Weekly Vulnerabilities Reports > October 9 to 15, 2006
Overview
123 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 54 high severity vulnerabilities. This weekly summary report vulnerabilities in 145 products from 92 vendors including Microsoft, SUN, Invision Power Services, Eazy Cart, and Adobe. Vulnerabilities are notably categorized as "Code Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Cross-site Scripting", and "Use After Free".
- 112 reported vulnerabilities are remotely exploitables.
- 54 reported vulnerabilities have public exploit available.
- 4 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 120 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 17 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 10 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
14 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-10-13 | CVE-2006-5288 | Cisco | Unspecified vulnerability in Cisco 2700 Wireless Location Appliance 1.1.73.0 Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a default administrator username "root" and password "password," which allows remote attackers to obtain administrative privileges, aka Bug ID CSCsb92893. | 10.0 |
2006-10-10 | CVE-2006-4812 | PHP | Code Injection vulnerability in PHP Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c). | 10.0 |
2006-10-10 | CVE-2006-4693 | Microsoft | Remote Code Execution vulnerability in Microsoft Word Mac Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651. | 9.3 |
2006-10-10 | CVE-2006-3877 | Microsoft | Code Injection vulnerability in Microsoft products Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. | 9.3 |
2006-10-10 | CVE-2006-3864 | Microsoft | Remote Code Execution vulnerability in Microsoft Office Malformed Record Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868. | 9.3 |
2006-10-10 | CVE-2006-3651 | Microsoft | Remote Code Execution vulnerability in Microsoft Word Mail Merge Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693. | 9.3 |
2006-10-10 | CVE-2006-3650 | Microsoft | Code Injection vulnerability in Microsoft Office Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868. | 9.3 |
2006-10-10 | CVE-2006-3647 | Microsoft | Numeric Errors vulnerability in Microsoft Office Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693. | 9.3 |
2006-10-10 | CVE-2006-3434 | Microsoft | Remote Code Execution vulnerability in Microsoft Office Improper Memory Access Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption. | 9.3 |
2006-10-10 | CVE-2006-3876 | Microsoft | Code Injection vulnerability in Microsoft Office Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694. | 9.3 |
2006-10-10 | CVE-2006-3435 | Microsoft | Code Injection vulnerability in Microsoft Office PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. | 9.3 |
2006-10-10 | CVE-2006-5177 | Mailenable | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mailenable Enterprise and Mailenable Professional The NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to (1) execute arbitrary code via unspecified vectors involving crafted base64 encoded NTLM Type 3 messages, or (2) cause a denial of service via crafted base64 encoded NTLM Type 1 messages, which trigger a buffer over-read. | 9.3 |
2006-10-10 | CVE-2006-5176 | Mailenable | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mailenable Enterprise and Mailenable Professional Buffer overflow in NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to execute arbitrary code via "the signature field of NTLM Type 1 messages". | 9.3 |
2006-10-10 | CVE-2006-4696 | Microsoft | Code Injection vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability." | 9.0 |
54 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-10-12 | CVE-2006-5248 | Eazy Cart | Information Disclosure vulnerability in Eazy Cart Eazy Cart 2.01 Eazy Cart stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a customer database via a direct request for admin/config/customer.dat. | 7.8 |
2006-10-11 | CVE-2006-5233 | Polycom | Denial Of Service vulnerability in Polycom Soundpoint IP 301 1.4.1.0040 Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0040, allows remote attackers to cause a denial of service (reboot) via (1) a long URL sent to the HTTP daemon and (2) unspecified manipulations as demonstrated by the Nessus http_fingerprinting_hmap.nasl script. | 7.8 |
