Weekly Vulnerabilities Reports > June 26 to July 2, 2006
Overview
114 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 40 high severity vulnerabilities. This weekly summary report vulnerabilities in 86 products from 74 vendors including Cisco, Apple, Spiffyjr, SUN, and Microsoft. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Resource Management Errors", "Permissions, Privileges, and Access Controls", "Use of Externally-Controlled Format String", and "Numeric Errors".
- 110 reported vulnerabilities are remotely exploitables.
- 7 reported vulnerabilities have public exploit available.
- 3 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 114 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 8 reported vulnerabilities.
- Cisco has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
4 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-06-27 | CVE-2006-3232 | IBM | Multiple vulnerability in IBM Websphere Application Server Prior to 6.0.2.11 Unspecified vulnerability in IBM WebSphere Application Server before 6.0.2.11 has unknown impact and attack vectors because the "UserNameToken cache was improperly used." | 10.0 |
2006-06-29 | CVE-2006-3308 | Zoid Technologies | Input Validation vulnerability in Project Eros BBSEngine Unspecified vulnerability in the wpprop code for Project EROS bbsengine before 20060622-0315 has unknown impact and remote attack vectors via [img] tags, possibly cross-site scripting (XSS). | 9.3 |
2006-06-28 | CVE-2006-3291 | Cisco | Configuration vulnerability in Cisco IOS 12.3(8)Ja/12.3(8)Ja1 The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system. | 9.3 |
2006-06-26 | CVE-2006-3228 | Nullsoft | Remote Security vulnerability in Winamp Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file. | 9.3 |
40 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-06-30 | CVE-2006-3117 | Openoffice SUN | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability." | 7.6 |
2006-06-30 | CVE-2006-2199 | Openoffice SUN | Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents. | 7.6 |
2006-06-30 | CVE-2006-2198 | Openoffice SUN | Permissions, Privileges, and Access Controls vulnerability in multiple products OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. | 7.6 |
2006-06-30 | CVE-2006-3334 | Greg Roelofs | Buffer Overflow vulnerability in Libpng Graphics Library Chunk Error Processing Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". | 7.5 |
2006-06-30 | CVE-2006-3332 | Phpoutsourcing | SQL Injection vulnerability in Zorum SQL injection vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to execute arbitrary SQL commands via the (1) offset, (2) tid, (3) fromid, (4) sortby, (5) fromfrommethod, and (6) fromfromlist parameters. | 7.5 |
2006-06-30 | CVE-2006-3329 | Deltascripts | Input Validation vulnerability in Deltascripts PHP Classifieds 6.04 SQL injection vulnerability in search.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the rate parameter. | 7.5 |
2006-06-30 | CVE-2006-3323 | Mastersfusion | Cross-Site Scripting vulnerability in Mastersfusion MF Piadas 1.0 PHP remote file inclusion vulnerability in admin/admin.php in MF Piadas 1.0 allows remote attackers to execute arbitrary PHP code via the page parameter. | 7.5 |
2006-06-29 | CVE-2006-3315 | Rahnemaco | Remote File Include vulnerability in RahnemaCo Page.PHP PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the osCsid parameter. | 7.5 |
2006-06-29 | CVE-2006-3314 | Rahnemaco | Remote File Include vulnerability in RahnemaCo Page.PHP PageID PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the pageid parameter. | 7.5 |
2006-06-29 | CVE-2006-3309 | Internet Scout Project | SQL Injection vulnerability in Scout Portal Tool Kit ForumTopics.PHP SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal Toolkit (SPT) 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | 7.5 |
2006-06-29 | CVE-2006-3307 | Zoid Technologies | Input Validation vulnerability in Zoid Technologies Project Eros Bbsengine 20060223 Multiple SQL injection vulnerabilities in Project EROS bbsengine before bbsengine-20060429-1550-jam allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters in the php/comment.php and (2) the getpartialmatches method in php/aolbonics.php. | 7.5 |
