Weekly Vulnerabilities Reports > August 28 to September 3, 2006

Overview

107 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 49 high severity vulnerabilities. This weekly summary report vulnerabilities in 90 products from 69 vendors including Joomla, PHP, Microsoft, Cybozu, and Visualshapers. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", "Resource Management Errors", "Permissions, Privileges, and Access Controls", and "Numeric Errors".

  • 97 reported vulnerabilities are remotely exploitables.
  • 20 reported vulnerabilities have public exploit available.
  • 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 103 reported vulnerabilities are exploitable by an anonymous user.
  • Joomla has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • PHP has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

6 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-08-31 CVE-2006-4485 PHP Input Validation vulnerability in PHP

The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read.

10.0
2006-08-31 CVE-2006-4465 Microsoft Unspecified vulnerability in Microsoft Terminal Server

** DISPUTED ** Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error.

10.0
2006-08-31 CVE-2006-4461 Paessler Remote Security vulnerability in IPCheck Server Monitor

Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the probe settings," which has unknown impact and attack vectors.

10.0
2006-08-30 CVE-2006-4305 Mysql
SAP DB
Remote Buffer Overflow vulnerability in SAP-DB/MaxDB WebDBM

Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client.

10.0
2006-08-31 CVE-2006-4483 PHP Input Validation vulnerability in PHP

The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache.

9.3
2006-08-31 CVE-2006-4482 PHP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP

Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.

9.3

49 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-09-01 CVE-2006-4533 Plume CMS Code Injection vulnerability in Plume-Cms Plume CMS

Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and earlier allow remote attackers to execute arbitrary PHP code via the _PX_config[manager_path] parameter to (1) articles.php, (2) categories.php, (3) news.php, (4) prefs.php, (5) sites.php, (6) subtypes.php, (7) users.php, (8) xmedia.php, (9) frontinc/class.template.php, (10) inc/lib.text.php, (11) install/index.php, (12) install/upgrade.php, and (13) tools/htaccess/index.php.

7.5
2006-09-01 CVE-2006-4532 Bernard Pacques Remote Security vulnerability in Bernard Pacques YET Another Community System CMS 6.6.1

PHP remote file inclusion vulnerability in articles/article.php in Yet Another Community System (YACS) CMS 6.6.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter.

7.5
2006-09-01 CVE-2006-4531 Bare Concept Media Remote File Include vulnerability in Pheap Config.PHP

PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter.

7.5
2006-09-01 CVE-2006-4530 Membrepass Remote File Include vulnerability in Membrepass 1.5

Direct static code injection vulnerability in include/change.php in membrepass 1.5 allows remote attackers to execute arbitrary PHP code via the aifon parameter, which is injected into include/variable.php.

7.5
2006-09-01 CVE-2006-4529 Membrepass SQL Injection vulnerability in Membrepass 1.5

SQL injection vulnerability in recherchemembre.php in membrepass 1.5.

7.5
2006-09-01 CVE-2006-4526 Devellion Multiple Security vulnerability in CubeCart

SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter.

7.5
2006-09-01 CVE-2006-4524 Digiappz SQL Injection vulnerability in Digiappz Freekot 1.01

Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz Freekot 1.01 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameters.

7.5
2006-08-31 CVE-2006-4505 NX5 Unspecified vulnerability in NX5 Nx5Linx 1.0

CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a CRLF sequence in the url parameter.

7.5
2006-08-31 CVE-2006-4504 NX5 SQL Injection vulnerability in NX5 Nx5Linx 1.0

SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) c and (2) l parameters.

7.5
2006-08-31 CVE-2006-4502 Ztml Input Validation vulnerability in Ztml Ezportal Ztml CMS 1.0

ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication controls via a direct request to the "Administration Area" script.

7.5
2006-08-31 CVE-2006-4501 Ztml Input Validation vulnerability in Ztml Ezportal Ztml CMS 1.0

SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) about, (2) album, (3) id, (4) use, (5) desc, (6) doc, (7) mname, (8) max, and possibly other parameters.

