Weekly Vulnerabilities Reports > September 11 to 17, 2006

Overview

153 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 53 high severity vulnerabilities. This weekly summary report vulnerabilities in 124 products from 97 vendors including Mozilla, Apple, Microsoft, Adobe, and IBM. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Cross-site Scripting", "Code Injection", and "Resource Management Errors".

  • 139 reported vulnerabilities are remotely exploitables.
  • 30 reported vulnerabilities have public exploit available.
  • 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 148 reported vulnerabilities are exploitable by an anonymous user.
  • Mozilla has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

6 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-09-15 CVE-2006-4831 Iodine Security vulnerability in Iodine 0.3/0.3.1

Unspecified vulnerability in IP over DNS is now easy (iodine) before 0.3.2 has unknown impact and attack vectors, related to "potential security problems." This vulnerability is addressed in the following product release: Iodine, Iodine, 0.3.2

10.0
2006-09-15 CVE-2006-4830 Blojsom Directory Traversal vulnerability in Blojsom 2.30

Directory traversal vulnerability in EditBlogTemplatesPlugin.java in David Czarnecki Blojsom 2.30 allows remote attackers to have an unknown impact by sending an HTTP request with a certain value of blogTemplate.

10.0
2006-09-15 CVE-2006-4571 Mozilla Remote vulnerability in Mozilla Seamonkey and Thunderbird

Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data.

10.0
2006-09-13 CVE-2006-4732 Microsoft Remote Security vulnerability in Microsoft Visual Basic 6.0

Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unknown impact ("overflow") via a project that contains a certain Click event procedure, as demonstrated using the msgbox function and the VB.Label object.

10.0
2006-09-15 CVE-2006-4565 Mozilla Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier."

9.3
2006-09-12 CVE-2006-0001 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Office and Publisher

Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.

9.3

53 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-09-15 CVE-2006-4833 Verso Netperformer Denial of Service vulnerability in Verso Netperformer Frame Relay Access Device ACT Sdm9200Series/Sdm9300Series/Sdm9500Series

Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allow remote attackers to cause a denial of service (hang or reboot) via an ICMP packet with the same destination and source address and port, aka the "Land" vulnerability.

7.8
2006-09-14 CVE-2006-4775 Cisco Resource Management Errors vulnerability in Cisco Catos and IOS

The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and CatOS allows remote attackers to cause a denial of service by sending a VTP update with a revision value of 0x7FFFFFFF, which is incremented to 0x80000000 and is interpreted as a negative number in a signed context.

7.8
2006-09-14 CVE-2006-4774 Cisco Resource Management Errors vulnerability in Cisco IOS 12.1(19)

The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to cause a denial of service by sending a VTP version 1 summary frame with a VTP version field value of 2.

7.8
2006-09-11 CVE-2006-4623 Linux Remote Denial of Service vulnerability in Linux Kernel 2.6.17.8

The Unidirectional Lightweight Encapsulation (ULE) decapsulation component in dvb-core/dvb_net.c in the dvb driver in the Linux kernel 2.6.17.8 allows remote attackers to cause a denial of service (crash) via an SNDU length of 0 in a ULE packet.

7.8
2006-09-14 CVE-2006-4777 Microsoft Buffer Errors vulnerability in Microsoft IE 6.0

Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446.

7.6
2006-09-12 CVE-2006-3442 Microsoft Code Injection vulnerability in Microsoft Windows XP

Unspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message.

7.6
2006-09-15 CVE-2006-4837 Codeworx Technologies Input Validation vulnerability in Codeworx Technologies Dcp-Portal Se6.0

Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php.

7.5
2006-09-15 CVE-2006-4834 Phpquiz Remote File Include vulnerability in PHPquiz 0.01

PHP remote file inclusion vulnerability in index.php in Jule Slootbeek phpQuiz 0.01 allows remote attackers to execute arbitrary PHP code via a URL in the pagename parameter.

7.5
2006-09-15 CVE-2006-4832 Verso Netperformer Buffer Overflow vulnerability in Verso Netperformer Frame Relay Access Device ACT Sdm9200Series/Sdm9300Series/Sdm9500Series

Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via a long username.