2006-06-29 | CVE-2006-3304 | Deluxebb | SQL Injection vulnerability in DeluxeBB CP.PHP SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier allows remote attackers to execute arbitrary SQL commands via the xmsn parameter. | 7.5 |
2006-06-29 | CVE-2006-3300 | Phpmysms | Remote File Include vulnerability in PHPMySMS Gateway.PHP PHP remote file inclusion vulnerability in sms_config/gateway.php in PhpMySms 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter. | 7.5 |
2006-06-29 | CVE-2006-3296 | George Currums | Input Validation vulnerability in George Currums Open Guestbook 0.5 SQL injection vulnerability in view.php in Open Guestbook 0.5 allows remote attackers to execute arbitrary SQL commands via the offset parameter. | 7.5 |
2006-06-28 | CVE-2006-3292 | Jaws | Input Validation vulnerability in Jaws 0.6.2 SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the "LIKE" keyword in the searchdata parameter (search field). | 7.5 |
2006-06-28 | CVE-2006-3287 | Cisco | Multiple Security vulnerability in Cisco Wireless Control System Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391). | 7.5 |
2006-06-28 | CVE-2006-3286 | Cisco | Multiple Security vulnerability in Cisco Wireless Control System 3.2(40)/3.2(51) The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(63) stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database (aka bug CSCsd15951). | 7.5 |
2006-06-28 | CVE-2006-3285 | Cisco | Multiple Security vulnerability in Cisco Wireless Control System 3.2(40) The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (aka bugs CSCsd15955). | 7.5 |
2006-06-28 | CVE-2006-3283 | Datetopia | SQL-Injection vulnerability in Datetopia Dating Agent PRO 4.7.1 SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to execute arbitrary SQL commands via the (1) pid parameter in picture.php, (2) mid parameter in mem.php, and the (3) sex and (4) relationship parameters in search.php. | 7.5 |
2006-06-28 | CVE-2006-3280 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability." | 7.5 |
2006-06-28 | CVE-2006-3276 | Realnetworks | Remote Code Execution vulnerability in RealNetworks Helix DNA Server 10.0/11.0 Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the "parsing of HTTP URL schemes". | 7.5 |
2006-06-28 | CVE-2006-3275 | Yabb | SQL Injection vulnerability in Yabb 1.5.1/1.5.2/1.5.4 SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action. | 7.5 |
2006-06-28 | CVE-2006-3271 | Softbiz | SQL Injection vulnerability in Softbiz Dating Script 1.0 Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php. | 7.5 |
2006-06-28 | CVE-2006-3270 | Thorcms | SQL-Injection vulnerability in Thorcms 1.3.1 SQL injection vulnerability in cms_admin.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via multiple unspecified parameters, such as the add_link_mid parameter. | 7.5 |
2006-06-28 | CVE-2006-3256 | Woltlab | SQL Injection vulnerability in Woltlab Burning Board 2.3.1 SQL injection vulnerability in report.php in Woltlab Burning Board (WBB) 2.3.1 allows remote attackers to execute arbitrary SQL commands via the postid parameter. | 7.5 |
2006-06-28 | CVE-2006-3255 | Woltlab | SQL Injection vulnerability in Woltlab Burning Board 1.2 SQL injection vulnerability in showmods.php in Woltlab Burning Board (WBB) 1.2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter. | 7.5 |
2006-06-28 | CVE-2006-3254 | Woltlab | SQL Injection vulnerability in Woltlab Burning Board 2.0Rc2 SQL injection vulnerability in newthread.php in Woltlab Burning Board (WBB) 2.0 RC2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter. | 7.5 |
2006-06-27 | CVE-2006-1469 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image. | 7.5 |
2006-06-27 | CVE-2006-3267 | Infinite Core Technologies | SQL Injection vulnerability in Infinite Core Technologies ICT SQL injection vulnerability in index.php in Infinite Core Technologies (ICT) 1.0 Gold and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter. | 7.5 |
2006-06-27 | CVE-2006-3263 | Mambo | SQL-Injection vulnerability in Mambo SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
2006-06-27 | CVE-2006-3262 | Mambo | SQL Injection vulnerability in Mambo Weblinks SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | 7.5 |
2006-06-27 | CVE-2006-3223 | Broadcom | Unspecified vulnerability in Broadcom products Format string vulnerability in CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP) r8 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a scan job with format strings in the description field. | 7.5 |
