Weekly Vulnerabilities Reports > July 10 to 16, 2006

Overview

123 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 34 high severity vulnerabilities. This weekly summary report vulnerabilities in 104 products from 78 vendors including Microsoft, Adobe, Joomla, Pivot, and Hivemail. Vulnerabilities are notably categorized as "Code Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Use of Externally-Controlled Format String", and "Resource Management Errors".

  • 117 reported vulnerabilities are remotely exploitables.
  • 8 reported vulnerabilities have public exploit available.
  • 4 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 120 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 25 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 12 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

14 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-07-13 CVE-2006-3573 Milan Mimica USE of Externally-Controlled Format String vulnerability in Milan Mimica Sparklet

Format string vulnerability in the WriteText function in agl_text.cpp in Milan Mimica Sparklet 0.9.4 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a player nickname.

10.0
2006-07-13 CVE-2006-3553 Planet Concept Security Bypass vulnerability in Planetnews

PlaNet Concept planetNews allows remote attackers to bypass authentication and execute arbitrary code via a direct request to news/admin/planetnews.php.

10.0
2006-07-11 CVE-2006-2372 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Dhcp Client Service

Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.

10.0
2006-07-13 CVE-2006-1309 Microsoft Code Injection vulnerability in Microsoft Excel and Excel Viewer

Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.

9.3
2006-07-13 CVE-2006-1308 Microsoft Remote Code Execution vulnerability in Microsoft Excel FNGROUPCOUNT Record

Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.

9.3
2006-07-13 CVE-2006-1301 Microsoft Code Injection vulnerability in Microsoft Excel and Excel Viewer

Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.

9.3
2006-07-13 CVE-2006-2388 Microsoft Code Injection vulnerability in Microsoft Excel and Excel Viewer

Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.

9.3
2006-07-13 CVE-2006-1306 Microsoft Code Injection vulnerability in Microsoft Excel and Excel Viewer

Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."

9.3
2006-07-13 CVE-2006-1304 Microsoft Code Injection vulnerability in Microsoft Excel and Excel Viewer

Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."

9.3
2006-07-13 CVE-2006-1302 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Excel and Excel Viewer

Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."

9.3
2006-07-11 CVE-2006-2389 Microsoft Unspecified vulnerability in Microsoft Office 2000/2003/Xp

Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.

9.3
2006-07-11 CVE-2006-1316 Microsoft Code Injection vulnerability in Microsoft Office 2000/2003/Xp

Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389.

9.3
2006-07-11 CVE-2006-0033 Microsoft Remote Code Execution vulnerability in Microsoft Office Malformed PNG File

Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.

9.3
2006-07-11 CVE-2006-0007 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Office 2000/2003/Xp

Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.

9.3

34 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-07-12 CVE-2006-3534 Nullsoft Directory Traversal vulnerability in Shoutcast Server

Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content".

7.8
2006-07-10 CVE-2006-2936 Linux Resource Management Errors vulnerability in Linux Kernel

The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued.

7.8
2006-07-13 CVE-2006-3135 Hotwebscripts SQL-Injection vulnerability in Hotwebscripts CMS Mundo 1.0Build008

Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module, (2) searchstring parameter in (b) the search module, (3) id parameter in (c) the webshop module, (4) username parameter in (d) index.php, and (5) Name, (6) Address, (7) Zip, (8) City, (9) Country, and (10) Email fields during (e) a user profile update.

7.5
2006-07-13 CVE-2006-3580 ASP Stats Generator SQL Injection vulnerability in ASP Stats Generator Pages.ASP

SQL injection vulnerability in pages.asp in ASP Stats Generator before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the order parameter.

7.5
2006-07-13 CVE-2006-3577 Lifetype SQL Injection vulnerability in Lifetype 1.0.5

SQL injection vulnerability in index.php in LifeType 1.0.5 allows remote attackers to execute arbitrary SQL commands via the Date parameter in a Default op.

7.5
2006-07-13 CVE-2006-3576 Sensesites SQL Injection vulnerability in Sensesites Commonsense CMS 5.0

SQL injection vulnerability in search.php in SenseSites CommonSense CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the Date parameter.

