Weekly Vulnerabilities Reports > July 24 to 30, 2006

Overview

132 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 40 high severity vulnerabilities. This weekly summary report vulnerabilities in 129 products from 80 vendors including Mozilla, SUN, Microsoft, Kailash Nadh, and Deluxebb. Vulnerabilities are notably categorized as "Code Injection", "Numeric Errors", "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Resource Management Errors".

  • 119 reported vulnerabilities are remotely exploitables.
  • 13 reported vulnerabilities have public exploit available.
  • 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 124 reported vulnerabilities are exploitable by an anonymous user.
  • Mozilla has the most reported vulnerabilities, with 14 reported vulnerabilities.
  • Rarlab has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

2 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-07-27 CVE-2006-3838 Eiqnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Eiqnetworks Enterprise Security Analyzer

Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and possibly other products, allow remote attackers to execute arbitrary code via long (1) DELTAINTERVAL, (2) LOGFOLDER, (3) DELETELOGS, (4) FWASERVER, (5) SYSLOGPUBLICIP, (6) GETFWAIMPORTLOG, (7) GETFWADELTA, (8) DELETERDEPDEVICE, (9) COMPRESSRAWLOGFILE, (10) GETSYSLOGFIREWALLS, (11) ADDPOLICY, and (12) EDITPOLICY commands to the Syslog daemon (syslogserver.exe); (13) GUIADDDEVICE, (14) ADDDEVICE, and (15) DELETEDEVICE commands to the Topology server (Topology.exe); the (15) LICMGR_ADDLICENSE command to the License Manager (EnterpriseSecurityAnalyzer.exe); the (16) TRACE and (17) QUERYMONITOR commands to the Monitoring agent (Monitoring.exe); and possibly other vectors related to the Syslog daemon (syslogserver.exe).

10.0
2006-07-25 CVE-2006-3845 Rarlab Buffer Overflow vulnerability in RARLAB WinRAR LHA Filename Handling

Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to execute arbitrary code via a long filename in a LHA archive.

9.3

40 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-07-24 CVE-2006-3781 SUN Denial of Service vulnerability in SUN Solaris 10.0

Unspecified vulnerability in Sun Solaris 10 allows context-dependent attackers to cause a denial of service (panic) via unspecified vectors involving the event port API.

7.8
2006-07-28 CVE-2006-3747 Apache
Ubuntu
Numeric Errors vulnerability in multiple products

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.

7.6
2006-07-28 CVE-2006-3922 Portailphp Remote File Include vulnerability in PortailPHP Inscription.PHP

PHP remote file inclusion vulnerability in mod_membre/inscription.php in PortailPHP 1.7 allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.

7.5
2006-07-28 CVE-2006-3919 SD Studio Input Validation vulnerability in SD Studio CMS

SQL injection vulnerability in index.php in SD Studio CMS allows remote attackers to execute arbitrary SQL commands via the (1) news_id, (2) tid, and (3) page_id parameters.

7.5
2006-07-28 CVE-2006-3917 R Corson Remote File Include vulnerability in PHP Forge Cfg_Racine

PHP remote file inclusion vulnerability in inc/gabarits.php in R.

7.5
2006-07-28 CVE-2006-3913 Freeciv Remote Denial of Service vulnerability in Freeciv 2.1.0Beta1

Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the generic_handle_player_attribute_chunk function in common/packets.c, and (3) a large packet->length value in the handle_unit_orders function in server/unithand.c.

7.5
2006-07-28 CVE-2006-3911 PHP Live Remote File Include vulnerability in PHP Live Css_Path

PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the css_path parameter in (1) help.php and (2) setup/header.php.

7.5
2006-07-27 CVE-2006-3908 Gillius Programming Unspecified vulnerability in Gillius Programming Game Networking Engine Cvs20060723

Format string vulnerability in the flush_output function in ConsoleStreambuf.cpp in Game Network Engine (GNE) 0.70 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute code via format string specifiers in unspecified vectors involving output to the gout console.

7.5
2006-07-27 CVE-2006-3905 Mywebland SQL-Injection vulnerability in Mywebland Mybloggie 2.1.3/2.1.3Beta

SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the (1) post_id parameter in index.php and (2) search function.

