Weekly Vulnerabilities Reports > October 30 to November 5, 2006

Overview

104 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 48 high severity vulnerabilities. This weekly summary report vulnerabilities in 99 products from 86 vendors including Sophos, SUN, EFS Software, IBM, and Microsoft. Vulnerabilities are notably categorized as "Resource Management Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", "Information Exposure", and "SQL Injection".

  • 91 reported vulnerabilities are remotely exploitables.
  • 29 reported vulnerabilities have public exploit available.
  • 3 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 102 reported vulnerabilities are exploitable by an anonymous user.
  • Sophos has the most reported vulnerabilities, with 4 reported vulnerabilities.
  • Suse has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

6 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-11-04 CVE-2006-5709 ALT N Remote Security vulnerability in Mdaemon

Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related to a "JavaScript exploit."

10.0
2006-11-03 CVE-2006-5675 Pentaho SQL Injection vulnerability in Pentaho Business Intelligence Suite 1.2Rc2

Multiple unspecified vulnerabilities in Pentaho Business Intelligence (BI) Suite before 1.2 RC3 (1.2.0.470-RC3) have unknown impact and attack vectors, related to "MySQL Scripts need changes for security," possibly SQL injection vulnerabilities associated with these scripts.

10.0
2006-11-03 CVE-2006-5657 Vilistextum Remote Denial of Service and Buffer Overflow vulnerability in Vilistextum

Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 have unknown impact and attack vectors.

10.0
2006-11-01 CVE-2006-5642 Nmnlogger Remote Security vulnerability in NmnLogger

Unspecified vulnerability in NmnLogger 1.0.0 and earlier has unknown impact and attack vectors related to configuration of mesasge drivers.

10.0
2006-10-31 CVE-2006-5616 Openpbs
Suse
Local and Remote vulnerability in OpenPBS

Multiple unspecified vulnerabilities in OpenPBS, as used in SUSE Linux 9.2 through 10.1, allow attackers to execute arbitrary code via unspecified vectors.

10.0
2006-10-31 CVE-2006-5611 Toshiba Remote Security vulnerability in Bluetooth Stack

Unspecified vulnerability in Toshiba Bluetooth Stack before 4.20.01 has unspecified impact and attack vectors, related to the 4.20.01(T) "Security fix." NOTE: due to the lack of details in the vendor advisory, it is not clear whether this issue is related to CVE-2006-5405.

10.0

48 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-11-01 CVE-2006-4517 Novell Resource Management Errors vulnerability in Novell Imanager

Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service (crash) in the Tomcat server via a long TREE parameter in an HTTP POST, which triggers a NULL pointer dereference.

7.8
2006-11-03 CVE-2006-5658 Studio Achtundachtzig Multiple vulnerability in Studio Achtundachtzig Bloomooweb Activex Control 1.0.9

BlooMooWeb ActiveX control (AidemATL.dll) allows remote attackers to (1) download arbitrary files via a URL in the bstrUrl parameter to the BW_DownloadFile method, (2) execute arbitrary local files via a file path in the bstrParams parameter to the BW_LaunchGame method, and (3) delete arbitrary files via a file path in the filePath parameter to the BW_DeleteTempFile method.

7.6
2006-11-04 CVE-2006-5723 Dataparksearch SQL Injection vulnerability in DataparkSearch Malformed Hostname

SQL injection vulnerability in DataparkSearch Engine 4.42 and earlier allows remote attackers to execute arbitrary SQL commands via a malformed hostname in a URL.

7.5
2006-11-04 CVE-2006-5720 Francisco Burzi SQL Injection vulnerability in PHP-Nuke Journal Module Search.PHP

SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter.

7.5
2006-11-04 CVE-2006-5719 Bytesfall Explorer SQL Injection vulnerability in Bytesfall Explorer Bytesfall Explorer 0.0.6

SQL injection vulnerability in libs/sessions.lib.php in BytesFall Explorer (bfExplorer) 0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, a different issue than CVE-2006-5606.

7.5
2006-11-04 CVE-2006-5710 Apple
Opendarwin
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The Airport driver for certain Orinoco based Airport cards in Darwin kernel 8.8.0 in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via an 802.11 probe response frame without any valid information element (IE) fields after the header, which triggers a heap-based buffer overflow.

7.5
2006-11-04 CVE-2006-5707 Phpeasydata PRO SQL Injection vulnerability in PHPEasyData

SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2006-11-04 CVE-2006-5465 PHP Buffer Overflow vulnerability in PHP HTMLEntities HTMLSpecialChars

Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.

