Weekly Vulnerabilities Reports > October 23 to 29, 2006

Overview

147 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 63 high severity vulnerabilities. This weekly summary report vulnerabilities in 118 products from 102 vendors including Wireshark, Novell, HP, Postgresql, and Mozilla. Vulnerabilities are notably categorized as "Code Injection", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Resource Management Errors", and "Improper Input Validation".

  • 139 reported vulnerabilities are remotely exploitables.
  • 43 reported vulnerabilities have public exploit available.
  • 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 137 reported vulnerabilities are exploitable by an anonymous user.
  • Wireshark has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Novell has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

6 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-10-27 CVE-2006-5558 HP Local Format String vulnerability in HP-UX Software Distributor SWAsk

Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument.

10.0
2006-10-24 CVE-2006-4510 Novell Multiple vulnerability in Novell Edirectory 8.8/8.8.1

The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid free of unallocated memory.

10.0
2006-10-24 CVE-2006-4509 Novell Multiple vulnerability in Novell Edirectory 8.8/8.8.1

Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request.

10.0
2006-10-27 CVE-2006-5567 Nullsoft Remote Heap Overflow vulnerability in Nullsoft Winamp Ultravox

Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags.

9.3
2006-10-27 CVE-2006-5559 Microsoft Improper Input Validation vulnerability in Microsoft Data Access Components 2.5/2.7/2.8

The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.

9.3
2006-10-28 CVE-2006-5601 Xsupplicant Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xsupplicant

Stack-based buffer overflow in the eap_do_notify function in eap.c in xsupplicant before 1.2.6, and possibly other versions, allows remote authenticated users to execute arbitrary code via unspecified vectors.

9.0

63 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-10-26 CVE-2006-5553 Cisco Remote Port Scan Denial of Service vulnerability in Cisco products

Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as used by Unified CallManager (CUCM) and Unified Presence Server (CUPS), allows remote attackers to cause a denial of service (resource consumption) via a port scan with certain options.

7.8
2006-10-23 CVE-2006-5445 Digium Remote Denial of Service vulnerability in Asterisk Chan_Sip.c

Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary.

7.8
2006-10-28 CVE-2006-5597 Minihttp Authentication Bypass vulnerability in Minihttp web Forum File Sharing Sever Powerpack 4.0

join.asp in MiniHTTP Web Forum & File Server PowerPack 4.0 allows remote attackers to add or modify arbitrary user accounts via modified (1) frmMailBox and (2) frmUserPass parameters.

7.5
2006-10-28 CVE-2006-5596 AEP Networks Directory Traversal Information Disclosure vulnerability in AEP Networks Smartgate SSL Server 4.3B

Directory traversal vulnerability in the SSL server in AEP Smartgate 4.3b allows remote attackers to download arbitrary files via ..\ (dot dot backslash) sequences in an HTTP GET request.

7.5
2006-10-27 CVE-2006-5594 University OF British Columbia Remote Security vulnerability in Ipeer

PHP remote file inclusion vulnerability in University of British Columbia iPeer 2.0, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

7.5
2006-10-27 CVE-2006-5592 Pacos Drivers Authentication Bypass vulnerability in PacPoll Polllog Cookie

Admin/adpoll.asp in PacPoll 4.0 and earlier allows remote attackers to bypass authentication by setting the polllog cookie value to "xx".

7.5
2006-10-27 CVE-2006-5590 Articlebeach Remote File Include vulnerability in ArticleBeach Script

PHP remote file inclusion vulnerability in index.php in ArticleBeach Script 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

7.5
2006-10-27 CVE-2006-5589 Ledgersmb SQL Injection vulnerability in Ledgersmb 1.0.0

Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) OE.pm, (2) AM.pm, and (3) Form.pm.

7.5
2006-10-27 CVE-2006-5588 CMS Faethon Remote File Include vulnerability in CMS Faethon Mainpath Parameter

Multiple PHP remote file inclusion vulnerabilities in CMS Faethon 2.0 Ultimate and earlier, when register_globals and magic_quotes_gpc are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter to (1) includes/rss-reader.php or (2) admin/config.php, different vectors than CVE-2006-3185.

7.5
2006-10-27 CVE-2006-5587 Mdweb Remote File Include vulnerability in MDWeb

Multiple PHP remote file inclusion vulnerabilities in MDweb 1.3 and earlier (Mdweb132-postgres) allow remote attackers to execute arbitrary PHP code via a URL in the chemin_appli parameter in (1) admin/inc/organisations/form_org.inc.php and (2) admin/inc/organisations/country_insert.php.

7.5
2006-10-27 CVE-2006-5571 Kynoslogic Buffer Overflow vulnerability in Kynoslogic Cruiseworks 1.09C/1.09D

Stack-based buffer overflow in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to execute arbitrary code via a long string in the doc parameter.

