Weekly Vulnerabilities Reports > August 21 to 27, 2006
Overview
121 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 57 high severity vulnerabilities. This weekly summary report vulnerabilities in 141 products from 85 vendors including SUN, Linux, Wireshark, Mambo, and Dieselscripts. Vulnerabilities are notably categorized as "Resource Management Errors", "Code Injection", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Cross-site Scripting".
- 108 reported vulnerabilities are remotely exploitables.
- 31 reported vulnerabilities have public exploit available.
- 3 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 115 reported vulnerabilities are exploitable by an anonymous user.
- SUN has the most reported vulnerabilities, with 6 reported vulnerabilities.
- Sony has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
3 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-08-24 | CVE-2006-4304 | Freebsd Netbsd Openbsd | Buffer Overflow vulnerability in NetBSD In-Kernel PPP Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. | 10.0 |
2006-08-23 | CVE-2006-4309 | AK Systems | Remote Unauthorized Administrative Access vulnerability in Ak-Systems Windows Terminal 1.2.5Exvlp VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not password protected, which allows remote attackers to login and view RDP or Citrix sessions. | 10.0 |
2006-08-22 | CVE-2006-4289 | Sony | Buffer Overflow vulnerability in Sony VAIO Media Integrated Server Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
57 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-08-27 | CVE-2006-4363 | Cropimage Component | Remote File Include vulnerability in Cropimage Component Cropimage Component 1.0 PHP remote file inclusion vulnerability in admin.cropcanvas.php in the CropImage component (com_cropimage) 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the cropimagedir parameter. | 7.5 |
2006-08-27 | CVE-2006-4357 | Dieselscripts | Remote File Include vulnerability in DieselScripts Smart Traffic PHP remote file inclusion vulnerability in clients/index.php in Diesel Smart Traffic allows remote attackers to execute arbitrary PHP code via a URL in the src parameter. | 7.5 |
2006-08-27 | CVE-2006-4356 | Drupal | SQL Injection vulnerability in Drupal Easylinks Module SQL injection vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2006-08-27 | CVE-2006-4354 | Phome Empire | Remote File Include vulnerability in Phome Empire Phome Empire CMS 3.7 PHP remote file inclusion vulnerability in e/class/CheckLevel.php in Phome Empire CMS 3.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the check_path parameter. | 7.5 |
2006-08-26 | CVE-2006-4377 | Guder UND Koch Netzwerktechnik | SQL-Injection vulnerability in Eichhorn Portal Multiple SQL injection vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module. | 7.5 |
2006-08-26 | CVE-2006-4373 | Derek Leung | Remote File Include vulnerability in Derek Leung Pslash 0.70 PHP remote file inclusion vulnerability in modules/visitors2/include/config.inc.php in pSlash 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter. | 7.5 |
2006-08-26 | CVE-2006-4372 | Constructor Component | Remote Security vulnerability in Constructor Component PHP remote file inclusion vulnerability in admin.lurm_constructor.php in the Lurm Constructor component (com_lurm_constructor) 0.6b and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter. | 7.5 |
2006-08-26 | CVE-2006-4370 | ALT N | Privilege Escalation vulnerability in Alt-N Webadmin 3.2.3/3.2.4 Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file. | 7.5 |
2006-08-26 | CVE-2006-4368 | Integramod | Remote File Include vulnerability in Integramod Portal 2.0 PHP remote file inclusion vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
2006-08-26 | CVE-2006-4367 | ALL Topics | SQL Injection vulnerability in All Topics phpBB module SQL injection vulnerability in alltopics.php in the All Topics Hack 1.5.0 and earlier for phpBB 2.0.21 allows remote attackers to execute arbitrary SQL commands via the start parameter. | 7.5 |
