Weekly Vulnerabilities Reports > June 19 to 25, 2006

Overview

152 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 48 high severity vulnerabilities. This weekly summary report vulnerabilities in 117 products from 99 vendors including Microsoft, Ultimate PHP Board, Thinkfactory, Bitweaver, and Comscripts. Vulnerabilities are notably categorized as "Code Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Cross-site Scripting", and "Resource Management Errors".

  • 144 reported vulnerabilities are remotely exploitables.
  • 12 reported vulnerabilities have public exploit available.
  • 6 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 147 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

2 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-06-24 CVE-2006-3203 Ultimate PHP Board Credentials Management vulnerability in Ultimate PHP Board Ultimate PHP Board

The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier includes a default administrator login account and password, which allows remote attackers to gain privileges.

10.0
2006-06-19 CVE-2006-3086 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Hyperlink Object Library

Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka "Hyperlink COM Object Buffer Overflow Vulnerability." NOTE: this is a different issue than CVE-2006-3059.

9.3

48 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-06-23 CVE-2006-3085 Linux Remote Denial of Service vulnerability in Linux Kernel XT_SCTP-netfilter

xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers to cause a denial of service (infinite loop) via an SCTP chunk with a 0 length.

7.8
2006-06-21 CVE-2006-3127 SUN Resource Management Errors vulnerability in SUN products

Memory leak in Network Security Services (NSS) 3.11, as used in Sun Java Enterprise System 2003Q4 through 2005Q1 and Java System Directory Server 5.2, allows remote attackers to cause a denial of service (memory consumption) by performing a large number of RSA cryptographic operations.

7.8
2006-06-24 CVE-2006-3221 Softnews Media Group SQL Injection vulnerability in DataLife Engine Subaction

SQL injection vulnerability in index.php in DataLife Engine 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded values in the user parameter in a userinfo subaction.

7.5
2006-06-24 CVE-2006-3220 Woltlab SQL-Injection vulnerability in Woltlab Burning Board 2.2.1

SQL injection vulnerability in studienplatztausch.php in Woltlab Burning Board (WBB) 2.2.1 allows remote attackers to execute arbitrary SQL commands via the sid parameter.

7.5
2006-06-24 CVE-2006-3219 Woltlab SQL-Injection vulnerability in Woltlab Burning Board 2.2.2

SQL injection vulnerability in thread.php in Woltlab Burning Board (WBB) 2.2.2 allows remote attackers to execute arbitrary SQL commands via the threadid parameter.

7.5
2006-06-24 CVE-2006-3218 Woltlab SQL-Injection vulnerability in Woltlab Burning Board 2.1.6

SQL injection vulnerability in profile.php in Woltlab Burning Board (WBB) 2.1.6 allows remote attackers to execute arbitrary SQL commands via the userid parameter.

7.5
2006-06-24 CVE-2006-3215 Clearswift Multiple vulnerability in Clearswift Mailsweeper FOR Exchange and Mailsweeper for Smtp

Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to bypass the "text analysis", possibly bypassing SPAM and other filters, by sending an e-mail specifying a non-existent or unrecognized character set.

7.5
2006-06-24 CVE-2006-3213 Webboa SQL Injection vulnerability in Webboa 1.1

SQL injection vulnerability in WeBBoA Hosting 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter to an unspecified script, possibly host/yeni_host.asp.

7.5
2006-06-23 CVE-2006-3198 Opera Software Remote Buffer Overflow vulnerability in Opera Web Browser JPEG Image Handling

Integer overflow in Opera 8.54 and earlier allows remote attackers to execute arbitrary code via a JPEG image with large height and width values, which causes less memory to be allocated than intended.

7.5
2006-06-23 CVE-2006-3192 PHP WEB Scripts Remote File Include vulnerability in PHP web Scripts AD Manager PRO 2.6

PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows remote attackers to execute arbitrary PHP code via a URL in the (1) ipath parameter in common.php and (2) unspecified vectors in ad.php.

7.5
2006-06-23 CVE-2006-3190 Hotplug CMS SQL-Injection vulnerability in Hotplug CMS Hotplug CMS 1.0

SQL injection vulnerability in administration/includes/login/auth.php in HotPlug CMS 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters.

7.5
2006-06-23 CVE-2006-3188 Sharky E Shop SQL-Injection vulnerability in Sharky E-Shop

Multiple SQL injection vulnerabilities in Sharky e-shop 3.05 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) maingroup and (2) secondgroup parameters to (a) search_prod_list.asp, and the (3) maingroup parameter to (b) meny2.asp.

7.5
2006-06-23 CVE-2006-3185 CMS Faethon Remote File Include vulnerability in CMS Faethon CMS Faethon 1.3.2

PHP remote file inclusion vulnerability in data/header.php in CMS Faethon 1.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter.

7.5
2006-06-23 CVE-2006-3182 Mobescripts Directory Traversal vulnerability in Mobescripts Mobile Space Community 2.0

Directory traversal vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to read arbitrary files via a ..

7.5
2006-06-23 CVE-2006-3181 Mobescripts SQL Injection vulnerability in Mobescripts Mobile Space Community 2.0

SQL injection vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to execute arbitrary SQL commands via the browse parameter.

7.5
2006-06-23 CVE-2006-3177 Bible Portal Project Remote File Include vulnerability in Bible Portal Rtf_parser.PHP

PHP remote file inclusion vulnerability in Admin/rtf_parser.php in The Bible Portal Project 2.12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the destination parameter.

