Weekly Vulnerabilities Reports > August 7 to 13, 2006

Overview

120 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 53 high severity vulnerabilities. This weekly summary report vulnerabilities in 91 products from 77 vendors including Microsoft, IBM, Mywebland, Jetbox, and Deluxebb. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Resource Management Errors", "Permissions, Privileges, and Access Controls", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 106 reported vulnerabilities are remotely exploitables.
  • 22 reported vulnerabilities have public exploit available.
  • 9 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 115 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 18 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

7 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-08-11 CVE-2006-4084 David Walker Remote Security vulnerability in Phpautomembersarea

Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 has unknown impact and attack vectors, related to "a potential security exploit which is critical." Upgrade to 3.2.4

10.0
2006-08-09 CVE-2006-4037 Fenestrae Command Execution vulnerability in Fenestrae Faxination Server 4.0/5.0/6.0

Unspecified vulnerability in Fenestrae Faxination Server allows remote attackers to execute arbitrary code via a crafted packet.

10.0
2006-08-09 CVE-2006-4028 Wordpress Remote Security vulnerability in WordPress

Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors.

10.0
2006-08-09 CVE-2006-3441 Microsoft Buffer Overrun vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response.

10.0
2006-08-09 CVE-2006-3440 Microsoft Buffer Overflow vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."

10.0
2006-08-09 CVE-2006-3439 Microsoft Remote Buffer Overflow vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.

10.0
2006-08-09 CVE-2006-3438 Microsoft Remote Buffer Overflow vulnerability in Microsoft Hyperlink Object Library Function

Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability."

9.3

53 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-08-09 CVE-2006-3648 Microsoft Remote Code Execution vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."

7.6
2006-08-07 CVE-2006-4013 Symantec Path Traversal vulnerability in Symantec Brightmail Antispam

Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in (1) DATABLOB-GET and (2) DATABLOB-SAVE requests.

7.6
2006-08-11 CVE-2006-4085 Olaf Noehring Remote Security vulnerability in The Search Engine Project

PHP remote file inclusion vulnerability in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to pagenavigation.php, a different vector than CVE-2006-4055.

7.5
2006-08-11 CVE-2006-4083 Mywebland Remote Security vulnerability in Myevent 1.2/1.3

PHP remote file inclusion vulnerability in viewevent.php in myWebland myEvent 1.x allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter, a different vector than CVE-2006-4040.

7.5
2006-08-11 CVE-2006-4081 Barracuda Networks Multiple vulnerability in Barracuda Networks Spam Firewall 3.3.01.001/3.3.03.053

preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter.

7.5
2006-08-11 CVE-2006-4078 Deluxebb Unspecified vulnerability in Deluxebb 1.08

pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter.

7.5
2006-08-11 CVE-2006-4073 Phpcc Remote File Include vulnerability in PHPcc Beta4.2

Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz phpCC Beta 4.2 allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) login.php, (2) reactivate.php, or (3) register.php.

7.5
2006-08-10 CVE-2006-4064 Yenerturk SQL Injection vulnerability in Yenerturk Haber Script 1.0/2.0

SQL injection vulnerability in default.asp in YenerTurk Haber Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-08-10 CVE-2006-4063 Csaba Godor Remote Security vulnerability in Csaba Godor Sapid Blog Beta 2 Initial

Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_blog_infochannel.inc.php, (b) usr/extensions/get_blog_meta_info.inc.php, or (c) usr/extensions/get_infochannel.inc.php; or the (2) GLOBALS[root_path] parameter to (d) usr/extensions/get_tree.inc.php.

7.5
2006-08-10 CVE-2006-4060 WEB Scripts Remote File Include vulnerability in Web-Scripts Visual Events Calendar 1.1

PHP remote file inclusion vulnerability in calendar.php in Visual Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_dir parameter.

