Weekly Vulnerabilities Reports > July 3 to 9, 2006
Overview
92 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 30 high severity vulnerabilities. This weekly summary report vulnerabilities in 78 products from 69 vendors including TOR, Microsoft, Novell, Lumension, and Vincent Leclercq. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Classic Buffer Overflow", "Information Exposure", "SQL Injection", and "Improper Input Validation".
- 86 reported vulnerabilities are remotely exploitables.
- 14 reported vulnerabilities have public exploit available.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 92 reported vulnerabilities are exploitable by an anonymous user.
- TOR has the most reported vulnerabilities, with 12 reported vulnerabilities.
- Webex Communications has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-07-07 | CVE-2006-3423 | Webex Communications | Improper Input Validation vulnerability in Webex Communications Downloader Activexcontrol and Downloader Java WebEx Downloader ActiveX Control and WebEx Downloader Java before 2.1.0.0 do not validate downloaded components, which allows remote attackers to execute arbitrary code via a website that activates the GpcUrlRoot and GpcIniFileName ActiveX controls to cause the client to download a DLL file. | 9.3 |
30 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-07-06 | CVE-2006-3393 | Electronic Arts | Remote Denial of Service vulnerability in NASCAR Racing UDP Datagram Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and earlier, and 2003 Season 1.2.0.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending an empty UDP datagram, which is not properly discarded due to use of the FIONREAD asynchronous socket. | 7.8 |
2006-07-08 | CVE-2006-1176 | Ebay | Remote Buffer Overflow vulnerability in EBay Enhanced Picture Service ActiveX Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl Class) in EUPWALcontrol.dll before 1.0.3.48, as used in Sell Your Item (SYI), Setup & Test eBay Enhanced Picture Services, Picture Manager Enhanced Uploader, and CARad.com Add Vehicle, allows remote attackers to execute arbitrary code via a crafted HTML document. | 7.5 |
2006-07-07 | CVE-2006-3431 | Microsoft | Remote Code Execution vulnerability in Microsoft Excel Style Handling and Repair Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. | 7.5 |
2006-07-07 | CVE-2006-3430 | Lumension Novell | SQL Injection vulnerability in multiple products SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter. | 7.5 |
2006-07-07 | CVE-2006-3425 | Lumension Novell | Authentication Bypass vulnerability in PatchLink Update Server Proxyreg.ASP FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters. | 7.5 |
2006-07-07 | CVE-2006-3424 | Webex Communications | Remote Security vulnerability in Webex Downloader Activex Control Multiple buffer overflows in WebEx Downloader ActiveX Control, possibly in versions before November 2005, allow remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
2006-07-07 | CVE-2006-3422 | Wonderedit | Remote File Include vulnerability in Wonderedit PRO CMS Gold PHP remote file inclusion vulnerability in WonderEdit Pro CMS allows remote attackers to execute arbitrary PHP code via the config[template_path] parameter in user_bottom.php, as used by multiple templates including (1) rwb (template/rwb/user_bottom.php), (2) gwb (template/rwb/user_bottom.php, (3) blues, (4) bluwhi, and (5) grns. | 7.5 |
2006-07-07 | CVE-2006-3420 | Mybulletinboard | Cross-Site Request Forgery vulnerability in MyBulletinBoard Cross-site request forgery (CSRF) vulnerability in editpost.php in MyBulletinBoard (MyBB) before 1.1.5 allows remote attackers to perform unauthorized actions as a logged in user and delete arbitrary forum posts via a bbcode IMG tag with a modified delete parameter in a deletepost action. | 7.5 |
2006-07-07 | CVE-2006-3409 | TOR | Information Disclosure And Denial of Service vulnerability in Trac Integer overflow in Tor before 0.1.1.20 allows remote attackers to execute arbitrary code via crafted large inputs, which result in a buffer overflow when elements are added to smartlists. | 7.5 |
2006-07-06 | CVE-2006-3402 | Virtuastore | SQL Injection vulnerability in Virtuastore 2.0 SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers to execute arbitrary SQL commands via the password parameter when logging in. | 7.5 |
2006-07-06 | CVE-2006-3401 | ID Software | Buffer Errors vulnerability in ID Software Quake 3 Engine 1.32B/1.32C/Icculus812 Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause a denial of service and possibly execute code via long CS_ITEMS values. | 7.5 |