7.5
2006-06-23 CVE-2006-3176 Xaran SQL Injection vulnerability in Xaran CMS 2.0

SQL injection vulnerability in xarancms_haupt.php in xarancms 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-06-23 CVE-2006-3175 Mcguestbook Code Injection vulnerability in Mcguestbook 1.3

Multiple PHP remote file inclusion vulnerabilities in mcGuestbook 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) admin.php, (2) ecrire.php, and (3) lire.php.

7.5
2006-06-23 CVE-2006-3173 Content Builder Remote File Include vulnerability in Content*Builder 0.7.5

Multiple PHP remote file inclusion vulnerabilities in Content*Builder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path[cb] parameter to (a) libraries/comment/postComment.php and (b) modules/poll/poll.php, (2) rel parameter to (c) modules/archive/overview.inc.php, and the (3) actualModuleDir parameter to (d) modules/forum/showThread.inc.php.

7.5
2006-06-23 CVE-2006-3172 Content Builder Code Injection vulnerability in Content*Builder 0.7.5

Multiple PHP remote file inclusion vulnerabilities in Content*Builder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL with a trailing slash (/) character in the (1) lang_path parameter to (a) cms/plugins/col_man/column.inc.php, (b) cms/plugins/poll/poll.inc.php, (c) cms/plugins/user_managment/usrPortrait.inc.php, (d) cms/plugins/user_managment/user.inc.php, (e) cms/plugins/media_manager/media.inc.php, (f) cms/plugins/events/permanent.eventMonth.inc.php, (g) cms/plugins/events/events.inc.php, and (h) cms/plugins/newsletter2/newsletter.inc.php; (2) path[cb] parameter to (i) modules/guestbook/guestbook.inc.php, (j) modules/shoutbox/shoutBox.php, and (k) modules/sitemap/sitemap.inc.php; and the (3) rel parameter to (l) modules/download/overview.inc.php, (m) modules/download/detailView.inc.php, (n) modules/article/fullarticle.inc.php, (o) modules/article/comments.inc.php, (p) modules/article2/overview.inc.php, (q) modules/article2/fullarticle.inc.php, (r) modules/article2/comments.inc.php, (s) modules/headline/headlineBox.php, and (t) modules/headline/showHeadline.inc.php.

7.5
2006-06-23 CVE-2006-3168 Comscripts SQL-Injection vulnerability in Cs-Forum

SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php.

7.5
2006-06-22 CVE-2006-3165 Free Realty SQL Injection vulnerability in Free Realty Propview.PHP

SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter.

7.5
2006-06-22 CVE-2006-3164 TPL Design SQL Injection vulnerability in TPL Design TplShop Category.PHP

SQL injection vulnerability in category.php in TPL Design tplShop 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the first_row parameter.

7.5
2006-06-22 CVE-2006-3163 Imgallery SQL Injection vulnerability in IMGallery Galeria.PHP

Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) start or (2) sort parameters.

7.5
2006-06-22 CVE-2006-3162 Smartsitecms Remote File Include vulnerability in SmartSiteCMS Inc_Foot.PHP

PHP remote file inclusion vulnerability in include/inc_foot.php in SmartSiteCMS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.

7.5
2006-06-22 CVE-2006-3161 Saphp SQL Injection vulnerability in Saphp Saphplesson 1.1

SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the action parameter.

7.5
2006-06-22 CVE-2006-3158 Eduha Meeting Unspecified vulnerability in Eduha Meeting Eduha Meeting

index.php in Eduha Meeting does not properly restrict file extensions before permitting a file upload, which allows remote attackers to bypass security checks and upload or execute arbitrary php code via the add action.

7.5
2006-06-22 CVE-2006-3154 Thinkfactory Input Validation vulnerability in Thinkfactory Ultimate Estate 1.0

SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-06-22 CVE-2006-3152 Bluehouse Project SQL Injection vulnerability in Bluehouse Project PHPtrader 4.9Sp5

Multiple SQL injection vulnerabilities in phpTRADER 4.9 SP5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sectio parameter in (a) login.php, (b) write_newad.php, (c) newad.php, (d) printad.php, (e) askseller.php, (f) browse.php, (g) showmemberads.php, (h) note_ad.php, (i) abuse.php, (j) buynow.php, (k) confirm_newad.php, (2) an parameter in (l) printad.php, (m) note_ad.php, (3) who parameter in (n) showmemberads.php, and (4) adnr parameter in (o) buynow.php.

7.5
2006-06-22 CVE-2006-3150 Cavoxcms SQL Injection vulnerability in Cavoxcms 1.0.16

SQL injection vulnerability in index.php in CavoxCms 1.0.16 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.

7.5
2006-06-22 CVE-2006-3148 Open Realty SQL Injection vulnerability in Open-Realty 2.3.1

SQL injection vulnerability, possibly in search.inc.php, in Open-Realty 2.3.1 allows remote attackers to execute arbitrary SQL commands via the sorttype parameter to index.php.

7.5
2006-06-22 CVE-2006-3144 IBD Code Injection vulnerability in IBD Micro CMS 0.3.5

PHP remote file inclusion vulnerability in micro_cms_files/microcms-include.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) and earlier allows remote attackers to execute arbitrary PHP code via a URL in the microcms_path parameter.

7.5
2006-06-22 CVE-2006-3142 Vbzoom SQL Injection vulnerability in Vbzoom 1.11

SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter.