7.5
2006-08-10 CVE-2006-4059 Usolved Remote File Include vulnerability in Usolved Newsolved Lite 1.9.2

Multiple PHP remote file inclusion vulnerabilities in USOLVED NEWSolved Lite 1.9.2, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) newsscript_lyt.php, (2) newsticker/newsscript_get.php, (3) inc/output/news_theme1.php, (4) inc/output/news_theme2.php, or (5) inc/output/news_theme3.php.

7.5
2006-08-10 CVE-2006-4057 Mitch Murray Remote Buffer Overflow vulnerability in Mitch Murray Eremove 1.4

Buffer overflow in the preview_create function in gui.cpp in Mitch Murray Eremove 1.4 allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a large email attachment.

7.5
2006-08-10 CVE-2006-4056 THE Address Book
THE Address Book Reloaded
SQL Injection vulnerability in The Address Book Login Page

Multiple SQL injection vulnerabilities in the authentication process in katzlbt (a) The Address Book 1.04e and earlier and (b) The Address Book Reloaded before 2.0-rc4 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.

7.5
2006-08-10 CVE-2006-4055 Tsep Remote File Include vulnerability in TSEP Colorswitch.PHP

Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to (1) include/colorswitch.php, (2) contentimages.class.php, (3) ipfunctions.php, (4) configfunctions.php, (5) printpagedetails.php, or (6) log.class.php.

7.5
2006-08-10 CVE-2006-4054 Ehmig Remote Security vulnerability in Ehmig ME Download System 1.3

Multiple PHP remote file inclusion vulnerabilities in ME Download System 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) Vb8878b936c2bd8ae0cab parameter to (a) inc/sett_style.php or (b) inc/sett_smilies.php; or the (2) Vb6c4d0e18a204a63b38f, (3) V18a78b93c3adaaae84e2, or (4) V9ae5d2ca9e9e787969ff parameters to (c) inc/datei.php.

7.5
2006-08-10 CVE-2006-4052 Turnkey WEB Tools Remote Security vulnerability in [Extra BID] Php Simple Shop

Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Simple Shop 2.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) admin/index.php, (2) admin/adminindex.php, (3) admin/adminglobal.php, (4) admin/login.php, (5) admin/menu.php or (6) admin/header.php.

7.5
2006-08-10 CVE-2006-4051 Turnkey WEB Tools Remote File Include vulnerability in PHP Live Helper Global.PHP

PHP remote file inclusion vulnerability in global.php in Turnkey Web Tools PHP Live Helper 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter.

7.5
2006-08-10 CVE-2006-4050 David Walker Remote File Include vulnerability in PHPAutoMembersArea Auto_Check_Renewals.PHP

PHP remote file inclusion vulnerability in auto_check_renewals.php in phpAutoMembersArea (phpAMA) 3.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter.

7.5
2006-08-09 CVE-2006-4048 Netious CMS Unspecified vulnerability in Netious CMS Netious CMS 0.4

Netious CMS 0.4 initializes session IDs based on the client IP address, which allows remote attackers to gain access to the administration section when originating from the same IP address as the administrator.

7.5
2006-08-09 CVE-2006-4047 Netious CMS SQL Injection vulnerability in Netious CMS Username Parameter

SQL injection vulnerability in index.php in Netious CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2006-08-09 CVE-2006-4046 Open Cubic Player Buffer Overflow vulnerability in Open Cubic Player

Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function.

7.5
2006-08-09 CVE-2006-4045 Torbstoff Remote File Include vulnerability in Torbstoff News 4

PHP remote file inclusion vulnerability in news.php in Torbstoff News 4 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter.

7.5
2006-08-09 CVE-2006-4044 Brad Fears Remote File Include vulnerability in PHPCodeCabinet Core.PHP

PHP remote file inclusion vulnerability in Beautifier/Core.php in Brad Fears phpCodeCabinet 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the BEAUT_PATH parameter.