2006-08-26 | CVE-2006-4366 | Redblog | Remote File Include vulnerability in Redblog 0.5 PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | 7.5 |
2006-08-26 | CVE-2006-4365 | Vistabb | Remote File Include vulnerability in VistaBB Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/functions_mod_user.php or (2) includes/functions_portal.php. | 7.5 |
2006-08-26 | CVE-2006-3124 | Streamripper | Buffer Overflow vulnerability in Streamripper 1.61.24/1.61.25 Buffer overflow in the HTTP header parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted HTTP headers. | 7.5 |
2006-08-25 | CVE-2006-2112 | Dell Fuji Xerox | Permissions, Privileges, and Access Controls vulnerability in multiple products Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP printing interface as a proxy ("FTP bounce") by using arbitrary PORT arguments to connect to systems for which access would be otherwise restricted. | 7.5 |
2006-08-24 | CVE-2006-4350 | Oneorzero | SQL-Injection vulnerability in Oneorzero 1.6.4.1 SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2006-08-24 | CVE-2006-4348 | Kochsuite Component | Remote File Include vulnerability in Kochsuite Component Kochsuite Component 0.9.4 PHP remote file inclusion vulnerability in config.kochsuite.php in the Kochsuite (com_kochsuite) 0.9.4 component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
2006-08-24 | CVE-2006-4347 | Jiran | SQL Injection vulnerability in Jiran Cool Manager and Cool Messenger Office School Server SQL injection vulnerability in user logon authentication request handling in Cool_CoolD.exe in Cool Manager 5.0 (5,60,90,28) and Cool Messenger Office/School Server 5.5 (5,65,12,13) allows remote attackers to execute arbitrary SQL commands via the username field. | 7.5 |
2006-08-24 | CVE-2006-4346 | Digium | Remote vulnerability in Digium Asterisk 1.2.10 Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable. | 7.5 |
2006-08-24 | CVE-2006-4345 | Digium | Remote vulnerability in Asterisk Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response. | 7.5 |
2006-08-24 | CVE-2006-4329 | Shadows Rising RPG | Remote File Include vulnerability in Shadows Rising RPG Multiple PHP remote file inclusion vulnerabilities in Shadows Rising RPG (Pre-Alpha) 0.0.5b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) core/includes/security.inc.php, (2) core/includes/smarty.inc.php, (3) qcms/includes/smarty.inc.php or (4) qlib/smarty.inc.php. | 7.5 |
2006-08-24 | CVE-2006-4326 | Justsystem | Buffer Errors vulnerability in Justsystem Formliner, Ichitaro and Ichitaro Government Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, Ichitaro 2004, 2005, 2006, and Government 2006; Ichitaro for Linux; and FormLiner before 20060818 allows remote attackers to execute arbitrary code via long Unicode strings in a crafted document, as being actively exploited by malware such as Trojan.Tarodrop. | 7.5 |
2006-08-24 | CVE-2006-4323 | Cityforfree | SQL Injection vulnerability in Cityforfree Indexcity 1.0 SQL injection vulnerability in list.php in CityForFree indexcity 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cate_id parameter. | 7.5 |
2006-08-24 | CVE-2006-4322 | Bits Dont Bite | Remote File Include vulnerability in RETIRED: Mambo EstateAgent Component mosConfig_absolute_path PHP remote file inclusion vulnerability in estateagent.php in the EstateAgent component (com_estateagent) for Mambo, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
2006-08-24 | CVE-2006-4321 | Coppermine | Remote File Include vulnerability in Coppermine Photo Gallery 1.0 PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
2006-08-24 | CVE-2006-4320 | Opensef Project | Remote File Include vulnerability in RETIRED: Joomla OpenSEF Component mosConfig_absolute_path PHP remote file inclusion vulnerability in sef.php in the OpenSEF 2.0.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
