Weekly Vulnerabilities Reports > July 17 to 23, 2006

Overview

150 new vulnerabilities reported during this period, including 23 critical vulnerabilities and 43 high severity vulnerabilities. This weekly summary report vulnerabilities in 110 products from 81 vendors including Oracle, Microsoft, Cisco, Wireshark, and Mybulletinboard. Vulnerabilities are notably categorized as "Code Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Use of Externally-Controlled Format String", "Resource Management Errors", and "Permissions, Privileges, and Access Controls".

  • 139 reported vulnerabilities are remotely exploitables.
  • 13 reported vulnerabilities have public exploit available.
  • 3 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 137 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 28 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 18 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

23 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-07-21 CVE-2006-3724 Oracle Multiple vulnerability in Oracle July 2006 Security Update

Unspecified vulnerability in JD Edwards HTML Server for Oracle OneWorld Tools EnterpriseOne Tools 8.95 and 8.96 has unknown impact and attack vectors, aka Oracle Vuln# JDE01.

10.0
2006-07-21 CVE-2006-3723 Oracle Multiple vulnerability in Oracle Peoplesoft Enterprise 8.8/8.9

Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle PeopleSoft Enterprise Portal 8.8 with Enforcer Portal Pack Bundle #10 and 8.9 Bundle #3 has unknown impact and attack vectors, aka Oracle Vuln# PSE02.

10.0
2006-07-21 CVE-2006-3722 Oracle Multiple vulnerability in Oracle Peoplesoft Enterprise 8.4/8.8/8.9

Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle PeopleSoft Enterprise Portal 8.4 Bundle #16, 8.8 Bundle #10, and 8.9 Bundle #3 has unknown impact and attack vectors, aka Oracle Vuln# PSE01.

10.0
2006-07-21 CVE-2006-3721 Oracle Multiple vulnerability in Oracle Enterprise Manager 10.1.0.5/10.2.0.1

Multiple unspecified vulnerabilities in Oracle Management Service for Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors, aka Oracle Vuln# EM03 and EM04.

10.0
2006-07-21 CVE-2006-3718 Oracle Multiple vulnerability in Oracle Exchange 6.2.4Fororacleebusinesssuiteandapplications

Multiple unspecified vulnerabilities in Oracle Exchange for Oracle E-Business Suite and Applications 6.2.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS16 and (2) APPS17.

10.0
2006-07-21 CVE-2006-3717 Oracle Multiple vulnerability in Oracle E-Business Suite 11.5.9

Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.9 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS03 and (2) APPS04 for Oracle Application Object Library; and (3) APPS20 for Oracle XML Gateway.

10.0
2006-07-21 CVE-2006-3716 Oracle Multiple vulnerability in Oracle E-Business Suite 11.5.10.2

Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS01 for Internet Expenses; (2) APPS02, (3) APPS05, (4) APPS06, (5) APPS07, (6) APPS08, (7) APPS09, and (8) APPS10 for Oracle Application Object Library; (9) APPS11, (10) APPS12, and (11) APPS13 for Oracle Applications Technology Stack; (12) APPS14 for Oracle Call Center Technology; (13) APPS15 for Oracle Common Applications; (14) APPS18 for Oracle Self-Service Web Applications; and (15) APPS19 for Oracle Workflow Cartridge.

10.0
2006-07-21 CVE-2006-3715 Oracle Multiple vulnerability in Oracle Collaboration Suite 10.1.2

Unspecified vulnerability in Calendar for Oracle Collaboration Suite 10.1.2 has unknown impact and attack vectors, aka Oracle Vuln# OCS01.

10.0
2006-07-21 CVE-2006-3710 Oracle Multiple vulnerability in Oracle July 2006 Security Update

Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, 9.0.4.2, and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# (1) AS05 and (2) AS08.

10.0
2006-07-21 CVE-2006-3708 Oracle Multiple vulnerability in Oracle July 2006 Security Update

Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, 9.0.4.2, 10.1.2.0.2, and 10.1.2.1 has unknown impact and attack vectors, aka Oracle Vuln# AS03.

10.0
2006-07-21 CVE-2006-3705 Oracle Multiple vulnerability in Oracle Database Server 10.1.0.5

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB21 for Statistics and (2) DB22 for Upgrade & Downgrade.

10.0
2006-07-21 CVE-2006-3704 Oracle Multiple vulnerability in Oracle Database Server 10.1.0.4

Unspecified vulnerability in the Oracle ODBC Driver for Oracle Database 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# 10.1.0.4.

10.0
2006-07-21 CVE-2006-3702 Oracle Multiple vulnerability in Oracle July 2006 Security Update

Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB06 in Export; (2) DB08, (3) DB09, (4) DB10, (5) DB11, (6) DB12, (7) DB13, (8) DB14, and (9) DBC01 for OCI; (10) DB16 for Query Rewrite/Summary Mgmt; (11) DB17, (12) DB18, (13) DB19, (14) DBC02, (15) DBC03, and (16) DBC04 for RPC; and (17) DB20 for Semantic Analysis.

