Weekly Vulnerabilities Reports > August 7 to 13, 2006
Overview
120 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 53 high severity vulnerabilities. This weekly summary report vulnerabilities in 91 products from 77 vendors including Microsoft, IBM, Mywebland, Jetbox, and Deluxebb. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Resource Management Errors", "Permissions, Privileges, and Access Controls", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 106 reported vulnerabilities are remotely exploitables.
- 22 reported vulnerabilities have public exploit available.
- 9 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 115 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 18 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
7 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-08-11 | CVE-2006-4084 | David Walker | Remote Security vulnerability in Phpautomembersarea Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 has unknown impact and attack vectors, related to "a potential security exploit which is critical." Upgrade to 3.2.4 | 10.0 |
2006-08-09 | CVE-2006-4037 | Fenestrae | Command Execution vulnerability in Fenestrae Faxination Server 4.0/5.0/6.0 Unspecified vulnerability in Fenestrae Faxination Server allows remote attackers to execute arbitrary code via a crafted packet. | 10.0 |
2006-08-09 | CVE-2006-4028 | Wordpress | Remote Security vulnerability in WordPress Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. | 10.0 |
2006-08-09 | CVE-2006-3441 | Microsoft | Buffer Overrun vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. | 10.0 |
2006-08-09 | CVE-2006-3440 | Microsoft | Buffer Overflow vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability." | 10.0 |
2006-08-09 | CVE-2006-3439 | Microsoft | Remote Buffer Overflow vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314. | 10.0 |
2006-08-09 | CVE-2006-3438 | Microsoft | Remote Buffer Overflow vulnerability in Microsoft Hyperlink Object Library Function Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability." | 9.3 |
53 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-08-09 | CVE-2006-3648 | Microsoft | Remote Code Execution vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception." | 7.6 |
2006-08-07 | CVE-2006-4013 | Symantec | Path Traversal vulnerability in Symantec Brightmail Antispam Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in (1) DATABLOB-GET and (2) DATABLOB-SAVE requests. | 7.6 |
2006-08-11 | CVE-2006-4085 | Olaf Noehring | Remote Security vulnerability in The Search Engine Project PHP remote file inclusion vulnerability in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to pagenavigation.php, a different vector than CVE-2006-4055. | 7.5 |
2006-08-11 | CVE-2006-4083 | Mywebland | Remote Security vulnerability in Myevent 1.2/1.3 PHP remote file inclusion vulnerability in viewevent.php in myWebland myEvent 1.x allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter, a different vector than CVE-2006-4040. | 7.5 |
2006-08-11 | CVE-2006-4081 | Barracuda Networks | Multiple vulnerability in Barracuda Networks Spam Firewall 3.3.01.001/3.3.03.053 preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. | 7.5 |
2006-08-11 | CVE-2006-4078 | Deluxebb | Unspecified vulnerability in Deluxebb 1.08 pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter. | 7.5 |
2006-08-11 | CVE-2006-4073 | Phpcc | Remote File Include vulnerability in PHPcc Beta4.2 Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz phpCC Beta 4.2 allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) login.php, (2) reactivate.php, or (3) register.php. | 7.5 |
2006-08-10 | CVE-2006-4064 | Yenerturk | SQL Injection vulnerability in Yenerturk Haber Script 1.0/2.0 SQL injection vulnerability in default.asp in YenerTurk Haber Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2006-08-10 | CVE-2006-4063 | Csaba Godor | Remote Security vulnerability in Csaba Godor Sapid Blog Beta 2 Initial Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_blog_infochannel.inc.php, (b) usr/extensions/get_blog_meta_info.inc.php, or (c) usr/extensions/get_infochannel.inc.php; or the (2) GLOBALS[root_path] parameter to (d) usr/extensions/get_tree.inc.php. | 7.5 |
