Weekly Vulnerabilities Reports > June 26 to July 2, 2006

Overview

128 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 42 high severity vulnerabilities. This weekly summary report vulnerabilities in 96 products from 83 vendors including Cisco, Apple, Spiffyjr, Microsoft, and SUN. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Resource Management Errors", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", and "Use of Externally-Controlled Format String".

  • 123 reported vulnerabilities are remotely exploitables.
  • 8 reported vulnerabilities have public exploit available.
  • 4 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 128 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

5 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-06-27 CVE-2006-3232 IBM Multiple vulnerability in IBM Websphere Application Server Prior to 6.0.2.11

Unspecified vulnerability in IBM WebSphere Application Server before 6.0.2.11 has unknown impact and attack vectors because the "UserNameToken cache was improperly used."

10.0
2006-06-29 CVE-2006-3308 Zoid Technologies Input Validation vulnerability in Project Eros BBSEngine

Unspecified vulnerability in the wpprop code for Project EROS bbsengine before 20060622-0315 has unknown impact and remote attack vectors via [img] tags, possibly cross-site scripting (XSS).

9.3
2006-06-28 CVE-2006-3291 Cisco Configuration vulnerability in Cisco IOS 12.3(8)Ja/12.3(8)Ja1

The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system.

9.3
2006-06-27 CVE-2006-3134 Gracenote Remote Buffer Overflow vulnerability in GraceNote CDDBControl ActiveX Control

Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by multiple products that use Gracenote CDDB, allows remote attackers to execute arbitrary code via a long option string.

9.3
2006-06-26 CVE-2006-3228 Nullsoft Remote Security vulnerability in Winamp

Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file.

9.3

42 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-06-30 CVE-2006-3117 Openoffice
SUN
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability."

7.6
2006-06-30 CVE-2006-2199 Openoffice
SUN
Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents.
7.6
2006-06-30 CVE-2006-2198 Openoffice
SUN
Permissions, Privileges, and Access Controls vulnerability in multiple products

OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user.

7.6
2006-06-30 CVE-2006-3334 Greg Roelofs Buffer Overflow vulnerability in Libpng Graphics Library Chunk Error Processing

Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name".

7.5
2006-06-30 CVE-2006-3332 Phpoutsourcing SQL Injection vulnerability in Zorum

SQL injection vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to execute arbitrary SQL commands via the (1) offset, (2) tid, (3) fromid, (4) sortby, (5) fromfrommethod, and (6) fromfromlist parameters.

7.5
2006-06-30 CVE-2006-3329 Deltascripts Input Validation vulnerability in Deltascripts PHP Classifieds 6.04

SQL injection vulnerability in search.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the rate parameter.

7.5
2006-06-30 CVE-2006-3323 Mastersfusion Cross-Site Scripting vulnerability in Mastersfusion MF Piadas 1.0

PHP remote file inclusion vulnerability in admin/admin.php in MF Piadas 1.0 allows remote attackers to execute arbitrary PHP code via the page parameter.

7.5
2006-06-29 CVE-2006-3315 Rahnemaco Remote File Include vulnerability in RahnemaCo Page.PHP

PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the osCsid parameter.

7.5
2006-06-29 CVE-2006-3314 Rahnemaco Remote File Include vulnerability in RahnemaCo Page.PHP PageID

PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the pageid parameter.

7.5
2006-06-29 CVE-2006-3309 Internet Scout Project SQL Injection vulnerability in Scout Portal Tool Kit ForumTopics.PHP

SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal Toolkit (SPT) 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.

7.5
2006-06-29 CVE-2006-3307 Zoid Technologies Input Validation vulnerability in Zoid Technologies Project Eros Bbsengine 20060223

Multiple SQL injection vulnerabilities in Project EROS bbsengine before bbsengine-20060429-1550-jam allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters in the php/comment.php and (2) the getpartialmatches method in php/aolbonics.php.

7.5
2006-06-29 CVE-2006-3304 Deluxebb SQL Injection vulnerability in DeluxeBB CP.PHP

SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier allows remote attackers to execute arbitrary SQL commands via the xmsn parameter.

7.5
2006-06-29 CVE-2006-3300 Phpmysms Remote File Include vulnerability in PHPMySMS Gateway.PHP

PHP remote file inclusion vulnerability in sms_config/gateway.php in PhpMySms 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter.

