Weekly Vulnerabilities Reports > October 2 to 8, 2006

Overview

76 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 33 high severity vulnerabilities. This weekly summary report vulnerabilities in 56 products from 53 vendors including Apple, HP, Ubbcentral, Salims Softhouse, and Devellion. Vulnerabilities are notably categorized as "Cross-site Scripting", "Path Traversal", and "Code Injection".

  • 69 reported vulnerabilities are remotely exploitables.
  • 15 reported vulnerabilities have public exploit available.
  • 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 73 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 9 reported vulnerabilities.
  • Mcafee has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

2 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-10-05 CVE-2006-5156 Mcafee Remote Buffer Overflow vulnerability in Mcafee Epolicy Orchestrator and Protectionpilot

Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header.

10.0
2006-10-05 CVE-2006-5151 HP Remote Unauthorized Access and Privilege Escalation vulnerability in HP Hp-Ux 11.00/11.11/11.23

Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to "gain root access" via unspecified vectors.

10.0

33 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-10-05 CVE-2006-5160 Mozilla Javascript vulnerability in RETIRED: Mozilla Firefox

** DISPUTED ** Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006.

7.8
2006-10-05 CVE-2006-5166 PHP WEB Scripts Remote File Include vulnerability in PHP Web Scripts Easy Banner Functions.PHP

PHP remote file inclusion vulnerability in functions.php in PHP Web Scripts Easy Banner Free allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter.

7.5
2006-10-05 CVE-2006-5159 Mozilla Javascript Remote Code Execution vulnerability in Mozilla Firefox

** DISPUTED ** Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript.

7.5
2006-10-05 CVE-2006-5155 Videodb Remote File Include vulnerability in Videodb 2.0.0/2.0.2/2.2.1

PHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2.1 and earlier allows remote attackers to execute arbitrary PHP code via the config[pdf_module] parameter.

7.5
2006-10-05 CVE-2006-5154 Deluxebb Remote File Include vulnerability in DeluxeBB Sig.PHP

PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatefolder parameter.

7.5
2006-10-05 CVE-2006-5149 Openbiblio Path Traversal vulnerability in Openbiblio

Multiple directory traversal vulnerabilities in OpenBiblio before 0.5.2 allow remote attackers to include and execute arbitrary local files via a ..

7.5
2006-10-05 CVE-2006-5148 Forum82 Remote File Include vulnerability in Forum82

Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts.

7.5
2006-10-05 CVE-2006-5147 Vamp Webmail Remote File Include vulnerability in VAMP Webmail Yesno.PHTML

PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml in VAMP Webmail 2.0beta1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the no_url parameter.

7.5
2006-10-05 CVE-2006-5145 Olate Input Validation vulnerability in Olate Olatedownload 3.4.0

Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php.

7.5
2006-10-03 CVE-2006-5141 Kevin A Gordon Remote File Include vulnerability in Geotarget Script.PHP

PHP remote file inclusion vulnerability in script.php in Kevin A.

7.5
2006-10-03 CVE-2006-5140 Lappy512 SQL Injection vulnerability in Lappy512 PHP Krazy Image Host Script 0.7A

SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image Host Script (phpkimagehost) 0.7a allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-10-03 CVE-2006-5136 Ubbcentral Input Validation vulnerability in Ubbcentral Ubb.Threads 6.5.1.1

Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in Groupee UBB.threads 6.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[thispath] or (2) GLOBALS[configdir] parameter.

7.5
2006-10-03 CVE-2006-5135 A Blog Remote File Include vulnerability in A-Blog 2

Multiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) open_box, (2) middle_box, and (3) close_box parameters in (a) sources/myaccount.php; the (4) navigation_end parameter in (b) navigation/search.php and (c) navigation/donation.php; and the (6) navigation_start and (7) navigation_middle parameters in navigation/donation.php, (d) navigation/latestnews.php, and (e) navigation/links.php; different vectors than CVE-2006-5092.

7.5
2006-10-03 CVE-2006-5133 Steve Poulsen Remote Security vulnerability in Steve Poulsen Guildftpd 0.999.13

Buffer overflow in GuildFTPd 0.999.13 allows remote attackers to have an unknown impact, possibly code execution related to input containing "globbing chars."

