Weekly Vulnerabilities Reports > August 21 to 27, 2006

Overview

121 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 57 high severity vulnerabilities. This weekly summary report vulnerabilities in 141 products from 85 vendors including SUN, Linux, Wireshark, Mambo, and Dieselscripts. Vulnerabilities are notably categorized as "Resource Management Errors", "Code Injection", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Cross-site Scripting".

  • 108 reported vulnerabilities are remotely exploitables.
  • 31 reported vulnerabilities have public exploit available.
  • 3 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 115 reported vulnerabilities are exploitable by an anonymous user.
  • SUN has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Sony has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-08-24 CVE-2006-4304 Freebsd
Netbsd
Openbsd
Buffer Overflow vulnerability in NetBSD In-Kernel PPP

Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp.

10.0
2006-08-23 CVE-2006-4309 AK Systems Remote Unauthorized Administrative Access vulnerability in Ak-Systems Windows Terminal 1.2.5Exvlp

VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not password protected, which allows remote attackers to login and view RDP or Citrix sessions.

10.0
2006-08-22 CVE-2006-4289 Sony Buffer Overflow vulnerability in Sony VAIO Media Integrated Server

Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to execute arbitrary code via unspecified vectors.

10.0

57 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-08-27 CVE-2006-4363 Cropimage Component Remote File Include vulnerability in Cropimage Component Cropimage Component 1.0

PHP remote file inclusion vulnerability in admin.cropcanvas.php in the CropImage component (com_cropimage) 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the cropimagedir parameter.

7.5
2006-08-27 CVE-2006-4357 Dieselscripts Remote File Include vulnerability in DieselScripts Smart Traffic

PHP remote file inclusion vulnerability in clients/index.php in Diesel Smart Traffic allows remote attackers to execute arbitrary PHP code via a URL in the src parameter.

7.5
2006-08-27 CVE-2006-4356 Drupal SQL Injection vulnerability in Drupal Easylinks Module

SQL injection vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2006-08-27 CVE-2006-4354 Phome Empire Remote File Include vulnerability in Phome Empire Phome Empire CMS 3.7

PHP remote file inclusion vulnerability in e/class/CheckLevel.php in Phome Empire CMS 3.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the check_path parameter.

7.5
2006-08-26 CVE-2006-4377 Guder UND Koch Netzwerktechnik SQL-Injection vulnerability in Eichhorn Portal

Multiple SQL injection vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module.

7.5
2006-08-26 CVE-2006-4373 Derek Leung Remote File Include vulnerability in Derek Leung Pslash 0.70

PHP remote file inclusion vulnerability in modules/visitors2/include/config.inc.php in pSlash 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter.

7.5
2006-08-26 CVE-2006-4372 Constructor Component Remote Security vulnerability in Constructor Component

PHP remote file inclusion vulnerability in admin.lurm_constructor.php in the Lurm Constructor component (com_lurm_constructor) 0.6b and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter.

7.5
2006-08-26 CVE-2006-4370 ALT N Privilege Escalation vulnerability in Alt-N Webadmin 3.2.3/3.2.4

Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file.

7.5
2006-08-26 CVE-2006-4368 Integramod Remote File Include vulnerability in Integramod Portal 2.0

PHP remote file inclusion vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

7.5
2006-08-26 CVE-2006-4367 ALL Topics SQL Injection vulnerability in All Topics phpBB module

SQL injection vulnerability in alltopics.php in the All Topics Hack 1.5.0 and earlier for phpBB 2.0.21 allows remote attackers to execute arbitrary SQL commands via the start parameter.

7.5
2006-08-26 CVE-2006-4366 Redblog Remote File Include vulnerability in Redblog 0.5

PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.

7.5
2006-08-26 CVE-2006-4365 Vistabb Remote File Include vulnerability in VistaBB

Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/functions_mod_user.php or (2) includes/functions_portal.php.

7.5
2006-08-26 CVE-2006-3124 Streamripper Buffer Overflow vulnerability in Streamripper 1.61.24/1.61.25

Buffer overflow in the HTTP header parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted HTTP headers.

7.5
2006-08-25 CVE-2006-2112 Dell
Fuji Xerox
Permissions, Privileges, and Access Controls vulnerability in multiple products

Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP printing interface as a proxy ("FTP bounce") by using arbitrary PORT arguments to connect to systems for which access would be otherwise restricted.