2006-08-23 | CVE-2006-4300 | 8Pixel NET | Unspecified vulnerability in 8Pixel.Net Simple Blog SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2006-08-23 | CVE-2006-4297 | Oscommerce | SQL Injection vulnerability in Oscommerce 2.2Ms220060817 SQL injection vulnerability in shopping_cart.php in osCommerce before 2.2 Milestone 2 060817 allows remote attackers to execute arbitrary SQL commands via id array parameters. | 7.5 |
2006-08-23 | CVE-2006-4296 | Mambo | Remote File Include vulnerability in Mambo BigAPE-Backup Component PHP remote file inclusion vulnerability in classes/Tar.php in bigAPE-Backup component (com_babackup) for Mambo 1.1 allows remote attackers to include arbitrary files via the mosConfig_absolute_path parameter. | 7.5 |
2006-08-23 | CVE-2006-3869 | Microsoft | Buffer Overflow vulnerability in Microsoft IE 6.0 Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression. | 7.5 |
2006-08-22 | CVE-2006-4287 | NES Game NES System | Remote File Include vulnerability in NES Game and NES System Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a) phphtmllib/includes.php; tag_utils/ scripts including (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; and widgets/ scripts including (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, and (k) TextNav.php. | 7.5 |
2006-08-22 | CVE-2006-4285 | Fscripts | Code Injection vulnerability in Fscripts Fantastic News PHP remote file inclusion vulnerability in news.php in Fantastic News 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter. | 7.5 |
2006-08-22 | CVE-2006-4284 | Lblog | SQL Injection vulnerability in Lblog 1.05 SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2006-08-22 | CVE-2006-4283 | Solmetra | Remote File Include vulnerability in RETIRED: SPAW PHP Editor 1.0.6/1.0.7 Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW Editor 1.0.6 and 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the spaw_dir parameter in dialogs/ scripts including (1) a.php, (2) collorpicker.php, (3) img.php, (4) img_library.php, (5) table.php, or (6) td.php. | 7.5 |
2006-08-22 | CVE-2006-4282 | Mamboxchange | Remote File Include vulnerability in MamboWiki Component MamboLogin.PHP PHP remote file inclusion vulnerability in MamboLogin.php in the MamboWiki component (com_mambowiki) 0.9.6 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. | 7.5 |
2006-08-21 | CVE-2006-4281 | Arthur Konze Webdesign | Remote File Include vulnerability in Arthur Konze Webdesign Akocomment 1.1 PHP remote file inclusion vulnerability in akocomments.php in AkoComment 1.1 module (com_akocomment) for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
2006-08-21 | CVE-2006-4279 | Xennobb | SQL Injection vulnerability in XennoBB Icon_Topic SQL injection vulnerability in topic_post.php in XennoBB 2.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the icon_topic parameter. | 7.5 |
2006-08-21 | CVE-2006-4278 | Sportsphool | Remote File Include vulnerability in Sportsphool 1.0 PHP remote file inclusion vulnerability in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the mainnav parameter. | 7.5 |
2006-08-21 | CVE-2006-4277 | Tutti Nova | Remote File Include vulnerability in Tutti Nova Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to (1) include/novalib/class.novaAdmin.mysql.php and (2) novalib/class.novaRead.mysql.php. | 7.5 |
2006-08-21 | CVE-2006-4276 | Tutti Nova | Remote File Include vulnerability in Tutti Nova PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to novalib/class.novaEdit.mysql.php. | 7.5 |
2006-08-21 | CVE-2006-4275 | Mambo | Remote File Include vulnerability in Mambo Catalogshop Component 1.0Beta2 PHP remote file inclusion vulnerability in catalogshop.php in the CatalogShop component for Mambo (com_catalogshop) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
2006-08-21 | CVE-2006-4267 | Devellion | Input Validation vulnerability in CubeCart Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php. | 7.5 |
