Weekly Vulnerabilities Reports > August 14 to 20, 2006

Overview

111 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 49 high severity vulnerabilities. This weekly summary report vulnerabilities in 99 products from 78 vendors including IBM, Drupal, Microsoft, HP, and ZEN Cart. Vulnerabilities are notably categorized as "Code Injection", "Resource Management Errors", "Permissions, Privileges, and Access Controls", "Information Exposure", and "SQL Injection".

  • 103 reported vulnerabilities are remotely exploitables.
  • 29 reported vulnerabilities have public exploit available.
  • 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 105 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

2 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-08-18 CVE-2006-4221 IBM Remote Buffer Overflow vulnerability in IBM eGatherer ActiveX

Stack-based buffer overflow in the IBM Access Support eGatherer ActiveX control before 3.20.0284.0 allows remote attackers to execute arbitrary code via a long filename parameter to the RunEgatherer method.

9.3
2006-08-18 CVE-2006-4228 Symantec Veritas Authentication Bypass vulnerability in Symantec Veritas Netbackup Puredisk Remote Office Edition 6.0

Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before MP1 20060816 allows remote attackers to bypass authentication and gain privileges via unknown attack vectors in the management interface.

9.0

49 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-08-15 CVE-2006-4143 Netgear Unspecified vulnerability in Netgear Fvg318 1.0.40

Netgear FVG318 running firmware 1.0.40 allows remote attackers to cause a denial of service (router reset) via TCP packets with bad checksums.

7.8
2006-08-14 CVE-2006-4138 Microsoft Remote vulnerability in RETIRED: Microsoft Windows Help

Multiple unspecified vulnerabilities in Microsoft Windows Help File viewer (winhlp32.exe) allow user-assisted attackers to execute arbitrary code via crafted HLP files.

7.6
2006-08-18 CVE-2006-4234 Dotproject Remote File Include vulnerability in DotProject Query.Class.PHP

PHP remote file inclusion vulnerability in classes/query.class.php in dotProject 2.0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter.

7.5
2006-08-18 CVE-2006-4230 Lizge Remote File Include vulnerability in Lizge web Portal 0.20

Multiple PHP remote file inclusion vulnerabilities in index.php in Lizge V.20 Web Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) lizge or (2) bade parameters.

7.5
2006-08-18 CVE-2006-4229 Joomla
Mambo
Remote Security vulnerability in Moslistmessenger Component

PHP remote file inclusion vulnerability in archive.php in the mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2006-08-18 CVE-2006-4219 Microsoft Unspecified vulnerability in Microsoft IE 6.0

The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.

7.5
2006-08-17 CVE-2006-4218 ZEN Cart File Include vulnerability in Zen Cart

Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier allows remote attackers to include and possibly execute arbitrary local files via directory traversal sequences in the typefilter parameter.

7.5
2006-08-17 CVE-2006-4217 Webinsta Remote Security vulnerability in Webinsta Cms

PHP remote file inclusion vulnerability in modules/usersonline/users.php in WEBInsta CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the module_dir parameter, a different vulnerability than CVE-2006-4196.

7.5
2006-08-17 CVE-2006-4214 ZEN Cart SQL Injection vulnerability in ZEN Cart ZEN Cart

Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_handler.php, which can be leveraged to modify elements of $_SESSION; and allow remote authenticated users to execute arbitrary SQL commands via (2) a session id within a cookie to whos_online_session_recreate, (3) the quantity field to the add_cart function, (4) an id[] parameter when adding an item to a shopping cart, or (5) a redemption code when checking out (dc_redeem_code parameter to includes/modules/order_total/ot_coupon.php).

7.5
2006-08-17 CVE-2006-4213 David Kent Norman Unspecified vulnerability in David Kent Norman Thatware

PHP remote file inclusion vulnerability in config.php in David Kent Norman Thatware 0.4.6 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.