10.0
2006-07-21 CVE-2006-3700 Oracle Multiple vulnerability in Oracle Database Server 10.1.0.4/9.2.0.6

Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and 10.1.0.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 for Web Distributed Authoring and Versioning (DAV) and (2) DB23 for XMLDB.

10.0
2006-07-21 CVE-2006-3698 Oracle Multiple vulnerability in Oracle Database Server 10.1.0.5

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB01 for Change Data Capture (CDC) component and (2) DB03 for Data Pump Metadata API.

10.0
2006-07-21 CVE-2006-3632 Ethereal Group Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ethereal Group Ethereal

Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the NFS dissector.

10.0
2006-07-21 CVE-2006-3628 Ethereal Group
Wireshark
USE of Externally-Controlled Format String vulnerability in multiple products

Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors.

10.0
2006-07-18 CVE-2006-3667 Sybase Security vulnerability in Sybase Financial Fusion Server

Unspecified vulnerability in Sybase/Financial Fusion Consumer Banking Suite versions before 20060706 has unknown impact and remote attack vectors.

10.0
2006-07-18 CVE-2006-3601 Dotnetnuke Security vulnerability in DotNetNuke

** UNVERIFIABLE ** Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attackers to gain privileges via unspecified vectors, as used in an attack against the Microsoft France web site.

10.0
2006-07-21 CVE-2006-3730 Microsoft Code Injection vulnerability in Microsoft IE and Internet Explorer

Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.

9.3
2006-07-21 CVE-2006-3703 Oracle Multiple vulnerability in Oracle Database Server 10.1.0.4/9.0.1.5/9.2.0.6

Unspecified vulnerability in InterMedia for Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.4 has unknown impact and attack vectors, aka oracle Vuln# DB07.

9.0
2006-07-21 CVE-2006-3701 Oracle Multiple vulnerability in Oracle Database Server 8.1.7.4/9.0.1.5/9.2.0.6

Unspecified vulnerability in the Dictionary component in Oracle Database 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB05.

9.0
2006-07-21 CVE-2006-3699 Oracle Multiple vulnerability in Oracle July 2006 Security Update

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB02.

9.0

43 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-07-21 CVE-2006-3629 Ethereal Group Multiple vulnerability in Wireshark Protocol Dissectors

Unspecified vulnerability in the MOUNT dissector in Wireshark (aka Ethereal) 0.9.4 to 0.99.0 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

7.8
2006-07-21 CVE-2006-3468 Linux Remote Denial of Service vulnerability in Linux Kernel NFS and EXT3 Combination

Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only.

7.8
2006-07-18 CVE-2006-3674 Armagetron Remote Denial Of Service vulnerability in Armagetron Advanced 0.2.7.0

nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a large number handled by the id_req_handler function.

7.8
2006-07-18 CVE-2006-3668 Dynamic Universal Music Bibliotheque Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Dynamic Universal Music Bibliotheque Dumb

Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-assisted attackers to execute arbitrary code via a ".it" (Impulse Tracker) file with an envelope with a large number of nodes.

7.6
2006-07-18 CVE-2006-3660 Microsoft Multiple Unspecified vulnerability in Microsoft Powerpoint 2003

Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe.

7.6
2006-07-21 CVE-2006-3763 Dieselscripts SQL Injection vulnerability in Dieselscripts Diesel Joke Site 2.0

SQL injection vulnerability in category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-07-21 CVE-2006-3762 Touch Control Remote Security vulnerability in Touch Control Activex Control 2.0.0.55

The Touch Control ActiveX control 2.0.0.55 allows remote attackers to read and possibly execute arbitrary files via a "file///" URI in the sPath parameter to the Execute function.

7.5
2006-07-21 CVE-2006-3760 Mybulletinboard SQL-Injection vulnerability in Mybulletinboard 1.1.4

Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2006-07-21 CVE-2006-3758 Mybulletinboard SQL-Injection vulnerability in Mybulletinboard 1.1.4

inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php.

7.5
2006-07-21 CVE-2006-3755 Flushcms Unspecified vulnerability in Flushcms

PHP remote file inclusion vulnerability in Include/editor/class.rich.php in FlushCMS 1.0.0-pre2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the class_path parameter.

7.5
2006-07-21 CVE-2006-3754 Flushcms Remote File Include vulnerability in FlushCMS Class.Rich.PHP

PHP remote file inclusion vulnerability in Include/editor/rich_files/class.rich.php in FlushCMS 1.0.0-pre2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the class_path parameter.

7.5
2006-07-21 CVE-2006-3752 Professional Home Page Tools SQL Injection vulnerability in Professional Home Page Tools Guestbook

Multiple SQL injection vulnerabilities in class.php in Professional Home Page Tools Guestbook allow remote attackers to execute arbitrary SQL commands via the (1) hidemail, (2) name, (3) mail, (4) ip, or (5) text parameters.

