Weekly Vulnerabilities Reports > November 6 to 12, 2006

Overview

134 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 53 high severity vulnerabilities. This weekly summary report vulnerabilities in 104 products from 91 vendors including Mozilla, Enlightenment, Freewebshop, Punbb, and Aiocp. Vulnerabilities are notably categorized as "Code Injection", "Resource Management Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", and "Cross-site Scripting".

  • 115 reported vulnerabilities are remotely exploitables.
  • 41 reported vulnerabilities have public exploit available.
  • 6 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 128 reported vulnerabilities are exploitable by an anonymous user.
  • Mozilla has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Proftpd Project has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-11-10 CVE-2006-5487 Marshal Path Traversal vulnerability in Marshal Mailmarshal Smtp 2006/5.0/6.0

Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via ".." sequences in filenames in an ARJ compressed archive.

10.0
2006-11-08 CVE-2006-5815 Proftpd Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Proftpd Project Proftpd

Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit." An off-by-one string manipulation flaw in ProFTPD's sreplace() function exists allowing a remote attacker to execute arbitrary code.

10.0
2006-11-08 CVE-2006-5809 Jonathon J Freeman Remote Security vulnerability in Jonathon J. Freeman Ovbb 0.10A/0.11A/0.12A

Multiple unspecified vulnerabilities in Jonathon J.

10.0

53 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-11-09 CVE-2006-5782 HP Unspecified vulnerability in HP Openview Client Configuraton Manager

radexecd.exe in HP OpenView Client Configuraton Manager (CCM) does not require authentication before executing commands in the installation directory, which allows remote attackers to cause a denial of service (reboot) by calling radbootw.exe or create arbitrary files by calling radcrecv.

7.8
2006-11-07 CVE-2006-5783 Mozilla Unspecified vulnerability in Mozilla Firefox 1.5.0.7

** DISPUTED ** Firefox 1.5.0.7 on Kubuntu Linux allows remote attackers to cause a denial of service (crash) via a long URL in an A tag.

7.8
2006-11-06 CVE-2006-5745 Microsoft Remote Code Execution vulnerability in Microsoft XML Core Services 4.0

Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.

7.6
2006-11-11 CVE-2006-5865 Damien Benier Code Injection vulnerability in Damien Benier Myalbum

PHP remote file inclusion vulnerability in language.inc.php in MyAlbum 3.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the langs_dir parameter.

7.5
2006-11-11 CVE-2006-5863 Otterware Remote File Include vulnerability in LetterIt Session.PHP

PHP remote file inclusion vulnerability in inc/session.php for LetterIt 2 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.

7.5
2006-11-10 CVE-2006-5821 Citrix Remote vulnerability in Citrix Metaframe and Metaframe Presentation Server

Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption.

7.5
2006-11-10 CVE-2006-5850 Essen Remote Buffer Overflow vulnerability in Essen Essentia web Server 2.15

Stack-based buffer overflow in Essentia Web Server 2.15 for Windows allows remote attackers to execute arbitrary code via a long URI, as demonstrated by a GET or HEAD request.

7.5
2006-11-10 CVE-2006-5849 Irayoblog Remote Security vulnerability in Irayoblog 0.2.4Alpha

PHP remote file inclusion vulnerability in inc/irayofuncs.php in IrayoBlog alpha-0.2.4 allows remote attackers to execute arbitrary PHP code via a URL in the irayodirhack parameter.

7.5
2006-11-10 CVE-2006-5841 Dodos Scripts Denial-Of-Service vulnerability in Dodosmail 2.0/2.0.1

Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in DodosMail 2.0.1 and earlier, and possibly 2.1, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dodosmail_header_file or (2) dodosmail_footer_file parameters.

7.5
2006-11-10 CVE-2006-5840 Abarcar SQL Injection vulnerability in Abarcar Realty Portal 5.1.5/6.0.1

** DISPUTED ** Multiple SQL injection vulnerabilities in Abarcar Realty Portal allow remote attackers to execute arbitrary SQL commands via the (1) neid parameter to newsdetails.php, or the (2) slid parameter to slistl.php.

