Weekly Vulnerabilities Reports > September 18 to 24, 2006

Overview

119 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 52 high severity vulnerabilities. This weekly summary report vulnerabilities in 95 products from 72 vendors including Moodle, Neosys, Apple, David Bennett, and Gzip. Vulnerabilities are notably categorized as "Code Injection", "Resource Management Errors", "Improper Input Validation", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 110 reported vulnerabilities are remotely exploitables.
  • 33 reported vulnerabilities have public exploit available.
  • 114 reported vulnerabilities are exploitable by an anonymous user.
  • Moodle has the most reported vulnerabilities, with 9 reported vulnerabilities.
  • Moodle has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

5 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-09-23 CVE-2006-4950 Cisco Unspecified vulnerability in Cisco IOS

Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables.

10.0
2006-09-23 CVE-2006-4936 Moodle Improper Input Validation vulnerability in Moodle

Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors.

10.0
2006-09-23 CVE-2006-4935 Moodle Improper Input Validation vulnerability in Moodle

The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors.

10.0
2006-09-19 CVE-2006-4860 Limbo CMS Remote Security vulnerability in Limbo CMS Limbo CMS 1.0.4.1/1.0.4.2/1.0.4.2L

Multiple unspecified vulnerabilities in (1) index.php, (2) minixml.inc.php, (3) doc.inc.php, (4) element.inc.php, (5) node.inc.php, (6) treecomp.inc.php, (7) forum.html.php, (8) forum.php, (9) antihack.php, (10) content.php, (11) initglobals.php, and (12) imanager.php in Limbo (aka Lite Mambo) CMS 1.0.4.2 before 20060311 have unknown impact and attack vectors.

10.0
2006-09-19 CVE-2006-4868 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer and Outlook

Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.

9.3

52 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-09-23 CVE-2006-4961 Blue Dragon Input Validation vulnerability in PHPBlueDragon CMS

SQL injection vulnerability in the GetModuleConfig function in public_includes/pub_kernel/pbd_modules.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter to index.php.

7.5
2006-09-23 CVE-2006-4957 THE Myreview System SQL Injection vulnerability in the Myreview System Myreview 1.9.4

SQL injection vulnerability in the GetMember function in functions.php in MyReview 1.9.4 allows remote attackers to execute arbitrary SQL commands via the email parameter to Admin.php.

7.5
2006-09-23 CVE-2006-4954 Neosys Remote Security vulnerability in Neosys Neon Webmail 5.06/5.07

The updateuser servlet in Neon WebMail for Java before 5.08 does not validate the in_id parameter, which allows remote attackers to modify information of arbitrary users, as demonstrated by modifying (1) passwords and (2) permissions, (3) viewing profile settings, and (4) creating and (5) deleting users.

7.5
2006-09-23 CVE-2006-4953 Neosys Input Validation vulnerability in Neosys Neon Webmail 5.06/5.07

Multiple SQL injection vulnerabilities in Neon WebMail for Java before 5.08 allow remote attackers to execute arbitrary SQL commands via the (1) adr_sortkey and (2) adr_sortkey_desc parameters in the (a) addrlist servlet, and the (3) sortkey and (4) sortkey_desc parameters in the (b) maillist servlet.

7.5
2006-09-23 CVE-2006-4952 Neosys Remote Security vulnerability in Neosys Neon Webmail 5.06/5.07

The updatemail servlet in Neon WebMail for Java before 5.08 allows remote attackers to move e-mail messages of arbitrary users between different mail folders, specified by the folderid and tofolderid parameters, via the ID parameter.

7.5
2006-09-23 CVE-2006-4951 Neosys Remote Security vulnerability in Neosys Neon Webmail 5.06/5.07

Neon WebMail for Java before 5.08 allows remote attackers to execute arbitrary Java (JSP) code by sending an e-mail message with a JSP file attachment, which is stored under the web root with a predictable filename.