7.5
2006-07-13 CVE-2006-3572 Papoo Input Validation vulnerability in Papoo

SQL injection vulnerability in forumthread.php in Papoo 3 RC3 and earlier allows remote attackers to execute arbitrary SQL commands via the msgid parameter.

7.5
2006-07-13 CVE-2006-3565 Hivemail Input Validation vulnerability in HiveMail

SQL injection vulnerability in search.results.php in HiveMail 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the fields[] parameter.

7.5
2006-07-13 CVE-2006-3562 Plume CMS Code Injection vulnerability in Plume-Cms Plume CMS 1.0.4

PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter to (1) index.php, (2) rss.php, or (3) search.php, a different set of vectors and versions than CVE-2006-2645 and CVE-2006-0725.

7.5
2006-07-13 CVE-2006-3560 Blue Dojo SQL Injection vulnerability in Blue Dojo Graffiti Forums 1.0

SQL injection vulnerability in topics.php in Blue Dojo Graffiti Forums 1.0 allows remote attackers to execute arbitrary SQL commands via the f parameter.

7.5
2006-07-13 CVE-2006-3559 Arif Supriyanto Input Validation vulnerability in Arif Supriyanto Auracms 1.62

Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to execute arbitrary SQL commands and delete all shoutbox messages via the (1) name and (2) pesan parameters.

7.5
2006-07-13 CVE-2006-3554 Mkportal Directory Traversal vulnerability in Mkportal 1.0.1Final

Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by using a gl_session cookie to inject PHP sequences into the error.log file, which is then included by index.php with malicious commands accessible by the ind parameter.

7.5
2006-07-13 CVE-2006-3544 Invision Power Services SQL Injection vulnerability in Invision Power Board Index.PHP Act Parameter

** DISPUTED ** Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a (1) Stats, (2) Mail, and (3) Reg action in index.php.

7.5
2006-07-13 CVE-2006-3543 Invision Power Services SQL Injection vulnerability in Invision Power Board

** DISPUTED ** Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php.

7.5
2006-07-12 CVE-2006-3537 Randshop Remote File Include vulnerability in Randshop 0.9.3

PHP remote file inclusion vulnerability in index.php in Randshop before 1.2 allows remote attackers to execute arbitrary PHP code via the dateiPfad parameter, a different vector than CVE-2006-3375.

7.5
2006-07-12 CVE-2006-3536 EJ3 Remote PHP Script Code Injection vulnerability in EJ3 Topo 2.2/2.2.178

Direct static code injection vulnerability in code/class_db_text.php in EJ3 TOPo 2.2.178 and earlier allows remote attackers to execute arbitrary PHP code via parameters such as (1) descripcion and (2) pais, which are stored directly in a PHP script.

7.5
2006-07-12 CVE-2006-3531 Pivot Input Validation vulnerability in Pivot

includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters.

7.5
2006-07-12 CVE-2006-3527 Bosdev Remote File Include vulnerability in BosClassifieds InsPat Parameter

Multiple PHP remote file inclusion vulnerabilities in BosClassifieds Classified Ads allow remote attackers to execute arbitrary PHP code via a URL in the insPath parameter to (1) index.php, (2) recent.php, (3) account.php, (4) classified.php, or (5) search.php.

7.5
2006-07-12 CVE-2006-3525 Phpcredo SQL-Injection vulnerability in PHPcredo Phcdownload 1.0.0Final

SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final and 1.0.0 Release Candidate 6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-07-12 CVE-2006-3524 Sipfoundry Remote Buffer-Overflow vulnerability in SIPfoundry SIPXtapi CSeq Processing

Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows remote attackers to execute arbitrary code via a long CSeq field value in an INVITE message.

7.5
2006-07-12 CVE-2006-3520 Sabdrimer CMS Remote File Include vulnerability in Sabdrimer CMS Advanced1.PHP

PHP remote file inclusion vulnerability in skins/advanced/advanced1.php in Sabdrimer Pro 2.2.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pluginpath[0] parameter.