2006-08-21 | CVE-2006-4263 | Product Scroller Module | Remote File Include vulnerability in Mambo Phpshop Product Scroller Component Multiple PHP remote file inclusion vulnerabilities in the Product Scroller Module and other modules in mambo-phpshop (com_phpshop) for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) mod_phpshop.php, (2) mod_phpshop_allinone.php, (3) mod_phpshop_cart.php, (4) mod_phpshop_featureprod.php, (5) mod_phpshop_latestprod.php, (6) mod_product_categories.php, (7) mod_productscroller.php, and (8) mosproductsnap.php. | 7.5 |
2006-08-21 | CVE-2006-4254 | IBM | Local Privilege Escalation vulnerability in IBM AIX 5.1/5.2/5.3 Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 allows local users to gain privileges via unspecified vectors. | 7.5 |
2006-08-21 | CVE-2006-4241 | Mamboxchange | Remote File Include vulnerability in Mamboxchange Reporter 1.0 PHP remote file inclusion vulnerability in processor/reporter.sql.php in the Reporter Mambo component (com_reporter) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
2006-08-21 | CVE-2006-4240 | Fusionphp | Remote File Include vulnerability in FusionPHP Fusion News PHP remote file inclusion vulnerability in index.php in Fusion News 3.7 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. | 7.5 |
2006-08-21 | CVE-2006-4239 | Outreach Project Tool | Remote File Include vulnerability in Outreach Project Tool PHP remote file inclusion vulnerability in include/urights.php in Outreach Project Tool (OPT) Max 1.2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CRM_inc parameter. | 7.5 |
2006-08-21 | CVE-2006-4238 | Wtcom | SQL Injection vulnerability in WTCom Web Torrent SQL injection vulnerability in torrents.php in WebTorrent (WTcom) 0.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter in category mode. | 7.5 |
2006-08-21 | CVE-2006-4237 | Invisionix Systems | Remote Pageheaderdefault.Inc.PHP Remote File Include vulnerability in Invisionix Roaming System PHP remote file inclusion vulnerability in pageheaderdefault.inc.php in Invisionix Roaming System Remote (IRSR) 0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _sysSessionPath parameter. | 7.5 |
2006-08-21 | CVE-2006-4236 | Powergap | Remote File Include vulnerability in Powergap Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow remote attackers to execute arbitrary PHP code via a URL in the (1) shopid parameter to (a) s01.php, (b) s02.php, (c) s03.php, and (d) s04.php; and possibly a URL located after "shopid=" or "sid=" in the PATH_INFO. | 7.5 |
2006-08-21 | CVE-2006-4235 | Sony | Buffer Overflow vulnerability in Sony SonicStage Mastering Studio Buffer overflow in the import project functionality in Sony SonicStage Mastering Studio 1.1.00 through 2.2.01 allows remote attackers to execute arbitrary code via a crafted SMP file. | 7.5 |
2006-08-24 | CVE-2006-4319 | SUN | Buffer Overflow vulnerability in SUN Solaris and Sunos Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307. | 7.2 |
2006-08-23 | CVE-2006-4316 | SSH | Local Privilege Escalation vulnerability in SSH Tectia Manager Agent Process SSH Tectia Management Agent 2.1.2 allows local users to gain root privileges by running a program called sshd, which is obtained from a process listing when the "Restart" action is selected from the Management server GUI, which causes the agent to locate the pathname of the user's program and restart it with root privileges. | 7.2 |
2006-08-23 | CVE-2006-4315 | SSH | Privilege Escalation vulnerability in SSH Tectia Windows Path Specification Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under "Program Files" or its subdirectories. | 7.2 |
2006-08-23 | CVE-2006-4307 | SUN | Local Privilege Escalation vulnerability in Sun Solaris Format(1M) Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via unspecified vectors involving profiles that permit running format with elevated privileges, a different issue than CVE-2006-4306 and CVE-2006-4319. | 7.2 |