2006-10-11 | CVE-2006-5231 | Grandstream | Denial Of Service vulnerability in Grandstream Gxp-2000 1.1.0.5 Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, allows remote attackers to cause a denial of service (hang or reboot) via a large amount of ASCII data sent to port (1) 5060/UDP, (2) 5062/UDP, (3) 5064/UDP, (4) 5066/UDP, (5) 9876/UDP, or (6) 26789/UDP. | 7.8 |
2006-10-10 | CVE-2006-5196 | Motorola | Remote Denial of Service vulnerability in Motorola Surfboard Sb4200 The HTTP interface in the Motorola SURFboard SB4200 Cable Modem allows remote attackers to cause a denial of service (device crash) via a request with MfcISAPICommand set to SecretProc and a long string in the Secret parameter. | 7.8 |
2006-10-10 | CVE-2006-5175 | Buffalotech | Cross-Site Request Forgery (CSRF) vulnerability in Buffalotech Terastation Hd-Htgl Firmware 2.05Beta1 Cross-site request forgery (CSRF) vulnerability in the administrative interface for the TeraStation HD-HTGL firmware 2.05 beta 1 and earlier allows remote attackers to modify configurations or delete arbitrary data via unspecified vectors. | 7.6 |
2006-10-13 | CVE-2006-5290 | Xerox | Unspecified vulnerability in Xerox products The ESS/ Network Controller and MicroServer Web Server components of Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265 and 275 allow remote attackers to bypass authentication and execute arbitrary code via "WebUI command injection on TCP/IP hostname." | 7.5 |
2006-10-13 | CVE-2006-5289 | Vtiger | Remote File Include vulnerability in Vtiger CRM 4.2 Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the calpath parameter to (1) modules/Calendar/admin/update.php, (2) modules/Calendar/admin/scheme.php, or (3) modules/Calendar/calendar.php. | 7.5 |
2006-10-13 | CVE-2006-5285 | Xeoport | SQL Injection vulnerability in XeoPort SQL injection vulnerability in index.php in XeoPort 0.81, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the xp_body_text parameter. | 7.5 |
2006-10-13 | CVE-2006-5283 | Minichat | Remote File Include vulnerability in Minichat 6.0 PHP remote file inclusion vulnerability in ftag.php in Minichat 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the mostrar parameter. | 7.5 |
2006-10-13 | CVE-2006-5282 | SH News | Remote File Include vulnerability in SH-News Scriptpath Parameter Multiple PHP remote file inclusion vulnerabilities in SH-News 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter to (1) report.php, (2) archive.php, (3) comments.php, (4) init.php, or (5) news.php. | 7.5 |
2006-10-13 | CVE-2006-5281 | Navyism | Remote File Include vulnerability in N@Board Naboard_PNR.PHP PHP remote file inclusion vulnerability in naboard_pnr.php in n@board 3.1.9e and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skin parameter. | 7.5 |
2006-10-12 | CVE-2006-5263 | Phpmyagenda | Local File Include vulnerability in PhpMyAgenda Language Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2006-10-12 | CVE-2006-5261 | Phpmynews | Remote File Include vulnerability in PHPMyNews CFG_INCLUDE_DIR Multiple PHP remote file inclusion vulnerabilities in PHPMyNews 1.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cfg_include_dir parameter in (1) disp_form.php3, (2) disp_smileys.php3, (3) little_news.php3, and (4) index.php3 in include/. | 7.5 |
2006-10-12 | CVE-2006-5260 | Compteur | Remote Security vulnerability in Compteur 2 PHP remote file inclusion vulnerability in compteur.php in Compteur 2 allows remote attackers to execute arbitrary PHP code via a URL in the cp parameter. | 7.5 |
2006-10-12 | CVE-2006-5259 | Compteur | Remote File Include vulnerability in Compteur 2 PHP remote file inclusion vulnerability in param_editor.php in Compteur 2 allows remote attackers to execute arbitrary PHP code via a URL in the folder parameter. | 7.5 |
2006-10-12 | CVE-2006-5257 | Ciamos | Remote File Include vulnerability in Ciamos CMS Config.PHP PHP remote file inclusion vulnerability in modules/forum/include/config.php in Ciamos Content Management System (CMS) 0.9.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_cache_path parameter. | 7.5 |