7.5
2006-10-27 CVE-2006-5562 Open Source Technology Group Remote File Include vulnerability in Open Source Technology Group Sourceforge 1.0.4

PHP remote file inclusion vulnerability in include/database.php in SourceForge (aka alexandria) 1.0.4 allows remote attackers to execute arbitrary PHP code via the sys_dbtype parameter.

7.5
2006-10-27 CVE-2006-5561 Discuz SQL Injection vulnerability in Discuz GBK 5.0.0

SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows remote attackers to execute arbitrary SQL commands via the cdb_auth cookie.

7.5
2006-10-26 CVE-2006-5555 Epnadmin Remote Code Execution vulnerability in Epnadmin 0.7/0.7.1

PHP remote file inclusion vulnerability in constantes.inc.php in EPNadmin 0.7 and 0.7.1 allows remote attackers to execute arbitrary PHP code via the langage parameter.

7.5
2006-10-26 CVE-2006-5554 Blackdot Remote File Include vulnerability in ImageView

Directory traversal vulnerability in index.php in Imageview 5 allows remote attackers to read or execute arbitrary local files via a ..

7.5
2006-10-26 CVE-2006-5552 Revilloc Solutions Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Revilloc Solutions Revilloc Mailserver

Multiple heap-based buffer overflows in RevilloC MailServer 1.21 and earlier allow remote attackers to cause a denial of service (CPU consumption or application crash) or execute arbitrary code via a long argument to the (1) MAIL FROM or (2) RCPT TO command.

7.5
2006-10-26 CVE-2006-5551 Qksoft Remote Buffer Overflow vulnerability in QK SMTP

Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow remote attackers to execute arbitrary code via a long argument to the RCPT TO command.

7.5
2006-10-26 CVE-2006-5549 Adobe Unspecified vulnerability in Adobe PHP RIA SDK

** DISPUTED ** PHP remote file inclusion vulnerability in libraries/amfphp/amf-core/custom/CachedGateway.php in Adobe PHP SDK allows remote attackers to execute arbitrary PHP code via the AMFPHP_BASE parameter.

7.5
2006-10-26 CVE-2006-5548 Otscms Remote File Include vulnerability in Otscms 2.0.0

PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 2.0.0 through 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][directories][classes] parameter.

7.5
2006-10-26 CVE-2006-5547 Otscms Remote File Include vulnerability in Otscms 1.0.0

PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 1.0.0 through 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][otscms][directories][includes] parameter.

7.5
2006-10-26 CVE-2006-5539 Ueberproject Management System Remote File Include vulnerability in Uber Project Document Management System Secure.PHP

PHP remote file inclusion vulnerability in login/secure.php in UeberProject Management System 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfg[homepath] parameter.

7.5
2006-10-26 CVE-2006-5531 Ascended Development Remote File Include vulnerability in Ascended Guestbook Embedded.PHP

PHP remote file inclusion vulnerability in embedded.php in Ascended Guestbook 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter.

7.5
2006-10-26 CVE-2006-5527 Intelimen Remote File Include vulnerability in Intelimen Intelieditor 1.2.2.1

PHP remote file inclusion vulnerability in lib.editor.inc.php in Intelimen InteliEditor 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the sys_path parameter.

7.5
2006-10-26 CVE-2006-5526 Fully Modded Phpbb Remote Security vulnerability in Fully Modded Phpbb

Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40 and earlier, allow remote attackers to execute arbitrary PHP code via a URL in the foing_root_path parameter in (a) faq.php, (b) index.php, (c) list.php, (d) login.php, (e) playlist.php, (f) song.php, (g) gen_m3u.php, (h) view_artist.php, (i) view_song.php, (j) flash/set_na.php, (k) flash/initialise.php, (l) flash/get_song.php, (m) includes/common.php, (n) admin/nav.php, (o) admin/main.php, (p) admin/list_artists.php, (q) admin/index.php, (r) admin/genres.php, (s) admin/edit_artist.php, (t) admin/edit_album.php, (u) admin/config.php, and (v) admin/admin_status.php in player/, different vectors than CVE-2006-3045.

7.5
2006-10-26 CVE-2006-5523 EZ Ticket Remote File Include vulnerability in Ez-Ticket 0.0.1

PHP remote file inclusion vulnerability in common.php in EZ-Ticket 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ezt_root_path parameter.

7.5
2006-10-26 CVE-2006-5522 Johannes Erdfelt Remote File Include vulnerability in Kawf Main.PHP

Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt Kawf 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config parameter in (1) main.php or (2) user/account/main.php.

7.5
2006-10-26 CVE-2006-5521 NET DNS Remote File Include vulnerability in Net_DNS RR.PHP

PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter.