2006-08-10 | CVE-2006-4060 | WEB Scripts | Remote File Include vulnerability in Web-Scripts Visual Events Calendar 1.1 PHP remote file inclusion vulnerability in calendar.php in Visual Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_dir parameter. | 7.5 |
2006-08-10 | CVE-2006-4059 | Usolved | Remote File Include vulnerability in Usolved Newsolved Lite 1.9.2 Multiple PHP remote file inclusion vulnerabilities in USOLVED NEWSolved Lite 1.9.2, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) newsscript_lyt.php, (2) newsticker/newsscript_get.php, (3) inc/output/news_theme1.php, (4) inc/output/news_theme2.php, or (5) inc/output/news_theme3.php. | 7.5 |
2006-08-10 | CVE-2006-4057 | Mitch Murray | Remote Buffer Overflow vulnerability in Mitch Murray Eremove 1.4 Buffer overflow in the preview_create function in gui.cpp in Mitch Murray Eremove 1.4 allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a large email attachment. | 7.5 |
2006-08-10 | CVE-2006-4056 | THE Address Book THE Address Book Reloaded | SQL Injection vulnerability in The Address Book Login Page Multiple SQL injection vulnerabilities in the authentication process in katzlbt (a) The Address Book 1.04e and earlier and (b) The Address Book Reloaded before 2.0-rc4 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. | 7.5 |
2006-08-10 | CVE-2006-4055 | Tsep | Remote File Include vulnerability in TSEP Colorswitch.PHP Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to (1) include/colorswitch.php, (2) contentimages.class.php, (3) ipfunctions.php, (4) configfunctions.php, (5) printpagedetails.php, or (6) log.class.php. | 7.5 |
2006-08-10 | CVE-2006-4054 | Ehmig | Remote Security vulnerability in Ehmig ME Download System 1.3 Multiple PHP remote file inclusion vulnerabilities in ME Download System 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) Vb8878b936c2bd8ae0cab parameter to (a) inc/sett_style.php or (b) inc/sett_smilies.php; or the (2) Vb6c4d0e18a204a63b38f, (3) V18a78b93c3adaaae84e2, or (4) V9ae5d2ca9e9e787969ff parameters to (c) inc/datei.php. | 7.5 |
2006-08-10 | CVE-2006-4052 | Turnkey WEB Tools | Remote Security vulnerability in [Extra BID] Php Simple Shop Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Simple Shop 2.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) admin/index.php, (2) admin/adminindex.php, (3) admin/adminglobal.php, (4) admin/login.php, (5) admin/menu.php or (6) admin/header.php. | 7.5 |
2006-08-10 | CVE-2006-4051 | Turnkey WEB Tools | Remote File Include vulnerability in PHP Live Helper Global.PHP PHP remote file inclusion vulnerability in global.php in Turnkey Web Tools PHP Live Helper 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter. | 7.5 |
2006-08-10 | CVE-2006-4050 | David Walker | Remote File Include vulnerability in PHPAutoMembersArea Auto_Check_Renewals.PHP PHP remote file inclusion vulnerability in auto_check_renewals.php in phpAutoMembersArea (phpAMA) 3.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter. | 7.5 |
2006-08-09 | CVE-2006-4048 | Netious CMS | Unspecified vulnerability in Netious CMS Netious CMS 0.4 Netious CMS 0.4 initializes session IDs based on the client IP address, which allows remote attackers to gain access to the administration section when originating from the same IP address as the administrator. | 7.5 |
2006-08-09 | CVE-2006-4047 | Netious CMS | SQL Injection vulnerability in Netious CMS Username Parameter SQL injection vulnerability in index.php in Netious CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2006-08-09 | CVE-2006-4046 | Open Cubic Player | Buffer Overflow vulnerability in Open Cubic Player Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function. | 7.5 |
2006-08-09 | CVE-2006-4045 | Torbstoff | Remote File Include vulnerability in Torbstoff News 4 PHP remote file inclusion vulnerability in news.php in Torbstoff News 4 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter. | 7.5 |
2006-08-09 | CVE-2006-4044 | Brad Fears | Remote File Include vulnerability in PHPCodeCabinet Core.PHP PHP remote file inclusion vulnerability in Beautifier/Core.php in Brad Fears phpCodeCabinet 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the BEAUT_PATH parameter. | 7.5 |