7.5
2006-09-23 CVE-2006-4948 Prosysinfo Remote Buffer Overflow vulnerability in ProSysInfo TFTPDWIN

Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a long file name.

7.5
2006-09-23 CVE-2006-4944 Boesch IT Consulting Code Injection vulnerability in Boesch It-Consulting Progsys

PHP remote file inclusion vulnerability in includes/pear/Net/DNS/RR.php in ProgSys 0.151 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter.

7.5
2006-09-21 CVE-2006-4921 Siteatschool Remote Security vulnerability in Siteatschool 2.4.02

PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to starnet/modules/include/include.php.

7.5
2006-09-21 CVE-2006-4920 Siteatschool Input Validation vulnerability in Site@School

Multiple PHP remote file inclusion vulnerabilities in Site@School (S@S) 2.4.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to (1) starnet/modules/sn_allbum/slideshow.php, and (2) starnet/themes/editable/main.inc.php.

7.5
2006-09-21 CVE-2006-4918 Simple Discussion Board Remote File Include vulnerability in Simple Discussion Board Simple Discussion Board 0.1.0

Multiple PHP remote file inclusion vulnerabilities in Simple Discussion Board 0.1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) env_dir parameter to (a) blank.php, (b) admin.php, or (c) builddb.php, and the (2) script_root parameter to blank.php.

7.5
2006-09-21 CVE-2006-4916 ASP Indir SQL Injection vulnerability in ASP Indir Tekman Portal 1.0

SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) 1.0 allows remote attackers to execute arbitrary SQL commands via the uye_id parameter.

7.5
2006-09-21 CVE-2006-4913 Alstrasoft Local File Include vulnerability in Alstrasoft E-Friends 4.85

Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a ..

7.5
2006-09-21 CVE-2006-4912 PHP Docwriter Remote File Include vulnerability in PHP DocWriter

PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter.

7.5
2006-09-21 CVE-2006-4911 Cisco Unspecified vulnerability in Cisco IPS Sensor Software

Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a "crafted sequence of fragmented IP packets".

7.5
2006-09-21 CVE-2006-4906 Marc Logemann SQL Injection vulnerability in Marc Logemann More.Groupware 0.74

SQL injection vulnerability in modules/calendar/week.php in More.groupware 0.74 allows remote attackers to execute arbitrary SQL commands via the new_calendarid parameter.

7.5
2006-09-21 CVE-2006-4905 Artmedic Webdesign Remote Security vulnerability in Artmedic Webdesign Artmedic Links 5.0

PHP remote file inclusion vulnerability in index.php in Artmedic Links 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, which is processed by the readfile function.

7.5
2006-09-21 CVE-2006-4904 Qualiteam Unspecified vulnerability in Qualiteam X-Cart

Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter.

7.5
2006-09-19 CVE-2006-4898 Guanxicrm Remote File Include vulnerability in Guanxicrm Business Solution 0.9.1

PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in guanxiCRM 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appconf[rootpath] parameter.

7.5
2006-09-19 CVE-2006-4895 Idevspot Authentication Bypass vulnerability in Idevspot Nixieaffiliate 1.9

IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to delete arbitrary affiliates via a modified id parameter to delete.php.

7.5
2006-09-19 CVE-2006-4893 Phpbb XS Remote File Include vulnerability in PhpBB XS BB_Usage_Stats.PHP

PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780.

7.5
2006-09-19 CVE-2006-4892 Techno Dreams SQL Injection vulnerability in Techno Dreams FAQ Manager Package 1.0

SQL injection vulnerability in faqview.asp in Techno Dreams FAQ Manager Package 1.0 allows remote attackers to execute arbitrary SQL commands via the key parameter.

7.5
2006-09-19 CVE-2006-4891 Techno Dreams SQL Injection vulnerability in Techno Dreams Articles and Papers Package ArticlesTableview.ASP

SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams Articles & Papers Package 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.