7.5
2006-06-22 CVE-2006-3140 Openci SQL-Injection vulnerability in Openci

SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-06-22 CVE-2006-3139 Vwar SQL Injection vulnerability in Vwar Virtual WAR

Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters.

7.5
2006-06-22 CVE-2006-3136 Nucleus Group Code Injection vulnerability in Nucleus Group Nucleus CMS

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.php, and to files in path/nucleus including (2) media.php, (3) /xmlrpc/server.php, and (4) /xmlrpc/api_metaweblog.inc.php.

7.5
2006-06-22 CVE-2006-3130 Clubpage Input Validation vulnerability in Clubpage

SQL injection vulnerability in index.php in Clubpage allows remote attackers to execute arbitrary SQL commands via the category parameter.

7.5
2006-06-21 CVE-2006-2911 Hotwebscripts SQL Injection vulnerability in CMS MUNDO Control Panel

SQL injection vulnerability in controlpanel/index.php in CMS Mundo before 1.0 build 008 allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2006-06-21 CVE-2006-3111 Chipmailer SQL Injection vulnerability in Chipmailer 1.09

Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 allow remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by (1) anfang, (2) name, (3) mail, (4) anrede, (5) vorname, (6) nachname, (7) gebtag, (8) gebmonat, and (9) gebjahr.

7.5
2006-06-19 CVE-2006-3096 Ipostmx SQL-Injection vulnerability in Ipostmx 2005

Multiple SQL injection vulnerabilities in iPostMX 2005 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) forum parameter in messagepost.cfm and (2) topic parameter in topics.cfm.

7.5
2006-06-19 CVE-2006-3092 Phpmyfactures Security Bypass vulnerability in PHPmyfactures 1.0

PhpMyFactures 1.2 and earlier allows remote attackers to bypass authentication and modify data via direct requests with modified parameters to (1) /tva/ajouter_tva.php, (2) /remises/ajouter_remise.php, (3) /pays/ajouter_pays.php, (4) /pays/modifier_pays.php, (5) /produits/ajouter_cat.php, (6) /produits/ajouter_produit.php, (7) /clients/ajouter_client.php, (8) /clients/modifier_client.php.

7.5
2006-06-19 CVE-2006-3078 Apboard SQL Injection vulnerability in APBoard

Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID parameter in board.php and (2) viewcatmod parameter in main.php.

7.5
2006-06-19 CVE-2006-3075 Picturedis Remote File Include vulnerability in Picturedis Photoalbum and Picturedis Professional

Multiple PHP remote file inclusion vulnerabilities in PictureDis Professional 1.33 Build 234 and earlier and PictureDis Photoalbum 4.82 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to files in photoalbum/ including (1) thumstbl.php, (2) wpfiles.php, and (3) wallpapr.php.

7.5
2006-06-19 CVE-2006-3069 Iglooweb Remote File Include vulnerability in Iglooweb Doublespeak 0.1

** DISPUTED ** PHP remote file inclusion vulnerability in DoubleSpeak 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the config[private] parameter in multiple files, as demonstrated by (1) index.php, (2) faq.php, and (3) hardware.php.

7.5
2006-06-19 CVE-2006-3065 Blursoft SQL-Injection vulnerability in Blursoft Blur6Ex 0.3.462

SQL injection vulnerability in engine/shards/blog.php in blur6ex 0.3.462 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a proc_reply action in the blog shard.

7.5
2006-06-19 CVE-2006-3064 Coppermine SQL Injection vulnerability in Coppermine Photo Gallery 1.4.8

SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers.

7.5
2006-06-19 CVE-2006-3012 Eschew NET SQL Injection vulnerability in phpBannerExchange

SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via the (1) login parameter in (a) client/stats.php and (b) admin/stats.php, or the (2) pass parameter in client/stats.php.

7.5
2006-06-24 CVE-2006-3209 Microsoft Unspecified vulnerability in Microsoft Windows XP

** DISPUTED ** The Task scheduler (at.exe) on Microsoft Windows XP spawns each scheduled process with SYSTEM permissions, which allows local users to gain privileges.

7.2

93 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-06-23 CVE-2006-3183 Mobescripts Cross-Site Scripting vulnerability in Mobescripts Mobile Space Community 2.0

Cross-site scripting (XSS) vulnerability in index.php in MobeScripts Mobile Space Community 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) browse parameter, which is not filtered in the resulting error message, and multiple unspecified input fields, including those involved when (2) updating a profile, (3) posting comments or entries in a blog, (4) uploading files, (5) picture captions, and (6) sending a private message (PM).

6.8
2006-06-23 CVE-2006-3180 Swsoft Cross-Site Scripting vulnerability in Swsoft Confixx Pro3

Cross-site scripting (XSS) vulnerability in ftp_index.php in Confixx Pro 3.0 allows remote attackers to inject arbitrary web script or HTML via the path parameter.

6.8
2006-06-19 CVE-2006-3093 Adobe Security vulnerability in Adobe Reader

Multiple unspecified vulnerabilities in Adobe Acrobat Reader (acroread) before 7.0.8 have unknown impact and unknown vectors.

6.8
2006-06-24 CVE-2006-3208 Ultimate PHP Board Remote Security vulnerability in Ultimate PHP Board

Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in (1) admin_chatconfig.php, (2) admin_configcss.php, (3) admin_config.php, or (4) admin_config2.php, which are stored as configuration settings.

6.5
2006-06-22 CVE-2006-3147 Hosting Controller Privilege Escalation vulnerability in Hosting Controller Addreseller.ASP

Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix 3.2) allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors.