2006-08-09 | CVE-2006-4042 | Mywebland | SQL Injection vulnerability in Mywebland Mybloggie Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters. | 7.5 |
2006-08-09 | CVE-2006-4041 | Pike | SQL Injection vulnerability in Pike SQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors. | 7.5 |
2006-08-09 | CVE-2006-4040 | Mywebland | Remote File Include vulnerability in myEvent Myevent.PHP PHP remote file inclusion vulnerability in myevent.php in myWebland myEvent 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter. | 7.5 |
2006-08-09 | CVE-2006-4039 | Chaossoft | SQL Injection vulnerability in Chaossoft Gaestechaos Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) gastname, (2) gastwohnort, or (3) gasteintrag parameters. | 7.5 |
2006-08-09 | CVE-2006-4036 | Zonemetrics | Remote File Include vulnerability in ZoneX Usercp_Register.PHP PHP remote file inclusion vulnerability in includes/usercp_register.php in ZoneMetrics ZoneX Publishers Gold Edition 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
2006-08-09 | CVE-2006-4035 | Counterchaos | SQL Injection vulnerability in Counterchaos 0.48C SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header. | 7.5 |
2006-08-09 | CVE-2006-4034 | Moderngigabyte | Remote File Include vulnerability in Moderngigabyte Modernbill 1.6 PHP remote file inclusion vulnerability in include/html/config.php in ModernGigabyte ModernBill 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the DIR parameter. | 7.5 |
2006-08-09 | CVE-2006-4029 | Ageet | Buffer Overflow vulnerability in AGEphone SIP Packet Handling Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 allows remote attackers to execute arbitrary code via a crafted UDP SIP packet. | 7.5 |
2006-08-09 | CVE-2006-4026 | Redgraphic | Code Injection vulnerability in Redgraphic Sapid CMS 1.2.3 PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter in usr/extensions/get_infochannel.inc.php and the (2) GLOBALS["root_path"] parameter in usr/extensions/get_tree.inc.php. | 7.5 |
2006-08-09 | CVE-2006-4025 | Xennobb | SQL Injection vulnerability in XennoBB Profile.PHP SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year parameters in the personal section. | 7.5 |
2006-08-09 | CVE-2006-4024 | Festalon | Remote Heap Buffer Overflow vulnerability in Festalon 0.5.0 The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr value in a HES file, which is used as an offset in a memcpy operation and leads to a buffer underflow. | 7.5 |
2006-08-09 | CVE-2006-3639 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability." | 7.5 |
2006-08-09 | CVE-2006-3449 | Microsoft | Remote Code Execution vulnerability in Microsoft Powerpoint Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability." | 7.5 |
2006-08-09 | CVE-2006-3444 | Microsoft | Local Privilege Escalation vulnerability in Microsoft Windows 2000 Kernel Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer." | 7.5 |
2006-08-08 | CVE-2006-3638 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability." | 7.5 |
2006-08-08 | CVE-2006-3586 | Jetbox | Input Validation vulnerability in Jetbox CMS 2.1Sr1 SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) view parameter in index.php, and the (3) login parameter in admin/cms/index.php. | 7.5 |
2006-08-08 | CVE-2006-3584 | Jetbox | Input Validation vulnerability in Jetbox Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables. | 7.5 |
2006-08-08 | CVE-2006-3583 | Jetbox | Improper Authentication vulnerability in Jetbox CMS 2.1Sr1 Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the administrator section. | 7.5 |
2006-08-08 | CVE-2006-3451 | Microsoft | Improper Input Validation vulnerability in Microsoft IE 5.0/6 Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
2006-08-08 | CVE-2006-3450 | Microsoft | Improper Input Validation vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file. | 7.5 |
2006-08-08 | CVE-2006-3862 | IBM | Multiple vulnerability in IBM Informix Dynamic Server Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable). | 7.5 |
2006-08-08 | CVE-2006-4018 | Clamav | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Clamav Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values. | 7.5 |