7.5
2006-09-19 CVE-2006-4890 Unak Remote File Include vulnerability in UNAK-CMS Dirroot Parameter

Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dirroot parameter to (1) fckeditor/editor/filemanager/browser/default/connectors/php/connector.php or (2) fckeditor/editor/dialog/fck_link.php.

7.5
2006-09-19 CVE-2006-4885 Shadowed Portal Remote Security vulnerability in Shadowed Portal

PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) footer.php and (2) header.php.

7.5
2006-09-19 CVE-2006-4882 Charon Internet SQL Injection vulnerability in Charon Internet Charon Cart 3

SQL injection vulnerability in Review.asp in Julian Roberts Charon Cart 3 allows remote attackers to execute arbitrary SQL commands via the ProductID parameter.

7.5
2006-09-19 CVE-2006-4879 David Bennett Input Validation vulnerability in PHP-Post

SQL injection vulnerability in profile.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.

7.5
2006-09-19 CVE-2006-4876 Jupiter CMS Input Validation vulnerability in Jupiter CMS

Multiple SQL injection vulnerabilities in Jupiter CMS allow remote attackers to execute arbitrary SQL commands via (1) the user name during login, or the (2) key or (3) fpwusername parameters in modules/register.

7.5
2006-09-19 CVE-2006-4872 Keyvan1 SQL Injection vulnerability in Keyvan1 Ecardpro 2.0

SQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan Janghorbani) ECardPro 2.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter.

7.5
2006-09-19 CVE-2006-4871 Keyvan1 SQL Injection vulnerability in Keyvan1 Eshoppingpro 1.0

SQL injection vulnerability in search_run.asp in Keyvan1 (aka Keyvan Janghorbani) EShoppingPro 1.0 allows remote attackers to execute arbitrary SQL commands via the order parameter.

7.5
2006-09-19 CVE-2006-4337 Gzip Remote vulnerability in Gzip 1.3.5

Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.

7.5
2006-09-19 CVE-2006-4336 Gzip Remote vulnerability in Gzip 1.3.5

Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index.

7.5
2006-09-19 CVE-2006-4335 Gzip Remote vulnerability in Gzip 1.3.5

Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability."

7.5
2006-09-19 CVE-2006-2191 GNU Unspecified vulnerability in GNU Mailman

** DISPUTED ** Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors.

7.5
2006-09-19 CVE-2006-4870 Aewebworks Remote File Include vulnerability in Aewebworks Aedating 4.0

Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, and possibly earlier versions, allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/design.inc.php or (2) inc/admin_design.inc.php.

7.5
2006-09-19 CVE-2006-4869 Perlunity Code Injection vulnerability in Perlunity PHPunity Postcard

PHP remote file inclusion vulnerability in phpunity-postcard.php in phpunity.postcard allows remote attackers to execute arbitrary PHP code via a URL in the gallery_path parameter.

7.5
2006-09-19 CVE-2006-4867 Gnuturk SQL Injection vulnerability in GNUTurk T_ID Parameter

SQL injection vulnerability in mods.php in GNUTurk 2G and earlier allows remote attackers to execute arbitrary SQL commands via the t_id parameter when the go parameter is "Forum."

7.5
2006-09-19 CVE-2006-4864 ALL Enthusiast INC Remote Security vulnerability in ALL Enthusiast INC Reviewpost PHP PRO 2.5

PHP remote file inclusion vulnerability in index.php in All Enthusiast ReviewPost 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the RP_PATH parameter.

7.5
2006-09-19 CVE-2006-4863 Marc Cagninacci Code Injection vulnerability in Marc Cagninacci Mclinkscounter 1.1

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Marc Cagninacci mcLinksCounter 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfile parameter in (1) login.php, (2) stats.php, (3) detail.php, or (4) erase.php.

7.5
2006-09-19 CVE-2006-4862 Easypagecms SQL Injection vulnerability in EasyPage Default.ASPX

SQL injection vulnerability in default.aspx in easypage allows remote attackers to execute arbitrary SQL commands via the srch parameter in the Search page.