7.5
2006-10-26 CVE-2006-5520 Deltascripts Remote File Include vulnerability in Deltascripts PHP Classifieds 7.1

PHP remote file inclusion vulnerability in functions.php in DeltaScripts PHP Classifieds 7.1 allows remote attackers to execute arbitrary PHP code via a URL in the set_path parameter.

7.5
2006-10-26 CVE-2006-5518 Christopher Fowler Remote File Include vulnerability in RSSonate

Multiple PHP remote file inclusion vulnerabilities in Christopher Fowler (Rhode Island) RSSonate allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) xml2rss.php, (2) config_local.php, (3) rssonate.php, and (4) sql2xml.php in Src/getFeed/inc/.

7.5
2006-10-26 CVE-2006-5517 Rhode Island Secretary OF State Code Injection vulnerability in Rhode Island Secretary of State Open Meetings Filing System

Multiple PHP remote file inclusion vulnerabilities in Rhode Island Open Meetings Filing Application (OMFA) allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) editmeetings/session.php, (2) email/session.php, (3) entityproperties/session.php, or (4) inc/mail.php.

7.5
2006-10-26 CVE-2006-5514 WEB Group Communication Center SQL Injection vulnerability in Web Group Communication Center Quiz.PHP

SQL injection vulnerability in quiz.php in Web Group Communication Center (WGCC) 0.5.6b and earlier allows remote attackers to execute arbitrary SQL commands via the qzid parameter.

7.5
2006-10-26 CVE-2006-5513 Geonetwork SQL Injection vulnerability in GeoNetwork Opensource Login

SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allows remote attackers to execute arbitrary SQL commands, and complete a login, via unspecified vectors.

7.5
2006-10-25 CVE-2006-5382 3Com Information Disclosure vulnerability in 3Com Superstack 3 Switch 4400 Firmware5.11/Firmware6.00

3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted management packets on the device" that cause the community string to be returned.

7.5
2006-10-25 CVE-2006-5509 Woltlab Unspecified vulnerability in Woltlab Burning Book 1.1.2

Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter.

7.5
2006-10-25 CVE-2006-5508 Woltlab SQL-Injection vulnerability in Woltlab Burning Book 1.1.2

Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via (1) the n parameter and (2) the User-Agent HTTP header.

7.5
2006-10-25 CVE-2006-5507 DER Dirigent Code Injection vulnerability in DER Dirigent DER Dirigent 1.0.3

Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (DeDi) 1.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_dedi[dedi_path] parameter in (1) find.php, (2) insert_line.php, (3) fullscreen.php, (4) changecase.php, (5) insert_link.php, (6) insert_table.php, (7) table_cellprop.php, (8) table_prop.php, (9) table_rowprop.php, (10) insert_page.php, and possibly insert_marquee.php in backend/external/wysiswg/popups/.

7.5
2006-10-25 CVE-2006-5506 Wiclear Code Injection vulnerability in Wiclear 0.10

Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 allow remote attackers to execute arbitrary PHP code via the path parameter in (1) inc/prepend.inc.php, (2) inc/lib/boxes.lib.php, (3) inc/lib/tools.lib.php, (4) tools/trackback/index.php, and (5) tools/utf8conversion/index.php in admin/; and (6) prepend.inc.php, (7) lib/boxes.lib.php, and (8) lib/history.lib.php in inc/.

7.5
2006-10-25 CVE-2006-5505 Ben3W Remote File Include vulnerability in Ben3W 2Bgal 3.0

Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote attackers to execute arbitrary PHP code via the lang parameter to (1) admin/configuration.inc.php, (2) admin/creer_album.inc.php, (3) admin/changepwd.php.inc, and unspecified other files.

7.5
2006-10-25 CVE-2006-5502 AOL Buffer Overflow vulnerability in AOL 9.0

Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the AddPictureNoAlbum method, a different vulnerability than CVE-2006-5501.

7.5
2006-10-25 CVE-2006-5501 AOL Buffer Overflow vulnerability in AOL 9.0

Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the downloadFileDirectory property, a different vulnerability than CVE-2006-5502.

7.5
2006-10-25 CVE-2006-5498 Middlebury College File-Upload vulnerability in Segue Cms

Directory traversal vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a ..

7.5
2006-10-25 CVE-2006-5497 Middlebury College Remote File Include vulnerability in Segue CMS Themesdir

PHP remote file inclusion vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter.