2006-08-07 | CVE-2006-4010 | Vwar | SQL Injection vulnerability in Vwar Virtual WAR 1.5.0 SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 |
2006-08-07 | CVE-2006-4008 | Knusperleicht | Remote File Include vulnerability in Knusperleicht FAQ 1.0 PHP remote file inclusion vulnerability in index.php in Knusperleicht Faq 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the faq_path parameter. | 7.5 |
2006-08-07 | CVE-2006-4007 | Knusperleicht | Remote File Include vulnerability in Knusperleicht Guestbook 3.5 PHP remote file inclusion vulnerability in index.php in Knusperleicht Guestbook 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the GB_PATH parameter. | 7.5 |
2006-08-11 | CVE-2006-4082 | Barracuda Networks | Local Security vulnerability in Barracuda Networks Barracuda Spam Firewall 3.3.03.053 Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges. | 7.2 |
2006-08-09 | CVE-2006-3979 | Macromedia | Authentication Bypass vulnerability in Macromedia Coldfusion 7.0/7.02 The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator. | 7.2 |
2006-08-09 | CVE-2006-3084 | Heimdal MIT | Permissions, Privileges, and Access Controls vulnerability in multiple products The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. | 7.2 |
2006-08-09 | CVE-2006-3083 | Heimdal MIT | Resource Management Errors vulnerability in multiple products The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion. | 7.2 |
2006-08-09 | CVE-2006-3443 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows 2000 Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability." | 7.2 |
49 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-08-11 | CVE-2006-4079 | Deluxebb | Cross-Site Scripting vulnerability in DeluxeBB Newpost.PHP Cross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB 1.08, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the subject parameter (aka the topic title field). | 6.8 |
2006-08-10 | CVE-2006-4058 | Simplog | Cross-Site Scripting vulnerability in Simplog Cross-site scripting (XSS) vulnerability in archive.php in Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyw parameter when performing a search. | 6.8 |
2006-08-11 | CVE-2006-4072 | Club Nuke | SQL-Injection vulnerability in Club-Nuke 2.0Lcid2048 Multiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0 LCID 2048 allow remote attackers to execute arbitrary SQL commands via the (1) haber_id parameter to haber_detay.asp, and allow remote authenticated users to execute arbitrary SQL commands via the (2) menu_id parameter to menu.asp. | 6.5 |
2006-08-08 | CVE-2006-3857 | IBM | Multiple vulnerability in IBM Informix Dynamic Server Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, (c) _sq_remperms, (d) _sq_distfetch, and (e) _sq_dcatalog; and the (2) SET DEBUG FILE, (3) IFX_FILE_TO_FILE, (4) FILETOCLOB, (5) LOTOFILE, and (6) DBINFO functions (product defect IDs 171649, 171367, 171387, 171391, 171906, 172179). | 6.5 |
2006-08-08 | CVE-2006-3855 | IBM | Multiple vulnerability in IBM Informix Dynamic Server The ifx_load_internal function in IBM Informix Dynamic Server (IDS) allows remote authenticated users to execute arbitrary C code via the DllMain or _init function in a library, aka "C code UDR." This vulnerability is addressed in the following product releases: IBM, Informix IDS, 9.40 xC7 IBM, Informix IDS, 10.00 xC4 | 6.5 |
2006-08-11 | CVE-2006-4019 | Squirrelmail | Information Disclosure and Data Modification vulnerability in SquirrelMail Compose.PHP Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users. | 6.4 |
2006-08-07 | CVE-2006-4004 | Vbportal | Local File inclusion vulnerability in VBPortal BBVBPLang Parameter Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php. | 6.4 |
2006-08-09 | CVE-2006-3643 | Microsoft | Cross-Site Scripting vulnerability in Microsoft IE and Internet Explorer Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability." | 6.0 |
2006-08-11 | CVE-2006-4076 | WIM Fleischhauer | Remote Security vulnerability in WIM Fleischhauer Docpile WE 0.2.2 Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/access.inc.php, (2) lib/folders.inc.php, (3) lib/init.inc.php or (4) lib/templates.inc.php. | 5.1 |