6.5
2006-06-23 CVE-2006-3194 Singapore Directory Traversal and Cross-Site Scripting vulnerability in Singapore Gallery

Directory traversal vulnerability in index.php in singapore 0.10.0 and earlier allows remote attackers to read arbitrary files via a ..

6.4
2006-06-19 CVE-2006-3076 Phpbluedragon Remote File Include vulnerability in PHPbluedragon CMS 2.9.1

PHP remote file inclusion vulnerability in software_upload/public_includes/pub_templates/vphptree/template.php in PhpBlueDragon CMS 2.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter.

6.4
2006-06-23 CVE-2006-3189 Hotplug CMS Cross-Site Scripting vulnerability in Hotplug CMS Hotplug CMS 1.0

Cross-site scripting (XSS) vulnerability in administration/tblcontent/login1.php in HotPlug CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

5.8
2006-06-22 CVE-2006-3157 Thinkfactory Cross-Site Scripting vulnerability in Thinkfactory UltimateGoogle

Cross-site scripting (XSS) vulnerability in index.php in Thinkfactory UltimateGoogle 1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the REQ parameter.

5.8
2006-06-22 CVE-2006-3132 QTO Cross-Site Scripting vulnerability in QTO Qtofilemanager 1.0

Cross-site scripting (XSS) vulnerability in qtofm.php4 in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, as originally reported for index.php.

5.8
2006-06-23 CVE-2006-2448 Linux Local Denial of Service vulnerability in Linux Kernel Signal_32.C

Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required access_ok checks, which allows local users to read arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of service (crash) and possibly read kernel memory on 32-bit systems (signal_32.c).

5.6
2006-06-24 CVE-2006-3210 LE Ralf Code Injection vulnerability in LE Ralf Image Gallery

Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0, when register_globals is enabled, allows remote attackers to conduct PHP remote file inclusion and directory traversal attacks via URLs or ".." sequences in the (1) dir_abs_src parameter in (a) check_entry.php, (b) admin_album.php, (c) admin_image.php, and (d) admin_util.php; and the (2) dir_abs_admin_src parameter in admin_album.php and admin_image.php.

5.1
2006-06-23 CVE-2006-2915 Deluxebb SQL Injection vulnerability in Deluxebb 1.06

Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail, (2) languagex, (3) xthetimeoffset, and (4) xthetimeformat parameters during account registration.

5.1
2006-06-23 CVE-2006-2914 Deluxebb Remote File Include vulnerability in Deluxebb 1.06

PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote attackers to execute arbitrary code via a URL in the templatefolder parameter to (1) postreply.php, (2) posting.php, (3) and pm/newpm.php in the deluxe/ directory, and (4) postreply.php, (5) posting.php, and (6) pm/newpm.php in the default/ directory.

5.1
2006-06-23 CVE-2006-3193 Grayscale Code Injection vulnerability in Grayscale Bandsite CMS 1.1.1

Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) includes/content/contact_content.php; multiple files in adminpanel/includes/add_forms/ including (2) addbioform.php, (3) addfliersform.php, (4) addgenmerchform.php, (5) addinterviewsform.php, (6) addlinksform.php, (7) addlyricsform.php, (8) addmembioform.php, (9) addmerchform.php, (10) addmerchpicform.php, (11) addnewsform.php, (12) addphotosform.php, (13) addreleaseform.php, (14) addreleasepicform.php, (15) addrelmerchform.php, (16) addreviewsform.php, (17) addshowsform.php, (18) addwearmerchform.php; (19) adminpanel/includes/mailinglist/disphtmltbl.php, and (20) adminpanel/includes/mailinglist/dispxls.php.

5.1
2006-06-22 CVE-2006-3014 Microsoft Improper Input Validation vulnerability in Microsoft Excel

Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.

5.1
2006-06-21 CVE-2006-2931 Hotwebscripts Arbitrary PHP Code Execution vulnerability in CMS Mundo

CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, which allows remote attackers to execute arbitrary PHP code by uploading and later directly accessing certain files.

5.1
2006-06-21 CVE-2006-3107 Docebo File Include vulnerability in Docebo

Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) admin/modules/news/news_class.php and (b) admin/modules/content/content_class.php, and (2) GLOBALS[where_cms] to (c) admin/modules/block_media/util.media.php.

5.1
2006-06-21 CVE-2006-3102 Bitweaver Remote Security vulnerability in Bitweaver 1.3

Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.

5.1
2006-06-20 CVE-2006-2942 Twiki Privilege Escalation vulnerability in Twiki 4.0.0/4.0.1/4.0.2

TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup.

5.1
2006-06-19 CVE-2006-3094 Vincent HOR SQL-Injection vulnerability in Calendarix Basic

Multiple SQL injection vulnerabilities in Calendarix Basic 0.7.20060401 and earlier, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) cal_event.php and (2) cal_popup.php.

5.1
2006-06-19 CVE-2006-3090 Phpmyfactures SQL-Injection vulnerability in PHPmyfactures 1.0

Multiple SQL injection vulnerabilities in PhpMyFactures 1.0, and possibly 1.2 and earlier, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_pays parameter in (a) /pays/modifier_pays.php; (2) id_produit, (3) quantite, (4) prix_ht, and (5) date parameter in (b) /stocks/ajouter.php; (6) id_cat parameter in (c) /produits/modifier_cat.php; (7) id_client parameter in (d) /clients/modifier_client.php; (8) id_remise parameter in (e) /remises/index.php; (9) id_taux parameter in (f) /tva/index.php; (10) ref_produit, and (11) id_stock parameter in (g) /stocks/index.php; (12) id_pays parameter in (h) /pays/index.php; and (13) id_cat parameter in (i) /produits/index.php.