7.5
2006-07-27 CVE-2006-3811 Mozilla Products Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) "anonymous box selectors outside of UA stylesheets," (5) stale references to "removed nodes," and (6) running the crypto.generateCRMFRequest callback on deleted context.

7.5
2006-07-27 CVE-2006-3809 Mozilla Products Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context.

7.5
2006-07-27 CVE-2006-3808 Mozilla Products Remote vulnerability in Mozilla

Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig (PAC) servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object.

7.5
2006-07-27 CVE-2006-3805 Mozilla Products Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used.

7.5
2006-07-27 CVE-2006-3801 Mozilla Products Remote vulnerability in Mozilla

Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code.

7.5
2006-07-27 CVE-2006-3113 Mozilla Products Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption.

7.5
2006-07-27 CVE-2006-3807 Mozilla Products Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor.

7.5
2006-07-27 CVE-2006-3806 Mozilla Numeric Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments."

7.5
2006-07-27 CVE-2006-3677 Mozilla Configuration vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.

7.5
2006-07-27 CVE-2006-3901 Tumbleweed LHA Buffer Overflow vulnerability in Tumbleweed MailGate Email Firewall

Multiple stack-based buffer overflows in Tumbleweed Email Firewall (EMF) allow remote attackers to execute arbitrary code via an email attachment with an LHA archive that contains a (1) file or (2) directory with a long LHA extended header, (3) an LHA archive in which the "temporary pathname" field for decompressed output is greater than 2 bytes, or (4) an LHA archive with a long filename.

7.5
2006-07-27 CVE-2006-3886 Musicbox SQL Injection vulnerability in MusicBox Page Parameter

SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter in a viewgallery action in a request for the top-level URI.

7.5
2006-07-27 CVE-2006-3884 Gonafish Input Validation vulnerability in Gonafish Linkscaffe 3.0

Multiple SQL injection vulnerabilities in links.php in Gonafish LinksCaffe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) offset and (2) limit parameters, (3) newdays parameter in a new action, and the (4) link_id parameter in a deadlink action.

7.5
2006-07-27 CVE-2006-3819 Twiki Remote Command Execution vulnerability in TWiki Configure Script TYPEOF Parameter

Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF".

7.5
2006-07-25 CVE-2006-3851 X7 Group SQL Injection vulnerability in X7 Group X7 Chat 2.0/2.0.2/2.0.4

SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the old_prefix parameter.

7.5
2006-07-25 CVE-2006-3849 Pumpkin Studios Buffer Overflow vulnerability in Pumpkin Studios Warzone and Warzone Resurrection

Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection 2.0.3 and earlier allows remote attackers to execute arbitrary code via a (1) long message handled by the recvTextMessage function in multiplay.c or a (2) long filename handled by NETrecvFile function in netplay/netplay.c.

7.5
2006-07-25 CVE-2006-3843 Mambo Remote File Include vulnerability in Mambo Calendar 1.5.7

PHP remote file inclusion vulnerability in com_calendar.php in Calendar Mambo Module 1.5.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.

7.5
2006-07-25 CVE-2006-3832 Gerrit VAN Aaken SQL-Injection vulnerability in Loudblog

SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-07-25 CVE-2006-3816 Krusader Information Disclosure vulnerability in Krusader Bookmark Manager Password

Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file (krbookmarks.xml), which allows attackers to steal passwords by obtaining the file.

7.5
2006-07-24 CVE-2006-3799 Deluxebb Input Validation vulnerability in Deluxebb 1.05/1.06/1.07

DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION SELECT."

7.5
2006-07-24 CVE-2006-3797 Deluxebb Input Validation vulnerability in Deluxebb 1.05/1.06/1.07

SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote attackers to bypass authentication, spoof users, and modify settings via the (1) memberpw and (2) membercookie cookies.

7.5
2006-07-24 CVE-2006-3796 Deluxebb Remote Security vulnerability in DeluxeBB

DeluxeBB 1.07 and earlier does not properly handle a username composed of a single space character, which allows remote authenticated users to login as the "space" user, post as the guest user, and block the ability of an administrator to ban the "space" user.