2006-08-23 | CVE-2006-4306 | SUN | Unspecified vulnerability in SUN Solaris and Sunos Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 allows local users to execute arbitrary commands via unspecified vectors, involving the default Role-Based Access Control (RBAC) settings in the "File System Management" profile. | 7.2 |
2006-08-23 | CVE-2006-3745 | Linux | Buffer Overflow vulnerability in Linux Kernel SCTP_Make_Abort_User Function Unspecified vulnerability in the sctp_make_abort_user function in the SCTP implementation in Linux 2.6.x before 2.6.17.10 and 2.4.23 up to 2.4.33 allows local users to cause a denial of service (panic) and possibly gain root privileges via unknown attack vectors. | 7.2 |
2006-08-21 | CVE-2006-0948 | AOL | Local Privilege Escalation vulnerability in AOL 9.04184.2340 AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the "America Online 9.0" directory, which allows local users to gain privileges by replacing critical files. | 7.2 |
54 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-08-24 | CVE-2006-4351 | Oneorzero | Cross-Site Scripting vulnerability in Oneorzero 1.6.4.1 Cross-site scripting (XSS) vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 6.8 |
2006-08-24 | CVE-2006-4327 | Cloudnine Interactive | Cross-Site Scripting vulnerability in Cloudnine Interactive Links Manager 20060612 Multiple cross-site scripting (XSS) vulnerabilities in add_url.php in CloudNine Interactive Links Manager 2006-06-12 allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) description, or (3) keywords parameters. | 6.8 |
2006-08-24 | CVE-2006-4325 | Doika | HTML Injection vulnerability in Doika Guestbook Cross-site scripting (XSS) vulnerability in gbook.php in Doika guestbook 2.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 6.8 |
2006-08-24 | CVE-2006-4324 | Cityforfree | Cross-Site Scripting vulnerability in Cityforfree Indexcity 1.0 Cross-site scripting (XSS) vulnerability in add_url2.php in CityForFree indexcity 1.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 6.8 |
2006-08-24 | CVE-2006-4317 | Woltlab | HTML Injection vulnerability in Woltlab Burning Board 2.3.5 Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab Burning Board (WBB) 2.3.5 allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript. | 6.8 |
2006-08-23 | CVE-2006-4312 | Cisco | Firewall Appliances Authentication Bypass vulnerability in Cisco Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user passwords, and the enable password to be changed to a "non-random value" under certain circumstances, which causes administrators to be locked out and might allow attackers to gain access. | 6.8 |
2006-08-22 | CVE-2006-4288 | Mambo | Code Injection vulnerability in Mambo A6Mambocredits Component 2.0.0 PHP remote file inclusion vulnerability in admin.a6mambocredits.php in the a6mambocredits component (com_a6mambocredits) 2.0.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | 6.8 |
2006-08-21 | CVE-2006-4273 | Jelsoft | Unspecified vulnerability in Jelsoft Vbulletin 3.5.4/3.6.0 Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6. | 6.8 |
2006-08-21 | CVE-2006-4270 | Mambo | Code Injection vulnerability in Mambo Mambelfish Component PHP remote file inclusion vulnerability in mambelfish.class.php in the mambelfish component (com_mambelfish) 1.1 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
2006-08-21 | CVE-2006-4268 | Devellion | Input Validation vulnerability in CubeCart Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) admin/login.php. | 6.8 |
2006-08-24 | CVE-2006-4318 | Texas Imperial Software | Buffer Overflow vulnerability in Texas Imperial Software Wftpd 3.23 Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands. | 6.5 |
2006-08-25 | CVE-2006-2113 | Dell Fuji Xerox | Improper Authentication vulnerability in multiple products The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server. | 6.4 |
2006-08-24 | CVE-2006-4333 | Wireshark | Resource Management Errors vulnerability in Wireshark The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory. | 5.4 |