7.5
2006-10-25 CVE-2006-5495 Trawler Remote File Include vulnerability in Trawler Web CMS

Multiple PHP remote file inclusion vulnerabilities in Trawler Web CMS 1.8.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_red2 parameter to (a) _msdazu_pdata/redaktion/artikel/up/index.php; (b) addtort.php, (c) colorpik2.php, (d) colorpik3.php, (e) extras_menu.php, (f) farbpalette.php, (g) lese_inc.php, and (h) newfile.php in _msdazu_share/richtext/; the (2) path_scr_dat2 parameter to (i)_msdazu_share/share/insert1.php; the (3) path_red parameter to (j) _msdazu_share/extras/downloads/index.php; and unspecified parameters in other files.

7.5
2006-10-25 CVE-2006-5494 Phpnuke Code Injection vulnerability in PHPnuke PHP-Nuke 8.0

Multiple PHP remote file inclusion vulnerabilities in modules/My_eGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke allow remote attackers to execute arbitrary PHP code via a URL in the (1) adminpath or (2) basepath parameters.

7.5
2006-10-25 CVE-2006-5493 Digitalhive Remote File Include vulnerability in Digitalhive 2.0Rc2

PHP remote file inclusion vulnerability in template/purpletech/base_include.php in DigitalHive 2.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

7.5
2006-10-25 CVE-2006-5491 Ceary SQL Injection vulnerability in Ceary Ultracms 0.9

Multiple SQL injection vulnerabilities in include/index.php in UltraCMS 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.

7.5
2006-10-25 CVE-2006-5490 Middlebury College SQL Injection vulnerability in Segue CMS

Multiple SQL injection vulnerabilities in Segue Content Management System (CMS) before 1.5.8 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2006-10-25 CVE-2006-5488 Xchangeboard SQL Injection vulnerability in Xchangeboard 1.70

SQL injection vulnerability in XchangeBoard 1.70, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginNick parameter during login.

7.5
2006-10-24 CVE-2006-5485 Speedberg Remote File Include vulnerability in Speedberg 1.2Beta1

Multiple PHP remote file inclusion vulnerabilities in SpeedBerg 1.2beta1 allow remote attackers to execute arbitrary PHP code via a URL in the SPEEDBERG_PATH parameter to (1) entrancePage.tpl.php, (2) generalToolBox.tlb.php, (3) myToolBox.tlb.php, (4) scriplet.inc.php, (5) simplePage.tpl.php, (6) speedberg.class.php, and (7) standardPage.tpl.php.

7.5
2006-10-24 CVE-2006-5481 Castor Code Injection vulnerability in Castor 1.1.1

Multiple PHP remote file inclusion vulnerabilities in 2le.net Castor PHP Web Builder 1.1.1 allow remote attackers to execute arbitrary PHP code via the rootpath parameter in (1) lib/code.php, (2) lib/dbconnect.php, (3) lib/error.php, (4) lib/menu.php, and other unspecified files.

7.5
2006-10-24 CVE-2006-5478 Novell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Edirectory

Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a .

7.5
2006-10-24 CVE-2006-5476 Drupal Cross-Site Request Forgery vulnerability in Drupal

Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors.

7.5
2006-10-24 CVE-2006-5474 Oneorzero Information Disclosure vulnerability in Oneorzero Helpdesk 1.6/1.6.3/1.6.4

The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current timestamp with the username, which allows remote attackers to gain access as an arbitrary user by requesting a password reset.

7.5
2006-10-24 CVE-2006-5473 Softerra Unspecified vulnerability in Softerra PHP Developer Library

** DISPUTED ** PHP remote file inclusion vulnerability in Description.php in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the lib_dir parameter.

7.5
2006-10-24 CVE-2006-5472 Softerra Remote Security vulnerability in PHP Developer Library

PHP remote file inclusion vulnerability in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter in (1) lib/registry.lib.php, (2) lib/sqlcompose.lib.php, and (3) lib/sqlsearch.lib.php.

7.5
2006-10-24 CVE-2006-5471 Softerra Remote File Include vulnerability in Softerra PHP Developer Library Grid3.lib.PHP

PHP remote file inclusion vulnerability in example/lib/grid3.lib.php in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the (1) cfg_dir and (2) lib_dir parameters.

7.5
2006-10-24 CVE-2006-4177 Novell Remote Heap Overflow vulnerability in Novell eDirectory NCP Packet Processing

Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended.

7.5
2006-10-23 CVE-2006-5460 Hinton Design Unspecified vulnerability in Hinton Design PHPht Topsites 1.0

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Hinton Design phpht Topsites allow remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter to (1) index.php, (2) certain other scripts in the top-level directory, and (3) certain scripts in the admin/ directory.

7.5
2006-10-23 CVE-2006-5459 Alex Remote Security vulnerability in DownloadEngine

Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) $_ENGINE[eng_dir] and possibly (2) spaw_root parameters in admin/includes/spaw/spaw_script.js.php, and the (3) $_ENGINE[eng_dir], (4) $spaw_root, (5) $spaw_dir, and (6) $spaw_base_url parameters in admin/includes/spaw/config/spaw_control.config.php, different vectors than CVE-2006-5291.