2006-07-06 | CVE-2006-3400 | ID Software Raven Software | Stack Buffer Overflow vulnerability in Quake 3 Engine Client Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server. | 7.5 |
2006-07-06 | CVE-2006-3394 | Bxcp | SQL Injection vulnerability in Bxcp 0.2.9.7/0.3 SQL injection vulnerability in the files mod in index.php in BXCP 0.3.0.4 allows remote attackers to execute arbitrary SQL commands via the where parameter in a view action. | 7.5 |
2006-07-06 | CVE-2006-3381 | Sturgeon Upload | Unspecified vulnerability in Sturgeon Upload Sturgeon Upload SturGeoN Upload allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension, then directly accessing the file. | 7.5 |
2006-07-06 | CVE-2006-3376 | Wvware | Integer Overflow vulnerability in Wvware Libwmf and WV2 Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file. | 7.5 |
2006-07-06 | CVE-2006-3375 | Randshop | Remote File Include vulnerability in Randshop 1.1.1 PHP remote file inclusion vulnerability in includes/header.inc.php in Randshop 1.1.1 allows remote attackers to execute arbitrary PHP code via the dateiPfad parameter. | 7.5 |
2006-07-06 | CVE-2006-3374 | Randshop | Remote File Include vulnerability in Randshop 0.9.3 PHP remote file inclusion vulnerability in index.php in Randshop 1.2 and earlier, including 0.9.3, allows remote attackers to execute arbitrary PHP code via a URL in the incl parameter. | 7.5 |
2006-07-06 | CVE-2006-3364 | F ART Agency | SQL-Injection vulnerability in Blog Cms SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2006-07-06 | CVE-2006-3359 | Newsphp | Input Validation vulnerability in Newsphp 2006Pro Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) topmenuitem, and (4) cat_id parameters in (a) index.php; and the (5) category parameter in (b) inc/rss_feed.php. | 7.5 |
2006-07-06 | CVE-2006-3357 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, possibly related to improper escaping and long strings. | 7.5 |
2006-07-06 | CVE-2006-3355 | Mpg123 | Remote Buffer Overflow vulnerability in Mpg123 Pre0.59Sr11 Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. | 7.5 |
2006-07-03 | CVE-2006-3349 | SMS Script | SQL-Injection vulnerability in Sms Script Multiple SQL injection vulnerabilities in SmS Script allow remote attackers to execute arbitrary SQL commands via the CatID parameter in (1) cat.php and (2) add.php. | 7.5 |
2006-07-03 | CVE-2006-3348 | Swsoft | SQL-Injection vulnerability in Swsoft Hspcomplete 3.2.2 Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 Beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in report.php and (2) level parameter in custom_buttons.php. | 7.5 |
2006-07-03 | CVE-2006-3347 | Devilz Clanportal | SQL Injection vulnerability in Devilz Clanportal Devilz Clanportal 1.3.4 SQL injection vulnerability in index.php in deV!Lz Clanportal DZCP 1.3.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2006-07-03 | CVE-2006-3346 | Carlos Sanchez Valle | SQL Injection vulnerability in Carlos Sanchez Valle Mynewsgroups 0.6 SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows remote attackers to execute arbitrary SQL commands via the grp_id parameter. | 7.5 |
2006-07-03 | CVE-2006-3343 | Crisoft Ricette | Remote File Include vulnerability in Crisoft Ricette Crisoft Ricette 1.0Pre15B PHP remote file inclusion vulnerability in recipe/cookbook.php in CrisoftRicette 1.0pre15b allows remote attackers to execute arbitrary PHP code via a URL in the crisoftricette parameter. | 7.5 |
2006-07-03 | CVE-2006-3341 | Myads | SQL Injection vulnerability in Myads 2.04Jp SQL injection vulnerability in annonces-p-f.php in MyAds module 2.04jp for Xoops allows remote attackers to execute arbitrary SQL commands via the lid parameter. | 7.5 |
2006-07-06 | CVE-2006-3378 | Ubuntu | Privilege Escalation vulnerability in Ubuntu Linux 5.04/5.10/6.06Lts passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits. | 7.2 |
2006-07-05 | CVE-2006-2194 | Point TO Point Protocol Project | Local Privilege Escalation vulnerability in PPPD Winbind Plugin The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges. | 7.2 |
2006-07-03 | CVE-2006-3335 | HP | Local Unauthorized Access vulnerability in HP-UX Mkdir Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows local users to gain privileges via unknown attack vectors. | 7.2 |
52 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-07-06 | CVE-2006-3396 | Miro International | Code Injection vulnerability in Miro International Galleria 1.0Formambo PHP remote file inclusion vulnerability in galleria.html.php in Galleria Mambo Module 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
