Weekly Vulnerabilities Reports > June 5 to 11, 2006
Overview
113 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 44 high severity vulnerabilities. This weekly summary report vulnerabilities in 106 products from 92 vendors including Particle Soft, Drupal, Redaxo, Pixelpost, and Microsoft. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Code Injection", "Resource Management Errors", and "Information Exposure".
- 109 reported vulnerabilities are remotely exploitables.
- 18 reported vulnerabilities have public exploit available.
- 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 111 reported vulnerabilities are exploitable by an anonymous user.
- Particle Soft has the most reported vulnerabilities, with 6 reported vulnerabilities.
- Alwil has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-06-06 | CVE-2006-2869 | Alwil | Unspecified vulnerability in Avast! Antivirus CHM Unpacker Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 has unknown impact and remote attack vectors. | 10.0 |
2006-06-05 | CVE-2006-2807 | Aspwebsoft | Authentication Bypass vulnerability in Speedy Asp Discussion Forum ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to change the password of any account via a modified account id and possibly arbitrary values of the name, email, country, password, and passwordre parameters to profileupdate.asp. | 10.0 |
44 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-06-09 | CVE-2006-2919 | Microsoft | Remote Memory Corruption Denial of Service vulnerability in Microsoft Netmeeting 3.01 Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via crafted inputs that trigger memory corruption. | 7.8 |
2006-06-05 | CVE-2006-2813 | Ishopcart | Directory Traversal vulnerability in IShopCart Easy-Scart.CGI Directory traversal vulnerability in easy-scart.cgi in iShopCart allows remote attackers to read arbitrary files via a .. | 7.8 |
2006-06-05 | CVE-2006-2806 | Apache | Denial Of Service vulnerability in Apache James 2.2.0 The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command. | 7.8 |
2006-06-06 | CVE-2006-2838 | F Secure | Denial-Of-Service vulnerability in F-Secure Anti-Virus and Internet Gatekeeper Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. | 7.6 |
2006-06-09 | CVE-2006-2926 | Qbik | Remote HTTP Request Buffer Overflow vulnerability in Qbik Wingate 6.1.1.1077 Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request. | 7.5 |
2006-06-09 | CVE-2006-2912 | OUT OF THE Trees WEB Design | Input Validation vulnerability in OUT of the Trees web Design Selectapix 1.31 Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the (1) albumID parameter to (a) view_album.php or (b) index.php, (2) imageID parameter to (c) popup.php, or (3) username and (4) password parameters to (d) admin/member.php. | 7.5 |
2006-06-08 | CVE-2006-2193 | Libtiff | Remote Buffer Overflow vulnerability in LibTIFF tiff2pdf Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call. | 7.5 |
2006-06-08 | CVE-2006-2904 | Particle Soft | SQL Injection vulnerability in Particle Soft Particle Links 1.2.2 SQL injection vulnerability in index.php in Partial Links 1.2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter. | 7.5 |
2006-06-07 | CVE-2006-2898 | Digium | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Digium Asterisk The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. | 7.5 |
2006-06-07 | CVE-2006-2888 | Wikiwig | Remote File Include vulnerability in Wikiwig 4.0/4.1 PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WK[wkPath] parameter. | 7.5 |
2006-06-07 | CVE-2006-2887 | Aspburst | SQL Injection vulnerability in Aspburst Mynewsletter 1.1.2 Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the UserName parameter in (1) validatelogin.asp or (2) adminlogin.asp. | 7.5 |
2006-06-07 | CVE-2006-2884 | KKE Info Media | Input Validation vulnerability in KKE Info Media Kmita FAQ 1.0 SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