7.5
2006-06-29 CVE-2006-3296 George Currums Input Validation vulnerability in George Currums Open Guestbook 0.5

SQL injection vulnerability in view.php in Open Guestbook 0.5 allows remote attackers to execute arbitrary SQL commands via the offset parameter.

7.5
2006-06-28 CVE-2006-3292 Jaws Input Validation vulnerability in Jaws 0.6.2

SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the "LIKE" keyword in the searchdata parameter (search field).

7.5
2006-06-28 CVE-2006-3287 Cisco Multiple Security vulnerability in Cisco Wireless Control System

Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391).

7.5
2006-06-28 CVE-2006-3286 Cisco Multiple Security vulnerability in Cisco Wireless Control System 3.2(40)/3.2(51)

The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(63) stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database (aka bug CSCsd15951).

7.5
2006-06-28 CVE-2006-3285 Cisco Multiple Security vulnerability in Cisco Wireless Control System 3.2(40)

The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (aka bugs CSCsd15955).

7.5
2006-06-28 CVE-2006-3283 Datetopia SQL-Injection vulnerability in Datetopia Dating Agent PRO 4.7.1

SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to execute arbitrary SQL commands via the (1) pid parameter in picture.php, (2) mid parameter in mem.php, and the (3) sex and (4) relationship parameters in search.php.

7.5
2006-06-28 CVE-2006-3280 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 6.0

Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability."

7.5
2006-06-28 CVE-2006-3276 Realnetworks Remote Code Execution vulnerability in RealNetworks Helix DNA Server 10.0/11.0

Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the "parsing of HTTP URL schemes".

7.5
2006-06-28 CVE-2006-3275 Yabb SQL Injection vulnerability in Yabb 1.5.1/1.5.2/1.5.4

SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action.

7.5
2006-06-28 CVE-2006-3271 Softbiz SQL Injection vulnerability in Softbiz Dating Script 1.0

Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php.

7.5
2006-06-28 CVE-2006-3270 Thorcms SQL-Injection vulnerability in Thorcms 1.3.1

SQL injection vulnerability in cms_admin.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via multiple unspecified parameters, such as the add_link_mid parameter.

7.5
2006-06-28 CVE-2006-3256 Woltlab SQL Injection vulnerability in Woltlab Burning Board 2.3.1

SQL injection vulnerability in report.php in Woltlab Burning Board (WBB) 2.3.1 allows remote attackers to execute arbitrary SQL commands via the postid parameter.

7.5
2006-06-28 CVE-2006-3255 Woltlab SQL Injection vulnerability in Woltlab Burning Board 1.2

SQL injection vulnerability in showmods.php in Woltlab Burning Board (WBB) 1.2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter.

7.5
2006-06-28 CVE-2006-3254 Woltlab SQL Injection vulnerability in Woltlab Burning Board 2.0Rc2

SQL injection vulnerability in newthread.php in Woltlab Burning Board (WBB) 2.0 RC2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter.

7.5
2006-06-27 CVE-2006-1469 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image.

7.5
2006-06-27 CVE-2006-3267 Infinite Core Technologies SQL Injection vulnerability in Infinite Core Technologies ICT

SQL injection vulnerability in index.php in Infinite Core Technologies (ICT) 1.0 Gold and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter.

7.5
2006-06-27 CVE-2006-3263 Mambo SQL-Injection vulnerability in Mambo

SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2006-06-27 CVE-2006-3262 Mambo SQL Injection vulnerability in Mambo Weblinks

SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.

7.5
2006-06-27 CVE-2006-3223 Broadcom Unspecified vulnerability in Broadcom products

Format string vulnerability in CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP) r8 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a scan job with format strings in the description field.

7.5
2006-06-27 CVE-2006-3252 Algorithmic Research Remote Buffer Overflow vulnerability in Algorithmic Research Privatewire Gateway 3.7

Buffer overflow in the Online Registration Facility for Algorithmic Research PrivateWire VPN software up to 3.7 allows remote attackers to execute arbitrary code via a long GET request.

7.5
2006-06-27 CVE-2006-3251 Hashcash Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Hashcash

Heap-based buffer overflow in the array_push function in hashcash.c for Hashcash before 1.21 might allow attackers to execute arbitrary code via crafted entries.

7.5
2006-06-27 CVE-2006-3249 Phorum Unspecified vulnerability in Phorum

** DISPUTED ** SQL injection vulnerability in search.php in Phorum 5.1.14 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.