2006-06-27 | CVE-2006-3252 | Algorithmic Research | Remote Buffer Overflow vulnerability in Algorithmic Research Privatewire Gateway 3.7 Buffer overflow in the Online Registration Facility for Algorithmic Research PrivateWire VPN software up to 3.7 allows remote attackers to execute arbitrary code via a long GET request. | 7.5 |
2006-06-27 | CVE-2006-3251 | Hashcash | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Hashcash Heap-based buffer overflow in the array_push function in hashcash.c for Hashcash before 1.21 might allow attackers to execute arbitrary code via crafted entries. | 7.5 |
2006-06-27 | CVE-2006-3243 | Mybulletinboard | SQL-Injection vulnerability in MyBulletinBoard SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter. | 7.5 |
2006-06-27 | CVE-2006-3239 | Vbzoom | SQL Injection vulnerability in Vbzoom 1.00/1.01/1.11 SQL injection vulnerability in message.php in VBZooM 1.11 and earlier allows remote attackers to execute arbitrary SQL commands via the UserID parameter. | 7.5 |
2006-06-27 | CVE-2006-3238 | Vbzoom | SQL Injection vulnerability in VBZoom Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) MemberID parameter to rank.php, and the (2) QuranID parameter to lng.php. | 7.5 |
2006-06-27 | CVE-2006-3236 | Thinkfactory | SQL Injection vulnerability in thinkWMS Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) index.php or (b) printarticle.php, and the (2) catid parameter in index.php. | 7.5 |
2006-06-27 | CVE-2006-3234 | Looknet | Input Validation vulnerability in FineShop Multiple SQL injection vulnerabilities in index.php in FineShop 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) produkt, (2) id_produc, and (3) id_kat parameters. | 7.5 |
2006-06-26 | CVE-2006-3226 | Cisco | Authentication Bypass vulnerability in Cisco Secure ACS Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability." | 7.5 |
47 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-06-30 | CVE-2006-3330 | Deltascripts | Input Validation vulnerability in Deltascripts PHP Classifieds 6.04 Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the (1) ProductName ("Title" field), (2) url, and (3) Description parameters, possibly related to issues in add1.php. | 6.8 |
2006-06-30 | CVE-2006-3328 | Starflow Software | Cross-Site Scripting vulnerability in Starflow Software Hostflow 2.2.1.15 new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal and replay authentication credentials via an IMG tag in the desc parameter ("Ticket Description" field) that points to a URL that captures referer URLs, possibly due to a cross-site scripting (XSS) vulnerability or a leak of credentials in referer URLs. | 5.8 |
2006-06-26 | CVE-2006-3224 | Apple | Denial-Of-Service vulnerability in Apple Safari 2.0.3417.9.3 Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service (CPU consumption) via Javascript with an infinite for loop. | 5.4 |
2006-06-30 | CVE-2006-3322 | Spiffyjr | SQL Injection vulnerability in Spiffyjr PHPraid 3.0.5 SQL injection vulnerability in includes/functions_logging.php in phpRaid 3.0.5, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the log_hack function. | 5.1 |
2006-06-29 | CVE-2006-1467 | Apple | Numeric Errors vulnerability in Apple Itunes Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value. | 5.1 |
2006-06-29 | CVE-2006-3318 | Spiffyjr | SQL Injection vulnerability in Spiffyjr PHPraid 3.0.6 SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters. | 5.1 |
2006-06-29 | CVE-2006-3316 | Spiffyjr | Remote File Include vulnerability in Spiffyjr PHPraid 3.0.5 Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) logs.php and (2) users.php, a different set of vectors than CVE-2006-3116. | 5.1 |
2006-06-29 | CVE-2006-3116 | Spiffyjr | Remote File Include vulnerability in PHPRaid PHPRAID_DIR Parameter Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 and 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) configuration.php, (3) guilds.php, (4) index.php, (5) locations.php, (6) login.php, (7) lua_output.php, (8) permissions.php, (9) profile.php, (10) raids.php, (11) register.php, (12) roster.php, and (13) view.php. | 5.1 |