7.5
2006-09-19 CVE-2006-4861 Mohammed Mehdi Panjwani SQL-Injection vulnerability in Mohammed Mehdi Panjwani Complain Center 1

SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi Panjwani Complain Center 1 allows remote attackers to execute arbitrary SQL commands via the (1) TxtUser (aka Username) and (2) TxtPass (aka Password) parameters in login.asp.

7.5
2006-09-19 CVE-2006-4859 Limbo CMS Unspecified vulnerability in Limbo CMS Limbo CMS 1.0.4.1/1.0.4.2/1.0.4.2L

Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression.

7.5
2006-09-19 CVE-2006-4857 Clicktech SQL Injection vulnerability in Clicktech Clickblog 2.0

SQL injection vulnerability in default.asp (aka the login page) in ClickTech ClickBlog 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) form_codeword (aka the Password field) parameters.

7.5
2006-09-19 CVE-2006-4853 Haberx SQL Injection vulnerability in Haberx Kategorix.ASP

SQL injection vulnerability in kategorix.asp in Haberx 1.02 through 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in kategorihaberx.asp.

7.5
2006-09-19 CVE-2006-4852 Quadcomm SQL Injection vulnerability in Quadcomm Q-Shop 3.5

SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allows remote attackers to execute arbitrary SQL commands via the OrderBy parameter.

7.5
2006-09-19 CVE-2006-4851 Bolinos Remote Security vulnerability in Bolinos 4.3.0/4.4.1

PHP remote file inclusion vulnerability in system/_b/contentFiles/gBHTMLEditor.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter.

7.5
2006-09-19 CVE-2006-4849 Mobilepublisherphp Remote File Include vulnerability in MobilePublisherPHP Header.PHP

PHP remote file inclusion vulnerability in header.php in MobilePublisherPHP 1.5 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.

7.5
2006-09-19 CVE-2006-4848 Hitweb Remote File Include vulnerability in Hitweb 3.0

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Brian Fraval Hitweb 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REP_CLASS parameter to (1) index.php, (2) arbo.php, (3) framepoint.php, (4) genpage.php, (5) lienvalider.php, (6) appreciation.php, (7) partenariat.php, (8) rechercher.php, (9) projet.php, (10) propoexample.php, (11) refererpoint.php, or (12) top50.php.

7.5
2006-09-21 CVE-2006-3509 Apple Buffer Overflow vulnerability in Apple Mac OS X AirPort Wireless Driver

Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames.

7.2
2006-09-21 CVE-2006-3508 Apple Buffer Overflow vulnerability in Apple Mac OS X AirPort Wireless Driver

Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates.

7.2
2006-09-21 CVE-2006-3507 Apple Buffer Overflow vulnerability in Apple Mac OS X AirPort Wireless Driver

Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network.

7.2
2006-09-19 CVE-2006-4887 Apple Remote Desktop Local Authentication Bypass vulnerability in Apple

Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation.

7.2

57 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-09-23 CVE-2006-4964 Maxdev Cross-Site Scripting vulnerability in Maxdev Md-Pro 1.0.72/1.0.73/1.0.75

Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before 20060918 allows remote attackers to inject arbitrary web script or HTML via (1) vectors that bypass the XSS protection mechanisms of the pnVarCleanFromInput function, and (2) unspecified vectors related to the AntiCracker.

6.8
2006-09-23 CVE-2006-4960 Blue Dragon Input Validation vulnerability in PHPBlueDragon CMS

Cross-site scripting (XSS) vulnerability in index.php Php Blue Dragon 2.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter, which is reflected in an error message resulting from a failed SQL query.

6.8
2006-09-23 CVE-2006-4958 SUN Input Validation vulnerability in SUN Secure Global Desktop 3.42/4.0

Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.20.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi.

6.8
2006-09-23 CVE-2006-4956 Neosys Input Validation vulnerability in Neosys Neon Webmail 5.06/5.07

Cross-site scripting (XSS) vulnerability in the updateuser servlet in Neon WebMail for Java before 5.08 allows remote attackers to inject arbitrary web script or HTML via the in_name parameter, as used by the Name field.