7.5
2006-09-15 CVE-2006-4828 Photopost Remote File Include vulnerability in PhotoPost Pro

PHP remote file inclusion vulnerability in zipndownload.php in PhotoPost 4.0 through 4.6 allows remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter.

7.5
2006-09-15 CVE-2006-4826 Shadowed Portal Remote File Include vulnerability in Shadowed Portal Bottom.PHP

PHP remote file inclusion vulnerability in bottom.php in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.

7.5
2006-09-15 CVE-2006-4824 Quicksilver Forums Remote File Include vulnerability in Quicksilver Forums Activeutil.PHP

PHP remote file inclusion vulnerability in lib/activeutil.php in Quicksilver Forums (QSF) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the set[include_path] parameter.

7.5
2006-09-15 CVE-2006-4823 Reamday Enterprises Remote File Include vulnerability in Reamday Enterprises Magic News Pro News_page.PHP

PHP remote file inclusion vulnerability in scripts/news_page.php in Reamday Enterprises Magic News Pro 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter.

7.5
2006-09-14 CVE-2006-4800 Ffmpeg Buffer Overflow vulnerability in FFmpeg Image File

Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c.

7.5
2006-09-14 CVE-2006-4437 Venture Nine PHP Code Injection vulnerability in Tagger LE

Eval injection vulnerability in Tagger LE allows remote attackers to execute arbitrary PHP code via the query string in (1) tags.php, (2) sign.php, and (3) admin/index.php.

7.5
2006-09-14 CVE-2006-4799 Xine Unspecified vulnerability in Xine Xine-Lib 1.0.1/1.0.2/1.1.0

Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and "bad indexes", a different vulnerability than CVE-2005-4048 and CVE-2006-2802.

7.5
2006-09-14 CVE-2006-4793 Tualblog SQL Injection vulnerability in Tualblog 1.0

Multiple SQL injection vulnerabilities in icerik.asp in TualBLOG 1.0 allow remote attackers to execute arbitrary SQL commands, as demonstrated by the icerikno parameter.

7.5
2006-09-14 CVE-2006-4785 Moodle SQL Injection vulnerability in Moodle

SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data type to an int.

7.5
2006-09-14 CVE-2006-4781 Futuresoft Remote Denial Of Service vulnerability in Futuresoft Tftp Server Multithreaded 1.1

Heap-based buffer overflow in FutureSoft TFTP Server Multithreaded (MT) 1.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by sending a crafted packet to port 69/UDP, which triggers the overflow when constructing an absolute path name.

7.5
2006-09-14 CVE-2006-4780 Phpbbxs Remote File Include vulnerability in PhpBB XS Functions.PHP

PHP remote file inclusion vulnerability in includes/functions.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

7.5
2006-09-14 CVE-2006-4779 Phpbb Group Remote File Include vulnerability in Vitrax Premodded Functions_Portal.PHP

PHP remote file inclusion vulnerability in includes/functions_portal.php in Vitrax Premodded phpBB 1.0.6-R3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

7.5
2006-09-14 CVE-2006-4778 Cchost SQL Injection vulnerability in CCHost

SQL injection vulnerability in Creative Commons Tools ccHost before 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URL, which is used to populate the file ID.

7.5
2006-09-14 CVE-2006-4776 Cisco Buffer Errors vulnerability in Cisco IOS 12.1(19)

Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to execute arbitrary code via a long VLAN name in a VTP type 2 summary advertisement.

7.5
2006-09-13 CVE-2006-4770 Miniportal Remote File Include vulnerability in MiniPortal Menu.PHP

PHP remote file inclusion vulnerability in menu.php in MiniPort@l 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skiny parameter.

7.5
2006-09-13 CVE-2006-4769 Gtasoft Remote File Include vulnerability in Gtasoft P4Cms 1.05

PHP remote file inclusion vulnerability in abf_js.php in p4CMS 1.05 allows remote attackers to execute arbitrary PHP code via a URL in the abs_pfad parameter.

7.5
2006-09-13 CVE-2006-4764 Wtools Remote File Include vulnerability in Wtools 0.0.1Alpha

PHP remote file inclusion vulnerability in common.php in Thomas LETE WTools 0.0.1-ALPH allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.

