Weekly Vulnerabilities Reports > July 24 to 30, 2006
Overview
123 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 38 high severity vulnerabilities. This weekly summary report vulnerabilities in 99 products from 74 vendors including Mozilla, SUN, Kailash Nadh, Microsoft, and Deluxebb. Vulnerabilities are notably categorized as "Code Injection", "SQL Injection", "Numeric Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Resource Management Errors".
- 110 reported vulnerabilities are remotely exploitables.
- 13 reported vulnerabilities have public exploit available.
- 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 115 reported vulnerabilities are exploitable by an anonymous user.
- Mozilla has the most reported vulnerabilities, with 14 reported vulnerabilities.
- Rarlab has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-07-27 | CVE-2006-3838 | Eiqnetworks | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Eiqnetworks Enterprise Security Analyzer Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and possibly other products, allow remote attackers to execute arbitrary code via long (1) DELTAINTERVAL, (2) LOGFOLDER, (3) DELETELOGS, (4) FWASERVER, (5) SYSLOGPUBLICIP, (6) GETFWAIMPORTLOG, (7) GETFWADELTA, (8) DELETERDEPDEVICE, (9) COMPRESSRAWLOGFILE, (10) GETSYSLOGFIREWALLS, (11) ADDPOLICY, and (12) EDITPOLICY commands to the Syslog daemon (syslogserver.exe); (13) GUIADDDEVICE, (14) ADDDEVICE, and (15) DELETEDEVICE commands to the Topology server (Topology.exe); the (15) LICMGR_ADDLICENSE command to the License Manager (EnterpriseSecurityAnalyzer.exe); the (16) TRACE and (17) QUERYMONITOR commands to the Monitoring agent (Monitoring.exe); and possibly other vectors related to the Syslog daemon (syslogserver.exe). | 10.0 |
2006-07-25 | CVE-2006-3845 | Rarlab | Buffer Overflow vulnerability in RARLAB WinRAR LHA Filename Handling Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to execute arbitrary code via a long filename in a LHA archive. | 9.3 |
38 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-07-24 | CVE-2006-3781 | SUN | Denial of Service vulnerability in SUN Solaris 10.0 Unspecified vulnerability in Sun Solaris 10 allows context-dependent attackers to cause a denial of service (panic) via unspecified vectors involving the event port API. | 7.8 |
2006-07-28 | CVE-2006-3922 | Portailphp | Remote File Include vulnerability in PortailPHP Inscription.PHP PHP remote file inclusion vulnerability in mod_membre/inscription.php in PortailPHP 1.7 allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. | 7.5 |
2006-07-28 | CVE-2006-3919 | SD Studio | Input Validation vulnerability in SD Studio CMS SQL injection vulnerability in index.php in SD Studio CMS allows remote attackers to execute arbitrary SQL commands via the (1) news_id, (2) tid, and (3) page_id parameters. | 7.5 |
2006-07-28 | CVE-2006-3917 | R Corson | Remote File Include vulnerability in PHP Forge Cfg_Racine PHP remote file inclusion vulnerability in inc/gabarits.php in R. | 7.5 |
2006-07-28 | CVE-2006-3913 | Freeciv | Remote Denial of Service vulnerability in Freeciv 2.1.0Beta1 Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the generic_handle_player_attribute_chunk function in common/packets.c, and (3) a large packet->length value in the handle_unit_orders function in server/unithand.c. | 7.5 |
2006-07-28 | CVE-2006-3911 | PHP Live | Remote File Include vulnerability in PHP Live Css_Path PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the css_path parameter in (1) help.php and (2) setup/header.php. | 7.5 |
2006-07-27 | CVE-2006-3908 | Gillius Programming | Unspecified vulnerability in Gillius Programming Game Networking Engine Cvs20060723 Format string vulnerability in the flush_output function in ConsoleStreambuf.cpp in Game Network Engine (GNE) 0.70 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute code via format string specifiers in unspecified vectors involving output to the gout console. | 7.5 |
2006-07-27 | CVE-2006-3905 | Mywebland | SQL-Injection vulnerability in Mywebland Mybloggie 2.1.3/2.1.3Beta SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the (1) post_id parameter in index.php and (2) search function. | 7.5 |
