Weekly Vulnerabilities Reports > July 3 to 9, 2006

Overview

101 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 31 high severity vulnerabilities. This weekly summary report vulnerabilities in 83 products from 75 vendors including TOR, Microsoft, Novell, Lumension, and Vincent Leclercq. Vulnerabilities are notably categorized as "Code Injection", "Resource Management Errors", "Permissions, Privileges, and Access Controls", "Information Exposure", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 94 reported vulnerabilities are remotely exploitables.
  • 14 reported vulnerabilities have public exploit available.
  • 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 101 reported vulnerabilities are exploitable by an anonymous user.
  • TOR has the most reported vulnerabilities, with 13 reported vulnerabilities.
  • Webex Communications has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-07-07 CVE-2006-3423 Webex Communications Improper Input Validation vulnerability in Webex Communications Downloader Activexcontrol and Downloader Java

WebEx Downloader ActiveX Control and WebEx Downloader Java before 2.1.0.0 do not validate downloaded components, which allows remote attackers to execute arbitrary code via a website that activates the GpcUrlRoot and GpcIniFileName ActiveX controls to cause the client to download a DLL file.

9.3

31 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-07-06 CVE-2006-3393 Electronic Arts Remote Denial of Service vulnerability in NASCAR Racing UDP Datagram

Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and earlier, and 2003 Season 1.2.0.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending an empty UDP datagram, which is not properly discarded due to use of the FIONREAD asynchronous socket.

7.8
2006-07-08 CVE-2006-1176 Ebay Remote Buffer Overflow vulnerability in EBay Enhanced Picture Service ActiveX

Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl Class) in EUPWALcontrol.dll before 1.0.3.48, as used in Sell Your Item (SYI), Setup & Test eBay Enhanced Picture Services, Picture Manager Enhanced Uploader, and CARad.com Add Vehicle, allows remote attackers to execute arbitrary code via a crafted HTML document.

7.5
2006-07-07 CVE-2006-3431 Microsoft Remote Code Execution vulnerability in Microsoft Excel Style Handling and Repair

Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls.

7.5
2006-07-07 CVE-2006-3430 Lumension
Novell
SQL Injection vulnerability in multiple products

SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter.

7.5
2006-07-07 CVE-2006-3425 Lumension
Novell
Authentication Bypass vulnerability in PatchLink Update Server Proxyreg.ASP

FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters.

7.5
2006-07-07 CVE-2006-3424 Webex Communications Remote Security vulnerability in Webex Downloader Activex Control

Multiple buffer overflows in WebEx Downloader ActiveX Control, possibly in versions before November 2005, allow remote attackers to execute arbitrary code via unspecified vectors.

7.5
2006-07-07 CVE-2006-3422 Wonderedit Remote File Include vulnerability in Wonderedit PRO CMS Gold

PHP remote file inclusion vulnerability in WonderEdit Pro CMS allows remote attackers to execute arbitrary PHP code via the config[template_path] parameter in user_bottom.php, as used by multiple templates including (1) rwb (template/rwb/user_bottom.php), (2) gwb (template/rwb/user_bottom.php, (3) blues, (4) bluwhi, and (5) grns.

7.5
2006-07-07 CVE-2006-3420 Mybulletinboard Cross-Site Request Forgery vulnerability in MyBulletinBoard

Cross-site request forgery (CSRF) vulnerability in editpost.php in MyBulletinBoard (MyBB) before 1.1.5 allows remote attackers to perform unauthorized actions as a logged in user and delete arbitrary forum posts via a bbcode IMG tag with a modified delete parameter in a deletepost action.

7.5
2006-07-07 CVE-2006-3409 TOR Information Disclosure And Denial of Service vulnerability in Trac

Integer overflow in Tor before 0.1.1.20 allows remote attackers to execute arbitrary code via crafted large inputs, which result in a buffer overflow when elements are added to smartlists.

7.5
2006-07-06 CVE-2006-3402 Virtuastore SQL Injection vulnerability in Virtuastore 2.0

SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers to execute arbitrary SQL commands via the password parameter when logging in.