7.5
2006-08-09 CVE-2006-4042 Mywebland SQL Injection vulnerability in Mywebland Mybloggie

Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters.

7.5
2006-08-09 CVE-2006-4041 Pike SQL Injection vulnerability in Pike

SQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors.

7.5
2006-08-09 CVE-2006-4040 Mywebland Remote File Include vulnerability in myEvent Myevent.PHP

PHP remote file inclusion vulnerability in myevent.php in myWebland myEvent 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter.

7.5
2006-08-09 CVE-2006-4039 Chaossoft SQL Injection vulnerability in Chaossoft Gaestechaos

Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) gastname, (2) gastwohnort, or (3) gasteintrag parameters.

7.5
2006-08-09 CVE-2006-4036 Zonemetrics Remote File Include vulnerability in ZoneX Usercp_Register.PHP

PHP remote file inclusion vulnerability in includes/usercp_register.php in ZoneMetrics ZoneX Publishers Gold Edition 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

7.5
2006-08-09 CVE-2006-4035 Counterchaos SQL Injection vulnerability in Counterchaos 0.48C

SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.

7.5
2006-08-09 CVE-2006-4034 Moderngigabyte Remote File Include vulnerability in Moderngigabyte Modernbill 1.6

PHP remote file inclusion vulnerability in include/html/config.php in ModernGigabyte ModernBill 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the DIR parameter.

7.5
2006-08-09 CVE-2006-4029 Ageet Buffer Overflow vulnerability in AGEphone SIP Packet Handling

Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 allows remote attackers to execute arbitrary code via a crafted UDP SIP packet.

7.5
2006-08-09 CVE-2006-4026 Redgraphic Code Injection vulnerability in Redgraphic Sapid CMS 1.2.3

PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter in usr/extensions/get_infochannel.inc.php and the (2) GLOBALS["root_path"] parameter in usr/extensions/get_tree.inc.php.

7.5
2006-08-09 CVE-2006-4025 Xennobb SQL Injection vulnerability in XennoBB Profile.PHP

SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year parameters in the personal section.

7.5
2006-08-09 CVE-2006-4024 Festalon Remote Heap Buffer Overflow vulnerability in Festalon 0.5.0

The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr value in a HES file, which is used as an offset in a memcpy operation and leads to a buffer underflow.

7.5
2006-08-09 CVE-2006-3639 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability."

7.5
2006-08-09 CVE-2006-3449 Microsoft Remote Code Execution vulnerability in Microsoft Powerpoint

Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."

7.5
2006-08-09 CVE-2006-3444 Microsoft Local Privilege Escalation vulnerability in Microsoft Windows 2000 Kernel

Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."

7.5
2006-08-08 CVE-2006-3638 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability."

7.5
2006-08-08 CVE-2006-3586 Jetbox Input Validation vulnerability in Jetbox CMS 2.1Sr1

SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) view parameter in index.php, and the (3) login parameter in admin/cms/index.php.

7.5
2006-08-08 CVE-2006-3584 Jetbox Input Validation vulnerability in Jetbox

Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables.

7.5
2006-08-08 CVE-2006-3583 Jetbox Improper Authentication vulnerability in Jetbox CMS 2.1Sr1

Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the administrator section.

7.5
2006-08-08 CVE-2006-3451 Microsoft Improper Input Validation vulnerability in Microsoft IE 5.0/6

Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors.

7.5
2006-08-08 CVE-2006-3450 Microsoft Improper Input Validation vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file.

7.5
2006-08-08 CVE-2006-3862 IBM Multiple vulnerability in IBM Informix Dynamic Server

Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable).

7.5
2006-08-08 CVE-2006-4018 Clamav Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Clamav

Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values.

7.5
2006-08-07 CVE-2006-4010 Vwar SQL Injection vulnerability in Vwar Virtual WAR 1.5.0

SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.