2006-06-07 | CVE-2006-2879 | Alex | SQL Injection vulnerability in Alex NewsEngine Newscomments.PHP SQL injection vulnerability in newscomments.php in Alex News-Engine 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | 7.5 |
2006-06-07 | CVE-2006-2878 | Andreas Gohr | Remote PHP Script Code Injection vulnerability in DokuWiki The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier. | 7.5 |
2006-06-07 | CVE-2006-2877 | Sangwan KIM | Remote File Include vulnerability in Sangwan KIM Bookmark4U 2.0 PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. | 7.5 |
2006-06-07 | CVE-2006-2875 | ID Software | Remote Buffer Overflow vulnerability in Quake 3 Engine CL_ParseDownload Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion. | 7.5 |
2006-06-06 | CVE-2006-2872 | Rumble | Remote File Include vulnerability in Rumble 1.02 PHP remote file inclusion vulnerability in config.php in Rumble 1.02 allows remote attackers to execute arbitrary PHP code via a URL in the configArr[pathtodir] parameter. | 7.5 |
2006-06-06 | CVE-2006-2867 | Coolforum | SQL Injection vulnerability in CoolForum Editpost.PHP SQL injection vulnerability in editpost.php in CoolForum 0.8.3 beta and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter. | 7.5 |
2006-06-06 | CVE-2006-2862 | Particle Soft | SQL Injection vulnerability in Particle Soft Particle Gallery 1.0.0 SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the imageid parameter. | 7.5 |
2006-06-06 | CVE-2006-2861 | Particle Soft | SQL Injection vulnerability in Particle Soft Particle Wiki 1.0.2 SQL injection vulnerability in index.php in Particle Wiki 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | 7.5 |
2006-06-06 | CVE-2006-2858 | Locazo | SQL Injection vulnerability in Locazo Locazolist Classifieds 1.03C/1.04D/1.05E SQL injection vulnerability in viewmsg.asp in LocazoList Classifieds 1.05e allows remote attackers to execute arbitrary SQL commands via the msgid parameter. | 7.5 |
2006-06-06 | CVE-2006-2857 | Lifetype | SQL Injection vulnerability in Lifetype 1.0.2/1.0.3/1.0.4 SQL injection vulnerability in index.php in LifeType 1.0.4 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a ViewArticle action (viewarticleaction.class.php). | 7.5 |
2006-06-06 | CVE-2006-2855 | Xuebook | SQL Injection vulnerability in Xuebook 1.0 SQL injection vulnerability in index.php in xueBook 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter. | 7.5 |
2006-06-06 | CVE-2006-2854 | Ibwd | SQL Injection vulnerability in Ibwd Guestbook 1.0 SQL injection vulnerability in index.php in iBWd Guestbook 1.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter. | 7.5 |
2006-06-06 | CVE-2006-2853 | Abarcar | SQL Injection vulnerability in Abarcar Realty Portal 5.1.5 SQL injection vulnerability in content.php in abarcar Realty Portal 5.1.5 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
2006-06-06 | CVE-2006-2849 | Andrew Godwin | Remote File Include vulnerability in ByteHoard Server.PHP PHP remote file inclusion vulnerability in includes/webdav/server.php in Bytehoard 2.1 Epsilon/Delta allows remote attackers to execute arbitrary PHP code via a URL in the bhconfig[bhfilepath] parameter. | 7.5 |
2006-06-06 | CVE-2006-2847 | Full Revolution | SQL Injection vulnerability in Full Revolution Aspweblinks 2.0 SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows remote attackers to execute arbitrary SQL commands via the linkID parameter. | 7.5 |
2006-06-06 | CVE-2006-2845 | Redaxo | Remote Security vulnerability in Redaxo 3.0/3.2 PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to image_resize/pages/index.inc.php. | 7.5 |
2006-06-06 | CVE-2006-2844 | Redaxo | Remote Security vulnerability in Redaxo 3.0 Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to (1) simple_user/pages/index.inc.php and (2) stats/pages/index.inc.php. | 7.5 |
2006-06-06 | CVE-2006-2843 | Redaxo | Remote File Inclusion vulnerability in Redaxo 2.7.4 PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the (1) REX[INCLUDE_PATH] parameter in (a) addons/import_export/pages/index.inc.php and (b) pages/community.inc.php. | 7.5 |