2006-08-27 | CVE-2006-4359 | Trident Software | Buffer Overflow vulnerability in Trident Software Powerzip 7.06Build3895 Stack-based buffer overflow in Trident Software PowerZip 7.06 Build 3895 on Windows 2000 allows remote attackers to execute arbitrary code via a ZIP archive containing a long filename. | 5.1 |
2006-08-26 | CVE-2006-4376 | Guder UND Koch Netzwerktechnik | Cross-Site Scripting vulnerability in Eichhorn Portal Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module. | 5.1 |
2006-08-25 | CVE-2006-3744 | Imagemagick | Numeric Errors vulnerability in Imagemagick Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows. | 5.1 |
2006-08-25 | CVE-2006-3743 | Imagemagick | Buffer Overflow vulnerability in ImageMagick XCF Image File Remote Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images. | 5.1 |
2006-08-24 | CVE-2006-4328 | Cloudnine Interactive | SQL Injection vulnerability in Cloudnine Interactive Links Manager 20060612 SQL injection vulnerability in admin.php in CloudNine Interactive Links Manager 2006-06-12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter. | 5.1 |
2006-08-23 | CVE-2006-4262 | Cscope | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cscope Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument. | 5.1 |
2006-08-22 | CVE-2006-4291 | Phlymail | Remote File Include vulnerability in RETIRED: PHlyMail Lite Mod.Listmail.PHP PHP remote file inclusion vulnerability in handlers/email/mod.listmail.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter. | 5.1 |
2006-08-21 | CVE-2006-4242 | Joomla | Remote File Include vulnerability in Joomla JIM Instant Messaging Component 1.0.1 PHP remote file inclusion vulnerability in install.jim.php in the JIM 1.0.1 component for Joomla or Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 5.1 |
2006-08-27 | CVE-2006-4364 | ALT N | Remote Pre-Authentication POP3 Buffer Overflow vulnerability in Alt-N MDaemon Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon before 9.0.6 allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via long strings that contain '@' characters in the (1) USER and (2) APOP commands. | 5.0 |
2006-08-25 | CVE-2006-4353 | SUN | Information Disclosure vulnerability in SUN Java System Content Delivery Server 4.0/4.1/5.0 Unspecified vulnerability in Sun Java System Content Delivery Server 4.0, 4.1, and 5.0 allows local and remote attackers to read data from arbitrary files via unspecified vectors. | 5.0 |
2006-08-25 | CVE-2006-4352 | Cisco | Information Disclosure vulnerability in Cisco Content Services Switch 11000 Series The ArrowPoint cookie functionality for Cisco 11000 series Content Service Switches specifies an internal IP address if the administrator does not specify a string option, which allows remote attackers to obtain sensitive information. | 5.0 |
2006-08-24 | CVE-2006-4344 | CGI Rescue | Email Header Injection vulnerability in Cgi-Rescue Mail F W System 8.3 CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) before 8.3 allows remote attackers to spoof e-mails and inject e-mail headers via unspecified vectors in (1) mail.cgi and (2) query.cgi. | 5.0 |
2006-08-24 | CVE-2006-4332 | Wireshark | Multiple vulnerability in Wireshark Unspecified vulnerability in the DHCP dissector in Wireshark (formerly Ethereal) 0.10.13 through 0.99.2, when run on Windows, allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a bug in Glib. | 5.0 |
2006-08-24 | CVE-2006-4331 | Wireshark | Multiple vulnerability in Wireshark 0.99.2 Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors. | 5.0 |
2006-08-23 | CVE-2006-4314 | Symantec | Denial of Service vulnerability in Symantec Enterprise Security Manager The manager server in Symantec Enterprise Security Manager (ESM) 6 and 6.5.x allows remote attackers to cause a denial of service (hang) via a malformed ESM agent request. | 5.0 |
2006-08-23 | CVE-2006-4313 | Cisco | Unspecified vulnerability in Cisco VPN 3000 Concentrator Series Software Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors. | 5.0 |
