Weekly Vulnerabilities Reports > September 18 to 24, 2006
Overview
110 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 47 high severity vulnerabilities. This weekly summary report vulnerabilities in 85 products from 62 vendors including Moodle, Neosys, Apple, David Bennett, and Gzip. Vulnerabilities are notably categorized as "Code Injection", "Improper Input Validation", "Resource Management Errors", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 102 reported vulnerabilities are remotely exploitables.
- 33 reported vulnerabilities have public exploit available.
- 106 reported vulnerabilities are exploitable by an anonymous user.
- Moodle has the most reported vulnerabilities, with 9 reported vulnerabilities.
- Moodle has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
5 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-09-23 | CVE-2006-4950 | Cisco | Unspecified vulnerability in Cisco IOS Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables. | 10.0 |
2006-09-23 | CVE-2006-4936 | Moodle | Improper Input Validation vulnerability in Moodle Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors. | 10.0 |
2006-09-23 | CVE-2006-4935 | Moodle | Improper Input Validation vulnerability in Moodle The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors. | 10.0 |
2006-09-19 | CVE-2006-4860 | Limbo CMS | Remote Security vulnerability in Limbo CMS Limbo CMS 1.0.4.1/1.0.4.2/1.0.4.2L Multiple unspecified vulnerabilities in (1) index.php, (2) minixml.inc.php, (3) doc.inc.php, (4) element.inc.php, (5) node.inc.php, (6) treecomp.inc.php, (7) forum.html.php, (8) forum.php, (9) antihack.php, (10) content.php, (11) initglobals.php, and (12) imanager.php in Limbo (aka Lite Mambo) CMS 1.0.4.2 before 20060311 have unknown impact and attack vectors. | 10.0 |
2006-09-19 | CVE-2006-4868 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer and Outlook Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag. | 9.3 |
47 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-09-23 | CVE-2006-4961 | Blue Dragon | Input Validation vulnerability in PHPBlueDragon CMS SQL injection vulnerability in the GetModuleConfig function in public_includes/pub_kernel/pbd_modules.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter to index.php. | 7.5 |
2006-09-23 | CVE-2006-4957 | THE Myreview System | SQL Injection vulnerability in the Myreview System Myreview 1.9.4 SQL injection vulnerability in the GetMember function in functions.php in MyReview 1.9.4 allows remote attackers to execute arbitrary SQL commands via the email parameter to Admin.php. | 7.5 |
2006-09-23 | CVE-2006-4954 | Neosys | Remote Security vulnerability in Neosys Neon Webmail 5.06/5.07 The updateuser servlet in Neon WebMail for Java before 5.08 does not validate the in_id parameter, which allows remote attackers to modify information of arbitrary users, as demonstrated by modifying (1) passwords and (2) permissions, (3) viewing profile settings, and (4) creating and (5) deleting users. | 7.5 |
2006-09-23 | CVE-2006-4953 | Neosys | Input Validation vulnerability in Neosys Neon Webmail 5.06/5.07 Multiple SQL injection vulnerabilities in Neon WebMail for Java before 5.08 allow remote attackers to execute arbitrary SQL commands via the (1) adr_sortkey and (2) adr_sortkey_desc parameters in the (a) addrlist servlet, and the (3) sortkey and (4) sortkey_desc parameters in the (b) maillist servlet. | 7.5 |
2006-09-23 | CVE-2006-4952 | Neosys | Remote Security vulnerability in Neosys Neon Webmail 5.06/5.07 The updatemail servlet in Neon WebMail for Java before 5.08 allows remote attackers to move e-mail messages of arbitrary users between different mail folders, specified by the folderid and tofolderid parameters, via the ID parameter. | 7.5 |
2006-09-23 | CVE-2006-4951 | Neosys | Remote Security vulnerability in Neosys Neon Webmail 5.06/5.07 Neon WebMail for Java before 5.08 allows remote attackers to execute arbitrary Java (JSP) code by sending an e-mail message with a JSP file attachment, which is stored under the web root with a predictable filename. | 7.5 |
2006-09-23 | CVE-2006-4948 | Prosysinfo | Remote Buffer Overflow vulnerability in ProSysInfo TFTPDWIN Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a long file name. | 7.5 |