7.5
2006-08-31 CVE-2006-4498 Phpalbum NET Remote File Include vulnerability in PHPalbum.Net PHPalbum 0.2.3

PHP remote file inclusion vulnerability in sommaire_admin.php in PhpAlbum (mod_phpalbum) 2.15 for PortailPHP allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter, a different vector than CVE-2006-3922.

7.5
2006-08-31 CVE-2006-4497 Iwebnegar SQL Injection vulnerability in Iwebnegar 1.1

SQL injection vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-08-31 CVE-2006-4495 Microsoft COM Object Instantiation Code Execution vulnerability in Microsoft Windows 2000

Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.

7.5
2006-08-31 CVE-2006-4494 Microsoft Denial of Service vulnerability in Microsoft Visual Studio 6.0

Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll.

7.5
2006-08-31 CVE-2006-4489 Ultrize Remote File Include vulnerability in MiniBill Config[Plugin_Dir] Parameter

Multiple PHP remote file inclusion vulnerabilities in MiniBill 2006-07-14 (1.2.2) allow remote attackers to execute arbitrary PHP code via (1) a URL in the config[include_dir] parameter in actions/ipn.php or (2) an FTP path in the config[plugin_dir] parameter in include/initPlugins.php.

7.5
2006-08-31 CVE-2006-4478 Visualshapers SQL Injection vulnerability in Visualshapers Ezcontents 2.0.3

SQL injection vulnerability in headeruserdata.php in Visual Shapers ezContents 2.0.3 allows remote attackers to execute arbitrary SQL commands via the groupname parameter.

7.5
2006-08-31 CVE-2006-4477 Visualshapers Remote File Include vulnerability in Visualshapers Ezcontents 2.0.3

Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ezContents 2.0.3 allow remote attackers to execute arbitrary PHP code via an empty GLOBALS[rootdp] parameter and an ftps URL in the (1) GLOBALS[admin_home] parameter in (a) diary/event_list.php, (b) gallery/gallery_summary.php, (c) guestbook/showguestbook.php, (d) links/showlinks.php, and (e) reviews/review_summary.php; and the (2) GLOBALS[language_home] parameter in (f) calendar/calendar.php, (g) news/shownews.php, (h) poll/showpoll.php, (i) search/search.php, (j) toprated/toprated.php, and (k) whatsnew/whatsnew.php.

7.5
2006-08-31 CVE-2006-3125 Gtetrinet Remote Code Execution vulnerability in GTetrinet Index Out of Bounds

Array index error in tetrinet.c in gtetrinet 0.7.8 and earlier allows remote attackers to execute arbitrary code via a packet specifying a negative number of players, which is used as an array index.

7.5
2006-08-31 CVE-2006-4476 Joomla Code Injection vulnerability in Joomla 1.0.9

Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL.

7.5
2006-08-31 CVE-2006-4475 Joomla Permissions, Privileges, and Access Controls vulnerability in Joomla 1.0.9

Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors.

7.5
2006-08-31 CVE-2006-4472 Joomla Unspecified vulnerability in Joomla

Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task.

7.5
2006-08-31 CVE-2006-4470 Joomla Unspecified vulnerability in Joomla

Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion.

7.5
2006-08-31 CVE-2006-4469 Joomla Unspecified vulnerability in Joomla

Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws."

7.5
2006-08-31 CVE-2006-4467 Simple Machines Directory Traversal vulnerability in Simple Machines Forum

Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before 1.0.8, does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to perform directory traversal attacks to read arbitrary local files, lock topics, and possibly have other security impacts.

7.5
2006-08-31 CVE-2006-4463 Jetstat COM SQL Injection vulnerability in Jetstat.Com JS ASP FAQ Manager 1.10

SQL injection vulnerability in the administrator control panel in Jetstat.com JS ASP Faq Manager 1.10 allows remote attackers to execute arbitrary SQL commands via the pwd parameter (aka the Password field).

7.5
2006-08-31 CVE-2006-4462 Gonafish COM Authentication Bypass vulnerability in Gonafish.Com Linkscaffe 2.0/3.0

Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict access to administrator functions, which allows remote attackers to gain full administration rights via a direct request to Admin/admin1953.php.

7.5
2006-08-31 CVE-2006-4457 Phpecard Remote Security vulnerability in phpEcard

PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.