7.5
2006-09-13 CVE-2006-4763 IBM Unspecified vulnerability in IBM Lotus Domino web Access 7.0.1

IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's Lightweight Third-Party Authentication token (LtpaToken) upon logout, which allows remote attackers to obtain a user's privileges by intercepting the LtpaToken cookie.

7.5
2006-09-13 CVE-2006-4756 Accomplishtechnology SQL Injection vulnerability in Accomplishtechnology PHPmydirectory

SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter.

7.5
2006-09-13 CVE-2006-4749 Bugada Andrea Remote Security vulnerability in Bugada Andrea PHP Advanced Transfer Manager 1.20

Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) getimg.php, (5) ipblocked.php, (6) register.php, (7) showrecent.php, (8) showtophits.php, (9) usrmanag.php, (10) viewer_bottom.php, (11) viewer_content.php, and (12) viewer_top.php.

7.5
2006-09-13 CVE-2006-4748 F ART Agency SQL Injection vulnerability in F-Art Agency Blog CMS 4.1

Multiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) xagent, (2) xpath, (3) xreferer, and (4) xdns parameters in (a) admin/plugins/NP_Log.php, and the (5) pitem parameter in (b) admin/plugins/NP_Poll.php; and allow remote authenticated users to execute arbitrary SQL commands via the (6) pageRef parameter in (c) admin/plugins/NP_Referrer.php.

7.5
2006-09-13 CVE-2006-4746 Comscripts Remote Security vulnerability in Comscripts web Server Creator 0.1

PHP remote file inclusion vulnerability in news/include/customize.php in Web Server Creator 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter.

7.5
2006-09-13 CVE-2006-4741 Idevspot Input Validation vulnerability in Idevspot PHPlinkexchange 1.0

PHP remote file inclusion vulnerability in bits_listings.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to execute arbitrary code via the svr_rootPhpStart parameter.

7.5
2006-09-13 CVE-2006-4738 Jetbox Remote Security vulnerability in Jetbox CMS 2.1Sr1

PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS allows remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter.

7.5
2006-09-13 CVE-2006-4737 Jetbox Input Validation vulnerability in Jetbox CMS 2.1Sr1

SQL injection vulnerability in index.php in Jetbox CMS allows remote attackers to inject arbitrary web script or HTML via the item parameter.

7.5
2006-09-13 CVE-2006-4736 CMS R SQL Injection vulnerability in Cms.R. 5.5

Multiple SQL injection vulnerabilities in index.php in CMS.R.

7.5
2006-09-13 CVE-2006-4734 Tiki SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.4

Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters.

7.5
2006-09-13 CVE-2006-4733 Sips Remote File Include vulnerability in SIPS Box.Inc.PHP

PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in Haakon Nilsen simple, integrated publishing system (SIPS) 0.3.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[sipssys] parameter.

7.5
2006-09-12 CVE-2006-3873 Microsoft Buffer Overflow Variant vulnerability in Microsoft Internet Explorer HTTP 1.1 and Compression Long URI

Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.

7.5
2006-09-12 CVE-2006-4722 Openbb Remote File Include vulnerability in Devsyn Open Bulletin Board

PHP remote file inclusion vulnerability in Open Bulletin Board (OpenBB) 1.0.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) index.php and possibly (2) collector.php.

7.5
2006-09-12 CVE-2006-4720 Mcgallery Remote File Include vulnerability in MCGalleryPRO 2.2/2006

PHP remote file inclusion vulnerability in random2.php in mcGalleryPRO 2006 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter.

7.5
2006-09-12 CVE-2006-4717 Drupal Authentication Bypass vulnerability in Drupal Pubcookie.Module 1.2.2.4/1.6.2.1

The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors.

7.5
2006-09-12 CVE-2006-4716 Fire Soft Board Remote File Include vulnerability in Fire Soft Board Demarrage.PHP

PHP remote file inclusion vulnerability in demarrage.php in Fire Soft Board (FSB) RC3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter.

7.5
2006-09-12 CVE-2006-4715 Spoonlabs SQL Injection vulnerability in Spoonlabs Vivvo Article Management CMS 3.2

SQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-09-12 CVE-2006-4713 Psywerks Remote File Include vulnerability in Psywerks Puma 1.0Rc2

PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA 1.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.

