Weekly Vulnerabilities Reports > August 14 to 20, 2006
Overview
103 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 44 high severity vulnerabilities. This weekly summary report vulnerabilities in 85 products from 71 vendors including IBM, Drupal, HP, Microsoft, and ZEN Cart. Vulnerabilities are notably categorized as "Code Injection", "Resource Management Errors", "Permissions, Privileges, and Access Controls", "Information Exposure", and "SQL Injection".
- 95 reported vulnerabilities are remotely exploitables.
- 28 reported vulnerabilities have public exploit available.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 97 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 8 reported vulnerabilities.
- IBM has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-08-18 | CVE-2006-4221 | IBM | Remote Buffer Overflow vulnerability in IBM eGatherer ActiveX Stack-based buffer overflow in the IBM Access Support eGatherer ActiveX control before 3.20.0284.0 allows remote attackers to execute arbitrary code via a long filename parameter to the RunEgatherer method. | 9.3 |
2006-08-18 | CVE-2006-4228 | Symantec Veritas | Authentication Bypass vulnerability in Symantec Veritas Netbackup Puredisk Remote Office Edition 6.0 Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before MP1 20060816 allows remote attackers to bypass authentication and gain privileges via unknown attack vectors in the management interface. | 9.0 |
44 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-08-15 | CVE-2006-4143 | Netgear | Unspecified vulnerability in Netgear Fvg318 1.0.40 Netgear FVG318 running firmware 1.0.40 allows remote attackers to cause a denial of service (router reset) via TCP packets with bad checksums. | 7.8 |
2006-08-14 | CVE-2006-4138 | Microsoft | Remote vulnerability in RETIRED: Microsoft Windows Help Multiple unspecified vulnerabilities in Microsoft Windows Help File viewer (winhlp32.exe) allow user-assisted attackers to execute arbitrary code via crafted HLP files. | 7.6 |
2006-08-18 | CVE-2006-4234 | Dotproject | Remote File Include vulnerability in DotProject Query.Class.PHP PHP remote file inclusion vulnerability in classes/query.class.php in dotProject 2.0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter. | 7.5 |
2006-08-18 | CVE-2006-4230 | Lizge | Remote File Include vulnerability in Lizge web Portal 0.20 Multiple PHP remote file inclusion vulnerabilities in index.php in Lizge V.20 Web Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) lizge or (2) bade parameters. | 7.5 |
2006-08-18 | CVE-2006-4229 | Joomla Mambo | Remote Security vulnerability in Moslistmessenger Component PHP remote file inclusion vulnerability in archive.php in the mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
2006-08-18 | CVE-2006-4219 | Microsoft | Unspecified vulnerability in Microsoft IE 6.0 The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN. | 7.5 |
2006-08-17 | CVE-2006-4218 | ZEN Cart | File Include vulnerability in Zen Cart Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier allows remote attackers to include and possibly execute arbitrary local files via directory traversal sequences in the typefilter parameter. | 7.5 |
2006-08-17 | CVE-2006-4217 | Webinsta | Remote Security vulnerability in Webinsta Cms PHP remote file inclusion vulnerability in modules/usersonline/users.php in WEBInsta CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the module_dir parameter, a different vulnerability than CVE-2006-4196. | 7.5 |
2006-08-17 | CVE-2006-4214 | ZEN Cart | SQL Injection vulnerability in ZEN Cart ZEN Cart Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_handler.php, which can be leveraged to modify elements of $_SESSION; and allow remote authenticated users to execute arbitrary SQL commands via (2) a session id within a cookie to whos_online_session_recreate, (3) the quantity field to the add_cart function, (4) an id[] parameter when adding an item to a shopping cart, or (5) a redemption code when checking out (dc_redeem_code parameter to includes/modules/order_total/ot_coupon.php). | 7.5 |