7.5
2006-08-07 CVE-2006-4008 Knusperleicht Remote File Include vulnerability in Knusperleicht FAQ 1.0

PHP remote file inclusion vulnerability in index.php in Knusperleicht Faq 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the faq_path parameter.

7.5
2006-08-07 CVE-2006-4007 Knusperleicht Remote File Include vulnerability in Knusperleicht Guestbook 3.5

PHP remote file inclusion vulnerability in index.php in Knusperleicht Guestbook 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the GB_PATH parameter.

7.5
2006-08-11 CVE-2006-4082 Barracuda Networks Local Security vulnerability in Barracuda Networks Barracuda Spam Firewall 3.3.03.053

Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges.

7.2
2006-08-09 CVE-2006-3979 Macromedia Authentication Bypass vulnerability in Macromedia Coldfusion 7.0/7.02

The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator.

7.2
2006-08-09 CVE-2006-3084 Heimdal
MIT
Permissions, Privileges, and Access Controls vulnerability in multiple products

The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges.

7.2
2006-08-09 CVE-2006-3083 Heimdal
MIT
Resource Management Errors vulnerability in multiple products

The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.

7.2
2006-08-09 CVE-2006-3443 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows 2000

Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."

7.2

49 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-08-11 CVE-2006-4079 Deluxebb Cross-Site Scripting vulnerability in DeluxeBB Newpost.PHP

Cross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB 1.08, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the subject parameter (aka the topic title field).

6.8
2006-08-10 CVE-2006-4058 Simplog Cross-Site Scripting vulnerability in Simplog

Cross-site scripting (XSS) vulnerability in archive.php in Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyw parameter when performing a search.

6.8
2006-08-11 CVE-2006-4072 Club Nuke SQL-Injection vulnerability in Club-Nuke 2.0Lcid2048

Multiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0 LCID 2048 allow remote attackers to execute arbitrary SQL commands via the (1) haber_id parameter to haber_detay.asp, and allow remote authenticated users to execute arbitrary SQL commands via the (2) menu_id parameter to menu.asp.

6.5
2006-08-08 CVE-2006-3857 IBM Multiple vulnerability in IBM Informix Dynamic Server

Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, (c) _sq_remperms, (d) _sq_distfetch, and (e) _sq_dcatalog; and the (2) SET DEBUG FILE, (3) IFX_FILE_TO_FILE, (4) FILETOCLOB, (5) LOTOFILE, and (6) DBINFO functions (product defect IDs 171649, 171367, 171387, 171391, 171906, 172179).

6.5
2006-08-08 CVE-2006-3855 IBM Multiple vulnerability in IBM Informix Dynamic Server

The ifx_load_internal function in IBM Informix Dynamic Server (IDS) allows remote authenticated users to execute arbitrary C code via the DllMain or _init function in a library, aka "C code UDR." This vulnerability is addressed in the following product releases: IBM, Informix IDS, 9.40 xC7 IBM, Informix IDS, 10.00 xC4

6.5
2006-08-11 CVE-2006-4019 Squirrelmail Information Disclosure and Data Modification vulnerability in SquirrelMail Compose.PHP

Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.

6.4
2006-08-07 CVE-2006-4004 Vbportal Local File inclusion vulnerability in VBPortal BBVBPLang Parameter

Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.

6.4
2006-08-09 CVE-2006-3643 Microsoft Cross-Site Scripting vulnerability in Microsoft IE and Internet Explorer

Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."

6.0
2006-08-11 CVE-2006-4076 WIM Fleischhauer Remote Security vulnerability in WIM Fleischhauer Docpile WE 0.2.2

Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/access.inc.php, (2) lib/folders.inc.php, (3) lib/init.inc.php or (4) lib/templates.inc.php.

5.1
2006-08-11 CVE-2006-4075 WIM Fleischhauer Remote File Include vulnerability in Docpile 'Init_path' Parameter

Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/folder.class.php, (2) lib/email.inc.php, (3) lib/document.class.php or (4) lib/auth.inc.php.

