Weekly Vulnerabilities Reports > September 25 to October 1, 2006
Overview
140 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 69 high severity vulnerabilities. This weekly summary report vulnerabilities in 117 products from 96 vendors including Joomla, IBM, Openssl, Openbsd, and SUN. Vulnerabilities are notably categorized as "Code Injection", "Resource Management Errors", "Cross-site Scripting", "NULL Pointer Dereference", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 124 reported vulnerabilities are remotely exploitables.
- 33 reported vulnerabilities have public exploit available.
- 3 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 137 reported vulnerabilities are exploitable by an anonymous user.
- Joomla has the most reported vulnerabilities, with 13 reported vulnerabilities.
- Paisterist has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
9 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-09-28 | CVE-2006-3738 | Openssl | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openssl Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. | 10.0 |
2006-09-27 | CVE-2006-5026 | Paisterist | Remote Security vulnerability in Paisterist Simple Http Scanner 0.1/0.2 Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.3 have unknown impact and attack vectors. | 10.0 |
2006-09-27 | CVE-2006-5025 | Paisterist | Remote Security vulnerability in Paisterist Simple Http Scanner 0.1 Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.2 have unknown impact and attack vectors. | 10.0 |
2006-09-27 | CVE-2006-5024 | Paisterist | Multiple Unspecified vulnerability in Paisterist Simple Http Scanner 0.1/0.2/0.3 Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.4 have unknown impact and attack vectors. | 10.0 |
2006-09-27 | CVE-2006-5008 | IBM | Local Privilege Escalation and Denial of Service vulnerability in IBM AIX 5.2.0/5.3.0 Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows attackers to execute arbitrary commands and overwrite arbitrary files via unspecified vectors. | 10.0 |
2006-09-26 | CVE-2006-4996 | Joomla | Remote Security vulnerability in Joomlalib Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 for Joomla! allows remote attackers to have an unknown impact, related to "Joomla globals hacked by script kiddies." | 10.0 |
2006-09-27 | CVE-2006-5051 | Openbsd | Race Condition vulnerability in Openbsd Openssh Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. | 9.3 |
2006-09-27 | CVE-2006-4694 | Microsoft | Code Injection vulnerability in Microsoft Office 2000/2003/Xp Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. | 9.3 |
2006-09-27 | CVE-2006-5014 | Cpanel | Remote Privilege Escalation vulnerability in CPanel SUID Wrapper Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin. | 9.0 |
69 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-09-29 | CVE-2006-5075 | SUN | Remote Denial of Service vulnerability in SUN Solaris 10.0 The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris 10 before 20060926 allows remote attackers to cause a denial of service (system crash) via unspecified vectors related to an SSL client. | 7.8 |
2006-09-29 | CVE-2006-5073 | SUN | Remote Denial of Service vulnerability in Sun Solaris Malformed IPv6 Packets Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets, a different vulnerability than CVE-2006-5013. | 7.8 |
2006-09-28 | CVE-2006-2940 | Openssl | Resource Management Errors vulnerability in Openssl OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. | 7.8 |
2006-09-28 | CVE-2006-2937 | Openssl | Resource Management Errors vulnerability in Openssl OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. | 7.8 |
2006-09-27 | CVE-2006-5013 | SUN | Denial of Service vulnerability in SUN Solaris 10.0 Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 systems using IPv6, allows remote attackers to cause a denial of service (kernel panic) via crafted IPv6 packets. | 7.8 |
2006-09-27 | CVE-2006-4924 | Openbsd | Resource Management Errors vulnerability in Openbsd Openssh sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. | 7.8 |
2006-09-29 | CVE-2006-5099 | Andreas Gohr | Remote Security vulnerability in Andreas Gohr Dokuwiki Release20060305/Release20060309/Release20060309E lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert. | 7.5 |
2006-09-29 | CVE-2006-5097 | Net2Ftp | Unspecified vulnerability in Net2Ftp ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in net2ftp, possibly 0.1 through 0.62, allows remote attackers to execute arbitrary PHP code via a URL in the application_rootdir parameter. | 7.5 |
2006-09-29 | CVE-2006-5095 | Myphotos | Remote File Include vulnerability in Myphotos 0.1.3Bbeta ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in MyPhotos 0.1.3b beta allows remote attackers to execute arbitrary PHP code via the includesdir parameter. | 7.5 |
2006-09-29 | CVE-2006-5093 | Paul Schudar | Code Injection vulnerability in Paul Schudar Tagmin Control Center 2.1.Bbuild2 PHP remote file inclusion vulnerability in index.php in Tagmin Control Center in TagIt! Tagboard 2.1.B Build 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | 7.5 |
2006-09-29 | CVE-2006-5092 | A Blog | Remote File Include vulnerability in A-Blog 2 PHP remote file inclusion vulnerability in navigation/menu.php in A-Blog 2 allows remote attackers to execute arbitrary PHP code via a URL in the navigation_start parameter. | 7.5 |
2006-09-29 | CVE-2006-5089 | MY BIC | Remote File Include vulnerability in My-Bic 0.6.5 ** DISPUTED ** PHP remote file inclusion vulnerability in mybic_server.php in Jim Plush My-BIC 0.6.5 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | 7.5 |