2006-08-17 | CVE-2006-4213 | David Kent Norman | Unspecified vulnerability in David Kent Norman Thatware PHP remote file inclusion vulnerability in config.php in David Kent Norman Thatware 0.4.6 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | 7.5 |
2006-08-17 | CVE-2006-4212 | B0Zz AND Chris Vincent | Multiple vulnerability in B0Zz and Chris Vincent OWL Intranet Engine 0.90 SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2006-08-17 | CVE-2006-4207 | BOB Jewell | Remote File Include vulnerability in Discloser Multiple PHP remote file inclusion vulnerabilities in Bob Jewell Discloser 0.0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the fileloc parameter to (1) content/content.php or (2) /inc/indexhead.php. | 7.5 |
2006-08-17 | CVE-2006-4205 | Webdynamite | Remote File Include vulnerability in Webdynamite Projectbutler 0.8.4 Multiple PHP remote file inclusion vulnerabilities in WebDynamite ProjectButler 0.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to /classes/ scripts including (1) Cache.class.php, (2) Customer.class.php, (3) Performance.class.php, (4) Project.class.php, (5) Representative.class.php, (6) User.class.php, or (7) common.php. | 7.5 |
2006-08-17 | CVE-2006-4204 | Phprojekt | Code Injection vulnerability in PHProjekt Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 and possibly earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_pre parameter in lib/specialdays.php and the (2) lib_path parameter in lib/dbman_filter.inc.php. | 7.5 |
2006-08-17 | CVE-2006-4203 | Mamboxchange | Remote File Include vulnerability in Mambo Email Publisher Help.MMP.PHP PHP remote file inclusion vulnerability in help.mmp.php in the MMP Component (com_mmp) 1.2 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
2006-08-17 | CVE-2006-4202 | Spidey Blog | SQL Injection vulnerability in Spidey Blog Script PID Parameter SQL injection vulnerability in proje_goster.php in Spidey Blog Script 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. | 7.5 |
2006-08-17 | CVE-2006-4201 | HP | Remote Arbitrary Command Execution vulnerability in HP Openview Storage Data Protector 5.1/5.5 Unspecified vulnerability in the backup agent and Cell Manager in HP OpenView Storage Data Protector 5.1 and 5.5 before 20060810 allows remote attackers to execute arbitrary code on an agent via unspecified vectors related to authentication and input validation. | 7.5 |
2006-08-17 | CVE-2006-4200 | Soft3304 | Multiple vulnerability in Soft3304 04Webserver 1.42/1.5/1.81 Unspecified vulnerability in 04WebServer 1.83 and earlier allows remote attackers to bypass user authentication via unspecified vectors related to request processing. | 7.5 |
2006-08-17 | CVE-2006-4197 | Musicbrainz | Buffer Overflow vulnerability in Libmusicbrainz Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c. | 7.5 |
2006-08-17 | CVE-2006-4196 | Webinsta | Remote File Include vulnerability in WEBinsta CMS Templates_Dir PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templates_dir parameter. | 7.5 |
2006-08-17 | CVE-2006-4193 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. | 7.5 |
2006-08-17 | CVE-2006-3860 | IBM | Multiple vulnerability in IBM Informix Dynamic Server IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the (1) "SET DEBUG FILE" SQL command, and the (2) start_onpload and (3) dbexp functions. | 7.5 |
2006-08-17 | CVE-2006-3854 | IBM | Unspecified vulnerability in IBM Informix Dynamic Database Server Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, 9.40.TC8, 10.00.TC4, and 10.00.TC5, when running on Windows, allows remote attackers to execute arbitrary code via a long username, which causes an overflow in vsprintf when displaying in the resulting error message. | 7.5 |
2006-08-16 | CVE-2006-4166 | Tinywebgallery | Remote Security vulnerability in Tinywebgallery PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the image parameter to (1) image.php or (2) image.php2. | 7.5 |