7.5
2006-08-17 CVE-2006-4212 B0Zz AND Chris Vincent Multiple vulnerability in B0Zz and Chris Vincent OWL Intranet Engine 0.90

SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2006-08-17 CVE-2006-4209 Webinsta Remote File Include vulnerability in Webinsta Mailing List Manager 1.3E

PHP remote file inclusion vulnerability in install3.php in WEBInsta Mailing List Manager 1.3e allows remote attackers to execute arbitrary PHP code via a URL in the cabsolute_path parameter.

7.5
2006-08-17 CVE-2006-4207 BOB Jewell Remote File Include vulnerability in Discloser

Multiple PHP remote file inclusion vulnerabilities in Bob Jewell Discloser 0.0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the fileloc parameter to (1) content/content.php or (2) /inc/indexhead.php.

7.5
2006-08-17 CVE-2006-4205 Webdynamite Remote File Include vulnerability in Webdynamite Projectbutler 0.8.4

Multiple PHP remote file inclusion vulnerabilities in WebDynamite ProjectButler 0.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to /classes/ scripts including (1) Cache.class.php, (2) Customer.class.php, (3) Performance.class.php, (4) Project.class.php, (5) Representative.class.php, (6) User.class.php, or (7) common.php.

7.5
2006-08-17 CVE-2006-4204 Phprojekt Code Injection vulnerability in PHProjekt

Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 and possibly earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_pre parameter in lib/specialdays.php and the (2) lib_path parameter in lib/dbman_filter.inc.php.

7.5
2006-08-17 CVE-2006-4203 Mamboxchange Remote File Include vulnerability in Mambo Email Publisher Help.MMP.PHP

PHP remote file inclusion vulnerability in help.mmp.php in the MMP Component (com_mmp) 1.2 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2006-08-17 CVE-2006-4202 Spidey Blog SQL Injection vulnerability in Spidey Blog Script PID Parameter

SQL injection vulnerability in proje_goster.php in Spidey Blog Script 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter.

7.5
2006-08-17 CVE-2006-4201 HP Remote Arbitrary Command Execution vulnerability in HP Openview Storage Data Protector 5.1/5.5

Unspecified vulnerability in the backup agent and Cell Manager in HP OpenView Storage Data Protector 5.1 and 5.5 before 20060810 allows remote attackers to execute arbitrary code on an agent via unspecified vectors related to authentication and input validation.

7.5
2006-08-17 CVE-2006-4200 Soft3304 Multiple vulnerability in Soft3304 04Webserver 1.42/1.5/1.81

Unspecified vulnerability in 04WebServer 1.83 and earlier allows remote attackers to bypass user authentication via unspecified vectors related to request processing.

7.5
2006-08-17 CVE-2006-4197 Musicbrainz Buffer Overflow vulnerability in Libmusicbrainz

Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c.

7.5
2006-08-17 CVE-2006-4196 Webinsta Remote File Include vulnerability in WEBinsta CMS Templates_Dir

PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templates_dir parameter.

7.5
2006-08-17 CVE-2006-4193 Microsoft Denial Of Service vulnerability in Microsoft IE 6.0

Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption.

7.5
2006-08-17 CVE-2006-3860 IBM Multiple vulnerability in IBM Informix Dynamic Server

IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the (1) "SET DEBUG FILE" SQL command, and the (2) start_onpload and (3) dbexp functions.

7.5
2006-08-17 CVE-2006-3854 IBM Unspecified vulnerability in IBM Informix Dynamic Database Server

Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, 9.40.TC8, 10.00.TC4, and 10.00.TC5, when running on Windows, allows remote attackers to execute arbitrary code via a long username, which causes an overflow in vsprintf when displaying in the resulting error message.

7.5
2006-08-16 CVE-2006-4166 Tinywebgallery Remote Security vulnerability in Tinywebgallery

PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the image parameter to (1) image.php or (2) image.php2.

7.5
2006-08-16 CVE-2006-4164 Phpprintanalyzer Remote File Include vulnerability in PHPprintanalyzer 1.1

PHP remote file inclusion vulnerability in inc/header.inc.php in phpPrintAnalyzer 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ficStyle parameter.

7.5
2006-08-16 CVE-2006-4163 Mywebland Remote File Include vulnerability in MyWebland miniBloggie Fname

** DISPUTED ** PHP remote file inclusion vulnerability in cls_fast_template.php in myWebland miniBloggie 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fname parameter.