2006-09-23 | CVE-2006-4944 | Boesch IT Consulting | Code Injection vulnerability in Boesch It-Consulting Progsys PHP remote file inclusion vulnerability in includes/pear/Net/DNS/RR.php in ProgSys 0.151 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter. | 7.5 |
2006-09-21 | CVE-2006-4921 | Siteatschool | Remote Security vulnerability in Siteatschool 2.4.02 PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to starnet/modules/include/include.php. | 7.5 |
2006-09-21 | CVE-2006-4920 | Siteatschool | Input Validation vulnerability in Site@School Multiple PHP remote file inclusion vulnerabilities in Site@School (S@S) 2.4.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to (1) starnet/modules/sn_allbum/slideshow.php, and (2) starnet/themes/editable/main.inc.php. | 7.5 |
2006-09-21 | CVE-2006-4918 | Simple Discussion Board | Remote File Include vulnerability in Simple Discussion Board Simple Discussion Board 0.1.0 Multiple PHP remote file inclusion vulnerabilities in Simple Discussion Board 0.1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) env_dir parameter to (a) blank.php, (b) admin.php, or (c) builddb.php, and the (2) script_root parameter to blank.php. | 7.5 |
2006-09-21 | CVE-2006-4916 | ASP Indir | SQL Injection vulnerability in ASP Indir Tekman Portal 1.0 SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) 1.0 allows remote attackers to execute arbitrary SQL commands via the uye_id parameter. | 7.5 |
2006-09-21 | CVE-2006-4913 | Alstrasoft | Local File Include vulnerability in Alstrasoft E-Friends 4.85 Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. | 7.5 |
2006-09-21 | CVE-2006-4912 | PHP Docwriter | Remote File Include vulnerability in PHP DocWriter PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter. | 7.5 |
2006-09-21 | CVE-2006-4911 | Cisco | Unspecified vulnerability in Cisco IPS Sensor Software Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a "crafted sequence of fragmented IP packets". | 7.5 |
2006-09-21 | CVE-2006-4906 | Marc Logemann | SQL Injection vulnerability in Marc Logemann More.Groupware 0.74 SQL injection vulnerability in modules/calendar/week.php in More.groupware 0.74 allows remote attackers to execute arbitrary SQL commands via the new_calendarid parameter. | 7.5 |
2006-09-21 | CVE-2006-4905 | Artmedic Webdesign | Remote Security vulnerability in Artmedic Webdesign Artmedic Links 5.0 PHP remote file inclusion vulnerability in index.php in Artmedic Links 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, which is processed by the readfile function. | 7.5 |
2006-09-21 | CVE-2006-4904 | Qualiteam | Unspecified vulnerability in Qualiteam X-Cart Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter. | 7.5 |
2006-09-19 | CVE-2006-4898 | Guanxicrm | Remote File Include vulnerability in Guanxicrm Business Solution 0.9.1 PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in guanxiCRM 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appconf[rootpath] parameter. | 7.5 |
2006-09-19 | CVE-2006-4895 | Idevspot | Authentication Bypass vulnerability in Idevspot Nixieaffiliate 1.9 IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to delete arbitrary affiliates via a modified id parameter to delete.php. | 7.5 |
2006-09-19 | CVE-2006-4892 | Techno Dreams | SQL Injection vulnerability in Techno Dreams FAQ Manager Package 1.0 SQL injection vulnerability in faqview.asp in Techno Dreams FAQ Manager Package 1.0 allows remote attackers to execute arbitrary SQL commands via the key parameter. | 7.5 |
2006-09-19 | CVE-2006-4891 | Techno Dreams | SQL Injection vulnerability in Techno Dreams Articles and Papers Package ArticlesTableview.ASP SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams Articles & Papers Package 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. | 7.5 |
2006-09-19 | CVE-2006-4890 | Unak | Remote File Include vulnerability in UNAK-CMS Dirroot Parameter Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dirroot parameter to (1) fckeditor/editor/filemanager/browser/default/connectors/php/connector.php or (2) fckeditor/editor/dialog/fck_link.php. | 7.5 |
2006-09-19 | CVE-2006-4885 | Shadowed Portal | Remote Security vulnerability in Shadowed Portal PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) footer.php and (2) header.php. | 7.5 |
2006-09-19 | CVE-2006-4882 | Charon Internet | SQL Injection vulnerability in Charon Internet Charon Cart 3 SQL injection vulnerability in Review.asp in Julian Roberts Charon Cart 3 allows remote attackers to execute arbitrary SQL commands via the ProductID parameter. | 7.5 |