7.5
2006-10-03 CVE-2006-5132 Phpmyagenda Remote Security vulnerability in phpMyAgenda

Multiple PHP remote file inclusion vulnerabilities in phpMyAgenda 3.0 Final and earlier allow remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter to (1) agendaplace.php3, (2) agendaplace2.php3, (3) infoevent.php3, and (4) agenda2.php3, different vectors than CVE-2006-2009.

7.5
2006-10-03 CVE-2006-5131 Salims Softhouse Remote Security vulnerability in Salims Softhouse JAF CMS 4.0

module/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allows remote attackers to execute arbitrary code within sections bounded by "<?php" and "?>", possibly due to a static code injection vulnerability involving admin/data_inc.php.

7.5
2006-10-03 CVE-2006-5128 Conpresso Input Validation vulnerability in ConPresso CMS

SQL injection vulnerability in index.php in Bartels Schoene ConPresso before 4.0.5a allows remote attackers to execute arbitrary SQL commands via the nr parameter.

7.5
2006-10-03 CVE-2006-5126 Powerportal Remote File Include vulnerability in Powerportal 1.3A

PHP remote file inclusion vulnerability in index.php in John Himmelman (aka DaRk2k1) PowerPortal 1.3a allows remote attackers to execute arbitrary PHP code via a URL in the file_name[] parameter.

7.5
2006-10-03 CVE-2006-5124 Joshua Muheim Remote File Include and Information Disclosure vulnerability in Joshua Muheim PHPmywebmin 1.0

Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim phpMyWebmin 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) target and (2) action parameters in window.php, and possibly the (3) target parameter in home.php.

7.5
2006-10-03 CVE-2006-5123 Phprojekt Remote File Include vulnerability in PHProjekt Include Path

Multiple PHP remote file inclusion vulnerabilities in Albrecht Guenther PHProjekt 5.1.x before 5.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib_path or (2) lang_path parameter in unspecified files, related to code changes intended to fix inclusion, a different vulnerability than CVE-2002-0451, CVE-2006-4204, and CVE-2006-4609.

7.5
2006-10-03 CVE-2006-5121 Postnuke Software Foundation SQL Injection vulnerability in Postnuke Software Foundation Postnuke 0.762

SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter.

7.5
2006-10-03 CVE-2006-5118 Phpselect Remote File Include vulnerability in PHPSelect Web Development Index.PHP3

PHP remote file inclusion vulnerability in index.php3 in the PDD package for PHPSelect Web Development Division allows remote attackers to execute arbitrary PHP code via a URL in the Application_Root parameter.

7.5
2006-10-03 CVE-2006-5113 Yuuki Yoshizawa Directory Traversal vulnerability in Yuuki Yoshizawa Exporia 0.3.0

Directory traversal vulnerability in common.php in Yuuki Yoshizawa Exporia 0.3.0 allows remote attackers to include and execute local files via a ..

7.5
2006-10-03 CVE-2006-5112 Intervations Remote Buffer Overflow vulnerability in Intervations Navicopa web Server 2.01

Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request.

7.5
2006-10-03 CVE-2006-5107 Devellion Input Validation vulnerability in CubeCart

Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter in view_doc.php, and (4) the order_id parameter in admin/print_order.php.

7.5
2006-10-03 CVE-2006-5105 Forum ONE Remote Security vulnerability in Forum ONE Syntaxcms 1.1.1/1.2.1/1.3

Multiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1.1.1 through 1.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the init_path parameter to admin/testing/tests/0030_init_syntax.php, or (2) an unspecified parameter to admin/testing/index.php.

7.5
2006-10-03 CVE-2006-5104 Jelsoft SQL Injection vulnerability in Jelsoft VBulletin

SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x allows remote attackers to execute arbitrary SQL commands via the templatesused parameter.

7.5
2006-10-03 CVE-2006-5103 Bbsnew Remote File Include vulnerability in Bbsnew 2.0.1

PHP remote file inclusion vulnerability in admin/index2.php in bbsNew 2.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the "right" parameter.