7.5
2006-11-10 CVE-2006-5839 Phpadventure Remote Security vulnerability in PHPadventure 1.1Alpha

PHP remote file inclusion vulnerability in ad_main.php in PHPAdventure 1.1-Alpha and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _mygamefile parameter.

7.5
2006-11-10 CVE-2006-5837 Simplechat Remote Code Execution vulnerability in Simplechat 1.0.0

Static code injection vulnerability in chat_panel.php in the SimpleChat 1.0.0 module for iWare Professional CMS allows remote attackers to inject arbitrary PHP code into chat_log.php via the msg parameter.

7.5
2006-11-10 CVE-2006-5833 Greenbeast CMS Unspecified vulnerability in Greenbeast CMS Greenbeast CMS 1.3

gbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not require authentication to upload files, which allows remote attackers to cause a denial of service (disk consumption) and execute arbitrary code by uploading arbitrary files, such as executing PHP code via an uploaded PHP file.

7.5
2006-11-10 CVE-2006-5831 Aiocp Input Validation vulnerability in AIOCP

PHP remote file inclusion vulnerability in admin/code/index.php in All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the load_page parameter.

7.5
2006-11-10 CVE-2006-5828 Deltascripts SQL Injection vulnerability in DeltaScripts PHP Classifieds Detail.PHP

SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter.

7.5
2006-11-08 CVE-2006-5816 Dmitry Sheiko Remote Security vulnerability in Dmitry Sheiko Business Card web Builder 2.5

Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko Business Card Web Builder (BCWB) 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the root_path_admin parameter to (1) /include/startup.inc.php, (2) dcontent/default.css.php, or (3) system/default.css.php, different vectors than CVE-2006-4946.

7.5
2006-11-08 CVE-2006-5814 Novell Remote Security vulnerability in eDirectory

Unspecified vulnerability in Novell eDirectory allows remote attackers to execute arbitrary code, as demonstrated by vd_novell.pm, a "Novell eDirectory remote exploit." NOTE: As of 20061108, this disclosure has no actionable information.

7.5
2006-11-08 CVE-2006-5463 Mozilla Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing.

7.5
2006-11-08 CVE-2006-5747 Mozilla Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function.

7.5
2006-11-08 CVE-2006-5804 Advanced Guestbook Remote File Include vulnerability in Advanced Guestbook Advanced Guestbook 2.3.1

PHP remote file inclusion vulnerability in admin.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.

7.5
2006-11-08 CVE-2006-5803 Mxbb Remote File Include vulnerability in MX Smartor Album Module Album.PHP

PHP remote file inclusion vulnerability in modules/mx_smartor/album.php in the mxBB Smartor Album module 1.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

7.5
2006-11-08 CVE-2006-5802 THE WEB Drivers SQL Injection vulnerability in Webdrivers Simple Forum Message_details.PHP

SQL injection vulnerability in message_details.php in The Web Drivers Simple Forum, dated 20060318, allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-11-08 CVE-2006-5798 Xenis Input Validation vulnerability in Xenis.creator CMS

SQL injection vulnerability in default.asp in Xenis.creator CMS allows remote attackers to execute arbitrary SQL commands via the contid parameter.

7.5
2006-11-08 CVE-2006-5797 Xenis Input Validation vulnerability in Xenis.creator CMS

Multiple SQL injection vulnerabilities in default.asp in Xenis.creator CMS allow remote attackers to execute arbitrary SQL commands via the (1) nav, (2) s, or (3) print parameters.

7.5
2006-11-08 CVE-2006-5796 Soholaunch Remote Security vulnerability in Soholaunch PRO Edition 4.9R36

Multiple PHP remote file inclusion vulnerabilities in Soholaunch Pro Edition 4.9 r46 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[docroot_path] parameter to (1) includes/shared_functions.php or (2) client_files/shopping_cart/pgm-shopping_css.inc.php.

