Weekly Vulnerabilities Reports > July 31 to August 6, 2006

Overview

99 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 44 high severity vulnerabilities. This weekly summary report vulnerabilities in 79 products from 54 vendors including Apple, Libtiff, Mambo, Knusperleicht, and Alkacon. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", "Numeric Errors", "SQL Injection", and "Path Traversal".

  • 92 reported vulnerabilities are remotely exploitables.
  • 22 reported vulnerabilities have public exploit available.
  • 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 93 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 17 reported vulnerabilities.
  • Broadcom has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

4 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-08-02 CVE-2006-3498 Apple Multiple Security vulnerability in Apple Mac OS X

Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request.

10.0
2006-08-05 CVE-2006-3985 Conexware Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Conexware Powerarchiver

Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware PowerArchiver 9.62.03 allows user-assisted attackers to execute arbitrary code by adding a new file to a crafted ZIP archive that already contains a file with a long name.

9.3
2006-08-04 CVE-2006-3977 Broadcom Unspecified vulnerability in Broadcom Etrust Antivirus Webscan 1.1.0.1045/1.1.0.1047

Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 has unknown impact and remote attackers related to "improper processing of outdated WebScan components."

9.3
2006-08-04 CVE-2006-3976 Broadcom Unspecified vulnerability in Broadcom Etrust Antivirus Webscan 1.1.0.1045/1.1.0.1047

Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 allows remote attackers to install arbitrary files.

9.3

44 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-08-03 CVE-2006-3463 Libtiff Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libtiff

The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop.

7.8
2006-07-31 CVE-2006-3942 Microsoft Improper Input Validation vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability.

7.8
2006-08-05 CVE-2006-4001 Barracuda Networks Multiple vulnerability in Barracuda Networks Spam Firewall 3.3.01.001/3.3.03.053/3.3.03.055

Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin password.

7.5
2006-08-05 CVE-2006-3998 Wowroster Remote File Include vulnerability in Wowroster 1.5/1.5.1

PHP remote file inclusion vulnerability in conf.php in WoWRoster (aka World of Warcraft Roster) 1.5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter.

7.5
2006-08-05 CVE-2006-3997 Wowroster Remote File Include vulnerability in Wowroster 1.5/1.5.1

PHP remote file inclusion vulnerability in hsList.php in WoWRoster (aka World of Warcraft Roster) 1.5.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter.

7.5
2006-08-05 CVE-2006-3994 XMB Software Unspecified vulnerability in XMB Software XMB Forum

SQL injection vulnerability in the u2u_send_recp function in u2u.inc.php in XMB (aka extreme message board) 1.9.6 Alpha and earlier allows remote attackers to execute arbitrary SQL commands via the u2uid parameter to u2u.php, which is directly accessed from $_POST and bypasses the protection scheme.

7.5
2006-08-05 CVE-2006-3991 VOC Project Remote File Include vulnerability in Voodoo Chat File_Path Parameter

PHP remote file inclusion vulnerability in index.php in Vlad Vostrykh Voodoo chat 1.0RC1b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_path parameter.

7.5
2006-08-05 CVE-2006-3990 Phpsavant Remote File Include vulnerability in PHPSavant Savant2

Multiple PHP remote file inclusion vulnerabilities in Paul M.

7.5
2006-08-05 CVE-2006-3986 Knusperleicht Remote File Include vulnerability in Knusperleicht NewsLetter

PHP remote file inclusion vulnerability in index.php in Knusperleicht Newsletter 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NL_PATH parameter.

7.5
2006-08-05 CVE-2006-3984 Gianluca Baldo
Phpadsnew
Remote File Include vulnerability in PHPAuction PHPAds_Path Variable

PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in Albasoftware Phpauction 2.1 and possibly later versions, with phpAdsNew 2.0.5, allows remote attackers to execute arbitrary PHP code via a URL in the phpAds_path parameter.

7.5
2006-08-05 CVE-2006-3983 Ekilat LLC Remote File Include vulnerability in Ekilat LLC PHP(Reactor) 1.27Pl1

PHP remote file inclusion vulnerability in editprofile.php in php(Reactor) 1.27pl1 allows remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter.

7.5
2006-08-05 CVE-2006-3982 Knusperleicht Remote File Include vulnerability in Knusperleicht Quickie 0.2

PHP remote file inclusion vulnerability in quickie.php in Knusperleicht Quickie, probably 0.2, allows remote attackers to execute arbitrary PHP code via a URL in the QUICK_PATH parameter.