7.5
2006-07-06 CVE-2006-3401 ID Software Buffer Errors vulnerability in ID Software Quake 3 Engine 1.32B/1.32C/Icculus812

Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause a denial of service and possibly execute code via long CS_ITEMS values.

7.5
2006-07-06 CVE-2006-3400 ID Software
Raven Software
Stack Buffer Overflow vulnerability in Quake 3 Engine Client

Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server.

7.5
2006-07-06 CVE-2006-3394 Bxcp SQL Injection vulnerability in Bxcp 0.2.9.7/0.3

SQL injection vulnerability in the files mod in index.php in BXCP 0.3.0.4 allows remote attackers to execute arbitrary SQL commands via the where parameter in a view action.

7.5
2006-07-06 CVE-2006-3381 Sturgeon Upload Unspecified vulnerability in Sturgeon Upload Sturgeon Upload

SturGeoN Upload allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension, then directly accessing the file.

7.5
2006-07-06 CVE-2006-3376 Wvware Integer Overflow vulnerability in Wvware Libwmf and WV2

Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.

7.5
2006-07-06 CVE-2006-3375 Randshop Remote File Include vulnerability in Randshop 1.1.1

PHP remote file inclusion vulnerability in includes/header.inc.php in Randshop 1.1.1 allows remote attackers to execute arbitrary PHP code via the dateiPfad parameter.

7.5
2006-07-06 CVE-2006-3374 Randshop Remote File Include vulnerability in Randshop 0.9.3

PHP remote file inclusion vulnerability in index.php in Randshop 1.2 and earlier, including 0.9.3, allows remote attackers to execute arbitrary PHP code via a URL in the incl parameter.

7.5
2006-07-06 CVE-2006-3364 F ART Agency SQL-Injection vulnerability in Blog Cms

SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-07-06 CVE-2006-3359 Newsphp Input Validation vulnerability in Newsphp 2006Pro

Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) topmenuitem, and (4) cat_id parameters in (a) index.php; and the (5) category parameter in (b) inc/rss_feed.php.

7.5
2006-07-06 CVE-2006-3357 Microsoft Unspecified vulnerability in Microsoft IE 6.0

Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, possibly related to improper escaping and long strings.

7.5
2006-07-06 CVE-2006-3355 Mpg123 Remote Buffer Overflow vulnerability in Mpg123 Pre0.59Sr11

Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function.

7.5
2006-07-03 CVE-2006-3349 SMS Script SQL-Injection vulnerability in Sms Script

Multiple SQL injection vulnerabilities in SmS Script allow remote attackers to execute arbitrary SQL commands via the CatID parameter in (1) cat.php and (2) add.php.

7.5
2006-07-03 CVE-2006-3348 Swsoft SQL-Injection vulnerability in Swsoft Hspcomplete 3.2.2

Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 Beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in report.php and (2) level parameter in custom_buttons.php.

7.5
2006-07-03 CVE-2006-3347 Devilz Clanportal SQL Injection vulnerability in Devilz Clanportal Devilz Clanportal 1.3.4

SQL injection vulnerability in index.php in deV!Lz Clanportal DZCP 1.3.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-07-03 CVE-2006-3346 Carlos Sanchez Valle SQL Injection vulnerability in Carlos Sanchez Valle Mynewsgroups 0.6

SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows remote attackers to execute arbitrary SQL commands via the grp_id parameter.

7.5
2006-07-03 CVE-2006-3344 Siemens Permissions, Privileges, and Access Controls vulnerability in Siemens Speedstream Wireless Router 2624

Siemens Speedstream Wireless Router 2624 allows local users to bypass authentication and access protected files by using the Universal Plug and Play UPnP/1.0 component.

7.5
2006-07-03 CVE-2006-3343 Crisoft Ricette Remote File Include vulnerability in Crisoft Ricette Crisoft Ricette 1.0Pre15B

PHP remote file inclusion vulnerability in recipe/cookbook.php in CrisoftRicette 1.0pre15b allows remote attackers to execute arbitrary PHP code via a URL in the crisoftricette parameter.