2006-06-29 | CVE-2006-3115 | Spiffyjr | SQL-Injection vulnerability in Spiffyjr PHPraid 3.0.4 SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the raid_id parameter. | 5.1 |
2006-06-29 | CVE-2006-3302 | Cbsms | Remote File Include vulnerability in Mambo Module PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosC_a_path parameter. | 5.1 |
2006-06-29 | CVE-2006-3294 | Cbsms | Remote File Include vulnerability in Cbsms Mambo Module 1.0 PHP remote file inclusion vulnerability in mod_cbsms_messages.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 5.1 |
2006-06-28 | CVE-2006-3281 | Microsoft | Improper Input Validation vulnerability in Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka "Folder GUID Code Execution Vulnerability." NOTE: directory traversal sequences were used in the original exploit, although their role is not clear. | 5.1 |
2006-06-28 | CVE-2006-3269 | Thorcms | Remote File Include vulnerability in Thorcms 1.3.1 PHP remote file inclusion vulnerability in includes/functions_cms.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. | 5.1 |
2006-06-28 | CVE-2006-2200 | Mimms Xine | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions. | 5.1 |
2006-06-27 | CVE-2006-3266 | Magnet | Remote File Include vulnerability in Bee-hive Multiple PHP remote file inclusion vulnerabilities in Bee-hive Lite 1.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) header parameter to (a) conad/include/rootGui.inc.php and (b) include/rootGui.inc.php; (2) mysqlCall parameter to (c) conad/changeEmail.inc.php, (d) conad/changeUserDetails.inc.php, (e) conad/checkPasswd.inc.php, (f) conad/login.inc.php and (g) conad/logout.inc.php; (3) mysqlcall parameter to (h) include/listall.inc.php; (4) prefix parameter to (i) show/index.php; and (5) config parameter to (j) conad/include/mysqlCall.inc.php. | 5.1 |
2006-06-27 | CVE-2006-3244 | Anthill | SQL Injection vulnerability in Anthill 0.3.0 Multiple SQL injection vulnerabilities in Anthill 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order parameter in buglist.php and the (2) bug parameter in query.php. | 5.1 |
2006-06-30 | CVE-2006-3331 | Opera | Unspecified vulnerability in Opera Browser Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks. | 5.0 |
2006-06-30 | CVE-2006-3325 | ID Software | Multiple vulnerability in Quake 3 client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. | 5.0 |
2006-06-30 | CVE-2006-3324 | ID Software | Multiple vulnerability in Quake 3 The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer. | 5.0 |
2006-06-29 | CVE-2006-3268 | Novell | Unspecified vulnerability in Novell Groupwise Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office. | 5.0 |
2006-06-29 | CVE-2006-3298 | Yahoo | Denial of Service vulnerability in Yahoo! Messenger Message Handling Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service (crash) via messages that contain non-ASCII characters, which triggers the crash in jscript.dll. | 5.0 |
2006-06-29 | CVE-2006-3293 | Proton | Denial of Service vulnerability in EnergyMech CTCP Notice parse_notice (TiCPU) in EnergyMech (emech) before 3.0.2 allows remote attackers to cause a denial of service (crash) via empty IRC CTCP NOTICE messages. | 5.0 |
2006-06-28 | CVE-2006-3290 | Cisco | Multiple Security vulnerability in Cisco Wireless Control System 3.2(40)/3.2(51) HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request. | 5.0 |
2006-06-28 | CVE-2006-3288 | Cisco | Multiple Security vulnerability in Cisco Wireless Control System 3.2(40)/3.2(51) Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character, allows remote authenticated users to read and overwrite arbitrary files via unspecified vectors. | 5.0 |
2006-06-28 | CVE-2006-3282 | Datetopia | Information Disclosure vulnerability in Datetopia Dating Agent PRO 4.7.1 requirements.php in Dating Agent PRO 4.7.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. | 5.0 |
2006-06-28 | CVE-2006-3277 | Mailenable | Resource Management Errors vulnerability in Mailenable Enterprise and Mailenable Professional The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote attackers to cause a denial of service (application crash) via a HELO command with a null byte in the argument, possibly triggering a length inconsistency or a missing argument. | 5.0 |
2006-06-28 | CVE-2006-3274 | Webmin | Remote Directory Traversal vulnerability in Webmin Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory. | 5.0 |