7.5
2006-06-27 CVE-2006-3243 Mybulletinboard SQL-Injection vulnerability in MyBulletinBoard

SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter.

7.5
2006-06-27 CVE-2006-3242 Mutt Remote Buffer Overflow vulnerability in Mutt BROWSE_GET_NAMESPACE IMAP Namespace Processing

Stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server.

7.5
2006-06-27 CVE-2006-3239 Vbzoom SQL Injection vulnerability in Vbzoom 1.00/1.01/1.11

SQL injection vulnerability in message.php in VBZooM 1.11 and earlier allows remote attackers to execute arbitrary SQL commands via the UserID parameter.

7.5
2006-06-27 CVE-2006-3238 Vbzoom SQL Injection vulnerability in VBZoom

Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) MemberID parameter to rank.php, and the (2) QuranID parameter to lng.php.

7.5
2006-06-27 CVE-2006-3236 Thinkfactory SQL Injection vulnerability in thinkWMS

Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) index.php or (b) printarticle.php, and the (2) catid parameter in index.php.

7.5
2006-06-27 CVE-2006-3234 Looknet Input Validation vulnerability in FineShop

Multiple SQL injection vulnerabilities in index.php in FineShop 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) produkt, (2) id_produc, and (3) id_kat parameters.

7.5
2006-06-26 CVE-2006-3226 Cisco Authentication Bypass vulnerability in Cisco Secure ACS

Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability."

7.5

54 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-06-30 CVE-2006-3330 Deltascripts Input Validation vulnerability in Deltascripts PHP Classifieds 6.04

Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the (1) ProductName ("Title" field), (2) url, and (3) Description parameters, possibly related to issues in add1.php.

6.8
2006-06-30 CVE-2006-3328 Starflow Software Cross-Site Scripting vulnerability in Starflow Software Hostflow 2.2.1.15

new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal and replay authentication credentials via an IMG tag in the desc parameter ("Ticket Description" field) that points to a URL that captures referer URLs, possibly due to a cross-site scripting (XSS) vulnerability or a leak of credentials in referer URLs.

5.8
2006-06-26 CVE-2006-3224 Apple Denial-Of-Service vulnerability in Apple Safari 2.0.3417.9.3

Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service (CPU consumption) via Javascript with an infinite for loop.

5.4
2006-06-30 CVE-2006-3322 Spiffyjr SQL Injection vulnerability in Spiffyjr PHPraid 3.0.5

SQL injection vulnerability in includes/functions_logging.php in phpRaid 3.0.5, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the log_hack function.

5.1
2006-06-29 CVE-2006-1467 Apple Numeric Errors vulnerability in Apple Itunes

Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value.

5.1
2006-06-29 CVE-2006-3318 Spiffyjr SQL Injection vulnerability in Spiffyjr PHPraid 3.0.6

SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters.

5.1
2006-06-29 CVE-2006-3317 Spiffyjr Remote File Include vulnerability in Spiffyjr PHPraid 3.0.6

PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) announcements.php and (2) rss.php, a different set of vectors and affected versions than CVE-2006-3316 and CVE-2006-3116.

5.1
2006-06-29 CVE-2006-3316 Spiffyjr Remote File Include vulnerability in Spiffyjr PHPraid 3.0.5

Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) logs.php and (2) users.php, a different set of vectors than CVE-2006-3116.

5.1
2006-06-29 CVE-2006-3116 Spiffyjr Remote File Include vulnerability in PHPRaid PHPRAID_DIR Parameter

Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 and 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) configuration.php, (3) guilds.php, (4) index.php, (5) locations.php, (6) login.php, (7) lua_output.php, (8) permissions.php, (9) profile.php, (10) raids.php, (11) register.php, (12) roster.php, and (13) view.php.

5.1
2006-06-29 CVE-2006-3115 Spiffyjr SQL-Injection vulnerability in Spiffyjr PHPraid 3.0.4

SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the raid_id parameter.

5.1
2006-06-29 CVE-2006-3302 Cbsms Remote File Include vulnerability in Mambo Module

PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosC_a_path parameter.

5.1
2006-06-29 CVE-2006-3294 Cbsms Remote File Include vulnerability in Cbsms Mambo Module 1.0

PHP remote file inclusion vulnerability in mod_cbsms_messages.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

5.1
2006-06-28 CVE-2006-3281 Microsoft Improper Input Validation vulnerability in Microsoft Internet Explorer 6.0

Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka "Folder GUID Code Execution Vulnerability." NOTE: directory traversal sequences were used in the original exploit, although their role is not clear.