7.5
2006-08-24 CVE-2006-4350 Oneorzero SQL-Injection vulnerability in Oneorzero 1.6.4.1

SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-08-24 CVE-2006-4348 Kochsuite Component Remote File Include vulnerability in Kochsuite Component Kochsuite Component 0.9.4

PHP remote file inclusion vulnerability in config.kochsuite.php in the Kochsuite (com_kochsuite) 0.9.4 component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2006-08-24 CVE-2006-4347 Jiran SQL Injection vulnerability in Jiran Cool Manager and Cool Messenger Office School Server

SQL injection vulnerability in user logon authentication request handling in Cool_CoolD.exe in Cool Manager 5.0 (5,60,90,28) and Cool Messenger Office/School Server 5.5 (5,65,12,13) allows remote attackers to execute arbitrary SQL commands via the username field.

7.5
2006-08-24 CVE-2006-4346 Digium Remote vulnerability in Digium Asterisk 1.2.10

Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable.

7.5
2006-08-24 CVE-2006-4345 Digium Remote vulnerability in Asterisk

Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response.

7.5
2006-08-24 CVE-2006-4329 Shadows Rising RPG Remote File Include vulnerability in Shadows Rising RPG

Multiple PHP remote file inclusion vulnerabilities in Shadows Rising RPG (Pre-Alpha) 0.0.5b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) core/includes/security.inc.php, (2) core/includes/smarty.inc.php, (3) qcms/includes/smarty.inc.php or (4) qlib/smarty.inc.php.

7.5
2006-08-24 CVE-2006-4326 Justsystem Buffer Errors vulnerability in Justsystem Formliner, Ichitaro and Ichitaro Government

Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, Ichitaro 2004, 2005, 2006, and Government 2006; Ichitaro for Linux; and FormLiner before 20060818 allows remote attackers to execute arbitrary code via long Unicode strings in a crafted document, as being actively exploited by malware such as Trojan.Tarodrop.

7.5
2006-08-24 CVE-2006-4323 Cityforfree SQL Injection vulnerability in Cityforfree Indexcity 1.0

SQL injection vulnerability in list.php in CityForFree indexcity 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.

7.5
2006-08-24 CVE-2006-4322 Bits Dont Bite Remote File Include vulnerability in RETIRED: Mambo EstateAgent Component mosConfig_absolute_path

PHP remote file inclusion vulnerability in estateagent.php in the EstateAgent component (com_estateagent) for Mambo, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2006-08-24 CVE-2006-4321 Coppermine Remote File Include vulnerability in Coppermine Photo Gallery 1.0

PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2006-08-24 CVE-2006-4320 Opensef Project Remote File Include vulnerability in RETIRED: Joomla OpenSEF Component mosConfig_absolute_path

PHP remote file inclusion vulnerability in sef.php in the OpenSEF 2.0.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2006-08-23 CVE-2006-4300 8Pixel NET Unspecified vulnerability in 8Pixel.Net Simple Blog

SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-08-23 CVE-2006-4297 Oscommerce SQL Injection vulnerability in Oscommerce 2.2Ms220060817

SQL injection vulnerability in shopping_cart.php in osCommerce before 2.2 Milestone 2 060817 allows remote attackers to execute arbitrary SQL commands via id array parameters.

7.5
2006-08-23 CVE-2006-4296 Mambo Remote File Include vulnerability in Mambo BigAPE-Backup Component

PHP remote file inclusion vulnerability in classes/Tar.php in bigAPE-Backup component (com_babackup) for Mambo 1.1 allows remote attackers to include arbitrary files via the mosConfig_absolute_path parameter.

7.5
2006-08-23 CVE-2006-3869 Microsoft Buffer Overflow vulnerability in Microsoft IE 6.0

Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.

7.5
2006-08-22 CVE-2006-4287 NES Game
NES System
Remote File Include vulnerability in NES Game and NES System

Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a) phphtmllib/includes.php; tag_utils/ scripts including (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; and widgets/ scripts including (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, and (k) TextNav.php.