2006-06-28 | CVE-2006-3272 | Astrodog Press | Cross-Site Request Forgery vulnerability in Astrodog Press Some Chess 1.5Rc2 Cross-site request forgery (CSRF) vulnerability in menu.php in Some Chess 1.5 rc2 allows remote attackers to conduct actions as another user, such as changing usernames and passwords, via unspecified vectors. | 5.0 |
2006-06-27 | CVE-2006-1470 | Apple | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error. | 5.0 |
2006-06-27 | CVE-2006-1468 | Apple | Multiple Security vulnerability in Retired: Apple Mac OS X Unspecified vulnerability in Apple File Protocol (AFP) server in Apple Mac OS X 10.4 up to 10.4.6 includes the names of restricted files and folders within search results, which might allow remote attackers to obtain sensitive information. | 5.0 |
2006-06-26 | CVE-2006-2310 | NEW Atlanta Communications | Denial Of Service vulnerability in BlueDragon Server .CFM Files BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to cause a denial of service (hang) via a request for a .cfm file whose name contains an MS-DOS device name such as (1) con, (2) aux, (3) com1, and (4) com2. | 5.0 |
2006-06-27 | CVE-2006-1471 | Apple | USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted plist file. | 4.6 |
2006-06-26 | CVE-2006-3011 | PHP | Permissions, Privileges, and Access Controls vulnerability in PHP The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode. | 4.6 |
2006-06-26 | CVE-2006-2196 | Jochen Friedrich | Local Security vulnerability in Jochen Friedrich Pinball 0.3.1 Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at raised privileges. | 4.6 |
2006-06-30 | CVE-2006-3327 | E CBD BIZ | Input Validation vulnerability in E-Cbd.Biz Custom Dating BIZ Dating Script 1.0 Cross-site scripting (XSS) vulnerability in Custom dating biz dating script 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) sn20_special_cases parameter ("Special Cases" field) in profile/mini.php, (2) tyxx01_album_name parameter ("Album Name" field) in profile/photo_create.php, and the (3) u parameter in admin/user_view.php. | 4.3 |
2006-06-30 | CVE-2006-3321 | 2Enetworx | Cross-Site Injection vulnerability in OpenForum Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp in OpenForum 1.2 Beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ofdisp and (2) ofmsgid parameters. | 4.3 |
2006-06-30 | CVE-2006-3319 | PHP Icalendar | Cross-Site Scripting vulnerability in PHP iCalendar Cross-site scripting (XSS) vulnerability in rss/index.php in PHP iCalendar 2.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the cal parameter. | 4.3 |
2006-06-29 | CVE-2006-3312 | Qatraq | Cross-Site Scripting vulnerability in Qatraq 6.5 Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bill Echlin QaTraq 6.5 RC and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) link_print, (2) link_upgrade, (3) link_sql, (4) link_next, (5) link_prev, and (6) link_list parameters in top.inc as included by queries_view_search.php; the (7) msg, (8) component_name, and (9) component_desc parameters in (a) components_copy_content.php, (b) components_modify_content.php, and (c) components_new_content.php; the (10) title, (11) version, and (12) content parameters in design_copy_content.php; the (13) plan_title and (14) plan_content parameters in design_copy_plan_search.php; the (15) title, (16) minor_version, (17) new_version, and (18) content parameters in design_modify_content.php; the (19) title, (20) version, and (21) content parameters in design_new_content.php; the (22) plan_name and (23) plan_desc parameters in design_new_search.php; the (24) file_name parameter in download.php; the (25) username and (26) password parameters in login.php; the (27) title, (28) version, and (29) content parameters in phase_copy_content.php; the (30) content parameter in phase_delete_search.php; the (31) title, (32) minor_version, (33) new_version, and (34) content parameters in phase_modify_content.php; the (35) content, (36) title, (37) version, and (38) content parameters in phase_modify_search.php; the (39) content parameter in phase_view_search.php; the (40) msg, (41) product_name, and (42) product_desc parameters in products_copy_content.php; and possibly the (43) product_name and (44) product_desc parameters in (d) products_copy_search.php, and a large number of additional parameters and executables. | 4.3 |