7.5
2006-08-16 CVE-2006-4160 Mvcnphp Remote File Include vulnerability in Mvcnphp 3.0

Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and Vincent Furia MVCnPHP 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the glConf[path_library] parameter to (1) BaseCommand.php, (2) BaseLoader.php, and (3) BaseView.php.

7.5
2006-08-16 CVE-2006-4159 Chaussette Code Injection vulnerability in Chaussette

Multiple PHP remote file inclusion vulnerabilities in Chaussette 080706 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _BASE parameter to scripts in Classes/ including (1) Evenement.php, (2) Event.php, (3) Event_for_month.php, (4) Event_for_week.php, (5) My_Log.php, (6) My_Smarty.php, and possibly (7) Event_for_month_per_day.php.

7.5
2006-08-16 CVE-2006-4156 Pearlabs Remote File Include vulnerability in RETIRED: Mafia Moblog Big.PHP

** DISPUTED ** PHP remote file inclusion vulnerability in big.php in pearlabs mafia moblog 6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathtotemplate parameter.

7.5
2006-08-16 CVE-2006-4155 Invision Power Services Remote Security vulnerability in Invision Power Board

Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to "access posts outside the topic."

7.5
2006-08-14 CVE-2006-4142 Vwar SQL Injection vulnerability in VWar Virtual WAR

SQL injection vulnerability in extra/online.php in Virtual War (VWar) 1.5.0 R14 and earlier allows remote attackers to execute arbitrary SQL commands via the n parameter.

7.5
2006-08-14 CVE-2006-4141 Vwar SQL-Injection vulnerability in Virtual War

SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) sortby and (2) sortorder parameters.

7.5
2006-08-14 CVE-2006-4136 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server

Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others.

7.5
2006-08-14 CVE-2006-4135 Vincent HOR Unspecified vulnerability in Vincent HOR Calendarix

** DISPUTED ** PHP remote file inclusion vulnerability in cal_config.inc.php in Calendarix 0.7.20060401 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the calpath parameter.

7.5
2006-08-14 CVE-2006-4133 SAP Remote Buffer Overflow vulnerability in SAP Internet Graphics Server

Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 and earlier, and 7.00 and earlier, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via an HTTP request with an ADM:GETLOGFILE command and a long portwatcher argument, which triggers the overflow during error message construction when the _snprintf function returns a negative value that is used in a memcpy operation.

7.5
2006-08-14 CVE-2006-4131 Arcsoft Multiple vulnerability in ArcSoft MMS Composer

Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and possibly earlier, and 2.0.0.13, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted MMS (Multimedia Messaging Service) messages that trigger the overflows in the (1) M-Notification.ind, (2) M-Retrieve.conf (Header and Body), or (3) SMIL parsers.

7.5
2006-08-14 CVE-2006-4129 Joomla Remote File Include vulnerability in Joomla Webring Component 1.0

PHP remote file inclusion vulnerability in admin.webring.docs.php in the Webring Component (com_webring) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the component_dir parameter.

7.5
2006-08-14 CVE-2006-4125 Dconnect Remote Buffer Overflow vulnerability in Dconnect Daemon 0.0.2/0.0.3/0.7.0

Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to execute arbitrary code via a large nickname, which is not properly handled by the listen_thread_udp function.

7.5
2006-08-14 CVE-2006-4123 Boite DE News Remote File Include vulnerability in Boite DE News Boite DE News 4.0.1

PHP remote file inclusion vulnerability in boitenews4/index.php in Boite de News 4.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the url_index parameter.

7.5
2006-08-14 CVE-2006-4122 Simple ONE File Guestbook Unspecified vulnerability in Simple One-File Guestbook Simple One-File Guestbook

Simple one-file guestbook 1.0 and earlier allows remote attackers to bypass authentication and delete guestbook entries via a modified id parameter to guestbook.php.

7.5
2006-08-14 CVE-2006-4114 Phpmyring SQL Injection vulnerability in PHPMyRing IDSITE

SQL injection vulnerability in view_com.php in Nicolas Grandjean PHPMyRing 4.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idsite parameter.