7.5
2006-07-03 CVE-2006-3341 Myads SQL Injection vulnerability in Myads 2.04Jp

SQL injection vulnerability in annonces-p-f.php in MyAds module 2.04jp for Xoops allows remote attackers to execute arbitrary SQL commands via the lid parameter.

7.5
2006-07-06 CVE-2006-3378 Ubuntu Privilege Escalation vulnerability in Ubuntu Linux 5.04/5.10/6.06Lts

passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.

7.2
2006-07-05 CVE-2006-2194 Point TO Point Protocol Project Local Privilege Escalation vulnerability in PPPD Winbind Plugin

The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges.

7.2
2006-07-03 CVE-2006-3335 HP Local Unauthorized Access vulnerability in HP-UX Mkdir

Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows local users to gain privileges via unknown attack vectors.

7.2

60 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-07-06 CVE-2006-3396 Miro International Code Injection vulnerability in Miro International Galleria 1.0Formambo

PHP remote file inclusion vulnerability in galleria.html.php in Galleria Mambo Module 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2006-07-06 CVE-2006-3358 Newsphp Input Validation vulnerability in Newsphp 2006Pro

Multiple cross-site scripting (XSS) vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) cat_id, and (4) tim parameters, which are not sanitized before being returned in an error page.

6.8
2006-07-07 CVE-2006-3417 TOR Remote Security vulnerability in Tor

Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred over nodes that are identified as more trustworthy "entry guard" (is_guard) systems by directory authorities.

6.4
2006-07-07 CVE-2006-3415 TOR Remote Security vulnerability in Tor

Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle (MITM) attack via unspecified vectors.

6.4
2006-07-07 CVE-2006-3412 TOR Security Bypass vulnerability in Tor

Tor before 0.1.1.20 does not sufficiently obey certain firewall options, which allows remote attackers to bypass intended access restrictions for dirservers, direct connections, or proxy servers.

6.4
2006-07-07 CVE-2006-3411 TOR Remote Security vulnerability in Tor

TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys.

6.4
2006-07-07 CVE-2006-3407 TOR Buffer Overflow/Information Disclosure/Denial of Service vulnerability in Tor

Tor before 0.1.1.20 allows remote attackers to spoof log entries or possibly execute shell code via strings with non-printable characters.

6.4
2006-07-07 CVE-2006-3406 QTO Directory Traversal vulnerability in QTO Qtofilemanager 1.0

Directory traversal vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to modify arbitrary files via a ..

6.4
2006-07-06 CVE-2006-3352 Mozilla Information Disclosure vulnerability in Retired: Mozilla Firefox OuterHTML Redirection Handling

** DISPUTED ** Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object.

6.4
2006-07-07 CVE-2006-3405 QTO Cross-Site Scripting vulnerability in QTO Qtofilemanager 1.0

Cross-site scripting (XSS) vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) delete, (2) pathext, and (3) edit parameters.

5.8
2006-07-06 CVE-2006-3388 Phpmyadmin Cross-Site Scripting vulnerability in PHPMyAdmin Table Parameter

Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter.

5.8
2006-07-06 CVE-2006-3385 Vincent Leclercq Cross-Site Scripting vulnerability in Vincent Leclercq News 5.2

Cross-site scripting (XSS) vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) id and (2) disabled parameters.

5.8
2006-07-06 CVE-2006-3383 Mads Cross-Site Scripting vulnerability in Mads 1.0

Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover within a URL.

5.8
2006-07-06 CVE-2006-3351 Microsoft Denial Of Service vulnerability in Microsoft Windows 2003 Server and Windows XP

Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers.

5.4
2006-07-07 CVE-2006-3421 Smartsitecms Remote File Include vulnerability in SmartSiteCMS

PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the root parameter in (1) comment.php, (2) admin/comedit.php, (3) admin/test.php, (4) admin/index.php, and (5) admin/include/inc_adminfoot.php, a different set of vectors than CVE-2006-3162.