2006-09-19 | CVE-2006-4879 | David Bennett | Input Validation vulnerability in PHP-Post SQL injection vulnerability in profile.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. | 7.5 |
2006-09-19 | CVE-2006-4876 | Jupiter CMS | Input Validation vulnerability in Jupiter CMS Multiple SQL injection vulnerabilities in Jupiter CMS allow remote attackers to execute arbitrary SQL commands via (1) the user name during login, or the (2) key or (3) fpwusername parameters in modules/register. | 7.5 |
2006-09-19 | CVE-2006-4872 | Keyvan1 | SQL Injection vulnerability in Keyvan1 Ecardpro 2.0 SQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan Janghorbani) ECardPro 2.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | 7.5 |
2006-09-19 | CVE-2006-4871 | Keyvan1 | SQL Injection vulnerability in Keyvan1 Eshoppingpro 1.0 SQL injection vulnerability in search_run.asp in Keyvan1 (aka Keyvan Janghorbani) EShoppingPro 1.0 allows remote attackers to execute arbitrary SQL commands via the order parameter. | 7.5 |
2006-09-19 | CVE-2006-4337 | Gzip | Remote vulnerability in Gzip 1.3.5 Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive. | 7.5 |
2006-09-19 | CVE-2006-4336 | Gzip | Remote vulnerability in Gzip 1.3.5 Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index. | 7.5 |
2006-09-19 | CVE-2006-4335 | Gzip | Remote vulnerability in Gzip 1.3.5 Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability." | 7.5 |
2006-09-19 | CVE-2006-4870 | Aewebworks | Remote File Include vulnerability in Aewebworks Aedating 4.0 Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, and possibly earlier versions, allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/design.inc.php or (2) inc/admin_design.inc.php. | 7.5 |
2006-09-19 | CVE-2006-4869 | Perlunity | Code Injection vulnerability in Perlunity PHPunity Postcard PHP remote file inclusion vulnerability in phpunity-postcard.php in phpunity.postcard allows remote attackers to execute arbitrary PHP code via a URL in the gallery_path parameter. | 7.5 |
2006-09-19 | CVE-2006-4867 | Gnuturk | SQL Injection vulnerability in GNUTurk T_ID Parameter SQL injection vulnerability in mods.php in GNUTurk 2G and earlier allows remote attackers to execute arbitrary SQL commands via the t_id parameter when the go parameter is "Forum." | 7.5 |
2006-09-19 | CVE-2006-4862 | Easypagecms | SQL Injection vulnerability in EasyPage Default.ASPX SQL injection vulnerability in default.aspx in easypage allows remote attackers to execute arbitrary SQL commands via the srch parameter in the Search page. | 7.5 |
2006-09-19 | CVE-2006-4861 | Mohammed Mehdi Panjwani | SQL-Injection vulnerability in Mohammed Mehdi Panjwani Complain Center 1 SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi Panjwani Complain Center 1 allows remote attackers to execute arbitrary SQL commands via the (1) TxtUser (aka Username) and (2) TxtPass (aka Password) parameters in login.asp. | 7.5 |
2006-09-19 | CVE-2006-4859 | Limbo CMS | Unspecified vulnerability in Limbo CMS Limbo CMS 1.0.4.1/1.0.4.2/1.0.4.2L Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression. | 7.5 |
2006-09-19 | CVE-2006-4857 | Clicktech | SQL Injection vulnerability in Clicktech Clickblog 2.0 SQL injection vulnerability in default.asp (aka the login page) in ClickTech ClickBlog 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) form_codeword (aka the Password field) parameters. | 7.5 |
2006-09-19 | CVE-2006-4853 | Haberx | SQL Injection vulnerability in Haberx Kategorix.ASP SQL injection vulnerability in kategorix.asp in Haberx 1.02 through 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in kategorihaberx.asp. | 7.5 |
2006-09-19 | CVE-2006-4852 | Quadcomm | SQL Injection vulnerability in Quadcomm Q-Shop 3.5 SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allows remote attackers to execute arbitrary SQL commands via the OrderBy parameter. | 7.5 |
2006-09-19 | CVE-2006-4851 | Bolinos | Remote Security vulnerability in Bolinos 4.3.0/4.4.1 PHP remote file inclusion vulnerability in system/_b/contentFiles/gBHTMLEditor.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter. | 7.5 |