7.5
2006-08-14 CVE-2006-4112 Rubyonrails Denial of Service vulnerability in Ruby on Rails Routing

Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or "data loss," a different vulnerability than CVE-2006-4111.

7.5
2006-08-14 CVE-2006-4111 Rubyonrails Code Injection vulnerability in Rubyonrails Rails and Ruby ON Rails

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.

7.5
2006-08-14 CVE-2006-4108 Drupal Input Validation vulnerability in Drupal Bibliography

SQL injection vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2006-08-14 CVE-2006-4107 Drupal SQL Injection vulnerability in Drupal JOB Search 4.6Rev1.3.2

SQL injection vulnerability in the Job Search module (job.module) 4.6 before revision 1.3.2.1 in Drupal allows remote attackers to execute arbitrary SQL commands via a job or resume search.

7.5
2006-08-14 CVE-2006-4103 Jason Alexander Remote File Include vulnerability in phNNTP File_newsportal

PHP remote file inclusion vulnerability in article-raw.php in Jason Alexander phNNTP 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter.

7.5
2006-08-14 CVE-2006-4102 Falko Timme AND Till Brehm Unspecified vulnerability in Falko Timme and Till Brehm Sqlitewebadmin

PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme and Till Brehm SQLiteWebAdmin 0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the conf[classpath] parameter.

7.5
2006-08-14 CVE-2006-1168 Ncompress Buffer Underflow vulnerability in Ncompress 4.2.4

The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.

7.5

50 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-08-17 CVE-2006-4199 Soft3304 Multiple vulnerability in Soft3304 04Webserver 1.42/1.5/1.81

Cross-site scripting (XSS) vulnerability in Soft3304 04WebServer 1.83 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page, a different vulnerability than CVE-2004-1512.

6.8
2006-08-17 CVE-2006-4195 Mamboxchange Code Injection vulnerability in Mamboxchange Peoplebook 1.0

PHP remote file inclusion vulnerability in param.peoplebook.php in the Peoplebook Component for Mambo (com_peoplebook) 1.0 and earlier, and possibly 1.1.2, when register_globals and allow_url_fopen are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2006-08-16 CVE-2006-4165 Netcommons Cross-Site Scripting vulnerability in NetCommons

Cross-site scripting (XSS) vulnerability in NetCommons 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.8
2006-08-16 CVE-2006-4162 CPG Nuke Cross-Site Scripting vulnerability in Dragonfly Cms

Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search field.

6.8
2006-08-16 CVE-2006-4157 Yabb Cross-Site Scripting vulnerability in YaBBSE

Cross-site scripting (XSS) vulnerability in index.php in Yet another Bulletin Board (YaBB) allows remote attackers to inject arbitrary web script or HTML via the categories parameter.

6.8
2006-08-14 CVE-2006-4130 Matt Smith Code Injection vulnerability in Matt Smith Remository FOR Mambo

PHP remote file inclusion vulnerability in admin.remository.php in the Remository Component (com_remository) 3.25 and earlier for Mambo and Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2006-08-18 CVE-2006-4227 Mysql
Oracle
Improper Input Validation vulnerability in multiple products

MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.

6.5
2006-08-14 CVE-2006-4128 Symantec Veritas Heap Overflow vulnerability in Symantec Backup Exec

Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message.

6.5
2006-08-15 CVE-2006-2446 Linux Socket Buffer Handling Remote Denial of Service vulnerability in Linux Kernel 2.6.9

Race condition between the kfree_skb and __skb_unlink functions in the socket buffer handling in Linux kernel 2.6.9, and possibly other versions, allows remote attackers to cause a denial of service (crash), as demonstrated using the TCP stress tests from the LTP test suite.

5.4
2006-08-14 CVE-2006-4139 SUN Local Denial of Service vulnerability in SUN Solaris 10.0

Race condition in Sun Solaris 10 allows attackers to cause a denial of service (system panic) via unspecified vectors related to ifconfig and either netstat or SNMP queries.