2006-10-12 | CVE-2006-5256 | Claroline | Remote File Include vulnerability in Claroline Import.lib.PHP PHP remote file inclusion vulnerability in claroline/inc/lib/import.lib.php in Claroline 1.8.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter. | 7.5 |
2006-10-12 | CVE-2006-5254 | Mamboxchange | Remote File Include vulnerability in Extended Registration Component mosConfig_absolute_path PHP remote file inclusion vulnerability in registration_detailed.inc.php in Mark Van Bellen Detailed User Registration (com_registration_detailed), aka regdetailed, 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
2006-10-12 | CVE-2006-5253 | Dayana Networks | Remote Security vulnerability in Dayana Networks PHPonline 2.1 PHP remote file inclusion vulnerability in strload.php in Dayana Networks phpOnline (aka PHP-Online) 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the LangFile parameter. | 7.5 |
2006-10-12 | CVE-2006-5251 | Deep CMS | Remote File Include vulnerability in Deep CMS Deep CMS 2.0A PHP remote file inclusion vulnerability in index.php in Deep CMS 2.0a allows remote attackers to execute arbitrary PHP code via a URL in the ConfigDir parameter. | 7.5 |
2006-10-12 | CVE-2006-5249 | Tagit | Remote File Include vulnerability in Tagit Tagboard 2.1.Bbuild2 PHP remote file inclusion vulnerability in tagmin/delTagUser.php in TagIt! Tagboard 2.1.B Build 2 (tagit2b) allows remote attackers to execute arbitrary PHP code via a URL in the configpath parameter. | 7.5 |
2006-10-12 | CVE-2006-5245 | Eazy Cart | Security Bypass vulnerability in Eazy Cart Eazy Cart allows remote attackers to bypass authentication and gain administrative access via a direct request for admin/home/index.php, and possibly other PHP scripts under admin/. | 7.5 |
2006-10-12 | CVE-2006-5243 | Opendock | Remote File Include vulnerability in Easy Doc Doc_Directory Parameter Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Doc 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) down_stat.php, (2) file.php, (3) find_file.php, (4) lib_file.php, and (5) lib_form_file.php in sw/lib_up_file/; (6) find_comment.php, (7) comment.php, and (8) lib_comment.php in sw/lib_comment/; (9) sw/lib_find/find.php; and other unspecified PHP scripts. | 7.5 |
2006-10-12 | CVE-2006-5242 | Etomite | SQL Injection vulnerability in Etomite 0.6 SQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2006-10-11 | CVE-2006-5235 | Dimension OF Phpbb | Remote Security vulnerability in Dimension of phpBB PHP remote file inclusion vulnerability in includes/functions_kb.php in Dimension of phpBB 0.2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
2006-10-11 | CVE-2006-5230 | Freeforum | Remote File Include vulnerability in FreeForum FPath Variable PHP remote file inclusion vulnerability in forum.php in FreeForum 0.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. | 7.5 |
2006-10-10 | CVE-2006-3888 | AOL | Buffer Overflow vulnerability in AOL You've Got Pictures ActiveX Controls Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload ActiveX control (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), as used in America Online 9.0 Security Edition, allows remote attackers to execute arbitrary code via a long argument to the SetAlbumName method. | 7.5 |
2006-10-10 | CVE-2006-3887 | AOL | Buffer Overflow vulnerability in AOL You've Got Pictures ActiveX Controls Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
2006-10-10 | CVE-2006-4686 | Microsoft | Buffer Overrun vulnerability in Microsoft XML Core Services and XML Parser Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page. | 7.5 |
2006-10-10 | CVE-2006-5228 | ROB Hensley | SQL Injection vulnerability in Ackertodo 4.0/4.2 Multiple SQL injection vulnerabilities in the Google Gadget login.php (gadget/login.php) in Rob Hensley ackerTodo 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) up_login, (2) up_pass, or (3) up_num_tasks parameters. | 7.5 |