2006-07-27 | CVE-2006-3811 | Mozilla | Products Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) "anonymous box selectors outside of UA stylesheets," (5) stale references to "removed nodes," and (6) running the crypto.generateCRMFRequest callback on deleted context. | 7.5 |
2006-07-27 | CVE-2006-3809 | Mozilla | Products Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context. | 7.5 |
2006-07-27 | CVE-2006-3808 | Mozilla | Products Remote vulnerability in Mozilla Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig (PAC) servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object. | 7.5 |
2006-07-27 | CVE-2006-3805 | Mozilla | Products Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. | 7.5 |
2006-07-27 | CVE-2006-3801 | Mozilla | Products Remote vulnerability in Mozilla Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code. | 7.5 |
2006-07-27 | CVE-2006-3113 | Mozilla | Products Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption. | 7.5 |
2006-07-27 | CVE-2006-3807 | Mozilla | Products Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor. | 7.5 |
2006-07-27 | CVE-2006-3806 | Mozilla | Numeric Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments." | 7.5 |
2006-07-27 | CVE-2006-3677 | Mozilla | Configuration vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution. | 7.5 |
2006-07-27 | CVE-2006-3901 | Tumbleweed | LHA Buffer Overflow vulnerability in Tumbleweed MailGate Email Firewall Multiple stack-based buffer overflows in Tumbleweed Email Firewall (EMF) allow remote attackers to execute arbitrary code via an email attachment with an LHA archive that contains a (1) file or (2) directory with a long LHA extended header, (3) an LHA archive in which the "temporary pathname" field for decompressed output is greater than 2 bytes, or (4) an LHA archive with a long filename. | 7.5 |
2006-07-27 | CVE-2006-3886 | Musicbox | SQL Injection vulnerability in MusicBox Page Parameter SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter in a viewgallery action in a request for the top-level URI. | 7.5 |
2006-07-27 | CVE-2006-3884 | Gonafish | Input Validation vulnerability in Gonafish Linkscaffe 3.0 Multiple SQL injection vulnerabilities in links.php in Gonafish LinksCaffe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) offset and (2) limit parameters, (3) newdays parameter in a new action, and the (4) link_id parameter in a deadlink action. | 7.5 |
2006-07-27 | CVE-2006-3819 | Twiki | Remote Command Execution vulnerability in TWiki Configure Script TYPEOF Parameter Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF". | 7.5 |
2006-07-25 | CVE-2006-3851 | X7 Group | SQL Injection vulnerability in X7 Group X7 Chat 2.0/2.0.2/2.0.4 SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the old_prefix parameter. | 7.5 |
2006-07-25 | CVE-2006-3849 | Pumpkin Studios | Buffer Overflow vulnerability in Pumpkin Studios Warzone and Warzone Resurrection Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection 2.0.3 and earlier allows remote attackers to execute arbitrary code via a (1) long message handled by the recvTextMessage function in multiplay.c or a (2) long filename handled by NETrecvFile function in netplay/netplay.c. | 7.5 |
2006-07-25 | CVE-2006-3843 | Mambo | Remote File Include vulnerability in Mambo Calendar 1.5.7 PHP remote file inclusion vulnerability in com_calendar.php in Calendar Mambo Module 1.5.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter. | 7.5 |
2006-07-25 | CVE-2006-3832 | Gerrit VAN Aaken | SQL-Injection vulnerability in Loudblog SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2006-07-25 | CVE-2006-3816 | Krusader | Information Disclosure vulnerability in Krusader Bookmark Manager Password Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file (krbookmarks.xml), which allows attackers to steal passwords by obtaining the file. | 7.5 |
2006-07-24 | CVE-2006-3799 | Deluxebb | Input Validation vulnerability in Deluxebb 1.05/1.06/1.07 DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION SELECT." | 7.5 |