2006-08-23 | CVE-2006-4302 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN J2Se and Java web Start The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web Start 1.0 through 1.2 and J2SE 1.4.2 through 5.0 Update 5, allows remote attackers to exploit vulnerabilities by specifying a JRE version that contain vulnerabilities. | 5.0 |
2006-08-23 | CVE-2006-4301 | Microsoft | Improper Input Validation vulnerability in Microsoft IE 6.0 Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1. | 5.0 |
2006-08-23 | CVE-2006-4298 | Oscommerce | Directory Traversal vulnerability in Oscommerce 2.2Ms220060817 Multiple directory traversal vulnerabilities in cache.php in osCommerce before 2.2 Milestone 2 060817 allow remote attackers to determine existence of arbitrary files and disclose the installation path via a .. | 5.0 |
2006-08-22 | CVE-2006-4292 | Niels Provos | ARP Packet Processing Denial of Service vulnerability in Honeyd 1.0/1.5/1.5A Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows remote attackers to cause a denial of service (application crash) via certain Address Resolution Protocol (ARP) packets. | 5.0 |
2006-08-22 | CVE-2006-4290 | Sony | Directory Traversal vulnerability in Sony VAIO Media Integrated Server Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to gain sensitive information via unspecified vectors. | 5.0 |
2006-08-21 | CVE-2006-4265 | Kaspersky LAB | Remote Security vulnerability in Kaspersky LAB Kaspersky Anti-Hacker 1.8.180 Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows remote attackers to obtain responses to ICMP (1) timestamp and (2) netmask requests, which is inconsistent with the documented behavior of Stealth Mode. | 5.0 |
2006-08-21 | CVE-2006-4260 | Jake Olefsky | Directory Traversal vulnerability in Jake Olefsky Fotopholder 1.8 Directory traversal vulnerability in index.php in Fotopholder 1.8 allows remote attackers to read arbitrary directories or files via a .. | 5.0 |
2006-08-23 | CVE-2006-2932 | Linux Redhat | Local Denial of Service vulnerability in Linux Kernel Non-Hugemem Support A regression error in the restore_all code path of the 4/4GB split support for non-hugemem Linux kernels on Red Hat Linux Desktop and Enterprise Linux 4 allows local users to cause a denial of service (panic) via unspecified vectors. | 4.9 |
2006-08-21 | CVE-2006-4093 | Linux Canonical Debian | Local Denial of Service vulnerability in Linux Kernel PPC970 Systems Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time." Upgrade to Linux Kernel version 2.4.33.1 | 4.9 |
2006-08-21 | CVE-2006-4145 | Linux | Resource Management Errors vulnerability in Linux Kernel The Universal Disk Format (UDF) filesystem driver in Linux kernel 2.6.17 and earlier allows local users to cause a denial of service (hang and crash) via certain operations involving truncated files, as demonstrated via the dd command. | 4.9 |
2006-08-21 | CVE-2006-3506 | Apple | Buffer Overflow vulnerability in Apple mac OS X, mac OS X Server and Xsan Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to "processing a path name." This vulnerability is addressed in the following product release: Apple, Xsan, 1.4 | 4.6 |
2006-08-27 | CVE-2006-4362 | Dieselscripts | Cross-Site Scripting vulnerability in DieselScripts Diesel Paid Mail Getad.PHP Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid Mail allows remote attackers to inject arbitrary web script or HTML via the ps parameter. | 4.3 |
2006-08-27 | CVE-2006-4361 | Dieselscripts | Cross-Site Scripting vulnerability in Diesel Job Site Multiple cross-site scripting (XSS) vulnerabilities in jobseekers/forgot.php in Diesel Job Site allow remote attackers to inject arbitrary web script or HTML via the (1) uname or (2) SEmail parameters. | 4.3 |
2006-08-27 | CVE-2006-4358 | Dieselscripts | Cross-Site Scripting vulnerability in DieselScripts Diesel Pay Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay allows remote attackers to inject arbitrary web script or HTML via the read parameter. | 4.3 |