7.5
2006-08-22 CVE-2006-4285 Fscripts Code Injection vulnerability in Fscripts Fantastic News

PHP remote file inclusion vulnerability in news.php in Fantastic News 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter.

7.5
2006-08-22 CVE-2006-4284 Lblog SQL Injection vulnerability in Lblog 1.05

SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-08-22 CVE-2006-4283 Solmetra Remote File Include vulnerability in RETIRED: SPAW PHP Editor 1.0.6/1.0.7

Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW Editor 1.0.6 and 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the spaw_dir parameter in dialogs/ scripts including (1) a.php, (2) collorpicker.php, (3) img.php, (4) img_library.php, (5) table.php, or (6) td.php.

7.5
2006-08-22 CVE-2006-4282 Mamboxchange Remote File Include vulnerability in MamboWiki Component MamboLogin.PHP

PHP remote file inclusion vulnerability in MamboLogin.php in the MamboWiki component (com_mambowiki) 0.9.6 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter.

7.5
2006-08-21 CVE-2006-4281 Arthur Konze Webdesign Remote File Include vulnerability in Arthur Konze Webdesign Akocomment 1.1

PHP remote file inclusion vulnerability in akocomments.php in AkoComment 1.1 module (com_akocomment) for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2006-08-21 CVE-2006-4279 Xennobb SQL Injection vulnerability in XennoBB Icon_Topic

SQL injection vulnerability in topic_post.php in XennoBB 2.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the icon_topic parameter.

7.5
2006-08-21 CVE-2006-4278 Sportsphool Remote File Include vulnerability in Sportsphool 1.0

PHP remote file inclusion vulnerability in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the mainnav parameter.

7.5
2006-08-21 CVE-2006-4277 Tutti Nova Remote File Include vulnerability in Tutti Nova

Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to (1) include/novalib/class.novaAdmin.mysql.php and (2) novalib/class.novaRead.mysql.php.

7.5
2006-08-21 CVE-2006-4276 Tutti Nova Remote File Include vulnerability in Tutti Nova

PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to novalib/class.novaEdit.mysql.php.

7.5
2006-08-21 CVE-2006-4275 Mambo Remote File Include vulnerability in Mambo Catalogshop Component 1.0Beta2

PHP remote file inclusion vulnerability in catalogshop.php in the CatalogShop component for Mambo (com_catalogshop) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2006-08-21 CVE-2006-4267 Devellion Input Validation vulnerability in CubeCart

Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php.

7.5
2006-08-21 CVE-2006-4263 Product Scroller Module Remote File Include vulnerability in Mambo Phpshop Product Scroller Component

Multiple PHP remote file inclusion vulnerabilities in the Product Scroller Module and other modules in mambo-phpshop (com_phpshop) for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) mod_phpshop.php, (2) mod_phpshop_allinone.php, (3) mod_phpshop_cart.php, (4) mod_phpshop_featureprod.php, (5) mod_phpshop_latestprod.php, (6) mod_product_categories.php, (7) mod_productscroller.php, and (8) mosproductsnap.php.

7.5
2006-08-21 CVE-2006-4254 IBM Local Privilege Escalation vulnerability in IBM AIX 5.1/5.2/5.3

Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 allows local users to gain privileges via unspecified vectors.

7.5
2006-08-21 CVE-2006-4241 Mamboxchange Remote File Include vulnerability in Mamboxchange Reporter 1.0

PHP remote file inclusion vulnerability in processor/reporter.sql.php in the Reporter Mambo component (com_reporter) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2006-08-21 CVE-2006-4240 Fusionphp Remote File Include vulnerability in FusionPHP Fusion News

PHP remote file inclusion vulnerability in index.php in Fusion News 3.7 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.

7.5
2006-08-21 CVE-2006-4239 Outreach Project Tool Remote File Include vulnerability in Outreach Project Tool

PHP remote file inclusion vulnerability in include/urights.php in Outreach Project Tool (OPT) Max 1.2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CRM_inc parameter.

7.5
2006-08-21 CVE-2006-4238 Wtcom SQL Injection vulnerability in WTCom Web Torrent

SQL injection vulnerability in torrents.php in WebTorrent (WTcom) 0.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter in category mode.