7.5
2006-07-21 CVE-2006-3736 Mambo Remote File Include vulnerability in Mambo Videodb 0.1/0.2/0.3

PHP remote file inclusion vulnerability in core/videodb.class.xml.php in the VideoDB component for Mambo 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2006-07-21 CVE-2006-3733 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Security Monitoring Analysis and Response System 4.2.0

jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name.

7.5
2006-07-21 CVE-2006-3727 Eskolar CMS SQL Injection vulnerability in Eskolar CMS Eskolar CMS 0.9.0.0

Multiple SQL injection vulnerabilities in Eskolar CMS 0.9.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) gr_1_id, (2) gr_2_id, (3) gr_3_id, and (4) doc_id parameters in (a) index.php; the (5) uid and (6) pwd parameters in (b) php/esa.php; and possibly other vectors related to files in php/lib/ including (c) del.php, (d) download_backup.php, (e) navig.php, (f) restore.php, (g) set_12.php, (h) set_14.php, and (i) upd_doc.php.

7.5
2006-07-21 CVE-2006-3692 Silentweb Remote File Include vulnerability in Silentweb Listmessenger 0.9.3

** DISPUTED ** PHP remote file inclusion vulnerability in enduser/listmessenger.php in ListMessenger 0.9.3 allows remote attackers to execute arbitrary PHP code via a URL in the lm_path parameter.

7.5
2006-07-21 CVE-2006-3691 Vbzoom SQL Injection Vulnerabilitie in VBZooM

Multiple SQL injection vulnerabilities in VBZooM 1.11 and earlier allow remote attackers to execute arbitrary SQL commands via the UserID parameter to (1) ignore-pm.php, (2) sendmail.php, (3) reply.php or (4) sub-join.php.

7.5
2006-07-21 CVE-2006-3690 Minibb Remote File Include vulnerability in Minibb Forum 1.5A

Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) components/com_minibb.php or (2) components/minibb/index.php.

7.5
2006-07-21 CVE-2006-3689 Codeworks Remote File Include vulnerability in Codeworks Gnomedia Subberz Lite

** DISPUTED ** PHP remote file inclusion vulnerability in user-func.php in Codeworks Gnomedia SubberZ[Lite] allows remote attackers to execute arbitrary PHP code via a URL in the myadmindir parameter.

7.5
2006-07-21 CVE-2006-3688 Francisco Charrua SQL Injection vulnerability in Francisco Charrua Photo-Gallery 1.0

SQL injection vulnerability in Room.php in Francisco Charrua Photo-Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-07-21 CVE-2006-3687 D Link Buffer Overflow vulnerability in Multiple D-Link Routers UPNP

Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900.

7.5
2006-07-21 CVE-2006-3684 Softcomplex Remote File Include vulnerability in Softcomplex PHP Event Calendar 1.4

PHP remote file inclusion vulnerability in calendar.php in SoftComplex PHP Event Calendar 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_calendar parameter, which overwrites the $path_to_calendar variable from an extract function call.

7.5
2006-07-21 CVE-2006-3683 Flipper Poll Remote File Include vulnerability in Flipper Poll Poll.PHP

PHP remote file inclusion vulnerability in poll.php in Flipper Poll 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.

7.5
2006-07-21 CVE-2006-3679 Fatwire Authentication Bypass vulnerability in Fatwire Content Server 5.5.0

FatWire Content Server 5.5.0 allows remote attackers to bypass access restrictions and obtain administrative privileges via unspecified attack vectors in the authentication process.

7.5
2006-07-21 CVE-2006-3630 Wireshark Numeric Errors vulnerability in Wireshark 0.9.7/0.9.8/0.99.0

Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to 0.99.0 have unknown impact and remote attack vectors via the (1) NCP NMAS and (2) NDPS dissectors.

7.5
2006-07-21 CVE-2006-3467 Freetype Numeric Errors vulnerability in Freetype

Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861.

7.5
2006-07-18 CVE-2006-3671 Hyper Estraier Cross-Site Request Forgery vulnerability in Hyper Estraier

Cross-site request forgery (CSRF) vulnerability in the communicate function in estmaster.c for Hyper Estraier before 1.3.3 allows remote attackers to perform unauthorized actions as other users via unknown vectors.

7.5
2006-07-18 CVE-2006-3670 Rabox Remote Buffer Overflow vulnerability in Rabox WinLPD

Stack-based buffer overflow in Winlpd 1.26 allows remote attackers to execute arbitrary code via a long string in a request to TCP port 515.

7.5
2006-07-18 CVE-2006-3666 Myiosoft COM SQL-Injection vulnerability in Myiosoft.Com Ajaxportal 3.0

SQL injection vulnerability in AjaxPortal 3.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the 'Search' field, a different vulnerability than CVE-2006-3515.