2006-08-16 | CVE-2006-4164 | Phpprintanalyzer | Remote File Include vulnerability in PHPprintanalyzer 1.1 PHP remote file inclusion vulnerability in inc/header.inc.php in phpPrintAnalyzer 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ficStyle parameter. | 7.5 |
2006-08-16 | CVE-2006-4160 | Mvcnphp | Remote File Include vulnerability in Mvcnphp 3.0 Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and Vincent Furia MVCnPHP 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the glConf[path_library] parameter to (1) BaseCommand.php, (2) BaseLoader.php, and (3) BaseView.php. | 7.5 |
2006-08-16 | CVE-2006-4159 | Chaussette | Code Injection vulnerability in Chaussette Multiple PHP remote file inclusion vulnerabilities in Chaussette 080706 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _BASE parameter to scripts in Classes/ including (1) Evenement.php, (2) Event.php, (3) Event_for_month.php, (4) Event_for_week.php, (5) My_Log.php, (6) My_Smarty.php, and possibly (7) Event_for_month_per_day.php. | 7.5 |
2006-08-16 | CVE-2006-4155 | Invision Power Services | Remote Security vulnerability in Invision Power Board Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to "access posts outside the topic." | 7.5 |
2006-08-14 | CVE-2006-4142 | Vwar | SQL Injection vulnerability in VWar Virtual WAR SQL injection vulnerability in extra/online.php in Virtual War (VWar) 1.5.0 R14 and earlier allows remote attackers to execute arbitrary SQL commands via the n parameter. | 7.5 |
2006-08-14 | CVE-2006-4141 | Vwar | SQL-Injection vulnerability in Virtual War SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) sortby and (2) sortorder parameters. | 7.5 |
2006-08-14 | CVE-2006-4136 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others. | 7.5 |
2006-08-14 | CVE-2006-4133 | SAP | Remote Buffer Overflow vulnerability in SAP Internet Graphics Server Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 and earlier, and 7.00 and earlier, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via an HTTP request with an ADM:GETLOGFILE command and a long portwatcher argument, which triggers the overflow during error message construction when the _snprintf function returns a negative value that is used in a memcpy operation. | 7.5 |
2006-08-14 | CVE-2006-4131 | Arcsoft | Multiple vulnerability in ArcSoft MMS Composer Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and possibly earlier, and 2.0.0.13, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted MMS (Multimedia Messaging Service) messages that trigger the overflows in the (1) M-Notification.ind, (2) M-Retrieve.conf (Header and Body), or (3) SMIL parsers. | 7.5 |
2006-08-14 | CVE-2006-4129 | Joomla | Remote File Include vulnerability in Joomla Webring Component 1.0 PHP remote file inclusion vulnerability in admin.webring.docs.php in the Webring Component (com_webring) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the component_dir parameter. | 7.5 |
2006-08-14 | CVE-2006-4125 | Dconnect | Remote Buffer Overflow vulnerability in Dconnect Daemon 0.0.2/0.0.3/0.7.0 Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to execute arbitrary code via a large nickname, which is not properly handled by the listen_thread_udp function. | 7.5 |
2006-08-14 | CVE-2006-4123 | Boite DE News | Remote File Include vulnerability in Boite DE News Boite DE News 4.0.1 PHP remote file inclusion vulnerability in boitenews4/index.php in Boite de News 4.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the url_index parameter. | 7.5 |
2006-08-14 | CVE-2006-4122 | Simple ONE File Guestbook | Unspecified vulnerability in Simple One-File Guestbook Simple One-File Guestbook Simple one-file guestbook 1.0 and earlier allows remote attackers to bypass authentication and delete guestbook entries via a modified id parameter to guestbook.php. | 7.5 |