7.5
2006-07-24 CVE-2006-3794 Amazing Flash Commerce Input Validation vulnerability in AFCommerce Shopping Cart

** DISPUTED ** SQL injection vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the search field.

7.5
2006-07-24 CVE-2006-3792 Ufo2000 SQL Injection vulnerability in UFO2000

SQL injection vulnerability in ServerClientUfo::recv_packet in server_protocol.cpp in UFO2000 svn 1057 allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving the packet.c_str function.

7.5
2006-07-24 CVE-2006-3789 Ufo2000 Remote vulnerability in UFO2000

Multiple array index errors in the (1) recv_rules, (2) recv_select_unit, (3) recv_options, and (4) recv_unit_data functions in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code and cause a denial of service (opponent crash) via certain packet data that specifies an out-of-bounds index.

7.5
2006-07-24 CVE-2006-3788 Ufo2000 Unspecified vulnerability in Ufo2000

Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code via (1) a long unit name in Net::recv_add_unit,; (2) large values to Net::recv_rules, Net::recv_select_unit, Net::recv_options, and Net::recv_unit_data; and (3) a large mapdata GEODATA structure in Net::recv_map_data.

7.5
2006-07-24 CVE-2006-3777 Idevspot Code Injection vulnerability in Idevspot PHPlinkexchange 1.0

PHP remote file inclusion vulnerability in index.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

7.5
2006-07-24 CVE-2006-3776 Idevspot Code Injection vulnerability in Idevspot Autohost and PHPhostbot

PHP remote file inclusion vulnerability in order/index.php in IDevSpot (1) PhpHostBot 1.0 and (2) AutoHost 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

7.5
2006-07-24 CVE-2006-3775 Mybulletinboard SQL Injection vulnerability in Mybulletinboard 1.1.5

SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php.

7.5
2006-07-24 CVE-2006-3771 Imaginex Resource File Include vulnerability in IManage Absolute_Path

Multiple PHP remote file inclusion vulnerabilities in component.php in iManage CMS 4.0.12 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) articles.php, (2) contact.php, (3) displaypage.php, (4) faq.php, (5) mainbody.php, (6) news.php, (7) registration.php, (8) whosOnline.php, (9) components/com_calendar.php, (10) components/com_forum.php, (11) components/minibb/index.php, (12) components/minibb/bb_admin.php, (13) components/minibb/bb_plugins.php, (14) modules/mod_calendar.php, (15) modules/mod_browser_prefs.php, (16) modules/mod_counter.php, (17) modules/mod_online.php, (18) modules/mod_stats.php, (19) modules/mod_weather.php, (20) themes/bizz.php, (21) themes/default.php, (22) themes/simple.php, (23) themes/original.php, (24) themes/portal.php, (25) themes/purple.php, and other unspecified files.

7.5
2006-07-24 CVE-2006-3770 Phpfaber SQL Injection vulnerability in PHPFaber TopSites

Multiple SQL injection vulnerabilities in index.php in phpFaber TopSites 2.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) i_cat or (2) method parameters.

7.5
2006-07-24 CVE-2006-3784 Symantec Local Security vulnerability in Symantec Pcanywhere 12.5

Symantec pcAnywhere 12.5 uses weak default permissions for the "Symantec\pcAnywhere\Hosts" folder, which allows local users to gain privileges by inserting a superuser .cif (aka caller or CallerID) file into the folder, and then using a pcAnywhere client to login as a local administrator.

7.2

75 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-07-27 CVE-2006-3909 Wired Community Software Cross-Site Scripting vulnerability in Wired Community Software Wwwthreads 5.4/Rc3

Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads allows remote attackers to inject arbitrary web script or HTML via the week parameter.

6.8
2006-07-27 CVE-2006-3904 Etomite SQL Injection vulnerability in Etomite 0.6

SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.

6.8
2006-07-27 CVE-2006-3810 Mozilla Products Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct.

6.8
2006-07-27 CVE-2006-3900 Tobias Kloy HTML Injection vulnerability in Tobias Kloy TP Book

Cross-site scripting (XSS) vulnerability in guestbook.php in TP-Book 1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter.

