Weekly Vulnerabilities Reports > September 4 to 10, 2006

Overview

109 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 51 high severity vulnerabilities. This weekly summary report vulnerabilities in 99 products from 92 vendors including Softbb, Longino, Chxo, GNU, and Vtiger. Vulnerabilities are notably categorized as "Code Injection", "Information Exposure", "Reachable Assertion", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "SQL Injection".

  • 100 reported vulnerabilities are remotely exploitables.
  • 33 reported vulnerabilities have public exploit available.
  • 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 100 reported vulnerabilities are exploitable by an anonymous user.
  • Softbb has the most reported vulnerabilities, with 4 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-09-06 CVE-2006-3742 KDE Remote Security vulnerability in KDE Kdebase 3.5.40.4.Fc5

The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times.

10.0
2006-09-05 CVE-2006-4534 Microsoft Remote Code Execution vulnerability in Microsoft Office 2000/2001/2003

Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.

9.3
2006-09-06 CVE-2006-4585 TR Forum SQL Injection And Authentication Bypass vulnerability in TR Forum TR Forum 2.0

SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows remote authenticated users to execute arbitrary SQL commands via the id2 parameter.

9.0

51 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-09-09 CVE-2006-4670 Gtasoft Remote File Include vulnerability in Photokorn

Multiple PHP remote file inclusion vulnerabilities in PhotoKorn Gallery 1.52 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) includes/cart.inc.php or (2) extras/ext_cats.php.

7.5
2006-09-09 CVE-2006-4667 Runcms SQL Injection vulnerability in Runcms 1.4.1

Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in (a) class/sessions.class.php, and the (2) timezone_offset and (3) umode parameters in (b) class/xoopsuser.php.

7.5
2006-09-09 CVE-2006-4666 Stefan Ernst Code Injection vulnerability in Stefan Ernst Newsscript 0.5

Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) ide parameter in (a) article.php; or the (2) pwfile parameter in (b) delete.php, (c) modify.php, (d) admin.php, or (e) modify_go.php.

7.5
2006-09-09 CVE-2006-4662 Mirabilis Remote Heap Buffer Overflow vulnerability in ICQ MCRegEx__Search

Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type.

7.5
2006-09-09 CVE-2006-4656 WEB Provence Remote File Include vulnerability in Web-Provence SL_Site Spaw_control.class.PHP

PHP remote file inclusion vulnerability in admin/editeur/spaw_control.class.php in Web Provence SL_Site 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter.

7.5
2006-09-09 CVE-2006-4652 Amazing Little Picture Poll
Amazing Little Poll
Authentication Bypass vulnerability in Amazing Little Picture Poll Admin Login Page

(1) Amazing Little Poll and (2) Amazing Little Picture Poll have a default password of "dsapoll", which allows remote attackers to create a new poll by entering default credentials via lp_admin.php.

7.5
2006-09-08 CVE-2006-4649 Bingo News Code Injection vulnerability in Bingo News Bingo News

PHP remote file inclusion vulnerability in bp_news.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter.

7.5
2006-09-08 CVE-2006-4648 Bingo News Remote File Include vulnerability in Bingo News BP_ncom.PHP

PHP remote file inclusion vulnerability in bp_ncom.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter.

7.5
2006-09-08 CVE-2006-4647 Sponge News Remote File Include vulnerability in Sponge News News.PHP

PHP remote file inclusion vulnerability in news.php in Sponge News 2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sndir parameter.

7.5
2006-09-08 CVE-2006-4645 Akarru Remote File Include vulnerability in Akarru Social BookMarking Engine Main_Content.PHP

PHP remote file inclusion vulnerability in akarru.gui/main_content.php in Akarru Social BookMarking Engine 0.4.3.34 and earlier, and possibly 0.4.4.120, allows remote attackers to execute arbitrary PHP code via a URL in the bm_content parameter.

7.5
2006-09-08 CVE-2006-4644 Phpfullannu Remote File Include vulnerability in PHPfullannu 5.1

PHP remote file inclusion vulnerability in modules/home.module.php in phpFullAnnu 5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the repmod parameter.

7.5
2006-09-08 CVE-2006-4643 UNI Vert SQL Injection vulnerability in Uni-Vert PHPleague 0.82

SQL injection vulnerability in consult/joueurs.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the id_joueur parameter.

7.5
2006-09-08 CVE-2006-4641 Muratsoft SQL Injection vulnerability in Muratsoft Haber Portal 3.6

SQL injection vulnerability in kategori.asp in Muratsoft Haber Portal 3.6 allows remote attackers to execute arbitrary SQL commands via the kat parameter.