5.1
2006-06-28 CVE-2006-3269 Thorcms Remote File Include vulnerability in Thorcms 1.3.1

PHP remote file inclusion vulnerability in includes/functions_cms.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.

5.1
2006-06-28 CVE-2006-2200 Mimms
Xine
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions.

5.1
2006-06-27 CVE-2006-3266 Magnet Remote File Include vulnerability in Bee-hive

Multiple PHP remote file inclusion vulnerabilities in Bee-hive Lite 1.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) header parameter to (a) conad/include/rootGui.inc.php and (b) include/rootGui.inc.php; (2) mysqlCall parameter to (c) conad/changeEmail.inc.php, (d) conad/changeUserDetails.inc.php, (e) conad/checkPasswd.inc.php, (f) conad/login.inc.php and (g) conad/logout.inc.php; (3) mysqlcall parameter to (h) include/listall.inc.php; (4) prefix parameter to (i) show/index.php; and (5) config parameter to (j) conad/include/mysqlCall.inc.php.

5.1
2006-06-27 CVE-2006-3250 Microsoft Remote Denial of Service vulnerability in Microsoft Windows Live Messenger 8.0

Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-assisted attackers to execute arbitrary code via a crafted Contact List (.ctt) file, which triggers the overflow when it is imported by the user.

5.1
2006-06-27 CVE-2006-3244 Anthill SQL Injection vulnerability in Anthill 0.3.0

Multiple SQL injection vulnerabilities in Anthill 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order parameter in buglist.php and the (2) bug parameter in query.php.

5.1
2006-06-30 CVE-2006-3331 Opera Software Unspecified vulnerability in Opera Software Opera web Browser

Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks.

5.0
2006-06-30 CVE-2006-3325 ID Software Multiple vulnerability in Quake 3

client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server.

5.0
2006-06-30 CVE-2006-3324 ID Software Multiple vulnerability in Quake 3

The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.

5.0
2006-06-30 CVE-2006-2934 Linux Resource Management Errors vulnerability in Linux Kernel

SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kernel 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer.

5.0
2006-06-29 CVE-2006-3268 Novell Unspecified vulnerability in Novell Groupwise

Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office.

5.0
2006-06-29 CVE-2006-3298 Yahoo Denial of Service vulnerability in Yahoo! Messenger Message Handling

Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service (crash) via messages that contain non-ASCII characters, which triggers the crash in jscript.dll.

5.0
2006-06-29 CVE-2006-3293 Proton Denial of Service vulnerability in EnergyMech CTCP Notice

parse_notice (TiCPU) in EnergyMech (emech) before 3.0.2 allows remote attackers to cause a denial of service (crash) via empty IRC CTCP NOTICE messages.

5.0
2006-06-28 CVE-2006-3290 Cisco Multiple Security vulnerability in Cisco Wireless Control System 3.2(40)/3.2(51)

HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request.

5.0
2006-06-28 CVE-2006-3288 Cisco Multiple Security vulnerability in Cisco Wireless Control System 3.2(40)/3.2(51)

Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character, allows remote authenticated users to read and overwrite arbitrary files via unspecified vectors.

5.0
2006-06-28 CVE-2006-3282 Datetopia Information Disclosure vulnerability in Datetopia Dating Agent PRO 4.7.1

requirements.php in Dating Agent PRO 4.7.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function.

5.0
2006-06-28 CVE-2006-3277 Mailenable Resource Management Errors vulnerability in Mailenable Enterprise and Mailenable Professional

The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote attackers to cause a denial of service (application crash) via a HELO command with a null byte in the argument, possibly triggering a length inconsistency or a missing argument.

5.0
2006-06-28 CVE-2006-3274 Webmin Remote Directory Traversal vulnerability in Webmin

Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory.

5.0
2006-06-28 CVE-2006-3272 Astrodog Press Cross-Site Request Forgery vulnerability in Astrodog Press Some Chess 1.5Rc2

Cross-site request forgery (CSRF) vulnerability in menu.php in Some Chess 1.5 rc2 allows remote attackers to conduct actions as another user, such as changing usernames and passwords, via unspecified vectors.

5.0
2006-06-27 CVE-2006-1470 Apple Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server

OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error.