7.5
2006-11-03 CVE-2006-5678 J Pierre Dezelus
Phpmyconferences
** DISPUTED ** PHP remote file inclusion vulnerability in common/visiteurs/include/library.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the lvc_modules_dir parameter.
7.5
2006-11-03 CVE-2006-5674 Minibb Remote Security vulnerability in MiniBB

Multiple PHP remote file inclusion vulnerabilities in miniBB 2.0.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter to (1) bb_func_forums.php, (2) bb_functions.php, or (3) the RSS plugin.

7.5
2006-11-03 CVE-2006-5672 Mysource CMS Remote File Include vulnerability in Retired: MySource CMS Init_Mysource.PHP

PHP remote file inclusion vulnerability in web/init_mysource.php in MySource CMS 2.16.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter.

7.5
2006-11-03 CVE-2006-5671 Free PHP Scripts Remote Security vulnerability in Free Image Hosting

PHP remote file inclusion vulnerability in contact.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.

7.5
2006-11-03 CVE-2006-5670 Free PHP Scripts Remote File Include vulnerability in Free Image Hosting Forgot_Pass.PHP

PHP remote file inclusion vulnerability in forgot_pass.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.

7.5
2006-11-03 CVE-2006-5669 Gepi Remote File Include vulnerability in Gepi 1.4.0

PHP remote file inclusion vulnerability in gestion/savebackup.php in Gepi 1.4.0 and earlier, and possibly other versions before 1.4.4, allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter.

7.5
2006-11-03 CVE-2006-5668 Ampache Information Disclosure vulnerability in Ampache Guest Account

Unspecified vulnerability in Ampache 3.3.2 and earlier, when register_globals is enabled, allows remote attackers to bypass security restrictions and gain guest access.

7.5
2006-11-03 CVE-2006-5667 P Book Remote Security vulnerability in P-Book

Multiple PHP remote file inclusion vulnerabilities in P-Book 1.17 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pb_lang parameter to (1) admin.php and (2) pbook.php.

7.5
2006-11-03 CVE-2006-5666 Asmir Alic SQL Injection vulnerability in Asmir Alic E Annu 1.0

SQL injection vulnerability in includes/menu.inc.php in E-Annu 1.0 allows remote attackers to execute arbitrary SQL commands via the login parameter.

7.5
2006-11-03 CVE-2006-5665 Spider Friendly Remote File Include vulnerability in PHPBB Spider Friendly Module PHPBB_ROOT_PATH Parameter

PHP remote file inclusion vulnerability in admin/modules_data.php in the phpBB module Spider Friendly 1.3.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

7.5
2006-11-03 CVE-2006-5662 Evandor SQL Injection vulnerability in Evandor Easy Notesmanager 0.0.1

SQL injection vulnerability in easy notesManager (eNM) 0.0.1 allows remote attackers to execute arbitrary SQL commands via (1) the username parameter in login.php and (2) a search on the "search page."

7.5
2006-11-03 CVE-2006-5660 Cisco Authentication Bypass vulnerability in Cisco Security Agent Management Center 5.1

Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 does not properly handle certain LDAP error messages, which allows remote attackers to bypass authentication requirements via an empty password when using an external LDAP server.

7.5
2006-11-03 CVE-2006-5655 Opendocman SQL Injection vulnerability in Opendocman 1.2P3

SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2006-11-01 CVE-2006-5641 Techno Dreams SQL Injection vulnerability in Techno Dreams Announcement MainAnnounce2.ASP

SQL injection vulnerability in MainAnnounce2.asp in Techno Dreams Announcement allows remote attackers to execute arbitrary SQL commands via the key parameter.

7.5
2006-11-01 CVE-2006-5640 Techno Dreams SQL Injection vulnerability in Techno Dreams Guestbook Guestbookview.ASP

SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.

7.5
2006-11-01 CVE-2006-5639 Openwbem Unspecified vulnerability in Openwbem 3.2

Unspecified vulnerability in the random number generator in OpenWBEM (Web Based Enterprise Management) 3.2.0 allows attackers to gain privileges via vectors related to "local or HTTP Digest authentication." This vulnerability is addressed in the following product release: OpenWBEM, OpenWBEM, 3.2.2

7.5
2006-11-01 CVE-2006-5638 Phpmyring SQL Injection vulnerability in PHPmyring 4.2

Multiple SQL injection vulnerabilities in cherche.php in PHPMyRing 4.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) limite and (2) mots parameters.