7.5
2006-08-21 CVE-2006-4237 Invisionix Systems Remote Pageheaderdefault.Inc.PHP Remote File Include vulnerability in Invisionix Roaming System

PHP remote file inclusion vulnerability in pageheaderdefault.inc.php in Invisionix Roaming System Remote (IRSR) 0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _sysSessionPath parameter.

7.5
2006-08-21 CVE-2006-4236 Powergap Remote File Include vulnerability in Powergap

Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow remote attackers to execute arbitrary PHP code via a URL in the (1) shopid parameter to (a) s01.php, (b) s02.php, (c) s03.php, and (d) s04.php; and possibly a URL located after "shopid=" or "sid=" in the PATH_INFO.

7.5
2006-08-21 CVE-2006-4235 Sony Buffer Overflow vulnerability in Sony SonicStage Mastering Studio

Buffer overflow in the import project functionality in Sony SonicStage Mastering Studio 1.1.00 through 2.2.01 allows remote attackers to execute arbitrary code via a crafted SMP file.

7.5
2006-08-24 CVE-2006-4319 SUN Buffer Overflow vulnerability in SUN Solaris and Sunos

Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.

7.2
2006-08-23 CVE-2006-4316 SSH Local Privilege Escalation vulnerability in SSH Tectia Manager Agent Process

SSH Tectia Management Agent 2.1.2 allows local users to gain root privileges by running a program called sshd, which is obtained from a process listing when the "Restart" action is selected from the Management server GUI, which causes the agent to locate the pathname of the user's program and restart it with root privileges.

7.2
2006-08-23 CVE-2006-4315 SSH Privilege Escalation vulnerability in SSH Tectia Windows Path Specification

Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under "Program Files" or its subdirectories.

7.2
2006-08-23 CVE-2006-4307 SUN Local Privilege Escalation vulnerability in Sun Solaris Format(1M)

Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via unspecified vectors involving profiles that permit running format with elevated privileges, a different issue than CVE-2006-4306 and CVE-2006-4319.

7.2
2006-08-23 CVE-2006-4306 SUN Unspecified vulnerability in SUN Solaris and Sunos

Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 allows local users to execute arbitrary commands via unspecified vectors, involving the default Role-Based Access Control (RBAC) settings in the "File System Management" profile.

7.2
2006-08-23 CVE-2006-3745 Linux Buffer Overflow vulnerability in Linux Kernel SCTP_Make_Abort_User Function

Unspecified vulnerability in the sctp_make_abort_user function in the SCTP implementation in Linux 2.6.x before 2.6.17.10 and 2.4.23 up to 2.4.33 allows local users to cause a denial of service (panic) and possibly gain root privileges via unknown attack vectors.

7.2
2006-08-21 CVE-2006-0948 AOL Local Privilege Escalation vulnerability in AOL 9.04184.2340

AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the "America Online 9.0" directory, which allows local users to gain privileges by replacing critical files.

7.2

54 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-08-24 CVE-2006-4351 Oneorzero Cross-Site Scripting vulnerability in Oneorzero 1.6.4.1

Cross-site scripting (XSS) vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

6.8
2006-08-24 CVE-2006-4327 Cloudnine Interactive Cross-Site Scripting vulnerability in Cloudnine Interactive Links Manager 20060612

Multiple cross-site scripting (XSS) vulnerabilities in add_url.php in CloudNine Interactive Links Manager 2006-06-12 allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) description, or (3) keywords parameters.

6.8
2006-08-24 CVE-2006-4325 Doika HTML Injection vulnerability in Doika Guestbook

Cross-site scripting (XSS) vulnerability in gbook.php in Doika guestbook 2.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter.

6.8
2006-08-24 CVE-2006-4324 Cityforfree Cross-Site Scripting vulnerability in Cityforfree Indexcity 1.0

Cross-site scripting (XSS) vulnerability in add_url2.php in CityForFree indexcity 1.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

6.8
2006-08-24 CVE-2006-4317 Woltlab HTML Injection vulnerability in Woltlab Burning Board 2.3.5

Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab Burning Board (WBB) 2.3.5 allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript.

6.8
2006-08-23 CVE-2006-4312 Cisco Firewall Appliances Authentication Bypass vulnerability in Cisco

Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user passwords, and the enable password to be changed to a "non-random value" under certain circumstances, which causes administrators to be locked out and might allow attackers to gain access.

