Weekly Vulnerabilities Reports > October 30 to November 5, 2006
Overview
101 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 47 high severity vulnerabilities. This weekly summary report vulnerabilities in 96 products from 83 vendors including Sophos, SUN, EFS Software, Microsoft, and IBM. Vulnerabilities are notably categorized as "Resource Management Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", "Information Exposure", and "SQL Injection".
- 90 reported vulnerabilities are remotely exploitables.
- 29 reported vulnerabilities have public exploit available.
- 3 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 99 reported vulnerabilities are exploitable by an anonymous user.
- Sophos has the most reported vulnerabilities, with 4 reported vulnerabilities.
- Suse has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
6 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-11-04 | CVE-2006-5709 | ALT N | Remote Security vulnerability in Mdaemon Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related to a "JavaScript exploit." | 10.0 |
2006-11-03 | CVE-2006-5675 | Pentaho | SQL Injection vulnerability in Pentaho Business Intelligence Suite 1.2Rc2 Multiple unspecified vulnerabilities in Pentaho Business Intelligence (BI) Suite before 1.2 RC3 (1.2.0.470-RC3) have unknown impact and attack vectors, related to "MySQL Scripts need changes for security," possibly SQL injection vulnerabilities associated with these scripts. | 10.0 |
2006-11-03 | CVE-2006-5657 | Vilistextum | Remote Denial of Service and Buffer Overflow vulnerability in Vilistextum Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 have unknown impact and attack vectors. | 10.0 |
2006-11-01 | CVE-2006-5642 | Nmnlogger | Remote Security vulnerability in NmnLogger Unspecified vulnerability in NmnLogger 1.0.0 and earlier has unknown impact and attack vectors related to configuration of mesasge drivers. | 10.0 |
2006-10-31 | CVE-2006-5616 | Openpbs Suse | Local and Remote vulnerability in OpenPBS Multiple unspecified vulnerabilities in OpenPBS, as used in SUSE Linux 9.2 through 10.1, allow attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2006-10-31 | CVE-2006-5611 | Toshiba | Remote Security vulnerability in Bluetooth Stack Unspecified vulnerability in Toshiba Bluetooth Stack before 4.20.01 has unspecified impact and attack vectors, related to the 4.20.01(T) "Security fix." NOTE: due to the lack of details in the vendor advisory, it is not clear whether this issue is related to CVE-2006-5405. | 10.0 |
47 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-11-01 | CVE-2006-4517 | Novell | Resource Management Errors vulnerability in Novell Imanager Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service (crash) in the Tomcat server via a long TREE parameter in an HTTP POST, which triggers a NULL pointer dereference. | 7.8 |
2006-11-03 | CVE-2006-5658 | Studio Achtundachtzig | Multiple vulnerability in Studio Achtundachtzig Bloomooweb Activex Control 1.0.9 BlooMooWeb ActiveX control (AidemATL.dll) allows remote attackers to (1) download arbitrary files via a URL in the bstrUrl parameter to the BW_DownloadFile method, (2) execute arbitrary local files via a file path in the bstrParams parameter to the BW_LaunchGame method, and (3) delete arbitrary files via a file path in the filePath parameter to the BW_DeleteTempFile method. | 7.6 |
2006-11-04 | CVE-2006-5723 | Dataparksearch | SQL Injection vulnerability in DataparkSearch Malformed Hostname SQL injection vulnerability in DataparkSearch Engine 4.42 and earlier allows remote attackers to execute arbitrary SQL commands via a malformed hostname in a URL. | 7.5 |
2006-11-04 | CVE-2006-5720 | Francisco Burzi | SQL Injection vulnerability in PHP-Nuke Journal Module Search.PHP SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter. | 7.5 |
2006-11-04 | CVE-2006-5719 | Bytesfall Explorer | SQL Injection vulnerability in Bytesfall Explorer Bytesfall Explorer 0.0.6 SQL injection vulnerability in libs/sessions.lib.php in BytesFall Explorer (bfExplorer) 0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, a different issue than CVE-2006-5606. | 7.5 |
2006-11-04 | CVE-2006-5710 | Apple Opendarwin | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The Airport driver for certain Orinoco based Airport cards in Darwin kernel 8.8.0 in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via an 802.11 probe response frame without any valid information element (IE) fields after the header, which triggers a heap-based buffer overflow. | 7.5 |