7.5
2006-07-18 CVE-2006-3662 Adaptive Technology Resource Centre Input Validation vulnerability in Adaptive Technology Resource Centre Atutor 1.5.3

** DISPUTED ** SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter.

7.5
2006-07-18 CVE-2006-3652 Microsoft Unspecified vulnerability in Microsoft ISA Server 2004

Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character.

7.5
2006-07-18 CVE-2006-3618 Pixelated BY LEV SQL-Injection vulnerability in Pixelated By Lev Guestbook

SQL injection vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) website, (4) comments, (5) rate, and (6) private parameters.

7.5
2006-07-18 CVE-2006-3621 Dream4 Input Validation vulnerability in Dream4 Koobi PRO 5.6

SQL injection vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to execute arbitrary SQL commands via the toid parameter.

7.5
2006-07-18 CVE-2006-3614 Orbitcoders SQL-Injection vulnerability in Orbitcoders Orbitmatrix 1.0

index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to trigger a SQL error via the page_name parameter, possibly due to a SQL injection vulnerability.

7.5
2006-07-18 CVE-2006-2450 Libvncserver Remote Authentication Bypass vulnerability in Libvncserver 0.7.1

auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369.

7.5
2006-07-18 CVE-2006-3604 Seyeon Unspecified vulnerability in Seyeon Flexwatch Network Camera

Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to bypass access restrictions for (1) admin/aindex.asp or (2) admin/aindex.html via a ..

7.5
2006-07-18 CVE-2006-3599 PHP Nuke SQL-Injection vulnerability in Advanced Classified Module

SQL injection vulnerability in the Nuke Advanced Classifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_ads parameter in an EditAds op.

7.5
2006-07-18 CVE-2006-3598 PHP Nuke SQL Injection vulnerability in PHP-Nuke Sections Module 'artid' Parameter

SQL injection vulnerability in the Sections module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle op.

7.5
2006-07-18 CVE-2006-3595 Cisco Authentication Bypass vulnerability in Cisco Router web Setup 3.3.0Build30

The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190.

7.5
2006-07-18 CVE-2006-3594 Cisco Remote vulnerability in Cisco Unified CallManager

Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows remote attackers to execute arbitrary code via a long hostname in a SIP request, aka bug CSCsd96542.

7.5
2006-07-21 CVE-2006-3734 Cisco Multiple vulnerability in Retired: Cisco Security Monitoring Analysis and Response System

Multiple unspecified vulnerabilities in the Command Line Interface (CLI) for Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allow local CS-MARS administrators to execute arbitrary commands as root.

7.2
2006-07-21 CVE-2006-3697 Agnitum
Lavasoft
Novell
Permissions, Privileges, and Access Controls vulnerability in multiple products

Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the "open folder" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function; or (b) by overwriting a batch file through the "Save Configuration As" option.

7.2
2006-07-18 CVE-2006-3597 Ubuntu Local Security vulnerability in Ubuntu Linux 6.06Lts

passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory.

7.2

68 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-07-21 CVE-2006-3767 Darrens 5 Dollar Script Archive HTML Injection vulnerability in Osdate 1.1.5/1.1.6

Cross-site scripting (XSS) vulnerability in showprofile.php in Darren's $5 Script Archive osDate 1.1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the onerror attribute in an HTML IMG tag with a non-existent source file in txtcomment parameter, which is used when posting a comment.

6.8
2006-07-21 CVE-2006-3751 Htmlarea3 Code Injection vulnerability in Htmlarea3 1.5

PHP remote file inclusion vulnerability in popups/ImageManager/config.inc.php in the HTMLArea3 Addon Component (com_htmlarea3_xtd-c) for ImageManager 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2006-07-21 CVE-2006-3750 Hashcash Code Injection vulnerability in Hashcash 1.2.1

PHP remote file inclusion vulnerability in server.php in the Hashcash Component (com_hashcash) 1.2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2006-07-21 CVE-2006-3749 Mambo Code Injection vulnerability in Mambo Sitemap 2.0.0

PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap component (com_sitemap) 2.0.0 for Mambo 4.5.1 CMS, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2006-07-21 CVE-2006-3748 Mamboxchange Code Injection vulnerability in Mamboxchange Loudmouth 4.0J

PHP remote file inclusion vulnerability in includes/abbc/abbc.class.php in the LoudMouth Component for Mambo 4.0j, and possibly other versions including 4.1, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2006-07-21 CVE-2006-3728 SUN Denial of Service vulnerability in Sun Solaris 10 Kernel Patches

Unspecified vulnerability in the kernel in Solaris 10 with patch 118822-29 (118844-29 on x86) and without patch 118833-11 (118855-08) allows remote authenticated users to cause a denial of service via unspecified vectors that lead to "kernel data structure corruption" that can trigger a system panic, application failure, or "data corruption."