6.8
2006-08-22 CVE-2006-4288 Mambo Code Injection vulnerability in Mambo A6Mambocredits Component 2.0.0

PHP remote file inclusion vulnerability in admin.a6mambocredits.php in the a6mambocredits component (com_a6mambocredits) 2.0.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

6.8
2006-08-21 CVE-2006-4273 Jelsoft Unspecified vulnerability in Jelsoft Vbulletin 3.5.4/3.6.0

Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6.

6.8
2006-08-21 CVE-2006-4270 Mambo Code Injection vulnerability in Mambo Mambelfish Component

PHP remote file inclusion vulnerability in mambelfish.class.php in the mambelfish component (com_mambelfish) 1.1 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2006-08-21 CVE-2006-4268 Devellion Input Validation vulnerability in CubeCart

Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) admin/login.php.

6.8
2006-08-24 CVE-2006-4318 Texas Imperial Software Buffer Overflow vulnerability in Texas Imperial Software Wftpd 3.23

Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands.

6.5
2006-08-25 CVE-2006-2113 Dell
Fuji Xerox
Improper Authentication vulnerability in multiple products

The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server.

6.4
2006-08-24 CVE-2006-4333 Wireshark Resource Management Errors vulnerability in Wireshark

The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory.

5.4
2006-08-27 CVE-2006-4359 Trident Software Buffer Overflow vulnerability in Trident Software Powerzip 7.06Build3895

Stack-based buffer overflow in Trident Software PowerZip 7.06 Build 3895 on Windows 2000 allows remote attackers to execute arbitrary code via a ZIP archive containing a long filename.

5.1
2006-08-26 CVE-2006-4376 Guder UND Koch Netzwerktechnik Cross-Site Scripting vulnerability in Eichhorn Portal

Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module.

5.1
2006-08-25 CVE-2006-3744 Imagemagick Numeric Errors vulnerability in Imagemagick

Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows.

5.1
2006-08-25 CVE-2006-3743 Imagemagick Buffer Overflow vulnerability in ImageMagick XCF Image File Remote

Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images.

5.1
2006-08-24 CVE-2006-4328 Cloudnine Interactive SQL Injection vulnerability in Cloudnine Interactive Links Manager 20060612

SQL injection vulnerability in admin.php in CloudNine Interactive Links Manager 2006-06-12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter.

5.1
2006-08-23 CVE-2006-4262 Cscope Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cscope

Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument.

5.1
2006-08-22 CVE-2006-4291 Phlymail Remote File Include vulnerability in RETIRED: PHlyMail Lite Mod.Listmail.PHP

PHP remote file inclusion vulnerability in handlers/email/mod.listmail.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter.

5.1
2006-08-21 CVE-2006-4242 Joomla Remote File Include vulnerability in Joomla JIM Instant Messaging Component 1.0.1

PHP remote file inclusion vulnerability in install.jim.php in the JIM 1.0.1 component for Joomla or Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

5.1
2006-08-27 CVE-2006-4364 ALT N Remote Pre-Authentication POP3 Buffer Overflow vulnerability in Alt-N MDaemon

Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon before 9.0.6 allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via long strings that contain '@' characters in the (1) USER and (2) APOP commands.

5.0
2006-08-25 CVE-2006-4353 SUN Information Disclosure vulnerability in SUN Java System Content Delivery Server 4.0/4.1/5.0

Unspecified vulnerability in Sun Java System Content Delivery Server 4.0, 4.1, and 5.0 allows local and remote attackers to read data from arbitrary files via unspecified vectors.

5.0
2006-08-25 CVE-2006-4352 Cisco Information Disclosure vulnerability in Cisco Content Services Switch 11000 Series

The ArrowPoint cookie functionality for Cisco 11000 series Content Service Switches specifies an internal IP address if the administrator does not specify a string option, which allows remote attackers to obtain sensitive information.

5.0
2006-08-24 CVE-2006-4344 CGI Rescue Email Header Injection vulnerability in Cgi-Rescue Mail F W System 8.3

CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) before 8.3 allows remote attackers to spoof e-mails and inject e-mail headers via unspecified vectors in (1) mail.cgi and (2) query.cgi.