2006-08-11 | CVE-2006-4075 | WIM Fleischhauer | Remote File Include vulnerability in Docpile 'Init_path' Parameter Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/folder.class.php, (2) lib/email.inc.php, (3) lib/document.class.php or (4) lib/auth.inc.php. | 5.1 |
2006-08-10 | CVE-2006-4070 | Imendio Planner | Remote Format String vulnerability in Imendio Planner Imendio Planner 0.13 Format string vulnerability in Imendio Planner 0.13 allows user-assisted attackers to execute arbitrary code via format string specifiers in a filename. | 5.1 |
2006-08-10 | CVE-2006-4065 | Dmitry Sheiko | Remote Security vulnerability in Sapid Gallery Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko SAPID Gallery 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_calendar.inc.php or the (2) GLOBALS[root_path] parameter to (b) usr/extensions/get_tree.inc.php. | 5.1 |
2006-08-10 | CVE-2006-4062 | Dmitry Sheiko | Remote Security vulnerability in Sapid Shop PHP remote file inclusion vulnerability in usr/extensions/get_tree.inc.php in Dmitry Sheiko SAPID Shop 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_path] parameter. | 5.1 |
2006-08-10 | CVE-2006-4053 | Ehmig | Remote File Include vulnerability in Ehmig ME Download System 1.3 PHP remote file inclusion vulnerability in templates/header.php in ME Download System 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the Vb8878b936c2bd8ae0cab parameter. | 5.1 |
2006-08-09 | CVE-2006-4033 | Lhaplus | Buffer Overflow vulnerability in Lhaplus 1.52 Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LZH archive with a long header, as specified by the extendedHeaderSize. | 5.1 |
2006-08-09 | CVE-2006-3649 | Microsoft | Buffer Overflow vulnerability in Microsoft Visual Basic 6.2/6.3/6.4 Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents. | 5.1 |
2006-08-08 | CVE-2006-3637 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." | 5.1 |
2006-08-08 | CVE-2006-3853 | IBM | Multiple vulnerability in IBM Informix Dynamic Server Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username. | 5.1 |
2006-08-07 | CVE-2006-4012 | Savewebportal | Remote File Include vulnerability in Savewebportal 3.4 Multiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb Portal 3.4 allow remote attackers to execute arbitrary PHP code via a URL in the SITE_Path parameter to (1) poll/poll.php or (2) poll/view_polls.php. | 5.1 |
2006-08-11 | CVE-2006-4089 | Andy LO A FOE | Buffer Overflow vulnerability in AlsaPlayer Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c. | 5.0 |
2006-08-10 | CVE-2006-4068 | Pswd JS | Credentials Management vulnerability in Pswd.Js The pswd.js script relies on the client to calculate whether a username and password match hard-coded hashed values for a server, and uses a hashing scheme that creates a large number of collisions, which makes it easier for remote attackers to conduct offline brute force attacks. | 5.0 |
2006-08-09 | CVE-2006-4043 | Mywebland | Information Disclosure vulnerability in myBloggie index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message. | 5.0 |
2006-08-09 | CVE-2006-4032 | Cisco | Information Disclosure vulnerability in Cisco Callmanager Express 3.0 Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417. | 5.0 |
2006-08-09 | CVE-2006-3122 | ISC | Resource Management Errors vulnerability in ISC Dhcpd 2.0.Pl5/2.0Pl5 The supersede_lease function in memory.c in ISC DHCP (dhcpd) server 2.0pl5 allows remote attackers to cause a denial of service (application crash) via a DHCPDISCOVER packet with a 32 byte client-identifier, which causes the packet to be interpreted as a corrupt uid and causes the server to exit with "corrupt lease uid." | 5.0 |
2006-08-09 | CVE-2006-4023 | PHP | SQL-Injection vulnerability in PHP 4.3.3/5.0.2/5.1.4 The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. | 5.0 |
2006-08-09 | CVE-2006-3640 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability." | 5.0 |
2006-08-07 | CVE-2006-4015 | HP | Denial of Service vulnerability in HP products Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with software before K.11.33 allow remote attackers to cause a denial of service (possibly memory leak or system crash) via unknown vectors. | 5.0 |
2006-08-07 | CVE-2006-4014 | Symantec | Multiple vulnerability in Symantec Brightmail AntiSpam Control Center Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) "by sending invalid posts". | 5.0 |