2006-08-14 | CVE-2006-4114 | Phpmyring | SQL Injection vulnerability in PHPMyRing IDSITE SQL injection vulnerability in view_com.php in Nicolas Grandjean PHPMyRing 4.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idsite parameter. | 7.5 |
2006-08-14 | CVE-2006-4112 | Rubyonrails | Denial of Service vulnerability in Ruby on Rails Routing Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or "data loss," a different vulnerability than CVE-2006-4111. | 7.5 |
2006-08-14 | CVE-2006-4111 | Rubyonrails | Code Injection vulnerability in Rubyonrails Rails and Ruby ON Rails Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112. | 7.5 |
2006-08-14 | CVE-2006-4108 | Drupal | Input Validation vulnerability in Drupal Bibliography SQL injection vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2006-08-14 | CVE-2006-4107 | Drupal | SQL Injection vulnerability in Drupal JOB Search 4.6Rev1.3.2 SQL injection vulnerability in the Job Search module (job.module) 4.6 before revision 1.3.2.1 in Drupal allows remote attackers to execute arbitrary SQL commands via a job or resume search. | 7.5 |
2006-08-14 | CVE-2006-4103 | Jason Alexander | Remote File Include vulnerability in phNNTP File_newsportal PHP remote file inclusion vulnerability in article-raw.php in Jason Alexander phNNTP 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter. | 7.5 |
2006-08-14 | CVE-2006-4102 | Falko Timme AND Till Brehm | Unspecified vulnerability in Falko Timme and Till Brehm Sqlitewebadmin PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme and Till Brehm SQLiteWebAdmin 0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the conf[classpath] parameter. | 7.5 |
48 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-08-17 | CVE-2006-4199 | Soft3304 | Multiple vulnerability in Soft3304 04Webserver 1.42/1.5/1.81 Cross-site scripting (XSS) vulnerability in Soft3304 04WebServer 1.83 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page, a different vulnerability than CVE-2004-1512. | 6.8 |
2006-08-17 | CVE-2006-4195 | Mamboxchange | Code Injection vulnerability in Mamboxchange Peoplebook 1.0 PHP remote file inclusion vulnerability in param.peoplebook.php in the Peoplebook Component for Mambo (com_peoplebook) 1.0 and earlier, and possibly 1.1.2, when register_globals and allow_url_fopen are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
2006-08-16 | CVE-2006-4165 | Netcommons | Cross-Site Scripting vulnerability in NetCommons Cross-site scripting (XSS) vulnerability in NetCommons 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.8 |
2006-08-16 | CVE-2006-4162 | CPG Nuke | Cross-Site Scripting vulnerability in Dragonfly Cms Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search field. | 6.8 |
2006-08-16 | CVE-2006-4157 | Yabb | Cross-Site Scripting vulnerability in YaBBSE Cross-site scripting (XSS) vulnerability in index.php in Yet another Bulletin Board (YaBB) allows remote attackers to inject arbitrary web script or HTML via the categories parameter. | 6.8 |
2006-08-18 | CVE-2006-4227 | Mysql Oracle | Improper Input Validation vulnerability in multiple products MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE. | 6.5 |
2006-08-14 | CVE-2006-4128 | Symantec Veritas | Heap Overflow vulnerability in Symantec Backup Exec Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message. | 6.5 |
2006-08-15 | CVE-2006-2446 | Linux | Socket Buffer Handling Remote Denial of Service vulnerability in Linux Kernel 2.6.9 Race condition between the kfree_skb and __skb_unlink functions in the socket buffer handling in Linux kernel 2.6.9, and possibly other versions, allows remote attackers to cause a denial of service (crash), as demonstrated using the TCP stress tests from the LTP test suite. | 5.4 |
2006-08-14 | CVE-2006-4139 | SUN | Local Denial of Service vulnerability in SUN Solaris 10.0 Race condition in Sun Solaris 10 allows attackers to cause a denial of service (system panic) via unspecified vectors related to ifconfig and either netstat or SNMP queries. | 5.4 |