7.5
2006-09-08 CVE-2006-4379 Ipswitch Stack Overflow vulnerability in Ipswitch products

Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character.

7.5
2006-09-08 CVE-2006-4636 Szewo Local File Include vulnerability in SZEWO PhpCommander

Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.

7.5
2006-09-08 CVE-2006-4632 Softbb SQL-Injection vulnerability in SoftBB

Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) groupe parameter in addmembre.php and the (2) select parameter in moveto.php.

7.5
2006-09-08 CVE-2006-4630 SKY Gunning Remote File Include vulnerability in MySpeach JScript.PHP

PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING MySpeach 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter.

7.5
2006-09-08 CVE-2006-4629 C News FR Remote File Include vulnerability in C-News Path Parameter

PHP remote file inclusion vulnerability in affichage/commentaires.php in C-News.fr C-News 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

7.5
2006-09-07 CVE-2006-4626 Alwil Remote LHA Buffer Overflow vulnerability in Avast! Antivirus Engine

Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers to execute arbitrary code via a crafted LHA file that contains extended headers with file and directory names whose concatenation triggers the overflow.

7.5
2006-09-07 CVE-2006-4622 Comscripts Remote File Include vulnerability in Comscripts Annoncev 1.1

PHP remote file inclusion vulnerability in annonce.php in AnnonceV (aka annoncesV) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

7.5
2006-09-07 CVE-2006-4621 Bare Concept Media Remote Security vulnerability in Bare Concept Media Pheap CMS 1.1

PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter.

7.5
2006-09-07 CVE-2006-4617 Vtiger File-Upload vulnerability in vtiger CRM

Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder.

7.5
2006-09-07 CVE-2006-4612 John Andersson SQL Injection vulnerability in John Andersson Zixforum 1.12

SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows remote attackers to execute arbitrary SQL commands via the RepId parameter.

7.5
2006-09-07 CVE-2006-4611 Dsocks Buffer Overflow vulnerability in DSocks Name Variable

Buffer overflow in the _tor_resolve function in dsocks.c in dsocks before 1.4 allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a long node name.

7.5
2006-09-07 CVE-2006-4607 Longino Input Validation vulnerability in Longino Jacome PHP-Revista 1.1.2

admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to bypass authentication controls by setting the ID_ADMIN and SUPER_ADMIN parameters to 1.

7.5
2006-09-07 CVE-2006-4606 Longino Input Validation vulnerability in Longino Jacome PHP-Revista 1.1.2

Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) id_temas parameter in busqueda_tema.php, the (2) cadena parameter in busqueda.php, the (3) id_autor parameter in autor.php, the (4) email parameter in lista.php, and the (5) id_articulo parameter in articulo.php.

7.5
2006-09-07 CVE-2006-4605 Longino Input Validation vulnerability in Longino Jacome PHP-Revista 1.1.2

PHP remote file inclusion vulnerability in index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to execute arbitrary PHP code via the adodb parameter.

7.5
2006-09-07 CVE-2006-4604 Lanifex Remote File Include vulnerability in Lanifex 2.2

PHP remote file inclusion vulnerability in LFXlib/access_manager.php in Lanifex Database of Managed Objects (DMO) 2.3 Beta and earlier allows remote attackers to execute arbitrary PHP code via the _incMgr parameter.

7.5
2006-09-07 CVE-2006-4603 NCH Software Authentication Bypass vulnerability in NCH Software Swift Sound web Dictate 1.02

NCH Swift Sound Web Dictate 1.02 allows remote attackers to bypass authentication via a null password.

7.5
2006-09-07 CVE-2006-4602 Tiki Remote Command Execution vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.4

Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory.

7.5
2006-09-07 CVE-2006-4601 Annuaire SQL Injection vulnerability in Annuaire 1Two 2.2

SQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-09-07 CVE-2006-4599 Autentificator SQL Injection vulnerability in Autentificator 2.01

SQL injection vulnerability in aut_verifica.inc.php in Autentificator 2.01 allows remote attackers to execute arbitrary SQL commands via the user parameter.

7.5
2006-09-07 CVE-2006-4598 Sslinks SQL Injection vulnerability in Sslinks 1.22

Multiple SQL injection vulnerabilities in links.php in ssLinks 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) go parameter and (2) id parameter in a rate action.