7.5
2006-08-31 CVE-2006-4456 Phpecard Remote File Include vulnerability in PHPECard Functions.PHP

PHP remote file inclusion vulnerability in functions.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.

7.5
2006-08-31 CVE-2006-4244 SQL Ledger Improper Authentication vulnerability in Sql-Ledger

SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.

7.5
2006-08-30 CVE-2006-4452 Web3King Remote File Include vulnerability in Web3news PHPSECURITYADMIN_PATH

PHP remote file inclusion vulnerability in security/include/_class.security.php in Web3news 0.95 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PHPSECURITYADMIN_PATH parameter.

7.5
2006-08-30 CVE-2006-4451 CJ Design Unspecified vulnerability in CJ Design CJ TAG Board 3.0

Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the (1) User-Agent HTTP header in tag.php, which is executed by all.php, and (2) the banned parameter in admin_index.php.

7.5
2006-08-29 CVE-2006-4445 Cutephp Unspecified vulnerability in Cutephp Cutenews

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in CuteNews 1.3.x allow remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter to (1) show_news.php or (2) search.php.

7.5
2006-08-29 CVE-2006-4443 Alstrasoft Remote File Include vulnerability in Alstrasoft Video Share Enterprise 4.0

PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft Video Share Enterprise allows remote attackers to execute arbitrary PHP code via a URL in the config[BASE_DIR] parameter.

7.5
2006-08-29 CVE-2006-4441 AY System Solutions Remote Security vulnerability in Ay System Solutions Cms

Multiple PHP remote file inclusion vulnerabilities in Ay System Solutions CMS 2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter to (1) home.php or (2) impressum.php.

7.5
2006-08-29 CVE-2006-4440 AY System Solutions Remote Security vulnerability in Ay System Solutions Cms

PHP remote file inclusion vulnerability in main.php in Ay System Solutions CMS 2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter.

7.5
2006-08-29 CVE-2006-4433 PHP Remote Security vulnerability in PHP

PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier (PHPSESSID) for third party session handlers, which might make it easier for remote attackers to exploit other vulnerabilities by inserting PHP code into the PHPSESSID, which is stored in the session file.

7.5
2006-08-29 CVE-2006-4432 Zend Directory Traversal vulnerability in Zend Platform

Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a ..

7.5
2006-08-29 CVE-2006-4431 Zend Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Zend Platform

Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the Zend Platform 2.2.1 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a (1) empty or (2) crafted PHP session identifier (PHPSESSID).

7.5
2006-08-29 CVE-2006-4429 Phlymail Unspecified vulnerability in Phlymail Lite 3.44

** DISPUTED ** PHP remote file inclusion vulnerability in handlers/email/mod.output.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter, a different vector than CVE-2006-4291.

7.5
2006-08-29 CVE-2006-4428 Jupiter CMS Remote File Include vulnerability in Jupiter CMS Jupiter CMS 1.1.5

** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter.

7.5
2006-08-29 CVE-2006-4423 Bigace Remote File Include vulnerability in Bigace 1.8.2

Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][admin] parameter in (a) system/command/admin.cmd.php, (b) admin/include/upload_form.php, and (c) admin/include/item_main.php; and the (2) GLOBALS[_BIGACE][DIR][libs] parameter in (d) system/command/admin.cmd.php and (e) system/command/download.cmd.php.

7.5
2006-08-29 CVE-2006-4422 Jetbox Remote File Include vulnerability in Jetbox CMS 2.1

** DISPUTED ** PHP remote file inclusion vulnerability in includes/phpdig/libs/search_function.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the relative_script_path parameter, a different vector than CVE-2006-2270.

7.5
2006-08-28 CVE-2006-4419 Promanager SQL Injection vulnerability in Promanager 0.73

SQL injection vulnerability in note.php in ProManager 0.73 allows remote attackers to execute arbitrary SQL commands via the note_id parameter.

7.5
2006-08-28 CVE-2006-4417 Xoops SQL Injection vulnerability in Xoops Edituser.PHP

SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter.