2006-11-04 | CVE-2006-5707 | Phpeasydata PRO | SQL Injection vulnerability in PHPEasyData SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
2006-11-04 | CVE-2006-5465 | PHP | Buffer Overflow vulnerability in PHP HTMLEntities HTMLSpecialChars Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions. | 7.5 |
2006-11-03 | CVE-2006-5674 | Minibb | Remote Security vulnerability in MiniBB Multiple PHP remote file inclusion vulnerabilities in miniBB 2.0.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter to (1) bb_func_forums.php, (2) bb_functions.php, or (3) the RSS plugin. | 7.5 |
2006-11-03 | CVE-2006-5672 | Mysource CMS | Remote File Include vulnerability in Retired: MySource CMS Init_Mysource.PHP PHP remote file inclusion vulnerability in web/init_mysource.php in MySource CMS 2.16.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter. | 7.5 |
2006-11-03 | CVE-2006-5671 | Free PHP Scripts | Remote Security vulnerability in Free Image Hosting PHP remote file inclusion vulnerability in contact.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. | 7.5 |
2006-11-03 | CVE-2006-5670 | Free PHP Scripts | Remote File Include vulnerability in Free Image Hosting Forgot_Pass.PHP PHP remote file inclusion vulnerability in forgot_pass.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. | 7.5 |
2006-11-03 | CVE-2006-5669 | Gepi | Remote File Include vulnerability in Gepi 1.4.0 PHP remote file inclusion vulnerability in gestion/savebackup.php in Gepi 1.4.0 and earlier, and possibly other versions before 1.4.4, allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. | 7.5 |
2006-11-03 | CVE-2006-5668 | Ampache | Information Disclosure vulnerability in Ampache Guest Account Unspecified vulnerability in Ampache 3.3.2 and earlier, when register_globals is enabled, allows remote attackers to bypass security restrictions and gain guest access. | 7.5 |
2006-11-03 | CVE-2006-5667 | P Book | Remote Security vulnerability in P-Book Multiple PHP remote file inclusion vulnerabilities in P-Book 1.17 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pb_lang parameter to (1) admin.php and (2) pbook.php. | 7.5 |
2006-11-03 | CVE-2006-5666 | Asmir Alic | SQL Injection vulnerability in Asmir Alic E Annu 1.0 SQL injection vulnerability in includes/menu.inc.php in E-Annu 1.0 allows remote attackers to execute arbitrary SQL commands via the login parameter. | 7.5 |
2006-11-03 | CVE-2006-5665 | Spider Friendly | Remote File Include vulnerability in PHPBB Spider Friendly Module PHPBB_ROOT_PATH Parameter PHP remote file inclusion vulnerability in admin/modules_data.php in the phpBB module Spider Friendly 1.3.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
2006-11-03 | CVE-2006-5662 | Evandor | SQL Injection vulnerability in Evandor Easy Notesmanager 0.0.1 SQL injection vulnerability in easy notesManager (eNM) 0.0.1 allows remote attackers to execute arbitrary SQL commands via (1) the username parameter in login.php and (2) a search on the "search page." | 7.5 |
2006-11-03 | CVE-2006-5660 | Cisco | Authentication Bypass vulnerability in Cisco Security Agent Management Center 5.1 Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 does not properly handle certain LDAP error messages, which allows remote attackers to bypass authentication requirements via an empty password when using an external LDAP server. | 7.5 |
2006-11-03 | CVE-2006-5655 | Opendocman | SQL Injection vulnerability in Opendocman 1.2P3 SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2006-11-01 | CVE-2006-5641 | Techno Dreams | SQL Injection vulnerability in Techno Dreams Announcement MainAnnounce2.ASP SQL injection vulnerability in MainAnnounce2.asp in Techno Dreams Announcement allows remote attackers to execute arbitrary SQL commands via the key parameter. | 7.5 |
2006-11-01 | CVE-2006-5640 | Techno Dreams | SQL Injection vulnerability in Techno Dreams Guestbook Guestbookview.ASP SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. | 7.5 |
2006-11-01 | CVE-2006-5639 | Openwbem | Unspecified vulnerability in Openwbem 3.2 Unspecified vulnerability in the random number generator in OpenWBEM (Web Based Enterprise Management) 3.2.0 allows attackers to gain privileges via vectors related to "local or HTTP Digest authentication." This vulnerability is addressed in the following product release: OpenWBEM, OpenWBEM, 3.2.2 | 7.5 |
2006-11-01 | CVE-2006-5638 | Phpmyring | SQL Injection vulnerability in PHPmyring 4.2 Multiple SQL injection vulnerabilities in cherche.php in PHPMyRing 4.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) limite and (2) mots parameters. | 7.5 |