5.1
2006-06-19 CVE-2006-3013 Eschew NET SQL Injection vulnerability in phpBannerExchange

Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null (%00) character after a valid e-mail address, which passes the validation check in the eregi PHP command.

5.1
2006-06-24 CVE-2006-3222 Fortinet Unspecified vulnerability in Fortinet Fortios

The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode.

5.0
2006-06-24 CVE-2006-3216 Clearswift Multiple vulnerability in Clearswift Mailsweeper FOR Exchange and Mailsweeper for Smtp

Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to cause a denial of service via (1) non-ASCII characters in a reverse DNS lookup result from a Received header, which leads to a Receiver service stop, and (2) unspecified vectors involving malformed messages, which causes "unpredictable behavior" that prevents the Security service from processing more messages.

5.0
2006-06-24 CVE-2006-3214 Hitachi Remote Denial of Service vulnerability in Hitachi Groupmax Address Server and Groupmax Mail Server

Unspecified vulnerability in Hitachi Groupmax Address Server 7 and earlier, and Groupmax Mail Server 7 and earlier allows remote attackers to cause a denial of service (product "stop") via unspecified vectors involving "unexpected requests".

5.0
2006-06-24 CVE-2006-3207 Ultimate PHP Board Directory Traversal vulnerability in Ultimate PHP Board

Directory traversal vulnerability in newpost.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to overwrite arbitrary files via a ..

5.0
2006-06-24 CVE-2006-3206 Ultimate PHP Board Remote Security vulnerability in Ultimate PHP Board

register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to create arbitrary accounts via the "[NR]" sequence in the signature field, which is used to separate multiple records.

5.0
2006-06-24 CVE-2006-3205 Ultimate PHP Board Remote Security vulnerability in Ultimate PHP Board

Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to gain access via modified user_env, pass_env, power_env, and id_env parameters in a cookie, which comprise a persistent logon that does not vary across sessions.

5.0
2006-06-24 CVE-2006-3204 Ultimate PHP Board Remote Security vulnerability in Ultimate PHP Board

Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext password, which is sent when logging in, and the ciphertext, which is set in the pass_env cookie.

5.0
2006-06-23 CVE-2006-2918 Lanap Botdetect Permissions, Privileges, and Access Controls vulnerability in Lanap Botdetect Captcha Asp.Net

The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote attackers to conduct automated attacks by "replaying the ViewState for a known number."

5.0
2006-06-23 CVE-2006-3200 Microsoft Denial-Of-Service vulnerability in Microsoft IE 6.0.2900

Unspecified versions of Internet Explorer allow remote attackers to cause a denial of service (crash) via an IFRAME with a src tag containing a "File://" URI followed by an 8-bit character.

5.0
2006-06-23 CVE-2006-3199 Opera Software Denial of Service vulnerability in Opera Software Opera web Browser 9

Opera 9 allows remote attackers to cause a denial of service (crash) via an A tag with an href attribute with a URL containing a long hostname, which triggers an out-of-bounds operation.

5.0
2006-06-23 CVE-2006-3196 Singapore Remote Security vulnerability in singapore

index.php in singapore 0.10.0 and earlier allows remote attackers to obtain the installation path via an invalid template parameter, which reveals the path in an error message.

5.0
2006-06-23 CVE-2006-3178 JED Wing Directory Traversal vulnerability in CHM Lib Extract_chmlib

Directory traversal vulnerability in extract_chmLib example program in CHM Lib (chmlib) before 0.38 allows remote attackers to overwrite arbitrary files via a CHM archive containing files with a ..

5.0
2006-06-23 CVE-2006-3171 Comscripts Remote Security vulnerability in Cs-Forum

CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php.

5.0
2006-06-23 CVE-2006-3170 Comscripts Information Disclosure vulnerability in Cs-Forum

CS-Forum before 0.82 allows remote attackers to obtain sensitive information via unspecified manipulations, possibly involving an empty collapse[] or readall parameter to index.php, which reveals the installation path in an error message.

5.0
2006-06-22 CVE-2006-3167 Free Realty Information Disclosure vulnerability in Free Realty

Free Realty before 2.9 allows remote attackers to obtain the full path and other sensitive information via unspecified manipulations that produce an error message.

5.0
2006-06-22 CVE-2006-3146 Toshiba
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Toshiba Bluetooth Stack

The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier on Windows allows remote attackers to cause a denial of service (reboot) via a L2CAP echo request that triggers an out-of-bounds memory access, similar to "Ping o' Death" and as demonstrated by BlueSmack.

5.0
2006-06-22 CVE-2006-3145 Netpbm Remote Off-By-One Buffer Overflow vulnerability in NetPBM Pamtofits

Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code when assembling the header, possibly related to an off-by-one error.

5.0
2006-06-21 CVE-2006-3112 Chipmailer Information Disclosure vulnerability in Chipmailer 1.09

Chipmailer 1.09 allows remote attackers to obtain sensitive information via a direct request to php.php, which displays the output of the phpinfo function.

5.0
2006-06-21 CVE-2006-3105 Bitweaver Remote Security vulnerability in Bitweaver 1.3

CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php.