2006-09-19 | CVE-2006-4849 | Mobilepublisherphp | Remote File Include vulnerability in MobilePublisherPHP Header.PHP PHP remote file inclusion vulnerability in header.php in MobilePublisherPHP 1.5 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | 7.5 |
2006-09-21 | CVE-2006-3509 | Apple | Buffer Overflow vulnerability in Apple Mac OS X AirPort Wireless Driver Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames. | 7.2 |
2006-09-21 | CVE-2006-3508 | Apple | Buffer Overflow vulnerability in Apple Mac OS X AirPort Wireless Driver Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates. | 7.2 |
2006-09-21 | CVE-2006-3507 | Apple | Buffer Overflow vulnerability in Apple Mac OS X AirPort Wireless Driver Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network. | 7.2 |
2006-09-19 | CVE-2006-4887 | Apple | Remote Desktop Local Authentication Bypass vulnerability in Apple Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. | 7.2 |
53 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-09-23 | CVE-2006-4960 | Blue Dragon | Input Validation vulnerability in PHPBlueDragon CMS Cross-site scripting (XSS) vulnerability in index.php Php Blue Dragon 2.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter, which is reflected in an error message resulting from a failed SQL query. | 6.8 |
2006-09-23 | CVE-2006-4958 | SUN | Input Validation vulnerability in SUN Secure Global Desktop 3.42/4.0 Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.20.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. | 6.8 |
2006-09-23 | CVE-2006-4956 | Neosys | Input Validation vulnerability in Neosys Neon Webmail 5.06/5.07 Cross-site scripting (XSS) vulnerability in the updateuser servlet in Neon WebMail for Java before 5.08 allows remote attackers to inject arbitrary web script or HTML via the in_name parameter, as used by the Name field. | 6.8 |
2006-09-23 | CVE-2006-4947 | Drupal | HTML Injection vulnerability in Drupal Search Keyword Module 1.12/1.13/1.14 Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search Keywords module before 1.15 2006/09/15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output." Drupal core is not affected. | 6.8 |
2006-09-19 | CVE-2006-4858 | Mamboxchange | Code Injection vulnerability in Mamboxchange Serverstat Component PHP remote file inclusion vulnerability in install.serverstat.php in the Serverstat (com_serverstat) 0.4.4 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
2006-09-23 | CVE-2006-4963 | Exponent | Local File Include vulnerability in Exponent CMS 0.96.3 Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. | 6.4 |
2006-09-23 | CVE-2006-4962 | Blue Dragon | Input Validation vulnerability in PHPBlueDragon CMS Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to read and execute arbitrary local files via a .. | 6.4 |
2006-09-22 | CVE-2006-4901 | Broadcom | Unspecified vulnerability in Broadcom products Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, and eTrust Audit 1.5 and r8, allows remote attackers to spoof alerts and conduct replay attacks by invoking eTSAPISend.exe with the desired arguments. | 6.4 |
2006-09-20 | CVE-2006-4438 | Doctor WEB LTD | Buffer-Overflow vulnerability in Dr. Web Anti-Virus LHA Archive Heap Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name. | 6.4 |
2006-09-22 | CVE-2006-4900 | Broadcom | Unspecified vulnerability in Broadcom Etrust Security Command Center 8 Directory traversal vulnerability in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, allows remote authenticated users to read and delete arbitrary files via ".." sequences in the eSCCAdHocHtmlFile parameter to eSMPAuditServlet, which is not properly handled by the getadhochtml function. | 5.5 |
2006-09-23 | CVE-2006-4946 | Cmsdevelopment | Remote File Include vulnerability in Cmsdevelopment Business Card web Builder 0.99/2.3/2.5 PHP remote file inclusion vulnerability in include/startup.inc.php in CMSDevelopment Business Card Web Builder (BCWB) 0.99, and possibly 2.5 Beta and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | 5.1 |
2006-09-23 | CVE-2006-4945 | Cardway | Remote File Include vulnerability in Cardway Digitalwebshop 1.110/1.120/1.128 Multiple PHP remote file inclusion vulnerabilities in Cardway (aka Frederic Boudaud) DigitalWebShop 1.128 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _PHPLIB[libdir] parameter to (1) rechnung.php or (2) prepend.php. | 5.1 |