2006-07-06 | CVE-2006-3358 | Newsphp | Input Validation vulnerability in Newsphp 2006Pro Multiple cross-site scripting (XSS) vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) cat_id, and (4) tim parameters, which are not sanitized before being returned in an error page. | 6.8 |
2006-07-07 | CVE-2006-3417 | TOR | Remote Security vulnerability in Tor Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred over nodes that are identified as more trustworthy "entry guard" (is_guard) systems by directory authorities. | 6.4 |
2006-07-07 | CVE-2006-3415 | TOR | Remote Security vulnerability in Tor Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle (MITM) attack via unspecified vectors. | 6.4 |
2006-07-07 | CVE-2006-3412 | TOR | Security Bypass vulnerability in Tor Tor before 0.1.1.20 does not sufficiently obey certain firewall options, which allows remote attackers to bypass intended access restrictions for dirservers, direct connections, or proxy servers. | 6.4 |
2006-07-07 | CVE-2006-3411 | TOR | Remote Security vulnerability in Tor TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys. | 6.4 |
2006-07-07 | CVE-2006-3407 | TOR | Buffer Overflow/Information Disclosure/Denial of Service vulnerability in Tor Tor before 0.1.1.20 allows remote attackers to spoof log entries or possibly execute shell code via strings with non-printable characters. | 6.4 |
2006-07-07 | CVE-2006-3406 | QTO | Directory Traversal vulnerability in QTO Qtofilemanager 1.0 Directory traversal vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to modify arbitrary files via a .. | 6.4 |
2006-07-07 | CVE-2006-3405 | QTO | Cross-Site Scripting vulnerability in QTO Qtofilemanager 1.0 Cross-site scripting (XSS) vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) delete, (2) pathext, and (3) edit parameters. | 5.8 |
2006-07-06 | CVE-2006-3388 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPMyAdmin Table Parameter Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter. | 5.8 |
2006-07-06 | CVE-2006-3385 | Vincent Leclercq | Cross-Site Scripting vulnerability in Vincent Leclercq News 5.2 Cross-site scripting (XSS) vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) id and (2) disabled parameters. | 5.8 |
2006-07-06 | CVE-2006-3383 | Mads | Cross-Site Scripting vulnerability in Mads 1.0 Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover within a URL. | 5.8 |
2006-07-06 | CVE-2006-3351 | Microsoft | Denial Of Service vulnerability in Microsoft Windows 2003 Server and Windows XP Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers. | 5.4 |
2006-07-07 | CVE-2006-3421 | Smartsitecms | Remote File Include vulnerability in SmartSiteCMS PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the root parameter in (1) comment.php, (2) admin/comedit.php, (3) admin/test.php, (4) admin/index.php, and (5) admin/include/inc_adminfoot.php, a different set of vectors than CVE-2006-3162. | 5.1 |
2006-07-06 | CVE-2006-3404 | Gimp | Classic Buffer Overflow vulnerability in Gimp Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property. | 5.1 |
2006-07-06 | CVE-2006-3391 | Imbc | Unspecified vulnerability in Imbc Imbccontents Activex Control The Execute function in iMBCContents ActiveX Control before 2.0.0.59 allows remote attackers to execute arbitrary files via the file URI handler. | 5.1 |
2006-07-06 | CVE-2006-3387 | Fusionphp | Directory Traversal vulnerability in Fusionphp Fusion News 1.0 Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. | 5.1 |
2006-07-06 | CVE-2006-3384 | Vincent Leclercq | Cross-Site Scripting vulnerability in Vincent Leclercq News 5.2 SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) texte parameters. | 5.1 |
2006-07-06 | CVE-2006-3363 | Xoops | Remote File Include vulnerability in Xoops Glossaire Module 1.7 PHP remote file inclusion vulnerability in index.php in the Glossaire module 1.7 for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the pa parameter. | 5.1 |
2006-07-06 | CVE-2006-3362 | Geeklog Toenda Software Development | Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip. | 5.1 |
2006-07-06 | CVE-2006-3361 | Stud IP | Remote File Include vulnerability in RETIRED: Stud.IP PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) _PHPLIB[libdir] parameter in studip-phplib/oohforms.inc and (2) ABSOLUTE_PATH_STUDIP parameter in studip-htdocs/archiv_assi.php. | 5.1 |
2006-07-05 | CVE-2006-2910 | Cowon America | Remote Buffer Overflow vulnerability in Cowon America Jetaudio Basic6.2.6.8330 Buffer overflow in jetAudio 6.2.6.8330 (Basic), and possibly other versions, allows user-assisted attackers to execute arbitrary code via an audio file (such as WMA) with long ID Tag values including (1) Title, (2) Author, and (3) Album, which triggers the overflow in the tooltip display string if the sound card driver is disabled or incorrectly installed. | 5.1 |