6.8
2006-09-23 CVE-2006-4947 Drupal HTML Injection vulnerability in Drupal Search Keyword Module 1.12/1.13/1.14

Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search Keywords module before 1.15 2006/09/15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output." Drupal core is not affected.

6.8
2006-09-19 CVE-2006-4858 Mamboxchange Code Injection vulnerability in Mamboxchange Serverstat Component

PHP remote file inclusion vulnerability in install.serverstat.php in the Serverstat (com_serverstat) 0.4.4 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2006-09-19 CVE-2006-4847 Ipswitch
Progress
Buffer Overflow vulnerability in Ipswitch WS_FTP Server XCRC XSHA1 and XMD5 Commands

Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.

6.5
2006-09-23 CVE-2006-4963 Exponent Local File Include vulnerability in Exponent CMS 0.96.3

Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a ..

6.4
2006-09-23 CVE-2006-4962 Blue Dragon Input Validation vulnerability in PHPBlueDragon CMS

Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to read and execute arbitrary local files via a ..

6.4
2006-09-22 CVE-2006-4901 Broadcom Unspecified vulnerability in Broadcom products

Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, and eTrust Audit 1.5 and r8, allows remote attackers to spoof alerts and conduct replay attacks by invoking eTSAPISend.exe with the desired arguments.

6.4
2006-09-20 CVE-2006-4438 Doctor WEB LTD Buffer-Overflow vulnerability in Dr. Web Anti-Virus LHA Archive Heap

Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name.

6.4
2006-09-22 CVE-2006-4900 Broadcom Unspecified vulnerability in Broadcom Etrust Security Command Center 8

Directory traversal vulnerability in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, allows remote authenticated users to read and delete arbitrary files via ".." sequences in the eSCCAdHocHtmlFile parameter to eSMPAuditServlet, which is not properly handled by the getadhochtml function.

5.5
2006-09-23 CVE-2006-4946 Cmsdevelopment Remote File Include vulnerability in Cmsdevelopment Business Card web Builder 0.99/2.3/2.5

PHP remote file inclusion vulnerability in include/startup.inc.php in CMSDevelopment Business Card Web Builder (BCWB) 0.99, and possibly 2.5 Beta and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.

5.1
2006-09-23 CVE-2006-4945 Cardway Remote File Include vulnerability in Cardway Digitalwebshop 1.110/1.120/1.128

Multiple PHP remote file inclusion vulnerabilities in Cardway (aka Frederic Boudaud) DigitalWebShop 1.128 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _PHPLIB[libdir] parameter to (1) rechnung.php or (2) prepend.php.

5.1
2006-09-19 CVE-2006-4889 Telekorn Remote File Include vulnerability in Telekorn Signkorn Guestbook 1.1/1.2

Multiple PHP remote file inclusion vulnerabilities in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) index.php, (2) includes/functions.gb.php, (3) includes/functions.admin.php, (4) includes/admin.inc.php, (5) help.php, (6) smile.php, (7) entry.php; (8) adminhelp0.php, (9) adminhelp1.php, (10) adminhelp2.php, and (11) adminhelp3.php in (a) help/en and (b) help/de directories; and the (12) preview.php, (13) log.php, (14) index.php, (15) config.php, and (16) admin.php in the (c) admin directory, a different set of vectors than CVE-2006-4788.

5.1
2006-09-19 CVE-2006-4850 Bolinos Remote File Include vulnerability in BolinOS GBIndex.PHP

PHP remote file inclusion vulnerability in system/_b/contentFiles/gBIndex.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter.

5.1
2006-09-19 CVE-2006-4846 Citrix Authentication Bypass vulnerability in Citrix Access Gateway 4.2

Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors.