2006-09-29 | CVE-2006-5088 | Phpheaven | Local File Include vulnerability in PHPheaven PHPmychat 0.1 PHP remote file inclusion vulnerability in connected_users.lib.php3 in phpHeaven phpMyChat 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ChatPath parameter. | 7.5 |
2006-09-29 | CVE-2006-5087 | Evobb | Remote File Include vulnerability in EvoBB Path Parameter Multiple PHP remote file inclusion vulnerabilities in evoBB 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter in (1) track.php or (2) connect.php. | 7.5 |
2006-09-29 | CVE-2006-5085 | Pixel Motion | Remote Command Execution vulnerability in Pixel Motion Pixel Motion Blog 2.1.1 Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers to execute arbitrary PHP code via the nom_blog parameter, which is injected into include/variables.php. | 7.5 |
2006-09-29 | CVE-2006-5084 | Skype Technologies | Improper Input Validation vulnerability in Skype Technologies Skype Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null dereference. | 7.5 |
2006-09-29 | CVE-2006-5083 | Phpbb Security | Remote Security vulnerability in Importal PHP remote file inclusion vulnerability in includes/functions_portal.php in Integrated MODs (IM) Portal 1.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
2006-09-29 | CVE-2006-5082 | Sugarcrm | Arbitrary Command Execution vulnerability in Sugar Suite Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) before 4.2.1 Patch C (20060917) has unspecified impact, related to code execution, and unspecified attack vectors. | 7.5 |
2006-09-29 | CVE-2006-5081 | JL Webworks | Unspecified vulnerability in JL Webworks Quickblogger 1.4 PHP remote file inclusion vulnerability in acc.php in QuickBlogger (QB) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | 7.5 |
2006-09-29 | CVE-2006-5079 | PHP Arena | Remote File Include vulnerability in PABugs Class.MySQL.PHP PHP remote file inclusion vulnerability in class.mysql.php in Matt Humphrey paBugs 2.0 Beta 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_to_bt_dir parameter. | 7.5 |
2006-09-29 | CVE-2006-5078 | Polaring | Remote File Include vulnerability in Polaring 00.04.03 PHP remote file inclusion vulnerability in view/general.php in Kristian Niemi Polaring 00.04.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[dirMain] parameter. | 7.5 |
2006-09-29 | CVE-2006-5076 | Back END | Remote File Include vulnerability in Back-End CMS 0.4.5 Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End 0.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter in (1) admin/index.php, (2) Facts.php, or (3) search.php. | 7.5 |
2006-09-28 | CVE-2006-5068 | Brudaswen | Remote File Include vulnerability in BrudaNews/GrudaGB PHP remote file inclusion vulnerability in admin/index.php in Brudaswen (1) BrudaNews 1.1 and earlier and (2) BrudaGB 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the o parameter. | 7.5 |
2006-09-28 | CVE-2006-5067 | PHP System Administration Toolkit | Unspecified vulnerability in PHP System Administration Toolkit PHP System Administration Toolkit ** DISPUTED ** PHP remote file inclusion vulnerability in loader.php in PHP System Administration Toolkit (PHPSaTK) allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config] parameter. | 7.5 |
2006-09-28 | CVE-2006-5062 | Pblang | Remote File Include vulnerability in PBLang Lang_NL.PHP PHP remote file inclusion vulnerability in templates/pb/language/lang_nl.php in PBLang (PBL) 4.66z and earlier allows remote attackers to execute arbitrary PHP code via a URL in the temppath parameter. | 7.5 |
2006-09-28 | CVE-2006-5061 | Advanced Clan Script | Remote File Include vulnerability in AVCX MCF.PHP PHP remote file inclusion vulnerability in mcf.php in Advanced-Clan-Script (AVCX) 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. | 7.5 |
2006-09-28 | CVE-2006-5058 | Activision | Remote Buffer Overflow vulnerability in Activision products Buffer overflow in (1) Call of Duty 1.5b and earlier, (2) Call of Duty United Offensive 1.51b and earlier, and (3) Call of Duty 2 1.3 and earlier allows remote attackers to execute arbitrary code via a long map argument to the "callvote map" command. | 7.5 |
2006-09-28 | CVE-2006-5055 | Forum ONE | Code Injection vulnerability in Forum ONE Syntaxcms 1.1.1/1.1.2/1.2.1 PHP remote file inclusion vulnerability in admin/testing/tests/0004_init_urls.php in syntaxCMS 1.1.1 through 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the init_path parameter. | 7.5 |
2006-09-28 | CVE-2006-5054 | Iyzi Forum | SQL Injection vulnerability in Iyzi Forum Uye_Ayrinti.ASP SQL injection vulnerability in uye/uye_ayrinti.asp in iyzi Forum 1 Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the uye_nu parameter. | 7.5 |
2006-09-28 | CVE-2006-5053 | WEB News | Remote File Include vulnerability in Web-News Template.PHP PHP remote file inclusion vulnerability in webnews/template.php in Web-News 1.6.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content_page parameter. | 7.5 |
2006-09-27 | CVE-2006-5049 | Joomla | Remote Security vulnerability in Classifieds Component Unspecified vulnerability in Classifieds (com_classifieds) component 1.3 and earlier for Joomla! has unspecified impact and attack vectors. | 7.5 |
2006-09-27 | CVE-2006-5047 | Joomla | Remote Security vulnerability in Rs Gallery2 Unspecified vulnerability in rsgallery2.html.php in RS Gallery2 component (com_rsgallery2) before 1.11.3 for Joomla! allows attackers to execute arbitrary code. | 7.5 |
2006-09-27 | CVE-2006-5046 | Joomla | Remote Security vulnerability in Rs Gallery2 Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3 and earlier for Joomla! has unspecified impact and attack vectors, related to lack of "hardened language files." | 7.5 |