7.5
2006-07-11 CVE-2006-3518 Webvizyon NET SQL Injection vulnerability in Webvizyon.Net Webvizyon Portal 2006

SQL injection vulnerability in SayfalaAltList.asp in Webvizyon Portal 2006 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2006-07-11 CVE-2006-3517 Rwscripts COM Remote File Include vulnerability in RW::Download Stats.PHP

PHP remote file inclusion vulnerability in stats.php in RW::Download, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.

7.5
2006-07-11 CVE-2006-3516 Freehost SQL-Injection vulnerability in Freehost

Multiple SQL injection vulnerabilities in FreeHost allow remote attackers to execute arbitrary SQL commands via (1) readme parameter to FreeHost/misc.php or (2) index parameter to FreeHost/news.php.

7.5
2006-07-11 CVE-2006-3515 Myiosoft COM SQL Injection vulnerability in Myiosoft.Com Ajaxportal 3.0

SQL injection vulnerability in the loginADP function in ajaxp.php in AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.

7.5
2006-07-11 CVE-2006-1314 Microsoft Remote Heap Buffer Overflow vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.

7.5
2006-07-10 CVE-2006-3491 Christophe Thibault Buffer Overflow vulnerability in Kaillera Message

Stack-based buffer overflow in Kaillera Server 0.86 and earlier allows remote attackers to execute arbitrary code via a long nickname.

7.5
2006-07-10 CVE-2006-3485 Astrodog Press SQL Injection vulnerability in AstroDog Press Some Chess Board.PHP

Multiple SQL injection vulnerabilities in AstroDog Press Some Chess 1.5-RC2 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly including the gameID parameter in board.php.

7.5
2006-07-10 CVE-2006-3481 Joomla Input Validation vulnerability in Joomla!

Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow remote attackers to execute arbitrary SQL commands via unspecified parameters involving the (1) "Remember Me" function, (2) "Related Items" module, and the (3) "Weblinks submission".

7.5
2006-07-10 CVE-2006-3478 Myphp CMS Remote File Include vulnerability in Myphp CMS Myphp CMS 0.3/0.3.1

PHP remote file inclusion vulnerability in styles/default/global_header.php in MyPHP CMS 0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the domain parameter.

7.5
2006-07-10 CVE-2006-3475 Free Qboard Remote File Include vulnerability in Free Qboard Free Qboard 1.1

Multiple PHP remote file inclusion vulnerabilities in free QBoard 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter to (1) index.php, (2) about.php, (3) contact.php, (4) delete.php, (5) faq.php, (6) features.php or (7) history.php, a different set of vectors than CVE-2006-2998.

7.5
2006-07-10 CVE-2006-3474 Belchior Foundry SQL Injection vulnerability in Belchior Foundry Vcard PRO

Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to (a) gbrowse.php, (2) card_id parameter to (b) rating.php and (c) create.php, and the (3) event_id parameter to (d) search.php.

7.5
2006-07-10 CVE-2006-3473 Drupal CRLF Injection vulnerability in Drupal Form_mail Module

CRLF injection vulnerability in form_mail Drupal Module before 1.8.2.2 allows remote attackers to inject e-mail headers, which facilitates sending spam messages, a different issue than CVE-2006-1225.

7.5
2006-07-10 CVE-2006-3470 Dell Remote Security vulnerability in Openmanage Cd

The Dell Openmanage CD launches X11 and SSH daemons that do not require authentication, which allows remote attackers to gain privileges.

7.5

64 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-07-13 CVE-2006-3574 Hitachi Cross-Site Scripting vulnerability in Hitachi products

Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Groupmax Collaboration Portal and Web Client before 07-20-/D, and uCosminexus Collaboration Portal and Forum/File Sharing before 06-20-/C, allow remote attackers to "execute malicious scripts" via unknown vectors (aka HS06-014-01).

6.8
2006-07-13 CVE-2006-3556 Extcalendar Code Injection vulnerability in Extcalendar 2.0

PHP remote file inclusion vulnerability in extcalendar.php in Mohamed Moujami ExtCalendar 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2006-07-12 CVE-2006-3530 Joomla Code Injection vulnerability in Joomla PC Cookbook 0.3/1.3.1

PHP remote file inclusion vulnerability in com_pccookbook/pccookbook.php in the PccookBook Component for Mambo and Joomla 0.3 and possibly up to 1.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter.