2006-08-14 | CVE-2006-4117 | SUN | Denial-Of-Service vulnerability in SUN Solaris 10.0 The squeue_drain function in Sun Solaris 10, possibly only when run on CMT processors, allows remote attackers to cause a denial of service ("bad trap" and system panic) by opening and closing a large number of TCP connections ("heavy TCP/IP loads"). | 5.4 |
2006-08-17 | CVE-2006-4215 | ZEN Cart | Code Injection vulnerability in ZEN Cart ZEN Cart PHP remote file inclusion vulnerability in index.php in Zen Cart 1.3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the autoLoadConfig[999][0][loadFile] parameter. | 5.1 |
2006-08-17 | CVE-2006-4198 | Wheatblog | Remote File Include vulnerability in Wheatblog 1.0 PHP remote file inclusion vulnerability in includes/session.php in Wheatblog (wB) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wb_class_dir parameter. | 5.1 |
2006-08-17 | CVE-2006-4192 | Modplug | Remote Code Execution vulnerability in OpenMPT Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files. | 5.1 |
2006-08-17 | CVE-2006-4191 | XMB Software | Unspecified vulnerability in XMB Software Extreme Message Board Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php. | 5.1 |
2006-08-17 | CVE-2006-4189 | Boonex | Remote File Include vulnerability in Boonex Dolphin 5.1 Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts. | 5.1 |
2006-08-16 | CVE-2006-4158 | Spaminator | Remote File Include vulnerability in Spaminator Page Parameter PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | 5.1 |
2006-08-14 | CVE-2006-4121 | SEE Commerce | Remote File Include vulnerability in See-Commerce 1.0.625 PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce 1.0.625 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | 5.1 |
2006-08-14 | CVE-2006-4120 | Drupal | HTML Injection vulnerability in Drupal Recipe Module Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.1 |
2006-08-14 | CVE-2006-4119 | Chaossoft | SQL-Injection vulnerability in GeheimChaos SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the Temp_entered_password parameter. | 5.1 |
2006-08-14 | CVE-2006-4118 | Chaossoft | SQL Injection vulnerability in GeheimChaos Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Temp_entered_login or (2) Temp_entered_email parameters to (a) gc.php, and in multiple parameters in (b) include/registrieren.php, possibly involving the (3) $form_email, (4) $form_vorname, (5) $form_nachname, (6) $form_strasse, (7) $form_plzort, (8) $form_land, (9) $form_homepage, (10) $form_bildpfad, (11) $form_profilsichtbar, (12) $Temp_sprache, (13) $form_tag, (14) $form_monat, (15) $form_jahr, (16) $Temp_akt_string, (17) $form_icq, (18) $form_msn, (19) $form_yahoo, (20) $form_username, and (21) $Temp_form_pass variables. | 5.1 |
2006-08-14 | CVE-2006-4116 | Lhaz | Buffer Overflow vulnerability in LHAZ LHA Long Multiple stack-based buffer overflows in Lhaz before 1.32 allow user-assisted attackers to execute arbitrary code via a long filename in (1) an LHZ archive, when saving the filename during extraction; and (2) an LHZ archive with an invalid CRC checksum, when constructing an error message. | 5.1 |
2006-08-14 | CVE-2006-4115 | E Zest Solutions | Remote File Include vulnerability in E-Zest Solutions Pgmarket 2.2.3 PHP remote file inclusion vulnerability in common.inc.php in PgMarket 2.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CFG[libdir] parameter. | 5.1 |
2006-08-14 | CVE-2006-4113 | Hitweb | Remote File Include vulnerability in Hitweb REP_INC PHP remote file inclusion vulnerability in genpage-cgi.php in Brian Fraval hitweb 4.2 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the REP_INC parameter. | 5.1 |
2006-08-18 | CVE-2006-4223 | IBM | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137. | 5.0 |
2006-08-18 | CVE-2006-4222 | IBM | Remote Security vulnerability in Websphere Application Server Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.0.2.13 have unspecified vectors and impact, including (1) an "authority problem" in ThreadIdentitySupport as identified by PK25199, and "Potential security exposure" issues as identified by (2) PK22747, (3) PK24334, (4) PK25740, and (5) PK26123. | 5.0 |