5.4
2006-08-14 CVE-2006-4117 SUN Denial-Of-Service vulnerability in SUN Solaris 10.0

The squeue_drain function in Sun Solaris 10, possibly only when run on CMT processors, allows remote attackers to cause a denial of service ("bad trap" and system panic) by opening and closing a large number of TCP connections ("heavy TCP/IP loads").

5.4
2006-08-17 CVE-2006-4215 ZEN Cart Code Injection vulnerability in ZEN Cart ZEN Cart

PHP remote file inclusion vulnerability in index.php in Zen Cart 1.3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the autoLoadConfig[999][0][loadFile] parameter.

5.1
2006-08-17 CVE-2006-4198 Wheatblog Remote File Include vulnerability in Wheatblog 1.0

PHP remote file inclusion vulnerability in includes/session.php in Wheatblog (wB) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wb_class_dir parameter.

5.1
2006-08-17 CVE-2006-4192 Modplug Remote Code Execution vulnerability in OpenMPT

Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.

5.1
2006-08-17 CVE-2006-4191 XMB Software Unspecified vulnerability in XMB Software Extreme Message Board

Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.

5.1
2006-08-17 CVE-2006-4189 Boonex Remote File Include vulnerability in Boonex Dolphin 5.1

Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts.

5.1
2006-08-16 CVE-2006-4158 Spaminator Remote File Include vulnerability in Spaminator Page Parameter

PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

5.1
2006-08-14 CVE-2006-4121 SEE Commerce Remote File Include vulnerability in See-Commerce 1.0.625

PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce 1.0.625 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

5.1
2006-08-14 CVE-2006-4120 Drupal HTML Injection vulnerability in Drupal Recipe Module

Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

5.1
2006-08-14 CVE-2006-4119 Chaossoft SQL-Injection vulnerability in GeheimChaos

SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the Temp_entered_password parameter.

5.1
2006-08-14 CVE-2006-4118 Chaossoft SQL Injection vulnerability in GeheimChaos

Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Temp_entered_login or (2) Temp_entered_email parameters to (a) gc.php, and in multiple parameters in (b) include/registrieren.php, possibly involving the (3) $form_email, (4) $form_vorname, (5) $form_nachname, (6) $form_strasse, (7) $form_plzort, (8) $form_land, (9) $form_homepage, (10) $form_bildpfad, (11) $form_profilsichtbar, (12) $Temp_sprache, (13) $form_tag, (14) $form_monat, (15) $form_jahr, (16) $Temp_akt_string, (17) $form_icq, (18) $form_msn, (19) $form_yahoo, (20) $form_username, and (21) $Temp_form_pass variables.

5.1
2006-08-14 CVE-2006-4116 Lhaz Buffer Overflow vulnerability in LHAZ LHA Long

Multiple stack-based buffer overflows in Lhaz before 1.32 allow user-assisted attackers to execute arbitrary code via a long filename in (1) an LHZ archive, when saving the filename during extraction; and (2) an LHZ archive with an invalid CRC checksum, when constructing an error message.

5.1
2006-08-14 CVE-2006-4115 E Zest Solutions Remote File Include vulnerability in E-Zest Solutions Pgmarket 2.2.3

PHP remote file inclusion vulnerability in common.inc.php in PgMarket 2.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CFG[libdir] parameter.

5.1
2006-08-14 CVE-2006-4113 Hitweb Remote File Include vulnerability in Hitweb REP_INC

PHP remote file inclusion vulnerability in genpage-cgi.php in Brian Fraval hitweb 4.2 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the REP_INC parameter.

5.1
2006-08-18 CVE-2006-4223 IBM Information Exposure vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137.

5.0
2006-08-18 CVE-2006-4222 IBM Remote Security vulnerability in Websphere Application Server

Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.0.2.13 have unspecified vectors and impact, including (1) an "authority problem" in ThreadIdentitySupport as identified by PK25199, and "Potential security exposure" issues as identified by (2) PK22747, (3) PK24334, (4) PK25740, and (5) PK26123.