7.5
2006-08-05 CVE-2006-3981 Mambo Remote File Inclusion vulnerability in Mambo Gallery Manager

PHP remote file inclusion vulnerability in about.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2006-08-04 CVE-2006-3975 Broadcom Unspecified vulnerability in Broadcom Etrust Antivirus Webscan

Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote attackers to execute arbitrary code due to "improper bounds checking when processing certain user input."

7.5
2006-08-03 CVE-2006-3505 Apple Multiple Security vulnerability in Apple Mac OS X

WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated.

7.5
2006-08-03 CVE-2006-3465 Libtiff Denial of Service vulnerability in LibTIFF Library Anonymous Field Merging

Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors.

7.5
2006-08-03 CVE-2006-3464 Libtiff Numeric Errors vulnerability in Libtiff

TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations".

7.5
2006-08-03 CVE-2006-3462 Libtiff Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libtiff

Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images.

7.5
2006-08-03 CVE-2006-3461 Libtiff Multiple Security vulnerability in Apple Mac OS X

Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors.

7.5
2006-08-03 CVE-2006-3460 Libtiff Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libtiff

Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize).

7.5
2006-08-03 CVE-2006-3459 Libtiff
Adobe
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libtiff

Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.

7.5
2006-08-01 CVE-2006-3970 Joomla Remote File Include vulnerability in Lmo

PHP remote file inclusion vulnerability in lmo.php in the LMO Component (com_lmo) 1.0b2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2006-08-01 CVE-2006-3969 Joomla Remote File Include vulnerability in Colophon Component Admin.Colophon.PHP

PHP remote file inclusion vulnerability in administrator/components/com_colophon/admin.colophon.php in Colophon 1.2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2006-08-01 CVE-2006-3967 Moskool Remote File Include vulnerability in Moskool 1.5

PHP remote file inclusion vulnerability in component/option,com_moskool/Itemid,34/admin.moskool.php in MamboXChange Moskool 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2006-08-01 CVE-2006-3966 Carlos Sanchez Valle
PHP Layers Menu
Code Injection vulnerability in multiple products

PHP remote file inclusion vulnerability in /lib/tree/layersmenu.inc.php in the PHP Layers Menu 2.3.5 package for MyNewsGroups :) 0.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter.

7.5
2006-08-01 CVE-2006-3964 Banex Remote vulnerability in Banex 2.21

PHP remote file inclusion vulnerability in members.php in Banex PHP MySQL Banner Exchange 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_root parameter.

7.5
2006-08-01 CVE-2006-3963 Banex Remote vulnerability in Banex 2.21

Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the (1) site_name parameter to (a) signup.php, and the (2) id, (3) deleteuserbanner, (4) viewmem, (5) viewmemunb, (6) viewunmem,or (7) deleteuser parameters to (b) admin.php.

7.5
2006-08-01 CVE-2006-3962 Mambo Remote File Include vulnerability in Mambo Bayesiannaivefilter 1.1

PHP remote file inclusion vulnerability in administrator/components/com_bayesiannaivefilter/lang.php in the bayesiannaivefilter component (com_bayesiannaivefilter) 1.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2006-08-01 CVE-2006-3960 X Scripts SQL Injection vulnerability in X-Scripts X-Poll 2.30

SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter.

7.5
2006-08-01 CVE-2006-3959 X Scripts SQL Injection vulnerability in X-Scripts X-Statistics 1.10

SQL injection vulnerability in protect.php in X-Scripts X-Protection 1.10, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameter.

7.5
2006-08-01 CVE-2006-3957 Bosdev Remote File Include vulnerability in Bosdates Payment.PHP

PHP remote file inclusion vulnerability in payment.php in BosDev BosDates allows remote attackers to execute arbitrary PHP code via a URL in the insPath parameter.

7.5
2006-08-01 CVE-2006-3955 Minibb Remote File Include vulnerability in Minibb 1.5A

Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) news.php, (2) search.php, or (3) whosOnline.php.

7.5
2006-08-01 CVE-2006-3952 EFS Software Remote Buffer Overflow vulnerability in EFS Software EFS FTP Server 2.0

Stack-based buffer overflow in EFS Software Easy File Sharing FTP Server 2.0 allows remote attackers to execute arbitrary code via a long argument to the PASS command.

7.5
2006-08-01 CVE-2006-3951 MAM Moodle Alpha Component Remote File Include vulnerability in Mam-Moodle Moodle.PHP

PHP remote file inclusion vulnerability in moodle.php in Mam-moodle alpha component (com_moodle) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2006-08-01 CVE-2006-3950 X Scripts SQL Injection vulnerability in X-Scripts X-Statistics 1.20

SQL injection vulnerability in x-statistics.php in X-Scripts X-Statistics 1.20 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.