2006-08-24 | CVE-2006-4330 | Wireshark | Multiple vulnerability in Wireshark 0.99.2 Unspecified vulnerability in the SCSI dissector in Wireshark (formerly Ethereal) 0.99.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. | 4.3 |
2006-08-23 | CVE-2006-4310 | Mozilla | Improper Input Validation vulnerability in Mozilla Firefox 1.5.0.6 Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI. | 4.3 |
2006-08-23 | CVE-2006-4308 | Blackboard | Cross-Site Scripting vulnerability in Blackboard products Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board. | 4.3 |
2006-08-23 | CVE-2006-4299 | Tiki | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.4 Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. | 4.3 |
2006-08-23 | CVE-2006-4295 | Panda | Cross-Site Scripting vulnerability in Panda Activescan 5.53.00 Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter. | 4.3 |
2006-08-22 | CVE-2006-4293 | Cpanel | Cross-Site Scripting vulnerability in Cpanel 10 Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html. | 4.3 |
2006-08-21 | CVE-2006-4256 | Horde | Cross-Site Scripting vulnerability in Application Framework index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS. | 4.3 |
2006-08-21 | CVE-2006-4255 | Horde | Cross-Site Scripting vulnerability in Horde Products Search.PHP Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen. | 4.3 |
2006-08-26 | CVE-2006-4371 | ALT N | Information Disclosure vulnerability in Alt-N Webadmin 3.2.3/3.2.4 Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. | 4.0 |
2006-08-21 | CVE-2006-4258 | John Hanna | Unspecified vulnerability in John Hanna Anti-Spam Smtp Proxy Server 1.2.3 Absolute path traversal vulnerability in the get functionality in Anti-Spam SMTP Proxy (ASSP) allows remote authenticated users to read arbitrary files via (1) C:\ (Windows drive letter), (2) UNC, and possibly other types of paths in the file parameter. | 4.0 |
2006-08-21 | CVE-2006-4257 | IBM | Resource Management Errors vulnerability in IBM DB2 IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference. | 4.0 |
7 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-08-21 | CVE-2006-4266 | Symantec | Unspecified vulnerability in Symantec Norton Personal Firewall Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, does not properly protect Norton registry keys, which allows local users to provide Trojan horse libraries to Norton by using RegSaveKey and RegRestoreKey to modify HKLM\SOFTWARE\Symantec\CCPD\SuiteOwners, as demonstrated using NISProd.dll. | 3.6 |
2006-08-27 | CVE-2006-4360 | Drupal | Cross-Site Scripting vulnerability in Drupal E-Commerce Module 4.7 Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2006-08-27 | CVE-2006-4355 | Drupal | Cross-Site Scripting vulnerability in Drupal Easylinks Module Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2.6 |
2006-08-26 | CVE-2006-4374 | Irfanview | Denial Of Service vulnerability in Irfanview 3.98 IrfanView 3.98 (with plugins) allows user-assisted attackers to cause a denial of service (application crash) via a crafted ANI image file, possibly due to a buffer overflow. | 2.6 |
2006-08-26 | CVE-2006-4369 | Integramod | Remote File Include vulnerability in Integramod Portal 2.0 Absolute path traversal vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via an absolute pathname in the phpbb_root_path parameter. | 2.6 |
2006-08-23 | CVE-2006-4303 | SUN | Denial-Of-Service vulnerability in SUN Solaris 10.0 Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solaris 10 allows remote attackers to cause a denial of service ("tight loop" and CPU consumption for listener applications) via unknown vectors related to TCP fusion (do_tcp_fusion). | 2.6 |
2006-08-21 | CVE-2006-4259 | Jake Olefsky | Cross-Site Scripting vulnerability in Jake Olefsky Fotopholder 1.8 Cross-site scripting (XSS) vulnerability in index.php in Fotopholder 1.8 allows remote attackers to inject arbitrary web script or HTML via the path parameter. | 2.6 |