2006-06-29 | CVE-2006-3306 | Zoid Technologies | Cross-Site Scripting vulnerability in Zoid Technologies Project Eros Bbsengine 20060223/20060429 Cross-site scripting (XSS) vulnerability in the preparestring function in lib/common.php in Project EROS bbsengine before 20060501-0142-jam, and possibly earlier versions dating back to 2006-02-23, might allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2006-06-29 | CVE-2006-3303 | Deluxebb | Cross-Site Scripting vulnerability in DeluxeBB Multiple cross-site scripting (XSS) vulnerabilities in pm.php in DeluxeBB 1.07 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) to parameters. | 4.3 |
2006-06-29 | CVE-2006-3297 | Uebimiau | Cross-Site Scripting vulnerability in Uebimiau 2.7.10 Cross-site scripting (XSS) vulnerability in error.php in UebiMiau Webmail 2.7.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the icq parameter. | 4.3 |
2006-06-28 | CVE-2006-3279 | Aewebworks | Cross-Site Scripting vulnerability in Aewebworks Aedating 4.1 Cross-site scripting (XSS) vulnerability in aeDating 4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) Sex parameter in index.php, (2) ProfileType parameter in join_form.php, and (3) Email parameter in forgot.php. | 4.3 |
2006-06-28 | CVE-2006-3257 | Claroline | Cross-Site Scripting vulnerability in Claroline 1.7.7 Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 allow remote attackers to inject arbitrary HTML or web script via unspecified attack vectors, possibly including (1) calendar/myagenda.php, (2) document/document.php, (3) phpbb/newtopic.php, (4) tracking/userLog.php, and (5) wiki/page.php. | 4.3 |
2006-06-27 | CVE-2006-3261 | Trend Micro | HTML Injection vulnerability in Trend Micro Control Manager 3.5 Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized before being displayed in the error log. | 4.3 |
2006-06-27 | CVE-2006-3260 | Virtual Design Studios | HTML Injection vulnerability in Virtual Design Studios Vlbook 1.0.2 Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | 4.3 |
2006-06-27 | CVE-2006-3259 | E107 | Cross-Site Scripting vulnerability in e107 Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment). | 4.3 |
2006-06-27 | CVE-2006-3231 | IBM | Multiple vulnerability in IBM Websphere Application Server Prior to 6.0.2.11 Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.11, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via "URIs with special characters." | 4.3 |
23 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-06-30 | CVE-2006-3333 | Phpoutsourcing | Cross-Site Scripting vulnerability in PHPoutsourcing Zorum 3.5 Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified parameters, including the (1) frommethod, (2) list, and (3) method, which are reflected in an error message. | 2.6 |
2006-06-30 | CVE-2006-3326 | Joesph Leung | Directory Traversal vulnerability in Joesph Leung Quickzip 3.06.3 Directory traversal vulnerability in QuickZip 3.06.3 allows remote user-assisted attackers to overwrite arbitrary files or directories via .. | 2.6 |
2006-06-30 | CVE-2006-3320 | Sitebar | Cross-Site Scripting vulnerability in SiteBar Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter. | 2.6 |
2006-06-29 | CVE-2006-3305 | Uebimiau | Cross-Site Scripting vulnerability in Uebimiau 2.7.10 Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmail 2.7.10, and 2.7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) f_user parameter in index.php, the (2) pag parameter in messages.php, or the (3) lid, (4) tid, and (5) sid parameters in error.php. | 2.6 |
2006-06-29 | CVE-2006-3301 | Phpqladmin | Cross-Site Scripting vulnerability in phpQLAdmin Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin 2.2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) user_add.php or (2) unit_add.php. | 2.6 |
2006-06-29 | CVE-2006-3299 | Metalheadws | Cross-Site Scripting vulnerability in Metalheadws Usenet 0.5 Cross-site scripting (XSS) vulnerability in index.php in Usenet Script 0.5 allows remote attackers to inject arbitrary web script or HTML via the group parameter. | 2.6 |
2006-06-28 | CVE-2006-3289 | Cisco | Multiple Security vulnerability in Cisco Wireless Control System 3.2(40)/3.2(51) Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL". | 2.6 |