7.5
2006-10-23 CVE-2006-5458 Hinton Design Remote File Include vulnerability in PHPHT Topsites Common.PHP

PHP remote file inclusion vulnerability in common.php in Hinton Design phpht Topsites allows remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter.

7.5
2006-10-23 CVE-2006-5450 Kinesis SQL Injection vulnerability in Retired: Kinesis Interactive Cinema System Index.ASP

SQL injection vulnerability in index.asp in Kinesis Interactive Cinema System (KICS) CMS allows remote attackers to execute arbitrary SQL commands via the (1) txtUsername (user) or (2) txtPassword (pass) parameters.

7.5
2006-10-23 CVE-2006-5448 Microsoft Unspecified vulnerability in Microsoft Windows Digital Rights Management

The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers "memory corruption" and possibly a buffer overflow.

7.5
2006-10-23 CVE-2006-5444 Digium Remote Buffer Overflow vulnerability in Asterisk Chan_Skinny

Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.

7.5

69 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-10-26 CVE-2006-5532 Xoops Cross-Site Scripting vulnerability in Xoops Rmsoft Gallery System 2.0

Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT Gallery System 2.0 allows remote attackers to inject arbitrary web script or HTML via the kw parameter.

6.8
2006-10-26 CVE-2006-5524 Phplist Unspecified vulnerability in PHPlist 2.10.2

Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter.

6.8
2006-10-26 CVE-2006-5519 Mambweather Code Injection vulnerability in Mambweather

PHP remote file inclusion vulnerability in Savant2/Savant2_Plugin_options.php in the MambWeather 1.8.1 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2006-10-25 CVE-2006-5499 Serendipity Cross-Site Scripting vulnerability in Serendipity Administration Page

Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page.

6.8
2006-10-24 CVE-2006-5475 Drupal Cross-Site Scripting vulnerability in Drupal

Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.

6.8
2006-10-27 CVE-2006-5593 NEO Japan Remote Buffer Overflow vulnerability in Desknet's

Buffer overflow in Desknet's (niokeru) before 5.0J R1.0 might allow remote authenticated users to execute arbitrary code via unspecified vectors.

6.5
2006-10-23 CVE-2006-5449 Horde Unspecified vulnerability in Horde Ingo H3

procmail in Ingo H3 before 1.1.2 Horde module allows remote authenticated users to execute arbitrary commands via shell metacharacters in the mailbox destination of a filter rule.

6.5
2006-10-27 CVE-2006-5569 Datawizard Remote vulnerability in Datawizard Ftpxq 3.0.1

FtpXQ Server 3.0.1 installs with two default testing accounts, which allows remote attackers to read or write arbitrary files via unknown vectors.

6.4
2006-10-26 CVE-2006-5544 Microsoft Unspecified vulnerability in Microsoft IE 7.0

Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL.

6.4
2006-10-25 CVE-2006-5510 Bluevirus Design Local File Include vulnerability in PH Pexplorer Language

Directory traversal vulnerability in explorer_load_lang.php in PH Pexplorer 0.24 allows remote attackers to include arbitrary local files via ".." sequences in the Language cookie, as demonstrated by uploading a .gif file that contains PHP code.

6.4
2006-10-28 CVE-2006-4513 Wvware Integer Overflow vulnerability in wvWare

Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function.

5.1
2006-10-26 CVE-2006-5546 Otscms Remote File Include vulnerability in OTSCMS OTSCMS.PHP

PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 1.3.0 through 1.4.1 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][otscms][directories][classes] parameter.

5.1
2006-10-26 CVE-2006-5543 Pgosd Remote File Include vulnerability in PGOSD Function.PHP3

PHP remote file inclusion vulnerability in misc/function.php3 in PHP Generator of Object SQL Database (PGOSD), when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

5.1
2006-10-26 CVE-2006-5533 Aroundme Remote Security vulnerability in AROUNDMe

Multiple PHP remote file inclusion vulnerabilities in AROUNDMe 0.6.9, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the templatePath parameter in template/barnraiser_01/pol_view.tpl.php and other unspecified PHP scripts, a different vector than CVE-2006-5401.

5.1
2006-10-26 CVE-2006-5529 Schoolalumni Portal Input Validation vulnerability in Schoolalumni Portal Schoolalumni Portal 2.26

Cross-site scripting (XSS) vulnerability in smumdadotcom_ascyb_alumni/mod.php in SchoolAlumni Portal 2.26 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the katalog module.

5.1
2006-10-26 CVE-2006-5525 Phpnuke SQL Injection vulnerability in PHP-Nuke Encyclopedia Module

Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php.