7.5
2006-09-01 CVE-2006-4522 IBM Local Privilege Escalation vulnerability in IBM AIX Dtterm

Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code with root privileges via unspecified vectors.

7.2
2006-08-31 CVE-2006-4481 PHP Input Validation vulnerability in PHP

The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings.

7.2
2006-08-30 CVE-2006-4447 X ORG Local Privilege Escalation vulnerability in Multiple X.Org Products SetUID

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.

7.2
2006-08-28 CVE-2006-4416 IBM Local Insecure Program Execution vulnerability in IBM AIX 5.1/5.2/5.3

Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 and 5.3 allows local users to gain privileges by modifying the path to point to a malicious (1) chdev, (2) mkboot, (3) varyonvg, or (4) varyoffvg program.

7.2

45 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-08-31 CVE-2006-4474 Joomla Cross-Site Scripting vulnerability in Joomla 1.0.9

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search.

6.8
2006-08-31 CVE-2006-4468 Joomla Unspecified vulnerability in Joomla

Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack of inclusion of globals.php in administrator/index.php; (5) the Admin User Manager; and (6) the poll module.

6.8
2006-08-29 CVE-2006-4442 Clemens Wacha HTML Injection vulnerability in PHP iAddressBook Cat_Name

Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.95 allows remote attackers to inject arbitrary web script or HTML via the cat_name parameter, related to adding a category.

6.8
2006-08-31 CVE-2006-4471 Joomla Unspecified vulnerability in Joomla

The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors.

6.5
2006-08-29 CVE-2006-4444 Cybozu SQL Injection vulnerability in Cybozu Garoon 2.1.0Forwindows

Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality; the (2) pid parameter in the (d) workflow/view or (e) workflow/print functionality; the (3) uid parameter in the (f) schedule/user_view, (g) phonemessage/add, (h) phonemessage/history, or (i) schedule/view functionality; the (4) cid parameter in (j) todo/index; the (5) iid parameter in the (k) memo/view or (l) memo/print functionality; or the (6) event parameter in the (m) schedule/view functionality.

6.5
2006-08-31 CVE-2006-4458 Phpgroupware Local File Include vulnerability in PHPgroupware 0.9.16.010

Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a ..

6.4
2006-08-31 CVE-2006-4488 Exbb Remote File Include vulnerability in ExBB Italia UserStop.PHP

PHP remote file inclusion vulnerability in modules/userstop/userstop.php in ExBB Italia 0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter.

5.1
2006-08-31 CVE-2006-4146 GNU Buffer Errors vulnerability in GNU GDB 6.5

Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations.

5.1
2006-08-31 CVE-2006-4473 Joomla Unspecified vulnerability in Joomla 1.0.9

Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks.

5.1
2006-08-30 CVE-2006-4450 Phpbb Group Unspecified vulnerability in PHPbb Group PHPbb 2.0.20

usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request.

5.1
2006-08-30 CVE-2006-4449 Mybulletinboard HTML Injection vulnerability in Mybulletinboard 1.1.7

Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer.

5.1
2006-08-30 CVE-2006-4448 Interact Learning Community Environment Remote File Include vulnerability in Interact Learning Community Environment Interact 2.2

Multiple PHP remote file inclusion vulnerabilities in interact 2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[BASE_PATH] parameter in (a) admin/autoprompter.php and (b) includes/common.inc.php, and the (2) CONFIG[LANGUAGE_CPATH] parameter in (c) admin/autoprompter.php.

5.1
2006-08-29 CVE-2006-4427 Efiction Authentication Bypass vulnerability in eFiction

index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1".

5.1
2006-08-29 CVE-2006-4426 Albert Remote File Include vulnerability in Albert Albert-Easysite 0.8.12

PHP remote file inclusion vulnerability in AES/modules/auth/phpsecurityadmin/include/logout.php in AlberT-EasySite (AES) 1.0a5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter.

5.1
2006-08-29 CVE-2006-4425 Coinsoft Technologies Remote Security vulnerability in Coinsoft Technologies PHPcoin 1.2.3

Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 allow remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter in coin_includes scripts including (1) api.php, (2) common.php, (3) core.php, (4) custom.php, (5) db.php, (6) redirect.php or (7) session_set.php.