5.1
2006-09-19 CVE-2006-4845 George Lewe Remote File Include vulnerability in TeamCal Pro Footer.HTML.Inc.PHP

PHP remote file inclusion vulnerability in includes/footer.html.inc.php in TeamCal Pro 2.8.001 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tc_config[app_root] parameter.

5.1
2006-09-19 CVE-2006-4844 Claroline
Dokeos
Code Injection vulnerability in multiple products

PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter.

5.1
2006-09-23 CVE-2006-4959 SUN Input Validation vulnerability in SUN Secure Global Desktop 3.42/4.0

Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.3 allows remote attackers to obtain sensitive information, including hostnames, versions, and settings details, via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi.

5.0
2006-09-23 CVE-2006-4955 Neosys Directory Traversal vulnerability in Neosys Neon Webmail 5.06/5.07

Directory traversal vulnerability in the downloadfile servlet in Neon WebMail for Java before 5.08 allows remote attackers to read arbitrary files via a ..

5.0
2006-09-23 CVE-2006-4943 Moodle Unspecified vulnerability in Moodle

course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter.

5.0
2006-09-23 CVE-2006-4940 Moodle Unspecified vulnerability in Moodle

login/forgot_password.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information (e-mail addresses and Moodle account names) via a find action.

5.0
2006-09-23 CVE-2006-4939 Moodle Unspecified vulnerability in Moodle

backup/backup_scheduled.php in Moodle before 1.6.2 generates trace data with the full backup pathname even when debugging is disabled, which might allow attackers to obtain the pathname.

5.0
2006-09-22 CVE-2006-4899 Broadcom Unspecified vulnerability in Broadcom Etrust Security Command Center 1.0/8

The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message.

5.0
2006-09-21 CVE-2006-4922 Siteatschool Input Validation vulnerability in Site@School

Unrestricted file upload vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to upload and execute arbitrary files with executable extensions.

5.0
2006-09-21 CVE-2006-4910 Cisco Denial Of Service vulnerability in Cisco IPS/IDS Web Administration Interface

The web administration interface (mainApp) to Cisco IDS before 4.1(5c), and IPS 5.0 before 5.0(6p1) and 5.1 before 5.1(2) allows remote attackers to cause a denial of service (unresponsive device) via a crafted SSLv2 Client Hello packet.

5.0
2006-09-21 CVE-2006-4908 Ohio State University Information Disclosure vulnerability in Ohio State University OSU Httpd 3.10A/3.11Alpha

OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL containing an * (asterisk) wildcard, which displays all matching file and directory information.

5.0
2006-09-21 CVE-2006-4907 Ohio State University Information Disclosure vulnerability in Ohio State University OSU Httpd 3.10A/3.11Alpha

OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL to a non-existent file, which displays the web root path in the resulting error message.

5.0
2006-09-19 CVE-2006-4897 Cmtexts Remote Security vulnerability in Cmtexts

CMtextS 1.0 and earlier stores users_logins/admin.txt under the web document root with insufficient access control, which allows remote attackers to obtain the administrator password.

5.0
2006-09-19 CVE-2006-4888 Microsoft Unspecified vulnerability in Microsoft IE

Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT.

5.0
2006-09-19 CVE-2006-4880 David Bennett Input Validation vulnerability in PHP-Post

David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) footer.php, (2) template.php, or (3) lastvisit.php, which reveals the installation path in various error messages.

5.0
2006-09-19 CVE-2006-4878 David Bennett Input Validation vulnerability in PHP-Post

Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read and include arbitrary local files via a ..

5.0
2006-09-19 CVE-2006-4877 David Bennett Input Validation vulnerability in PHP-Post

Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php.

5.0
2006-09-19 CVE-2006-4875 Jupiter CMS Input Validation vulnerability in Jupiter CMS

Unrestricted file upload vulnerability in modules/galleryuploadfunction.php in Jupiter CMS allows remote attackers to upload picture files, and possibly files with arbitrary extensions, to gallery/albums/public.