5.1
2006-10-25 CVE-2006-5500 Xchangeboard SQL-Injection vulnerability in XChangeboard

Multiple SQL injection vulnerabilities in the checkUser function in inc/DBInterface.php in XchangeBoard 1.70 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) userNick or (2) password parameters.

5.1
2006-10-24 CVE-2006-5480 Castor Code Injection vulnerability in Castor PHP web Builder 1.1.1

PHP remote file inclusion vulnerability in lib/rs.php in 2le.net Castor PHP Web Builder 1.1.1 allows remote attackers to execute arbitrary PHP code via the rootpath parameter.

5.1
2006-10-23 CVE-2006-5456 Graphicsmagick
Imagemagick
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.

5.1
2006-10-23 CVE-2006-5446 Casinosoft SQL Injection vulnerability in Casinosoft Casino Script 3.2

SQL injection vulnerability in lobby/config.php in Casinosoft Casino Script (aka Masvet) 3.2 allows remote attackers to execute arbitrary SQL commands via the cfam parameter.

5.1
2006-10-28 CVE-2006-5595 Wireshark Remote Security vulnerability in Wireshark

Unspecified vulnerability in the AirPcap support in Wireshark (formerly Ethereal) 0.99.3 has unspecified attack vectors related to WEP key parsing.

5.0
2006-10-28 CVE-2006-5469 Wireshark Protocol Dissectors Denial of Service vulnerability in Wireshark

Unspecified vulnerability in the WBXML dissector in Wireshark (formerly Ethereal) 0.10.11 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger a null dereference.

5.0
2006-10-28 CVE-2006-4574 Wireshark Protocol Dissectors Denial of Service vulnerability in Wireshark

Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values.

5.0
2006-10-27 CVE-2006-5740 Wireshark Protocol Dissectors Denial of Service vulnerability in Wireshark 0.99.3

Unspecified vulnerability in the LDAP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via a crafted LDAP packet.

5.0
2006-10-27 CVE-2006-5468 Wireshark Protocol Dissectors Denial of Service vulnerability in Wireshark 0.99.3

Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors.

5.0
2006-10-27 CVE-2006-4805 Wireshark Protocol Dissectors Denial of Service vulnerability in Wireshark

epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded.

5.0
2006-10-27 CVE-2006-5591 Pacos Drivers SQL Injection vulnerability in PacPoll Check.ASP

Multiple SQL injection vulnerabilities in Admin/check.asp in PacPoll 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters.

5.0
2006-10-27 CVE-2006-5467 Yukihiro Matsumoto Resource Management Errors vulnerability in Yukihiro Matsumoto Ruby 1.8

The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID.

5.0
2006-10-27 CVE-2006-5570 Kynoslogic Directory Traversal vulnerability in Kynoslogic Cruiseworks 1.09C/1.09D

Directory traversal vulnerability in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to read arbitrary files via a ..

5.0
2006-10-27 CVE-2006-5568 Datawizard Resource Management Errors vulnerability in Datawizard Ftpxq 3.0.1

FtpXQ Server 3.0.1 allows remote attackers to cause a denial of service (CPU exhaustion) via a long MKD command.

5.0
2006-10-27 CVE-2006-5566 Webasyst LLC HTTP Response Splitting vulnerability in Shop-Script

CRLF injection vulnerability in premium/index.php in Shop-Script allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the (1) links_exchange, (2) news, (3) search_with_change_category_ability, (4) logging, (5) feedback, (6) show_price, (7) register, (8) answer, (9) productID, and (10) inside parameters.

5.0
2006-10-27 CVE-2006-5565 Maxdev HTTP Response Splitting vulnerability in MAXdev MD-Pro

CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the (1) name, (2) file, (3) module, and (4) func parameters in (a) index.php; and the (5) file parameter in (b) modules.php.

5.0
2006-10-27 CVE-2006-5563 Yahoo Remote Buffer Overflow vulnerability in Yahoo Messenger 8.0

Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted room name in a Conference Invite.

5.0
2006-10-26 CVE-2006-5545 Symantec Unspecified vulnerability in Symantec Mail Security 5.1.0

Premium Antispam in Symantec Mail Security for Domino Server 5.1.x before 5.1.2.28 does not filter certain SMTP address formats, which allows remote attackers to use the product as a spam relay.

5.0
2006-10-26 CVE-2006-5538 D Link Remote Security vulnerability in D-Link Dsl-G624T 3.00B01T01.Yac.20060616

D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to list contents of the cgi-bin directory via unspecified vectors, probably a direct request.

5.0
2006-10-26 CVE-2006-5536 D Link Information Disclosure vulnerability in D-Link Dsl-G624T Firmware3.00B01T01.Yac.20060616

Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a ..