7.5
2006-11-01 CVE-2006-5637 FAQ Administrator Remote File Include vulnerability in FAQ Administrator FAQ Administrator 2.1B

PHP remote file inclusion vulnerability in faq_reply.php in Faq Administrator 2.1b allows remote attackers to execute arbitrary PHP code via a URL in the email parameter.

7.5
2006-11-01 CVE-2006-5635 WEB WIZ Forums SQL Injection vulnerability in Web Wiz Forum Search.ASP

SQL injection vulnerability in forum/search.asp in Web Wiz Forums allows remote attackers to execute arbitrary SQL commands via the KW parameter.

7.5
2006-10-31 CVE-2006-5630 Hosting Controller Remote Security vulnerability in Hosting Controller

Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to (1) delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and (2) create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum action in EnableForum.asp.

7.5
2006-10-31 CVE-2006-5629 Hosting Controller SQL Injection vulnerability in Hosting Controller Hosting Controller

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp.

7.5
2006-10-31 CVE-2006-5628 Unisor CMS SQL Injection vulnerability in Unisor CMS Login.ASP

SQL injection vulnerability in login.asp in UNISOR Content Management System (CMS) allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass fields.

7.5
2006-10-31 CVE-2006-5627 Qnecms Remote File Include vulnerability in QnECMS Adminfolderpath Parameter

Multiple PHP remote file inclusion vulnerabilities in QnECMS 2.5.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the adminfolderpath parameter to (1) headerscripts.php, (2) footerhome.php, and (3) footermain.php in admin/include/; (4) photogallery/headerscripts.php; and (5) footerhome.php, (6) footermain.php, (7) headermain.php, (8) sitemapfooter.php, and (9) sitemapheader.php in templates/.

7.5
2006-10-31 CVE-2006-5624 Mpcs Remote File Include vulnerability in Mpcs 0.5.0

Multiple PHP remote file inclusion vulnerabilities in Multi-Page Comment System (MPCS) 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) include.php or (2) functions.php.

7.5
2006-10-31 CVE-2006-5623 EE Tool Remote File Include vulnerability in EE Tool Ip.Inc.PHP

PHP remote file inclusion vulnerability in ip.inc.php in Electronic Engineering Tool (EE Tool) 0.4-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cgipath parameter.

7.5
2006-10-31 CVE-2006-5622 Coppermine SQL Injection vulnerability in Coppermine Photo Gallery 1.4.9

SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter.

7.5
2006-10-31 CVE-2006-5621 ASK Rave Code Injection vulnerability in ASK Rave ASK Rave

PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR, and other versions before 0.9b, allows remote attackers to execute arbitrary PHP code via a URL in the footfile parameter.

7.5
2006-10-31 CVE-2006-5620 Minibill Remote File Include vulnerability in Minibill 1.22/1.23

PHP remote file inclusion vulnerability in include/menu_builder.php in MiniBILL 2006-10-10 (1.2.3) and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[page_dir] parameter, a different vector than CVE-2006-4489.

7.5
2006-10-31 CVE-2006-5606 Bytesfall Explorer SQL Injection vulnerability in Bytesfall Explorer Bytesfall Explorer

Multiple SQL injection vulnerabilities in BytesFall Explorer (bfExplorer) 0.0.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the username ($User variable) to login/doLogin.php and other unspecified vectors.

7.5
2006-10-31 CVE-2006-5617 Thepeak Information Disclosure vulnerability in Thepeak File Upload Manager 1.3

Directory traversal vulnerability in index.php in Thepeak File Upload Manager 1.3 allows remote attackers to read or download arbitrary files via a base64-encoded file path containing a ..

7.5
2006-10-31 CVE-2006-5615 Textpattern Remote File Include vulnerability in Textpattern 1.19

PHP remote file inclusion vulnerability in publish.php in Textpattern 1.19, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the txpcfg[txpath] parameter.

7.5
2006-10-31 CVE-2006-5613 MP3 Streaming Downsampler Remote File Include vulnerability in MP3 Streaming Downsampler MP3 Streaming Downsampler 3.0

PHP remote file inclusion in Core/core.inc.php in MP3 Streaming DownSampler (mp3SDS) 3.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the fullpath parameter

7.5
2006-10-31 CVE-2006-5612 Michel Pradel Code Injection vulnerability in Michel Pradel Gestart Beta1

PHP remote file inclusion vulnerability in aide.php3 (aka aide.php) in GestArt beta 1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the aide parameter.