5.1
2006-07-06 CVE-2006-3404 THE Gimp Team Buffer Overflow vulnerability in Gimp XCF_load_vector Function

Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.

5.1
2006-07-06 CVE-2006-3395 Webdesignhq Code Injection vulnerability in Webdesignhq Sitebuilder-Fx 3.5

PHP remote file inclusion vulnerability in top.php in SiteBuilder-FX 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter.

5.1
2006-07-06 CVE-2006-3391 Imbc Unspecified vulnerability in Imbc Imbccontents Activex Control

The Execute function in iMBCContents ActiveX Control before 2.0.0.59 allows remote attackers to execute arbitrary files via the file URI handler.

5.1
2006-07-06 CVE-2006-3387 Fusionphp Directory Traversal vulnerability in Fusionphp Fusion News 1.0

Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when register_globals is enabled, allows remote attackers to include arbitrary files via a ..

5.1
2006-07-06 CVE-2006-3384 Vincent Leclercq Cross-Site Scripting vulnerability in Vincent Leclercq News 5.2

SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) texte parameters.

5.1
2006-07-06 CVE-2006-3363 Xoops Remote File Include vulnerability in Xoops Glossaire Module 1.7

PHP remote file inclusion vulnerability in index.php in the Glossaire module 1.7 for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the pa parameter.

5.1
2006-07-06 CVE-2006-3362 Geeklog
Toenda Software Development
Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
5.1
2006-07-06 CVE-2006-3361 Stud IP Remote File Include vulnerability in RETIRED: Stud.IP

PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) _PHPLIB[libdir] parameter in studip-phplib/oohforms.inc and (2) ABSOLUTE_PATH_STUDIP parameter in studip-htdocs/archiv_assi.php.

5.1
2006-07-05 CVE-2006-2910 Cowon America Remote Buffer Overflow vulnerability in Cowon America Jetaudio Basic6.2.6.8330

Buffer overflow in jetAudio 6.2.6.8330 (Basic), and possibly other versions, allows user-assisted attackers to execute arbitrary code via an audio file (such as WMA) with long ID Tag values including (1) Title, (2) Author, and (3) Album, which triggers the overflow in the tooltip display string if the sound card driver is disabled or incorrectly installed.

5.1
2006-07-03 CVE-2006-3340 Pearlinger Remote File Include vulnerability in Pearl For Mambo Module

Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2) GlobalSettings[templatesDirectory] parameter in multiple files in the "includes" directory including (b) adminSensored.php, (c) adminBoards.php, (d) adminAttachments.php, (e) adminAvatars.php, (f) adminBackupdatabase.php, (g) adminBanned.php, (h) adminForums.php, (i) adminPolls.php, (j) adminSmileys.php, (k) poll.php, and (l) move.php.

5.1
2006-07-07 CVE-2006-3427 Microsoft Denial Of Service vulnerability in Microsoft IE 6.0

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by declaring the sourceURL attribute on an uninitialized DirectAnimation.StructuredGraphicsControl ActiveX Object, which triggers a null dereference.

5.0
2006-07-07 CVE-2006-3426 Lumension
Novell
Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a ..
5.0
2006-07-07 CVE-2006-3419 TOR Remote Security vulnerability in Tor

Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks.

5.0
2006-07-07 CVE-2006-3418 TOR Remote Security vulnerability in Tor

Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications.

5.0
2006-07-07 CVE-2006-3416 TOR Unspecified vulnerability in TOR

** DISPUTED ** Tor before 0.1.1.20 kills the circuit when it receives an unrecognized relay command, which causes network circuits to be disbanded.

5.0
2006-07-07 CVE-2006-3414 TOR Remote Security vulnerability in Tor

Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution.

5.0
2006-07-07 CVE-2006-3413 TOR Information Disclosure vulnerability in Tor

The privoxy configuration file in Tor before 0.1.1.20, when run on Apple OS X, logs all data via the "logfile", which allows attackers to obtain potentially sensitive information.