2006-10-10 | CVE-2006-5226 | Freenews | Remote File Include vulnerability in Freenews 1.1 PHP remote file inclusion vulnerability in moteur/moteur.php in Prologin.fr Freenews 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. | 7.5 |
2006-10-10 | CVE-2006-5225 | AAI Portal | SQL Injection vulnerability in Aai-Portal Aaiportal 1.3.2 Multiple SQL injection vulnerabilities in AAIportal before 1.4.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2006-10-10 | CVE-2006-5224 | Dimitri Seitz | Remote File Include vulnerability in Dimitri Seitz Security Suite IP Logger 1.0.0 PHP remote file inclusion vulnerability in includes/logger_engine.php in Dimitri Seitz Security Suite IP Logger 1.0.0 in dwingmods for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
2006-10-10 | CVE-2006-5223 | Nivisec | Remote File Include vulnerability in Nivisec User Viewed Posts Tracker 1.0 PHP remote file inclusion vulnerability in includes/functions_user_viewed_posts.php in the Nivisec User Viewed Posts Tracker module 1.0 and earlier for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
2006-10-10 | CVE-2006-5222 | Dimension OF Phpbb | Remote File Include vulnerability in Dimension of PHPbb Dimension of PHPbb 0.2.6 Multiple PHP remote file inclusion vulnerabilities in Dimension of phpBB 0.2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/themen_portal_mitte.php or (2) includes/logger_engine.php. | 7.5 |
2006-10-10 | CVE-2006-5221 | Cahier DE Textes | SQL Injection vulnerability in Cahier DE Textes Cahier DE Textes 2.0 Multiple SQL injection vulnerabilities in Cahier de texte 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) matiere_ID parameter in lire.php or the (2) classe_ID parameter in lire_a_faire.php. | 7.5 |
2006-10-10 | CVE-2006-5217 | Emek Portal | SQL Injection vulnerability in Emek Portal Emek Portal 2.1 SQL injection vulnerability in giris_yap.asp in Emek Portal 2.1 allows remote attackers to execute arbitrary SQL commands by simultaneously injecting into the user name and pass fields in uyegiris.asp, also known as the Kullanici Adi (k_a) and Sifre (sifre) parameters. | 7.5 |
2006-10-10 | CVE-2006-5216 | Sergey Lyubka | Remote Buffer Overflow vulnerability in Sergey Lyubka Simple Httpd 1.34 Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI. | 7.5 |
2006-10-10 | CVE-2006-5209 | Phpbb Group | Remote Security vulnerability in phpBB PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
2006-10-10 | CVE-2006-5208 | Deltascripts | SQL Injection vulnerability in Deltascripts PHP Classifieds 7.1 Multiple SQL injection vulnerabilities in PHP Classifieds 7.1 allow remote attackers to execute arbitrary SQL commands via (1) the catid_search parameter in search.php and (2) the catid parameter in index.php. | 7.5 |
2006-10-10 | CVE-2006-5206 | Invision Power Services | SQL Injection vulnerability in Invision Gallery SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used. | 7.5 |
2006-10-10 | CVE-2006-5193 | Wikyblog | Remote File Include vulnerability in RETIRED: WikyBlog PHP remote file inclusion vulnerability in index.php in Josh Schmidt WikyBlog 1.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includeDir parameter. | 7.5 |
2006-10-10 | CVE-2006-5192 | Phpgreetz | Remote File Include vulnerability in PHPGreetz Footer.PHP PHP remote file inclusion vulnerability in includes/footer.php in phpGreetz 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHPGREETZ_INCLUDE_DIR parameter. | 7.5 |
2006-10-10 | CVE-2006-5189 | Klinza | Remote File Include vulnerability in Klinza Professional CMS Show_Hlp.PHP PHP remote file inclusion vulnerability in funzioni/lib/show_hlp.php in klinza professional cms 5.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appl[APPL] parameter. | 7.5 |
2006-10-10 | CVE-2006-5187 | Bulletin Board ACE | Remote File Include vulnerability in Bulletin Board ACE Bulletin Board ACE 3.4 PHP remote file inclusion vulnerability in includes/functions.php in Bulletin Board Ace (BBaCE) 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
2006-10-10 | CVE-2006-5185 | Hamweather | Unspecified vulnerability in Hamweather 3.9.8.3 Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and earlier allows remote attackers to execute arbitrary code via a modified query string, which is supplied to an eval function call within the do_parse_code function. | 7.5 |