6.8
2006-07-12 CVE-2006-3528 Mamboxchange Code Injection vulnerability in Mamboxchange Simpleboard

Multiple PHP remote file inclusion vulnerabilities in Simpleboard Mambo module 1.1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) image_upload.php and (2) file_upload.php.

6.8
2006-07-10 CVE-2006-3494 Vastal I Tech Cross-Site Scripting vulnerability in Vastal I-Tech Buddy Zone

Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone 1.0.1 allow remote attackers to inject arbitrary HTML and web script via the (1) cat_id parameter to (a) view_classifieds.php; (2) id parameter in (b) view_ad.php; (3) event_id parameter in (c) view_event.php, (d) delete_event.php, and (e) edit_event.php; and (4) group_id in (f) view_group.php.

6.8
2006-07-13 CVE-2006-3541 Kyberna SQL Injection vulnerability in Kyberna AG Ky2help Meine Links

SQL injection vulnerability in Meine Links (aka My Links) in Kyberna ky2help allows remote authenticated users to execute arbitrary SQL commands via unspecified "textboxes."

6.5
2006-07-11 CVE-2006-0026 Microsoft Unspecified vulnerability in Microsoft products

Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).

6.5
2006-07-13 CVE-2006-3552 Ipswitch Remote Security vulnerability in Ipswitch products

Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium, when using a certain .dat file in the StarEngine /data directory from 20060630 or earlier, does not properly receive and implement bullet signature updates, which allows context-dependent attackers to use the server for spam transmission.

6.4
2006-07-13 CVE-2006-3555 PHP Fusion HTML Injection vulnerability in PHP-Fusion Avatar Image

Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PHP-Fusion before 6.01.3 allow remote attackers to inject arbitrary web script or HTML by using edit_profile.php to upload a (1) avatar or (2) forum image attachment that has a .gif or .jpg extension, and begins with a GIF header followed by JavaScript code, which is executed by Internet Explorer.

5.8
2006-07-13 CVE-2006-3542 Boxcar Media HTML Injection vulnerability in Boxcar Media Shopping Cart 0.9

Multiple cross-site scripting (XSS) vulnerabilities in Garry Glendown Shopping Cart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) shop name field in (a) editshop.php, (b) edititem.php, and (c) index.php; and via the (2) item field in editshop.php and edititem.php.

5.8
2006-07-13 CVE-2006-3538 Beatificfaith HTML Injection vulnerability in Beatificfaith Eprayer Alpha

Multiple cross-site scripting (XSS) vulnerabilities in demo.php in BeatificFaith Eprayer Alpha allow remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the (1) "Your name" field and (2) "Enter Prayer Request here" field.

5.8
2006-07-12 CVE-2006-3533 Pivot Input Validation vulnerability in Pivot 1.30Rc2

Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) fg, (2) line1, (3) line2, (4) bg, (5) c1, (6) c2, (7) c3, and (8) c4 parameters in (a) includes/blogroll.php; (9) name and (10) js_name parameters in (b) includes/editor/edit_menu.php; and, even if register_globals is not enabled, the (11) h and (12) w parameters in (c) includes/photo.php.

5.8
2006-07-12 CVE-2006-3526 Sport SLO Cross-Site Scripting vulnerability in Sport-Slo Advanced Guestbook 1.0

Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Sport-slo Advanced Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) name and (2) form parameters.

5.8
2006-07-12 CVE-2006-3521 Simian Systems INC Cross-Site Scripting vulnerability in Siteforge Collaborative Development Platform

Multiple cross-site scripting (XSS) vulnerabilities in index/siteforge-bugs-action/proj.siteforge in SiteForge Collaborative Development Platform 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) _status, (2) _extra1, (3) _extra2, or (4) _extra3 parameters.