2006-06-28 | CVE-2006-3284 | Datetopia | Cross-Site Scripting vulnerability in Datetopia Dating Agent PRO 4.7.1 Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in (1) webmaster/index.php and (2) search.php. | 2.6 |
2006-06-28 | CVE-2006-3278 | Positive Software | Cross-Site Scripting vulnerability in H-Sphere Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP when using the mailman/massmail.html template_name. | 2.6 |
2006-06-28 | CVE-2006-3273 | Astrodog Press | HTML Injection vulnerability in Astrodog Press Some Chess 1.5Rc1 Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 rc1 allows remote attackers to inject arbitrary web script or HTML via the user parameter ("New Name" field). | 2.6 |
2006-06-27 | CVE-2006-3265 | Qdig | Cross-Site Scripting vulnerability in Qdig Multiple cross-site scripting (XSS) vulnerabilities in index.php in Qdig before 1.2.9.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pre_gallery or (2) post_gallery parameters. | 2.6 |
2006-06-27 | CVE-2006-3258 | Bnbt | Cross-Site Scripting vulnerability in Bnbt Easytracker and Trinedit Multiple cross-site scripting (XSS) vulnerabilities in index.html in BNBT TrinEdit and EasyTracker 7.7r3.2004.10.27 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) filter or (2) sort parameters. | 2.6 |
2006-06-27 | CVE-2006-3247 | GL SH | Cross-Site Scripting vulnerability in GL-SH Deaf Forum Multiple cross-site scripting (XSS) vulnerabilities in show.php in GL-SH Deaf Forum 6.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) page, and (3) action parameters. | 2.6 |
2006-06-27 | CVE-2006-3246 | GL SH | Cross-Site Scripting vulnerability in Gl-Sh Deaf Forum 6.4.3 Cross-site scripting (XSS) vulnerability in show.php in GL-SH Deaf Forum 6.4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the sort parameter. | 2.6 |
2006-06-27 | CVE-2006-3245 | Mvnforum | Cross-Site Scripting vulnerability in MVNForum Activatemember Multiple cross-site scripting (XSS) vulnerabilities in activatemember in mvnForum 1.0 GA and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) member and (2) activatecode parameters. | 2.6 |
2006-06-27 | CVE-2006-3241 | Xennobb | Cross-Site Scripting vulnerability in XennoBB Cross-site scripting (XSS) vulnerability in messages.php in XennoBB 1.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the tid parameter. | 2.6 |
2006-06-27 | CVE-2006-3237 | Senokian Solutions | Cross-Site Scripting vulnerability in Senokian Solutions Enterprise Groupware Systems Cross-site scripting (XSS) vulnerability in index.php in Enterprise Groupware System (EGS) 1.2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter. | 2.6 |
2006-06-27 | CVE-2006-3235 | Looknet | Input Validation vulnerability in FineShop Multiple cross-site scripting (XSS) vulnerabilities in index.php in FineShop 3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) promocja, (2) wysw, or (3) id_produc parameters. | 2.6 |
2006-06-27 | CVE-2006-3230 | Azureus Tracker | Cross-Site Scripting vulnerability in Azureus Tracker Azureus Tracker 2.2.0.2/2.3.0.6/2.4.0.2 Cross-site scripting (XSS) vulnerability in index.tmpl in Azureus Tracker 2.4.0.2 and earlier (Java BitTorrent Client Tracker) allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 2.6 |
2006-06-26 | CVE-2006-3227 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 6.0.2900 Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which could be stripped by Internet Explorer to render legible text, but not when using other browsers. | 2.6 |
2006-06-26 | CVE-2006-3225 | SUN | Cross-Site Scripting vulnerability in SUN products Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors. | 2.6 |
2006-06-26 | CVE-2006-2311 | NEW Atlanta Communications | Cross-Site Scripting vulnerability in BlueDragon Server Error Page Cross-site scripting (XSS) vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a (1) .cfm or (2) .cfml file, which reflects the result in the default error page. | 2.6 |
2006-06-30 | CVE-2006-3118 | Canonical | Denial Of Service vulnerability in Spread Insecure Socket File Creation spread uses a temporary file with a static filename based on the port number, which allows local users to cause a denial of service by creating the file during a race condition between unlink and bind function calls. | 1.2 |