2006-09-27 | CVE-2006-5044 | Joomla Mambo | Remote Security vulnerability in Prince Clan Chess Component Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors. | 7.5 |
2006-09-27 | CVE-2006-5042 | Joomla | Remote Security vulnerability in Joomla COM Mosmedia and Mosmedia Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier for Joomla! has unspecified impact and attack vectors. | 7.5 |
2006-09-27 | CVE-2006-5041 | Joomla | Remote Security vulnerability in Com Hotproperties Unspecified vulnerability in Hot Properties (possibly com_hotproperties) 0.97 and earlier for Joomla! has unspecified impact and attack vectors. | 7.5 |
2006-09-27 | CVE-2006-5040 | Joomla | Remote Security vulnerability in Com Sef Unspecified vulnerability in SEF404x (com_sef) for Joomla! has unspecified impact and attack vectors. | 7.5 |
2006-09-27 | CVE-2006-5039 | Joomla | Remote Security vulnerability in Joomla COM Events and Events Module Unspecified vulnerability in Events 1.3 beta module (com_events) for Joomla! has unspecified impact and attack vectors. | 7.5 |
2006-09-27 | CVE-2006-5038 | Fiwin | Unspecified vulnerability in Fiwin Ss28S Wifi Voip SIP Skype Phone 20070201 The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, has a hard-coded username and password, which allows remote attackers to gain administrative access via telnet. | 7.5 |
2006-09-27 | CVE-2006-5032 | Phpartenaire | Remote File Include vulnerability in PHPartenaire 1.0 PHP remote file inclusion vulnerability in dix.php3 in PHPartenaire 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the url_phpartenaire parameter. | 7.5 |
2006-09-27 | CVE-2006-5030 | Exv2 | SQL Injection vulnerability in ExV2 SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. | 7.5 |
2006-09-27 | CVE-2006-5029 | Woltlab | SQL-Injection vulnerability in Burning Board SQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via the page parameter. | 7.5 |
2006-09-27 | CVE-2006-5023 | Aspindir | SQL Injection vulnerability in XWeblog Kategori.ASP SQL injection vulnerability in kategori.asp in xweblog 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the kategori parameter. | 7.5 |
2006-09-27 | CVE-2006-5022 | Pnews Systems | Remote File Include vulnerability in Pnews Systems Pnews 1.1.0 PHP remote file inclusion vulnerability in includes/global.php in Joshua Wilson pNews System 1.1.0 (aka PowerNews) allows remote attackers to execute arbitrary PHP code via a URL in the nbs parameter. | 7.5 |
2006-09-27 | CVE-2006-5021 | Redblog | Remote File Include vulnerability in Redblog 0.5 Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parameter in (2) admin/config.php, (3) common.php, and (4) admin/index.php. | 7.5 |
2006-09-27 | CVE-2006-5020 | Solidstate | Remote File Include vulnerability in SolidState Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_path parameter in manager/pages/ scripts including (1) AccountsPage.class.php, (2) AddInvoicePage.class.php, (3) AddIPAddressPage.class.php, (4) AddPaymentPage.class.php, (5) AddTaxRulePage.class.php, (6) AssignDomainPage.class.php, (7) AssignHostingPage.class.php, (8) AssignProductPage.class.php, (9) BillingPage.class.php, (10) BillingPaymentPage.class.php, (11) BrowseAccountsPage.class.php, (12) BrowseInvoicesPage.class.php, (13) ConfigureEditUserPage.class.php, (14) ConfigureNewUserPage.class.php, (15) ConfigureNewUserReceiptPage.class.php, (16) ConfigureUsersPage.class.php, (17) DeleteAccountPage.class.php, (18) DeleteDomainServicePage.class.php, (19) DeleteHostingServicePage.class.php, (20) DeleteInvoicePage.class.php, (21) DeleteProductPage.class.php, (22) DeleteServerPage.class.php, (23) DomainServicesPage.class.php, (24) DomainsPage.class.php, (25) EditAccountPage.class.php, (26) EditDomainPage.class.php, (27) EditDomainServicePage.class.php, (28) EditHostingServicePage.class.php, (29) EditPaymentPage.class.php, (30) EditProductPage.class.php, (31) EditServerPage.class.php, (32) EmailInvoicePage.class.php, (33) ExecuteOrderPage.class.php, (34) ExpiredDomainsPage.class.php, (35) FulfilledOrdersPage.class.php, (36) GenerateInvoicesPage.class.php, (37) HomePage.class.php, (38) InactiveAccountsPage.class.php, (39) IPManagerPage.class.php, (40) LoginPage.class.php, (41) LogPage.class.php, (42) ModulesPage.class.php, (43) NewAccountPage.class.php, (44) NewDomainServicePage.class.php, (45) NewProductPage.class.php, (46) OutstandingInvoicesPage.class.php, (47) PendingAccountsPage.class.php, (48) PendingOrdersPage.class.php, (49) PrintInvoicePage.class.php, (50) ProductsPage.class.php, (51) RegisterDomainPage.class.php, (52) RegisteredDomainsPage.class.php, (53) ServersPage.class.php, (54) ServicesHostingServicesPage.class.php, (55) ServicesNewHostingPage.class.php, (56) ServicesPage.class.php, (57) ServicesWebHostingPage.class.php, (58) SettingsPage.class.php, (59) TaxesPage.class.php, (60) TransferDomainPage.class.php, (61) ViewAccountPage.class.php, (62) ViewDomainServicePage.class.php, (63) ViewHostingServicePage.class.php, (64) ViewInvoicePage.class.php, (65) ViewLogMessagePage.class.php, (66) ViewOrderPage.class.php, (67) ViewProductPage.class.php, (68) ViewServerPage.class.php, (69) WelcomeEmailPage.class.php; and (70) modules/RegistrarModule.class.php, (71) modules/SolidStateModule.class.php, (72) modules/authorizeaim/authorizeaim.class.php, and (73) modules/authorizeaim/pages/AAIMConfigPage.class.php. | 7.5 |
2006-09-27 | CVE-2006-5017 | E Vision | Input Validation vulnerability in E-Vision CMS 1.0 SQL injection vulnerability in admin/all_users.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to execute arbitrary SQL commands via the from parameter. | 7.5 |
2006-09-27 | CVE-2006-5015 | Kietu | Directory Traversal vulnerability in Kietu 3.2 PHP remote file inclusion vulnerability in hit.php in Kietu 3.2 allows remote attackers to execute arbitrary PHP code via an FTP URL in the url_hit parameter. | 7.5 |