6.8
2006-07-21 CVE-2006-3695 Edgewall Software Information Disclosure And Denial of Service vulnerability in Trac

Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors.

6.8
2006-07-21 CVE-2006-3726 Intervations Remote Buffer Overflow vulnerability in Intervations FileCopa LIST Command

Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th July 2006, allows remote authenticated attackers to execute arbitrary code via a long argument to the LIST command.

6.5
2006-07-21 CVE-2006-3753 Professional Home Page Tools Remote Security vulnerability in Professional Home Page Tools Guestbook

setcookie.php for the administration login in Professional Home Page Tools Guestbook records the hash of the administrator password in a cookie, which allows attackers to conduct brute force password guessing attacks after obtaining the hash.

6.4
2006-07-21 CVE-2006-3694 Yukihiro Matsumoto SAFE Level Restriction Bypass vulnerability in Yukihiro Matsumoto Ruby 1.8.2/1.8.3/1.8.4

Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".

6.4
2006-07-18 CVE-2006-3626 Linux Local Privilege Escalation vulnerability in Linux Kernel PROC Filesystem

Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.

6.2
2006-07-18 CVE-2006-3617 Pixelated BY LEV Cross-Site Scripting vulnerability in Pixelated BY LEV Pixelated BY LEV Guestbook 1.32

Cross-site scripting (XSS) vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) message (aka comments), (3) website, and (4) email parameters, which bypasses XSS protection mechanisms that check for SCRIPT tags but not others, as demonstrated by a javascript URI in an onMouseOver attribute and the src attribute in an iframe tag.

5.8
2006-07-18 CVE-2006-3613 Chamberland Technology Cross-Site Scripting vulnerability in Chamberland Technology Ezwaiter Online 3.0

Multiple cross-site scripting (XSS) vulnerabilities in Chamberland Technology ezWaiter 3.0 Online and possibly Enterprise Software (aka enterprise edition) allow remote attackers to inject arbitrary web script or HTML via the (1) itemfor (aka "Who is this item for?") and (2) special (aka "Special Instructions") parameters to item.php, which is accessed from showorder.php, or (3) unspecified parameters to the login form at login.php.

5.8
2006-07-18 CVE-2006-3603 Seyeon Cross-Site Scripting vulnerability in Seyeon Flexwatch Network Camera 3.0

Cross-site scripting (XSS) vulnerability in index.php in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL.

5.8
2006-07-21 CVE-2006-3720 Oracle Multiple vulnerability in Oracle Enterprise Manager 10.1.0.3

Unspecified vulnerability in Enterprise Config Management for Oracle Enterprise Manager 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# EM02.

5.5
2006-07-21 CVE-2006-3719 Oracle Multiple vulnerability in Oracle Enterprise Manager 9.0.1.0/9.2.0.1

Unspecified vulnerability in CORE: Repository for Oracle Enterprise Manager 9.0.1.0 and 9.2.0.1 has unknown impact and attack vectors, aka Oracle Vuln# EM01.

5.5
2006-07-18 CVE-2006-3611 Phorum Directory Traversal vulnerability in Phorum

Directory traversal vulnerability in pm.php in Phorum 5 allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[template] parameter, as demonstrated by injecting PHP sequences into a log file, which is then included by pm.php.

5.5
2006-07-21 CVE-2006-3735 Mail2Forum Remote File Include vulnerability in Mail2Forum

Multiple PHP remote file inclusion vulnerabilities in Mail2Forum (module for phpBB) 1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the m2f_root_path parameter to (1) m2f/m2f_phpbb204.php, (2) m2f/m2f_forum.php, (3) m2f/m2f_mailinglist.php or (4) m2f/m2f_cron.php.

5.1
2006-07-21 CVE-2006-3685 Czaries Network Remote File Include vulnerability in Czaries Network Czarnews 1.12/1.13/1.14

PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14 allows remote attackers to execute arbitrary PHP code via a URL in the tpath parameter to cn_config.php.

5.1
2006-07-18 CVE-2006-3655 Microsoft Multiple Unspecified vulnerability in Microsoft Powerpoint 2003

Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file.

5.1
2006-07-18 CVE-2006-3615 Phorum Remote File Include vulnerability in Phorum 5.1.14

Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via unspecified vectors related to an uninitialized variable.

5.1
2006-07-18 CVE-2006-3600 Libtunepimp Buffer Errors vulnerability in Libtunepimp 0.4.2

Multiple stack-based buffer overflows in the LookupTRM::lookup function in libtunepimp (TunePimp) 0.4.2 allow remote user-assisted attackers to cause a denial of service (application crash) and possibly execute code via a long (1) Album release date (MBE_ReleaseGetDate), (2) data, or (3) error strings.

5.1
2006-07-21 CVE-2006-3766 Darrens 5 Dollar Script Archive Remote Security vulnerability in Osdate 1.1.5/1.1.6

Darren's $5 Script Archive osDate 1.1.7 and earlier allows users to boost their own ratings via a txtrating parameter with a score greater than the intended maximum of 10.