2006-11-01 | CVE-2006-5637 | FAQ Administrator | Remote File Include vulnerability in FAQ Administrator FAQ Administrator 2.1B PHP remote file inclusion vulnerability in faq_reply.php in Faq Administrator 2.1b allows remote attackers to execute arbitrary PHP code via a URL in the email parameter. | 7.5 |
2006-11-01 | CVE-2006-5635 | WEB WIZ Forums | SQL Injection vulnerability in Web Wiz Forum Search.ASP SQL injection vulnerability in forum/search.asp in Web Wiz Forums allows remote attackers to execute arbitrary SQL commands via the KW parameter. | 7.5 |
2006-10-31 | CVE-2006-5630 | Hosting Controller | Remote Security vulnerability in Hosting Controller Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to (1) delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and (2) create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum action in EnableForum.asp. | 7.5 |
2006-10-31 | CVE-2006-5629 | Hosting Controller | SQL Injection vulnerability in Hosting Controller Hosting Controller Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. | 7.5 |
2006-10-31 | CVE-2006-5628 | Unisor CMS | SQL Injection vulnerability in Unisor CMS Login.ASP SQL injection vulnerability in login.asp in UNISOR Content Management System (CMS) allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass fields. | 7.5 |
2006-10-31 | CVE-2006-5627 | Qnecms | Remote File Include vulnerability in QnECMS Adminfolderpath Parameter Multiple PHP remote file inclusion vulnerabilities in QnECMS 2.5.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the adminfolderpath parameter to (1) headerscripts.php, (2) footerhome.php, and (3) footermain.php in admin/include/; (4) photogallery/headerscripts.php; and (5) footerhome.php, (6) footermain.php, (7) headermain.php, (8) sitemapfooter.php, and (9) sitemapheader.php in templates/. | 7.5 |
2006-10-31 | CVE-2006-5624 | Mpcs | Remote File Include vulnerability in Mpcs 0.5.0 Multiple PHP remote file inclusion vulnerabilities in Multi-Page Comment System (MPCS) 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) include.php or (2) functions.php. | 7.5 |
2006-10-31 | CVE-2006-5623 | EE Tool | Remote File Include vulnerability in EE Tool Ip.Inc.PHP PHP remote file inclusion vulnerability in ip.inc.php in Electronic Engineering Tool (EE Tool) 0.4-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cgipath parameter. | 7.5 |
2006-10-31 | CVE-2006-5622 | Coppermine | SQL Injection vulnerability in Coppermine Photo Gallery 1.4.9 SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter. | 7.5 |
2006-10-31 | CVE-2006-5621 | ASK Rave | Code Injection vulnerability in ASK Rave ASK Rave PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR, and other versions before 0.9b, allows remote attackers to execute arbitrary PHP code via a URL in the footfile parameter. | 7.5 |
2006-10-31 | CVE-2006-5620 | Minibill | Remote File Include vulnerability in Minibill 1.22/1.23 PHP remote file inclusion vulnerability in include/menu_builder.php in MiniBILL 2006-10-10 (1.2.3) and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[page_dir] parameter, a different vector than CVE-2006-4489. | 7.5 |
2006-10-31 | CVE-2006-5606 | Bytesfall Explorer | SQL Injection vulnerability in Bytesfall Explorer Bytesfall Explorer Multiple SQL injection vulnerabilities in BytesFall Explorer (bfExplorer) 0.0.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the username ($User variable) to login/doLogin.php and other unspecified vectors. | 7.5 |
2006-10-31 | CVE-2006-5617 | Thepeak | Information Disclosure vulnerability in Thepeak File Upload Manager 1.3 Directory traversal vulnerability in index.php in Thepeak File Upload Manager 1.3 allows remote attackers to read or download arbitrary files via a base64-encoded file path containing a .. | 7.5 |
2006-10-31 | CVE-2006-5615 | Textpattern | Remote File Include vulnerability in Textpattern 1.19 PHP remote file inclusion vulnerability in publish.php in Textpattern 1.19, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the txpcfg[txpath] parameter. | 7.5 |
2006-10-31 | CVE-2006-5613 | MP3 Streaming Downsampler | Remote File Include vulnerability in MP3 Streaming Downsampler MP3 Streaming Downsampler 3.0 PHP remote file inclusion in Core/core.inc.php in MP3 Streaming DownSampler (mp3SDS) 3.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the fullpath parameter | 7.5 |
2006-10-31 | CVE-2006-5612 | Michel Pradel | Code Injection vulnerability in Michel Pradel Gestart Beta1 PHP remote file inclusion vulnerability in aide.php3 (aka aide.php) in GestArt beta 1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the aide parameter. | 7.5 |