2006-07-03 | CVE-2006-3340 | Pearlinger | Remote File Include vulnerability in Pearl For Mambo Module Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2) GlobalSettings[templatesDirectory] parameter in multiple files in the "includes" directory including (b) adminSensored.php, (c) adminBoards.php, (d) adminAttachments.php, (e) adminAvatars.php, (f) adminBackupdatabase.php, (g) adminBanned.php, (h) adminForums.php, (i) adminPolls.php, (j) adminSmileys.php, (k) poll.php, and (l) move.php. | 5.1 |
2006-07-07 | CVE-2006-3427 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by declaring the sourceURL attribute on an uninitialized DirectAnimation.StructuredGraphicsControl ActiveX Object, which triggers a null dereference. | 5.0 |
2006-07-07 | CVE-2006-3426 | Lumension Novell | Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. | 5.0 |
2006-07-07 | CVE-2006-3419 | TOR | Remote Security vulnerability in Tor Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks. | 5.0 |
2006-07-07 | CVE-2006-3418 | TOR | Remote Security vulnerability in Tor Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications. | 5.0 |
2006-07-07 | CVE-2006-3414 | TOR | Remote Security vulnerability in Tor Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution. | 5.0 |
2006-07-07 | CVE-2006-3413 | TOR | Information Disclosure vulnerability in Tor The privoxy configuration file in Tor before 0.1.1.20, when run on Apple OS X, logs all data via the "logfile", which allows attackers to obtain potentially sensitive information. | 5.0 |
2006-07-07 | CVE-2006-3410 | TOR | Remote Security vulnerability in Tor Tor before 0.1.1.20 creates "internal circuits" primarily consisting of nodes with "useful exit nodes," which allows remote attackers to conduct unspecified statistical attacks. | 5.0 |
2006-07-07 | CVE-2006-3408 | TOR | Denial-Of-Service vulnerability in Tor Unspecified vulnerability in the directory server (dirserver) in Tor before 0.1.1.20 allows remote attackers to cause an unspecified denial of service via unknown vectors. | 5.0 |
2006-07-06 | CVE-2006-3392 | Usermin Webmin | Information Disclosure vulnerability in Webmin/Usermin Unspecifed Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. | 5.0 |
2006-07-06 | CVE-2006-3390 | Wordpress | SQL Injection vulnerability in Wordpress 2.0.3 WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the (1) wp-admin, (2) wp-content, and (3) wp-includes directories, possibly due to uninitialized variables. | 5.0 |
2006-07-06 | CVE-2006-3389 | Wordpress | SQL Injection vulnerability in Wordpress 2.0.3 index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. | 5.0 |
2006-07-06 | CVE-2006-3386 | Vincent Leclercq | Information Disclosure vulnerability in News index.php in Vincent Leclercq News 5.2 allows remote attackers to obtain sensitive information, such as the installation path, via a mail[] parameter with invalid values. | 5.0 |
2006-07-06 | CVE-2006-3379 | Hiki Wiki | Denial Of Service vulnerability in Hiki Diff Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 and 0.8.0 through 0.8.5 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case. | 5.0 |
2006-07-06 | CVE-2006-3372 | Apple | Denial Of Service vulnerability in Apple Safari 2.0.4419.3 Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of service (application crash) via a DHTML setAttributeNode function call with zero arguments, which triggers a null dereference. | 5.0 |
2006-07-06 | CVE-2006-3371 | Eupla | Information Disclosure vulnerability in Eupla Foros 1.0 Eupla Foros 1.0 stores the inc/config.inc file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | 5.0 |
2006-07-06 | CVE-2006-3370 | BB News | Information Disclosure vulnerability in Bb-News Blueboy 1.0.3 Blueboy 1.0.3 stores bb_news_config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | 5.0 |
2006-07-06 | CVE-2006-3369 | Iduprey | Information Disclosure vulnerability in Iduprey Kamikaze-Qscm 0.1/0.2 Kamikaze-QSCM 0.1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | 5.0 |
2006-07-06 | CVE-2006-3368 | Efone | Information Disclosure vulnerability in Efone 20000723 Efone 20000723 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | 5.0 |
2006-07-06 | CVE-2006-3367 | Mp3Netbox | Information Disclosure vulnerability in Mp3Netbox Beta1 Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | 5.0 |
2006-07-06 | CVE-2006-3354 | Microsoft Canon | Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference. | 5.0 |