2006-07-24 | CVE-2006-3797 | Deluxebb | Input Validation vulnerability in Deluxebb 1.05/1.06/1.07 SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote attackers to bypass authentication, spoof users, and modify settings via the (1) memberpw and (2) membercookie cookies. | 7.5 |
2006-07-24 | CVE-2006-3796 | Deluxebb | Remote Security vulnerability in DeluxeBB DeluxeBB 1.07 and earlier does not properly handle a username composed of a single space character, which allows remote authenticated users to login as the "space" user, post as the guest user, and block the ability of an administrator to ban the "space" user. | 7.5 |
2006-07-24 | CVE-2006-3792 | Ufo2000 | SQL Injection vulnerability in UFO2000 SQL injection vulnerability in ServerClientUfo::recv_packet in server_protocol.cpp in UFO2000 svn 1057 allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving the packet.c_str function. | 7.5 |
2006-07-24 | CVE-2006-3789 | Ufo2000 | Remote vulnerability in UFO2000 Multiple array index errors in the (1) recv_rules, (2) recv_select_unit, (3) recv_options, and (4) recv_unit_data functions in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code and cause a denial of service (opponent crash) via certain packet data that specifies an out-of-bounds index. | 7.5 |
2006-07-24 | CVE-2006-3788 | Ufo2000 | Unspecified vulnerability in Ufo2000 Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code via (1) a long unit name in Net::recv_add_unit,; (2) large values to Net::recv_rules, Net::recv_select_unit, Net::recv_options, and Net::recv_unit_data; and (3) a large mapdata GEODATA structure in Net::recv_map_data. | 7.5 |
2006-07-24 | CVE-2006-3777 | Idevspot | Code Injection vulnerability in Idevspot PHPlinkexchange 1.0 PHP remote file inclusion vulnerability in index.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | 7.5 |
2006-07-24 | CVE-2006-3776 | Idevspot | Code Injection vulnerability in Idevspot Autohost and PHPhostbot PHP remote file inclusion vulnerability in order/index.php in IDevSpot (1) PhpHostBot 1.0 and (2) AutoHost 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | 7.5 |
2006-07-24 | CVE-2006-3775 | Mybulletinboard | SQL Injection vulnerability in Mybulletinboard 1.1.5 SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php. | 7.5 |
2006-07-24 | CVE-2006-3771 | Imaginex Resource | File Include vulnerability in IManage Absolute_Path Multiple PHP remote file inclusion vulnerabilities in component.php in iManage CMS 4.0.12 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) articles.php, (2) contact.php, (3) displaypage.php, (4) faq.php, (5) mainbody.php, (6) news.php, (7) registration.php, (8) whosOnline.php, (9) components/com_calendar.php, (10) components/com_forum.php, (11) components/minibb/index.php, (12) components/minibb/bb_admin.php, (13) components/minibb/bb_plugins.php, (14) modules/mod_calendar.php, (15) modules/mod_browser_prefs.php, (16) modules/mod_counter.php, (17) modules/mod_online.php, (18) modules/mod_stats.php, (19) modules/mod_weather.php, (20) themes/bizz.php, (21) themes/default.php, (22) themes/simple.php, (23) themes/original.php, (24) themes/portal.php, (25) themes/purple.php, and other unspecified files. | 7.5 |
2006-07-24 | CVE-2006-3770 | Phpfaber | SQL Injection vulnerability in PHPFaber TopSites Multiple SQL injection vulnerabilities in index.php in phpFaber TopSites 2.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) i_cat or (2) method parameters. | 7.5 |
2006-07-24 | CVE-2006-3784 | Symantec | Local Security vulnerability in Symantec Pcanywhere 12.5 Symantec pcAnywhere 12.5 uses weak default permissions for the "Symantec\pcAnywhere\Hosts" folder, which allows local users to gain privileges by inserting a superuser .cif (aka caller or CallerID) file into the folder, and then using a pcAnywhere client to login as a local administrator. | 7.2 |
68 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-07-27 | CVE-2006-3909 | Wired Community Software | Cross-Site Scripting vulnerability in Wired Community Software Wwwthreads 5.4/Rc3 Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads allows remote attackers to inject arbitrary web script or HTML via the week parameter. | 6.8 |
2006-07-27 | CVE-2006-3904 | Etomite | SQL Injection vulnerability in Etomite 0.6 SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | 6.8 |