2006-08-07 | CVE-2006-4006 | Bomberclone | Information Exposure vulnerability in Bomberclone 0.11.3/0.11.4/0.11.5 The do_gameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory. | 5.0 |
2006-08-07 | CVE-2006-4005 | Bomberclone | Remote vulnerability in Bomberclone BomberClone 0.11.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via (1) a certain malformed PKGF_ackreq packet, which triggers a crash in the rscache_add() function in pkgcache.c; and (2) an error packet, which is intended to be received by clients and force client shutdown, but also triggers server shutdown. | 5.0 |
2006-08-07 | CVE-2006-4003 | Hobbit Monitor | Information Disclosure vulnerability in Hobbit Monitor Config The config method in Henrik Storner Hobbit monitor before 4.1.2p2 permits access to files outside of the intended configuration directory, which allows remote attackers to obtain sensitive information via requests to the hobbitd daemon on port 1984/tcp. | 5.0 |
2006-08-09 | CVE-2006-4022 | Intel | Local Privilege Escalation vulnerability in Intel 2100 Proset Wireless 7.1.4.5 Intel 2100 PRO/Wireless Network Connection driver PROSet before 7.1.4.6 allows local users to corrupt memory and execute code via "requests for capabilities from higher-level protocol drivers or user-level applications" involving crafted frames, a different issue than CVE-2006-3992. | 4.6 |
2006-08-08 | CVE-2006-3114 | PC Tools | Local Privilege Escalation vulnerability in PC Tools PC Tools Antivirus 2.1 PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the "PC Tools AntiVirus" directory, which allows local users to gain privileges and execute commands. | 4.6 |
2006-08-11 | CVE-2006-4091 | Archangelmgt | HTML Injection vulnerability in Archangelmgt Weblog 0.90.02 Multiple cross-site scripting (XSS) vulnerabilities in Archangel Management Archangel Weblog 0.90.02 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Comment section. | 4.3 |
2006-08-11 | CVE-2006-4090 | Webligo | Cross-Site Scripting vulnerability in Webligo Bloghoster 2.2 Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 allows remote attackers to inject arbitrary web script or HTML via the "From: part of the comment post," probably involving the nickname parameter to previewcomment.php. | 4.3 |
2006-08-11 | CVE-2006-4088 | Civicspace | HTML Injection vulnerability in Civicspace 0.8.5 Multiple cross-site scripting (XSS) vulnerabilities in CivicSpace 0.8.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject, (2) Comment, and (3) Add new comment sections. | 4.3 |
2006-08-11 | CVE-2006-4087 | Mojoscripts | Cross-Site Scripting vulnerability in mojoGallery Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via the username parameter. | 4.3 |
2006-08-11 | CVE-2006-4086 | Ozjournals | Cross-Site Scripting vulnerability in Ozjournals 1.5 Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. | 4.3 |
2006-08-11 | CVE-2006-3818 | Novell | HTML Injection Scripting vulnerability in Novell Groupwise Webaccess 6.5/7 Cross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter. | 4.3 |
2006-08-11 | CVE-2006-3817 | Novell | HTML Injection Scripting vulnerability in Novell Groupwise Webaccess 6.5/7 Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the "+ADw-SCRIPT+AD4-" sequence. | 4.3 |
2006-08-10 | CVE-2006-4069 | Ozjournals | Input Validation vulnerability in Ozjournals 1.5 Multiple cross-site scripting (XSS) vulnerabilities in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) m and (2) c parameters in index.php, (3) a search action, and (4) a "submit comment" action. | 4.3 |
2006-08-10 | CVE-2006-4067 | Cakefoundation | Cross-Site Scripting vulnerability in Cakefoundation Cakephp Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 ("Not Found") error page. | 4.3 |
2006-08-09 | CVE-2006-4038 | Chaossoft | Cross-Site Scripting vulnerability in Chaossoft Gaestechaos Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gastname or (2) gastwohnort parameters. | 4.3 |