5.0
2006-07-21 CVE-2006-3764 Till Gerken Remote Security vulnerability in Till Gerken PHPpolls 1.0.3

Till Gerken phpPolls 1.0.3 allows remote attackers to create a new poll via a direct request to phpPollAdmin.php3 with the poll_action parameter set to create.

5.0
2006-07-21 CVE-2006-3759 Mybulletinboard Remote Security vulnerability in Mybulletinboard 1.1.4

Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related has unspecified impact and attack vectors related to "user group manipulation." This vulnerability is addressed in the following product release: MyBB, MyBB, 1.1.5

5.0
2006-07-21 CVE-2006-3757 ZEN Cart Information Disclosure vulnerability in ZEN Cart ZEN Cart 1.3.0.2

index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain sensitive information via empty (1) _GET[], (2) _SESSION[], (3) _POST[], (4) _COOKIE[], or (5) _SESSION[] array parameters, which reveals the installation path in an error message.

5.0
2006-07-21 CVE-2006-3732 Cisco Multiple vulnerability in Retired: Cisco Security Monitoring Analysis and Response System

Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1 ships with an Oracle database that contains several default accounts and passwords, which allows attackers to obtain sensitive information.

5.0
2006-07-21 CVE-2006-3714 Oracle Multiple vulnerability in Oracle July 2006 Security Update

Unspecified vulnerability in OC4J for Oracle Application Server 10.1.2.0.2 and 10.1.2.1 has unknown impact and attack vectors, aka Oracle Vuln# AS10.

5.0
2006-07-21 CVE-2006-3712 Oracle Multiple vulnerability in Oracle Application Server 10.1.2.0.0/9.0.4.2

Unspecified vulnerability in OC4J for Oracle Application Server 9.0.4.2 and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# AS07.

5.0
2006-07-21 CVE-2006-3709 Oracle Multiple vulnerability in Oracle July 2006 Security Update

Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# AS04.

5.0
2006-07-21 CVE-2006-3706 Oracle Multiple vulnerability in Oracle Application Server 9.0.2.3

Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 has unknown impact and attack vectors, aka Oracle Vuln# AS01.

5.0
2006-07-21 CVE-2006-3686 HP Local Denial of Service vulnerability in HP Openvms 7.32

Unspecified vulnerability in [SYSEXE]SMPUTIL.EXE in HP OpenVMS 7.3-2 allows local users and "remote users" to cause a denial of service (crash).

5.0
2006-07-21 CVE-2006-3682 Awstats Unspecified vulnerability in Awstats

awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters.

5.0
2006-07-21 CVE-2006-3631 Wireshark Resource Management Errors vulnerability in Wireshark

Unspecified vulnerability in the SSH dissector in Wireshark (aka Ethereal) 0.9.10 to 0.99.0 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

5.0
2006-07-21 CVE-2006-3627 Wireshark Resource Management Errors vulnerability in Wireshark

Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark (aka Ethereal) 0.10.11 to 0.99.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors.

5.0
2006-07-21 CVE-2006-0817 Deerfield
Icewarp
Merak
File Include vulnerability in VisNetic Mail Server

Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b) VisNetic MailServer before 8.5.0.5 allows remote attackers to include arbitrary files via a full Windows path and drive letter in the (1) language parameter in accounts/inc/include.php and (2) lang_settings parameter in admin/inc/include.php, which is not properly sanitized by the securepath function, a related issue to CVE-2005-4556.

5.0
2006-07-18 CVE-2006-3673 Armagetron Remote Denial Of Service vulnerability in Armagetron Advanced 0.2.7.0

nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service (application crash) via a large owner value, which causes an assert error.

5.0
2006-07-18 CVE-2006-3664 SUN Denial of Service vulnerability in Sun Solaris NIS Server YPServ

Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors.

5.0
2006-07-18 CVE-2006-3659 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object.

5.0
2006-07-18 CVE-2006-3658 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by accessing the object references of a FolderItem ActiveX object, which triggers a null dereference in the security check.

5.0
2006-07-18 CVE-2006-3657 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property.

5.0
2006-07-18 CVE-2006-3625 FLV Information Disclosure vulnerability in FLV Player 8

FLV Players 8 allows remote attackers to obtain sensitive information via (1) a direct request to paginate.php or (2) an invalid p parameter to player.php, which reveal the path in an error message.

5.0
2006-07-18 CVE-2006-3623 Mcafee Directory Traversal vulnerability in Mcafee Epolicy Orchestrator Agent 3.5.0

Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a ..

5.0
2006-07-18 CVE-2006-3622 Dream4 SQL-Injection vulnerability in Dream4 Koobi PRO 5.6

The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to obtain sensitive information via a ' (single quote) in the p parameter, which displays the path in an error message.