7.5
2006-10-03 CVE-2006-5102 Baumedia Remote File Include vulnerability in Baumedia Newswriter 1.40/1.41/1.42

PHP remote file inclusion vulnerability in include/editfunc.inc.php in Sebastian Baumann and Philipp Wolfer Newswriter SW 1.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NWCONF_SYSTEM[server_path] parameter.

7.5
2006-10-03 CVE-2006-5101 Comdev Code Injection vulnerability in Comdev CSV Importer 3.1/4.1

PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1, and (12) Comdev eCommerce 3.1, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.

7.5
2006-10-03 CVE-2006-5100 Netwin Remote File Include vulnerability in Web//News Parser.PHP

PHP remote file inclusion vulnerability in parse/parser.php in WEB//NEWS (aka webnews) 1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WN_BASEDIR parameter.

7.5
2006-10-03 CVE-2006-4394 Apple Multiple Security vulnerability in Apple Mac OS X Pre 10.4.8

A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIds to bypass service access controls and log into the system using loginwindow via unknown vectors.

7.5
2006-10-03 CVE-2006-4392 Apple
Next
Multiple Security vulnerability in Apple Mac OS X Pre 10.4.8

The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function.

7.2

36 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-10-05 CVE-2006-5164 SUM Effect Software Cross-Site Scripting vulnerability in SUM Effect Software Digishop 4.0

Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum Effect Software digiSHOP 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sortBy or (2) search parameters.

6.8
2006-10-05 CVE-2006-5152 Microsoft Cross-Site Scripting vulnerability in Microsoft IE 6.0.2900

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032.

6.8
2006-10-05 CVE-2006-5146 Yblog Cross-Site Scripting vulnerability in Yblog

Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) funk.php, or the (2) action parameter in (b) tem.php and (c) uss.php.

6.8
2006-10-05 CVE-2006-5144 Olate Input Validation vulnerability in Olate Olatedownload 3.4.0

Cross-site scripting (XSS) vulnerability in userupload.php in OlateDownload 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the description_small parameter.

6.8
2006-10-03 CVE-2006-5130 Salims Softhouse Cross-Site Scripting vulnerability in Salims Softhouse JAF CMS 4.0

Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) url, (3) title, and (4) about parameters in a forum post.

6.8
2006-10-03 CVE-2006-5129 Salims Softhouse HTML-Injection vulnerability in Salims Softhouse JAF CMS 4.0

Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) the message parameter, and possibly other parameters, in module/shout/jafshout.php (aka the shoutbox); and (2) the message body in a forum post in module/forum/topicwin.php, related to the name, email, title, date, ldate, and lname variables.

6.8
2006-10-03 CVE-2006-5127 Conpresso Input Validation vulnerability in ConPresso CMS

Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php, (2) the msg parameter in db_mysql.inc.php, and (3) the pos parameter in index.php.

6.8
2006-10-03 CVE-2006-5114 SAP Cross-Site Scripting vulnerability in SAP Internet Transaction Server 6.1/6.2

Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP Internet Transaction Server (ITS) 6.1 and 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) ~urlmime or (2) ~command parameter, different vectors than CVE-2003-0749.

6.8
2006-10-03 CVE-2006-5110 PHP Invoice Cross-Site Scripting vulnerability in PHP Invoice PHP Invoice 2.2

Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2.2 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different vector than CVE-2006-5074.

6.8
2006-10-03 CVE-2006-5108 Devellion Input Validation vulnerability in CubeCart

Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters and (5) certain language parameters in admin/nav.php; the (6) image parameter in admin/image.php; the (7) site_name, (8) la_adm_header, (9) charset, and (10) certain other parameters in admin/header.inc.php; the (12) la_pow_by parameter in footer.inc.php; and the (13) site_name parameter and (14) certain other parameters in header.inc.php.

6.8
2006-10-05 CVE-2006-5150 Openbiblio Input Validation vulnerability in OpenBiblio

SQL injection vulnerability in the reports system in OpenBiblio before 0.5.2 allows remote attackers with report privileges to execute arbitrary SQL commands via unspecified vectors.