7.5
2006-07-31 CVE-2006-3946 Apple Buffer Errors vulnerability in Apple mac OS X and Safari

WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag.

7.5
2006-07-31 CVE-2006-3941 SUN Local vulnerability in Sun Solaris N1 Grid Engine 5.3/6.0

Unspecified vulnerability in the daemons for Sun N1 Grid Engine 5.3 and N1 Grid Engine 6.0 allows local users to cause a denial of service (grid service shutdown) and possibly execute arbitrary code using buffer overflows via unknown vectors that cause (1) qmaster or (2) execd to terminate.

7.5
2006-07-31 CVE-2006-3940 Phpbb Group SQL Injection vulnerability in PHPbb Group PHPbb-Auction 1.0M/1.2M/1.3M

Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php.

7.5
2006-07-31 CVE-2006-3939 Scriptscenter Unauthorized Access vulnerability in Scriptscenter Ezupload PRO 2.2

ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform administrative activities without authentication in (1) filter.php, which permits changing the Extensions Mode file type; (2) access.php, which permits changing the Protection Method; (3) edituser.php, which permits adding upload capabilities to user accounts; (4) settings.php, which permits changing the admin information; and (5) index.php, which permits uploading of arbitrary files.

7.5
2006-07-31 CVE-2006-3930 Mamboxchange Remote File Include vulnerability in Mamboxchange A6Mambohelpdesk 18Rc1

PHP remote file inclusion vulnerability in admin.a6mambohelpdesk.php in a6mambohelpdesk Mambo Component 18RC1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

7.5
2006-07-31 CVE-2006-3928 Mikael Software Remote File Include vulnerability in WMNews Base_Datapath

PHP remote file inclusion vulnerability in index.php in WMNews 0.2a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_datapath parameter.

7.5
2006-07-31 CVE-2006-3926 PHP PRO BID Input Validation vulnerability in PHP PRO BID PHP PRO BID 5.24

Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) start parameters to (a) viewfeedback.php or the (3) orderType parameter to (b) categories.php.

7.5
2006-07-31 CVE-2006-3120 Brian Wotring Unspecified vulnerability in Brian Wotring Osiris

Format string vulnerability in Brian Wotring Osiris before 4.2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified attack vectors related to the logging functions.

7.5
2006-08-03 CVE-2006-3500 Apple Multiple Security vulnerability in Apple Mac OS X

The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via an "improperly handled condition" that leads to use of "dangerous paths," probably related to an untrusted search path vulnerability.

7.2

46 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-08-05 CVE-2006-3995 User Home Pages Code Injection vulnerability in User Home Pages User Home Pages 0.5

Multiple PHP remote file inclusion vulnerabilities in (1) uhp_config.php, and possibly (2) footer.php, (3) functions.php, (4) install.uhp.php, (5) toolbar.uhp.html.php, (6) uhp.class.php, and (7) uninstall.uhp.php, in the UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo or Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2006-08-05 CVE-2006-3980 Mambo Code Injection vulnerability in Mambo Gallery Manager

PHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2006-08-02 CVE-2006-3971 Scott Weedon Remote vulnerability in Scott Weedon Ajax Chat 0.1

Cross-site scripting (XSS) vulnerability in visitor/livesupport/chat.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to inject arbitrary web script or HTML via the userid parameter.

6.8
2006-08-01 CVE-2006-3961 Mcafee Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mcafee products

Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.

6.8
2006-08-01 CVE-2006-3949 Mambo Code Injection vulnerability in Mambo Artlinks Component

PHP remote file inclusion vulnerability in artlinks.dispnew.php in the Artlinks component (com_artlinks) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2006-08-01 CVE-2006-3947 Mambo Code Injection vulnerability in Mambo Mambatstaff

PHP remote file inclusion vulnerability in components/com_mambatstaff/mambatstaff.php in the Mambatstaff 3.1b and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2006-08-05 CVE-2006-3996 Adaptive Technology Resource Centre SQL Injection vulnerability in ATutor

SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters.

6.5
2006-07-31 CVE-2006-3935 Alkacon Remote Security vulnerability in OpenCMS

system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to (1) send broadcast messages to all users (/workplace/broadcast), (2) list all users (/accounts/users), (3) add webusers (/accounts/webusers/new), (4) upload database import and export files (/database/importhttp), (5) upload arbitrary program modules (/modules/modules_import), and (6) read the log file (/workplace/logfileview) by setting the appropriate value for the path parameter in a direct request to admin-main.jsp.

6.5
2006-08-05 CVE-2006-0395 Apple Multiple vulnerability in Apple Mac OS X Security Update 2006-001

The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.