7.5
2006-09-11 CVE-2006-4678 Comscripts Remote Security vulnerability in Comscripts News Evolution 3.0.3

PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows remote attackers to execute arbitrary PHP code via the _NE[AbsPath] parameter in (1) install.php and (2) migrateNE2toNE3.php.

7.5
2006-09-11 CVE-2006-4677 Phpopenchat Unspecified vulnerability in PHPopenchat 2.3.4/3.0.0

** DISPUTED ** PHP remote file inclusion vulnerability in contrib/yabbse/poc.php in phpopenchat before 3.0.2 allows remote attackers to execute arbitrary PHP code via the sourcedir parameter.

7.5
2006-09-11 CVE-2006-4675 Andreas Gohr File-Upload vulnerability in Dokuwiki

Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors.

7.5
2006-09-11 CVE-2006-4674 Andreas Gohr Unspecified vulnerability in Andreas Gohr Dokuwiki

Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php.

7.5
2006-09-11 CVE-2006-4672 Profitcode Code Injection vulnerability in Profitcode Ppalcart 2.5Ee

PHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, possibly a component of PayProCart, allows remote attackers to execute arbitrary PHP code via a URL in the (1) proMod parameter to (a) index.php, or the (2) docroot parameter to (b) index.php or (c) mainpage.php.

7.5
2006-09-14 CVE-2006-4803 Netiq Unspecified vulnerability in Netiq Identity Manager 3.0.1

The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors involving certain environment variables and "code injection."

7.2
2006-09-14 CVE-2006-3454 Symantec Local Format String vulnerability in Symantec Client Security and Norton Antivirus

Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages.

7.2
2006-09-13 CVE-2006-3740 X ORG
Xfree86 Project
Integer Overflow vulnerability in X.Org LibXfont CID Font File

Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections.

7.2
2006-09-13 CVE-2006-3739 X ORG
Xfree86 Project
Integer Overflow vulnerability in X.Org LibXfont CID Font File

Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow.

7.2

82 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-09-15 CVE-2006-4829 Blojsom Cross-Site Scripting vulnerability in Blojsom 2.31

Multiple cross-site scripting (XSS) vulnerabilities in David Czarnecki Blojsom 2.31 allow remote attackers to inject arbitrary web script or HTML via the (1) blog-category-description, (2) blog-entry-title, (3) rss-enclosure-url, (4) technorati-tagsi, or (5) blog-category-name parameter in a blog post.

6.8
2006-09-13 CVE-2006-4754 Comscripts Multiple vulnerability in Comscripts PHProg 1.0

Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call.

6.8
2006-09-13 CVE-2006-4751 Laurentiu Matei Cross-Site Scripting vulnerability in Laurentiu Matei Expandable Home Page CMS 0.5.1

Cross-site scripting (XSS) vulnerability in index.php in Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the errcode parameter.

6.8
2006-09-12 CVE-2006-4640 Adobe Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player

Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.

6.8
2006-09-12 CVE-2006-4718 Korviblog HTML Injection vulnerability in Korviblog 1.3

Multiple cross-site scripting (XSS) vulnerabilities in livre_or.php in KorviBlog 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) prenom, (2) emailFrom, or (3) body parameters.

6.8
2006-09-12 CVE-2006-4712 Sage Cross-Site Scripting vulnerability in Sage 1.3.6

Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka "Cross Context Scripting."

6.8
2006-09-12 CVE-2006-4708 Vikingboard Cross-Site Scripting vulnerability in Vikingboard 0.1B

Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1b allow remote attackers to inject arbitrary web script or HTML via the (1) act parameter in (a) help.php and (b) search.php, and the (2) p parameter in report.php.

6.8
2006-09-12 CVE-2006-4707 Mybulletinboard Cross-Site Scripting vulnerability in Mybulletinboard 1.1.7

Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]).

6.8
2006-09-12 CVE-2006-4706 Mybulletinboard Cross-Site Scripting vulnerability in Mybulletinboard 1.1.7

Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using "java& #115;cript," a different vulnerability than CVE-2006-3761.