6.5
2006-10-05 CVE-2006-5161 IBM Unspecified vulnerability in IBM Client Security Password Manager

IBM Client Security Password Manager stores and distributes saved passwords based upon the title of a website, which allows remote attackers to obtain username and password credentials by changing the title of an HTML page.

6.4
2006-10-05 CVE-2006-5167 Basilix Remote File Include vulnerability in BasiliX

Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) BSX_LIBDIR parameter in scripts in /files/ including (a) abook.php3, (b) compose-attach.php3, (c) compose-menu.php3, (d) compose-new.php3, (e) compose-send.php3, (f) folder-create.php3, (g) folder-delete.php3, (h) folder-empty.php3, (i) folder-rename.php3, (j) folders.php3, (k) mbox-action.php3, (l) mbox-list.php3, (m) message-delete.php3, (n) message-forward.php3, (o) message-header.php3, (p) message-print.php3, (q) message-read.php3, (r) message-reply.php3, (s) message-replyall.php3, (t) message-search.php3, or (u) settings.php3; and the (2) BSX_HTXDIR parameter in (v) files/login.php3.

5.1
2006-10-05 CVE-2006-5165 Skrypty Remote File Include vulnerability in Skrypty PPA Gallery 0.5.6

PHP remote file inclusion vulnerability in inc/functions.inc.php in Skrypty PPA Gallery 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[ppa_root_path] parameter.

5.1
2006-10-05 CVE-2006-5157 Trend Micro Unspecified vulnerability in Trend Micro Officescan Corporate7.3

Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the "Management Console's Remote Client Install name search".

5.1
2006-10-03 CVE-2006-5137 Ubbcentral Input Validation vulnerability in Ubbcentral Ubb.Threads 6.5.1.1

Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP code via a config[] array parameter to admin/doeditconfig.php, and then execute the code via includes/config.inc.php; and inject a reference to PHP code via a URL in the config[path] parameter, and then execute the code via (3) dorateuser.php, (4) calendar.php, and unspecified other scripts.

5.1
2006-10-03 CVE-2006-5116 Phpmyadmin Cross-Site Scripting vulnerability in PHPMyAdmin

Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php.

5.1
2006-10-03 CVE-2006-5115 KGB Local File Include vulnerability in KGB 1.87

Directory traversal vulnerability in kgcall.php in KGB 1.87 allows remote attackers to include and execute arbitrary local files via a ..

5.1
2006-10-03 CVE-2006-5106 Facileforms Cross-Site Scripting vulnerability in FacileForms

Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 for Mambo and Joomla!, when either register_globals or RG_EMULATION is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

5.1
2006-10-03 CVE-2006-4395 Apple Multiple Security vulnerability in Apple Mac OS X Pre 10.4.8

Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows context-dependent attackers to cause a denial of service ("memory corruption" and crash) via a crafted PICT image that is not properly handled by a certain "unsupported QuickDraw operation."

5.1
2006-10-03 CVE-2006-4391 Apple Multiple Security vulnerability in Apple Mac OS X Pre 10.4.8

Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to execute arbitrary code via a malformed JPEG2000 image.

5.1
2006-10-05 CVE-2006-5162 Microsoft Denial Of Service vulnerability in Microsoft Internet Explorer Content-Type

wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow.

5.0
2006-10-05 CVE-2006-5153 Kerio Local Denial of Service vulnerability in Sunbelt Kerio Personal Firewall

The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal Firewall 4.3.268 and earlier do not validate arguments passed through to SSDT functions, including NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, and NtSetInformationFile, which allows local users to cause a denial of service (crash) and possibly other impacts via unspecified vectors.

5.0
2006-10-05 CVE-2006-4511 Novell Denial of Service vulnerability in Novell GroupWise Messenger Server Nmma.EXE

Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted HTTP POST request to TCP port 8300 with a modified val parameter, which triggers a null dereference related to "zero-size strings in blowfish routines."

5.0
2006-10-03 CVE-2006-5139 Mkportal Remote Security vulnerability in MKPortal

Unspecified vulnerability in MkPortal allows remote attackers to corrupt web site content, and possibly have other impact, via a certain long Message that affects "Tables," related to the Urlobox.