7.5
2006-10-31 CVE-2006-5610 Fully Modded Phpbb Remote Security vulnerability in Fully Modded PHPbb Fully Modded PHPbb 2021.4.40

PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

7.5
2006-10-30 CVE-2006-5608 Drupal SQL Injection vulnerability in Drupal Extended Tracker 4.7

SQL injection vulnerability in Extended Tracker (xtracker) 4.7 before 1.5.2.1 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "parameters from URLs."

7.5
2006-10-30 CVE-2006-5604 Phpcards File-Upload vulnerability in PHPcards 1.3

Directory traversal vulnerability in phpcards.header.php in phpCards 1.3 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2006-10-30 CVE-2006-5603 Snitz Communications SQL Injection vulnerability in Snitz Communications Snitz Forums 2000 3.4.06

SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter.

7.5
2006-11-04 CVE-2006-5706 PHP Local Security vulnerability in PHP

Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions.

7.2
2006-11-03 CVE-2006-5677 Cluster Resources Unspecified vulnerability in Cluster Resources Torque Resource Manager

resmom/start_exec.c in pbs_mom in TORQUE Resource Manager 2.0.0p8 and earlier allows local users to create arbitrary files via a symlink attack on (1) a job output file in /usr/spool/PBS/spool and possibly (2) a job file in /usr/spool/PBS/mom_priv/jobs.

7.2
2006-10-31 CVE-2006-4248 Acme Labs Unspecified vulnerability in Acme Labs Thttpd 2.25B

thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file.

7.2

45 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-11-03 CVE-2006-5673 Minibb Remote File Include vulnerability in MiniBB

PHP remote file inclusion vulnerability in bb_func_txt.php in miniBB 2.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter.

6.8
2006-11-03 CVE-2006-5661 Virtech Cross-Site Scripting vulnerability in Netquery NQUser.PHP

Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech Netquery allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

6.8
2006-11-01 CVE-2006-4704 Microsoft Code Execution vulnerability in Microsoft Visual Studio .Net 2005

Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."

6.8
2006-11-01 CVE-2006-5643 Foresite CMS Cross-Site Scripting vulnerability in Foresite CMS Index_2.PHP

Cross-site scripting (XSS) vulnerability in search_de.html in foresite CMS allows remote attackers to inject arbitrary web script or HTML via the query parameter.

6.8
2006-11-01 CVE-2006-5634 Phpprofiles Code Injection vulnerability in PHPprofiles

Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 Beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) reqpath parameter to (a) body.inc.php and (b) body_blog.inc.php in users/include/; or the (2) usrinc parameter in users/include/upload_ht.inc.php.

6.8
2006-10-31 CVE-2006-5632 IG Shop Cross-Site Scripting vulnerability in IG Shop IG Shop 1.4

Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-5631.

6.8
2006-10-31 CVE-2006-5631 IG Shop Cross-Site Scripting vulnerability in IG Shop IG Shop 1.4

Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via arbitrary query strings when the action parameter is not "1", as demonstrated using script in the action parameter, a different vulnerability than CVE-2006-5632.

6.8
2006-10-30 CVE-2006-5605 Phpcards Cross-Site Scripting vulnerability in PHPcards 1.3

Multiple cross-site scripting (XSS) vulnerabilities in phpcards.footer.php in phpCards 1.3 allow remote attackers to inject arbitrary web script or HTML via the CardFontFace parameter and other unspecified parameters.

6.8
2006-11-03 CVE-2006-5676 UNI Vert SQL-Injection vulnerability in PhpLeague

SQL injection vulnerability in consult/classement.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the champ parameter.

6.4
2006-11-01 CVE-2006-5647 Sophos Buffer Errors vulnerability in Sophos Anti-Virus and Endpoint Security

Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a malformed CHM file with a large name length in the CHM chunk header, aka "CHM name length memory consumption vulnerability."

6.4
2006-11-04 CVE-2006-5704 HP Unspecified vulnerability in HP Nonstop Server G06.29

HP NonStop Server G06.29, when running Standard Security T6533G06 before T6533G06^ABK, does not properly evaluate access permissions to OSS directories when no optional ACL entry exists, which allows local users to read arbitrary files.