5.1
2006-08-10 CVE-2006-4070 Imendio Planner Remote Format String vulnerability in Imendio Planner Imendio Planner 0.13

Format string vulnerability in Imendio Planner 0.13 allows user-assisted attackers to execute arbitrary code via format string specifiers in a filename.

5.1
2006-08-10 CVE-2006-4065 Dmitry Sheiko Remote Security vulnerability in Sapid Gallery

Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko SAPID Gallery 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_calendar.inc.php or the (2) GLOBALS[root_path] parameter to (b) usr/extensions/get_tree.inc.php.

5.1
2006-08-10 CVE-2006-4062 Dmitry Sheiko Remote Security vulnerability in Sapid Shop

PHP remote file inclusion vulnerability in usr/extensions/get_tree.inc.php in Dmitry Sheiko SAPID Shop 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_path] parameter.

5.1
2006-08-10 CVE-2006-4053 Ehmig Remote File Include vulnerability in Ehmig ME Download System 1.3

PHP remote file inclusion vulnerability in templates/header.php in ME Download System 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the Vb8878b936c2bd8ae0cab parameter.

5.1
2006-08-09 CVE-2006-4033 Lhaplus Buffer Overflow vulnerability in Lhaplus 1.52

Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LZH archive with a long header, as specified by the extendedHeaderSize.

5.1
2006-08-09 CVE-2006-3649 Microsoft Buffer Overflow vulnerability in Microsoft Visual Basic 6.2/6.3/6.4

Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.

5.1
2006-08-08 CVE-2006-3637 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

5.1
2006-08-08 CVE-2006-3853 IBM Multiple vulnerability in IBM Informix Dynamic Server

Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username.

5.1
2006-08-07 CVE-2006-4012 Savewebportal Remote File Include vulnerability in Savewebportal 3.4

Multiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb Portal 3.4 allow remote attackers to execute arbitrary PHP code via a URL in the SITE_Path parameter to (1) poll/poll.php or (2) poll/view_polls.php.

5.1
2006-08-11 CVE-2006-4089 Andy LO A FOE Buffer Overflow vulnerability in AlsaPlayer

Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c.

5.0
2006-08-10 CVE-2006-4068 Pswd JS Credentials Management vulnerability in Pswd.Js

The pswd.js script relies on the client to calculate whether a username and password match hard-coded hashed values for a server, and uses a hashing scheme that creates a large number of collisions, which makes it easier for remote attackers to conduct offline brute force attacks.

5.0
2006-08-09 CVE-2006-4043 Mywebland Information Disclosure vulnerability in myBloggie

index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message.

5.0
2006-08-09 CVE-2006-4032 Cisco Information Disclosure vulnerability in Cisco Callmanager Express 3.0

Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417.

5.0
2006-08-09 CVE-2006-3122 ISC Resource Management Errors vulnerability in ISC Dhcpd 2.0.Pl5/2.0Pl5

The supersede_lease function in memory.c in ISC DHCP (dhcpd) server 2.0pl5 allows remote attackers to cause a denial of service (application crash) via a DHCPDISCOVER packet with a 32 byte client-identifier, which causes the packet to be interpreted as a corrupt uid and causes the server to exit with "corrupt lease uid."

5.0
2006-08-09 CVE-2006-4023 PHP SQL-Injection vulnerability in PHP 4.3.3/5.0.2/5.1.4

The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0.

5.0
2006-08-09 CVE-2006-3640 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."

5.0
2006-08-07 CVE-2006-4015 HP Denial of Service vulnerability in HP products

Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with software before K.11.33 allow remote attackers to cause a denial of service (possibly memory leak or system crash) via unknown vectors.

5.0
2006-08-07 CVE-2006-4014 Symantec Multiple vulnerability in Symantec Brightmail AntiSpam Control Center

Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) "by sending invalid posts".