5.0
2006-07-18 CVE-2006-3610 Orbitcoders Information Disclosure vulnerability in Orbitcoders Orbitmatrix 1.0

index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to obtain sensitive information (partial database schema) via a modified page_name parameter, which reflects portions of an SQL query in the result.

5.0
2006-07-18 CVE-2006-3606 SUN Denial of Service vulnerability in LibICE

Unspecified vulnerability in Sun Solaris X Inter Client Exchange library (libICE) on Solaris 8 and 9 allows context-dependent attackers to cause a denial of service (application crash) to applications that use the library.

5.0
2006-07-18 CVE-2006-3605 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 6.0

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference.

5.0
2006-07-18 CVE-2006-3602 Farsinews Directory Traversal vulnerability in Farsinews 3.0Beta1

Directory traversal vulnerability in jscripts/tiny_mce/tiny_mce_gzip.php in FarsiNews 3.0 BETA 1 allows remote attackers to include arbitrary files via a ..

5.0
2006-07-18 CVE-2006-3596 Cisco Denial Of Service vulnerability in Cisco Intrusion Prevention System Malformed Packet

The device driver for Intel-based gigabit network adapters in Cisco Intrusion Prevention System (IPS) 5.1(1) through 5.1(p1), as installed on various Cisco Intrusion Prevention System 42xx appliances, allows remote attackers to cause a denial of service (kernel panic and possibly network outage) via a crafted IP packet.

5.0
2006-07-18 CVE-2006-3591 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 6.0

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the URL property of a TriEditDocument.TriEditDocument object before it has been initialized, which triggers a NULL pointer dereference.

5.0
2006-07-21 CVE-2006-3693 Rocks Clusters Local Privilege Escalation vulnerability in Rocks Clusters

Rocks Clusters 4.1 and earlier allows local users to gain privileges via commands enclosed with escaped backticks (\`) in an argument to the (1) mount-loop (mount-loop.c) or (2) umount-loop (umount-loop.c) command, which is not filtered in a system function call.

4.6
2006-07-18 CVE-2006-3663 Finjan Information Disclosure vulnerability in Finjan Appliance Plaintext Password Storage

Finjan Vital Security Appliance 5100/8100 NG 8.3.5 stores passwords in plaintext in a backup file, which allows local users to gain privileges.

4.6
2006-07-18 CVE-2006-3608 Flatnuke Remote File Include vulnerability in FlatNuke

The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file.

4.6
2006-07-18 CVE-2006-3592 Cisco Remote vulnerability in Cisco Unified CallManager

Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving "certain CLI commands," aka bug CSCse11005.

4.6
2006-07-21 CVE-2006-3765 Huttenlocher Webdesign HTML Injection vulnerability in hdweGUEST

Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher Webdesign hwdeGUEST 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the "name input" field in new_entry.php.

4.3
2006-07-21 CVE-2006-3761 Mybulletinboard Cross-Site Scripting vulnerability in Mybulletinboard

Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascript".

4.3
2006-07-21 CVE-2006-3756 Geeklog Cross-Site Scripting vulnerability in Geeklog 1.3.11/1.4.0

Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and earlier, and 1.3.11sr6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when validating comments in (1) lib-comment.php (1.4.0sr4) or (2) comment.php (0.3.11sr6).

4.3
2006-07-21 CVE-2006-3737 Swsoft Cross-Site Scripting vulnerability in Plesk Control Panel

Cross-site scripting (XSS) vulnerability in filemanager/filemanager.php in the control panel in SWsoft Plesk 8.0 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the file parameter.

4.3
2006-07-18 CVE-2006-3665 Squirrelmail Unspecified vulnerability in Squirrelmail 1.4.6

SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors.

4.3
2006-07-18 CVE-2006-3624 FLV Cross-Site Scripting vulnerability in FLV Player 8

Multiple cross-site scripting (XSS) vulnerabilities in FLV Players 8 allow remote attackers to inject arbitrary web script or HTML via the url parameter to (1) player.php or (2) popup.php.

4.3
2006-07-18 CVE-2006-3616 Carbonize Cross-Site Scripting vulnerability in Lazarus Guestbook

Multiple cross-site scripting (XSS) vulnerabilities in Carbonize Lazarus Guestbook 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in codes-english.php and (2) the img parameter in picture.php, after the name of an existing file.

4.3
2006-07-18 CVE-2006-3609 Orbitcoders Cross-Site Scripting vulnerability in Orbitcoders Orbitmatrix 1.0

Cross-site scripting (XSS) vulnerability in index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to inject arbitrary web script or HTML via the page_name parameter with an IMG tag containing a javascript URI in the SRC attribute.