2006-08-08 | CVE-2006-3585 | Jetbox | Input Validation vulnerability in Jetbox CMS 2.1Sr1 Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the (1) login parameter in admin/cms/index.php, (2) unspecified parameters in the "Supply news" page in formmail.php, (3) the URL in the "Site statistics" page, and the (5) query_string parameter when performing a search. | 4.3 |
2006-08-07 | CVE-2006-4017 | Inter Network Marketing AG | HTML Injection vulnerability in G3 Content Management Framework Cross-site scripting (XSS) vulnerability in the search module in Inter Network Marketing (INM) CMS G3 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter. | 4.3 |
2006-08-07 | CVE-2006-4016 | Toenda Software Development | Cross-Site Scripting vulnerability in ToendaCMS Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS stable 1.0.3 and earlier, and unstable 1.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via the s parameter. | 4.3 |
2006-08-07 | CVE-2006-4009 | Vwar | Input Validation vulnerability in Vwar Virtual WAR 1.5.0 Cross-site scripting (XSS) vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 4.3 |
2006-08-07 | CVE-2006-4002 | Drupal | Cross-Site Scripting vulnerability in Drupal User.Module Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | 4.3 |
2006-08-08 | CVE-2006-3861 | IBM | Multiple vulnerability in IBM Informix Dynamic Server IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases. | 4.0 |
11 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-08-11 | CVE-2006-4092 | Simpliciti | Unspecified vulnerability in Simpliciti Locked Browser Simpliciti Locked Browser does not properly limit a user's actions to ones within the intended Internet Explorer environment, which allows local users to perform unauthorized actions by visiting a web site that executes a JavaScript window.blur loop to remove focus from the browser window, then pressing CTRL-SHIFT-ESC to invoke the Task Manager. | 3.6 |
2006-08-11 | CVE-2006-4080 | Deluxebb | Cross-Site Scripting vulnerability in DeluxeBB DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 hash of a password, which allows remote attackers to gain privileges by sniffing or cross-site scripting (XSS) and conduct password guessing attacks. | 2.6 |
2006-08-10 | CVE-2006-4071 | Microsoft | Remote Denial of Service vulnerability in Microsoft Windows 2003 Server and Windows XP Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file. | 2.6 |
2006-08-10 | CVE-2006-4066 | Microsoft | Denial Of Service vulnerability in Microsoft Windows Graphical Device Interface Plus Library The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messenger, and (3) .jpg file that crashes Internet Explorer. | 2.6 |
2006-08-07 | CVE-2006-4011 | Kayako | Remote File Include vulnerability in Kayako Esupport 2.3/2.3.1 PHP remote file inclusion vulnerability in esupport/admin/autoclose.php in Kayako eSupport 2.3.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the subd parameter. | 2.6 |
2006-08-11 | CVE-2006-3813 | Redhat | Unspecified vulnerability in Redhat Enterprise Linux 4.0 A regression error in the Perl package for Red Hat Enterprise Linux 4 omits the patch for CVE-2005-0155, which allows local users to overwrite arbitrary files with debugging information. | 2.1 |
2006-08-09 | CVE-2006-4049 | SUN | Local Arbitrary File Overwrite vulnerability in SUN RAY Server Software 3.0 Unspecified vulnerability in the utxconfig utility in Sun Ray Server Software 3.x allows local users to create or overwrite arbitrary files via unknown attack vectors. | 2.1 |
2006-08-09 | CVE-2006-4031 | Mysql Oracle | MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy. | 2.1 |
2006-08-08 | CVE-2006-3858 | IBM | Multiple vulnerability in IBM Informix Dynamic Server IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772). | 2.1 |
2006-08-08 | CVE-2006-3856 | IBM | Denial-Of-Service vulnerability in Informix IDS IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors. | 2.1 |
2006-08-07 | CVE-2006-3123 | Matt Blaze | Local Denial Of Service vulnerability in Matt Blaze Cryptographic File System 1.4.1 Multiple integer overflows in the (1) dodecrypt and (2) doencrypt functions in cfs_fh.c in cfsd in Matt Blaze Cryptographic File System (CFS) 1.4.1 before Debian GNU/Linux package 1.4.1-17 allow local users to cause a denial of service (daemon crash) by appending data to a file that is larger than 2 Gb. | 2.1 |