2006-06-06 | CVE-2006-2841 | Associated | Remote File Include vulnerability in Associated CMS 1.1.3 Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka ACID) CMS 1.1.3 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) menu.php, (2) profile.php, (3) users.php, (4) cache_mngt.php, and (5) gallery_functions.php. | 7.5 |
2006-06-06 | CVE-2006-2836 | Pineapple Technologies | SQL Injection vulnerability in Lore Comment.PHP SQL injection vulnerability in comment.php in Pineapple Technologies Lore 1.5.6 and earlier allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | 7.5 |
2006-06-06 | CVE-2006-2835 | Arabless | SQL Injection vulnerability in Arabless Saphplesson 2.0 SQL injection vulnerability in saphplesson 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) forumid parameter in add.php and (2) lessid parameter in show.php. | 7.5 |
2006-06-06 | CVE-2006-2834 | Gnopaste | Remote File Include vulnerability in Gnopaste 0.5.2/0.5.3 PHP remote file inclusion vulnerability in includes/common.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | 7.5 |
2006-06-06 | CVE-2006-2831 | Drupal | Input Validation vulnerability in Drupal Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743. | 7.5 |
2006-06-05 | CVE-2006-2830 | Tibco | Remote Buffer Overflow vulnerability in Tibco Hawk, Rendezvous and Runtime Agent Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface. | 7.5 |
2006-06-05 | CVE-2006-2826 | Phplib Team | Code Execution vulnerability in PHPLIB SQL injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a allows remote attackers to execute arbitrary SQL commands via the id variable, which is set by a client through a query string or a cookie. | 7.5 |
2006-06-05 | CVE-2006-2824 | Logicalware | Remote Security vulnerability in Mailmanager Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 followed by a single-quote character) from the data stream to the server, which allows remote attackers to modify data and gain administrative access when PostgreSQL is used, aka "bug #1494281 - Postgres encoding security hole." NOTE: while this issue involves PostgreSQL, it is specific to MailManager's interface to PostgreSQL and is therefore a different vulnerability than CVE-2006-2313 and CVE-2006-2314. | 7.5 |
2006-06-05 | CVE-2006-2822 | Xfairguy | SQL-Injection vulnerability in Xfairguy Codeavalanche Freeforum 1.0 SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeAvalanche FreeForum (aka CAForum) 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. | 7.5 |
2006-06-05 | CVE-2006-2819 | Barnraiser | Remote File Include vulnerability in Igloo PHP remote file inclusion vulnerability in Wiki.php in Barnraiser Igloo 0.1.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the c_node[class_path] parameter. | 7.5 |
2006-06-05 | CVE-2006-2818 | Cameron Mckay | Remote File Include vulnerability in Cameron Mckay Informium 0.12.0 PHP remote file inclusion vulnerability in common-menu.php in Cameron McKay Informium 0.12.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONF[local_path] parameter. | 7.5 |
2006-06-05 | CVE-2006-2817 | Tekno Portal | SQL Injection vulnerability in Tekno.Portal Bolum.PHP SQL injection vulnerability in bolum.php in tekno.Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2006-06-05 | CVE-2006-2814 | Ishopcart | Buffer Overflow vulnerability in IShopCart Multiple buffer overflows in the (1) vGetPost and (2) main functions in easy-scart.c through easy-scart6.c in iShopCart allow remote attackers to execute arbitrary code by sending a large amount of data containing "Submit" in an sslinvoice action, and allow remote attackers to have an unknown impact via a large amount of posted data. | 7.5 |