5.0
2006-06-27 CVE-2006-1468 Apple Multiple Security vulnerability in Retired: Apple Mac OS X

Unspecified vulnerability in Apple File Protocol (AFP) server in Apple Mac OS X 10.4 up to 10.4.6 includes the names of restricted files and folders within search results, which might allow remote attackers to obtain sensitive information.

5.0
2006-06-26 CVE-2006-2310 NEW Atlanta Communications Denial Of Service vulnerability in BlueDragon Server .CFM Files

BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to cause a denial of service (hang) via a request for a .cfm file whose name contains an MS-DOS device name such as (1) con, (2) aux, (3) com1, and (4) com2.

5.0
2006-06-27 CVE-2006-1471 Apple USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server

Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted plist file.

4.6
2006-06-26 CVE-2006-3011 PHP Permissions, Privileges, and Access Controls vulnerability in PHP

The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.

4.6
2006-06-26 CVE-2006-2196 Jochen Friedrich Local Security vulnerability in Jochen Friedrich Pinball 0.3.1

Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at raised privileges.

4.6
2006-06-30 CVE-2006-3327 E CBD BIZ Input Validation vulnerability in E-Cbd.Biz Custom Dating BIZ Dating Script 1.0

Cross-site scripting (XSS) vulnerability in Custom dating biz dating script 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) sn20_special_cases parameter ("Special Cases" field) in profile/mini.php, (2) tyxx01_album_name parameter ("Album Name" field) in profile/photo_create.php, and the (3) u parameter in admin/user_view.php.

4.3
2006-06-30 CVE-2006-3321 2Enetworx Cross-Site Injection vulnerability in OpenForum

Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp in OpenForum 1.2 Beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ofdisp and (2) ofmsgid parameters.

4.3
2006-06-30 CVE-2006-3319 PHP Icalendar Cross-Site Scripting vulnerability in PHP iCalendar

Cross-site scripting (XSS) vulnerability in rss/index.php in PHP iCalendar 2.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the cal parameter.

4.3
2006-06-29 CVE-2006-3312 Qatraq Cross-Site Scripting vulnerability in Qatraq 6.5

Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bill Echlin QaTraq 6.5 RC and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) link_print, (2) link_upgrade, (3) link_sql, (4) link_next, (5) link_prev, and (6) link_list parameters in top.inc as included by queries_view_search.php; the (7) msg, (8) component_name, and (9) component_desc parameters in (a) components_copy_content.php, (b) components_modify_content.php, and (c) components_new_content.php; the (10) title, (11) version, and (12) content parameters in design_copy_content.php; the (13) plan_title and (14) plan_content parameters in design_copy_plan_search.php; the (15) title, (16) minor_version, (17) new_version, and (18) content parameters in design_modify_content.php; the (19) title, (20) version, and (21) content parameters in design_new_content.php; the (22) plan_name and (23) plan_desc parameters in design_new_search.php; the (24) file_name parameter in download.php; the (25) username and (26) password parameters in login.php; the (27) title, (28) version, and (29) content parameters in phase_copy_content.php; the (30) content parameter in phase_delete_search.php; the (31) title, (32) minor_version, (33) new_version, and (34) content parameters in phase_modify_content.php; the (35) content, (36) title, (37) version, and (38) content parameters in phase_modify_search.php; the (39) content parameter in phase_view_search.php; the (40) msg, (41) product_name, and (42) product_desc parameters in products_copy_content.php; and possibly the (43) product_name and (44) product_desc parameters in (d) products_copy_search.php, and a large number of additional parameters and executables.

4.3
2006-06-29 CVE-2006-3306 Zoid Technologies Cross-Site Scripting vulnerability in Zoid Technologies Project Eros Bbsengine 20060223/20060429

Cross-site scripting (XSS) vulnerability in the preparestring function in lib/common.php in Project EROS bbsengine before 20060501-0142-jam, and possibly earlier versions dating back to 2006-02-23, might allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2006-06-29 CVE-2006-3303 Deluxebb Cross-Site Scripting vulnerability in DeluxeBB

Multiple cross-site scripting (XSS) vulnerabilities in pm.php in DeluxeBB 1.07 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) to parameters.

4.3
2006-06-29 CVE-2006-3297 Uebimiau Cross-Site Scripting vulnerability in Uebimiau 2.7.10

Cross-site scripting (XSS) vulnerability in error.php in UebiMiau Webmail 2.7.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the icq parameter.