7.5
2006-11-08 CVE-2006-5795 Openemr Remote Security vulnerability in Openemr

Multiple PHP remote file inclusion vulnerabilities in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the srcdir parameter to (a) billing_process.php, (b) billing_report.php, (c) billing_report_xml.php, and (d) print_billing_report.php in interface/billing/; (e) login.php; (f) interface/batchcom/batchcom.php; (g) interface/login/login.php; (h) main_info.php and (i) main.php in interface/main/; (j) interface/new/new_patient_save.php; (k) interface/practice/ins_search.php; (l) interface/logout.php; (m) custom_report_range.php, (n) players_report.php, and (o) front_receipts_report.php in interface/reports/; (p) facility_admin.php, (q) usergroup_admin.php, and (r) user_info.php in interface/usergroup/; or (s) custom/import_xml.php.

7.5
2006-11-08 CVE-2006-5794 Openbsd Unspecified vulnerability in Openbsd Openssh

Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication.

7.5
2006-11-07 CVE-2006-5792 Xlink Technology Remote Security vulnerability in Omni-Nfs X Enterprise

Unspecified vulnerability in XLink Omni-NFS Enterprise allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by vd_xlink2.pm, an "Omni-NFS Enterprise remote exploit." NOTE: this is probably a different vulnerability than CVE-2006-5780.

7.5
2006-11-07 CVE-2006-5790 Stefan Ritt Remote Format String vulnerability in ELOG EL_Submit Function

Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) an entry with an attachment whose name contains format string specifiers (el_submit function), and possibly other vectors in the (2) receive_config, (3) show_rss_feed, (4) show_elog_list, (5) show_logbook_node, and (6) server_loop functions.

7.5
2006-11-07 CVE-2006-5788 Iprimal Code Injection vulnerability in Iprimal Forums

PHP remote file inclusion vulnerability in (1) index.php and (2) admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to execute arbitrary PHP code via a URL in the p parameter.

7.5
2006-11-07 CVE-2006-5787 Iprimal Authentication Bypass vulnerability in IPrimal Forums

admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to bypass authentication and modify user passwords via a direct request, possibly related to an authentication issue in admin/chk_admin.php.

7.5
2006-11-07 CVE-2006-5786 E107 Local File Include vulnerability in E107 0.7.5

Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.

7.5
2006-11-07 CVE-2006-5781 Iodine Stack Buffer Overflow vulnerability in Iodine 0.3.2

Stack-based buffer overflow in the handshake function in iodine 0.3.2 allows remote attackers to execute arbitrary code via a crafted DNS response.

7.5
2006-11-07 CVE-2006-5650 AOL Remote Code Execution vulnerability in AOL ICQ 5.1

The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar.

7.5
2006-11-07 CVE-2006-5780 Xlink Technology Stack Buffer Overflow vulnerability in Xlink Technology Omni-Nfs Server 5.2

Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet to port 2049 (nfsd), as demonstrated by vd_xlink.pm.

7.5
2006-11-07 CVE-2006-5777 Creasito Security Bypass vulnerability in Creasito E-Commerce Content Manager

Creasito E-Commerce Content Manager 1.3.08 allows remote attackers to bypass authentication and perform privileged functions via a non-empty finame parameter to (1) addnewcont.php, (2) adminpassw.php, (3) amministrazione.php, (4) artins.php, (5) bgcolor.php, (6) cancartcat.php, (7) canccat.php, (8) cancelart.php, (9) cancontsit.php, (10) chanpassamm.php, (11) dele.php, (12) delecat.php, (13) delecont.php, (14) emailall.php, (15) gestflashtempl.php, (16) gestmagart.php, (17) gestmagaz.php, (18) gestpre.php, (19) input.php, (20) input3.php, (21) insnucat.php, (22) instempflash.php, (23) mailfc.php, (24) modfdati.php, (25) rescont4.php, (26) ricordo1.php, (27) ricordo4.php, (28) tabcatalg.php, (29) tabcont.php, (30) tabcont3.php, (31) tabstile.php, (32) tabstile3.php, (33) testimmg.php, and (34) update.php in admin/.