2006-07-06 | CVE-2006-3353 | Opera | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Opera Browser Opera 9 allows remote attackers to cause a denial of service (crash) via a crafted web page that triggers an out-of-bounds memory access, related to an iframe and JavaScript that accesses certain style sheets properties. | 5.0 |
2006-07-03 | CVE-2006-3339 | Atlassian | Information Disclosure vulnerability in Atlassian Jira 3.6.2156 secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows remote attackers to obtain sensitive information via unspecified manipulations of the projectId parameter, which displays the installation path and other system information in an error message. | 5.0 |
2006-07-05 | CVE-2006-2935 | Linux Debian Canonical | Classic Buffer Overflow vulnerability in multiple products The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow. | 4.6 |
2006-07-07 | CVE-2006-3429 | Tigertom Scripts | HTML Injection vulnerability in Tigertom Scripts Ttcalc Script 1.0 Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows remote attackers to inject arbitrary web script or HTML via the currency parameter in (1) loan.php and (2) mortgage.php. | 4.3 |
2006-07-07 | CVE-2006-3428 | Tigertom Scripts | HTML Injection vulnerability in Tigertom Scripts Ttcalc Script 1.0 Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in (1) loan.php and (2) mortgage.php. | 4.3 |
2006-07-06 | CVE-2006-3382 | Mads | Cross-Site Scripting vulnerability in Mads 1.0 Cross-site scripting (XSS) vulnerability in search.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via the "search string". | 4.3 |
2006-07-03 | CVE-2006-3345 | Ajax Softwares | Cross-Site Scripting vulnerability in AliPager Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and earlier, allows remote attackers to inject arbitrary web script or HTML via a chat line. | 4.3 |
2006-07-06 | CVE-2006-3377 | JMB Software | Cross-Site Scripting vulnerability in AutoRank Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP 3.02 and earlier, and AutoRank Pro 5.01 and earlier, allows remote attackers to inject arbitrary web script or HTML via the (1) Keyword parameter in search.php and the (2) Username parameter in main.cgi. | 4.0 |
2006-07-05 | CVE-2006-3336 | Twiki | Unspecified vulnerability in Twiki TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. | 4.0 |
9 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-07-06 | CVE-2006-3399 | Moniwiki | Cross-Site Scripting vulnerability in MoniWiki Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki before 1.1.2-20060702 allows remote attackers to inject arbitrary Javascript via the URL, which is reflected back in an error message, a variant of CVE-2004-1632. | 2.6 |
2006-07-06 | CVE-2006-3366 | V3 Chat | Input Validation vulnerability in V3 Chat V3 Chat Beta Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter in (c) members/is_online.php; (3) site_id parameter in (d) messenger/online.php, (e) messenger/search.php, and (f) messenger/profile.php; (4) contact_name parameter in messenger/search.php; (5) membername parameter in (g) messenger/profileview.php; (6) unspecified parameters used when "editing a profile"; and (7) cust_name parameter in (h) messenger/expire.php. | 2.6 |
2006-07-06 | CVE-2006-3365 | V3 Chat | Information Exposure vulnerability in V3 Chat V3 Chat Beta V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement. | 2.6 |
2006-07-06 | CVE-2006-3356 | Apple | Denial-Of-Service vulnerability in Mac OS X The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. | 2.6 |
2006-07-03 | CVE-2006-3342 | Olate | Cross-Site Scripting vulnerability in Arctic Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search cmd. | 2.6 |
2006-07-03 | CVE-2006-3338 | Atlassian | Cross-Site Scripting vulnerability in Atlassian Jira 3.6.2156 Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to secure/ConfigureReleaseNote.jspa, which are not sanitized before being returned in an error page. | 2.6 |
2006-07-03 | CVE-2006-3337 | Cpanel | Cross-Site Scripting vulnerability in Cpanel Select.HTML Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter. | 2.6 |
2006-07-07 | CVE-2006-3458 | Zope | Information Disclosure vulnerability in Zope Docutils Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files. | 2.1 |
2006-07-06 | CVE-2006-3373 | Hobbit Monitor | Information Disclosure vulnerability in Hobbit Monitor Hobbit Monitor 4.2Beta Unspecified vulnerability in the client/bin/logfetch script in Hobbit 4.2-beta allows local users to read arbitrary files, related to logfetch running as setuid root. | 2.1 |