5.0
2006-08-17 CVE-2006-4208 Skippy NET Directory Traversal vulnerability in Skippy.Net Wp-Db Backup Plugin for Wordpress 1.6/1.7

Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote authenticated users with administrative privileges to read arbitrary files via a ..

5.0
2006-08-17 CVE-2006-4194 Cisco Unspecified vulnerability in Cisco products

** DISPUTED ** Unspecified vulnerability in Cisco PIX 500 Series Security Appliances allows remote attackers to send arbitrary UDP packets to intranet devices via unspecified vectors involving Session Initiation Protocol (SIP) fixup commands, a different issue than CVE-2006-4032.

5.0
2006-08-17 CVE-2006-3121 High Availability Linux Project Resource Management Errors vulnerability in High Availability Linux Project Heartbeat

The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message.

5.0
2006-08-17 CVE-2006-4188 HP Denial of Service vulnerability in HP-UX LP Subsystem

Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via unknown vectors.

5.0
2006-08-16 CVE-2006-4161 Xennobb Directory Traversal vulnerability in XennoBB

Directory traversal vulnerability in the avatar_gallery action in profile.php in XennoBB 2.1.0 and earlier allows remote attackers to read arbitrary files via a ..

5.0
2006-08-16 CVE-2006-4030 Gallery Project Information Disclosure vulnerability in Gallery Stats Module Unspecified

Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." Update to version 1.5-pl1.

5.0
2006-08-14 CVE-2006-4140 Ipcheck Directory Traversal vulnerability in IPCheck Server Monitor

Directory traversal vulnerability in IPCheck Server Monitor before 5.3.3.639/640 allows remote attackers to read arbitrary files via modified ..

5.0
2006-08-14 CVE-2006-4137 IBM Multiple vulnerability in IBM WebSphere Application Server 6.1.0

IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2) "script generated syntax on wsadmin command line," and (3) traces.

5.0
2006-08-14 CVE-2006-4134 SAP Remote Denial Of Service vulnerability in SAP Internet Graphics Server

Unspecified vulnerability related to a "design flaw" in SAP Internet Graphics Service (IGS) 6.40 and earlier and 7.00 and earlier allows remote attackers to cause a denial of service (service shutdown) via certain HTTP requests.

5.0
2006-08-14 CVE-2006-4132 Arcsoft Multiple vulnerability in ArcSoft MMS Composer

ArcSoft MMS Composer 1.5.5.6 and possibly earlier, and 2.0.0.13 and possibly earlier, allow remote attackers to cause a denial of service (resource exhaustion and application crash) via WAPPush messages to UDP port UDP 2948.

5.0
2006-08-14 CVE-2006-4126 Dconnect Denial of Service vulnerability in Dconnect Daemon 0.0.2/0.0.3/0.7.0

The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to cause a denial of service (application crash) by sending a client message before providing the nickname, which triggers a null pointer dereference.

5.0
2006-08-17 CVE-2006-4185 Novell Nessus Denial of Service vulnerability in Novell eDirectory

Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated using a Nessus scan.

4.9
2006-08-17 CVE-2006-4184 Smartline Unspecified vulnerability in Smartline Devicelock

SmartLine DeviceLock before 5.73 Build 305 does not properly enforce access control lists (ACL) in raw mode, which allows local users to bypass NTFS controls and obtain sensitive information.

4.9
2006-08-14 CVE-2006-4127 Dconnect Format String vulnerability in Dconnect Daemon 0.0.2/0.0.3/0.7.0

Multiple format string vulnerabilities in DConnect Daemon 0.7.0 and earlier allow remote administrators to execute arbitrary code via format string specifiers that are not properly handled when calling the (1) privmsg() or (2) pubmsg functions from (a) cmd.user.c, (b) penalties.c, or (c) cmd.dc.c.

4.6
2006-08-14 CVE-2006-4124 Lesstif Local Arbitrary File Creation vulnerability in Lesstif 0.93.94

The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program.

4.6
2006-08-18 CVE-2006-4224 Vwar Cross-Site Scripting vulnerability in Virtual War

Cross-site scripting (XSS) vulnerability in calendar.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the year parameter.