2006-09-19 | CVE-2006-4850 | Bolinos | Remote File Include vulnerability in BolinOS GBIndex.PHP PHP remote file inclusion vulnerability in system/_b/contentFiles/gBIndex.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter. | 5.1 |
2006-09-19 | CVE-2006-4846 | Citrix | Authentication Bypass vulnerability in Citrix Access Gateway 4.2 Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors. | 5.1 |
2006-09-19 | CVE-2006-4845 | George Lewe | Remote File Include vulnerability in TeamCal Pro Footer.HTML.Inc.PHP PHP remote file inclusion vulnerability in includes/footer.html.inc.php in TeamCal Pro 2.8.001 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tc_config[app_root] parameter. | 5.1 |
2006-09-19 | CVE-2006-4844 | Claroline Dokeos | Code Injection vulnerability in multiple products PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter. | 5.1 |
2006-09-23 | CVE-2006-4959 | SUN | Input Validation vulnerability in SUN Secure Global Desktop 3.42/4.0 Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.3 allows remote attackers to obtain sensitive information, including hostnames, versions, and settings details, via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. | 5.0 |
2006-09-23 | CVE-2006-4955 | Neosys | Directory Traversal vulnerability in Neosys Neon Webmail 5.06/5.07 Directory traversal vulnerability in the downloadfile servlet in Neon WebMail for Java before 5.08 allows remote attackers to read arbitrary files via a .. | 5.0 |
2006-09-23 | CVE-2006-4943 | Moodle | Unspecified vulnerability in Moodle course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter. | 5.0 |
2006-09-23 | CVE-2006-4940 | Moodle | Unspecified vulnerability in Moodle login/forgot_password.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information (e-mail addresses and Moodle account names) via a find action. | 5.0 |
2006-09-23 | CVE-2006-4939 | Moodle | Unspecified vulnerability in Moodle backup/backup_scheduled.php in Moodle before 1.6.2 generates trace data with the full backup pathname even when debugging is disabled, which might allow attackers to obtain the pathname. | 5.0 |
2006-09-22 | CVE-2006-4899 | Broadcom | Unspecified vulnerability in Broadcom Etrust Security Command Center 1.0/8 The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message. | 5.0 |
2006-09-21 | CVE-2006-4922 | Siteatschool | Input Validation vulnerability in Site@School Unrestricted file upload vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to upload and execute arbitrary files with executable extensions. | 5.0 |
2006-09-21 | CVE-2006-4910 | Cisco | Denial Of Service vulnerability in Cisco IPS/IDS Web Administration Interface The web administration interface (mainApp) to Cisco IDS before 4.1(5c), and IPS 5.0 before 5.0(6p1) and 5.1 before 5.1(2) allows remote attackers to cause a denial of service (unresponsive device) via a crafted SSLv2 Client Hello packet. | 5.0 |
2006-09-21 | CVE-2006-4908 | Ohio State University | Information Disclosure vulnerability in Ohio State University OSU Httpd 3.10A/3.11Alpha OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL containing an * (asterisk) wildcard, which displays all matching file and directory information. | 5.0 |
2006-09-21 | CVE-2006-4907 | Ohio State University | Information Disclosure vulnerability in Ohio State University OSU Httpd 3.10A/3.11Alpha OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL to a non-existent file, which displays the web root path in the resulting error message. | 5.0 |
2006-09-19 | CVE-2006-4897 | Cmtexts | Remote Security vulnerability in Cmtexts CMtextS 1.0 and earlier stores users_logins/admin.txt under the web document root with insufficient access control, which allows remote attackers to obtain the administrator password. | 5.0 |
2006-09-19 | CVE-2006-4888 | Microsoft | Unspecified vulnerability in Microsoft IE Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT. | 5.0 |
2006-09-19 | CVE-2006-4880 | David Bennett | Input Validation vulnerability in PHP-Post David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) footer.php, (2) template.php, or (3) lastvisit.php, which reveals the installation path in various error messages. | 5.0 |
2006-09-19 | CVE-2006-4878 | David Bennett | Input Validation vulnerability in PHP-Post Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read and include arbitrary local files via a .. | 5.0 |