7.5
2006-09-07 CVE-2006-4597 Icblogger SQL-Injection vulnerability in ICBlogger

SQL injection vulnerability in devam.asp in ICBlogger 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the YID parameter.

7.5
2006-09-06 CVE-2006-4594 Bugada Andrea Remote File Include vulnerability in Bugada Andrea PHP Advanced Transfer Manager 1.20

Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php.

7.5
2006-09-06 CVE-2006-4592 8Pixel NET SQL Injection vulnerability in 8Pixel.net SimpleBlog ID Parameter

Incomplete blacklist vulnerability in default.asp in 8pixel.net Simple Blog 2.3 and earlier allows remote attackers to conduct SQL injection attacks via ">" characters in the id parameter, which are not filtered by the protection mechanism.

7.5
2006-09-06 CVE-2006-4591 Alstrasoft Remote File Include vulnerability in Alstrasoft Template Seller 3.25

Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Template Seller, and possibly AltraSoft Template Seller Pro 3.25, allow remote attackers to execute arbitrary PHP code via a URL in the config[template_path] parameter to (1) payment/payment_result.php or (2) /payment/spuser_result.php.

7.5
2006-09-06 CVE-2006-4590 Jetstat COM SQL Injection vulnerability in JetStat JS ASP Faq Manager

SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP Faq Manager 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2006-4463.

7.5
2006-09-06 CVE-2006-4589 Dyncms Remote File Include vulnerability in DynCMS X_Admindir

PHP remote file inclusion vulnerability in 0_admin/modules/Wochenkarte/frontend/index.php in DynCMS 6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the x_admindir parameter.

7.5
2006-09-06 CVE-2006-4588 Vtiger HTML Injection and Access Control Bypass vulnerability in Vtiger CRM 4.2/4.2.4

vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module.

7.5
2006-09-06 CVE-2006-4584 TR Forum SQL Injection And Authentication Bypass vulnerability in TR Forum TR Forum 2.0

Tr Forum 2.0 allows remote attackers to bypass authentication and add an administrative account via the login and password parameters to admin/insert_admin.php.

7.5
2006-09-06 CVE-2006-4583 Darrens 5 Dollar Script Archive Code Injection vulnerability in Darrens 5-Dollar Script Archive Flashchat

Multiple PHP remote file inclusion vulnerabilities in FlashChat before 4.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/cmses/aedatingCMS.php, (2) inc/cmses/aedatingCMS2.php, or (3) inc/cmses/aedating4CMS.php.

7.5
2006-09-06 CVE-2006-4555 Retro64 Remote Buffer Overflow vulnerability in Retro64 CR64Loader ActiveX

Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors involving an HTML document that references the CLSID of the control.

7.5
2006-09-06 CVE-2006-4551 Chxo Input Validation vulnerability in Chxo Feedsplitter 20060121

Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to execute arbitrary PHP code via (1) the file specified as the value of the format parameter, and possibly (2) the RSS feed.

7.5
2006-09-06 CVE-2006-4548 E107 Remote Security vulnerability in e107

e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_include image/jpeg parameter in e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php, as demonstrated by a multipart/form-data request.

7.5
2006-09-06 CVE-2006-4544 Exbb Remote File Include vulnerability in Exbb 1.9.1

Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter in files in the modules directory including (1) birstday/birst.php (2) birstday/select.php, (3) birstday/profile_show.php, (4) newusergreatings/pm_newreg.php, (5) punish/p_error.php, (6) punish/profile.php, and (7) threadstop/threadstop.php.

7.5
2006-09-06 CVE-2006-4459 Digi International INC Integer Overflow vulnerability in Digi International INC Anywhere Usb5 1.80.00

Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause a denial of service (crash) via a 1 byte header size specified in the USB string descriptor.

7.5
2006-09-06 CVE-2006-4095 ISC
Canonical
Apple
Reachable Assertion vulnerability in multiple products

BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.

7.5
2006-09-06 CVE-2006-3126 Julian Pawlowski Remote Arbitrary Command Execution vulnerability in Julian Pawlowski Capi4Hylafax 01.02.03

c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute arbitrary commands via null (\0) and shell metacharacters in the TSI string, as demonstrated by a fax from an anonymous number.

7.5
2006-09-05 CVE-2006-4536 CMS Frogss SQL Injection vulnerability in CMS Frogss CMS Frogss 0.4

SQL injection vulnerability in module/rejestracja.php in CMS Frogss 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the podpis parameter.