5.0
2006-08-24 CVE-2006-4332 Wireshark Multiple vulnerability in Wireshark

Unspecified vulnerability in the DHCP dissector in Wireshark (formerly Ethereal) 0.10.13 through 0.99.2, when run on Windows, allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a bug in Glib.

5.0
2006-08-24 CVE-2006-4331 Wireshark Multiple vulnerability in Wireshark 0.99.2

Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors.

5.0
2006-08-23 CVE-2006-4314 Symantec Denial of Service vulnerability in Symantec Enterprise Security Manager

The manager server in Symantec Enterprise Security Manager (ESM) 6 and 6.5.x allows remote attackers to cause a denial of service (hang) via a malformed ESM agent request.

5.0
2006-08-23 CVE-2006-4313 Cisco Unspecified vulnerability in Cisco VPN 3000 Concentrator Series Software

Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors.

5.0
2006-08-23 CVE-2006-4302 SUN Permissions, Privileges, and Access Controls vulnerability in SUN J2Se and Java web Start

The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web Start 1.0 through 1.2 and J2SE 1.4.2 through 5.0 Update 5, allows remote attackers to exploit vulnerabilities by specifying a JRE version that contain vulnerabilities.

5.0
2006-08-23 CVE-2006-4301 Microsoft Improper Input Validation vulnerability in Microsoft IE 6.0

Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1.

5.0
2006-08-23 CVE-2006-4298 Oscommerce Directory Traversal vulnerability in Oscommerce 2.2Ms220060817

Multiple directory traversal vulnerabilities in cache.php in osCommerce before 2.2 Milestone 2 060817 allow remote attackers to determine existence of arbitrary files and disclose the installation path via a ..

5.0
2006-08-22 CVE-2006-4292 Niels Provos ARP Packet Processing Denial of Service vulnerability in Honeyd 1.0/1.5/1.5A

Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows remote attackers to cause a denial of service (application crash) via certain Address Resolution Protocol (ARP) packets.

5.0
2006-08-22 CVE-2006-4290 Sony Directory Traversal vulnerability in Sony VAIO Media Integrated Server

Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to gain sensitive information via unspecified vectors.

5.0
2006-08-21 CVE-2006-4265 Kaspersky LAB Remote Security vulnerability in Kaspersky LAB Kaspersky Anti-Hacker 1.8.180

Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows remote attackers to obtain responses to ICMP (1) timestamp and (2) netmask requests, which is inconsistent with the documented behavior of Stealth Mode.

5.0
2006-08-21 CVE-2006-4260 Jake Olefsky Directory Traversal vulnerability in Jake Olefsky Fotopholder 1.8

Directory traversal vulnerability in index.php in Fotopholder 1.8 allows remote attackers to read arbitrary directories or files via a ..

5.0
2006-08-23 CVE-2006-2932 Linux
Redhat
Local Denial of Service vulnerability in Linux Kernel Non-Hugemem Support

A regression error in the restore_all code path of the 4/4GB split support for non-hugemem Linux kernels on Red Hat Linux Desktop and Enterprise Linux 4 allows local users to cause a denial of service (panic) via unspecified vectors.

4.9
2006-08-21 CVE-2006-4093 Linux
Canonical
Debian
Local Denial of Service vulnerability in Linux Kernel PPC970 Systems

Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time." Upgrade to Linux Kernel version 2.4.33.1

4.9
2006-08-21 CVE-2006-4145 Linux Resource Management Errors vulnerability in Linux Kernel

The Universal Disk Format (UDF) filesystem driver in Linux kernel 2.6.17 and earlier allows local users to cause a denial of service (hang and crash) via certain operations involving truncated files, as demonstrated via the dd command.

4.9
2006-08-21 CVE-2006-3506 Apple Buffer Overflow vulnerability in Apple mac OS X, mac OS X Server and Xsan

Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to "processing a path name." This vulnerability is addressed in the following product release: Apple, Xsan, 1.4

4.6
2006-08-27 CVE-2006-4362 Dieselscripts Cross-Site Scripting vulnerability in DieselScripts Diesel Paid Mail Getad.PHP

Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid Mail allows remote attackers to inject arbitrary web script or HTML via the ps parameter.