5.0
2006-10-26 CVE-2006-5528 Schoolalumni Portal Input Validation vulnerability in Schoolalumni Portal Schoolalumni Portal 2.26

Directory traversal vulnerability in mod.php in SchoolAlumni Portal 2.26 allows remote attackers to include and execute arbitrary local files via a ..

5.0
2006-10-25 CVE-2006-5489 RIM Denial-Of-Service vulnerability in Blackberry Enterprise Server

Research in Motion (RIM) BlackBerry Enterprise Server 4.1 SP2 before Hotfix 1 for IBM Lotus Domino might allow attackers with meeting organizer privileges to cause a denial of service (application hang) via a deleted recurrent meeting instance when changing the attendee's calendar meeting time.

5.0
2006-10-24 CVE-2006-5484 SSH Remote Security vulnerability in Tectia Client

SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.

5.0
2006-10-24 CVE-2006-5479 Novell Denial-Of-Service vulnerability in eDirectory

The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment." This vulnerability is addressed in the following product release: Novell, eDirectory, 8.7.3.8 FTF1

5.0
2006-10-23 CVE-2006-5454 Mozilla Input Validation and Information disclosure vulnerability in Mozilla Bugzilla

Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in "diff" mode in attachment.cgi, and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi.

5.0
2006-10-23 CVE-2006-5443 Xiao Gang Remote Security vulnerability in Www Interactive Mathematics Server

Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Server (WIMS) before 3.60 allows remote attackers to modify unspecified data via unspecified vectors involving "variable rights." This vulnerability is addressed in the following product release: XIAO Gang, WWW Interactive Mathematics Server, 3.60

5.0
2006-10-26 CVE-2006-5550 Freebsd
Openbsd
Local Denial of Service vulnerability in FreeBSD Crypto

The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certain ioctl requests to /dev/crypto.

4.9
2006-10-27 CVE-2006-5557 HP Local Buffer Overflow vulnerability in HP Hp-Ux 11.00/11.11/11.4

Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument.

4.6
2006-10-27 CVE-2006-5556 HP Local Buffer Overflow vulnerability in HP Hp-Ux 11.00/11.11/11.4

Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable.

4.6
2006-10-23 CVE-2006-5452 HP Buffer Overflow vulnerability in HP Hp-Ux and Tru64

Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX B.11.00 through B.11.23 allows local users to execute arbitrary code via a long -a (aka attachment) argument.

4.6
2006-10-28 CVE-2006-5599 Oracle Cross-Site Scripting vulnerability in Oracle Apex 2.2

Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package.

4.3
2006-10-28 CVE-2006-5598 Webgeneius Cross-Site Scripting vulnerability in Webgenius Goop Gallery 2.0/2.0.1/2.0.2

Cross-site scripting (XSS) vulnerability in index.php for GOOP Gallery 2.0, and possibly other versions before 2.0.3, allows remote attackers to inject arbitrary HTML or web script via the image parameter.

4.3
2006-10-27 CVE-2006-5564 Maxdev Cross-Site Scripting vulnerability in MAXdev MD-Pro User.PHP

Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter.

4.3
2006-10-27 CVE-2006-5560 Boesch IT Consulting Cross-Site Scripting vulnerability in Boesch It-Consulting Progsys

Cross-site scripting (XSS) vulnerability in heading.php in Boesch ProgSys 0.151 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php, and unspecified vectors related to certain other files.

4.3
2006-10-26 CVE-2006-5537 D Link Cross-Site Scripting vulnerability in D-Link Dsl-G624T Firmware3.00B01T01.Yac.20060616

Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection parameters.

4.3
2006-10-26 CVE-2006-5535 Cpanel Cross-Site Scripting vulnerability in Cpanel 10.9.0R50

Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate.

4.3
2006-10-26 CVE-2006-5534 Zwahlen Informatik Cross-Site Scripting vulnerability in Zwahlen Informatik Online Shop

Multiple cross-site scripting (XSS) vulnerabilities in index.htm in Zwahlen Online Shop Freeware 5.2.2.50, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) Kat, (3) id, or (4) no parameters.

4.3
2006-10-26 CVE-2006-5530 Boesch IT Consulting Cross-Site Scripting vulnerability in Boesch It-Consulting Simpnews 2.0.1/2.13/2.30

Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews before 2.34.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/index.php, (2) admin/pwlost.php, and unspecified other files.

4.3
2006-10-26 CVE-2006-5516 Wikini HTML-Injection vulnerability in Wikini 0.4.2/0.4.3

Multiple cross-site scripting (XSS) vulnerabilities in actions/usersettings.php in WikiNi before 0.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters to wakka.php.

4.3
2006-10-26 CVE-2006-5515 Phpadsnew
Phppgads
Cross-Site Scripting vulnerability in phpAdsNew

Cross-site scripting (XSS) vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to injected data that is stored by a delivery script and displayed by the admin interface.