7.5
2006-09-09 CVE-2006-4657 Panda Local Privilege Escalation vulnerability in Panda Platinum Internet Security 200610.02.01/200711.00.00

Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying (1) WebProxy.exe or (2) PAVSRV51.EXE.

7.2

49 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-09-08 CVE-2006-4646 Drupal Cross-Site Scripting vulnerability in Drupal Pathauto Module 4.6/4.7

Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto module before pathauto_node.inc 1.17.2.1 and the Drupal 4.6 Pathauto module before pathauto_node.inc 1.14.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.8
2006-09-08 CVE-2006-2482 Microchip Data Systems
Pentaware
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the TZipTV component in (1) ZipTV for Delphi 7 2006.1.26 and for C++ Builder 2006-1.16, (2) PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221, and possibly other products, allows user-assisted attackers to execute arbitrary code via an ARJ archive with a long header.

6.8
2006-09-07 CVE-2006-4608 Longino Input Validation vulnerability in Longino Jacome PHP-Revista 1.1.2

Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cadena parameter in busqueda.php and the (2) email parameter in lista.php.

6.8
2006-09-06 CVE-2006-4593 Softbb Cross-Site Scripting vulnerability in Softbb 0.1

Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.

6.8
2006-09-06 CVE-2006-4587 Vtiger HTML Injection and Access Control Bypass vulnerability in Vtiger CRM 4.2/4.2.4

Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module.

6.8
2006-09-06 CVE-2006-4563 Phpnuke Cross-Site Scripting vulnerability in PHPnuke Myheadlines 4.3.1

Cross-site scripting (XSS) vulnerability in the MyHeadlines before 4.3.2 module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the myh_op parameter to modules.php.

6.8
2006-09-06 CVE-2006-4553 Joomla
Mambo
Code Injection vulnerability in multiple products

PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2006-09-06 CVE-2006-4552 Chxo Input Validation vulnerability in Chxo Feedsplitter 20060121

Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to inject arbitrary web script or HTML via the RSS feed.

6.8
2006-09-06 CVE-2006-4543 Hlstats Cross-Site Scripting vulnerability in Hlstats 1.34

Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the (1) game parameter in players mode, the (2) weapon parameter in weaponinfo mode, the (3) st parameter in search mode, the (4) action parameter in actioninfo mode, and the (5) map parameter in mapinfo mode.

6.8
2006-09-06 CVE-2006-3636 GNU Multiple Security vulnerability in GNU Mailman

Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.8
2006-09-05 CVE-2006-4542 Usermin
Webmin
Cross-Site Scripting vulnerability in multiple products

Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.

6.8
2006-09-05 CVE-2006-4540 Learn COM Cross-Site Scripting vulnerability in Learn.com Learncenter.ASP

Cross-site scripting (XSS) vulnerability in learncenter.asp in Learn.com LearnCenter allows remote attackers to inject arbitrary web script or HTML via the id parameter.

6.8
2006-09-08 CVE-2006-4635 Squiz Unspecified vulnerability in Squiz Mysource Classic

Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in Web_Extensions - Notitia (I/II).

6.5
2006-09-08 CVE-2006-4631 Softbb Remote Security vulnerability in SoftBB

Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request.

6.5
2006-09-06 CVE-2006-4547 Lyris SQL-Injection vulnerability in Lyris List Manager 8.95

Lyris ListManager 8.95 allows remote authenticated users to obtain sensitive information by attempting to add a user with a ' (single quote) character in the name, which reveals the details of the underlying SQL query, possibly because of a forced SQL error or SQL injection.

6.5
2006-09-06 CVE-2006-4546 Lyris Remote Security vulnerability in Lyris List Manager 8.95

Lyris ListManager 8.95 allows remote authenticated users, who have administrative privileges for at least one list on the server, to add new administrators to any list via a modified MEMBERS_.List_ parameter.

6.5
2006-09-09 CVE-2006-4660 ICQ INC HTML Injection and Unauthorized Access vulnerability in ICQ INC ICQ Toolbar 1.3Forinternetexplorer

Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed module in AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) allow remote attackers to process arbitrary web script or HTML in the Feeds interface context via the (1) title and (2) description elements within an item element in an RSS feed.

5.8
2006-09-06 CVE-2006-4586 TR Forum SQL Injection And Authentication Bypass vulnerability in TR Forum TR Forum 2.0

The admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modif_profil.php, and changing a password via /membres/change_mdp.php.

5.5
2006-09-09 CVE-2006-4669 Somery Remote File Include vulnerability in Somery Include.PHP

PHP remote file inclusion vulnerability in admin/system/include.php in Somery 0.4.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter.