4.3
2006-06-29 CVE-2006-3295 George Currums Input Validation vulnerability in George Currums Open Guestbook 0.5

Cross-site scripting (XSS) vulnerability in header.php in Open Guestbook 0.5 allows remote attackers to inject arbitrary web script or HTML via the title parameter.

4.3
2006-06-28 CVE-2006-3279 Aewebworks Cross-Site Scripting vulnerability in Aewebworks Aedating 4.1

Cross-site scripting (XSS) vulnerability in aeDating 4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) Sex parameter in index.php, (2) ProfileType parameter in join_form.php, and (3) Email parameter in forgot.php.

4.3
2006-06-28 CVE-2006-3257 Claroline Cross-Site Scripting vulnerability in Claroline 1.7.7

Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 allow remote attackers to inject arbitrary HTML or web script via unspecified attack vectors, possibly including (1) calendar/myagenda.php, (2) document/document.php, (3) phpbb/newtopic.php, (4) tracking/userLog.php, and (5) wiki/page.php.

4.3
2006-06-27 CVE-2006-3261 Trend Micro HTML Injection vulnerability in Trend Micro Control Manager 3.5

Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized before being displayed in the error log.

4.3
2006-06-27 CVE-2006-3260 Virtual Design Studios HTML Injection vulnerability in Virtual Design Studios Vlbook 1.0.2

Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 allows remote attackers to inject arbitrary web script or HTML via the message parameter.

4.3
2006-06-27 CVE-2006-3259 E107 Cross-Site Scripting vulnerability in e107

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment).

4.3
2006-06-27 CVE-2006-3240 Dotproject Cross-Site Scripting vulnerability in Dotproject 2.0/2.0.1/2.0.2

Cross-site scripting (XSS) vulnerability in classes/ui.class.php in dotProject 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.

4.3
2006-06-27 CVE-2006-3233 Open Webmail Cross-Site Scripting vulnerability in Open WebMail Openwebmail-read.PL

Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field.

4.3
2006-06-27 CVE-2006-3231 IBM Multiple vulnerability in IBM Websphere Application Server Prior to 6.0.2.11

Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.11, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via "URIs with special characters."

4.3
2006-06-27 CVE-2006-3229 Open Webmail Unspecified vulnerability in Open Webmail Open Webmail

Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to "openwebmailerror calls that need to display HTML."

4.3

27 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-06-30 CVE-2006-3333 Phpoutsourcing Cross-Site Scripting vulnerability in PHPoutsourcing Zorum 3.5

Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified parameters, including the (1) frommethod, (2) list, and (3) method, which are reflected in an error message.

2.6
2006-06-30 CVE-2006-3326 Joesph Leung Directory Traversal vulnerability in Joesph Leung Quickzip 3.06.3

Directory traversal vulnerability in QuickZip 3.06.3 allows remote user-assisted attackers to overwrite arbitrary files or directories via ..

2.6
2006-06-30 CVE-2006-3320 Sitebar Cross-Site Scripting vulnerability in SiteBar

Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter.

2.6
2006-06-29 CVE-2006-3313 Netsoft Cross-Site Scripting vulnerability in Netsoft Smartnet 2.0

Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft smartNet 2.0 allows remote attackers to inject arbitrary web script or HTML via the keyWord parameter.

2.6
2006-06-29 CVE-2006-3305 Uebimiau Cross-Site Scripting vulnerability in Uebimiau 2.7.10

Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmail 2.7.10, and 2.7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) f_user parameter in index.php, the (2) pag parameter in messages.php, or the (3) lid, (4) tid, and (5) sid parameters in error.php.

2.6
2006-06-29 CVE-2006-3301 Phpqladmin Cross-Site Scripting vulnerability in phpQLAdmin

Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin 2.2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) user_add.php or (2) unit_add.php.

2.6
2006-06-29 CVE-2006-3299 Metalheadws Cross-Site Scripting vulnerability in Metalheadws Usenet 0.5

Cross-site scripting (XSS) vulnerability in index.php in Usenet Script 0.5 allows remote attackers to inject arbitrary web script or HTML via the group parameter.

2.6
2006-06-28 CVE-2006-3289 Cisco Multiple Security vulnerability in Cisco Wireless Control System 3.2(40)/3.2(51)

Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL".

2.6
2006-06-28 CVE-2006-3284 Datetopia Cross-Site Scripting vulnerability in Datetopia Dating Agent PRO 4.7.1

Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in (1) webmaster/index.php and (2) search.php.