6.2
2006-11-04 CVE-2006-5705 Wordpress Multiple Security vulnerability in WordPress 2.04

Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request.

6.0
2006-11-04 CVE-2006-5722 Middlebury College Remote Security vulnerability in Middlebury College Segue CMS 1.3.5/1.5.7/1.5.8

Multiple PHP remote file inclusion vulnerabilities in Segue CMS 1.5.9 and earlier, when magic_quotes_gpc is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the theme parameter to (1) themesettings.php or (2) index.php, a different vector than CVE-2006-5497.

5.1
2006-11-01 CVE-2006-5636 SWS Remote File Include vulnerability in Simple Website Software Common.PHP

PHP remote file inclusion vulnerability in common.php in Simple Website Software (SWS) 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SWSDIR parameter.

5.1
2006-10-31 CVE-2006-5625 NX Remote File Include vulnerability in NX N X Wcms 2002Prerelease1

PHP remote file inclusion vulnerability in wwwdev/nxheader.inc.php in N/X 2002 Professional Edition Web Content Management System (WCMS) 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the c[path] parameter.

5.1
2006-11-04 CVE-2006-5725 AEP Networks Information Exposure vulnerability in AEP Networks Smartgate SSL Server 4.3B

The SSL server in AEP Smartgate 4.3b allows remote attackers to determine existence of directories via a direct request for a directory URI, which returns different HTTP status codes for existing and non-existing directories.

5.0
2006-11-04 CVE-2006-5716 Freenews Remote File Include vulnerability in Freenews 2.1

Directory traversal vulnerability in aff_news.php in FreeNews 2.1 allows remote attackers to include local files via a ..

5.0
2006-11-04 CVE-2006-5715 EFS Software Cross-Site Scripting vulnerability in EFS Software Easy Address Book 1.2

Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of an HTTP GET request, which accesses the alternate data stream.

5.0
2006-11-04 CVE-2006-5714 EFS Software Information Disclosure and Input Validation vulnerability in EFS Software EFS web Server 4.0

Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of a HTTP GET request, which accesses the alternate data stream.

5.0
2006-11-04 CVE-2006-5711 ECI Telecom Information Disclosure vulnerability in ECI Telecom B-Focus ADSL2+ Combo332+ Wireless Router

ECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ Router allows remote attackers to read arbitrary files via a certain HTTP request, as demonstrated by a request for a router configuration file, related to the /html/defs/ URI.

5.0
2006-11-04 CVE-2006-5708 ALT N Denial-Of-Service vulnerability in Mdaemon

Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resulting in memory leaks.

5.0
2006-11-04 CVE-2006-5702 Tiki Information Exposure vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.5

Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages.

5.0
2006-11-04 CVE-2006-4521 Novell Denial of Service vulnerability in Novell Edirectory 8.8/8.8.1

The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service (invalid memory access) via a crafted login request.

5.0
2006-11-03 CVE-2006-5656 Vilistextum Resource Management Errors vulnerability in Vilistextum 2.6.6/2.6.7

Memory leak in the push_align function in src/util.c in Vilistextum before 2.6.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the tmp_align variable.

5.0
2006-11-01 CVE-2006-5646 Sophos Buffer Errors vulnerability in Sophos Anti-Virus and Endpoint Security

Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when archive scanning is enabled, allows remote attackers to trigger a denial of service (memory corruption) via a CHM file with an LZX decompression header that specifies a Window_size of 0.

5.0
2006-11-01 CVE-2006-5645 Sophos Resource Management Errors vulnerability in Sophos Anti-Virus and Endpoint Security

Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when "Enabled scanning of archives" is set, allows remote attackers to cause a denial of service (infinite loop) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero.

5.0
2006-11-01 CVE-2006-4839 Sophos Denial of Service and Memory Corruption vulnerability in Sophos Anti-Virus 5.1

Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections.

5.0
2006-10-31 CVE-2006-5633 Mozilla Denial of Service vulnerability in Mozilla Firefox Range Script Object

Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference.

5.0
2006-10-31 CVE-2006-5618 Netref Directory Traversal vulnerability in Netref 4

Directory traversal vulnerability in script/cat_for_aff.php in Netref 4 allows remote attackers to read arbitrary files via a ..

5.0
2006-10-30 CVE-2006-5609 Torrentflux Directory Traversal vulnerability in Torrentflux 2.1

Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows remote attackers to list arbitrary directories via "\.\./" sequences in the dir parameter.