2006-09-26 | CVE-2006-4995 | Joomla | Remote Security vulnerability in Joomla BSQ Sitestats 2.1.1 PHP remote file inclusion vulnerability in BSQ Sitestats (bsq_sitestats) before 2.1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
2006-09-26 | CVE-2006-4993 | Voice OF WEB | Remote File Include vulnerability in AllMyGuests SignIn.PHP Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _AMGconfig[cfg_serverpath] parameter in (1) modules/AllMyGuests/signin.php (aka the Nuke module) and (2) AllMyGuests/signin.php (aka the standalone). | 7.5 |
2006-09-26 | CVE-2006-4992 | Joomla | Remote File Include vulnerability in Joomla Jd-Wordpress 2.0.1.0Rc2 Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php, (2) wp-feed.php, or (3) wp-trackback.php. | 7.5 |
2006-09-26 | CVE-2006-4990 | Photopost | Unspecified vulnerability in Photopost PHP PRO 4.5/4.6 Multiple PHP remote file inclusion vulnerabilities in PhotoPost allow remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter in (1) addfav.php, (2) adm-admlog.php, (3) adm-approve.php, (4) adm-backup.php, (5) adm-cats.php, (6) adm-cinc.php, (7) adm-db.php, (8) adm-editcfg.php, (9) adm-inc.php, (10) adm-index.php, (11) adm-modcom.php, (12) adm-move.php, (13) adm-options.php, (14) adm-order.php, (15) adm-pa.php, (16) adm-photo.php, (17) adm-purge.php, (18) adm-style.php, (19) adm-templ.php, (20) adm-userg.php, (21) adm-users.php, (22) bulkupload.php, (23) cookies.php, (24) comments.php, (25) ecard.php, (26) editphoto.php, (27) register.php, (28) showgallery.php, (29) showmembers.php, (30) useralbums.php, (31) uploadphoto.php, (32) search.php, or (33) adm-menu.php, different vectors than CVE-2006-4828. | 7.5 |
2006-09-26 | CVE-2006-4987 | Patrick Michaelis | Input Validation vulnerability in Patrick Michaelis Wili-Cms 0.1.1 Multiple PHP remote file inclusion vulnerabilities in Patrick Michaelis Wili-CMS allow remote attackers to execute arbitrary PHP code via a URL in the globals[content_dir] parameter in (1) example-view/templates/article.php, (2) example-view/templates/root.php, and (3) example-view/templates/dates_list.php. | 7.5 |
2006-09-26 | CVE-2006-4984 | Grayscale | Input Validation vulnerability in Grayscale Bandsite CMS 1.1 Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_path] parameter in (1) adminpanel/includes/mailinglist/mlist_xls.php and (2) adminpanel/includes/add_forms/addmp3.php. | 7.5 |
2006-09-26 | CVE-2006-4983 | Cisco | Security Bypass vulnerability in Network Access Control Cisco NAC allows quarantined devices to communicate over the network with (1) DNS, (2) DHCP, and (3) EAPoUDP, which allows attackers to bypass control methods by tunneling network traffic through one of these protocols. | 7.5 |
2006-09-25 | CVE-2006-4978 | Walter Beschmout | Input Validation vulnerability in PHPQuiz Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI. | 7.5 |
2006-09-25 | CVE-2006-4974 | Ipswitch | Remote Buffer Overflow vulnerability in Ipswitch WS FTP Server 5.08Limitededition Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command. | 7.5 |
2006-09-25 | CVE-2006-4970 | Wahm E Commerce | Remote File Include vulnerability in Pie Cart Pro Home_Path PHP remote file inclusion vulnerability in enc/content.php in WAHM E-Commerce Pie Cart Pro allows remote attackers to execute arbitrary PHP code via a URL in the Home_Path parameter. | 7.5 |
2006-09-25 | CVE-2006-4969 | Wahm E Commerce | Remote File Include vulnerability in Pie Cart Pro Inc_Dir Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce Pie Cart Pro allow remote attackers to execute arbitrary PHP code via a URL in the Inc_Dir parameter in (1) affiliates.php, (2) orders.php, (3) events.php, (4) index.php, (5) articles.php, (6) faqs.php, (7) guestbook.php, (8) catalog.php, (9) wholesale.php, (10) weblinks.php, (11) certificates.php, (12) sitesearch.php, (13) contact.php, (14) sitemap.php, (15) search.php, (16) registry.php, or (17) error.php. | 7.5 |
2006-09-25 | CVE-2006-4968 | Postnuke Software Foundation | Remote File Include vulnerability in Postnuke Software Foundation Pnphpbb 1.2G PHP remote file inclusion vulnerability in includes/functions_admin.php in PNphpBB 1.2g allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
2006-09-25 | CVE-2006-4966 | Chumpsoft | Remote File Include vulnerability in Chumpsoft PHPquestionnaire 3.12 PHP remote file inclusion vulnerability in inc/ifunctions.php in chumpsoft phpQuestionnaire (phpQ) 3.12 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[phpQRootDir] parameter. | 7.5 |
2006-09-29 | CVE-2006-5091 | HP | Security Restriction Bypass vulnerability in HP Hp-Ux 11.11/11.23 Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server (Samba) allows local users to gain privileges or obtain "unauthorized access" via unspecified vectors. | 7.2 |
2006-09-27 | CVE-2006-5011 | IBM | Local Arbitrary Command Execution vulnerability in IBM AIX 5.2.0/5.3.0 Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via a Trojan horse program, involving the "system subroutine". | 7.2 |
2006-09-27 | CVE-2006-5010 | IBM | Unspecified vulnerability in IBM AIX 5.3.0 Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows local users to execute arbitrary commands by modifying the path to point to a malicious mkdir program. | 7.2 |
2006-09-27 | CVE-2006-5009 | IBM | Local Buffer Overflow vulnerability in IBM AIX 5.2.0/5.3.0 Unspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands and overwrite arbitrary files via unspecified vectors, possibly involving a buffer overflow. | 7.2 |