5.8
2006-07-11 CVE-2006-3519 Native Solutions Cross-Site Scripting vulnerability in Native Solutions the Banner Engine 4.0

Multiple cross-site scripting (XSS) vulnerabilities in The Banner Engine (tbe) 4.0 allow remote attackers to execute arbitrary web script or HTML via the (1) text parameter in a search action to (a) top.php, and the (2) adminpass or (3) adminlogin parameter to (b) signup.php.

5.8
2006-07-10 CVE-2006-3480 Joomla Input Validation vulnerability in Joomla!

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.10 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters involving the (1) getUserStateFromRequest function, and the (2) SEF and (3) com_messages modules.

5.8
2006-07-10 CVE-2006-2917 Qbik Directory Traversal vulnerability in Qbik Wingate 6.1.2.1094/6.1.3.1096

Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of other users, or perform unauthorized operations on directories, via the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, and (7) LIST commands.

5.5
2006-07-14 CVE-2006-3590 Microsoft Remote Code Execution vulnerability in Microsoft Powerpoint 2000/2002/2003

mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.

5.1
2006-07-13 CVE-2006-3587 Adobe Multiple vulnerability in Adobe Flash Player 8.0.24.0

Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors.

5.1
2006-07-13 CVE-2006-3582 Audacious Media Player Team Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Audacious Media Player Team Adplug

Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and earlier allow remote user-assisted attackers to execute arbitrary code via the size specified in the package header of (1) CFF, (2) MTK, (3) DMO, and (4) U6M files.

5.1
2006-07-13 CVE-2006-3581 Audacious Media Player Team Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Audacious Media Player Team Adplug

Multiple stack-based buffer overflows in Audacious AdPlug 2.0 and earlier allow remote user-assisted attackers to execute arbitrary code via large (1) DTM and (2) S3M files.

5.1
2006-07-13 CVE-2006-3453 Adobe Remote Buffer Overflow vulnerability in Adobe Acrobat

Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers to execute arbitrary code via unknown vectors in a document that triggers the overflow when it is distilled to PDF.

5.1
2006-07-12 CVE-2006-3532 Pivot Input Validation vulnerability in Pivot 1.30Rc2

PHP file inclusion vulnerability in includes/edit_new.php in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a FTP URL or full file path in the Paths[extensions_path] parameter.

5.1
2006-07-10 CVE-2006-3493 Microsoft Unspecified vulnerability in Microsoft Office 2000/2003/Xp

Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type.

5.1
2006-07-13 CVE-2006-3578 Fujitsu Directory Traversal vulnerability in Fujitsu Serverview 2.50

Directory traversal vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to read arbitrary files via unspecified vectors.

5.0
2006-07-13 CVE-2006-3566 Hivemail Remote Security vulnerability in HiveMail

search.results.php in HiveMail 3.1 and earlier allows remote attackers to obtain the installation path via certain manipulations related to the (1) searchdate and (2) folderids parameters.

5.0
2006-07-13 CVE-2006-3561 BT Permissions, Privileges, and Access Controls vulnerability in BT Voyager 2091 Wireless Adsl Router

BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfig.sh, PPP credentials via (2) btvoyager_getpppcreds.sh, and decode configuration credentials via (3) btvoyager_decoder.c.

5.0
2006-07-13 CVE-2006-3557 MT Orumcek Information Disclosure vulnerability in MT Orumcek MT Orumcek Toplist 2.2

MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.

5.0
2006-07-13 CVE-2006-3549 Horde Cross-Site Scripting vulnerability in Horde Application Framework Services

services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server.

5.0
2006-07-13 CVE-2006-3546 ADA Denial Of Service vulnerability in ADA Imgsvr 0.6.5

Patrice Freydiere ImgSvr (aka ADA Image Server) allows remote attackers to cause a denial of service (daemon crash) via a long HTTP POST request.

5.0
2006-07-13 CVE-2006-3545 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 7.0

** DISPUTED ** Microsoft Internet Explorer 7.0 Beta allows remote attackers to cause a denial of service (application crash) via a web page with multiple empty APPLET start tags.