5.0
2006-07-07 CVE-2006-3410 TOR Remote Security vulnerability in Tor

Tor before 0.1.1.20 creates "internal circuits" primarily consisting of nodes with "useful exit nodes," which allows remote attackers to conduct unspecified statistical attacks.

5.0
2006-07-07 CVE-2006-3408 TOR Denial-Of-Service vulnerability in Tor

Unspecified vulnerability in the directory server (dirserver) in Tor before 0.1.1.20 allows remote attackers to cause an unspecified denial of service via unknown vectors.

5.0
2006-07-06 CVE-2006-3398 PKR Internet Information Disclosure vulnerability in PKR Internet Taskjitsu 0.1/2.0

The "change password forms" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the (1) Category Editor and (2) User Information editor.

5.0
2006-07-06 CVE-2006-3392 Usermin
Webmin
Information Disclosure vulnerability in Webmin/Usermin Unspecifed

Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename.

5.0
2006-07-06 CVE-2006-3390 Wordpress SQL Injection vulnerability in Wordpress 2.0.3

WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the (1) wp-admin, (2) wp-content, and (3) wp-includes directories, possibly due to uninitialized variables.

5.0
2006-07-06 CVE-2006-3389 Wordpress SQL Injection vulnerability in Wordpress 2.0.3

index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message.

5.0
2006-07-06 CVE-2006-3386 Vincent Leclercq Information Disclosure vulnerability in News

index.php in Vincent Leclercq News 5.2 allows remote attackers to obtain sensitive information, such as the installation path, via a mail[] parameter with invalid values.

5.0
2006-07-06 CVE-2006-3380 Freestyle Denial-Of-Service vulnerability in Freestyle Wiki

Algorithmic complexity vulnerability in FreeStyle Wiki before 3.6.2 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case.

5.0
2006-07-06 CVE-2006-3379 Hiki Wiki Denial Of Service vulnerability in Hiki Diff

Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 and 0.8.0 through 0.8.5 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case.

5.0
2006-07-06 CVE-2006-3372 Apple Denial Of Service vulnerability in Apple Safari 2.0.4419.3

Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of service (application crash) via a DHTML setAttributeNode function call with zero arguments, which triggers a null dereference.

5.0
2006-07-06 CVE-2006-3371 Eupla Information Disclosure vulnerability in Eupla Foros 1.0

Eupla Foros 1.0 stores the inc/config.inc file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration.

5.0
2006-07-06 CVE-2006-3370 BB News Information Disclosure vulnerability in Bb-News Blueboy 1.0.3

Blueboy 1.0.3 stores bb_news_config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration.

5.0
2006-07-06 CVE-2006-3369 Iduprey Information Disclosure vulnerability in Iduprey Kamikaze-Qscm 0.1/0.2

Kamikaze-QSCM 0.1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration.

5.0
2006-07-06 CVE-2006-3368 Efone Information Disclosure vulnerability in Efone 20000723

Efone 20000723 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.

5.0
2006-07-06 CVE-2006-3367 Mp3Netbox Information Disclosure vulnerability in Mp3Netbox Beta1

Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration.

5.0
2006-07-06 CVE-2006-3360 Phpsysinfo Information Disclosure vulnerability in phpSysInfo

Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a ..

5.0
2006-07-06 CVE-2006-3354 Microsoft
Canon
Denial of Service vulnerability in Microsoft Internet Explorer ADODB.Recordset Filter Property

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.

5.0
2006-07-06 CVE-2006-3353 Opera Software Denial Of Service vulnerability in Opera Software Opera web Browser 9

Opera 9 allows remote attackers to cause a denial of service (crash) via a crafted web page that triggers an out-of-bounds memory access, related to an iframe and JavaScript that accesses certain style sheets properties.

5.0
2006-07-03 CVE-2006-3339 Atlassian Information Disclosure vulnerability in Atlassian Jira 3.6.2156

secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows remote attackers to obtain sensitive information via unspecified manipulations of the projectId parameter, which displays the installation path and other system information in an error message.