6.8
2006-09-11 CVE-2006-4671 Fscripts Code Injection vulnerability in Fscripts Fantastic News 2.1.1/2.1.2/2.1.3

PHP remote file inclusion vulnerability in headlines.php in Fantastic News 2.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter, a different vector than CVE-2006-1154.

6.8
2006-09-13 CVE-2006-4767 Stefan Ernst Directory Traversal vulnerability in Stefan Ernst Newsscript 0.5Beta

Multiple directory traversal vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5beta allow remote attackers to (1) read arbitrary local files via a ..

6.4
2006-09-14 CVE-2006-4801 Roxio Race Condition vulnerability in Roxio Toast 7

Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possibly other products, allows local users to execute arbitrary code via temporary files, including dejavu_manual.rb, which are executed with raised privileges.

6.2
2006-09-14 CVE-2006-4782 Webspell Authentication Bypass vulnerability in Webspell 4.0/4.1/4.1.1

src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php.

5.4
2006-09-15 CVE-2006-4836 Codeworx Technologies Input Validation vulnerability in Codeworx Technologies Dcp-Portal Se6.0

SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.

5.1
2006-09-15 CVE-2006-4827 Vmist Remote File Include vulnerability in Vmist Downstat

Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat 1.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the art parameter to (1) admin.php, (2) chart.php, (3) modes.php, or (4) stats.php.

5.1
2006-09-14 CVE-2006-4788 Telekorn Remote Security vulnerability in Telekorn Signkorn Guestbook 1.1/1.2

PHP remote file inclusion vulnerability in includes/log.inc.php in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled and _SESSION[permission] parameter is set to "yes", allows remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter.

5.1
2006-09-14 CVE-2006-4783 Webspell SQL-Injection vulnerability in Webspell 4.0

SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter.

5.1
2006-09-13 CVE-2006-4750 Openi CMS Group Remote File Include vulnerability in OPENi-CMS Fileloader.PHP

PHP remote file inclusion vulnerability in openi-admin/base/fileloader.php in OPENi-CMS 1.0.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the config[openi_dir] parameter.

5.1
2006-09-12 CVE-2006-4389 Apple Overflow and Exception vulnerability in Apple QuickTime

Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object.

5.1
2006-09-12 CVE-2006-4388 Apple Overflow and Exception vulnerability in Apple QuickTime

Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file.

5.1
2006-09-12 CVE-2006-4386 Apple Overflow and Exception vulnerability in Apple QuickTime

Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381.

5.1
2006-09-12 CVE-2006-4385 Apple Overflow and Exception vulnerability in Apple QuickTime

Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image.

5.1
2006-09-12 CVE-2006-4384 Apple Overflow and Exception vulnerability in Apple QuickTime

Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie.

5.1
2006-09-12 CVE-2006-4382 Apple Overflow and Exception vulnerability in Apple QuickTime

Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie.

5.1
2006-09-12 CVE-2006-4381 Apple Overflow and Exception vulnerability in Apple QuickTime

Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie.

5.1
2006-09-12 CVE-2006-3311 Adobe Remote Code Execution vulnerability in Adobe Flash Player

Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.

5.1
2006-09-12 CVE-2006-4723 Raidenhttpd Remote File Include vulnerability in Raidenhttpd 1.1.32/1.1.47

PHP remote file inclusion vulnerability in raidenhttpd-admin/slice/check.php in RaidenHTTPD 1.1.49, when register_globals and WebAdmin is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SoftParserFileXml parameter.

5.1
2006-09-12 CVE-2006-4721 Ccleague Directory Traversal vulnerability in Ccleague PRO Sports CMS 1.0.1Rc1

Directory traversal vulnerability in admin.php in CCleague Pro Sports CMS 1.0.1 RC1 allows remote attackers to read and execute arbitrary local files via a ..

5.1
2006-09-12 CVE-2006-4719 Myabracadaweb Remote File Include vulnerability in Myabracadaweb 1.0.3

Multiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb 1.0.3, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) index.php or (2) pop.php.

5.1
2006-09-12 CVE-2006-4714 Spoonlabs Remote Security vulnerability in Spoonlabs Vivvo Article Management CMS 3.2

PHP remote file inclusion vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the classified_path parameter.