4.3
2006-08-27 CVE-2006-4361 Dieselscripts Cross-Site Scripting vulnerability in Diesel Job Site

Multiple cross-site scripting (XSS) vulnerabilities in jobseekers/forgot.php in Diesel Job Site allow remote attackers to inject arbitrary web script or HTML via the (1) uname or (2) SEmail parameters.

4.3
2006-08-27 CVE-2006-4358 Dieselscripts Cross-Site Scripting vulnerability in DieselScripts Diesel Pay

Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay allows remote attackers to inject arbitrary web script or HTML via the read parameter.

4.3
2006-08-24 CVE-2006-4330 Wireshark Multiple vulnerability in Wireshark 0.99.2

Unspecified vulnerability in the SCSI dissector in Wireshark (formerly Ethereal) 0.99.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors.

4.3
2006-08-23 CVE-2006-4310 Mozilla Improper Input Validation vulnerability in Mozilla Firefox 1.5.0.6

Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI.

4.3
2006-08-23 CVE-2006-4308 Blackboard Cross-Site Scripting vulnerability in Blackboard products

Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board.

4.3
2006-08-23 CVE-2006-4299 Tiki Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.4

Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.

4.3
2006-08-23 CVE-2006-4295 Panda Cross-Site Scripting vulnerability in Panda Activescan 5.53.00

Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter.

4.3
2006-08-22 CVE-2006-4293 Cpanel Cross-Site Scripting vulnerability in Cpanel 10

Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html.

4.3
2006-08-21 CVE-2006-4256 Horde Cross-Site Scripting vulnerability in Application Framework

index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS.

4.3
2006-08-21 CVE-2006-4255 Horde Cross-Site Scripting vulnerability in Horde Products Search.PHP

Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen.

4.3
2006-08-26 CVE-2006-4371 ALT N Information Disclosure vulnerability in Alt-N Webadmin 3.2.3/3.2.4

Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a ..

4.0
2006-08-21 CVE-2006-4258 John Hanna Unspecified vulnerability in John Hanna Anti-Spam Smtp Proxy Server 1.2.3

Absolute path traversal vulnerability in the get functionality in Anti-Spam SMTP Proxy (ASSP) allows remote authenticated users to read arbitrary files via (1) C:\ (Windows drive letter), (2) UNC, and possibly other types of paths in the file parameter.

4.0
2006-08-21 CVE-2006-4257 IBM Resource Management Errors vulnerability in IBM DB2

IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference.

4.0

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-08-21 CVE-2006-4266 Symantec Unspecified vulnerability in Symantec Norton Personal Firewall

Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, does not properly protect Norton registry keys, which allows local users to provide Trojan horse libraries to Norton by using RegSaveKey and RegRestoreKey to modify HKLM\SOFTWARE\Symantec\CCPD\SuiteOwners, as demonstrated using NISProd.dll.

3.6
2006-08-27 CVE-2006-4360 Drupal Cross-Site Scripting vulnerability in Drupal E-Commerce Module 4.7

Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors.

3.5
2006-08-27 CVE-2006-4355 Drupal Cross-Site Scripting vulnerability in Drupal Easylinks Module

Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

2.6
2006-08-26 CVE-2006-4374 Irfanview Denial Of Service vulnerability in Irfanview 3.98

IrfanView 3.98 (with plugins) allows user-assisted attackers to cause a denial of service (application crash) via a crafted ANI image file, possibly due to a buffer overflow.

2.6
2006-08-26 CVE-2006-4369 Integramod Remote File Include vulnerability in Integramod Portal 2.0

Absolute path traversal vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via an absolute pathname in the phpbb_root_path parameter.

2.6
2006-08-23 CVE-2006-4303 SUN Denial-Of-Service vulnerability in SUN Solaris 10.0

Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solaris 10 allows remote attackers to cause a denial of service ("tight loop" and CPU consumption for listener applications) via unknown vectors related to TCP fusion (do_tcp_fusion).

2.6
2006-08-21 CVE-2006-4259 Jake Olefsky Cross-Site Scripting vulnerability in Jake Olefsky Fotopholder 1.8

Cross-site scripting (XSS) vulnerability in index.php in Fotopholder 1.8 allows remote attackers to inject arbitrary web script or HTML via the path parameter.

2.6