2006-08-17 | CVE-2006-4208 | Skippy NET | Directory Traversal vulnerability in Skippy.Net Wp-Db Backup Plugin for Wordpress 1.6/1.7 Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote authenticated users with administrative privileges to read arbitrary files via a .. | 5.0 |
2006-08-17 | CVE-2006-3121 | High Availability Linux Project | Resource Management Errors vulnerability in High Availability Linux Project Heartbeat The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message. | 5.0 |
2006-08-17 | CVE-2006-4188 | HP | Denial of Service vulnerability in HP-UX LP Subsystem Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via unknown vectors. | 5.0 |
2006-08-16 | CVE-2006-4161 | Xennobb | Directory Traversal vulnerability in XennoBB Directory traversal vulnerability in the avatar_gallery action in profile.php in XennoBB 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
2006-08-16 | CVE-2006-4030 | Gallery Project | Information Disclosure vulnerability in Gallery Stats Module Unspecified Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." Update to version 1.5-pl1. | 5.0 |
2006-08-14 | CVE-2006-4140 | Ipcheck | Directory Traversal vulnerability in IPCheck Server Monitor Directory traversal vulnerability in IPCheck Server Monitor before 5.3.3.639/640 allows remote attackers to read arbitrary files via modified .. | 5.0 |
2006-08-14 | CVE-2006-4137 | IBM | Multiple vulnerability in IBM WebSphere Application Server 6.1.0 IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2) "script generated syntax on wsadmin command line," and (3) traces. | 5.0 |
2006-08-14 | CVE-2006-4134 | SAP | Remote Denial Of Service vulnerability in SAP Internet Graphics Server Unspecified vulnerability related to a "design flaw" in SAP Internet Graphics Service (IGS) 6.40 and earlier and 7.00 and earlier allows remote attackers to cause a denial of service (service shutdown) via certain HTTP requests. | 5.0 |
2006-08-14 | CVE-2006-4132 | Arcsoft | Multiple vulnerability in ArcSoft MMS Composer ArcSoft MMS Composer 1.5.5.6 and possibly earlier, and 2.0.0.13 and possibly earlier, allow remote attackers to cause a denial of service (resource exhaustion and application crash) via WAPPush messages to UDP port UDP 2948. | 5.0 |
2006-08-14 | CVE-2006-4126 | Dconnect | Denial of Service vulnerability in Dconnect Daemon 0.0.2/0.0.3/0.7.0 The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to cause a denial of service (application crash) by sending a client message before providing the nickname, which triggers a null pointer dereference. | 5.0 |
2006-08-17 | CVE-2006-4185 | Novell | Nessus Denial of Service vulnerability in Novell eDirectory Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated using a Nessus scan. | 4.9 |
2006-08-17 | CVE-2006-4184 | Smartline | Unspecified vulnerability in Smartline Devicelock SmartLine DeviceLock before 5.73 Build 305 does not properly enforce access control lists (ACL) in raw mode, which allows local users to bypass NTFS controls and obtain sensitive information. | 4.9 |
2006-08-14 | CVE-2006-4127 | Dconnect | Format String vulnerability in Dconnect Daemon 0.0.2/0.0.3/0.7.0 Multiple format string vulnerabilities in DConnect Daemon 0.7.0 and earlier allow remote administrators to execute arbitrary code via format string specifiers that are not properly handled when calling the (1) privmsg() or (2) pubmsg functions from (a) cmd.user.c, (b) penalties.c, or (c) cmd.dc.c. | 4.6 |
2006-08-14 | CVE-2006-4124 | Lesstif | Local Arbitrary File Creation vulnerability in Lesstif 0.93.94 The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program. | 4.6 |
2006-08-18 | CVE-2006-4224 | Vwar | Cross-Site Scripting vulnerability in Virtual War Cross-site scripting (XSS) vulnerability in calendar.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the year parameter. | 4.3 |