5.0
2006-07-12 CVE-2006-3535 Nullsoft Directory Traversal vulnerability in Shoutcast DSP 1.9.5/1.9.6

Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.7 allows remote attackers to read arbitrary files via unspecified vectors that are a "slight variation" of CVE-2006-3534.

5.0
2006-07-12 CVE-2006-3403 Samba Denial of Service vulnerability in Samba Internal Data Structures

The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests.

5.0
2006-07-12 CVE-2006-3529 Juniper Remote Denial of Service vulnerability in Juniper Networks JUNOS IPv6 Packet Processing

Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, 2006, allows remote attackers to cause a denial of service (kernel packet memory consumption and crash) via crafted IPv6 packets whose buffers are not released after they are processed.

5.0
2006-07-12 CVE-2006-3523 Clearswift Denial-Of-Service vulnerability in MIMEsweeper For Web

Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to cause a denial of service (crash) via an encrypted archived .RAR file, which triggers a scan error and causes the Web Policy Engine service to terminate.

5.0
2006-07-11 CVE-2006-3513 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference.

5.0
2006-07-11 CVE-2006-3512 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 6.0

Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) by setting the Enabled property of a DXTFilter ActiveX object to true, which triggers a null dereference.

5.0
2006-07-11 CVE-2006-3511 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 6.0

Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the fonts property of the HtmlDlgSafeHelper object, which triggers a null dereference.

5.0
2006-07-11 CVE-2006-1315 Microsoft Remote Information Disclosure vulnerability in Microsoft Windows Server Driver

The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."

5.0
2006-07-11 CVE-2006-1300 Microsoft Information Disclosure vulnerability in Microsoft .Net Framework 2.0

Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."

5.0
2006-07-10 CVE-2006-3492 Mico Remote Denial of Service vulnerability in MICO Object Key

The CORBA::ORBInvokeRec::set_answer_invoke function in orb.cc in MICO (Mico Is CORBA) 2.3.12 and earlier allows remote attackers to cause a denial of service (application crash) via a message with an incorrect "object key", which triggers an assert error.

5.0
2006-07-10 CVE-2006-3490 F Secure Products Scan Evasion vulnerability in F-Secure products

F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Security 2003 through 2006, and Service Platform for Service Providers 6.x and earlier does not scan files contained on removable media when "Scan network drives" is disabled, which allows remote attackers to bypass anti-virus controls.

5.0
2006-07-10 CVE-2006-3489 F Secure Products Scan Evasion vulnerability in F-Secure products

F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Security 2003 through 2006, and Service Platform for Service Providers 6.x and earlier allows remote attackers to bypass anti-virus scanning via a crafted filename.

5.0
2006-07-10 CVE-2006-3488 Virtuastore Directory Traversal vulnerability in Virtuastore 2.0

Absolute path traversal vulnerability in administrador.asp in VirtuaStore 2.0 allows remote attackers to possibly read arbitrary directories or files via an absolute path with Windows drive letter in the Pasta parameter when link=util, acao=ftp, and acaba=sim.

5.0
2006-07-10 CVE-2006-3487 Virtuastore Remote Security vulnerability in Virtuastore 2.0

VirtuaStore 2.0 stores sensitive files under the web root with insufficient access control, which allows remote attackers to obtain local database information by directly accessing database/virtuastore.mdb.

5.0
2006-07-10 CVE-2006-3483 Phpmaillist Information Disclosure vulnerability in PHPMailList

PHPMailList 1.8.0 stores sensitive information under the web document root iwth insufficient access control, which allows remote attackers to obtain email addresses of subscribers, configuration information, and the admin username and password via direct requests to (1) list.dat or (2) ml_config.dat.

5.0
2006-07-10 CVE-2006-3479 Nuked Klan Cross-Site Request Forgery vulnerability in Nuked-Klan 1.7Sp4.2

Cross-site request forgery (CSRF) vulnerability in the del_block function in modules/Admin/block.php in Nuked-Klan 1.7.5 and earlier and 1.7 SP4.2 allows remote attackers to delete arbitrary "blocks" via a link with a modified bid parameter in a del_block op on the block page in index.php.