7.5
2006-11-07 CVE-2006-5776 Ariadne Remote File Include vulnerability in Ariadne CMS 2.4.1

** DISPUTED ** Multiple PHP remote file inclusions in Ariadne 2.4.1 allows remote attackers to execute arbitrary PHP code via the ariadne parameter in (1) ftp/loader.php and (2) lib/includes/loader.cmd.php.

7.5
2006-11-07 CVE-2006-4572 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol bypass bug;" and (2) bypass a rule that looks for a certain extension header, via a packet with an extension header outside the first fragment, aka "ip6_tables extension header bypass bug."

7.5
2006-11-06 CVE-2006-5772 Freewebshop SQL-Injection vulnerability in FreeWebshop

Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) prod parameter.

7.5
2006-11-06 CVE-2006-5768 Cyberfolio Remote File Include vulnerability in Cyberfolio

Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 RC1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the av parameter to (1) msg/view.php, (2) msg/inc_message.php, (3) msg/inc_envoi.php, and (4) admin/incl_voir_compet.php.

7.5
2006-11-06 CVE-2006-5766 Article System Remote File Include vulnerability in Article System Article System 0.6

PHP remote file inclusion vulnerability in volume.php in Article System 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config[public_dir] parameter.

7.5
2006-11-06 CVE-2006-5765 Article Script SQL Injection vulnerability in Article Script RSS.PHP

SQL injection vulnerability in rss.php in Article Script 1.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.

7.5
2006-11-06 CVE-2006-5764 Free PHP Scripts Code Injection vulnerability in Free PHP Scripts Free File Hosting

PHP remote file inclusion vulnerability in contact.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.

7.5
2006-11-06 CVE-2006-5760 Phpdynasite Remote File Include vulnerability in PHPDynaSite

Multiple PHP remote file inclusion vulnerabilities in phpDynaSite 3.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the racine parameter to (1) function_log.php, (2) function_balise_url.php, or (3) connection.php.

7.5
2006-11-06 CVE-2006-5744 Mobilesecure INC Products Management Interface Multiple Input Validation vulnerability in Highwall

Multiple SQL injection vulnerabilities in Highwall Enterprise and Highwall Endpoint 4.0.2.11045 management interface allow remote attackers to execute arbitrary SQL commands via an Access Point with a crafted SSID, and via unspecified vectors related to a malicious system operator.

7.5
2006-11-06 CVE-2006-5739 Leicestershire Remote Security vulnerability in Leicestershire Communityportals 1.0

PHP remote file inclusion vulnerability in cpadmin/cpa_index.php in Leicestershire communityPortals 1.0_2005-10-18_12-31-18 allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter, a different vector than CVE-2006-5280.

7.5
2006-11-06 CVE-2006-5735 Punbb File-Upload vulnerability in Punbb

Directory traversal vulnerability in include/common.php in PunBB before 1.2.14 allows remote authenticated users to include and execute arbitrary local files via a ..

7.5
2006-11-06 CVE-2006-5734 Adaptive Technology Resource Centre Remote File Include vulnerability in Adaptive Technology Resource Centre Atutor 1.5.3.2

Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2) req_lang parameter in documentation/common/search.php and (c) documentation/common/vitals.inc.php, the (3) row[dir_name] parameter in (d) include/classes/module/module.class.php, and the (4) lang_path parameter in (e) include/classes/phpmailer/class.phpmailer.php.

7.5
2006-11-06 CVE-2006-5733 Postnuke Software Foundation Local File Include vulnerability in Postnuke Software Foundation Postnuke 0.762

Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a ..