5.1
2006-09-09 CVE-2006-4654 EFS Software Remote Format String vulnerability in EFS Software Easy Address Book web Server 1.2

Format string vulnerability in Easy Address Book Web Server 1.2 allows remote attackers to cause a denial of service (crash) or "compromise the server" via encoded format string specifiers in the query string.

5.1
2006-09-08 CVE-2006-4639 C News FR Code Injection vulnerability in C-News.Fr C-News

Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News 1.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path parameter in (1) formulaire_commentaires.php, (2) affichage/liste_news.php, (3) affichage/news_complete.php, or (4) affichage/pagination.php.

5.1
2006-09-08 CVE-2006-4638 Acgv News Remote File Include vulnerability in ACGV News PathNews Parameter

PHP remote file inclusion vulnerability in article.php in ACGV News 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter.

5.1
2006-09-08 CVE-2006-4637 Acgv News Code Injection vulnerability in Acgv News Acgv News 0.9.1

Multiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter in (1) header.php or (2) news.php.

5.1
2006-09-07 CVE-2006-4618 John LIM Remote Security vulnerability in Adodb

PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in John Lim ADOdb, possibly 4.01 and earlier, as used in Intechnic In-link 2.3.4, allows remote attackers to execute arbitrary PHP code via a URL in the ADODB_DIR parameter.

5.1
2006-09-07 CVE-2006-4610 Graphiks Remote File Include vulnerability in Graphiks GrapAgenda

PHP remote file inclusion vulnerability in index.php in GrapAgenda 0.11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the page parameter.

5.1
2006-09-06 CVE-2006-4564 Simplemachines SQL Injection vulnerability in Simplemachines SMF 1.1

SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter.

5.1
2006-09-09 CVE-2006-4659 Panda Local Privilege Escalation vulnerability in Panda Platinum Internet Security 200610.02.01/200711.00.00

The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs.

5.0
2006-09-09 CVE-2006-4658 Panda Local Privilege Escalation vulnerability in Panda Platinum Internet Security 200610.02.01/200711.00.00

Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses sequential message numbers in generated URLs that are not filtered if the user replies to a message, which might allow remote attackers to determine mail usage patterns.

5.0
2006-09-09 CVE-2006-4653 Amazing Little Picture Poll
Amazing Little Poll
Authentication Bypass vulnerability in Amazing Little Picture Poll Admin Login Page

(1) Amazing Little Poll and (2) Amazing Little Picture Poll store sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password via a direct request for the lp_settings file (lp_settings.inc or lp_settings.php).

5.0
2006-09-09 CVE-2006-4651 Threesquared NET Directory Traversal vulnerability in PHP Download

Directory traversal vulnerability in download/index.php, and possibly download.php, in threesquared.net (aka Ben Speakman) Php download allows remote attackers to overwrite arbitrary local files via ..

5.0
2006-09-09 CVE-2006-4294 Twiki Directory Traversal vulnerability in TWiki Viewfile

Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a ..

5.0
2006-09-08 CVE-2006-4633 Softbb Remote Security vulnerability in SoftBB

index.php in SoftBB 0.1, and possibly earlier, allows remote attackers to obtain the installation path via a null or invalid page[] parameter.

5.0
2006-09-07 CVE-2006-4616 Mailenable Remote Denial of Service vulnerability in Mailenable products

SMTP service in MailEnable Standard, Professional, and Enterprise before ME-10014 (20060904) allows remote attackers to cause a denial of service via an SPF lookup for a domain with a large number of records, which triggers a null pointer exception.

5.0
2006-09-07 CVE-2006-4595 Muforum Information Exposure vulnerability in Muforum 0.4C

muforum (µforum) 0.4c stores membres/members.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes.

5.0
2006-09-06 CVE-2006-4550 Chxo Input Validation vulnerability in Chxo Feedsplitter 20060121

Directory traversal vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to read arbitrary XML files via ..

5.0
2006-09-06 CVE-2006-4549 Chxo Input Validation vulnerability in Chxo Feedsplitter 20060121

CHXO Feedsplitter 2006-01-21 allows remote attackers to read the source code of feedsplitter.php via the showsource function.

5.0
2006-09-06 CVE-2006-4096 ISC Remote Denial of Service vulnerability in ISC BIND

BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty.

5.0
2006-09-06 CVE-2006-2941 GNU Multiple Security vulnerability in GNU Mailman

Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers".