5.0
2006-08-07 CVE-2006-4006 Bomberclone Information Exposure vulnerability in Bomberclone 0.11.3/0.11.4/0.11.5

The do_gameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory.

5.0
2006-08-07 CVE-2006-4005 Bomberclone Remote vulnerability in Bomberclone

BomberClone 0.11.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via (1) a certain malformed PKGF_ackreq packet, which triggers a crash in the rscache_add() function in pkgcache.c; and (2) an error packet, which is intended to be received by clients and force client shutdown, but also triggers server shutdown.

5.0
2006-08-07 CVE-2006-4003 Hobbit Monitor Information Disclosure vulnerability in Hobbit Monitor Config

The config method in Henrik Storner Hobbit monitor before 4.1.2p2 permits access to files outside of the intended configuration directory, which allows remote attackers to obtain sensitive information via requests to the hobbitd daemon on port 1984/tcp.

5.0
2006-08-09 CVE-2006-4022 Intel Local Privilege Escalation vulnerability in Intel 2100 Proset Wireless 7.1.4.5

Intel 2100 PRO/Wireless Network Connection driver PROSet before 7.1.4.6 allows local users to corrupt memory and execute code via "requests for capabilities from higher-level protocol drivers or user-level applications" involving crafted frames, a different issue than CVE-2006-3992.

4.6
2006-08-08 CVE-2006-3114 PC Tools Local Privilege Escalation vulnerability in PC Tools PC Tools Antivirus 2.1

PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the "PC Tools AntiVirus" directory, which allows local users to gain privileges and execute commands.

4.6
2006-08-11 CVE-2006-4091 Archangelmgt HTML Injection vulnerability in Archangelmgt Weblog 0.90.02

Multiple cross-site scripting (XSS) vulnerabilities in Archangel Management Archangel Weblog 0.90.02 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Comment section.

4.3
2006-08-11 CVE-2006-4090 Webligo Cross-Site Scripting vulnerability in Webligo Bloghoster 2.2

Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 allows remote attackers to inject arbitrary web script or HTML via the "From: part of the comment post," probably involving the nickname parameter to previewcomment.php.

4.3
2006-08-11 CVE-2006-4088 Civicspace HTML Injection vulnerability in Civicspace 0.8.5

Multiple cross-site scripting (XSS) vulnerabilities in CivicSpace 0.8.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject, (2) Comment, and (3) Add new comment sections.

4.3
2006-08-11 CVE-2006-4087 Mojoscripts Cross-Site Scripting vulnerability in mojoGallery

Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via the username parameter.

4.3
2006-08-11 CVE-2006-4086 Ozjournals Cross-Site Scripting vulnerability in Ozjournals 1.5

Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.

4.3
2006-08-11 CVE-2006-3818 Novell HTML Injection Scripting vulnerability in Novell Groupwise Webaccess 6.5/7

Cross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter.

4.3
2006-08-11 CVE-2006-3817 Novell HTML Injection Scripting vulnerability in Novell Groupwise Webaccess 6.5/7

Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the "+ADw-SCRIPT+AD4-" sequence.

4.3
2006-08-10 CVE-2006-4069 Ozjournals Input Validation vulnerability in Ozjournals 1.5

Multiple cross-site scripting (XSS) vulnerabilities in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) m and (2) c parameters in index.php, (3) a search action, and (4) a "submit comment" action.

4.3
2006-08-10 CVE-2006-4067 Cakefoundation Cross-Site Scripting vulnerability in Cakefoundation Cakephp

Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 ("Not Found") error page.

4.3
2006-08-09 CVE-2006-4038 Chaossoft Cross-Site Scripting vulnerability in Chaossoft Gaestechaos

Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gastname or (2) gastwohnort parameters.

4.3
2006-08-08 CVE-2006-3585 Jetbox Input Validation vulnerability in Jetbox CMS 2.1Sr1

Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the (1) login parameter in admin/cms/index.php, (2) unspecified parameters in the "Supply news" page in formmail.php, (3) the URL in the "Site statistics" page, and the (5) query_string parameter when performing a search.