5.1
2006-08-05 CVE-2006-3993 Tsep Remote File Include vulnerability in TSEP Copyright.PHP

PHP remote file inclusion vulnerability in copyright.php in Olaf Noehring The Search Engine Project (TSEP) 0.942 allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter.

5.1
2006-08-05 CVE-2006-3992 Intel Remote Code Execution vulnerability in Intel PRO/Wireless Network Connection Drivers

Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.

5.1
2006-08-05 CVE-2006-3989 Knusperleicht Remote File Include vulnerability in Knusperleicht Shoutbox 3.0.2

PHP remote file inclusion vulnerability in index.php in Knusperleicht Shoutbox 4.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sb_include_path parameter.

5.1
2006-08-05 CVE-2006-3988 Knusperleicht Remote File Include vulnerability in Knusperleicht Newsreporter 1.0

PHP remote file inclusion vulnerability in index.php in Knusperleicht newsReporter 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the news_include_path parameter.

5.1
2006-08-05 CVE-2006-3987 Knusperleicht Remote File Include vulnerability in Knusperleicht FileManager DWL_Download

Multiple PHP remote file inclusion vulnerabilities in index.php in Knusperleicht FileManager 1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) dwl_download_path or (2) dwl_include_path parameters.

5.1
2006-08-03 CVE-2006-3504 Apple Multiple Security vulnerability in Apple Mac OS X

The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari.

5.1
2006-08-03 CVE-2006-3503 Apple Multiple Security vulnerability in Apple Mac OS X

Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed GIF image.

5.1
2006-08-03 CVE-2006-3502 Apple Multiple Security vulnerability in Apple Mac OS X

Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled.

5.1
2006-08-03 CVE-2006-3501 Apple Multiple Security vulnerability in Apple Mac OS X

Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image.

5.1
2006-08-03 CVE-2006-0392 Apple Multiple Security vulnerability in Apple Mac OS X

Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image.

5.1
2006-08-02 CVE-2006-3497 Apple Multiple Security vulnerability in Apple Mac OS X

Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Zip archive.

5.1
2006-07-31 CVE-2006-3932 Gonafish SQL-Injection vulnerability in Gonafish Linkscaffe 3.0

SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

5.1
2006-08-02 CVE-2006-3972 Scott Weedon Remote vulnerability in Scott Weedon Ajax Chat 0.1

Directory traversal vulnerability in includes/operator_chattranscript.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to read arbitrary files via a ..

5.0
2006-08-02 CVE-2006-3496 Apple Multiple Security vulnerability in Apple Mac OS X

AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause denial of service (crash) via an invalid AFP request that triggers an unchecked error condition.

5.0
2006-08-02 CVE-2006-1473 Apple Multiple Security vulnerability in Apple Mac OS X

Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors.

5.0
2006-08-02 CVE-2006-1472 Apple Multiple Security vulnerability in Apple Mac OS X

Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determine names of unauthorized files and folders via unknown vectors related to the search results.

5.0
2006-08-01 CVE-2006-3968 SUN Unspecified vulnerability in SUN Solaris 10.0

The crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01, when running on Sun Fire T2000 platforms, incorrectly verifies a DSA signature, which might prevent applications from detecting that the data has been modified.

5.0
2006-08-01 CVE-2006-3965 Banex Information Disclosure vulnerability in Banex 2.21

Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database usernames and passwords.

5.0
2006-08-01 CVE-2006-3954 Mybulletinboard Directory Traversal vulnerability in MyBulletinBoard

Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a ..

5.0
2006-07-31 CVE-2006-3945 Opera Software Unspecified vulnerability in Opera Software Opera web Browser 9

The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption.

5.0
2006-07-31 CVE-2006-3944 Microsoft Object ListWidth Property Denial Of Service vulnerability in Microsoft IE 6

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference.

5.0
2006-07-31 CVE-2006-3938 Dotclear Information Disclosure vulnerability in Dotclear

DotClear allows remote attackers to obtain sensitive information via a direct request for (1) edit_cat.php, (2) index.php, (3) edit_link.php in ecrire/tools/blogroll/; (4) syslog/index.php, (5) thememng/index.php, (6) toolsmng/index.php, (7) utf8convert/index.php in /ecrire/tools/; (8) /ecrire/inc/connexion.php and (9) /inc/session.php; (10) class.blog.php, (11) class.blogcomment.php, (12) and class.blogpost.php in /inc/classes/; (13) append.php, (14) class.xblog.php, (15) class.xblogcomment.php, and (16) class.xblogpost.php in /layout/; (17) form.php, (18) list.php, (19) post.php, or (20) template.php in /themes/default/, which reveal the installation path in error messages.