5.0
2006-10-03 CVE-2006-5138 Ubbcentral Input Validation vulnerability in Ubbcentral Ubb.Threads 6.5.1.1

Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitive information via a direct request for cron/php/subscriptions.php, which reveals the path in an error message.

5.0
2006-10-03 CVE-2006-5125 Joshua Muheim Remote File Include and Information Disclosure vulnerability in Joshua Muheim PHPmywebmin 1.0

Directory traversal vulnerability in window.php, possibly used by home.php, in Joshua Muheim phpMyWebmin 1.0 allows remote attackers to obtain sensitive information via a directory name in the target parameter, which triggers a directory listing through the opendir function.

5.0
2006-10-03 CVE-2006-5117 Phpmyadmin Information Disclosure vulnerability in phpMyAdmin

phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files.

5.0
2006-10-03 CVE-2006-5111 Libksba Library Denial of Service vulnerability in Libksba Library Libksba Library 0.9.12

The libksba library 0.9.12 and possibly other versions, as used by gpgsm in the newpg package on SUSE LINUX, allows attackers to cause a denial of service (application crash) via a malformed X.509 certificate in a signature.

5.0
2006-10-03 CVE-2006-5109 Devellion Input Validation vulnerability in CubeCart

Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive information via a direct request for (1) link_navi.php or (2) spotlight.php, which reveals the path in various error messages.

5.0
2006-10-03 CVE-2006-5122 HP HTML Injection vulnerability in HP Mercury Sitescope 8.28.1.2.0

Multiple cross-site scripting (XSS) vulnerabilities in Mercury SiteScope 8.2 (8.1.2.0) allow remote authenticated users to inject arbitrary web script or HTML via (1) "any field create name field" except "create new group name" or (2) any description field.

4.9
2006-10-03 CVE-2006-4397 Apple Multiple Security vulnerability in Apple Mac OS X Pre 10.4.8

Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 through 10.4.7 prevents Kerberos tickets from being destroyed if a user does not successfully log on to a network account from the login window, which might allow later users to gain access to the original user's Kerberos tickets.

4.6
2006-10-03 CVE-2006-4387 Apple Multiple Security vulnerability in Apple Mac OS X Pre 10.4.8

Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage WebObjects applications.

4.6
2006-10-03 CVE-2006-5134 HP HTML Injection vulnerability in HP Mercury Sitescope 8.28.1.2.0

Mercury SiteScope 8.2 (8.1.2.0) allows remote authenticated users to cause a denial of service (loss of connectivity to the classic interface) via attempted HTML injection into the "new monitor description" field.

4.0
2006-10-03 CVE-2006-5120 Scott Metoyer Cross-Site Scripting vulnerability in Scott Metoyer RED Mombin 0.7

Multiple cross-site scripting (XSS) vulnerabilities in Scott Metoyer Red Mombin 0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) index.php and (2) process_login.php.

4.0
2006-10-03 CVE-2006-5119 ZEN Cart Cross-Site Scripting vulnerability in ZEN Cart ZEN Cart 1.3.5

Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_name or (2) admin_pass parameter in (a) admin/login.php, or the (3) admin_email parameter in (b) admin/password_forgotten.php.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-10-03 CVE-2006-4393 Apple Multiple Security vulnerability in Apple Mac OS X Pre 10.4.8

Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users.

3.7
2006-10-05 CVE-2006-5163 IBM Unspecified vulnerability in IBM Informix Dynamic Server 10.Ucrc1

IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack.

3.6
2006-10-05 CVE-2006-5158 Linux Remote Denial of Service vulnerability in Linux Kernel NFS LockD Dereference

The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock.

3.3
2006-10-03 CVE-2006-4390 Apple Multiple Security vulnerability in Apple Mac OS X Pre 10.4.8

CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted.

2.6
2006-10-03 CVE-2006-4399 Apple Multiple Security vulnerability in Apple Mac OS X Pre 10.4.8

User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not actually supported, which could result in less secure password management than intended.

2.1