5.0
2006-06-21 CVE-2006-3104 Bitweaver Information Disclosure vulnerability in Bitweaver 1.3

users/index.php in Bitweaver 1.3 allows remote attackers to obtain sensitive information via an invalid sort_mode parameter, which reveals the installation path and database information in the resultant error message.

5.0
2006-06-19 CVE-2006-3091 Phpmyfactures Remote Security vulnerability in PHPmyfactures 1.0

PhpMyFactures 1.0, and possibly 1.2 and earlier, allows remote attackers to obtain the installation path via a direct request to (1) /verif.php, (2) /inc/footer.php, and (3) /remises/ajouter_remise.php.

5.0
2006-06-19 CVE-2006-3082 Gnupg Numeric Errors vulnerability in Gnupg

parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.

5.0
2006-06-19 CVE-2006-3074 Kaspersky
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Kaspersky Anti-Virus and Kaspersky Internet Security

klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess.

5.0
2006-06-19 CVE-2006-3070 Zeroboard Unspecified vulnerability in Zeroboard 4.1Pl8

write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.

5.0
2006-06-19 CVE-2006-3068 IBM Resource Management Errors vulnerability in IBM DB2 Universal Database 8.1

IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote attackers to cause a denial of service (application crash) by sending "incorrect information ...

5.0
2006-06-19 CVE-2006-3067 IBM Denial-Of-Service vulnerability in IBM DB2 Universal Database 8.0/8.1

Multiple unspecified vulnerabilities in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allow remote attackers to cause a denial of service (application crash) via a (1) "long column list" in the (a) REPLACE INTO and (b) INSERT INTO portions of the LOAD command or a (2) large number of values in an IN clause, possibly related to a buffer overflow.

5.0
2006-06-19 CVE-2006-3066 IBM Denial of Service vulnerability in IBM DB2 Universal Database

Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial of service (application crash) via a long MGRLVLLS message inside of an EXCSAT message when establishing a connection.

5.0
2006-06-23 CVE-2006-3202 Netbsd Denial-Of-Service vulnerability in NetBSD

The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain configurations, does not check to see if IPv4-mapped sockets are being used before processing IPv6 socket options, which allows local users to cause a denial of service (crash) by creating an IPv4-mapped IPv6 socket with the SO_TIMESTAMP socket option set, then sending an IPv4 packet through the socket.

4.9
2006-06-23 CVE-2006-3201 HP Local Denial of Service vulnerability in HP Hp-Ux 11.00/11.11/11.23

Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.

4.9
2006-06-20 CVE-2006-3097 HP Local Denial of Service vulnerability in HP Hp-Ux 11.11/11.23

Unspecified vulnerability in Support Tools Manager (xstm, cstm, and stm) on HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.

4.9
2006-06-21 CVE-2006-3128 Easy CMS Unspecified vulnerability in Easy-Cms 0.1.2

choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does not restrict uploads of filenames with multiple extensions, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a GIF file extension, then directly accessing that file in the Repositories directory.

4.6
2006-06-19 CVE-2006-3072 Symantec Authentication Bypass vulnerability in Symantec Security Information Manager

M4 Macro Library in Symantec Security Information Manager before 4.0.2.29 HOTFIX 1 allows local users to execute arbitrary commands via crafted "rule definitions", which produces dangerous Java code during M4 transformation.

4.6
2006-06-24 CVE-2006-3212 Cjguestbook HTML Injection vulnerability in Cjguestbook 1.2

Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject web script or HTML via the (1) name, (2) email, (3) add, and (4) wName parameters.

4.3
2006-06-24 CVE-2006-3211 Cjguestbook HTML Injection vulnerability in Cjguestbook 1.2

Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter.

4.3
2006-06-23 CVE-2006-3197 Invision Power Services HTML Injection vulnerability in Invision Power Board

Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML.

4.3
2006-06-23 CVE-2006-3195 Singapore Directory Traversal and Cross-Site Scripting vulnerability in Singapore Gallery

Cross-site scripting (XSS) vulnerability in index.php in singapore 0.10.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the template parameter.

4.3
2006-06-23 CVE-2006-3191 Tpvgames Cross-Site Scripting vulnerability in Tpvgames Mpcs 0.2

Cross-site scripting (XSS) vulnerability in comment.php in MPCS 0.2 allows remote attackers to inject arbitrary web script or HTML via the pageid parameter.

4.3
2006-06-23 CVE-2006-3187 Sharky E Shop Cross-Site Scripting vulnerability in Sharky E-Shop Search_Prod_List.ASP

Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop 3.05 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) maingroup and (2) secondgroup parameters to (a) search_prod_list.asp, and the (3) maingroup parameter to (b) meny2.asp.

4.3
2006-06-23 CVE-2006-3186 CMS Faethon Cross-Site Scripting vulnerability in CMS Faethon CMS Faethon 1.3.2

Multiple cross-site scripting (XSS) vulnerabilities in CMS Faethon 1.3.2 allow remote attackers to inject arbitrary web script or HTML via the mainpath parameter to (1) data/footer.php and (2) admin/header.php.

4.3
2006-06-23 CVE-2006-3179 Swsoft Cross-Site Scripting vulnerability in SWSoft Confixx Pro

Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in Confixx Pro 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the account parameter.

4.3
2006-06-23 CVE-2006-3169 Comscripts Cross-Site Scripting vulnerability in Cs-Forum

Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (a) read.php; and the (3) id and (4) parent parameters and (5) CSForum_nom, (6) CSForum_mail, and (7) CSForum_url cookie parameters in (b) ajouter.php.