2006-07-27 | CVE-2006-3810 | Mozilla | Products Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct. | 6.8 |
2006-07-27 | CVE-2006-3900 | Tobias Kloy | HTML Injection vulnerability in Tobias Kloy TP Book Cross-site scripting (XSS) vulnerability in guestbook.php in TP-Book 1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter. | 6.8 |
2006-07-25 | CVE-2006-3846 | Mambo | Code Injection vulnerability in Mambo Multibanners 1.0.1 PHP remote file inclusion vulnerability in extadminmenus.class.php in the MultiBanners 1.0.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
2006-07-24 | CVE-2006-3774 | Joomla | Code Injection vulnerability in Joomla Performs Component PHP remote file inclusion vulnerability in performs.php in the perForms component (com_performs) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
2006-07-24 | CVE-2006-3773 | Mambo | Code Injection vulnerability in Mambo Smf-Forum 1.3.1.3Bridgecomponent PHP remote file inclusion vulnerability in smf.php in the SMF-Forum 1.3.1.3 Bridge Component (com_smf) For Joomla! and Mambo 4.5.3+ allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
2006-07-27 | CVE-2006-3633 | Ossp | Improper Input Validation vulnerability in Ossp Shiela OSSP shiela 1.1.5 and earlier allows remote authenticated users to execute arbitrary commands on the CVS server via shell metacharacters in a filename that is committed. | 6.5 |
2006-07-25 | CVE-2006-3844 | Pablo Software Solutions | Buffer Overflow vulnerability in Pablo Software Solutions Quick N Easy FTP Server 3.0.2 Buffer overflow in Quick 'n Easy FTP Server 3.0 allows remote authenticated users to execute arbitrary commands via a long argument to the LIST command, a different issue than CVE-2006-2027. | 6.5 |
2006-07-25 | CVE-2006-3828 | Kailash Nadh | SQL-Injection vulnerability in Boastmachine Incomplete blacklist vulnerability in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to bypass SQL injection protection mechanisms by using commas, quote characters, pound sign (#) characters, "UNION," and "SELECT," which are not filtered by the product, which only checks for "insert," "delete," "update," and "replace." | 6.5 |
2006-07-25 | CVE-2006-3827 | Kailash Nadh | SQL-Injection vulnerability in Boastmachine SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the blog parameter. | 6.5 |
2006-07-24 | CVE-2006-3779 | Citrix | Privilege Escalation vulnerability in Citrix products Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges. | 6.5 |
2006-07-28 | CVE-2006-3925 | Interactual Technologies | Remote Buffer Overflow vulnerability in InterActual Player ITIRecorder.MicRecorder ActiveX Control Stack-based buffer overflow in ITIRecorder.MicRecorder ActiveX control in iarecord.dll in InterActual Player before 2.6 allows remote attackers to execute arbitrary code via a long argument to the Files method. | 6.4 |
2006-07-28 | CVE-2006-3768 | Intervations | Buffer Overflow vulnerability in Intervations Filecopa 1.01 Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before 2006-07-21 allow remote authenticated users to execute arbitrary code via a long argument to the (1) CWD, (2) DELE, (3) MDTM, and (4) MKD commands, which triggers a stack-based buffer overflow. | 6.4 |
2006-07-28 | CVE-2006-3914 | Blackboard | HTML Injection vulnerability in Blackboard Academic Suite 6.2.3.23 Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook. | 6.0 |
2006-07-27 | CVE-2006-3903 | Mywebland | Cross-Site Scripting vulnerability in Mywebland Mybloggie 2.1.3/2.1.3Beta CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie. | 5.8 |
2006-07-27 | CVE-2006-3802 | Mozilla | Products Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting (XSS) attacks using DOM methods of the top-level object. | 5.8 |
2006-07-28 | CVE-2006-3350 | Cimmetry Systems | Remote Buffer Overflow vulnerability in Cimmetry Systems Autovue Solidmodel Professional Desktopedition19.1Build5993 Stack-based buffer overflow in AutoVue SolidModel Professional Desktop Edition 19.1 Build 5993 allows user-assisted remote attackers to execute arbitrary code via a long filename in a (1) ARJ, (2) RAR, or (3) ZIP archive. | 5.1 |
