopkart 2.0

Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) admin/scart.mdb and possibly (2) admin/scart97.mdb.

5.0
2006-06-09 CVE-2006-2930 SUN Local Security vulnerability in Grid Engine

Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid Engine 6.0, when configured in Certificate Security Protocol (CSP) Mode, allows local users to shut down the grid service or gain access, even if access is denied.

4.6
2006-06-06 CVE-2006-2856 Activestate Local Privilege Escalation vulnerability in Activestate Activeperl 5.8.8.817

ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib directory with "Users" group permissions for changing files, which allows local users to gain privileges by creating a malicious sitecustomize.pl file in that directory.

4.6
2006-06-09 CVE-2006-2927 Xfairguy HTML Injection vulnerability in Xfairguy Codeavalanche Freeforum 1.0

Multiple cross-site scripting (XSS) vulnerabilities in post.asp in CodeAvalanche FreeForum (aka CAForum) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_subject and (2) msg_body parameters.

4.3
2006-06-07 CVE-2006-2892 Gantty Cross-Site Scripting vulnerability in Gantty 1.0.3

Cross-site scripting (XSS) vulnerability in index.php in GANTTy 1.0.3 allows remote attackers to inject arbitrary HTML and web script via the message parameter in a login action.

4.3
2006-06-07 CVE-2006-2886 JAM Warehouse Cross-Site Scripting vulnerability in JAM Warehouse Knowledgetree Open Source 3.0.3

view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error message.

4.3
2006-06-07 CVE-2006-2885 Knowledgetree Cross-Site Scripting vulnerability in Knowledgetree 3.0.3

Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree Open Source 3.0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fDocumentId parameter in view.php and the (2) fSearchableText parameter in /search/simpleSearch.php.

4.3
2006-06-07 CVE-2006-2883 KKE Info Media Input Validation vulnerability in KKE Info Media Kmita FAQ 1.0

Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ 1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

4.3
2006-06-07 CVE-2006-2882 Aspscriptz HTML Injection vulnerability in ASPScriptz Guest Book Default.ASP Multiiple

Multiple cross-site scripting (XSS) vulnerabilities submit.asp in ASPScriptz Guest Book 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GBOOK_UNAME, (2) GBOOK_EMAIL, (3) GBOOK_CITY, (4) GBOOK_COU, (5) GBOOK_WWW, and (6) GBOOK_MESS form fields.

4.3
2006-06-06 CVE-2006-2874 Osads Alliance Database HTML Injection vulnerability in Osads Alliance Database Osads Alliance Database 1.1/1.2/1.3

Unspecified vulnerability in OSADS Alliance Database before 1.4 has unknown impact and attack vectors related to a "Security Leak to lock in HTML-Code," possibly due to a cross-site scripting (XSS) vulnerability involving comments.

4.3
2006-06-06 CVE-2006-2873 Enigma Haber Cross-Site Scripting vulnerability in Enigma Haber Enigma Haber 4.2

Cross-site scripting (XSS) vulnerability in hava.asp in Enigma Haber 4.2 allows remote attackers to inject arbitrary web script or HTML via the il parameter.

4.3
2006-06-06 CVE-2006-2870 Intelligent Solutions HTML Injection vulnerability in ASP Discussion Forum Search Field

Cross-site scripting (XSS) vulnerability in forum_search.asp in Intelligent Solutions Inc.

4.3
2006-06-06 CVE-2006-2851 Dotproject Cross-Site Scripting vulnerability in Dotproject 2.0/2.0.1/2.0.2

Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer.

4.3
2006-06-06 CVE-2006-2850 PHP Labware Cross-Site Scripting vulnerability in PHP Labware Labwiki 1.0

Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP Labware LabWiki 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the help parameter.

4.3
2006-06-06 CVE-2006-2846 Visiongate Cross-Site Scripting vulnerability in VisionGate Portal System

Cross-site scripting (XSS) vulnerability in Print.PHP in VisionGate Portal System allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

4.3
2006-06-06 CVE-2006-2837 Techno Dreams HTML Injection vulnerability in Techno Dreams Guest Book Comment Field

Cross-site scripting (XSS) vulnerability in Techno Dreams Guest Book allows remote attackers to inject arbitrary web script or HTML via certain comment fields in the "Sign Our GuestBook" page, probably the x_Comments parameter to guestbookadd.asp.

4.3
2006-06-05 CVE-2006-2820 Hotwebscripts HTML Injection vulnerability in Hotwebscripts Weblog Oggi 1.0

Cross-site scripting (XSS) vulnerability in HotWebScripts.com Weblog Oggi 1.0 allows remote attackers to inject arbitrary web script or HTML via a comment, possibly involving a javascript URI in the SRC attribute of an IMG element.

4.3
2006-06-05 CVE-2006-2816 Coolphp Cross-Site Scripting vulnerability in Coolphp Magazine

Multiple cross-site scripting (XSS) vulnerabilities in index.php in coolphp magazine allow remote attackers to inject arbitrary web script or HTML via the (1) op and (2) nick parameters, and possibly the (3) 0000, (4) userinfo, (5) comp_der, (6) encuestas, and (7) pagina parameters.

4.3
2006-06-09 CVE-2006-2925 Ingate Cross-Site Scripting vulnerability in Ingate Firewall

Cross-site scripting (XSS) vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to "XSS exploits" in administrator functionality.

4.0
2006-06-07 CVE-2006-2900 Microsoft
Canon
Information Exposure vulnerability in multiple products

Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.

4.0
2006-06-07 CVE-2006-2894 Mozilla
Netscape
Improper Input Validation vulnerability in multiple products

Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.

4.0

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-06-09 CVE-2006-2452 Gnome Authentication Bypass vulnerability in GNOME Foundation GDM Configure Login Manager

GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.

3.7
2006-06-09 CVE-2006-2913 OUT OF THE Trees WEB Design Input Validation vulnerability in OUT of the Trees web Design Selectapix 1.31

Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to (1) popup.php and (2) view_album.php.

2.6
2006-06-09 CVE-2006-2920 Sylpheed
Sylpheed Claws
Improper Input Validation vulnerability in multiple products

Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character.

2.6
2006-06-08 CVE-2006-2903 Particle Soft HTML Injection vulnerability in Particle Soft Particle Links 1.2.2

Cross-site scripting (XSS) vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

2.6
2006-06-07 CVE-2006-2897 Funkboard Cross-Site Scripting vulnerability in Funkboard 0.66/0.66F/0.70

Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows remote attackers to inject arbitrary HTML or web script via unspecified vectors.

2.6
2006-06-07 CVE-2006-2895 Mediawiki Cross-Site Scripting vulnerability in Mediawiki

Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form.

2.6
2006-06-07 CVE-2006-2891 Pixelpost Cross-Site Scripting vulnerability in Pixelpost 1.5Rc1

Cross-site scripting (XSS) vulnerability in admin/index.php for Pixelpost 1-5rc1-2 and earlier allows remote attackers to inject arbitrary HTML or web script via the loginmessage parameter.

2.6
2006-06-06 CVE-2006-2833 Drupal Input Validation vulnerability in Drupal 4.6.8/4.7.2

Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable.

2.6
2006-06-06 CVE-2006-2832 Drupal Input Validation vulnerability in Drupal

Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename.

2.6