4.3
2006-07-18 CVE-2006-3607 Softbiz Cross-Site Scripting vulnerability in Softbiz Banner Exchange 1.0

Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner Exchange Script (aka Banner Exchange Network Script) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the city parameter in (a) insertmember.php, and (2) a PHPSESSID cookie in (b) lostpassword.php, (c) gen_confirm_mem.php, and (d) index.php.

4.3
2006-07-21 CVE-2006-3713 Oracle Multiple vulnerability in Oracle Application Server 10.1.3.0

Unspecified vulnerability in OC4J for Oracle Application Server 10.1.3.0 has unknown impact and attack vectors, aka Oracle Vuln# AS09.

4.0
2006-07-21 CVE-2006-3711 Oracle Multiple vulnerability in Oracle July 2006 Security Update

Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 9.0.4.1 has unknown impact and attack vectors, aka Oracle Vuln# AS06.

4.0
2006-07-21 CVE-2006-3469 Mysql
Oracle
USE of Externally-Controlled Format String vulnerability in multiple products

Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message.

4.0
2006-07-21 CVE-2006-0818 Deerfield
Icewarp
Merak
File Include vulnerability in VisNetic Mail Server

Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full Windows or UNC pathname in the lang_settings parameter to mail/index.html, which is not properly sanitized by the validatefolder PHP function, possibly due to an incomplete fix for CVE-2005-4558.

4.0
2006-07-18 CVE-2006-3593 Cisco Remote vulnerability in Cisco Unified CallManager

The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704.

4.0

16 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-07-21 CVE-2006-3707 Oracle Multiple vulnerability in Oracle July 2006 Security Update

Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 and 9.0.3.1 has unknown impact and attack vectors, aka Oracle Vuln# AS02.

3.6
2006-07-21 CVE-2006-3589 Vmware Information Disclosure vulnerability in VMware

vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.

3.6
2006-07-21 CVE-2006-3731 Mozilla Denial-Of-Service vulnerability in Firefox

Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attackers to cause a denial of service (crash) via a form with a multipart/form-data encoding and a user-uploaded file.

2.6
2006-07-21 CVE-2006-3729 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 6.0

DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office installed allows remote attackers to cause a denial of service (crash) via a large negative integer argument to the getDataMemberName method of a OWC11.DataSourceControl.11 object, which leads to an integer overflow and a null dereference.

2.6
2006-07-21 CVE-2006-3681 Awstats Unspecified vulnerability in Awstats

Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945.

2.6
2006-07-21 CVE-2006-3680 Photocycle Cross-Site Scripting vulnerability in Photocycle 1.0

Cross-site scripting (XSS) vulnerability in photocycle in Photocycle 1.0 allows remote attackers to inject arbitrary web script or HTML via the phpage parameter.

2.6
2006-07-18 CVE-2006-3672 KDE Denial Of Service vulnerability in KDE Konqueror ReplaceChild

KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument.

2.6
2006-07-18 CVE-2006-3661 Cutephp Cross-Site Scripting vulnerability in Cutephp Cutenews 1.4.5

Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews 1.4.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

2.6
2006-07-18 CVE-2006-3656 Microsoft Multiple Unspecified vulnerability in Microsoft Powerpoint 2003

Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed.

2.6
2006-07-18 CVE-2006-3654 Microsoft Remote vulnerability in Microsoft Works 8.0

Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted Excel files.

2.6
2006-07-18 CVE-2006-3653 Microsoft Remote vulnerability in Microsoft Works 8.0

wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted (1) Works, (2) Excel, and (3) Lotus 1-2-3 files.

2.6
2006-07-18 CVE-2006-3620 Dream4 Input Validation vulnerability in Dream4 Koobi PRO 5.6

Cross-site scripting (XSS) vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to inject arbitrary web script or HTML via the toid parameter.

2.6
2006-07-18 CVE-2006-3612 Phorum Cross-Site Scripting vulnerability in Phorum 5.1.14

Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

2.6
2006-07-21 CVE-2006-3725 Symantec Denial-Of-Service vulnerability in Symantec Norton Personal Firewall 20069.1.0.33

Norton Personal Firewall 2006 9.1.0.33 allows local users to cause a denial of service (crash) via certain RegSaveKey, RegRestoreKey and RegDeleteKey operations on the (1) HKLM\SYSTEM\CurrentControlSet\Services\SNDSrvc and (2) HKLM\SYSTEM\CurrentControlSet\Services\SymEvent registry keys.

2.1
2006-07-21 CVE-2006-3696 Agnitum Local Denial of Service vulnerability in Agnitum Outpost Firewall 3.5.631

filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 (462) allows local users to cause a denial of service (crash) via long arguments to mshta.exe.

2.1
2006-07-18 CVE-2006-3669 Mercury Messenger Information Disclosure vulnerability in Mercury Messenger Users Directory

Mercury Messenger, possibly 1.7.1.1 and other versions, when running on a multi-user Mac OS X platform, stores chat logs with world-readable permissions within the /Users directory, which allows local users to read the chat logs from other users.

2.1