6.8
2006-07-25 CVE-2006-3846 Mambo Code Injection vulnerability in Mambo Multibanners 1.0.1

PHP remote file inclusion vulnerability in extadminmenus.class.php in the MultiBanners 1.0.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2006-07-24 CVE-2006-3774 Joomla Code Injection vulnerability in Joomla Performs Component

PHP remote file inclusion vulnerability in performs.php in the perForms component (com_performs) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2006-07-24 CVE-2006-3773 Mambo Code Injection vulnerability in Mambo Smf-Forum 1.3.1.3Bridgecomponent

PHP remote file inclusion vulnerability in smf.php in the SMF-Forum 1.3.1.3 Bridge Component (com_smf) For Joomla! and Mambo 4.5.3+ allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2006-07-27 CVE-2006-3633 Ossp Improper Input Validation vulnerability in Ossp Shiela

OSSP shiela 1.1.5 and earlier allows remote authenticated users to execute arbitrary commands on the CVS server via shell metacharacters in a filename that is committed.

6.5
2006-07-25 CVE-2006-3844 Pablo Software Solutions Buffer Overflow vulnerability in Pablo Software Solutions Quick N Easy FTP Server 3.0.2

Buffer overflow in Quick 'n Easy FTP Server 3.0 allows remote authenticated users to execute arbitrary commands via a long argument to the LIST command, a different issue than CVE-2006-2027.

6.5
2006-07-25 CVE-2006-3828 Kailash Nadh SQL-Injection vulnerability in Boastmachine

Incomplete blacklist vulnerability in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to bypass SQL injection protection mechanisms by using commas, quote characters, pound sign (#) characters, "UNION," and "SELECT," which are not filtered by the product, which only checks for "insert," "delete," "update," and "replace."

6.5
2006-07-25 CVE-2006-3827 Kailash Nadh SQL-Injection vulnerability in Boastmachine

SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the blog parameter.

6.5
2006-07-24 CVE-2006-3779 Citrix Privilege Escalation vulnerability in Citrix products

Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges.

6.5
2006-07-28 CVE-2006-3925 Interactual Technologies Remote Buffer Overflow vulnerability in InterActual Player ITIRecorder.MicRecorder ActiveX Control

Stack-based buffer overflow in ITIRecorder.MicRecorder ActiveX control in iarecord.dll in InterActual Player before 2.6 allows remote attackers to execute arbitrary code via a long argument to the Files method.

6.4
2006-07-28 CVE-2006-3768 Intervations Buffer Overflow vulnerability in Intervations Filecopa 1.01

Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before 2006-07-21 allow remote authenticated users to execute arbitrary code via a long argument to the (1) CWD, (2) DELE, (3) MDTM, and (4) MKD commands, which triggers a stack-based buffer overflow.

6.4
2006-07-28 CVE-2006-3914 Blackboard HTML Injection vulnerability in Blackboard Academic Suite 6.2.3.23

Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook.

6.0
2006-07-27 CVE-2006-3903 Mywebland Cross-Site Scripting vulnerability in Mywebland Mybloggie 2.1.3/2.1.3Beta

CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie.

5.8
2006-07-27 CVE-2006-3802 Mozilla Products Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting (XSS) attacks using DOM methods of the top-level object.

5.8
2006-07-28 CVE-2006-3350 Cimmetry Systems Remote Buffer Overflow vulnerability in Cimmetry Systems Autovue Solidmodel Professional Desktopedition19.1Build5993

Stack-based buffer overflow in AutoVue SolidModel Professional Desktop Edition 19.1 Build 5993 allows user-assisted remote attackers to execute arbitrary code via a long filename in a (1) ARJ, (2) RAR, or (3) ZIP archive.

5.1
2006-07-27 CVE-2006-3803 Mozilla Products Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object.

5.1
2006-07-25 CVE-2006-3850 Lussumo Remote File Include vulnerability in Retired: Lussumo Vanilla RootDirectory

** DISPUTED ** PHP remote file inclusion vulnerability in upgrader.php in Vanilla CMS 1.0.1 and earlier, when /conf/old_settings.php exists, allows remote attackers to execute arbitrary PHP code via a URL in the RootDirectory parameter.