2006-10-10 | CVE-2006-5183 | Dayfox Designs | Remote Security vulnerability in Dayfox Designs Dayfox Blog 2.0 Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs Dayfox Blog 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the slogin parameter in the (1) adminlog.php, (2) postblog.php, (3) index.php, or (4) index2.php script in /edit. | 7.5 |
2006-10-10 | CVE-2006-5182 | DAN Jensen | Remote File Include vulnerability in Travelsized CMS Frontpage.PHP PHP remote file inclusion vulnerability in frontpage.php in Dan Jensen Travelsized CMS 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter. | 7.5 |
2006-10-10 | CVE-2006-5181 | Joshua Muheim | Unspecified vulnerability in Joshua Muheim PHPmywebmin 1.0 Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim phpMyWebmin 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the target parameter in (1) change_preferences2.php, (2) create_file.php, (3) upload_local.php, and (4) upload_multi.php, different vectors than CVE-2006-5124. | 7.5 |
2006-10-10 | CVE-2006-5180 | Baumedia | Remote Security vulnerability in Newswriter 1.40/1.41 PHP remote file inclusion vulnerability in include/main.inc.php in Sebastian Baumann and Philipp Wolfer Newswriter SW 1.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NWCONF_SYSTEM[server_path] parameter, a different vector than CVE-2006-5102. | 7.5 |
2006-10-10 | CVE-2006-5170 | Redhat Fedoraproject Debian | Improper Handling of Exceptional Conditions vulnerability in multiple products pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. | 7.5 |
2006-10-10 | CVE-2006-5143 | Broadcom CA | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service. | 7.5 |
2006-10-10 | CVE-2006-5142 | Broadcom | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Broadcom Brightstor Arcserve Backup 11.5 Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 client and server allows remote attackers to execute arbitrary code via long messages to the CheyenneDS Mailslot. | 7.5 |
2006-10-10 | CVE-2006-4997 | Linux Canonical Redhat | Use After Free vulnerability in multiple products The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference). | 7.5 |
47 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-10-13 | CVE-2006-5280 | Cuttlefish Multimedia LTD | Code Injection vulnerability in Cuttlefish Multimedia Ltd. Leicestershire Communityportals PHP remote file inclusion vulnerability in includes/import-archive.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter. | 6.8 |
2006-10-12 | CVE-2006-5264 | Mysqldumper | Cross-Site Scripting vulnerability in Mysqldumper 1.21 Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper 1.21 b6 allows remote attackers to inject arbitrary web script or HTML via the db parameter. | 6.8 |
2006-10-12 | CVE-2006-5247 | Eazy Cart | Cross-Site Scripting vulnerability in Eazy Cart Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow remote attackers to inject arbitrary web script or HTML via easycart.php, possibly related to the (1) des and (2) qty parameters in an add action, and via other unspecified vectors. | 6.8 |
2006-10-10 | CVE-2006-5227 | Torrentflux | Cross-Site Scripting vulnerability in Torrentflux 2.1 Cross-site scripting (XSS) vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the $user_agent variable, probably obtained from the User-Agent HTTP header, and possibly (2) the $ip_resolved variable. | 6.8 |
2006-10-10 | CVE-2006-5195 | Wheatblog | HTML Injection vulnerability in Wheatblog 1.0/1.1 Multiple cross-site scripting (XSS) vulnerabilities in Wheatblog 1.0 and 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.8 |
2006-10-12 | CVE-2006-5262 | Hastymail | Unspecified vulnerability in Hastymail CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary IMAP commands via a CRLF sequence in a mailbox name. | 6.5 |
2006-10-10 | CVE-2006-5211 | Trend Micro | Unspecified vulnerability in Trend Micro Officescan Corporate Edition 6.5/7.0/7.3 Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to remove OfficeScan clients via a certain HTTP request that invokes the OfficeScan CGI program. | 6.4 |