5.0
2006-07-10 CVE-2006-3477 Stalker Denial of Service vulnerability in Stalker Communigate Pro5.0.6/Pro5.0.7/Pro5.1C1

Unspecified vulnerability in the POP service in Stalker CommuniGate Pro 5.1c1 and earlier allows remote attackers to cause a denial of service (server crash) via unspecified vectors involving opening an empty inbox.

5.0
2006-07-10 CVE-2006-3472 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag containing a long title attribute.

5.0
2006-07-10 CVE-2006-3471 Microsoft Denial Of Service vulnerability in Microsoft IE 6.0

Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method.

5.0
2006-07-13 CVE-2006-3540 Zonelabs Local Denial Of Service vulnerability in Zonelabs Zonealarm Security Suite 6.1.737.000/6.5.722.000

Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6.1.737.000, and possibly other versions do not properly validate RegSaveKey, RegRestoreKey, and RegDeleteKey function calls, which allows local users to cause a denial of service (system crash) via a certain combination of these function calls with an HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VETFDDNT\Enum argument.

4.9
2006-07-13 CVE-2006-3569 IBM Unspecified vulnerability in IBM Network Appliance Data Ontap

Unspecified vulnerability in NetApp Data ONTAP 7.0x through 7.0.4P8D9, 7.1x, 7.1.0.1x, and 7.2RC1, RC2, and RC3, as used in IBM N series Filers and other products, allows unauthorized users to gain access to privileged commands via unknown vectors, probably related to incorrect capabilities with the audit role.

4.6
2006-07-12 CVE-2006-3452 Adobe Local Privilege Escalation vulnerability in Adobe Acrobat / Adobe Reader

Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure file and directory permissions, which allows local users to gain privileges by overwriting program files.

4.6
2006-07-13 CVE-2006-3579 Fujitsu Cross-Site Scripting vulnerability in Fujitsu Serverview

Cross-site scripting (XSS) vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2006-07-13 CVE-2006-3570 Drupal Cross-Site Scripting vulnerability in Drupal 4.6/4.7

Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2006-07-13 CVE-2006-3568 Fantastic Scripts HTML Injection vulnerability in Fantastic Scripts Fantastic Guestbook 2.0.1

Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Fantastic Guestbook 2.0.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) nickname parameters.

4.3
2006-07-13 CVE-2006-3567 Juniper HTML Injection vulnerability in Juniper DX 5.1

Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field.

4.3
2006-07-13 CVE-2006-3564 Hivemail Input Validation vulnerability in Hivemail 1.2/1.3

Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the email, (2) cond, or (3) name parameters to (a) addressbook.view.php, (4) the daysprune parameter to (b) index.php, (5) the data[to] parameter to (c) compose.email.php, and (6) the markas parameter to (d) read.markas.php.

4.3
2006-07-13 CVE-2006-3558 Arif Supriyanto Input Validation vulnerability in Arif Supriyanto Auracms 1.62

Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to inject arbitrary web script or HTML via (1) the judul_artikel parameter in teman.php and (2) the title of an article sent to admin, which is displayed when unauthenticated users visit index.php.

4.3
2006-07-13 CVE-2006-3548 Horde Cross-Site Scripting vulnerability in Horde Application Framework Services

Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen).

4.3
2006-07-13 CVE-2006-3539 Dkscript Cross-Site Scripting vulnerability in Dkscript Dragons Kingdom Script 1.0

Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com Dragon's Kingdom Script 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) Subject and (2) Message fields in a do=write (aka Send Mail Message) action in gamemail.php; the (3) Gender, (4) Country/Location, (5) MSN Messenger, (6) AOL Instant Messenger, (7) Yahoo Instant Messenger, and (8) ICQ fields in a do=onlinechar (aka Edit your Profile) action in index.php, as accessed by dk.php; a javascript URI in the SRC attribute of an IMG element in the (9) Title and (10) Message fields in a do=new (aka Create Thread) action in general.php; and a javascript URI in the SRC attribute of an IMG element in unspecified fields in (11) other Forum posts and (12) Forum replies.