5.1
2006-07-25 CVE-2006-3847 Canebluem Code Injection vulnerability in Canebluem Mospray 1.8Rc1

PHP remote file inclusion vulnerability in (1) admin.php, and possibly (2) details.php, (3) modify.php, (4) newgroup.php, (5) newtask.php, and (6) rss.php, in MoSpray (aka com_mospray) 1.8 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the basedir parameter.

5.1
2006-07-25 CVE-2006-3119 FBI Unspecified vulnerability in FBI

The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a typo that prevents a filter from working correctly, which allows user-assisted attackers to bypass the filter and execute malicious Postscript commands.

5.1
2006-07-25 CVE-2006-3823 Geodesicsolutions SQL Injection vulnerability in Geodesicsolutions Geoauctions Premier and Geoclassifieds Basic

SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b parameter.

5.1
2006-07-25 CVE-2006-3822 Geodesicsolutions SQL Injection vulnerability in Geodesicsolutions Geoauctions Enterprise 1.0.6

SQL injection vulnerability in index.php in GeodesicSolutions GeoAuctions Enterprise 1.0.6 allows remote attackers to execute arbitrary SQL commands via the d parameter.

5.1
2006-07-25 CVE-2006-3814 Cheese Tracker Buffer Overflow vulnerability in Cheese Tracker XM Loader

Buffer overflow in the Loader_XM::load_instrument_internal function in loader_xm.cpp for Cheese Tracker 0.9.9 and earlier allows user-assisted attackers to execute arbitrary code via a crafted file with a large amount of extra data.

5.1
2006-07-24 CVE-2006-3793 Sitedepth Remote File Include vulnerability in SiteDepth CMS Constants.PHP

PHP remote file inclusion vulnerability in constants.php in SiteDepth CMS 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SD_DIR parameter.

5.1
2006-07-24 CVE-2006-3772 PHP Post Remote Authentication Bypass vulnerability in PHP-Post 0.21/1.0

PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login is enabled, allows remote attackers to bypass security restrictions and obtain administrative privileges by modifying the logincookie[user] setting in the login cookie.

5.1
2006-07-24 CVE-2006-3676 Planet Concept Unspecified vulnerability in Planet Concept Planetgallery

admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote attackers to execute arbitrary PHP code by uploading files with a double extension and directly accessing the file in the images directory, which bypasses a regular expression check for safe file types.

5.1
2006-07-29 CVE-2006-1178 Tamarack Consulting Denial Of Service vulnerability in Tamarack Consulting Tamarack Mmsd 7.991

Tamarack MMSd before 7.992 allows remote attackers to cause a denial of service (crash) via malformed RFC1006 (OSI over TCP/IP) packets.

5.0
2006-07-28 CVE-2006-3920 SUN Denial-Of-Service vulnerability in Solaris

The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm.

5.0
2006-07-28 CVE-2006-3746 Gnupg Remote Buffer Overflow vulnerability in Gnupg 1.4.4

Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message.

5.0
2006-07-28 CVE-2006-3915 Microsoft Denial Of Service vulnerability in Microsoft IE 6.0

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by iterating over any native function, as demonstrated with the window.alert function, which triggers a null dereference.

5.0
2006-07-28 CVE-2006-3910 Microsoft Denial Of Service vulnerability in Microsoft IE 6.0

Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference.

5.0
2006-07-27 CVE-2006-3907 Siemens Denial of Service vulnerability in Siemens Speedstream Wireless Router 2624

Siemens SpeedStream 2624 allows remote attackers to cause a denial of service (device hang) by sending a crafted packet to the web administrative interface.

5.0
2006-07-27 CVE-2006-3906 Cisco Denial of Service vulnerability in Cisco Internet Key Exchange

Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate.

5.0
2006-07-27 CVE-2006-3804 Mozilla Products Remote vulnerability in Mozilla Seamonkey and Thunderbird

Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) via a VCard attachment with a malformed base64 field, which copies more data than expected due to an integer underflow.

5.0
2006-07-27 CVE-2006-3899 Microsoft Denial Of Service vulnerability in Microsoft IE 6.0

Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function.

5.0
2006-07-27 CVE-2006-3898 Microsoft Denial Of Service vulnerability in Microsoft IE 6.0

Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference.