2006-06-05 | CVE-2006-2811 | Cantico | Remote File Include vulnerability in Cantico Ovidentia 5.8.0 Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidentia 5.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the babInstallPath parameter in (1) index.php, (2) topman.php, (3) approb.php, (4) vacadmb.php, (5) vacadma.php, (6) vacadm.php, (7) statart.php, (8) search.php, (9) posts.php, (10) options.php, (11) login.php, (12) frchart.php, (13) flbchart.php, (14) fileman.php, (15) faq.php, (16) event.php, (17) directory.php, (18) articles.php, (19) artedit.php, (20) calday.php, and additional unspecified PHP scripts. | 7.5 |
59 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-06-09 | CVE-2006-2929 | Openemr | Remote File Inclusion vulnerability in Openemr PHP remote file inclusion vulnerability in contrib/forms/evaluation/C_FormEvaluation.class.php in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[fileroot] parameter. | 6.8 |
2006-06-07 | CVE-2006-2880 | Pyblosxom | Cross-Site Scripting vulnerability in Pyblosxom 1.2.1 Cross-site scripting (XSS) vulnerability in the Contributed Packages for PyBlosxom 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the Comments plugin in the (1) url and (2) author fields. | 6.8 |
2006-06-07 | CVE-2006-2876 | Deltascripts | Cross-Site Scripting vulnerability in PHP Pro Publish Cross-site scripting (XSS) vulnerability in cat.php in PHP Pro Publish 2.0 allows remote attackers to inject arbitrary web script or HTML via the catname parameter. | 6.8 |
2006-06-06 | CVE-2006-2852 | Dotwidget | Code Injection vulnerability in Dotwidget CMS 1.0.6 PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file_path parameter in (1) index.php, (2) feedback.php, and (3) printfriendly.php. | 6.8 |
2006-06-06 | CVE-2006-2840 | Pmwiki | Cross-Site Scripting vulnerability in PmWiki Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) "url links" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 6.8 |
2006-06-05 | CVE-2006-2829 | Tibco | Local Buffer Overflow vulnerability in Tibco Hawk, Hawk Monitoring Agent and Runtime Agent Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before 4.6.1 and TIBCO Runtime Agent (TRA) before 5.4 allows authenticated users to execute arbitrary code via the configuration for tibhawkhma. | 6.8 |
2006-06-05 | CVE-2006-2821 | Deltascripts | Cross-Site Scripting vulnerability in Deltascripts PRO Publish 2.0 Multiple cross-site scripting (XSS) vulnerabilities in DeltaScripts Pro Publish allow remote attackers to inject arbitrary web script or HTML via the (1) artid parameter in art.php and the (2) catname parameter in cat.php. | 6.8 |
2006-06-05 | CVE-2006-2815 | TWO Shoes Mambo Factory | Cross-Site Scripting vulnerability in TWO Shoes Mambo Factory Simpleboard 1.1.0Stable Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes M-Factory (TSMF) SimpleBoard 1.1.0 Stable (aka com_simpleboard), as used in Mambo and Joomla!, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in "post ne topic" in the Frontend, (2) the Title (aka Community-Title) field in Simpleboard Configuration in the Backend Admin Panel, and the (3) Name (aka Forum-Title) and (4) Name (aka Category-Title) fields in Simpleboard Administration in the Backend Admin Panel. | 6.8 |
2006-06-05 | CVE-2006-2812 | Dominios Europa | Cross-Site Scripting vulnerability in Dominios Europa Picrate 1.0 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dominios Europa PICRATE (aka TAL RateMyPic) 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) name (aka nick), (2) email, and (3) comment boxes; and via the (4) id parameter. | 6.8 |
2006-06-05 | CVE-2006-2810 | Belchior Foundry | Cross-Site Scripting vulnerability in Belchior Foundry Vcard 2.9 Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) toprated.php and (2) newcards.php. | 6.8 |
2006-06-05 | CVE-2006-2809 | AR Blog | Cross-Site Scripting vulnerability in Ar-Blog 5.2 Multiple cross-site scripting (XSS) vulnerabilities in index.php in ar-blog 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) count parameter, and possibly the (2) next, (3) Year_the_news, and (4) mo parameters. | 6.8 |