5.1
2006-08-29 CVE-2006-4424 Coinsoft Technologies Remote File Include vulnerability in Coinsoft Technologies PHPcoin 1.2.3

PHP remote file inclusion vulnerability in coin_includes/constants.php in phpCOIN 1.2.3 allows remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter.

5.1
2006-09-01 CVE-2006-4523 2Wire INC Denial of Service vulnerability in 2wire Modems and Routers CRLF

The web-based management interface in 2Wire, Inc.

5.0
2006-08-31 CVE-2006-4503 NX5 Directory Traversal vulnerability in NX5 Nx5Linx 1.0

Directory traversal vulnerability in link.php in NX5Linx 1.0 allows remote attackers to read arbitrary files via the logo parameter.

5.0
2006-08-31 CVE-2006-4499 Moderngigabyte Remote Security vulnerability in ModernBill

ModernBill 5.0.4 and earlier uses cURL with insecure settings for CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST that do not verify SSL certificates, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack.

5.0
2006-08-31 CVE-2006-4492 Cybozu Information Disclosure vulnerability in Cybozu Office 6.5Build1.2

Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors.

5.0
2006-08-31 CVE-2006-4487 Duware Information Disclosure vulnerability in Dupoll 3.0/3.1

DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords.

5.0
2006-08-31 CVE-2006-4466 Joomla Improper Input Validation vulnerability in Joomla 1.0.9

Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact.

5.0
2006-08-31 CVE-2006-4464 Nokia Denial of Service vulnerability in Nokia Symbian S60

The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, allows remote attackers to cause a denial of service (crash) via JavaScript that constructs a large Unicode string.

5.0
2006-08-30 CVE-2006-4455 Xchat Remote Denial of Service vulnerability in XChat

** DISPUTED ** Unspecified vulnerability in Xchat 2.6.7 and earlier allows remote attackers to cause a denial of service (crash) via unspecified vectors involving the PRIVMSG command.

5.0
2006-08-30 CVE-2006-4446 Microsoft Buffer Overflow vulnerability in Microsoft IE 6.0

Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points.

5.0
2006-08-29 CVE-2006-4436 Openbsd Unspecified vulnerability in Openbsd 3.8/3.9

isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Security Associations (SA) with a replay window of size 0 when isakmpd acts as a responder during SA negotiation, which allows remote attackers to replay IPSec packets and bypass the replay protection.

5.0
2006-08-29 CVE-2006-4434 Sendmail Resource Management Errors vulnerability in Sendmail

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced.

5.0
2006-08-29 CVE-2006-4430 Cisco Unspecified vulnerability in Cisco products

The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows remote attackers to prevent installation of the Cisco Clean Access (CCA) Agent and bypass local and remote protection mechanisms by modifying (1) the HTTP User-Agent header or (2) the behavior of the TCP/IP stack.

5.0
2006-08-28 CVE-2006-4420 Phaos Local File Include vulnerability in Phaos 0.9/0.9.1/0.9.2

Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 allows remote attackers to include arbitrary local files via ".." sequences in the lang parameter.

5.0
2006-08-29 CVE-2006-4435 Openbsd Denial Of Service vulnerability in Openbsd 3.8/3.9

OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service (kernel panic) by allocating more semaphores than the default.

4.9
2006-08-31 CVE-2006-4507 Sony Local Security vulnerability in PSP

Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony PlaystationPortable (PSP) 2.00 through 2.80 allows local users to execute arbitrary code via crafted TIFF images.

4.6
2006-09-01 CVE-2006-4528 Membrepass Cross-Site Scripting vulnerability in Membrepass 1.5

Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) recherche parameter in recherchemembre.php and the (2) email parameter in test.php.

4.3
2006-09-01 CVE-2006-4525 Devellion Multiple Security vulnerability in CubeCart

Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array.

4.3
2006-08-31 CVE-2006-4500 Ztml Input Validation vulnerability in Ztml Ezportal Ztml CMS 1.0

Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) about, (2) again, (3) lastname, (4) email, (5) password, (6) album, (7) id, (8) table, (9) desc, (10) doc, (11) mname, (12) max, (13) htpl, (14) pheader, and possibly other parameters.