5.0
2006-07-27 CVE-2006-3897 Microsoft Stack Overflow vulnerability in Microsoft IE 6.0

Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.

5.0
2006-07-27 CVE-2006-3840 ISS Resource Management Errors vulnerability in ISS products

The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, and RealSecure 7.0, allows remote attackers to cause a denial of service (infinite loop) via a crafted SMB packet that is not properly handled by the SMB_Mailslot_Heap_Overflow decode.

5.0
2006-07-27 CVE-2006-3885 Checkpoint Directory Traversal vulnerability in Checkpoint Firewall-1 R55W

Directory traversal vulnerability in Check Point Firewall-1 R55W before HFA03 allows remote attackers to read arbitrary files via an encoded ..

5.0
2006-07-27 CVE-2006-3882 Musicbox Remote Security vulnerability in Musicbox 2.3.4

Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.

5.0
2006-07-27 CVE-2006-3880 Microsoft Remote Denial of Service vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool.

5.0
2006-07-27 CVE-2006-3879 Miod Vallat Numeric Errors vulnerability in Miod Vallat Mikmod

Integer overflow in the loadChunk function in loaders/load_gt2.c in libmikmod in Mikmod Sound System 3.2.2 allows remote attackers to cause a denial of service via a GRAOUMF TRACKER (GT2) module file with a large (0xffffffff) comment length value in an XCOM chunk.

5.0
2006-07-26 CVE-2006-3678 3Com 7PK - Security Features vulnerability in 3Com Tippingpoint IPS TOS

TippingPoint IPS running the TippingPoint Operating System (TOS) before 2.2.4.6519 allows remote attackers to "force the device into layer 2 fallback (L2FB)", causing a denial of service (page fault), via a malformed packet.

5.0
2006-07-25 CVE-2006-3837 Professional Home Page Tools Remote Security vulnerability in Professional Home Page Tools Guestbook

delcookie.php in Professional Home Page Tools Guestbook changes the expiration date of a cookie instead of deleting the cookie's value, which makes it easier for attackers to steal the cookie and obtain the administrator's password hash after logout.

5.0
2006-07-25 CVE-2006-3836 Unidomedia Directory Traversal vulnerability in Chameleon LE

Directory traversal vulnerability in index.php in UNIDOmedia Chameleon LE 1.203 and earlier, and possibly Chameleon PRO, allows remote attackers to read arbitrary files via the rmid parameter.

5.0
2006-07-25 CVE-2006-3835 Apache Information Disclosure vulnerability in Apache Tomcat

Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.

5.0
2006-07-25 CVE-2006-3834 EJ3 Unspecified vulnerability in EJ3 Topo 2.2.178

EJ3 TOPo 2.2.178 includes the password in cleartext in the ID field to index.php, which allows context-dependent attackers to obtain entry passwords via log files, referrers, or other vectors.

5.0
2006-07-25 CVE-2006-3833 EJ3 Remote Security vulnerability in EJ3 Topo 2.2.178

index.php in EJ3 TOPo 2.2.178 allows remote attackers to overwrite existing entries and establish new passwords for the overwritten entries via a URL with a modified entry ID.

5.0
2006-07-25 CVE-2006-3831 Kailash Nadh Information Disclosure vulnerability in Boastmachine

The Backup selection in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier uses predicable filenames for database backups and stores the files under the web root with insufficient access control, which allows remote attackers to obtain sensitive information by downloading a backup file.

5.0
2006-07-25 CVE-2006-3829 Kailash Nadh Cross-Site Request Forgery vulnerability in Boastmachine

Cross-site request forgery (CSRF) vulnerability in bmc/admin.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote attackers to perform unauthorized actions as an administrator and delete arbitrary user accounts via a delete_user action.

5.0
2006-07-24 CVE-2006-3798 Deluxebb Remote Security vulnerability in Deluxebb 1.05/1.06/1.07

DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) _GET, (2) _POST, (3) _ENV, and (4) _SERVER variables via the _COOKIE (aka COOKIE) variable, which can overwrite the other variables during an extract function call, probably leading to multiple security vulnerabilities, aka "pollution of the global namespace."