5.1
2006-09-15 CVE-2006-4835 Bluview Information Disclosure vulnerability in Bluview Blue Magic Board 5.5

Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) db_mysql_error.php, (4) langlist.php, (5) sendmail.php, or (6) style.php, which reveals the path in various error messages.

5.0
2006-09-15 CVE-2006-4566 Mozilla Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ("[\\"), which leads to a buffer over-read.

5.0
2006-09-14 CVE-2006-4798 DWS Systems INC Remote Security vulnerability in Sql-Ledger

SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history.

5.0
2006-09-14 CVE-2006-4790 GNU Unspecified vulnerability in GNU Gnutls

verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.

5.0
2006-09-14 CVE-2006-4786 Moodle Input Validation and Information Disclosure vulnerability in Moodle

Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via (1) help.php and (2) other unspecified vectors involving scheduled backups.

5.0
2006-09-14 CVE-2006-4773 SUN Denial-Of-Service vulnerability in SUN Storedge 6130 Arrays 06.12.10.11

Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and earlier allow remote attackers to cause a denial of service (controller reboot) via a flood of traffic on the LAN.

5.0
2006-09-14 CVE-2006-4772 Hotplug CMS Information Disclosure vulnerability in Hotplug Cms

HotPlug CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password and database credentials via a direct request for includes/class/config.inc.

5.0
2006-09-14 CVE-2006-4724 Adobe Denial of Service vulnerability in Adobe ColdFusion Flash Remoting Gateway

Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command.

5.0
2006-09-13 CVE-2006-4768 Stefan Ernst Remote Security vulnerability in Stefan Ernst Newsscript 0.5Beta

Multiple direct static code injection vulnerabilities in add_go.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via the (1) description, (2) issue, (3) title, (4) var, (5) name, (6) keywords, and (7) note parameters, which are stored in an article file.

5.0
2006-09-13 CVE-2006-4766 Stefan Ernst Directory Traversal vulnerability in Stefan Ernst Newsscript 0.5Beta

Directory traversal vulnerability in print.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allows remote attackers to read arbitrary files via a ..

5.0
2006-09-13 CVE-2006-4765 Netgear Denial Of Service vulnerability in Netgear Dg834Gt 1.01.28

NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows attackers to cause a denial of service (device hang) via a long string in the username field in the login window.

5.0
2006-09-13 CVE-2006-4753 Comscripts Multiple vulnerability in Comscripts PHProg 1.0

Directory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a ..

5.0
2006-09-13 CVE-2006-4752 Laurentiu Matei Remote Security vulnerability in Laurentiu Matei Expandable Home Page CMS 0.5.1

Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to obtain the installation path via a query to the engine module, probably with an invalid action parameter.

5.0
2006-09-13 CVE-2006-4744 Abidia Information Disclosure vulnerability in O-Anywhere

Abidia (1) O-Anywhere and (2) Abidia Wireless transmit authentication credentials in cleartext, which allows remote attackers to obtain sensitive information by sniffing.

5.0
2006-09-13 CVE-2006-4743 Wordpress Information Disclosure vulnerability in WordPress

WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages.

5.0
2006-09-13 CVE-2006-4740 Jetbox Information Disclosure vulnerability in Jetbox CMS 2.1Sr1

Jetbox CMS allows remote attackers to obtain sensitive information via a direct request for certain files, which reveal the path in an error message.

5.0
2006-09-13 CVE-2006-4735 Kellan Elliott Mccrea Information Disclosure vulnerability in Magpierss

Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain sensitive information via a direct request for (1) rss_fetch.inc.php or (2) rss_parse.inc.php, which reveals the path in various error messages.

5.0
2006-09-13 CVE-2006-4731 DWS Systems INC
Ledgersmb
Directory Traversal vulnerability in SQL-Ledger/LedgerSMB Terminal Parameter

Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash).

5.0
2006-09-12 CVE-2006-4709 Vikingboard SQL Injection vulnerability in Vikingboard 0.1B

SQL injection vulnerability in topic.php in Vikingboard 0.1b allows remote attackers to execute arbitrary SQL commands via the s parameter.