2006-06-05 | CVE-2006-2808 | Lycos | Cross-Site Scripting vulnerability in htmlGEAR guestGEAR Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR guestGEAR (aka Guest Gear) allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element, followed by a double ">", which might bypass cleansing operations. | 6.8 |
2006-06-07 | CVE-2006-2899 | Estsoft | Unspecified vulnerability in Estsoft Internetdisk Unspecified vulnerability in ESTsoft InternetDISK versions before 2006/04/20 allows remote authenticated users to execute arbitrary code, possibly by uploading a file with multiple extensions into the WebLink directory. | 6.5 |
2006-06-09 | CVE-2006-2923 | Loudhush | Buffer Errors vulnerability in Loudhush 1.3.6 The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush 1.3.6, (b) IDE FISK 1.35 and earlier, (c) Kiax 0.8.5 and earlier, (d) DIAX, (e) Ziaxphone, (f) IAX Phone, (g) X-lite, (h) MediaX, (i) Extreme Networks ePhone, and (j) iaxComm before 1.2.0, allows remote attackers to execute arbitrary code via crafted IAX 2 (IAX2) packets with truncated (1) full frames or (2) mini-frames, which are detected in a length check but still processed, leading to buffer overflows related to negative length values. | 6.4 |
2006-06-06 | CVE-2006-2860 | Webspot | Code Injection vulnerability in Webspot Webspotblogging 3.0/3.0.1 PHP remote file inclusion vulnerability in Webspotblogging 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) inc/logincheck.inc.php, (2) inc/adminheader.inc.php, (3) inc/global.php, or (4) inc/mainheader.inc.php. | 6.4 |
2006-06-06 | CVE-2006-2839 | Webwork | Directory Traversal vulnerability in Webwork Directory traversal vulnerability in PG Problem Editor module (PGProblemEditor.pm) in WeBWorK Online Homework Delivery System 2.2.0 and earlier allows remote attackers to read and write files outside of the templates directory. | 6.4 |
2006-06-05 | CVE-2006-2828 | PHP Nuke | Remote File Include vulnerability in Ev Global variable overwrite vulnerability in PHP-Nuke allows remote attackers to conduct remote PHP file inclusion attacks via a modified phpbb_root_path parameter to the admin scripts (1) index.php, (2) admin_ug_auth.php, (3) admin_board.php, (4) admin_disallow.php, (5) admin_forumauth.php, (6) admin_groups.php, (7) admin_ranks.php, (8) admin_styles.php, (9) admin_user_ban.php, (10) admin_words.php, (11) admin_avatar.php, (12) admin_db_utilities.php, (13) admin_forum_prune.php, (14) admin_forums.php, (15) admin_mass_email.php, (16) admin_smilies.php, (17) admin_ug_auth.php, and (18) admin_users.php, which overwrites $phpbb_root_path when the import_request_variables function is executed after $phpbb_root_path has been initialized to a static value. | 6.4 |
2006-06-08 | CVE-2006-2906 | Thomas Boutell | Remote Denial of Service vulnerability in Thomas Boutell Graphics Draw Library 2.0.33 The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop. | 5.4 |
2006-06-09 | CVE-2006-2928 | CMS Bandits | Remote PHP File Inclusion vulnerability in Cms-Bandits 2.5 Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter in (1) dialogs/img.php and (2) dialogs/td.php. | 5.1 |
2006-06-09 | CVE-2006-2922 | Miraks | Remote File Include vulnerability in Miraks Miraksgalerie 2.62 Multiple PHP remote file inclusion vulnerabilities in MiraksGalerie 2.62 allow remote attackers to execute arbitrary PHP code via a URL in the (1) g_pcltar_lib_dir parameter in (a) pcltar.lib.php when register_globals is enabled, and (2) listconfigfile[] parameter in (b) galsecurity.lib.php and (c) galimage.lib.php. | 5.1 |
2006-06-09 | CVE-2006-2921 | Cmpro Team | Remote File Inclusion vulnerability in Cmpro Team Clan Manager PRO 1.1 PHP remote file inclusion vulnerability in cmpro_header.inc.php in Clan Manager Pro (CMPRO) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) cm_ext_server and (2) sitepath parameters. | 5.1 |