2006-09-27 | CVE-2006-5006 | IBM | Local Privilege Escalation and Arbitrary File Overwrite vulnerability in IBM AIX 5.2.0/5.3.0 Buffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long directory path argument. | 7.2 |
2006-09-27 | CVE-2006-5005 | IBM | Local Privilege Escalation vulnerability in IBM AIX 5.2.0/5.3.0 Unspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via unspecified vectors involving /etc/slip.login. | 7.2 |
2006-09-27 | CVE-2006-5003 | IBM | Local Privilege Escalation vulnerability in IBM AIX 5.2.0/5.3.0 Unspecified vulnerability in the named8 command in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via unspecified vectors. | 7.2 |
2006-09-26 | CVE-2006-4172 | Freebsd | Local Denial of Service vulnerability in FreeBSD I386_Set_LDT() Integer overflow vulnerability in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-4178. | 7.2 |
58 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-09-29 | CVE-2006-5096 | Virtuemart | Input Validation vulnerability in VirtueMart Joomla ECommerce Edition Multiple cross-site scripting (XSS) vulnerabilities in index.php in VirtueMart (formerly known as mambo-phpShop) Joomla! eCommerce Edition CMS 1.0.11, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Itemid parameter in a (1) com_contact or (2) subscribe action. | 6.8 |
2006-09-29 | CVE-2006-5090 | Phoenix Evolution | Cross-Site Scripting vulnerability in Phoenix Evolution CMS Multiple cross-site scripting (XSS) vulnerabilities in Phoenix Evolution CMS (PECMS) allow remote attackers to inject arbitrary web script or HTML via the (1) mod or (2) action parameters in index.php, or the (3) pageid parameter in modules/pageedit/index.php. | 6.8 |
2006-09-27 | CVE-2006-5048 | Waltercedric Joomla | Code Injection vulnerability in Waltercedric COM Securityimages Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! allow remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter in (1) configinsert.php, (2) lang.php, (3) client.php, and (4) server.php. | 6.8 |
2006-09-27 | CVE-2006-5045 | Joomlaxt | Code Injection vulnerability in Joomlaxt COM Pollxt Unspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and earlier for Joomla! has unspecified impact and attack vectors, probably related to PHP remote file inclusion in the mosConfig_absolute_path to conf.pollxt.php. | 6.8 |
2006-09-27 | CVE-2006-5043 | Joomlaboard Joomla | Remote File Include vulnerability in Joomla Joomlaboard Component Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) file_upload.php or (2) image_upload.php, a variant of CVE-2006-3528. | 6.8 |
2006-09-27 | CVE-2006-5037 | Squiz | Unspecified vulnerability in Squiz Mysource Matrix ** DISPUTED ** MySource Matrix after 3.8 allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sq_content_src parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. | 6.8 |
2006-09-27 | CVE-2006-5036 | Squiz | Unspecified vulnerability in Squiz Mysource Classic and Mysource Matrix ** DISPUTED ** MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sq_remote_page_url parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. | 6.8 |
2006-09-25 | CVE-2006-4967 | Nextage | Cross-Site Scripting vulnerability in NextAge Cart Multiple cross-site scripting (XSS) vulnerabilities in NextAge Cart allow remote attackers to inject arbitrary web script or HTML via (1) the CatId parameter in a product category action in index.php or (2) the SearchWd parameter in an index search action in index.php. | 6.8 |
2006-09-27 | CVE-2006-5012 | SUN | Denial of Service vulnerability in Sun Solaris Syslog Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 allows local users to cause a denial of service (disable syslog) and prevent security messages from being logged via unspecified vectors. | 6.6 |
2006-09-26 | CVE-2006-5000 | Ipswitch Progress | Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. | 6.5 |
2006-09-29 | CVE-2006-4247 | Plone | Remote Security vulnerability in Plone Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration." | 6.4 |
2006-09-29 | CVE-2006-5086 | Pixel Motion | SQL-Injection vulnerability in Pixel Motion Pixel Motion Blog 2.1.1 Blog Pixel Motion 2.1.1 allows remote attackers to change the username and password for the admin user via a direct request to insere_base.php with modified (1) login and (2) pass parameters. | 6.4 |
2006-09-29 | CVE-2006-5094 | Phpbb XS | Remote File Include vulnerability in PHPbb XS PHPbb XS 2 PHP remote file inclusion vulnerability in includes/functions_kb.php in the phpBB XS 2 (Spain version) allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780 or CVE-2006-4893. | 5.1 |
2006-09-29 | CVE-2006-5077 | Minerva | Remote File Include vulnerability in Minerva 2.0.19/2.0.21/2.0.8 PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Chris Smith Minerva Build 238 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 5.1 |
2006-09-29 | CVE-2006-5074 | PHP Invoice | Cross-Site Scripting vulnerability in PHP Invoice PHP Invoice 2.2 Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2.2 allows remote attackers to inject arbitrary web script or HTML via the alert parameter. | 5.1 |
2006-09-28 | CVE-2006-5070 | Facestones | Remote File Include vulnerability in faceStones Personal Fs_Forms_Links.PHP PHP remote file inclusion vulnerability in fsl2/objects/fs_form_links.php in faceStones Personal 2.0.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[fsinit][objpath] parameter. | 5.1 |
2006-09-28 | CVE-2006-5066 | Danphpsupport | Cross-Site Scripting vulnerability in Danphpsupport 0.5 Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport 0.5, and other versions before 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in index.php or the (2) do parameter in admin.php. | 5.1 |