5.0
2006-07-31 CVE-2006-3937 Xguestbook Information Disclosure vulnerability in Xguestbook 1.02

post.php in x_atrix xGuestBook 1.02 allows remote attackers to obtain sensitive information via a request without the (1) user, (2) mail, (3) p, or (4) url parameter, which reveals the installation path in an error message.

5.0
2006-07-31 CVE-2006-2481 Vmware Credentials Management vulnerability in VMWare ESX

VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619).

5.0
2006-08-04 CVE-2006-3634 Linux Denial-Of-Service vulnerability in Kernel 2.6.17/2.6.18

The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic functions in Linux kernel 2.6.17-rc4 to 2.6.18-rc2 perform the atomic futex operation in the kernel address space instead of the user address space, which allows local users to cause a denial of service (crash).

4.9
2006-08-05 CVE-2006-3999 ISS Local Security vulnerability in ISS Blackice PC Protection 3.6Cpie/3.6Cpj

ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor the integrity of the pamversion.dll BlackICE library, which allows local users to subvert BlackICE by replacing pamversion.dll.

4.6
2006-07-31 CVE-2006-3931 Tuomas Airaksinen Local Buffer Overflow vulnerability in Tuomas Airaksinen Midirecord 2.0

Buffer overflow in the daemon function in midirecord.cc in Tuomas Airaksinen Midirecord 2.0 allows local users to execute arbitrary code via a long command line argument (filename).

4.6
2006-08-01 CVE-2006-3958 PKR Internet Cross-Site Scripting vulnerability in PKR Internet Taskjitsu 2.0.3

Multiple unspecified cross-site scripting (XSS) vulnerabilities in Taskjitsu 2.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the Search Tasks system, or authenticated users via (2) the Edit Task system, (3) the back-end Category Editor system, and (4) "Pages that display task status, email addresses, URL, customer, and project information."

4.3
2006-08-01 CVE-2006-3956 Total Online Solutions Cross-Site Scripting vulnerability in Total Online Solutions Advanced Webhost Billing System 2.2.2

Multiple cross-site scripting (XSS) vulnerabilities in contact.php in Advanced Webhost Billing System (AWBS) 2.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) AccountUsername and (3) Message parameters.

4.3
2006-08-01 CVE-2006-3953 Mybulletinboard Cross-Site Scripting vulnerability in MyBulletinBoard UserCP.PHP

Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.

4.3
2006-08-01 CVE-2006-3948 PHP Nuke Cross-Site Scripting vulnerability in PHPNuke INP

Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke INP allows remote attackers to inject arbitrary web script or HTML via the query parameter.

4.3
2006-07-31 CVE-2006-3929 Zyxel Cross-Site Scripting vulnerability in Zyxel Prestige 660H-61 Firmware3.40Pt.0B32

Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter.

4.3
2006-07-31 CVE-2006-3927 PHP PRO BID Input Validation vulnerability in PHP PRO BID PHP PRO BID 5.24

Cross-site scripting (XSS) vulnerability in auctionsearch.php in PhpProBid 5.24 allows remote attackers to inject arbitrary web script or HTML via the advsrc parameter.

4.3
2006-08-05 CVE-2006-4000 Barracuda Networks Multiple vulnerability in Barracuda Networks Spam Firewall 3.3.01.001/3.3.03.053/3.3.03.055

Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a ..

4.0
2006-08-03 CVE-2006-0393 Apple Multiple Security vulnerability in Apple Mac OS X

OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang.

4.0
2006-07-31 CVE-2006-3936 Alkacon Remote Security vulnerability in OpenCMS

system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp.

4.0
2006-07-31 CVE-2006-3934 Alkacon Path Traversal vulnerability in Alkacon Opencms

Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-07-31 CVE-2006-3933 Alkacon Cross-Site Scripting vulnerability in OpenCMS

Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body.

3.5
2006-07-31 CVE-2006-3943 Microsoft Stack Overflow vulnerability in Microsoft IE 6

Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties.

2.6
2006-08-05 CVE-2006-3457 Symantec Information Disclosure vulnerability in Symantec On-Demand Agent and On-Demand Protection

Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the Virtual Desktop module in Symantec On-Demand Protection (SODP) before 2.6 Build 2233, do not properly encrypt files that are subject to policy-based automatic encryption, which might allow local users to read sensitive data via an unspecified decryption method.

2.1
2006-08-03 CVE-2006-3499 Apple Multiple Security vulnerability in Apple Mac OS X

The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications.

2.1
2006-08-02 CVE-2006-3495 Apple Multiple Security vulnerability in Apple Mac OS X

AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users.

2.1