4.3
2006-08-07 CVE-2006-4017 Inter Network Marketing AG HTML Injection vulnerability in G3 Content Management Framework

Cross-site scripting (XSS) vulnerability in the search module in Inter Network Marketing (INM) CMS G3 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter.

4.3
2006-08-07 CVE-2006-4016 Toenda Software Development Cross-Site Scripting vulnerability in ToendaCMS

Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS stable 1.0.3 and earlier, and unstable 1.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via the s parameter.

4.3
2006-08-07 CVE-2006-4009 Vwar Input Validation vulnerability in Vwar Virtual WAR 1.5.0

Cross-site scripting (XSS) vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3
2006-08-07 CVE-2006-4002 Drupal Cross-Site Scripting vulnerability in Drupal User.Module

Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

4.3
2006-08-08 CVE-2006-3861 IBM Multiple vulnerability in IBM Informix Dynamic Server

IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases.

4.0

11 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-08-11 CVE-2006-4092 Simpliciti Unspecified vulnerability in Simpliciti Locked Browser

Simpliciti Locked Browser does not properly limit a user's actions to ones within the intended Internet Explorer environment, which allows local users to perform unauthorized actions by visiting a web site that executes a JavaScript window.blur loop to remove focus from the browser window, then pressing CTRL-SHIFT-ESC to invoke the Task Manager.

3.6
2006-08-11 CVE-2006-4080 Deluxebb Cross-Site Scripting vulnerability in DeluxeBB

DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 hash of a password, which allows remote attackers to gain privileges by sniffing or cross-site scripting (XSS) and conduct password guessing attacks.

2.6
2006-08-10 CVE-2006-4071 Microsoft Remote Denial of Service vulnerability in Microsoft Windows 2003 Server and Windows XP

Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.

2.6
2006-08-10 CVE-2006-4066 Microsoft Denial Of Service vulnerability in Microsoft Windows Graphical Device Interface Plus Library

The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messenger, and (3) .jpg file that crashes Internet Explorer.

2.6
2006-08-07 CVE-2006-4011 Kayako Remote File Include vulnerability in Kayako Esupport 2.3/2.3.1

PHP remote file inclusion vulnerability in esupport/admin/autoclose.php in Kayako eSupport 2.3.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the subd parameter.

2.6
2006-08-11 CVE-2006-3813 Redhat Unspecified vulnerability in Redhat Enterprise Linux 4.0

A regression error in the Perl package for Red Hat Enterprise Linux 4 omits the patch for CVE-2005-0155, which allows local users to overwrite arbitrary files with debugging information.

2.1
2006-08-09 CVE-2006-4049 SUN Local Arbitrary File Overwrite vulnerability in SUN RAY Server Software 3.0

Unspecified vulnerability in the utxconfig utility in Sun Ray Server Software 3.x allows local users to create or overwrite arbitrary files via unknown attack vectors.

2.1
2006-08-09 CVE-2006-4031 Mysql
Oracle
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.
2.1
2006-08-08 CVE-2006-3858 IBM Multiple vulnerability in IBM Informix Dynamic Server

IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772).

2.1
2006-08-08 CVE-2006-3856 IBM Denial-Of-Service vulnerability in Informix IDS

IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors.

2.1
2006-08-07 CVE-2006-3123 Matt Blaze Local Denial Of Service vulnerability in Matt Blaze Cryptographic File System 1.4.1

Multiple integer overflows in the (1) dodecrypt and (2) doencrypt functions in cfs_fh.c in cfsd in Matt Blaze Cryptographic File System (CFS) 1.4.1 before Debian GNU/Linux package 1.4.1-17 allow local users to cause a denial of service (daemon crash) by appending data to a file that is larger than 2 Gb.

2.1