2006-10-31 | CVE-2006-5610 | Fully Modded Phpbb | Remote Security vulnerability in Fully Modded PHPbb Fully Modded PHPbb 2021.4.40 PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
2006-10-30 | CVE-2006-5608 | Drupal | SQL Injection vulnerability in Drupal Extended Tracker 4.7 SQL injection vulnerability in Extended Tracker (xtracker) 4.7 before 1.5.2.1 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "parameters from URLs." | 7.5 |
2006-10-30 | CVE-2006-5604 | Phpcards | File-Upload vulnerability in PHPcards 1.3 Directory traversal vulnerability in phpcards.header.php in phpCards 1.3 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2006-10-30 | CVE-2006-5603 | Snitz Communications | SQL Injection vulnerability in Snitz Communications Snitz Forums 2000 3.4.06 SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. | 7.5 |
2006-11-04 | CVE-2006-5706 | PHP | Local Security vulnerability in PHP Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. | 7.2 |
2006-11-03 | CVE-2006-5677 | Cluster Resources | Unspecified vulnerability in Cluster Resources Torque Resource Manager resmom/start_exec.c in pbs_mom in TORQUE Resource Manager 2.0.0p8 and earlier allows local users to create arbitrary files via a symlink attack on (1) a job output file in /usr/spool/PBS/spool and possibly (2) a job file in /usr/spool/PBS/mom_priv/jobs. | 7.2 |
2006-10-31 | CVE-2006-4248 | Acme Labs | Unspecified vulnerability in Acme Labs Thttpd 2.25B thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file. | 7.2 |
45 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-11-03 | CVE-2006-5673 | Minibb | Remote File Include vulnerability in MiniBB PHP remote file inclusion vulnerability in bb_func_txt.php in miniBB 2.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter. | 6.8 |
2006-11-03 | CVE-2006-5661 | Virtech | Cross-Site Scripting vulnerability in Netquery NQUser.PHP Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech Netquery allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. | 6.8 |
2006-11-01 | CVE-2006-4704 | Microsoft | Code Execution vulnerability in Microsoft Visual Studio .Net 2005 Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability." | 6.8 |
2006-11-01 | CVE-2006-5643 | Foresite CMS | Cross-Site Scripting vulnerability in Foresite CMS Index_2.PHP Cross-site scripting (XSS) vulnerability in search_de.html in foresite CMS allows remote attackers to inject arbitrary web script or HTML via the query parameter. | 6.8 |
2006-11-01 | CVE-2006-5634 | Phpprofiles | Code Injection vulnerability in PHPprofiles Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 Beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) reqpath parameter to (a) body.inc.php and (b) body_blog.inc.php in users/include/; or the (2) usrinc parameter in users/include/upload_ht.inc.php. | 6.8 |
2006-10-31 | CVE-2006-5632 | IG Shop | Cross-Site Scripting vulnerability in IG Shop IG Shop 1.4 Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-5631. | 6.8 |
2006-10-31 | CVE-2006-5631 | IG Shop | Cross-Site Scripting vulnerability in IG Shop IG Shop 1.4 Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via arbitrary query strings when the action parameter is not "1", as demonstrated using script in the action parameter, a different vulnerability than CVE-2006-5632. | 6.8 |
2006-10-30 | CVE-2006-5605 | Phpcards | Cross-Site Scripting vulnerability in PHPcards 1.3 Multiple cross-site scripting (XSS) vulnerabilities in phpcards.footer.php in phpCards 1.3 allow remote attackers to inject arbitrary web script or HTML via the CardFontFace parameter and other unspecified parameters. | 6.8 |
2006-11-03 | CVE-2006-5676 | UNI Vert | SQL-Injection vulnerability in PhpLeague SQL injection vulnerability in consult/classement.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the champ parameter. | 6.4 |
2006-11-01 | CVE-2006-5647 | Sophos | Buffer Errors vulnerability in Sophos Anti-Virus and Endpoint Security Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a malformed CHM file with a large name length in the CHM chunk header, aka "CHM name length memory consumption vulnerability." | 6.4 |
2006-11-04 | CVE-2006-5704 | HP | Unspecified vulnerability in HP Nonstop Server G06.29 HP NonStop Server G06.29, when running Standard Security T6533G06 before T6533G06^ABK, does not properly evaluate access permissions to OSS directories when no optional ACL entry exists, which allows local users to read arbitrary files. | 6.2 |
2006-11-04 | CVE-2006-5705 | Wordpress | Multiple Security vulnerability in WordPress 2.04 Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request. | 6.0 |