2006-06-07 | CVE-2006-2890 | Pixelpost | SQL Injection vulnerability in Pixelpost 1.5Rc1 Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, allows remote attackers to gain administrator privileges and conduct other attacks by setting the _SESSION["pixelpost_admin"] parameter to 1 in calls to admin scripts such as admin/view_info.php. | 5.1 |
2006-06-07 | CVE-2006-2889 | Pixelpost | SQL Injection vulnerability in Pixelpost Multiple SQL injection vulnerabilities in index.php in Pixelpost 1-5rc1-2 and earlier allow remote attackers to execute arbitrary SQL commands, and leverage them to gain administrator privileges, via the (1) category or (2) archivedate parameter. | 5.1 |
2006-06-07 | CVE-2006-2881 | Dreamcost | Remote File Include vulnerability in DreamAccount Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the da_path parameter in the (1) auth.cookie.inc.php, (2) auth.header.inc.php, or (3) auth.sessions.inc.php scripts. | 5.1 |
2006-06-06 | CVE-2006-2447 | Apache | Remote Command Execution vulnerability in Apache Spamassassin 3.1.0/3.1.1/3.1.2 SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username. | 5.1 |
2006-06-06 | CVE-2006-2868 | Claroline | Remote File Include vulnerability in Claroline 1.7.6 Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the includePath cookie to (1) auth/extauth/drivers/mambo.inc.php or (2) auth/extauth/drivers/postnuke.inc.php. | 5.1 |
2006-06-06 | CVE-2006-2866 | Dotclear | Remote File Include vulnerability in DotClear Prepend.PHP PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blog_dc_path parameter, which passes file_exists() and is_dir() tests on PHP 5. | 5.1 |
2006-06-06 | CVE-2006-2864 | Blueshoes | Remote File Include vulnerability in Blueshoes Framework 4.5 Multiple PHP remote file inclusion vulnerabilities in BlueShoes Framework 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) APP[path][applications] parameter to (a) Bs_Faq.class.php, (2) APP[path][core] parameter to (b) fileBrowserInner.php, (c) file.php, and (d) viewer.php, and (e) Bs_ImageArchive.class.php, (3) GLOBALS[APP][path][core] parameter to (f) Bs_Ml_User.class.php, or (4) APP[path][plugins] parameter to (g) Bs_Wse_Profile.class.php. | 5.1 |
2006-06-06 | CVE-2006-2863 | CS Cart | Remote File Include vulnerability in CS-Cart Class.cs_phpmailer.PHP PHP remote file inclusion vulnerability in class.cs_phpmailer.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter. | 5.1 |
2006-06-05 | CVE-2006-2825 | Cpanel | Remote Security vulnerability in cPanel cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive. | 5.1 |
2006-06-09 | CVE-2006-2924 | Ingate | Remote SSL/TLS Handshake Denial Of Service vulnerability in Ingate Firewall and SIParator Ingate Firewall in the SIP module before 4.4.1 and SIParator before 4.4.1, when TLS is enabled or when SSL/TLS is enabled in the web server, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake. | 5.0 |
2006-06-08 | CVE-2006-2905 | Particle Soft | Information Disclosure vulnerability in Particle Soft Particle Links 1.2.2 Partial Links 1.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) page_footer.php and (2) page_header.php, which displays the path in an error message. | 5.0 |
2006-06-08 | CVE-2006-2902 | Particle Soft | Directory Traversal vulnerability in Particle Soft Particle Links 1.2.2 Directory traversal vulnerability in Particle Links 1.2.2 might allow remote attackers to access arbitrary files via ".." sequences in an HTTP request. | 5.0 |
2006-06-07 | CVE-2006-1173 | Sendmail | Resource Management Errors vulnerability in Sendmail Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files. | 5.0 |
2006-06-07 | CVE-2006-2901 | D Link | Information Disclosure vulnerability in D-Link DWL-2100AP The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords. | 5.0 |
2006-06-07 | CVE-2006-2896 | Funkboard | Security Bypass vulnerability in Funkboard Cf0.71 profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action. | 5.0 |