2006-10-10 | CVE-2006-5178 | PHP | Race Condition vulnerability in PHP Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. | 6.2 |
2006-10-10 | CVE-2006-5072 | Mono | Unspecified vulnerability in Mono 1.0/2.0 The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack. | 6.2 |
2006-10-10 | CVE-2006-5179 | Intoto | Denial-Of-Service vulnerability in Intoto Igateway Ssl-Vpn and Igateway VPN Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification, a related issue to CVE-2006-2940. | 5.4 |
2006-10-13 | CVE-2006-5287 | Xeobook | SQL Injection vulnerability in Xeobook 0.93 Multiple SQL injection vulnerabilities in sign.php in Xeobook 0.93 allow remote attackers to execute arbitrary SQL commands via (1) the User-Agent HTTP header, or the (2) gb_entry_text, (3) gb_location, (4) gb_fullname, or (5) gb_sex parameters. | 5.1 |
2006-10-13 | CVE-2006-5284 | PHP News Reader | Remote File Include vulnerability in PHP News Reader PHP News Reader 2.6.2 PHP remote file inclusion vulnerability in auth/phpbb.inc.php in Shen Cheng-Da PHP News Reader (aka pnews) 2.6.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CFG[auth_phpbb_path] parameter. | 5.1 |
2006-10-12 | CVE-2006-5258 | Asbru Software | Code Injection vulnerability in Asbru Software products The spell checking component of (1) Asbru Web Content Management before 6.1.22, (2) Asbru Web Content Editor before 6.0.22, and (3) Asbru Website Manager before 6.0.22 allows remote attackers to execute arbitrary commands via an unspecified parameter that is not sanitized before Aspell is invoked. | 5.1 |
2006-10-12 | CVE-2006-5252 | Webmedia Explorer | Remote File Include vulnerability in Webmedia Explorer Webmedia Explorer 2.8.7 PHP remote file inclusion vulnerability in includes/core.lib.php in Webmedia Explorer 2.8.7 allows remote attackers to execute arbitrary PHP code via a URL in the path_include parameter. | 5.1 |
2006-10-12 | CVE-2006-5250 | Blueshoes | Remote File Include vulnerability in BlueShoes Framework GoogleSearch.PHP PHP remote file inclusion vulnerability in lib/googlesearch/GoogleSearch.php in BlueShoes 4.6_public and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APP[path][lib] parameter, a different vector than CVE-2006-2864. | 5.1 |
2006-10-12 | CVE-2006-5244 | Opendock | Remote File Include vulnerability in Easy Blog Doc_Directory Parameter Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Blog 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) down_stat.php, (2) file.php, (3) find_file.php, (4) lib_read_file.php, and (5) lib_form_file.php in sw/lib_up_file; (6) find_comment.php, (7) comment.php, and (8) lib_comment.php in sw/lib_comment/; (9) sw/lib_find/find.php; and other unspecified vectors. | 5.1 |
2006-10-12 | CVE-2006-5241 | Opendock | Remote File Include vulnerability in Easy Gallery Doc_Directory Parameter Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Gallery 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) file.php; (2) find_user.php, (3) lib_user.php, (4) lib_form_user.php, and (5) user.php in sw/lib_user/; (6) find_session.php and (7) session.php in sw/lib_session/; (8) comment.php and (9) lib_comment.php in sw/lib_comment/; and other unspecified PHP scripts. | 5.1 |
2006-10-12 | CVE-2006-5240 | Docmint | Remote File Include vulnerability in Docmint Required.php PHP remote file inclusion vulnerability in engine/require.php in Docmint 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the MY_ENV[BASE_ENGINE_LOC] parameter. | 5.1 |
2006-10-10 | CVE-2006-3875 | Microsoft | Remote Code Execution vulnerability in Microsoft Excel COLINFO Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867. | 5.1 |
2006-10-10 | CVE-2006-3868 | Microsoft | Remote Code Execution vulnerability in Microsoft Office Smart Tag Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag. | 5.1 |
2006-10-10 | CVE-2006-3867 | Microsoft | Remote Code Execution vulnerability in Microsoft Excel Lotus 1-2-3 File Handling Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875. | 5.1 |