5.0
2006-09-19 CVE-2006-4873 Jupiter CMS Input Validation vulnerability in Jupiter CMS Jupiter CMS 1.1.5

Jupiter CMS allows remote attackers to obtain sensitive information via a direct request for (1) includes/functions.php, (2) modules/register.php, (3) modules/poll.php, (4) modules/panel.php, (5) modules/pm.php, (6) modules/news.php, (7) modules/templates_change.php, (8) modules/users.php, (9) modules/misc.php, (10) modules/masspm.php, (11) modules/mass-email.php, (12) modules/main-nav.php, (13) modules/login.php, (14) modules/layout.php, (15) modules/hq.php, (16) modules/forum.php, (17) modules/forum-admin.php, (18) modules/events.php, (19) modules/emoticons.php, (20) modules/download.php, (21) modules/blocks.php, (22) modules/ban.php, (23) modules/badwords.php, (24) modules/ads.php, or (25) modules/admin.php, which reveals the installation path in various error messages.

5.0
2006-09-19 CVE-2006-4338 Gzip Remote vulnerability in Gzip 1.3.5

unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive.

5.0
2006-09-19 CVE-2006-4334 Gzip Remote vulnerability in Gzip 1.3.5

Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.

5.0
2006-09-19 CVE-2006-4865 Phpquiz Information Disclosure vulnerability in phpQuiz

Walter Beschmout PhpQuiz allows remote attackers to obtain sensitive information via a direct request to cfgphpquiz/install.php and other unspecified vectors.

5.0
2006-09-19 CVE-2006-4684 Zope Information Disclosure vulnerability in Zope CSV_Table

The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.

5.0
2006-09-19 CVE-2006-4535 Linux Resource Management Errors vulnerability in Linux Kernel 2.6.17.10/2.6.17.11/2.6.18

The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local users to cause a denial of service (crash) via an SCTP socket with a certain SO_LINGER value, possibly related to the patch for CVE-2006-3745.

4.9
2006-09-19 CVE-2006-4855 Symantec Resource Management Errors vulnerability in Symantec products

The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.

4.9
2006-09-23 CVE-2006-4942 Moodle Unspecified vulnerability in Moodle

Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php.

4.6
2006-09-19 CVE-2006-4866 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument.

4.6
2006-09-23 CVE-2006-4949 Drupal Cross-Site Scripting vulnerability in Site Profile Directory Module

Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profile Directory (profile_pages.module) before 1.1.2.1 and the Drupal 4.7 Site Profile Directory (profile_pages.module) before 1.2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output," possibly in the name and title parameters.

4.3
2006-09-23 CVE-2006-4941 Moodle Unspecified vulnerability in Moodle

Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php.

4.3
2006-09-21 CVE-2006-4923 Esyndicat Portal System Cross-Site Scripting vulnerability in ESyndiCat Search.PHP

Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat Portal System allows remote attackers to inject arbitrary web script or HTML via the what parameter.

4.3
2006-09-21 CVE-2006-4917 PT News Cross-Site Scripting vulnerability in PT News PT News 1.7.8

Cross-site scripting (XSS) vulnerability in search.php in PT News 1.7.8 allows remote attackers to inject arbitrary web script or HTML via the pgname parameter.

4.3
2006-09-21 CVE-2006-4915 Innovate Portal Cross-Site Scripting vulnerability in Innovate Portal Innovate Portal 2.0

Cross-site scripting (XSS) vulnerability in index.php in Innovate Portal 2.0 allows remote attackers to inject arbitrary web script or HTML via the content parameter.

4.3
2006-09-19 CVE-2006-4894 Idevspot Cross-Site Scripting vulnerability in Idevspot Nixieaffiliate 1.9

Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in iDevSpot NixieAffiliate 1.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.

4.3
2006-09-19 CVE-2006-4884 Idevspot Cross-Site Scripting vulnerability in Idevspot Isupport 1.8

Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 allow remote attackers to inject arbitrary web script or HTML via (1) the suser parameter in support/rightbar.php, (2) the ticket_id parameter in support/open_tickets.php, and (3) the cons_page_title parameter in index.php.