2006-09-19 | CVE-2006-4877 | David Bennett | Input Validation vulnerability in PHP-Post Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php. | 5.0 |
2006-09-19 | CVE-2006-4875 | Jupiter CMS | Input Validation vulnerability in Jupiter CMS Unrestricted file upload vulnerability in modules/galleryuploadfunction.php in Jupiter CMS allows remote attackers to upload picture files, and possibly files with arbitrary extensions, to gallery/albums/public. | 5.0 |
2006-09-19 | CVE-2006-4873 | Jupiter CMS | Input Validation vulnerability in Jupiter CMS Jupiter CMS 1.1.5 Jupiter CMS allows remote attackers to obtain sensitive information via a direct request for (1) includes/functions.php, (2) modules/register.php, (3) modules/poll.php, (4) modules/panel.php, (5) modules/pm.php, (6) modules/news.php, (7) modules/templates_change.php, (8) modules/users.php, (9) modules/misc.php, (10) modules/masspm.php, (11) modules/mass-email.php, (12) modules/main-nav.php, (13) modules/login.php, (14) modules/layout.php, (15) modules/hq.php, (16) modules/forum.php, (17) modules/forum-admin.php, (18) modules/events.php, (19) modules/emoticons.php, (20) modules/download.php, (21) modules/blocks.php, (22) modules/ban.php, (23) modules/badwords.php, (24) modules/ads.php, or (25) modules/admin.php, which reveals the installation path in various error messages. | 5.0 |
2006-09-19 | CVE-2006-4338 | Gzip | Remote vulnerability in Gzip 1.3.5 unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive. | 5.0 |
2006-09-19 | CVE-2006-4334 | Gzip | Remote vulnerability in Gzip 1.3.5 Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference. | 5.0 |
2006-09-19 | CVE-2006-4865 | Phpquiz | Information Disclosure vulnerability in phpQuiz Walter Beschmout PhpQuiz allows remote attackers to obtain sensitive information via a direct request to cfgphpquiz/install.php and other unspecified vectors. | 5.0 |
2006-09-19 | CVE-2006-4684 | Zope | Information Disclosure vulnerability in Zope CSV_Table The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458. | 5.0 |
2006-09-19 | CVE-2006-4855 | Symantec | Resource Management Errors vulnerability in Symantec products The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data. | 4.9 |
2006-09-23 | CVE-2006-4942 | Moodle | Unspecified vulnerability in Moodle Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php. | 4.6 |
2006-09-19 | CVE-2006-4866 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument. | 4.6 |
2006-09-23 | CVE-2006-4949 | Drupal | Cross-Site Scripting vulnerability in Site Profile Directory Module Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profile Directory (profile_pages.module) before 1.1.2.1 and the Drupal 4.7 Site Profile Directory (profile_pages.module) before 1.2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output," possibly in the name and title parameters. | 4.3 |
2006-09-23 | CVE-2006-4941 | Moodle | Unspecified vulnerability in Moodle Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php. | 4.3 |
2006-09-21 | CVE-2006-4923 | Esyndicat Portal System | Cross-Site Scripting vulnerability in ESyndiCat Search.PHP Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat Portal System allows remote attackers to inject arbitrary web script or HTML via the what parameter. | 4.3 |
2006-09-21 | CVE-2006-4917 | PT News | Cross-Site Scripting vulnerability in PT News PT News 1.7.8 Cross-site scripting (XSS) vulnerability in search.php in PT News 1.7.8 allows remote attackers to inject arbitrary web script or HTML via the pgname parameter. | 4.3 |
2006-09-21 | CVE-2006-4915 | Innovate Portal | Cross-Site Scripting vulnerability in Innovate Portal Innovate Portal 2.0 Cross-site scripting (XSS) vulnerability in index.php in Innovate Portal 2.0 allows remote attackers to inject arbitrary web script or HTML via the content parameter. | 4.3 |
2006-09-19 | CVE-2006-4894 | Idevspot | Cross-Site Scripting vulnerability in Idevspot Nixieaffiliate 1.9 Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in iDevSpot NixieAffiliate 1.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. | 4.3 |
2006-09-19 | CVE-2006-4884 | Idevspot | Cross-Site Scripting vulnerability in Idevspot Isupport 1.8 Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 allow remote attackers to inject arbitrary web script or HTML via (1) the suser parameter in support/rightbar.php, (2) the ticket_id parameter in support/open_tickets.php, and (3) the cons_page_title parameter in index.php. | 4.3 |