2006-07-27 | CVE-2006-3803 | Mozilla | Products Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object. | 5.1 |
2006-07-25 | CVE-2006-3847 | Canebluem | Code Injection vulnerability in Canebluem Mospray 1.8Rc1 PHP remote file inclusion vulnerability in (1) admin.php, and possibly (2) details.php, (3) modify.php, (4) newgroup.php, (5) newtask.php, and (6) rss.php, in MoSpray (aka com_mospray) 1.8 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the basedir parameter. | 5.1 |
2006-07-25 | CVE-2006-3119 | FBI | Unspecified vulnerability in FBI The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a typo that prevents a filter from working correctly, which allows user-assisted attackers to bypass the filter and execute malicious Postscript commands. | 5.1 |
2006-07-25 | CVE-2006-3823 | Geodesicsolutions | SQL Injection vulnerability in Geodesicsolutions Geoauctions Premier and Geoclassifieds Basic SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b parameter. | 5.1 |
2006-07-25 | CVE-2006-3822 | Geodesicsolutions | SQL Injection vulnerability in Geodesicsolutions Geoauctions Enterprise 1.0.6 SQL injection vulnerability in index.php in GeodesicSolutions GeoAuctions Enterprise 1.0.6 allows remote attackers to execute arbitrary SQL commands via the d parameter. | 5.1 |
2006-07-25 | CVE-2006-3814 | Cheese Tracker | Buffer Overflow vulnerability in Cheese Tracker XM Loader Buffer overflow in the Loader_XM::load_instrument_internal function in loader_xm.cpp for Cheese Tracker 0.9.9 and earlier allows user-assisted attackers to execute arbitrary code via a crafted file with a large amount of extra data. | 5.1 |
2006-07-24 | CVE-2006-3793 | Sitedepth | Remote File Include vulnerability in SiteDepth CMS Constants.PHP PHP remote file inclusion vulnerability in constants.php in SiteDepth CMS 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SD_DIR parameter. | 5.1 |
2006-07-24 | CVE-2006-3772 | PHP Post | Remote Authentication Bypass vulnerability in PHP-Post 0.21/1.0 PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login is enabled, allows remote attackers to bypass security restrictions and obtain administrative privileges by modifying the logincookie[user] setting in the login cookie. | 5.1 |
2006-07-24 | CVE-2006-3676 | Planet Concept | Unspecified vulnerability in Planet Concept Planetgallery admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote attackers to execute arbitrary PHP code by uploading files with a double extension and directly accessing the file in the images directory, which bypasses a regular expression check for safe file types. | 5.1 |
2006-07-29 | CVE-2006-1178 | Tamarack Consulting | Denial Of Service vulnerability in Tamarack Consulting Tamarack Mmsd 7.991 Tamarack MMSd before 7.992 allows remote attackers to cause a denial of service (crash) via malformed RFC1006 (OSI over TCP/IP) packets. | 5.0 |
2006-07-28 | CVE-2006-3920 | SUN | Denial-Of-Service vulnerability in Solaris The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm. | 5.0 |
2006-07-28 | CVE-2006-3915 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by iterating over any native function, as demonstrated with the window.alert function, which triggers a null dereference. | 5.0 |
2006-07-28 | CVE-2006-3910 | Microsoft | Denial Of Service vulnerability in Microsoft IE 6.0 Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference. | 5.0 |
2006-07-27 | CVE-2006-3804 | Mozilla | Products Remote vulnerability in Mozilla Seamonkey and Thunderbird Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) via a VCard attachment with a malformed base64 field, which copies more data than expected due to an integer underflow. | 5.0 |
2006-07-27 | CVE-2006-3899 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function. | 5.0 |
2006-07-27 | CVE-2006-3898 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference. | 5.0 |
2006-07-27 | CVE-2006-3897 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 6.0 Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property. | 5.0 |