5.0
2006-09-12 CVE-2006-4705 Dominic Gamble SQL Injection vulnerability in Dominic Gamble Timesheet.PHP 1.2.1

SQL injection vulnerability in login.php in dwayner79 and Dominic Gamble Timesheet (aka Timesheet.php) 1.2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.

5.0
2006-09-12 CVE-2006-2658 Mono
Suse
Directory Traversal vulnerability in Mono XSP

Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a ..

5.0
2006-09-11 CVE-2006-4683 IBM Remote Input Validation vulnerability in IBM Director 3.1

IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE.

5.0
2006-09-11 CVE-2006-4682 IBM Remote Input Validation vulnerability in IBM Director 3.1

Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets.

5.0
2006-09-11 CVE-2006-4681 IBM Directory Traversal vulnerability in IBM Director 3.1

Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a ..

5.0
2006-09-11 CVE-2006-4679 Andreas Gohr Information Disclosure vulnerability in Dokuwiki

DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug".

5.0
2006-09-14 CVE-2006-4802 Symantec Local Format String vulnerability in Symantec Client Security and Norton Antivirus

Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor.

4.6
2006-09-14 CVE-2006-4795 HP Local Denial of Service vulnerability in HP Hp-Ux 11.11/11.23

Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.11 and B.11.23 before 20060912 allows local users to cause a denial of service via unspecified vectors.

4.6
2006-09-14 CVE-2006-4789 Open Movie Editor Local Buffer Overflow vulnerability in Open Movie Editor Open Movie Editor 0.0.20060901

Buffer overflow in Open Movie Editor 0.0.20060901 allows local users to cause a denial of service (system crash) or execute arbitrary code via a long project name in an open_movie_editor_project XML tag.

4.6
2006-09-14 CVE-2006-4725 Adobe Unspecified vulnerability in Adobe Coldfusion 7.0/7.0.1

Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox.

4.6
2006-09-13 CVE-2006-4758 Phpbb Group Unspecified vulnerability in PHPbb Group PHPbb 2.0.21

phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00.

4.6
2006-09-13 CVE-2006-4757 E107 SQL-Injection vulnerability in E107

Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php.

4.6
2006-09-15 CVE-2006-4838 Codeworx Technologies Input Validation vulnerability in Codeworx Technologies Dcp-Portal Se6.0

Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5) page_options parameters in (b) admin/inc/header.inc.php.

4.3
2006-09-15 CVE-2006-4825 Softcomplex Cross-Site Scripting vulnerability in PHP Event Calendar

Multiple cross-site scripting (XSS) vulnerabilities in cl_files/index.php in SoftComplex PHP Event Calendar 1.5.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) ti, (2) bi, or (3) cbgi parameters.

4.3
2006-09-15 CVE-2006-4822 Emusoft Cross-Site Scripting vulnerability in Emusoft EmuCMS

Multiple cross-site scripting (XSS) vulnerabilities in index.php in eMuSOFT emuCMS 0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) page parameters.

4.3
2006-09-15 CVE-2006-4821 Drupal Cross-Site Scripting vulnerability in Drupal Userreview Module 4.7

Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2006-09-15 CVE-2006-4568 Mozilla Cross-Site Scripting vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks.

4.3
2006-09-14 CVE-2006-4797 CJ Design Cross-Site Scripting vulnerability in CJ Design CJ TAG Board 3.0

Cross-site scripting (XSS) vulnerability in tag.php in CloudNine Interactive CJ Tag Board 3.0 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a url BBcode tag in the cjmsg parameter.

4.3
2006-09-14 CVE-2006-4796 Snitz Communications Cross-Site Scripting vulnerability in Snitz Communications Snitz Forums 2000 3.4.06

Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter (strtopicsortord variable).

4.3
2006-09-14 CVE-2006-4794 E107 Cross-Site Scripting vulnerability in E107 0.7.5

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) search.php, (7) signup.php, (8) submitnews.php, and (9) user.php.

4.3
2006-09-14 CVE-2006-4784 Moodle Input Validation and Information Disclosure vulnerability in Moodle

Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php.

4.3
2006-09-14 CVE-2006-4771 JBC Cross-Site Scripting vulnerability in JBC Forumjbc 4.0

Cross-site scripting (XSS) vulnerability in haut.php in ForumJBC 4 allows remote attackers to inject arbitrary web script or HTML via the nb_connecte parameter.