2006-06-07 | CVE-2006-2893 | Gantty | Cross-Site Scripting vulnerability in Gantty 1.0.3 index.php in GANTTy 1.0.3 allows remote attackers to obtain the full path of the web server via an invalid lang parameter in an authenticate action. | 5.0 |
2006-06-06 | CVE-2006-2848 | Full Revolution | Remote Security Bypass vulnerability in Full Revolution Aspweblinks 2.0 links.asp in aspWebLinks 2.0 allows remote attackers to change the administrative password, possibly via a direct request with a modified txtAdministrativePassword field. | 5.0 |
2006-06-05 | CVE-2006-2823 | A Shopkart | Information Disclosure vulnerability in A.Shopkart 2.0 Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) admin/scart.mdb and possibly (2) admin/scart97.mdb. | 5.0 |
2006-06-09 | CVE-2006-2930 | SUN | Local Security vulnerability in Grid Engine Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid Engine 6.0, when configured in Certificate Security Protocol (CSP) Mode, allows local users to shut down the grid service or gain access, even if access is denied. | 4.6 |
2006-06-06 | CVE-2006-2856 | Activestate | Local Privilege Escalation vulnerability in Activestate Activeperl 5.8.8.817 ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib directory with "Users" group permissions for changing files, which allows local users to gain privileges by creating a malicious sitecustomize.pl file in that directory. | 4.6 |
2006-06-09 | CVE-2006-2927 | Xfairguy | HTML Injection vulnerability in Xfairguy Codeavalanche Freeforum 1.0 Multiple cross-site scripting (XSS) vulnerabilities in post.asp in CodeAvalanche FreeForum (aka CAForum) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_subject and (2) msg_body parameters. | 4.3 |
2006-06-07 | CVE-2006-2892 | Gantty | Cross-Site Scripting vulnerability in Gantty 1.0.3 Cross-site scripting (XSS) vulnerability in index.php in GANTTy 1.0.3 allows remote attackers to inject arbitrary HTML and web script via the message parameter in a login action. | 4.3 |
2006-06-07 | CVE-2006-2886 | JAM Warehouse | Cross-Site Scripting vulnerability in JAM Warehouse Knowledgetree Open Source 3.0.3 view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error message. | 4.3 |
2006-06-07 | CVE-2006-2885 | Knowledgetree | Cross-Site Scripting vulnerability in Knowledgetree 3.0.3 Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree Open Source 3.0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fDocumentId parameter in view.php and the (2) fSearchableText parameter in /search/simpleSearch.php. | 4.3 |
2006-06-07 | CVE-2006-2883 | KKE Info Media | Input Validation vulnerability in KKE Info Media Kmita FAQ 1.0 Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ 1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 4.3 |
2006-06-07 | CVE-2006-2882 | Aspscriptz | HTML Injection vulnerability in ASPScriptz Guest Book Default.ASP Multiiple Multiple cross-site scripting (XSS) vulnerabilities submit.asp in ASPScriptz Guest Book 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GBOOK_UNAME, (2) GBOOK_EMAIL, (3) GBOOK_CITY, (4) GBOOK_COU, (5) GBOOK_WWW, and (6) GBOOK_MESS form fields. | 4.3 |
2006-06-06 | CVE-2006-2874 | Osads Alliance Database | HTML Injection vulnerability in Osads Alliance Database Osads Alliance Database 1.1/1.2/1.3 Unspecified vulnerability in OSADS Alliance Database before 1.4 has unknown impact and attack vectors related to a "Security Leak to lock in HTML-Code," possibly due to a cross-site scripting (XSS) vulnerability involving comments. | 4.3 |
2006-06-06 | CVE-2006-2873 | Enigma Haber | Cross-Site Scripting vulnerability in Enigma Haber Enigma Haber 4.2 Cross-site scripting (XSS) vulnerability in hava.asp in Enigma Haber 4.2 allows remote attackers to inject arbitrary web script or HTML via the il parameter. | 4.3 |
2006-06-06 | CVE-2006-2870 | Intelligent Solutions | HTML Injection vulnerability in ASP Discussion Forum Search Field Cross-site scripting (XSS) vulnerability in forum_search.asp in Intelligent Solutions Inc. | 4.3 |