2006-07-27 | CVE-2006-3840 | ISS | Resource Management Errors vulnerability in ISS products The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, and RealSecure 7.0, allows remote attackers to cause a denial of service (infinite loop) via a crafted SMB packet that is not properly handled by the SMB_Mailslot_Heap_Overflow decode. | 5.0 |
2006-07-27 | CVE-2006-3885 | Checkpoint | Directory Traversal vulnerability in Checkpoint Firewall-1 R55W Directory traversal vulnerability in Check Point Firewall-1 R55W before HFA03 allows remote attackers to read arbitrary files via an encoded .. | 5.0 |
2006-07-27 | CVE-2006-3882 | Musicbox | Remote Security vulnerability in Musicbox 2.3.4 Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. | 5.0 |
2006-07-27 | CVE-2006-3879 | Miod Vallat | Numeric Errors vulnerability in Miod Vallat Mikmod Integer overflow in the loadChunk function in loaders/load_gt2.c in libmikmod in Mikmod Sound System 3.2.2 allows remote attackers to cause a denial of service via a GRAOUMF TRACKER (GT2) module file with a large (0xffffffff) comment length value in an XCOM chunk. | 5.0 |
2006-07-26 | CVE-2006-3678 | 3Com | 7PK - Security Features vulnerability in 3Com Tippingpoint IPS TOS TippingPoint IPS running the TippingPoint Operating System (TOS) before 2.2.4.6519 allows remote attackers to "force the device into layer 2 fallback (L2FB)", causing a denial of service (page fault), via a malformed packet. | 5.0 |
2006-07-25 | CVE-2006-3837 | Professional Home Page Tools | Remote Security vulnerability in Professional Home Page Tools Guestbook delcookie.php in Professional Home Page Tools Guestbook changes the expiration date of a cookie instead of deleting the cookie's value, which makes it easier for attackers to steal the cookie and obtain the administrator's password hash after logout. | 5.0 |
2006-07-25 | CVE-2006-3836 | Unidomedia | Directory Traversal vulnerability in Chameleon LE Directory traversal vulnerability in index.php in UNIDOmedia Chameleon LE 1.203 and earlier, and possibly Chameleon PRO, allows remote attackers to read arbitrary files via the rmid parameter. | 5.0 |
2006-07-25 | CVE-2006-3834 | EJ3 | Unspecified vulnerability in EJ3 Topo 2.2.178 EJ3 TOPo 2.2.178 includes the password in cleartext in the ID field to index.php, which allows context-dependent attackers to obtain entry passwords via log files, referrers, or other vectors. | 5.0 |
2006-07-25 | CVE-2006-3833 | EJ3 | Remote Security vulnerability in EJ3 Topo 2.2.178 index.php in EJ3 TOPo 2.2.178 allows remote attackers to overwrite existing entries and establish new passwords for the overwritten entries via a URL with a modified entry ID. | 5.0 |
2006-07-25 | CVE-2006-3831 | Kailash Nadh | Information Disclosure vulnerability in Boastmachine The Backup selection in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier uses predicable filenames for database backups and stores the files under the web root with insufficient access control, which allows remote attackers to obtain sensitive information by downloading a backup file. | 5.0 |
2006-07-25 | CVE-2006-3829 | Kailash Nadh | Cross-Site Request Forgery vulnerability in Boastmachine Cross-site request forgery (CSRF) vulnerability in bmc/admin.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote attackers to perform unauthorized actions as an administrator and delete arbitrary user accounts via a delete_user action. | 5.0 |
2006-07-24 | CVE-2006-3798 | Deluxebb | Remote Security vulnerability in Deluxebb 1.05/1.06/1.07 DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) _GET, (2) _POST, (3) _ENV, and (4) _SERVER variables via the _COOKIE (aka COOKIE) variable, which can overwrite the other variables during an extract function call, probably leading to multiple security vulnerabilities, aka "pollution of the global namespace." | 5.0 |
2006-07-24 | CVE-2006-3791 | Ufo2000 | Remote vulnerability in UFO2000 The decode_stringmap function in server_transport.cpp for UFO2000 svn 1057 allows remote attackers to cause a denial of service (daemon termination) via a large keysize or valsize, which causes a crash when the resize function cannot allocate sufficient memory. | 5.0 |