4.3
2006-07-12 CVE-2006-3522 Clearswift Cross-Site Scripting vulnerability in MIMESweeper For Web Access Denied

Cross-site scripting (XSS) vulnerability in Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in an error message when trying to access a blocked web site.

4.3
2006-07-11 CVE-2006-3514 Phpblogger Cross-Site Scripting vulnerability in PHPblogger PHP-Blogger 2.2.5

Multiple cross-site scripting (XSS) vulnerabilities in admin/actions.php in PHP-Blogger 2.2.5, and possibly earlier versions, allow remote attackers to execute arbitrary web script or HTML via the (1) name, (2) title, (3) news, (4) description, and (5) sitename parameters.

4.3
2006-07-10 CVE-2006-3476 Phpwebgallery Cross-Site Scripting vulnerability in PHPWebGallery

Cross-site scripting (XSS) vulnerability in comments.php in PhpWebGallery 1.5.2 and earlier, and possibly 1.6.0, allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.

4.3

11 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-07-13 CVE-2006-3588 Adobe Multiple vulnerability in Adobe Flash Player 8.0.24.0

Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to cause a denial of service (browser crash) via a malformed, compressed .swf file, a different issue than CVE-2006-3587.

2.6
2006-07-13 CVE-2006-3571 Papoo Cross-Site Scripting vulnerability in Papoo 2.1.2/2.1.5/3.0.0Rc3

Multiple cross-site scripting (XSS) vulnerabilities in interna/hilfe.php in Papoo 3 RC3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) titel or (2) ausgabe parameters.

2.6
2006-07-13 CVE-2006-3563 Winged Gallery Cross-Site Scripting vulnerability in Winged Gallery Winged Gallery 1.0

Cross-site scripting (XSS) vulnerability in gallery/thumb.php in Winged Gallery 1.0 allows remote attackers to inject arbitrary web script or HTML via the image parameter.

2.6
2006-07-13 CVE-2006-3550 F5 Cross-Site Scripting vulnerability in F5 Firepass 4100 5.4.2

Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified "writable form fields and hidden fields," including "authentication frontends."

2.6
2006-07-13 CVE-2006-3547 Vmware Unspecified vulnerability in VMWare Player

** DISPUTED ** EMC VMware Player allows user-assisted attackers to cause a denial of service (unrecoverable application failure) via a long value of the ide1:0.fileName parameter in the .vmx file of a virtual machine.

2.6
2006-07-11 CVE-2006-3510 Microsoft Denial of Service vulnerability in Microsoft IE 6.0

The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.

2.6
2006-07-10 CVE-2006-3484 Adaptive Technology Resource Centre Cross-Site Scripting vulnerability in ATutor

Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a) admin/create_course.php, show_courses parameter to (b) users/create_course.php, (3) p parameter to (c) documentation/admin/, (4) forgot parameter to (d) password_reminder.php, (5) cat parameter to (e) users/browse.php, or the (6) submit parameter to admin/fix_content.php.

2.6
2006-07-10 CVE-2006-3482 Phpmaillist Cross-Site Scripting vulnerability in PHPMailList

Cross-site scripting (XSS) vulnerability in maillist.php in PHPMailList 1.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter.

2.6
2006-07-13 CVE-2006-3575 Mcafee Denial-Of-Service vulnerability in Mcafee Virusscan 8.0.0

Unknown vulnerability in the Buffer Overflow Protection in McAfee VirusScan Enterprise 8.0.0 allows local users to cause a denial of service (unstable operation) via a long string in the (1) "Process name", (2) "Module name", or (3) "API name" fields.

2.1
2006-07-10 CVE-2006-3486 Mysql
Oracle
Numeric Errors vulnerability in multiple products

** DISPUTED ** Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called.

2.1
2006-07-13 CVE-2006-3551 NCP Network Communications Local Security vulnerability in Secure Client

NCP Secure Enterprise Client (aka VPN/PKI client) 8.30 Build 59, and possibly earlier versions, when the Link Firewall and Personal Firewall are both configured to block all inbound and outbound network traffic, allows context-dependent attackers to send inbound UDP traffic with source port 67 and destination port 68, and outbound UDP traffic with source port 68 and destination port 67.

1.2