4.3
2006-06-22 CVE-2006-3166 Free Realty Cross-Site Scripting vulnerability in Free Realty

Cross-site scripting (XSS) vulnerability in propview.php in Free Realty 2.9-0.6 and earlier allows remote attackers to execute arbitrary web script or HTML via the sort parameter.

4.3
2006-06-22 CVE-2006-3156 Thinkfactory Cross-Site Scripting vulnerability in Thinkfactory Ultimate Eshop 1.0

Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate eShop 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the subid parameter.

4.3
2006-06-22 CVE-2006-3155 Thinkfactory Cross-Site Scripting vulnerability in Ultimate Estate

Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in (a) emailtofriend.pl or (b) violation.pl, (2) seller parameter in (c) vsoa.pl, (3) user parameter in (d) userask.pl or (e) leavefeed.pl, (4) itemnum parameter in userask.pl, (5) category parameter in (f) itemlist.pl, and the (6) query parameter in (g) search.pl.

4.3
2006-06-22 CVE-2006-3153 Thinkfactory Input Validation vulnerability in Ultimate Estate

Cross-site scripting (XSS) vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

4.3
2006-06-22 CVE-2006-3151 Associated Cross-Site Scripting vulnerability in AssoCIateD

Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD (aka ACID) 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter.

4.3
2006-06-22 CVE-2006-3149 Phpmyforum Cross-Site Scripting vulnerability in PHPmyforum 4.0/4.1/4.1.3

Cross-site scripting (XSS) vulnerability in topic.php in phpMyForum 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.

4.3
2006-06-22 CVE-2006-3141 Dpivision Cross-Site Scripting vulnerability in DPVision Tradingeye Shop Details.CFM

Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye Shop R4 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter.

4.3
2006-06-22 CVE-2006-3138 Accomplishtechnology Cross-Site Scripting vulnerability in Accomplishtechnology PHPmydirectory

Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory 10.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PIC parameter in offers-pix.php, (2) from parameter in cp/index.php, and (3) action parameter in cp/admin_index.php.

4.3
2006-06-22 CVE-2006-3137 Cutting Edge Computing Cross-Site Scripting vulnerability in The Edge eCommerce Shop ProductDetail.ASP

Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge eCommerce Shop allows remote attackers to inject arbitrary web script or HTML via the cart_id parameter.

4.3
2006-06-22 CVE-2006-3131 Clubpage Input Validation vulnerability in Clubpage

Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow remote attackers to inject arbitrary web script or HTML via the (1) news_archive, (2) language, and (3) intranetLogin parameters in (a) index.php; the (4) sites_id parameter in (b) sites.php; and the (5) news_id parameter in (c) news_more.php.

4.3
2006-06-22 CVE-2006-3129 NC Linklist Cross-Site Scripting vulnerability in NC Linklist NC Linklist 1.2

Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC LinkList 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) view parameters.

4.3
2006-06-21 CVE-2006-3110 Chipmailer Cross-Site Scripting vulnerability in Chipmailer 1.09

Cross-site scripting (XSS) vulnerability in main.php in Chipmailer 1.09 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) betreff, (3) mail, and (4) text parameters.

4.3
2006-06-21 CVE-2006-3109 Cisco Cross-Site Scripting vulnerability in Cisco CallManager

Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657.

4.3
2006-06-21 CVE-2006-3108 Emailarchitect Cross-Site Scripting vulnerability in Emailarchitect Email Server 6.1

Cross-site scripting (XSS) vulnerability in EmailArchitect Email Server 6.1 allows remote attackers to inject arbitrary Javascript via an HTML div tag with a carriage return between the onmouseover attribute and its value, which bypasses the mail filter.

4.3
2006-06-21 CVE-2006-3106 Fredi Bach Cross-Site Scripting vulnerability in Fredi Bach PHPmydesktop Arcade 1.0Final

Cross-site scripting (XSS) vulnerability in index.php in phpMyDesktop|Arcade 1.0 allows remote attackers to inject arbitrary web script or HTML via the subsite parameter in the subsite todo.

4.3
2006-06-21 CVE-2006-3103 Bitweaver Cross-Site Scripting vulnerability in Bitweaver 1.3

Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error parameter in users/login.php and the (2) feedback parameter in articles/index.php.

4.3
2006-06-21 CVE-2006-3101 Cisco Cross-Site Scripting vulnerability in Cisco Secure Access Control Server 2.3

Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters.

4.3
2006-06-19 CVE-2006-3095 Ipostmx Cross-Site Scripting vulnerability in IPostMX 2005 Userlogin.CFM and Account.CFM

Multiple cross-site scripting (XSS) vulnerabilities in iPostMX 2005 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the RETURNURL parameter in (1) userlogin.cfm and (2) account.cfm.

4.3
2006-06-19 CVE-2006-3089 Phpmyfactures Cross-Site Scripting vulnerability in PHPmyfactures 1.0

Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFactures 1.0, and possibly 1.2 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) prefixe_dossier parameter in (a) /inc/header.php; (2) msg parameter in (b) /remises/ajouter_remise.php, (c) /tva/ajouter_tva.php, (d) /stocks/ajouter.php, (e) /pays/ajouter_pays.php, (f) /produits/ajouter_cat.php, (g) /produits/ajouter_produit.php and (h) /produits/modifier_cat.php; (3) tire parameter in /remises/ajouter_remise.php; (4) quantite, (5) taux and (6) date parameter in /stocks/ajouter.php; and (7) pays and (8) prefixe parameter in /pays/ajouter_pays.php.