5.0
2006-09-07 CVE-2006-4615 Shape Services Information Disclosure vulnerability in Shape Services Im+ Mobile Instant Messenger 3.10Forpocketpc

Shape Services IM+ Mobile Instant Messenger for Pocket PC 3.10 stores usernames and passwords in plaintext in %PROGRAMFILES%\IMPlus\implus.cfg, which allows local users to obtain sensitive information by reading the file.

4.9
2006-09-07 CVE-2006-4614 Pocket PC Information Disclosure vulnerability in Pocket PC Pocket PC 1.30Bh

PDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords in plaintext in the Windows Mobile registry, which allows local users to obtain sensitive information via keys under \HKEY_CURRENT_USER\Software\PDAapps\VeriChat.

4.9
2006-09-09 CVE-2006-4655 SCO
SUN
Local Buffer Overflow vulnerability in X.Org X Window Server LibX11 XKEYBOARD Extension

Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.

4.6
2006-09-07 CVE-2006-4620 ALT N Unspecified vulnerability in Alt-N Webadmin

The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with MDaemon 9.0.6, and possibly earlier versions, allows remote authenticated domain administrators to gain privileges and obtain access to the system mail queue by modifying the mailbox of the MDaemon user account to use the mailbox of another account.

4.6
2006-09-07 CVE-2006-4619 Avira Local Buffer Overflow vulnerability in Avira AntiVir Shatter

The start update window in update.exe in Avira AntiVir PersonalEdition Classic 7.0 build 151 allows local users to gain system privileges via a "Shatter" style attack on the (1) IParam parameter, and the (2) PBM_GETRANGE and (3) PBM_SETRANGE messages in an unspecified progress bar.

4.6
2006-09-05 CVE-2006-4541 ISS Improper Input Validation vulnerability in ISS Blackice PC Protection

RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly 3.6 and earlier, allows local users to cause a denial of service (crash) via a NULL third argument to the NtOpenSection API function.

4.6
2006-09-09 CVE-2006-4668 ROB Hensley Cross-Site Scripting vulnerability in ROB Hensley Ackertodo 4.0

Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley AckerTodo 4.0 allows remote attackers to inject arbitrary web script or HTML via the task_id parameter in an edit_task command.

4.3
2006-09-09 CVE-2006-4665 Mkportal Cross-Site Scripting vulnerability in Mkportal 1.1Rc1

Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 Rc1 allows remote attackers to inject arbitrary web script or HTML via the ind parameter, possibly related to the PHP_SELF variable.

4.3
2006-09-08 CVE-2006-4634 Vbzoom Cross-Site Scripting vulnerability in VBZoom

Cross-site scripting (XSS) vulnerability in index.php in VBZooM allows remote attackers to inject arbitrary web script or HTML via the UserID parameter, a different vector than CVE-2006-1133 and CVE-2005-2441.

4.3
2006-09-08 CVE-2006-4628 VCD DB HTML Injection vulnerability in VCD-DB Comments

Cross-site scripting (XSS) vulnerability in VCD-db before 0.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when handling comments.

4.3
2006-09-05 CVE-2006-4339 Openssl Cryptographic Issues vulnerability in Openssl

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.

4.3

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-09-09 CVE-2006-4661 ICQ INC HTML Injection and Unauthorized Access vulnerability in ICQ INC ICQ Toolbar 1.3Forinternetexplorer

AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of the configuration web page (options2.html), which allows user-assisted remote attackers to provide a web page that contains disguised checkboxes that trick the user into reconfiguring the toolbar.

2.6
2006-09-09 CVE-2006-4650 Cisco Remote Security vulnerability in IOS 12.0/12.1/12.2

Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs.

2.6
2006-09-07 CVE-2006-4624 GNU Code Injection vulnerability in GNU Mailman

CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.

2.6
2006-09-07 CVE-2006-4600 Openldap Unspecified vulnerability in Openldap

slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).

2.3
2006-09-05 CVE-2006-4537 DEC Information Exposure vulnerability in DEC Openvms Alpha 7.3.2/8.2

NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alpha 8.2 writes a password to an audit log file when there is a successful connection after a "network breakin" event, which allows local users to obtain passwords by reading the file.

2.1
2006-09-08 CVE-2006-4642 Auditwizard Information Disclosure vulnerability in Auditwizard 6.3.2

AuditWizard 6.3.2, when using "Remote Audit," logs the administrator password in plaintext to LaytonCmdSvc.log, which allows local users to obtain sensitive information by reading the file.

1.7