4.3
2006-09-19 CVE-2006-4883 Idevspot Cross-Site Scripting vulnerability in IDevSpot BizDirectory

Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot BizDirectory allow remote attackers to inject arbitrary web script or HTML via (1) the stylesheet parameter in Feed.php or (2) the message parameter in status.php.

4.3
2006-09-19 CVE-2006-4881 David Bennett Input Validation vulnerability in PHP-Post

Multiple cross-site scripting (XSS) vulnerabilities in David Bennett PHP-Post (PHPp) 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the replyuser parameter in (a) pm.php; (2) the txt_jumpto parameter in (b) dropdown.php; the (3) txt_error and (4) txt_templatenotexist parameters in (c) template.php; the (5) split parameter in certain files, as demonstrated by (d) editprofile.php, (e) search.php, (f) index.php, and (g) pm.php; and the (6) txt_login parameter in (h) loginline.php; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) txt_logout parameter in (i) loginline.php.

4.3
2006-09-19 CVE-2006-4874 Jupiter CMS Input Validation vulnerability in Jupiter CMS

Multiple cross-site scripting (XSS) vulnerabilities in Jupiter CMS allow remote attackers to inject arbitrary web script or HTML via the (1) language[Admin name] and (2) language[Admin back] parameters in (a) modules/blocks.php; the (3) language[Register title] and (4) language[Register title2] parameters in (b) modules/register.php; the (5) language[Mass-Email form title], (6) language[Mass-Email form desc], (7) language[Mass-Email form desc2] (8) language[Mass-Email form desc3], and (9) language[Mass-Email form desc4] parameters in (c) modules/mass-email.php; the (10) language[Forgotten title], (11) language[Forgotten desc], (12) language[Forgotten desc2], (13) language[Forgotten desc3], (14) language[Forgotten desc4], and (15) language[Forgotten desc5] parameters in (d) modules/register.php; and the (16) language[Search view desc], (17) language[Search view desc2], (18) language[Search view desc3], (19) language[Search view desc4], (20) language[Search view desc5], (21) language[Search view desc6], (22) language[Search view desc7], and (23) language[Search view desc8] parameters in (e) modules/search.php.

4.3
2006-09-19 CVE-2006-4856 Roller Weblogger Cross-Site Scripting vulnerability in Roller Weblogger Roller Weblogger 2.3

Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) url parameters; (4) certain content parameters in the preview method; or (5) the q parameter in (a) sitesearch.do.

4.3
2006-09-23 CVE-2006-4938 Moodle Unspecified vulnerability in Moodle

help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message.

4.0
2006-09-23 CVE-2006-4937 Moodle Unspecified vulnerability in Moodle

lib/setup.php in Moodle before 1.6.2 sets the error reporting level to 7 to display E_WARNING messages to users even if debugging is disabled, which might allow remote authenticated users to obtain sensitive information by triggering the messages.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-09-19 CVE-2006-4886 Mcafee Security Bypass vulnerability in Scan Engine

The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 allows local privileged users to bypass security restrictions and disable the On-Access Scan option by opening the program via the task bar and quickly clicking the Disable button, possibly due to an interface-related race condition.

3.7
2006-09-19 CVE-2006-4246 Usermin Remote Denial of Service vulnerability in Usermin Change User Details

Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.

3.6
2006-09-21 CVE-2006-4919 Siteatschool Input Validation vulnerability in Site@School

Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a ..

2.6
2006-09-21 CVE-2006-4914 A L Pifou Directory Traversal vulnerability in A.L-Pifou 1.8P2

Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then accessing livre_dor.php to trigger the inclusion from inc/change_lang_ck.php, possibly related to livre_livre.php.

2.6
2006-09-21 CVE-2006-4909 Cisco Cross-Site Scripting vulnerability in Cisco Guard Ddos Mitigation Appliance 5.1(5)

Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly handled when the appliance sends a meta-refresh.

2.6