2006-09-28 | CVE-2006-5065 | Zoomstats | Remote File Include vulnerability in ZoomStats MySQL.PHP PHP remote file inclusion vulnerability in libs/dbmax/mysql.php in ZoomStats 1.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[lib][db][path] parameter. | 5.1 |
2006-09-28 | CVE-2006-5064 | Birdblog | Cross-Site Scripting vulnerability in BirdBlog Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entryid parameter in comment.php, (2) page parameter in index.php, or the (3) uid parameter in user.php. | 5.1 |
2006-09-28 | CVE-2006-5063 | Stefan Ritt | HTML Injection vulnerability in Stefan Ritt Elog web Logbook 2.6.1 Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote attackers to inject arbitrary web script or HTML by editing log entries in HTML mode. | 5.1 |
2006-09-28 | CVE-2006-5060 | Jamroom | Cross-Site Scripting vulnerability in Jamroom 3.0.16 Cross-site scripting (XSS) vulnerability in login.php in Jamroom 3.0.16 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the forgot parameter in the forgot mode. | 5.1 |
2006-09-28 | CVE-2006-5059 | Wired Community Software | Cross-Site Scripting vulnerability in Wired Community Software Wwwthreads 5.4/Rc3 Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads 5.4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the Cat parameter to (1) dosearch.php, (2) postlist.php, (3) showmembers.php, (4) faq_english.php, (5) online.php, (6) login.php, (7) newuser.php, (8) wwwthreads.php, (9) search.php, or (10) postlist.php. | 5.1 |
2006-09-28 | CVE-2006-5057 | Ktools NET | Cross-Site Scripting vulnerability in Photostore Multiple cross-site scripting (XSS) vulnerabilities in Ktools.net PhotoStore allow remote attackers to inject arbitrary web script or HTML via the (1) gid parameter in details.php, or the (2) photogid parameter in view_photog.php. | 5.1 |
2006-09-28 | CVE-2006-5056 | Opial | Cross-Site Scripting vulnerability in Opial Audio Video Download Management 1.0 Cross-site scripting (XSS) vulnerability in index.php in Opial Audio/Video Download Management 1.0 allows remote attackers to inject arbitrary web script or HTML via the destination parameter in the Login view. | 5.1 |
2006-09-25 | CVE-2006-4972 | Mybulletinboard | Cross-Site Scripting vulnerability in MyBulletinBoard Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter. | 5.1 |
2006-09-29 | CVE-2006-5098 | Andreas Gohr | Denial-Of-Service vulnerability in Andreas Gohr Dokuwiki Release20060305/Release20060309/Release20060309E lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image. | 5.0 |
2006-09-29 | CVE-2006-4925 | Openbsd | Denial-Of-Service vulnerability in Openbsd Openssh 4.5 packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL. | 5.0 |
2006-09-27 | CVE-2006-5052 | Openbsd | Unspecified vulnerability in Openbsd Openssh Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort." | 5.0 |
2006-09-27 | CVE-2006-5050 | ROB Landley | Directory Traversal vulnerability in ROB Landley Busybox 1.01 Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded "%2e%2e/" sequences in the URI. | 5.0 |
2006-09-27 | CVE-2006-5034 | Paul Smith Computer Services | Directory Traversal vulnerability in Paul Smith Computer Services Vcap 1.9.0Beta Directory traversal vulnerability in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
2006-09-27 | CVE-2006-5033 | Paul Smith Computer Services | Remote Denial of Service vulnerability in Paul Smith Computer Services VCAP Calendar Server Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to cause a denial of service via the session parameter, possibly related to format string specifiers or malformed URL encoding. | 5.0 |
2006-09-27 | CVE-2006-5031 | Cakefoundation | Path Traversal vulnerability in Cakefoundation Cakephp Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. | 5.0 |
2006-09-27 | CVE-2006-5028 | Swsoft | Directory Traversal vulnerability in Swsoft Plesk and Plesk Reload Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action. | 5.0 |
2006-09-27 | CVE-2006-5027 | Jeroen Vennegoor | Information Disclosure vulnerability in Jevoncms Jeroen Vennegoor JevonCMS, possibly pre alpha, allows remote attackers to obtain sensitive information via a direct request for php/main/phplib files (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysql.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, and (7) db_pgsql.inc; and (8) db_sybase.inc, which reveals the path in various error messages. | 5.0 |
2006-09-27 | CVE-2006-5019 | Information Disclosure vulnerability in Google Mini Search Appliance 3.4.14/4.4.102.M.36 Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain sensitive information via a direct request for /search with an invalid client parameter, which reveals the path in an error message. | 5.0 | |
2006-09-27 | CVE-2006-5016 | E Vision | Remote File Include vulnerability in E-Vision CMS 1.0 Unrestricted file upload vulnerability in admin/x_image.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to upload arbitrary files to the /imagebank directory. | 5.0 |
2006-09-27 | CVE-2006-5002 | IBM | Local Arbitrary File Overwrite vulnerability in IBM AIX Inventory Scout Unspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0 through 2.2.0.9 (invscoutClient_VPD_Survey) allows attackers to overwrite arbitrary files via unspecified vectors. | 5.0 |
2006-09-26 | CVE-2006-5001 | Ipswitch Progress | Information Disclosure vulnerability in WS FTP Server Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, prevents certain sensitive information from being displayed in the (1) Files and (2) Summary tabs. | 5.0 |