5.0
2006-07-07 CVE-2006-2451 Linux Resource Management Errors vulnerability in Linux Kernel

The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and possibly gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions.

4.6
2006-07-05 CVE-2006-2935 Linux
Debian
Canonical
Classic Buffer Overflow vulnerability in multiple products

The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow.

4.6
2006-07-07 CVE-2006-3429 Tigertom Scripts HTML Injection vulnerability in Tigertom Scripts Ttcalc Script 1.0

Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows remote attackers to inject arbitrary web script or HTML via the currency parameter in (1) loan.php and (2) mortgage.php.

4.3
2006-07-07 CVE-2006-3428 Tigertom Scripts HTML Injection vulnerability in Tigertom Scripts Ttcalc Script 1.0

Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in (1) loan.php and (2) mortgage.php.

4.3
2006-07-06 CVE-2006-3397 PKR Internet HTML Injection vulnerability in PKR Internet Taskjitsu 0.1/2.0

Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, including the (1) title and (2) description parameters when creating a task.

4.3
2006-07-06 CVE-2006-3382 Mads Cross-Site Scripting vulnerability in Mads 1.0

Cross-site scripting (XSS) vulnerability in search.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via the "search string".

4.3
2006-07-03 CVE-2006-3345 Ajax Softwares Cross-Site Scripting vulnerability in AliPager

Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and earlier, allows remote attackers to inject arbitrary web script or HTML via a chat line.

4.3
2006-07-06 CVE-2006-3377 JMB Software Cross-Site Scripting vulnerability in AutoRank

Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP 3.02 and earlier, and AutoRank Pro 5.01 and earlier, allows remote attackers to inject arbitrary web script or HTML via the (1) Keyword parameter in search.php and the (2) Username parameter in main.cgi.

4.0
2006-07-05 CVE-2006-3336 Twiki Unspecified vulnerability in Twiki

TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt.

4.0

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-07-06 CVE-2006-3399 Moniwiki Cross-Site Scripting vulnerability in MoniWiki

Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki before 1.1.2-20060702 allows remote attackers to inject arbitrary Javascript via the URL, which is reflected back in an error message, a variant of CVE-2004-1632.

2.6
2006-07-06 CVE-2006-3366 V3 Chat Input Validation vulnerability in V3 Chat V3 Chat Beta

Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter in (c) members/is_online.php; (3) site_id parameter in (d) messenger/online.php, (e) messenger/search.php, and (f) messenger/profile.php; (4) contact_name parameter in messenger/search.php; (5) membername parameter in (g) messenger/profileview.php; (6) unspecified parameters used when "editing a profile"; and (7) cust_name parameter in (h) messenger/expire.php.

2.6
2006-07-06 CVE-2006-3365 V3 Chat Information Exposure vulnerability in V3 Chat V3 Chat Beta

V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement.

2.6
2006-07-06 CVE-2006-3356 Apple Denial-Of-Service vulnerability in Mac OS X

The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference.

2.6
2006-07-03 CVE-2006-3342 Olate Cross-Site Scripting vulnerability in Arctic

Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search cmd.

2.6
2006-07-03 CVE-2006-3338 Atlassian Cross-Site Scripting vulnerability in Atlassian Jira 3.6.2156

Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to secure/ConfigureReleaseNote.jspa, which are not sanitized before being returned in an error page.

2.6
2006-07-03 CVE-2006-3337 Cpanel Cross-Site Scripting vulnerability in Cpanel Select.HTML

Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.

2.6
2006-07-07 CVE-2006-3458 Zope Information Disclosure vulnerability in Zope Docutils

Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.

2.1
2006-07-06 CVE-2006-3373 Hobbit Monitor Information Disclosure vulnerability in Hobbit Monitor Hobbit Monitor 4.2Beta

Unspecified vulnerability in the client/bin/logfetch script in Hobbit 4.2-beta allows local users to read arbitrary files, related to logfetch running as setuid root.

2.1