7.5
2006-11-10 CVE-2006-5836 Opendarwin Local Denial of Service vulnerability in Opendarwin Darwin Kernel 8.8.1

The fpathconf syscall function in bsd/kern/kern_descrip.c in the Darwin kernel (XNU) 8.8.1 in Apple Mac OS X allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a file descriptor with an unrecognized file type.

7.2
2006-11-08 CVE-2006-5818 IBM TuneKrnl Local Privilege Escalation vulnerability in IBM Lotus Domino

Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors.

7.2
2006-11-06 CVE-2006-5758 Microsoft Buffer Errors vulnerability in Microsoft Windows 2000 and Windows XP

The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.

7.2
2006-11-06 CVE-2006-5737 Punbb Cross-Site Request Forgery vulnerability in Punbb 1.2.14

PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized actions.

7.2

68 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-11-10 CVE-2006-5853 Immediacy Cross-Site Scripting vulnerability in Immediacy .Net CMS 5.2

Cross-site scripting (XSS) vulnerability in logon.aspx in Immediacy CMS (Immediacy .NET CMS) 5.2 allows remote attackers to inject arbitrary web script or HTML via the lang parameter, which is returned to the client in a lang cookie.

6.8
2006-11-10 CVE-2006-5843 Speedywiki Cross-Site Scripting vulnerability in Speedywiki 2.0

Cross-site scripting (XSS) vulnerability in index.php in Speedywiki 2.0 allows remote attackers to inject arbitrary web script or HTML via the showRevisions parameter.

6.8
2006-11-10 CVE-2006-5830 Aiocp Input Validation vulnerability in AIOCP

Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topid, (2) forid, and (3) catid parameters to code/cp_forum_view.php; (4) choosed_language parameter to cp_dpage.php; (5) orderdir parameter to cp_links_search.php; (6) order_field parameter to (a) cp_show_ec_products.php and (b) cp_users_online.php; and the (7) signature and (8) fiscal code fields in the user profile.

6.8
2006-11-10 CVE-2006-5829 Aiocp SQL Injection vulnerability in Aiocp

Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) cp_dpage.php, (b) cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) cp_links.php, (g) cp_contact_us.php, (h) cp_login.php, and (i) cp_codice_fiscale.php in public/code/; (2) news_category parameter to public/code/cp_news.php; (3) nlmsg_nlcatid parameter to public/code/cp_newsletter.php; (4) links_category parameter to public/code/cp_links.php; (5) product_category_id parameter to public/code/cp_show_ec_products.php; (6) order_field parameter to public/code/cp_show_ec_products.php; (7) firstrow parameter to public/code/cp_users_online.php; and (8) orderdir parameter to public/code/cp_links_search.php.

6.8
2006-11-10 CVE-2006-5827 Phpcomasy HTML Injection vulnerability in PHPcomasy 0.7.4/0.7.5/0.7.9Pre

Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpComasy CMS 0.7.9pre and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username or (2) password parameters.

6.8
2006-11-08 CVE-2006-5811 Openemr Remote Security vulnerability in Openemr 2.8.1

PHP remote file inclusion vulnerability in library/translation.inc.php in OpenEMR 2.8.1, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[srcdir] parameter.

6.8
2006-11-08 CVE-2006-5810 Xoops Cross-Site Scripting vulnerability in Xoops 1.0

Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter.

6.8
2006-11-08 CVE-2006-5799 Xenis Input Validation vulnerability in Xenis.creator CMS

Multiple cross-site scripting (XSS) vulnerabilities in default.asp in xenis.creator CMS allow remote attackers to inject arbitrary web script or HTML via the (1) contid or (2) search parameters.

6.8
2006-11-06 CVE-2006-5775 Funkboard HTML Injection vulnerability in Funkboard 0.71

Cross-site scripting (XSS) vulnerability in profile.php in FunkBoard 0.71 before 4 November 2006 at 18:16 GMT allows remote attackers to inject arbitrary web script or HTML, possibly via the name parameter.