2006-08-17 | CVE-2006-4211 | B0Zz AND Chris Vincent | Multiple vulnerability in Owl Intranet Engine Cross-site scripting (XSS) vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2006-08-17 | CVE-2006-4206 | Aspplayground NET | Cross-Site Scripting vulnerability in Aspplayground.Net 2.4.5 Cross-site scripting (XSS) vulnerability in calendar.asp in ASPPlayground.NET Forum Advanced Edition 2.4.5 Unicode, and possibly other versions before October 15, 2006, allows remote attackers to inject arbitrary web script or HTML via the calendarID parameter. | 4.3 |
2006-08-14 | CVE-2006-4110 | Apache | Information Disclosure vulnerability in Apache Http Server 2.0.58/2.2.2/2.2.3 Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems. | 4.3 |
2006-08-14 | CVE-2006-4109 | Drupal | Input Validation vulnerability in Drupal Bibliography Cross-site scripting (XSS) vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2006-08-14 | CVE-2006-4106 | Blursoft | HTML Injection vulnerability in Blursoft Blur6Ex 0.3/0.3.462 Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 allows remote attackers to inject arbitrary web script or HTML via a comment title. | 4.3 |
2006-08-14 | CVE-2006-4105 | Fill Threads Database | HTML Injection vulnerability in Fill Threads Database Fill Threads Database 3.7.3 Cross-site scripting (XSS) vulnerability in Fill Threads Database (FTD) 3.7.3 allows remote attackers to inject arbitrary web script or HTML via the (1) search field or (2) an e-mail message. | 4.3 |
2006-08-14 | CVE-2006-4104 | Mojoscripts | HTML Injection vulnerability in MojoGallery Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via "password input." | 4.3 |
2006-08-17 | CVE-2006-3859 | IBM | Remote Security vulnerability in IBM Informix Dynamic Server IBM Informix Dynamic Server (IDS) allows remote authenticated users to create and overwrite arbitrary files via the (1) LOTOFILE and (2) trl_tracefile_set functions, and the (3) "SET DEBUG FILE" commands. | 4.0 |
9 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-08-18 | CVE-2006-4233 | Globus | Local Temporary File Handling vulnerability in Globus Toolkit 3.2.0/4.0.0/4.1.0 Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config. | 3.6 |
2006-08-18 | CVE-2006-4226 | Mysql Oracle | MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. | 3.6 |
2006-08-18 | CVE-2006-4231 | Irfanview | Denial-Of-Service vulnerability in Irfanview 3.98 IrfanView 3.98 (with plugins) allows remote attackers to cause a denial of service (application crash) via a crafted CUR image file. | 2.6 |
2006-08-17 | CVE-2006-4210 | Andreas Kansok | Unspecified vulnerability in Andreas Kansok PHPay 2.02/2.02.1 nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when register_globals is enabled, allows remote attackers to use the server as an open mail relay via modified mail_text2, user_row[5], nu_mail_1, and shop_mail parameters. | 2.6 |
2006-08-15 | CVE-2006-4144 | Imagemagick | Remote Heap Buffer Overflow vulnerability in ImageMagick SGI Image File Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow. | 2.6 |
2006-08-17 | CVE-2006-4190 | PHP Nuke | Local File Include vulnerability in PHP-Nuke Autohtml Module 2.0 Directory traversal vulnerability in autohtml.php in the AutoHTML module for PHP-Nuke allows local users to include arbitrary files via a .. | 2.1 |
2006-08-17 | CVE-2006-4187 | HP | Local Denial of Service vulnerability in HP Hp-Ux 11.00/11.11/11.23 Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23, when running in trusted mode, allows local users to cause a denial of service via unspecified vectors. | 2.1 |
2006-08-17 | CVE-2006-4186 | Novell | Information Disclosure vulnerability in Novell Edirectory 8.7.3.8 The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file. | 2.1 |
2006-08-18 | CVE-2006-4232 | Globus | Local Temporary File Handling vulnerability in Globus Toolkit 3.2.0/4.0.0/4.1.0 Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access. | 1.2 |