4.3
2006-09-13 CVE-2006-4762 Rssreader HTML Injection vulnerability in RSSReader RSS Feeds Atom Feed

Multiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite.

4.3
2006-09-13 CVE-2006-4761 Luke Hutteman HTML Injection vulnerability in SharpReader Atom Feed Script

Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman SharpReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite.

4.3
2006-09-13 CVE-2006-4760 Benjamin Pasero AND Tobias Eichert HTML Injection vulnerability in RSSOwl Atom Feed Script

Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero and Tobias Eichert RSSOwl allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite.

4.3
2006-09-13 CVE-2006-4755 Accomplishtechnology Cross-Site Scripting vulnerability in Accomplishtechnology PHPmydirectory

Cross-site scripting (XSS) vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the letter parameter.

4.3
2006-09-13 CVE-2006-4747 Idevspot Cross-Site Scripting vulnerability in IDevSpot TextAds

Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot TextAds allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in delete.php and (2) the error parameter in error.php.

4.3
2006-09-13 CVE-2006-4742 Idevspot Input Validation vulnerability in Idevspot PHPlinkexchange 1.0

Cross-site scripting (XSS) vulnerability in user_add.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

4.3
2006-09-12 CVE-2006-0032 Microsoft Cross-Site Scripting vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.

4.3
2006-09-12 CVE-2006-4711 Sage Unspecified vulnerability in Sage

Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M.

4.3
2006-09-12 CVE-2006-4710 Newsgator Unspecified vulnerability in Newsgator Feeddemon

Multiple cross-site scripting (XSS) vulnerabilities in NewsGator FeedDemon before 2.0.0.25 allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M.

4.3
2006-09-15 CVE-2006-4340 Mozilla Improper Input Validation vulnerability in Mozilla products

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339.

4.0
2006-09-11 CVE-2006-4680 Canon Information Disclosure vulnerability in Canon ImageRunner

The Remote UI in Canon imageRUNNER includes usernames and passwords when exporting an address book, which allows context-dependent attackers to obtain sensitive information.

4.0

12 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-09-13 CVE-2006-4759 Punbb File-Upload vulnerability in Punbb 1.2.12

PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00.

3.6
2006-09-13 CVE-2006-4745 Scarybear Local Security vulnerability in Scarybear Pocketexpense PRO 3.9.1

ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to protect a data file whose contents are stored in plaintext, which allows local users to disable authentication and access the file by modifying a certain value in the file header.

3.6
2006-09-12 CVE-2006-4625 PHP Unspecified vulnerability in PHP

PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.

3.6
2006-09-15 CVE-2006-4570 Mozilla Remote vulnerability in Mozilla Seamonkey and Thunderbird

Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message.

2.6
2006-09-15 CVE-2006-4569 Mozilla Remote vulnerability in Mozilla Firefox/Thunderbird/Seamonkey

The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.

2.6
2006-09-15 CVE-2006-4567 Mozilla Remote vulnerability in Mozilla Firefox and Thunderbird

Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.

2.6
2006-09-14 CVE-2006-4726 Adobe Cross-Site Scripting vulnerability in Adobe ColdFusion Error Page

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page.

2.6
2006-09-13 CVE-2006-4739 Jetbox Input Validation vulnerability in Jetbox CMS 2.1Sr1

Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the OriginalImageData parameter to phpthumb.php.

2.6
2006-09-11 CVE-2006-4673 PHP Fusion SQL Injection vulnerability in PHP-Fusion News.PHP

Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php.

2.6
2006-09-15 CVE-2006-4820 HP Local Denial of Service vulnerability in HP Hp-Ux 11.00/11.11/11.23

Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.

2.1
2006-09-14 CVE-2006-4787 Alphamail Information Disclosure vulnerability in AlphaMail Log File

AlphaMail before 1.0.16 allows local users to obtain sensitive information via the logging functionality, which displays unencrypted passwords in an error message.

2.1
2006-09-11 CVE-2006-4676 Tibco Information Disclosure vulnerability in TIBCO Rendezvous Rvrd.DB

TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and passwords in rvrd.db, which allows local users to obtain sensitive information by decoding the log file.

1.2