2006-10-10 | CVE-2006-2387 | Microsoft | Remote Code Execution vulnerability in Microsoft Excel DATETIME Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875. | 5.1 |
2006-10-10 | CVE-2006-5220 | Objective Development | Code Injection vulnerability in Objective Development Webyep 1.1.9 Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ directory including (a) WYApplication.php, (b) WYDocument.php, (c) WYEditor.php, (d) WYElement.php, (e) WYFile.php, (f) WYHTMLTag.php, (g) WYImage.php, (h) WYLanguage.php, (i) WYLink.php, (j) WYPath.php, (k) WYPopupWindowLink.php, (l) WYSelectMenu.php, and (m) WYTextArea.php; (2) files in the programm/elements/ directory including (n) WYGalleryElement.php, (o) WYGuestbookElement.php, (p) WYImageElement.php, (q) WYLogonButtonElement.php, (r) WYLongTextElement.php, (s) WYLoopElement.php, (t) WYMenuElement.php, and (u) WYShortTextElement.php; and (3) programm/webyep.php. | 5.1 |
2006-10-10 | CVE-2006-5219 | Moodle | SQL Injection vulnerability in Moodle 1.6.2 SQL injection vulnerability in blog/index.php in the blog module in Moodle 1.6.2 allows remote attackers to execute arbitrary SQL commands via a double-encoded tag parameter. | 5.1 |
2006-10-10 | CVE-2006-5207 | Phpmyteam | Remote Security vulnerability in PHPmyteam 2.0 PHP remote file inclusion vulnerability in images/smileys/smileys_packs.php in phpMyTeam 2.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the smileys_dir parameter. | 5.1 |
2006-10-10 | CVE-2006-5203 | Invision Power Services | Cross-Site Scripting vulnerability in Invision Power Board Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel. | 5.1 |
2006-10-10 | CVE-2006-5191 | Phpbb | Code Injection vulnerability in PHPbb PHP remote file inclusion vulnerability in includes/functions_static_topics.php in the Nivisec Static Topics module for phpBB 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 5.1 |
2006-10-10 | CVE-2006-5186 | Phpmyprofiler | Remote File Include vulnerability in PHPMyProfiler Functions.PHP PHP remote file inclusion vulnerability in functions.php in phpMyProfiler 0.9.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pmp_rel_path parameter. | 5.1 |
2006-10-10 | CVE-2006-5169 | Powerportal | Cross-Site Scripting vulnerability in Powerportal 1.1 Cross-site scripting (XSS) vulnerability in John Himmelman (aka DaRk2k1) PowerPortal 1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to registering a user. | 5.1 |
2006-10-13 | CVE-2006-5286 | Novell | Remote Denial Of Service vulnerability in Novell Bordermanager 3.8 Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8 allows attackers to cause a denial of service (crash) via unknown attack vectors related to "VPN issues" for certain "IKE and IPsec settings." | 5.0 |
2006-10-12 | CVE-2006-5246 | Eazy Cart | Denial-Of-Service vulnerability in Eazy Cart Eazy Cart allows remote attackers to change prices and other critical fields via unspecified vectors to easycart.php, probably including the price parameter. | 5.0 |
2006-10-10 | CVE-2006-5200 | Adobe | Directory Traversal vulnerability in Adobe Breeze Unspecified vulnerability in Adobe Breeze 5 Licensed Server and Breeze 5.1 Licensed Server allows attackers to read arbitrary files via unknown vectors related to "URL parsing." | 5.0 |
2006-10-10 | CVE-2006-5212 | Trend Micro | Unspecified vulnerability in Trend Micro Officescan Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program. | 5.0 |
2006-10-10 | CVE-2006-5205 | Invision Power Services | Directory Traversal vulnerability in Invision Gallery Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. | 5.0 |
2006-10-10 | CVE-2006-5202 | Linksys | Authentication Bypass vulnerability in Linksys Wrt54G 1.00.9 Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559. | 5.0 |
2006-10-10 | CVE-2006-5197 | Pdshoppro | Information Disclosure vulnerability in Pdshoppro PDshopPro stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) /pdshoppro.mdb, (2) /data/pdshoppro.mdb, or (3) /shoppro/data/pdshoppro.mdb. | 5.0 |
2006-10-10 | CVE-2006-5188 | Webgeneius | Directory Traversal vulnerability in Webgeneius Goop Gallery 2.0.2 Directory traversal vulnerability in download.php in webGENEius GOOP Gallery 2.0.2 allows remote attackers to read or list data from certain files or directories via unspecified vectors. | 5.0 |