2006-07-24 | CVE-2006-3790 | Ufo2000 | Remote vulnerability in UFO2000 The decode_stringmap function in server_transport.cpp for UFO2000 svn 1057 allows remote attackers to cause a denial of service (daemon termination) via a keysize or valsize that is inconsistent with the packet size, which leads to a buffer over-read. | 5.0 |
2006-07-24 | CVE-2006-3780 | Keyifweb | Information Disclosure vulnerability in Keyifweb Keyif Portal 2.0 Keyifweb Keyif Portal 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) ANKET/anket.mdb, (2) HABER/keyifweb.mdb, (3) ASP/download.mdb, or (4) SAYAC/aktif.mdb in the database/A9S7G6ASD790 directory. | 5.0 |
2006-07-24 | CVE-2006-3778 | IBM | Unspecified vulnerability in IBM Lotus Notes 6.0/6.5/7.0 IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients. | 5.0 |
2006-07-25 | CVE-2006-3824 | SUN | Local Information Disclosure vulnerability in SUN Solaris 10.0 systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. | 4.9 |
2006-07-24 | CVE-2006-3783 | SUN | Denial of Service vulnerability in SUN Solaris 10.0 Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors involving (1) the /net mount point and (2) the "-hosts" map in a mount point. | 4.9 |
2006-07-24 | CVE-2006-3782 | SUN | Local Denial of Service vulnerability in SUN Solaris 10.0 Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris 10, when running on x86, allows local users to cause a denial of service (system hang) via unspecified vectors. | 4.9 |
2006-07-27 | CVE-2006-2933 | KDE Redhat | kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop. | 4.6 |
2006-07-28 | CVE-2006-3924 | Dokeos | Cross-Site Scripting vulnerability in Dokeos Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2006-07-28 | CVE-2006-3916 | Solucija | Cross-Site Scripting vulnerability in Solucija Snews 1.4 Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka Solucija News) 1.4 allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. | 4.3 |
2006-07-27 | CVE-2006-3902 | Phpfaber | Cross-Site Scripting vulnerability in PHPfaber Topsites 2.0.9 Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites 2.0.9 allows remote attackers to inject arbitrary web script or HTML via the i_cat parameter. | 4.3 |
2006-07-27 | CVE-2006-3883 | Gonafish | Input Validation vulnerability in Gonafish Linkscaffe 3.0 Multiple cross-site scripting (XSS) vulnerabilities in Gonafish LinksCaffe 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the tablewidth parameter in (a) counter.php; (2) the newdays parameter in (b) links.php; and the (3) tableborder, (4) menucolor, (5) textcolor, and (6) bodycolor parameters in (c) menu.inc.php. | 4.3 |
2006-07-27 | CVE-2006-3881 | Musicbox | Cross-Site Scripting vulnerability in Musicbox 2.3.4 Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter in a request for the top-level URI. | 4.3 |
2006-07-25 | CVE-2006-3852 | Phptoys | HTML Injection vulnerability in Micro Guestbook Cross-site scripting (XSS) vulnerability in index.php in Micro GuestBook allows remote attackers to execute arbitrary SQL commands via the (1) name or (2) comment ("text") fields. | 4.3 |
2006-07-25 | CVE-2006-3842 | Adventnet | HTML Injection vulnerability in Adventnet Zoho Virtual Office 3.2Build3210 Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 Build 3210 allows remote attackers to execute arbitrary web script or HTML via an HTML message. | 4.3 |
2006-07-25 | CVE-2006-3826 | Kailash Nadh | Cross-Site Scripting vulnerability in Boastmachine Multiple cross-site scripting (XSS) vulnerabilities in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user_login, (2) full_name, and (3) URL parameters in register.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via the (4) cat_list and (5) key parameters in a certain portion of the admin interface. | 4.3 |
2006-07-25 | CVE-2006-3821 | Adaptive Technology Resource Centre | Cross-Site Scripting vulnerability in Atutor Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day parameter in (b) registration.php. | 4.3 |
2006-07-25 | CVE-2006-3820 | Gerrit VAN Aaken | Cross-Site Scripting vulnerability in Gerrit Van Aaken Loudblog Cross-site scripting (XSS) vulnerability in loudblog/index.php in Loudblog before 0.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 4.3 |