2006-11-04 | CVE-2006-5722 | Middlebury College | Remote Security vulnerability in Middlebury College Segue CMS 1.3.5/1.5.7/1.5.8 Multiple PHP remote file inclusion vulnerabilities in Segue CMS 1.5.9 and earlier, when magic_quotes_gpc is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the theme parameter to (1) themesettings.php or (2) index.php, a different vector than CVE-2006-5497. | 5.1 |
2006-11-01 | CVE-2006-5636 | SWS | Remote File Include vulnerability in Simple Website Software Common.PHP PHP remote file inclusion vulnerability in common.php in Simple Website Software (SWS) 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SWSDIR parameter. | 5.1 |
2006-10-31 | CVE-2006-5625 | NX | Remote File Include vulnerability in NX N X Wcms 2002Prerelease1 PHP remote file inclusion vulnerability in wwwdev/nxheader.inc.php in N/X 2002 Professional Edition Web Content Management System (WCMS) 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the c[path] parameter. | 5.1 |
2006-11-04 | CVE-2006-5725 | AEP Networks | Information Exposure vulnerability in AEP Networks Smartgate SSL Server 4.3B The SSL server in AEP Smartgate 4.3b allows remote attackers to determine existence of directories via a direct request for a directory URI, which returns different HTTP status codes for existing and non-existing directories. | 5.0 |
2006-11-04 | CVE-2006-5716 | Freenews | Remote File Include vulnerability in Freenews 2.1 Directory traversal vulnerability in aff_news.php in FreeNews 2.1 allows remote attackers to include local files via a .. | 5.0 |
2006-11-04 | CVE-2006-5715 | EFS Software | Cross-Site Scripting vulnerability in EFS Software Easy Address Book 1.2 Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of an HTTP GET request, which accesses the alternate data stream. | 5.0 |
2006-11-04 | CVE-2006-5714 | EFS Software | Information Disclosure and Input Validation vulnerability in EFS Software EFS web Server 4.0 Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of a HTTP GET request, which accesses the alternate data stream. | 5.0 |
2006-11-04 | CVE-2006-5711 | ECI Telecom | Information Disclosure vulnerability in ECI Telecom B-Focus ADSL2+ Combo332+ Wireless Router ECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ Router allows remote attackers to read arbitrary files via a certain HTTP request, as demonstrated by a request for a router configuration file, related to the /html/defs/ URI. | 5.0 |
2006-11-04 | CVE-2006-5708 | ALT N | Denial-Of-Service vulnerability in Mdaemon Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resulting in memory leaks. | 5.0 |
2006-11-04 | CVE-2006-5702 | Tiki | Information Exposure vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.5 Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages. | 5.0 |
2006-11-04 | CVE-2006-4521 | Novell | Denial of Service vulnerability in Novell Edirectory 8.8/8.8.1 The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service (invalid memory access) via a crafted login request. | 5.0 |
2006-11-03 | CVE-2006-5656 | Vilistextum | Resource Management Errors vulnerability in Vilistextum 2.6.6/2.6.7 Memory leak in the push_align function in src/util.c in Vilistextum before 2.6.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the tmp_align variable. | 5.0 |
2006-11-01 | CVE-2006-5646 | Sophos | Buffer Errors vulnerability in Sophos Anti-Virus and Endpoint Security Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when archive scanning is enabled, allows remote attackers to trigger a denial of service (memory corruption) via a CHM file with an LZX decompression header that specifies a Window_size of 0. | 5.0 |
2006-11-01 | CVE-2006-5645 | Sophos | Resource Management Errors vulnerability in Sophos Anti-Virus and Endpoint Security Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when "Enabled scanning of archives" is set, allows remote attackers to cause a denial of service (infinite loop) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero. | 5.0 |
2006-11-01 | CVE-2006-4839 | Sophos | Denial of Service and Memory Corruption vulnerability in Sophos Anti-Virus 5.1 Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections. | 5.0 |
2006-10-31 | CVE-2006-5633 | Mozilla | Denial of Service vulnerability in Mozilla Firefox Range Script Object Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. | 5.0 |
2006-10-31 | CVE-2006-5618 | Netref | Directory Traversal vulnerability in Netref 4 Directory traversal vulnerability in script/cat_for_aff.php in Netref 4 allows remote attackers to read arbitrary files via a .. | 5.0 |