4.3
2006-08-17 CVE-2006-4211 B0Zz AND Chris Vincent Multiple vulnerability in Owl Intranet Engine

Cross-site scripting (XSS) vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2006-08-17 CVE-2006-4206 Aspplayground NET Cross-Site Scripting vulnerability in Aspplayground.Net 2.4.5

Cross-site scripting (XSS) vulnerability in calendar.asp in ASPPlayground.NET Forum Advanced Edition 2.4.5 Unicode, and possibly other versions before October 15, 2006, allows remote attackers to inject arbitrary web script or HTML via the calendarID parameter.

4.3
2006-08-14 CVE-2006-4110 Apache Information Disclosure vulnerability in Apache Http Server 2.0.58/2.2.2/2.2.3

Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.

4.3
2006-08-14 CVE-2006-4109 Drupal Input Validation vulnerability in Drupal Bibliography

Cross-site scripting (XSS) vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2006-08-14 CVE-2006-4106 Blursoft HTML Injection vulnerability in Blursoft Blur6Ex 0.3/0.3.462

Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 allows remote attackers to inject arbitrary web script or HTML via a comment title.

4.3
2006-08-14 CVE-2006-4105 Fill Threads Database HTML Injection vulnerability in Fill Threads Database Fill Threads Database 3.7.3

Cross-site scripting (XSS) vulnerability in Fill Threads Database (FTD) 3.7.3 allows remote attackers to inject arbitrary web script or HTML via the (1) search field or (2) an e-mail message.

4.3
2006-08-14 CVE-2006-4104 Mojoscripts HTML Injection vulnerability in MojoGallery

Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via "password input."

4.3
2006-08-17 CVE-2006-3859 IBM Remote Security vulnerability in IBM Informix Dynamic Server

IBM Informix Dynamic Server (IDS) allows remote authenticated users to create and overwrite arbitrary files via the (1) LOTOFILE and (2) trl_tracefile_set functions, and the (3) "SET DEBUG FILE" commands.

4.0

10 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-08-18 CVE-2006-4233 Globus Local Temporary File Handling vulnerability in Globus Toolkit 3.2.0/4.0.0/4.1.0

Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config.

3.6
2006-08-18 CVE-2006-4226 Mysql
Oracle
MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.
3.6
2006-08-18 CVE-2006-4231 Irfanview Denial-Of-Service vulnerability in Irfanview 3.98

IrfanView 3.98 (with plugins) allows remote attackers to cause a denial of service (application crash) via a crafted CUR image file.

2.6
2006-08-17 CVE-2006-4210 Andreas Kansok Unspecified vulnerability in Andreas Kansok PHPay 2.02/2.02.1

nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when register_globals is enabled, allows remote attackers to use the server as an open mail relay via modified mail_text2, user_row[5], nu_mail_1, and shop_mail parameters.

2.6
2006-08-17 CVE-2006-4021 Scatterchat Unspecified vulnerability in Scatterchat 1.0.1

The cryptographic module in ScatterChat 1.0.x allows attackers to identify patterns in large numbers of messages by identifying collisions using a birthday attack on the custom padding mechanism for ECB mode encryption.

2.6
2006-08-15 CVE-2006-4144 Imagemagick Remote Heap Buffer Overflow vulnerability in ImageMagick SGI Image File

Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.

2.6
2006-08-17 CVE-2006-4190 PHP Nuke Local File Include vulnerability in PHP-Nuke Autohtml Module 2.0

Directory traversal vulnerability in autohtml.php in the AutoHTML module for PHP-Nuke allows local users to include arbitrary files via a ..

2.1
2006-08-17 CVE-2006-4187 HP Local Denial of Service vulnerability in HP Hp-Ux 11.00/11.11/11.23

Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23, when running in trusted mode, allows local users to cause a denial of service via unspecified vectors.

2.1
2006-08-17 CVE-2006-4186 Novell Information Disclosure vulnerability in Novell Edirectory 8.7.3.8

The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file.

2.1
2006-08-18 CVE-2006-4232 Globus Local Temporary File Handling vulnerability in Globus Toolkit 3.2.0/4.0.0/4.1.0

Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access.

1.2