5.0
2006-07-24 CVE-2006-3791 Ufo2000 Remote vulnerability in UFO2000

The decode_stringmap function in server_transport.cpp for UFO2000 svn 1057 allows remote attackers to cause a denial of service (daemon termination) via a large keysize or valsize, which causes a crash when the resize function cannot allocate sufficient memory.

5.0
2006-07-24 CVE-2006-3790 Ufo2000 Remote vulnerability in UFO2000

The decode_stringmap function in server_transport.cpp for UFO2000 svn 1057 allows remote attackers to cause a denial of service (daemon termination) via a keysize or valsize that is inconsistent with the packet size, which leads to a buffer over-read.

5.0
2006-07-24 CVE-2006-3780 Keyifweb Information Disclosure vulnerability in Keyifweb Keyif Portal 2.0

Keyifweb Keyif Portal 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) ANKET/anket.mdb, (2) HABER/keyifweb.mdb, (3) ASP/download.mdb, or (4) SAYAC/aktif.mdb in the database/A9S7G6ASD790 directory.

5.0
2006-07-24 CVE-2006-3778 IBM Unspecified vulnerability in IBM Lotus Notes 6.0/6.5/7.0

IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients.

5.0
2006-07-25 CVE-2006-3824 SUN Local Information Disclosure vulnerability in SUN Solaris 10.0

systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function.

4.9
2006-07-24 CVE-2006-3783 SUN Denial of Service vulnerability in SUN Solaris 10.0

Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors involving (1) the /net mount point and (2) the "-hosts" map in a mount point.

4.9
2006-07-24 CVE-2006-3782 SUN Local Denial of Service vulnerability in SUN Solaris 10.0

Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris 10, when running on x86, allows local users to cause a denial of service (system hang) via unspecified vectors.

4.9
2006-07-27 CVE-2006-2933 KDE
Redhat
kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop.
4.6
2006-07-28 CVE-2006-3924 Dokeos Cross-Site Scripting vulnerability in Dokeos

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2006-07-28 CVE-2006-3918 Apache
IBM
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
4.3
2006-07-28 CVE-2006-3916 Solucija Cross-Site Scripting vulnerability in Solucija Snews 1.4

Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka Solucija News) 1.4 allows remote attackers to inject arbitrary web script or HTML via the search_query parameter.

4.3
2006-07-27 CVE-2006-3902 Phpfaber Cross-Site Scripting vulnerability in PHPfaber Topsites 2.0.9

Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites 2.0.9 allows remote attackers to inject arbitrary web script or HTML via the i_cat parameter.

4.3
2006-07-27 CVE-2006-3883 Gonafish Input Validation vulnerability in Gonafish Linkscaffe 3.0

Multiple cross-site scripting (XSS) vulnerabilities in Gonafish LinksCaffe 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the tablewidth parameter in (a) counter.php; (2) the newdays parameter in (b) links.php; and the (3) tableborder, (4) menucolor, (5) textcolor, and (6) bodycolor parameters in (c) menu.inc.php.

4.3
2006-07-27 CVE-2006-3881 Musicbox Cross-Site Scripting vulnerability in Musicbox 2.3.4

Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter in a request for the top-level URI.

4.3
2006-07-25 CVE-2006-3852 Phptoys HTML Injection vulnerability in Micro Guestbook

Cross-site scripting (XSS) vulnerability in index.php in Micro GuestBook allows remote attackers to execute arbitrary SQL commands via the (1) name or (2) comment ("text") fields.

4.3
2006-07-25 CVE-2006-3842 Adventnet HTML Injection vulnerability in Adventnet Zoho Virtual Office 3.2Build3210

Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 Build 3210 allows remote attackers to execute arbitrary web script or HTML via an HTML message.

4.3
2006-07-25 CVE-2006-3826 Kailash Nadh Cross-Site Scripting vulnerability in Boastmachine

Multiple cross-site scripting (XSS) vulnerabilities in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user_login, (2) full_name, and (3) URL parameters in register.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via the (4) cat_list and (5) key parameters in a certain portion of the admin interface.