4.3
2006-10-25 CVE-2006-5512 Zwahlen Informatik Cross-Site Scripting vulnerability in Zwahlen's Online Shop Cat Parameter

Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen Online Shop allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

4.3
2006-10-25 CVE-2006-5504 Simple Machines Cross-Site Scripting vulnerability in Simple Machines Forum

Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter.

4.3
2006-10-25 CVE-2006-5503 Simple Machines Cross-Site Scripting vulnerability in Simple Machines Simple Machines Forum 1.1Rc2

Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) 1.1 RC2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

4.3
2006-10-25 CVE-2006-5496 Timothy Claason Cross-Site Scripting vulnerability in Timothy Claason Knowledgebank 1.01

Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason KnowledgeBank 1.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) index.php, (2) addknowledge.php, and (3) addscreenshot.php.

4.3
2006-10-24 CVE-2006-5486 SUN Cross-Site Scripting vulnerability in SUN products

Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages.

4.3
2006-10-23 CVE-2006-3455 Symantec Local Privilege Escalation vulnerability in Symantec Client Security and Norton Antivirus

The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function.

4.3
2006-10-23 CVE-2006-5457 Casinosoft Cross-Site Scripting vulnerability in Casinosoft Casino Script 3.2

Multiple cross-site scripting (XSS) vulnerabilities in the registration form in Casinosoft Casino Script (Masvet) 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) surname field.

4.3
2006-10-23 CVE-2006-5447 DEV Cross-Site Scripting vulnerability in DEV web Management System 1.5

Cross-site scripting (XSS) vulnerability in index.php in DEV Web Management System (WMS) 1.5 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

4.3
2006-10-28 CVE-2006-5602 Xsupplicant Denial-Of-Service vulnerability in Xsupplicant

Multiple memory leaks in xsupplicant before 1.2.6, and possibly other versions, allow attackers to cause a denial of service (memory consumption) via unspecified vectors.

4.0
2006-10-26 CVE-2006-5542 Postgresql Local Denial of Service vulnerability in PostgreSQL

backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) related to duration logging of V3-protocol Execute messages for (1) COMMIT and (2) ROLLBACK SQL statements.

4.0
2006-10-26 CVE-2006-5541 Postgresql Local Denial of Service vulnerability in PostgreSQL

backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0.x before 8.0.9, and 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via a coercion of an unknown element to ANYARRAY.

4.0
2006-10-26 CVE-2006-5540 Postgresql Local Denial of Service vulnerability in PostgreSQL

backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."

4.0
2006-10-25 CVE-2006-5492 Maarch Information Disclosure vulnerability in Maarch View Documents

Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 allows remote authenticated users to obtain sensitive information (document contents) via unspecified attack vectors related to "grants."

4.0

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-10-23 CVE-2006-5453 Mozilla Input Validation and Information disclosure vulnerability in Mozilla Bugzilla

Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi.

3.5
2006-10-25 CVE-2006-5511 Jaxultrabb HTML Injection vulnerability in Jaxultrabb 2.0

Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script, HTML, or PHP via the contents parameter, whose value is prepended to the file specified by the forum parameter.

2.6
2006-10-24 CVE-2006-5477 Drupal Cross-Site Scripting vulnerability in Drupal

Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL.

2.6
2006-10-24 CVE-2006-4573 GNU Denial of Service vulnerability in GNU Screen

Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.

2.6
2006-10-23 CVE-2006-5455 Mozilla Input Validation and Information disclosure vulnerability in Mozilla Bugzilla

Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL.

2.6
2006-10-23 CVE-2006-5451 Torrentflux Cross-Site Scripting vulnerability in Torrentflux 2.1

Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) file, and (3) users array variables in (a) admin.php, which are not properly handled when the administrator views the Activity Log; and the (4) torrent parameter, as used by the displayName variable, in (b) startpop.php, different vectors than CVE-2006-5227.

2.6
2006-10-28 CVE-2006-5600 Axalto Local Information Disclosure vulnerability in Axalto Protiva 1.1

Axalto Protiva 1.1, possibly only non-commercial versions, stores passwords in plaintext in files with insecure permissions, which allows local users to gain privileges by reading the passwords from (1) KeyTool\keytool.config or (2) webapps\protiva\WEB-INF\classes\authserver.config.

2.1
2006-10-24 CVE-2006-5483 Freebsd Local Denial of Service vulnerability in Freebsd 6.1

p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by setting a scheduler policy, which should only be settable by root.

2.1
2006-10-24 CVE-2006-5482 Freebsd Denial-Of-Service vulnerability in Freebsd 6.1

ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by calling the ftruncate function on a file type that is not VREG, VLNK or VDIR, which is not defined in POSIX.

2.1