2006-06-06 | CVE-2006-2851 | Dotproject | Cross-Site Scripting vulnerability in Dotproject 2.0/2.0.1/2.0.2 Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer. | 4.3 |
2006-06-06 | CVE-2006-2850 | PHP Labware | Cross-Site Scripting vulnerability in PHP Labware Labwiki 1.0 Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP Labware LabWiki 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the help parameter. | 4.3 |
2006-06-06 | CVE-2006-2846 | Visiongate | Cross-Site Scripting vulnerability in VisionGate Portal System Cross-site scripting (XSS) vulnerability in Print.PHP in VisionGate Portal System allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 4.3 |
2006-06-06 | CVE-2006-2837 | Techno Dreams | HTML Injection vulnerability in Techno Dreams Guest Book Comment Field Cross-site scripting (XSS) vulnerability in Techno Dreams Guest Book allows remote attackers to inject arbitrary web script or HTML via certain comment fields in the "Sign Our GuestBook" page, probably the x_Comments parameter to guestbookadd.asp. | 4.3 |
2006-06-05 | CVE-2006-2820 | Hotwebscripts | HTML Injection vulnerability in Hotwebscripts Weblog Oggi 1.0 Cross-site scripting (XSS) vulnerability in HotWebScripts.com Weblog Oggi 1.0 allows remote attackers to inject arbitrary web script or HTML via a comment, possibly involving a javascript URI in the SRC attribute of an IMG element. | 4.3 |
2006-06-05 | CVE-2006-2816 | Coolphp | Cross-Site Scripting vulnerability in Coolphp Magazine Multiple cross-site scripting (XSS) vulnerabilities in index.php in coolphp magazine allow remote attackers to inject arbitrary web script or HTML via the (1) op and (2) nick parameters, and possibly the (3) 0000, (4) userinfo, (5) comp_der, (6) encuestas, and (7) pagina parameters. | 4.3 |
2006-06-09 | CVE-2006-2925 | Ingate | Cross-Site Scripting vulnerability in Ingate Firewall Cross-site scripting (XSS) vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to "XSS exploits" in administrator functionality. | 4.0 |
2006-06-07 | CVE-2006-2900 | Microsoft Canon | Information Exposure vulnerability in multiple products Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. | 4.0 |
2006-06-07 | CVE-2006-2894 | Mozilla Netscape | Improper Input Validation vulnerability in multiple products Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. | 4.0 |
8 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-06-09 | CVE-2006-2452 | Gnome | Authentication Bypass vulnerability in GNOME Foundation GDM Configure Login Manager GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges. | 3.7 |
2006-06-09 | CVE-2006-2913 | OUT OF THE Trees WEB Design | Input Validation vulnerability in OUT of the Trees web Design Selectapix 1.31 Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to (1) popup.php and (2) view_album.php. | 2.6 |
2006-06-08 | CVE-2006-2903 | Particle Soft | HTML Injection vulnerability in Particle Soft Particle Links 1.2.2 Cross-site scripting (XSS) vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | 2.6 |
2006-06-07 | CVE-2006-2897 | Funkboard | Cross-Site Scripting vulnerability in Funkboard 0.66/0.66F/0.70 Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows remote attackers to inject arbitrary HTML or web script via unspecified vectors. | 2.6 |
2006-06-07 | CVE-2006-2895 | Mediawiki | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form. | 2.6 |
2006-06-07 | CVE-2006-2891 | Pixelpost | Cross-Site Scripting vulnerability in Pixelpost 1.5Rc1 Cross-site scripting (XSS) vulnerability in admin/index.php for Pixelpost 1-5rc1-2 and earlier allows remote attackers to inject arbitrary HTML or web script via the loginmessage parameter. | 2.6 |
2006-06-06 | CVE-2006-2833 | Drupal | Input Validation vulnerability in Drupal 4.6.8/4.7.2 Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable. | 2.6 |
2006-06-06 | CVE-2006-2832 | Drupal | Input Validation vulnerability in Drupal Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename. | 2.6 |