2006-07-24 | CVE-2006-3800 | Amazing Flash Commerce | Input Validation vulnerability in Amazing Flash Commerce Afcommerce Shopping Cart 1.1.4 Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the "new review" text box. | 4.3 |
2006-07-28 | CVE-2006-3921 | SUN | Information Disclosure vulnerability in SUN products Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI. | 4.0 |
2006-07-25 | CVE-2006-3830 | Kailash Nadh | Remote Security vulnerability in Boastmachine The Languages selection in the admin interface in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. | 4.0 |
15 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-07-24 | CVE-2006-3786 | Symantec | Local Security vulnerability in Symantec Pcanywhere 12.5 Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka caller or CallerID) files, which allows local users to generate a custom .cif file and modify the superuser flag. | 3.6 |
2006-07-29 | CVE-2006-3812 | Mozilla | Products Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links. | 2.6 |
2006-07-28 | CVE-2006-3923 | Fire Mouse | HTML Injection vulnerability in Fire-Mouse TopList Cross-site scripting (XSS) vulnerability in add.php in Fire-Mouse Toplist 1.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the Seitenname parameter. | 2.6 |
2006-07-25 | CVE-2006-3848 | Krischan Jodies | Cross-Site Scripting vulnerability in Krischan Jodies IP Calculator 0.40 Cross-site scripting (XSS) vulnerability in CGI wrapper for IP Calculator (IPCalc) 0.40 allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI environment variable), which is used in the actionurl variable. | 2.6 |
2006-07-25 | CVE-2006-3841 | Owasp | Cross-Site Scripting vulnerability in Owasp Webscarab 20060621 Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL. | 2.6 |
2006-07-25 | CVE-2006-3619 | Fastjar | Directory Traversal vulnerability in Fastjar 0.93 Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences. | 2.6 |
2006-07-24 | CVE-2006-3795 | Deluxebb | Input Validation vulnerability in DeluxeBB Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before 1.08 allow remote attackers to inject arbitrary web script or HTML via the (1) membercookie cookie in header.php and the (2) redirect parameter in misc.php. | 2.6 |
2006-07-24 | CVE-2006-3769 | TOP XL | Cross-Site Scripting vulnerability in TOP XL TOP XL 1.0 Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pass and (2) pass2 parameters in (a) add.php or the (3) id parameter in (b) members/index.php. | 2.6 |
2006-07-28 | CVE-2006-3675 | Counterpane | Local Insecure Idle Timeout Lock vulnerability in Counterpane Passwordsafe 2.11/2.16/3.0Beta1 Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the configuration settings for locking the password database when certain dialogue windows are open, which might allow attackers with physical access to obtain the database contents. | 2.1 |
2006-07-28 | CVE-2006-3912 | Rarlab | Buffer Errors vulnerability in Rarlab Winrar 3.60Beta8 Stack-based buffer overflow in the SFX module in WinRAR before 3.60 beta 8 has unspecified vectors and impact. | 2.1 |
2006-07-27 | CVE-2006-3878 | Opsware | Information Disclosure vulnerability in Opsware Network Automation System 6.0 Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql with insecure permissions, which allows local users to read the root password for the MySQL MAX database or gain privileges by modifying /etc/init.d/mysql. | 2.1 |
2006-07-25 | CVE-2006-3825 | SUN | Unspecified vulnerability in SUN Solaris 10.0 The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication. | 2.1 |
2006-07-25 | CVE-2006-3815 | Linux HA | Permissions, Privileges, and Access Controls vulnerability in Linux-Ha Heartbeat 0.4.9/1.2.4/2.0.5 heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup. | 2.1 |
2006-07-24 | CVE-2006-3787 | Kerio | Denial of Service vulnerability in Sunbelt Kerio Personal Firewall CreateRemoteThread kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function, which allows local users to cause a denial of service (crash) and bypass protection mechanisms by calling CreateRemoteThread. | 2.1 |
2006-07-24 | CVE-2006-3785 | Symantec | Local Security vulnerability in Symantec Pcanywhere 12.5 Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin. | 2.1 |