2006-10-12 | CVE-2006-4516 | Freebsd | Local Denial of Service vulnerability in Freebsd 6.0 Integer signedness error in FreeBSD 6.0-RELEASE allows local users to cause a denial of service (memory corruption and kernel panic) via a PT_LWPINFO ptrace command with a large negative data value that satisfies a signed maximum value check but is used in an unsigned copyout function call. | 4.9 |
2006-10-10 | CVE-2006-3978 | Adobe | Local Privilege Escalation vulnerability in Adobe Coldfusion 7.0/7.0.1/7.0.2 Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors. | 4.6 |
2006-10-10 | CVE-2006-5218 | Netbsd Openbsd | Local Integer Overflow vulnerability in OpenBSD Systrace STRIOCREPLACE Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to cause a denial of service (crash), gain privileges, or read arbitrary kernel memory via large numeric arguments to the systrace ioctl. | 4.6 |
2006-10-10 | CVE-2006-4927 | Symantec | Privilege Escalation vulnerability in Symantec AntiVirus IOCTL Kernel The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB. | 4.6 |
2006-10-12 | CVE-2006-5239 | Expblog | Cross-Site Scripting vulnerability in Expblog Multiple cross-site scripting (XSS) vulnerabilities in eXpBlog 0.3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the query string (PHP_SELF) in kalender.php or (2) the captcha_session_code parameter in pre_details.php. | 4.3 |
2006-10-10 | CVE-2006-3436 | Microsoft | Cross-Site Scripting vulnerability in Microsoft .Net Framework 2.0 Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true". | 4.3 |
2006-10-10 | CVE-2006-5194 | Net2Ftp | Cross-Site Scripting vulnerability in Net2Ftp 0.93 Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | 4.3 |
2006-10-10 | CVE-2006-5190 | Oscommerce | Cross-Site Scripting vulnerability in osCommerce Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, or (q) zones.php scripts in /admin, and the (2) zpage parameter in (r) admin/geo_zones.php. | 4.3 |
2006-10-10 | CVE-2006-5168 | Simon Brown | Cross-Site Scripting vulnerability in Simon Brown Pebble 2.0.0 Cross-site scripting (XSS) vulnerability in the search functionality in Simon Brown Pebble 2.0.0 RC1 and RC2 allows remote attackers to inject arbitrary web script or HTML via the query string. | 4.3 |
2006-10-10 | CVE-2006-5201 | SUN | Remote Security vulnerability in JRE Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1. | 4.0 |
8 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-10-12 | CVE-2006-4842 | Netscape SUN | Improper Input Validation vulnerability in multiple products The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files. | 3.6 |
2006-10-10 | CVE-2006-5213 | SUN | Local Insecure Permissions vulnerability in SUN Solaris 10.0 Sun Solaris 10 before 20061006 uses "incorrect and insufficient permission checks" that allow local users to intercept or spoof packets by creating a raw socket on a link aggregation (network device aggregation). | 3.6 |
2006-10-10 | CVE-2006-5229 | Openbsd Novell | Information Exposure vulnerability in Openbsd Openssh 4.1 OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. | 2.6 |
2006-10-10 | CVE-2006-4685 | Microsoft | Information Disclosure vulnerability in Microsoft XML Core Services and XML Parser The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains. | 2.6 |
2006-10-10 | CVE-2006-5215 | X ORG Netbsd SUN | Local Security vulnerability in NetBSD The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file. | 2.6 |
2006-10-10 | CVE-2006-5199 | Adobe | Local Information Disclosure vulnerability in Adobe Contribute Publishing Server Adobe Contribute Publishing Server leaks the administrator password in logs that are created during product installation, which allows local users to gain privileges to the server. | 2.1 |
2006-10-10 | CVE-2006-5204 | Invision Power Services | Cross-Site Scripting vulnerability in Invision Power Board Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin. | 2.1 |
2006-10-10 | CVE-2006-5214 | Netbsd SUN | Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users. | 1.2 |