2006-09-19 | CVE-2006-4883 | Idevspot | Cross-Site Scripting vulnerability in IDevSpot BizDirectory Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot BizDirectory allow remote attackers to inject arbitrary web script or HTML via (1) the stylesheet parameter in Feed.php or (2) the message parameter in status.php. | 4.3 |
2006-09-19 | CVE-2006-4881 | David Bennett | Input Validation vulnerability in PHP-Post Multiple cross-site scripting (XSS) vulnerabilities in David Bennett PHP-Post (PHPp) 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the replyuser parameter in (a) pm.php; (2) the txt_jumpto parameter in (b) dropdown.php; the (3) txt_error and (4) txt_templatenotexist parameters in (c) template.php; the (5) split parameter in certain files, as demonstrated by (d) editprofile.php, (e) search.php, (f) index.php, and (g) pm.php; and the (6) txt_login parameter in (h) loginline.php; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) txt_logout parameter in (i) loginline.php. | 4.3 |
2006-09-19 | CVE-2006-4874 | Jupiter CMS | Input Validation vulnerability in Jupiter CMS Multiple cross-site scripting (XSS) vulnerabilities in Jupiter CMS allow remote attackers to inject arbitrary web script or HTML via the (1) language[Admin name] and (2) language[Admin back] parameters in (a) modules/blocks.php; the (3) language[Register title] and (4) language[Register title2] parameters in (b) modules/register.php; the (5) language[Mass-Email form title], (6) language[Mass-Email form desc], (7) language[Mass-Email form desc2] (8) language[Mass-Email form desc3], and (9) language[Mass-Email form desc4] parameters in (c) modules/mass-email.php; the (10) language[Forgotten title], (11) language[Forgotten desc], (12) language[Forgotten desc2], (13) language[Forgotten desc3], (14) language[Forgotten desc4], and (15) language[Forgotten desc5] parameters in (d) modules/register.php; and the (16) language[Search view desc], (17) language[Search view desc2], (18) language[Search view desc3], (19) language[Search view desc4], (20) language[Search view desc5], (21) language[Search view desc6], (22) language[Search view desc7], and (23) language[Search view desc8] parameters in (e) modules/search.php. | 4.3 |
2006-09-19 | CVE-2006-4856 | Roller Weblogger | Cross-Site Scripting vulnerability in Roller Weblogger Roller Weblogger 2.3 Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) url parameters; (4) certain content parameters in the preview method; or (5) the q parameter in (a) sitesearch.do. | 4.3 |
2006-09-23 | CVE-2006-4938 | Moodle | Unspecified vulnerability in Moodle help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message. | 4.0 |
2006-09-23 | CVE-2006-4937 | Moodle | Unspecified vulnerability in Moodle lib/setup.php in Moodle before 1.6.2 sets the error reporting level to 7 to display E_WARNING messages to users even if debugging is disabled, which might allow remote authenticated users to obtain sensitive information by triggering the messages. | 4.0 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-09-19 | CVE-2006-4886 | Mcafee | Security Bypass vulnerability in Scan Engine The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 allows local privileged users to bypass security restrictions and disable the On-Access Scan option by opening the program via the task bar and quickly clicking the Disable button, possibly due to an interface-related race condition. | 3.7 |
2006-09-19 | CVE-2006-4246 | Usermin | Remote Denial of Service vulnerability in Usermin Change User Details Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user. | 3.6 |
2006-09-21 | CVE-2006-4919 | Siteatschool | Input Validation vulnerability in Site@School Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. | 2.6 |
2006-09-21 | CVE-2006-4914 | A L Pifou | Directory Traversal vulnerability in A.L-Pifou 1.8P2 Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then accessing livre_dor.php to trigger the inclusion from inc/change_lang_ck.php, possibly related to livre_livre.php. | 2.6 |
2006-09-21 | CVE-2006-4909 | Cisco | Cross-Site Scripting vulnerability in Cisco Guard Ddos Mitigation Appliance 5.1(5) Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly handled when the appliance sends a meta-refresh. | 2.6 |