2006-09-26 | CVE-2006-4989 | Patrick Michaelis | Input Validation vulnerability in Patrick Michaelis Wili-Cms 0.1.1 Patrick Michaelis Wili-CMS allows remote attackers to obtain sensitive information via a direct request for (1) thumbnail.php, (2) functions/admin/all.php, (3) functions/admin/init_session.php, (4) functions/all.php, and (5) certain files in example-view/admin_templates/, which reveals the path in various error messages. | 5.0 |
2006-09-26 | CVE-2006-4986 | Grayscale | Input Validation vulnerability in Grayscale Bandsite CMS 1.1 Grayscale BandSite CMS allows remote attackers to obtain sensitive information via a direct request for (1) certain files in the includes/content directory, (2) includes/shows_preview.php, and (3) adminpanel/configform.php; and files in adminpanel/includes/ including (4) mailinglist/disphtmltbl.php, (5) mailinglist/dispxls.php, (6) mailinglist/sendshows.php, (7) previews/preview_bio.php, (8) previews/preview_genmerch.php, (9) previews/preview_fliers.php, (10) previews/preview_gbook.php, (11) previews/preview_interviews.php, (12) previews/preview_links.php, (13) previews/preview_lyrics.php, (14) previews/preview_membio.php, (15) previews/preview_merchphotos.php, (16) previews/preview_mp3s.php, (17) previews/preview_news.php, (18) previews/preview_photos.php, (19) previews/preview_releases.php, (20) previews/preview_relmerch.php, (21) previews/preview_relphotos.php, (22) previews/preview_reviews.php, (23) previews/preview_shows.php, (24) previews/preview_wearmerch.php, (25) change_forms/change_bio.php, (26) change_forms/change_fliers.php, (27) change_forms/change_gbook.php, (28) change_forms/change_gen_merch.php, (29) change_forms/change_interview.php, (30) change_forms/change_links.php, (31) change_forms/change_lyrics.php, (32) change_forms/change_members.php, (33) change_forms/change_merch.php, (34) change_forms/change_merch_pic.php, (35) change_forms/change_mp3s.php, (36) change_forms/change_news.php, (37) change_forms/change_photos.php, (38) change_forms/change_rel_merch.php, (39) change_forms/change_rel_pic.php, (40) change_forms/change_releases.php, (41) change_forms/change_reviews.php, (42) change_forms/change_shows.php, and (43) change_forms/change_wear_merch.php, which reveals the path in various error messages. | 5.0 |
2006-09-25 | CVE-2006-4979 | Walter Beschmout | Remote Security vulnerability in Phpquiz Direct static code injection vulnerability in cfgphpquiz/install.php in Walter Beschmout PhpQuiz 1.2 and earlier allows remote attackers to inject arbitrary PHP code in config.inc.php via modified configuration settings. | 5.0 |
2006-09-25 | CVE-2006-4977 | Walter Beschmout | Input Validation vulnerability in PHPQuiz Multiple unrestricted file upload vulnerabilities in (1) back/upload_img.php and (2) admin/upload_img.php in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to upload arbitrary PHP code to the phpquiz/img_quiz folder via the (a) upload, (b) ok_update, (c) image, and (d) path parameters, possibly requiring directory traversal sequences in the path parameter. | 5.0 |
2006-09-25 | CVE-2006-4976 | John LIM | Information Disclosure vulnerability in Adodb Date Library The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for (1) server.php, (2) adodb-errorpear.inc.php, (3) adodb-iterator.inc.php, (4) adodb-pear.inc.php, (5) adodb-perf.inc.php, (6) adodb-xmlschema.inc.php, and (7) adodb.inc.php; files in datadict including (8) datadict-access.inc.php, (9) datadict-db2.inc.php, (10) datadict-generic.inc.php, (11) datadict-ibase.inc.php, (12) datadict-informix.inc.php, (13) datadict-mssql.inc.php, (14) datadict-mysql.inc.php, (15) datadict-oci8.inc.php, (16) datadict-postgres.inc.php, and (17) datadict-sybase.inc.php; files in drivers/ including (18) adodb-access.inc.php, (19) adodb-ado.inc.php, (20) adodb-ado_access.inc.php, (21) adodb-ado_mssql.inc.php, (22) adodb-borland_ibase.inc.php, (23) adodb-csv.inc.php, (24) adodb-db2.inc.php, (25) adodb-fbsql.inc.php, (26) adodb-firebird.inc.php, (27) adodb-ibase.inc.php, (28) adodb-informix.inc.php, (29) adodb-informix72.inc.php, (30) adodb-mssql.inc.php, (31) adodb-mssqlpo.inc.php, (32) adodb-mysql.inc.php, (33) adodb-mysqli.inc.php, (34) adodb-mysqlt.inc.php, (35) adodb-oci8.inc.php, (36) adodb-oci805.inc.php, (37) adodb-oci8po.inc.php, (38) adodb-odbc.inc.php, (39) adodb-odbc_mssql.inc.php, (40) adodb-odbc_oracle.inc.php, (41) adodb-oracle.inc.php, (42) adodb-postgres64.inc.php, (43) adodb-postgres7.inc.php, (44) adodb-proxy.inc.php, (45) adodb-sapdb.inc.php, (46) adodb-sqlanywhere.inc.php, (47) adodb-sqlite.inc.php, (48) adodb-sybase.inc.php, (49) adodb-vfp.inc.php; file in perf/ including (50) perf-db2.inc.php, (51) perf-informix.inc.php, (52) perf-mssql.inc.php, (53) perf-mysql.inc.php, (54) perf-oci8.inc.php, (55) perf-postgres.inc.php; tests/ files (56) benchmark.php, (57) client.php, (58) test-datadict.php, (59) test-perf.php, (60) test-pgblob.php, (61) test-php5.php, (62) test-xmlschema.php, (63) test.php, (64) test2.php, (65) test3.php, (66) test4.php, (67) test5.php, (68) test_rs_array.php, (69) testcache.php, (70) testdatabases.inc.php, (71) testgenid.php, (72) testmssql.php, (73) testoci8.php, (74) testoci8cursor.php, (75) testpaging.php, (76) testpear.php, (77) testsessions.php, (78) time.php, or (79) tmssql.php, which reveals the path in various error messages. | 5.0 |
2006-09-25 | CVE-2006-4971 | Mybulletinboard | Information Disclosure vulnerability in MyBulletinBoard MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message. | 5.0 |
2006-09-25 | CVE-2006-4965 | Apple | Code Injection vulnerability in Apple Quicktime 7.1.3 Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. | 5.0 |
2006-09-26 | CVE-2006-4178 | Freebsd | Local Denial of Service vulnerability in FreeBSD I386_Set_LDT() Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) via unspecified arguments that use negative signed integers to cause the bzero function to be called with a large length parameter, a different vulnerability than CVE-2006-4172. | 4.9 |