4.3
2006-08-31 CVE-2006-4496 Iwebnegar Cross-Site Scripting vulnerability in Iwebnegar 1.1

Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to inject arbitrary web script or HTML via the comment parameter.

4.3
2006-08-31 CVE-2006-4480 Nuked Klan Cross-Site Scripting vulnerability in Nuked-Klan 1.7Sp4.3

Incomplete blacklist vulnerability in the nk_CSS function in nuked.php in Nuked-Klan 1.7 SP4.3 allows remote attackers to bypass anti-XSS features and inject arbitrary web script or HTML via JavaScript in an attribute value that is not in the blacklist, as demonstrated using the STYLE attribute of a B element.

4.3
2006-08-31 CVE-2006-4479 Visualshapers Cross-Site Scripting vulnerability in Visualshapers Ezcontents 2.0.3

Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual Shapers ezContents 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the subgroupname parameter.

4.3
2006-08-31 CVE-2006-4460 Clemens Wacha Cross-Site Scripting vulnerability in PHP iAddressBook

Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.96 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2006-08-30 CVE-2006-4454 Hlstats Cross-Site Scripting vulnerability in Hlstats 1.34

Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

4.3
2006-08-30 CVE-2006-4453 Pmwiki HTML Injection vulnerability in PMWiki Table Markups

Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "table markups".

4.3
2006-08-29 CVE-2006-4421 Yapig Cross-Site Scripting vulnerability in Yapig 0.95B

Cross-site scripting (XSS) vulnerability in template/default/thanks_comment.php in Yet Another PHP Image Gallery (YaPIG) 0.95b allows remote attackers to inject arbitrary web script or HTML via the D_REFRESH_URL parameter.

4.3
2006-08-31 CVE-2006-4508 Scatterchat
TOR
Denial of Service vulnerability in Tor

Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and 0.1.1.x before 0.1.1.23, and (2) ScatterChat before 1.0.2, allows remote attackers operating a Tor entry node to route arbitrary Tor traffic through clients or cause a denial of service (flood) via unspecified vectors.

4.0
2006-08-31 CVE-2006-4491 Cybozu Directory Traversal vulnerability in Cybozu Ag

Directory traversal vulnerability in Cybozu Collaborex, AG before 1.2(1.5), AG Pocket before 5.2(0.8), Mailwise before 3.0(0.3), and Garoon 1 before 1.5(4.1) allows remote authenticated users to read arbitrary files via unspecified vectors.

4.0
2006-08-31 CVE-2006-4490 Cybozu Directory Traversal vulnerability in Cybozu Office

Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a ..

4.0
2006-08-28 CVE-2006-4418 Wikepage Local File Include vulnerability in Wikepage 2006.2/2006.2A

Directory traversal vulnerability in index.php for Wikepage 2006.2a Opus 10 allows remote attackers to include arbitrary local files via the lng parameter, as demonstrated by inserting PHP code into a log file.

4.0

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-08-31 CVE-2006-4506 Netiq Unspecified vulnerability in Netiq Identity Manager 3.0.1

idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors, possibly involving the " (quote) and \ (backslash) characters and eval injection.

3.6
2006-08-29 CVE-2006-4439 SUN Unspecified vulnerability in SUN Solaris 10.0

pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871.

3.6
2006-09-01 CVE-2006-4527 Devellion Multiple Security vulnerability in Devellion Cubecart 3.0.12

includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks.

2.6
2006-08-31 CVE-2006-4486 PHP Numeric Errors vulnerability in PHP

Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction.

2.6
2006-08-31 CVE-2006-4484 PHP Input Validation vulnerability in PHP

Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.

2.6
2006-08-31 CVE-2006-4493 Xbiff2 Information Disclosure vulnerability in Xbiff2 1.9

xbiff2 1.9 creates $HOME/.xbiff2rc in a user's home directory with insecure file permissions, which allows local users to obtain sensitive information such as login credentials.

2.1
2006-08-28 CVE-2006-4380 Mysql Denial Of Service vulnerability in Mysql 4.1.13

MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects.

2.1