2006-10-30 | CVE-2006-5609 | Torrentflux | Directory Traversal vulnerability in Torrentflux 2.1 Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows remote attackers to list arbitrary directories via "\.\./" sequences in the dir parameter. | 5.0 |
2006-10-30 | CVE-2006-5607 | Inca | Unspecified vulnerability in Inca Im-204 Adsl Router Directory traversal vulnerability in /cgi-bin/webcm in INCA IM-204 allows remote attackers to read arbitrary files via a "/./." (modified dot dot) sequences in the getpage parameter. | 5.0 |
2006-11-04 | CVE-2006-5721 | Agnitum | Local Denial of Service vulnerability in Agnitum Outpost Firewall 4.0 The \Device\SandBox driver in Outpost Firewall PRO 4.0 (964.582.059) allows local users to cause a denial of service (system crash) via an invalid argument to the DeviceIoControl function that triggers an invalid memory operation. | 4.9 |
2006-11-03 | CVE-2006-5701 | Linux Redhat | Denial of Service vulnerability in Linux Kernel SquashFS Double Free Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem. | 4.9 |
2006-11-03 | CVE-2006-5679 | Freebsd | Numeric Errors vulnerability in Freebsd 6.1 Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted UFS filesystem that causes invalid or large size parameters to be provided to the kmem_alloc function. | 4.6 |
2006-11-03 | CVE-2006-5664 | IBM | Local Security vulnerability in IBM products The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files. | 4.6 |
2006-11-03 | CVE-2006-5663 | IBM | Local Security vulnerability in IBM products IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts. | 4.6 |
2006-11-04 | CVE-2006-5718 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPMyAdmin UTF-7 Encoding Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data. | 4.3 |
2006-11-04 | CVE-2006-5717 | Zend | Cross-Site Scripting vulnerability in Zend Google Data Client Library Preview 0.2.0 Multiple cross-site scripting (XSS) vulnerabilities in Zend Google Data Client Library (ZendGData) Preview 0.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) basedemo.php and (2) calenderdemo.php in samples/, and other unspecified files. | 4.3 |
2006-11-04 | CVE-2006-5713 | EFS Software | Information Disclosure and Input Validation vulnerability in EFS Software EFS web Server 4.0 Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) author, (2) content, or (3) title parameters when posting a forum thread. | 4.3 |
2006-11-04 | CVE-2006-5712 | Mirapoint | HTML Injection vulnerability in Mirapoint Web Mail Expression() Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated using the width style for an IMG element. | 4.3 |
2006-11-04 | CVE-2006-5703 | Tiki | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.5 Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements. | 4.3 |
2006-11-03 | CVE-2006-5653 | SUN | Cross-Site Scripting vulnerability in SUN Java System Messenger Express 6 Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the error parameter. | 4.3 |
2006-11-03 | CVE-2006-5652 | SUN | HTML Injection vulnerability in iPlanet Messaging Server Messenger Express Expression() Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. | 4.3 |
2006-10-31 | CVE-2006-5626 | Phpfaber | Cross-Site Scripting vulnerability in phpFaber CMS Cross-site scripting (XSS) vulnerability in cms_images/js/htmlarea/htmlarea.php in phpFaber Content Management System (CMS) before 1.3.36 on 20061026 allows remote attackers to inject arbitrary web script or HTML, probably via arbitrary parameters in the query string, as demonstrated with a vigilon parameter. | 4.3 |
2006-11-03 | CVE-2006-5654 | SUN | Denial-Of-Service vulnerability in Java System Web Server Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (application crash) via unspecified vectors. | 4.0 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-10-31 | CVE-2006-5614 | Microsoft | Remote Denial of Service vulnerability in Microsoft Windows NT Helper Components and Windows XP Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference. | 2.6 |
2006-11-04 | CVE-2006-5724 | Mirabilis | Denial-Of-Service vulnerability in Mirabilis ICQ 2003Bbuild3916 Heap-based buffer overflow the "Answering Service" function in ICQ 2003b Build 3916 allows local users to cause a denial of service (application crash) via a long string in the "AwayMsg Presets" value in the ICQ\ICQPro\DefaultPrefs\Presets registry key. | 2.1 |
2006-11-03 | CVE-2006-5659 | PAM Extern | Local Security vulnerability in Pam Extern PAM_extern before 0.2 sends a password as a command line argument, which allows local users to obtain the password by listing the command line arguments, such as ps. | 2.1 |