5.0
2006-10-30 CVE-2006-5607 Inca Unspecified vulnerability in Inca Im-204 Adsl Router

Directory traversal vulnerability in /cgi-bin/webcm in INCA IM-204 allows remote attackers to read arbitrary files via a "/./." (modified dot dot) sequences in the getpage parameter.

5.0
2006-11-04 CVE-2006-5721 Agnitum Local Denial of Service vulnerability in Agnitum Outpost Firewall 4.0

The \Device\SandBox driver in Outpost Firewall PRO 4.0 (964.582.059) allows local users to cause a denial of service (system crash) via an invalid argument to the DeviceIoControl function that triggers an invalid memory operation.

4.9
2006-11-03 CVE-2006-5701 Linux
Redhat
Denial of Service vulnerability in Linux Kernel SquashFS Double Free

Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem.

4.9
2006-11-03 CVE-2006-5679 Freebsd Numeric Errors vulnerability in Freebsd 6.1

Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted UFS filesystem that causes invalid or large size parameters to be provided to the kmem_alloc function.

4.6
2006-11-03 CVE-2006-5664 IBM Local Security vulnerability in IBM products

The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files.

4.6
2006-11-03 CVE-2006-5663 IBM Local Security vulnerability in IBM products

IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts.

4.6
2006-11-04 CVE-2006-5718 Phpmyadmin Cross-Site Scripting vulnerability in PHPMyAdmin UTF-7 Encoding

Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data.

4.3
2006-11-04 CVE-2006-5717 Zend Cross-Site Scripting vulnerability in Zend Google Data Client Library Preview 0.2.0

Multiple cross-site scripting (XSS) vulnerabilities in Zend Google Data Client Library (ZendGData) Preview 0.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) basedemo.php and (2) calenderdemo.php in samples/, and other unspecified files.

4.3
2006-11-04 CVE-2006-5713 EFS Software Information Disclosure and Input Validation vulnerability in EFS Software EFS web Server 4.0

Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) author, (2) content, or (3) title parameters when posting a forum thread.

4.3
2006-11-04 CVE-2006-5712 Mirapoint HTML Injection vulnerability in Mirapoint Web Mail Expression()

Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated using the width style for an IMG element.

4.3
2006-11-04 CVE-2006-5703 Tiki Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.5

Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements.

4.3
2006-11-03 CVE-2006-5653 SUN Cross-Site Scripting vulnerability in SUN Java System Messenger Express 6

Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the error parameter.

4.3
2006-11-03 CVE-2006-5652 SUN HTML Injection vulnerability in iPlanet Messaging Server Messenger Express Expression()

Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element.

4.3
2006-10-31 CVE-2006-5626 Phpfaber Cross-Site Scripting vulnerability in phpFaber CMS

Cross-site scripting (XSS) vulnerability in cms_images/js/htmlarea/htmlarea.php in phpFaber Content Management System (CMS) before 1.3.36 on 20061026 allows remote attackers to inject arbitrary web script or HTML, probably via arbitrary parameters in the query string, as demonstrated with a vigilon parameter.

4.3
2006-11-03 CVE-2006-5654 SUN Denial-Of-Service vulnerability in Java System Web Server

Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (application crash) via unspecified vectors.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-10-31 CVE-2006-5614 Microsoft Remote Denial of Service vulnerability in Microsoft Windows NT Helper Components and Windows XP

Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference.

2.6
2006-11-04 CVE-2006-5724 Mirabilis Denial-Of-Service vulnerability in Mirabilis ICQ 2003Bbuild3916

Heap-based buffer overflow the "Answering Service" function in ICQ 2003b Build 3916 allows local users to cause a denial of service (application crash) via a long string in the "AwayMsg Presets" value in the ICQ\ICQPro\DefaultPrefs\Presets registry key.

2.1
2006-11-03 CVE-2006-5659 PAM Extern Local Security vulnerability in Pam Extern

PAM_extern before 0.2 sends a password as a command line argument, which allows local users to obtain the password by listing the command line arguments, such as ps.

2.1
2006-11-03 CVE-2006-5397 X ORG Unspecified vulnerability in X.Org Libx11 1.0.2/1.0.3

The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.

2.1
2006-10-31 CVE-2006-5619 Linux Resource Management Errors vulnerability in Linux Kernel

The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linux kernel 2.6 up to 2.6.18-stable allows local users to cause a denial of service (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for flowlabels.

2.1