4.3
2006-06-19 CVE-2006-3088 Cescripts Cross-Site Scripting vulnerability in Car Classifieds

Cross-site scripting (XSS) vulnerability in index.php in Car Classifieds allows remote attackers to inject arbitrary web script or HTML via the make_id parameter.

4.3
2006-06-19 CVE-2006-3087 Ezgallery Cross-Site Scripting vulnerability in Ezgallery

Multiple cross-site scripting (XSS) vulnerabilities in EZGallery 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pUserID, (2) aid, (3) aname, (4) uid, and (5) m parameter in (a) common/galleries.asp; (6) aid, (7) aname, (8) uid, (9) m, (10) gp, and (11) g parameter in (b) common/pupload.asp; and (12) msg, (13) fn and (14) gp parameter in (c) common/upload.asp.

4.3
2006-06-19 CVE-2006-3080 Axent Cross-Site Scripting vulnerability in AxentForum viewposts.cfm

Cross-site scripting (XSS) vulnerability in viewposts.cfm in aXentForum II and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter.

4.3
2006-06-19 CVE-2006-3079 Sspwiz Cross-Site Scripting vulnerability in SSPwiz Plus

Cross-site scripting (XSS) vulnerability in index.cfm in SSPwiz Plus 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter.

4.3
2006-06-19 CVE-2006-3077 Axent Cross-Site Scripting vulnerability in Axentguestbook

Cross-site scripting (XSS) vulnerability in guestbook.cfm in aXentGuestbook 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter.

4.3
2006-06-19 CVE-2006-3060 Webexceluk Cross-Site Scripting vulnerability in Webexceluk P.A.I.D 2.2

Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) read parameter in index.php, (2) farea parameter in faq.php, and (3) unspecified input fields on the "My Account" login page.

4.3
2006-06-23 CVE-2006-2445 Linux Local Denial of Service vulnerability in Linux Kernel POSIX-CPU-TIMERS.C

Race condition in run_posix_cpu_timers in Linux kernel before 2.6.16.21 allows local users to cause a denial of service (BUG_ON crash) by causing one CPU to attach a timer to a process that is exiting.

4.0
2006-06-23 CVE-2006-3184 ASP Stats Generator Remote Security vulnerability in Asp Stats Generator

Direct static code injection vulnerability in ASP Stats Generator before 2.1.2 allows remote authenticated attackers to execute arbitrary ASP code via the strAsgSknPageBgColour parameter to settings_skin.asp, which is stored in inc_skin_file.asp.

4.0
2006-06-22 CVE-2006-3143 Maximus Cross-Site Scripting vulnerability in Maximus Schoolmax 4.0.1

Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus SchoolMAX 4.0.1 and earlier iCue and iParent applications allows remote attackers to inject arbitrary web script or HTML via the error_msg parameter.

4.0
2006-06-19 CVE-2006-3081 Mysql
Oracle
Remote Denial Of Service vulnerability in MySQL Server Str_To_Date

mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function.

4.0

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-06-24 CVE-2006-3217 Jaguarsoft Information Disclosure vulnerability in JaguarEdit ActiveX Control

JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows remote attackers to obtain sensitive information, such as the username and MAC and IP addresses, by setting the test field to certain values such as 2404 or 2790, then reading the information from the .JText field.

2.6
2006-06-23 CVE-2006-3174 Squirrelmail Cross-Site Scripting vulnerability in SquirrelMail

Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.

2.6
2006-06-22 CVE-2006-3160 Onedotoh Cross-Site Scripting vulnerability in Simple File Manager FM.php

Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple File Manager (SFM) 0.24a and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

2.6
2006-06-19 CVE-2006-3073 Cisco Cross-Site Scripting vulnerability in Cisco VPN3K/ASA WebVPN Clientless Mode

Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA).

2.6
2006-06-19 CVE-2006-3071 Anton Belev Cross-Site Scripting vulnerability in Anton Belev MP3 Search Archive 1.2

Cross-site scripting (XSS) vulnerability in index.php in MP3 Search/Archive 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter, as used by the "search box", and (2) res parameter.

2.6
2006-06-19 CVE-2006-3063 Myphp Guestbook Cross-Site Scripting vulnerability in MyPHP Guestbook

Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and before 2.0.1 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) email, (3) homepage, (4) id, (5) name, and (6) text parameters in (a) index.php, the (7) comment, (8) email, (9) homepage, (10) number, (11) name, and (12) text parameters in (b) admin/guestbook.php, and the (13) email, (14) homepage, (15) icq, (16) name, and (17) text parameters in (c) admin/edit.php.

2.6
2006-06-19 CVE-2006-3062 Myphp Guestbook Cross-Site Scripting vulnerability in Myphp Guestbook Myphp Guestbook 2.0.4

Cross-site scripting (XSS) vulnerability in index.php in myPHP Guestbook 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

2.6
2006-06-19 CVE-2006-3061 Review Script COM Cross-Site Scripting vulnerability in Review-Script.Com Five Star Review Script

Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review allow remote attackers to inject arbitrary web script or HTML via the (1) sort parameter in index2.php, (2) item_id parameter in report.php, (3) search_term parameter (aka the "search box") in search_reviews.php, (4) the profile field in usercp/profile_edit1.php, and the (5) review field in review_form.php.

2.6
2006-06-22 CVE-2006-3159 SUN Local Information Disclosure vulnerability in SUN Iplanet Messaging Server and ONE Messaging Server

pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message.

2.1