2006-09-27 | CVE-2006-5007 | IBM | Local Privilege Escalation vulnerability in IBM AIX 5.2.0/5.3.0 Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 allows local users to local users to gain privileges via a Trojan horse program involving uux. | 4.6 |
2006-09-26 | CVE-2006-4994 | Apachefriends | Local Security vulnerability in Apachefriends Xampp 1.5.2 Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname. | 4.6 |
2006-09-26 | CVE-2006-4982 | Cisco | Security Bypass vulnerability in Network Access Control Cisco NAC maintains an exception list that does not record device properties other than MAC address, which allows physically proximate attackers to bypass control methods and join a local network by spoofing the MAC address of a different type of device, as demonstrated by using the MAC address of a disconnected printer. | 4.6 |
2006-09-26 | CVE-2006-4981 | Symantec | Security Bypass vulnerability in Sygate Network Access Control Symantec Sygate NAC allows physically proximate attackers to bypass control methods and join a local network by selecting a forged MAC address associated with an exception rule that (1) permits all non-Windows devices or (2) whitelists certain sets of Organizationally Unique Identifiers (OUIs). | 4.6 |
2006-09-29 | CVE-2006-5080 | SIX Apart | Cross-Site Scripting vulnerability in SIX Apart Movable Type Cross-site scripting (XSS) vulnerability in the search function in Six Apart Movable Type 3.3 to 3.32, and Movable Type Enterprise 1.01 and 1.02, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2006-09-28 | CVE-2006-4343 | Openssl Debian Canonical | Null Pointer Dereference vulnerability in multiple products The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. | 4.3 |
2006-09-28 | CVE-2006-5071 | Eyeos Project | Cross-Site Scripting vulnerability in eyeOS Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before 0.9.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) eyeNav and (2) system/baixar.php. | 4.3 |
2006-09-27 | CVE-2006-5035 | Paul Smith Computer Services | Cross-Site Scripting vulnerability in Paul Smith Computer Services Vcap 1.7.0 Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith Computer Services vCAP 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the statusmsg parameter in RegisterPage.cgi or (2) a URI corresponding to a nonexistent file. | 4.3 |
2006-09-26 | CVE-2006-4988 | Patrick Michaelis | Input Validation vulnerability in Patrick Michaelis Wili-Cms 0.1.1 Multiple cross-site scripting (XSS) vulnerabilities in Patrick Michaelis Wili-CMS allow remote attackers to inject arbitrary web script or HTML via (1) the query string to relocate.php, (2) the globals[pageid] parameter in example-view/inc/print_button.php, and other unspecified vectors. | 4.3 |
2006-09-26 | CVE-2006-4985 | Grayscale | Cross-Site Scripting vulnerability in Grayscale Bandsite CMS 1.1 Multiple cross-site scripting (XSS) vulnerabilities in Grayscale BandSite CMS allow remote attackers to inject arbitrary web script or HTML via (1) the max_file_size_purdy parameter in adminpanel/includes/helpfiles/help_mp3.php, (2) the message_text parameter in adminpanel/includes/mailinglist/sendemail.php, (3) the this_year parameter in includes/footer.php, and the band parameter in (4) adminpanel/includes/helpfiles/help_news.php (5) adminpanel/includes/helpfiles/help_merch.php, (6) adminpanel/includes/header.php, and (7) adminpanel/login_header.php; and includes/content/ files including (8) bio_content.php, (9) gbook_content.php, (10) interview_content.php, (11) links_content.php, (12) lyrics_content.php, (13) member_content.php, (14) merch_content.php, (15) mp3_content.php, (16) news_content.php, (17) pastshows_content.php, (18) photo_content.php, (19) releases_content.php, (20) reviews_content.php, (21) shows_content.php, and (22) signgbook_content.php. | 4.3 |
2006-09-25 | CVE-2006-4973 | Dotnetnuke | HTML Injection vulnerability in DotNetNuke Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x before 4.3.5, allows remote attackers to inject arbitrary HTML via the error parameter. | 4.3 |
2006-09-27 | CVE-2006-5018 | Contentkeeper Technologies | Information Disclosure vulnerability in ContentKeeper Accounts Password ContentKeeper 123.25 and earlier places passwords in cleartext in an INPUT element in cgi-bin/ck/changepw.cgi, which allows remote authenticated users to obtain passwords via this URI. | 4.0 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-09-26 | CVE-2006-4991 | RSA | Unspecified vulnerability in RSA Keon Certificate Authority Manager 6.5.1/6.6 RSA Keon Certificate Authority (KeonCA) Manager 6.5.1 and 6.6 allows privileged local users to hide malicious Certificate Authority (CA) activities by modifying CA auditor logs without detection by (1) modifying or deleting a <LOG BLOCK> and its signature from the XML log in a way that is not detected by the integrity check function that operates on the entire pool, or (2) modifying entries in the live log file, which is only signed during rotation. | 3.6 |
2006-09-28 | CVE-2006-5069 | Typo3 | Cross-Site Scripting vulnerability in Typo3 Indexed Search Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 2.6 |
2006-09-25 | CVE-2006-4975 | Yahoo | Cross-Site Scripting vulnerability in Yahoo! Messenger Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service. | 2.6 |
2006-09-27 | CVE-2006-5004 | IBM | Local Arbitrary File Overwrite vulnerability in IBM AIX 5.2.0/5.3.0 Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and 5.3.0 allows local users to overwrite arbitrary files via unspecified vectors. | 2.1 |