2.6
2006-06-28 CVE-2006-3278 Positive Software Cross-Site Scripting vulnerability in H-Sphere

Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP when using the mailman/massmail.html template_name.

2.6
2006-06-28 CVE-2006-3273 Astrodog Press HTML Injection vulnerability in Astrodog Press Some Chess 1.5Rc1

Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 rc1 allows remote attackers to inject arbitrary web script or HTML via the user parameter ("New Name" field).

2.6
2006-06-28 CVE-2006-3253 Jelsoft Cross-Site Scripting vulnerability in Vbulletin

** DISPUTED ** Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter.

2.6
2006-06-27 CVE-2006-3265 Qdig Cross-Site Scripting vulnerability in Qdig

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Qdig before 1.2.9.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pre_gallery or (2) post_gallery parameters.

2.6
2006-06-27 CVE-2006-3264 Namo Cross-Site Scripting vulnerability in Namo Deepsearch 4.5

Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo DeepSearch 4.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter.

2.6
2006-06-27 CVE-2006-3258 Bnbt Cross-Site Scripting vulnerability in Bnbt Easytracker and Trinedit

Multiple cross-site scripting (XSS) vulnerabilities in index.html in BNBT TrinEdit and EasyTracker 7.7r3.2004.10.27 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) filter or (2) sort parameters.

2.6
2006-06-27 CVE-2006-3247 GL SH Cross-Site Scripting vulnerability in GL-SH Deaf Forum

Multiple cross-site scripting (XSS) vulnerabilities in show.php in GL-SH Deaf Forum 6.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) page, and (3) action parameters.

2.6
2006-06-27 CVE-2006-3246 GL SH Cross-Site Scripting vulnerability in Gl-Sh Deaf Forum 6.4.3

Cross-site scripting (XSS) vulnerability in show.php in GL-SH Deaf Forum 6.4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the sort parameter.

2.6
2006-06-27 CVE-2006-3245 Mvnforum Cross-Site Scripting vulnerability in MVNForum Activatemember

Multiple cross-site scripting (XSS) vulnerabilities in activatemember in mvnForum 1.0 GA and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) member and (2) activatecode parameters.

2.6
2006-06-27 CVE-2006-3241 Xennobb Cross-Site Scripting vulnerability in XennoBB

Cross-site scripting (XSS) vulnerability in messages.php in XennoBB 1.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the tid parameter.

2.6
2006-06-27 CVE-2006-3237 Senokian Solutions Cross-Site Scripting vulnerability in Senokian Solutions Enterprise Groupware Systems

Cross-site scripting (XSS) vulnerability in index.php in Enterprise Groupware System (EGS) 1.2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter.

2.6
2006-06-27 CVE-2006-3235 Looknet Input Validation vulnerability in FineShop

Multiple cross-site scripting (XSS) vulnerabilities in index.php in FineShop 3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) promocja, (2) wysw, or (3) id_produc parameters.

2.6
2006-06-27 CVE-2006-3230 Azureus Tracker Cross-Site Scripting vulnerability in Azureus Tracker Azureus Tracker 2.2.0.2/2.3.0.6/2.4.0.2

Cross-site scripting (XSS) vulnerability in index.tmpl in Azureus Tracker 2.4.0.2 and earlier (Java BitTorrent Client Tracker) allows remote attackers to inject arbitrary web script or HTML via the search parameter.

2.6
2006-06-26 CVE-2006-3227 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 6.0.2900

Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which could be stripped by Internet Explorer to render legible text, but not when using other browsers.

2.6
2006-06-26 CVE-2006-3225 SUN Cross-Site Scripting vulnerability in SUN products

Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.

2.6
2006-06-26 CVE-2006-2311 NEW Atlanta Communications Cross-Site Scripting vulnerability in BlueDragon Server Error Page

Cross-site scripting (XSS) vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a (1) .cfm or (2) .cfml file, which reflects the result in the default error page.

2.6
2006-06-27 CVE-2006-0456 Linux Local vulnerability in Linux Kernel IBM S/390 strnlen_user

The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 can return an incorrect value, which allows local users to cause a denial of service via unknown vectors.

2.1
2006-06-30 CVE-2006-3118 Canonical Denial Of Service vulnerability in Spread Insecure Socket File Creation

spread uses a temporary file with a static filename based on the port number, which allows local users to cause a denial of service by creating the file during a race condition between unlink and bind function calls.

1.2