4.3
2006-07-25 CVE-2006-3821 Adaptive Technology Resource Centre Cross-Site Scripting vulnerability in Atutor

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day parameter in (b) registration.php.

4.3
2006-07-25 CVE-2006-3820 Gerrit VAN Aaken Cross-Site Scripting vulnerability in Gerrit Van Aaken Loudblog

Cross-site scripting (XSS) vulnerability in loudblog/index.php in Loudblog before 0.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3
2006-07-24 CVE-2006-3800 Amazing Flash Commerce Input Validation vulnerability in Amazing Flash Commerce Afcommerce Shopping Cart 1.1.4

Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the "new review" text box.

4.3
2006-07-28 CVE-2006-3921 SUN Information Disclosure vulnerability in SUN products

Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI.

4.0
2006-07-25 CVE-2006-3830 Kailash Nadh Remote Security vulnerability in Boastmachine

The Languages selection in the admin interface in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory.

4.0

15 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-07-24 CVE-2006-3786 Symantec Local Security vulnerability in Symantec Pcanywhere 12.5

Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka caller or CallerID) files, which allows local users to generate a custom .cif file and modify the superuser flag.

3.6
2006-07-29 CVE-2006-3812 Mozilla Products Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links.

2.6
2006-07-28 CVE-2006-3923 Fire Mouse HTML Injection vulnerability in Fire-Mouse TopList

Cross-site scripting (XSS) vulnerability in add.php in Fire-Mouse Toplist 1.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the Seitenname parameter.

2.6
2006-07-25 CVE-2006-3848 Krischan Jodies Cross-Site Scripting vulnerability in Krischan Jodies IP Calculator 0.40

Cross-site scripting (XSS) vulnerability in CGI wrapper for IP Calculator (IPCalc) 0.40 allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI environment variable), which is used in the actionurl variable.

2.6
2006-07-25 CVE-2006-3841 Owasp Cross-Site Scripting vulnerability in Owasp Webscarab 20060621

Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.

2.6
2006-07-25 CVE-2006-3619 Fastjar Directory Traversal vulnerability in Fastjar 0.93

Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences.

2.6
2006-07-24 CVE-2006-3795 Deluxebb Input Validation vulnerability in DeluxeBB

Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before 1.08 allow remote attackers to inject arbitrary web script or HTML via the (1) membercookie cookie in header.php and the (2) redirect parameter in misc.php.

2.6
2006-07-24 CVE-2006-3769 TOP XL Cross-Site Scripting vulnerability in TOP XL TOP XL 1.0

Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pass and (2) pass2 parameters in (a) add.php or the (3) id parameter in (b) members/index.php.

2.6
2006-07-28 CVE-2006-3675 Counterpane Local Insecure Idle Timeout Lock vulnerability in Counterpane Passwordsafe 2.11/2.16/3.0Beta1

Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the configuration settings for locking the password database when certain dialogue windows are open, which might allow attackers with physical access to obtain the database contents.

2.1
2006-07-28 CVE-2006-3912 Rarlab Buffer Errors vulnerability in Rarlab Winrar 3.60Beta8

Stack-based buffer overflow in the SFX module in WinRAR before 3.60 beta 8 has unspecified vectors and impact.

2.1
2006-07-27 CVE-2006-3878 Opsware Information Disclosure vulnerability in Opsware Network Automation System 6.0

Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql with insecure permissions, which allows local users to read the root password for the MySQL MAX database or gain privileges by modifying /etc/init.d/mysql.

2.1
2006-07-25 CVE-2006-3825 SUN Unspecified vulnerability in SUN Solaris 10.0

The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication.

2.1
2006-07-25 CVE-2006-3815 Linux HA Permissions, Privileges, and Access Controls vulnerability in Linux-Ha Heartbeat 0.4.9/1.2.4/2.0.5

heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup.

2.1
2006-07-24 CVE-2006-3787 Kerio Denial of Service vulnerability in Sunbelt Kerio Personal Firewall CreateRemoteThread

kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function, which allows local users to cause a denial of service (crash) and bypass protection mechanisms by calling CreateRemoteThread.

2.1
2006-07-24 CVE-2006-3785 Symantec Local Security vulnerability in Symantec Pcanywhere 12.5

Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin.

2.1