6.8
2006-11-06 CVE-2006-5770 Ac4P Cross-Site Scripting vulnerability in Mobile

Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via (1) Bloks, (2) Newnews, (3) lBlok, and (4) foooot parameter in (a) index.php; Newnews, (5) newmsgs, and Bloks parameter in (b) MobileNews.php; Newnews parameter in (c) polls.php; (6) cats parameter in (d) send.php; (7) footer parameter in (e) up.php; and (8) pagenav parameter in (f) cp/index.php.

6.8
2006-11-06 CVE-2006-5767 Drake Team Code Injection vulnerability in Drake Team Drake CMS

PHP remote file inclusion vulnerability in includes/xhtml.php in Drake CMS 0.2.2 alpha rev.846 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the d_root parameter.

6.8
2006-11-10 CVE-2006-5845 Speedywiki Unrestricted Upload of File With Dangerous Type vulnerability in Speedywiki 2.0

Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated users to upload and execute arbitrary PHP code by setting the upload parameter to 1.

6.5
2006-11-06 CVE-2006-5729 Yazd Unspecified vulnerability in Yazd Discussion Forum

Yazd Discussion Forum before 3.0 beta does not properly manage forum permissions, which allows remote authenticated users to (1) reply to a message in an arbitrary forum, if authorized to create a message in any forum; and (2) perform certain unauthorized forum actions, related to an "error in how the permissions were assembled" that assigns extra permissions to users.

6.5
2006-11-11 CVE-2006-5866 Phpmanta Local File Include vulnerability in PHPManta

Directory traversal vulnerability in Mdoc/view-sourcecode.php for phpManta 1.0.2 and earlier allows remote attackers to read and include arbitrary files via ".." sequences in the file parameter.

6.4
2006-11-10 CVE-2006-5846 Freewebshop Path Traversal vulnerability in Freewebshop

Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to read and include arbitrary files via a ..

6.4
2006-11-08 CVE-2006-5462 Mozilla Unspecified vulnerability in Mozilla products

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates.

6.4
2006-11-06 CVE-2006-5746 Airmagnet Multiple vulnerability in Airmagnet Enterprise 7.5

The console in AirMagnet Enterprise before 7.5 build 6307 does not properly validate the Enterprise Server certificate, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack, possibly related to the use of self-signed certificates.

6.4
2006-11-06 CVE-2006-5731 Lithium CMS Arbitrary Code Injection vulnerability in Lithium CMS Lithium CMS

Directory traversal vulnerability in classes/index.php in Lithium CMS 4.04c and earlier allows remote attackers to include and execute arbitrary local files via a ..

6.4
2006-11-10 CVE-2006-5826 Texas Imperial Software Buffer Overflow vulnerability in Texas Imperial Software Wftpd 3.23.1.1

Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via crafted APPE commands that contain "/" (slash) or "\" (backslash) characters.

5.8
2006-11-06 CVE-2006-5466 RPM
Ubuntu
Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages.
5.4
2006-11-11 CVE-2006-5864 GNU Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU GV

Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers.

5.1
2006-11-10 CVE-2006-5838 Newp Remote File Include vulnerability in Newp News Publication System 1.0.0

PHP remote file inclusion vulnerability in lib/class.Database.php in NewP News Publication System 1.0.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the path parameter.

5.1
2006-11-07 CVE-2006-4809 Enlightenment Arbitrary Code Execution vulnerability in IMlib2 Library

Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image.

5.1
2006-11-07 CVE-2006-4806 Enlightenment Arbitrary Code Execution vulnerability in IMlib2 Library

Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loader_jpeg.c), or (5) TIFF (loader_tiff.c) images.

5.1
2006-11-06 CVE-2006-5763 Free PHP Scripts Remote File Include vulnerability in Free File Hosting System

Multiple PHP remote file inclusion vulnerabilities in Free File Hosting 1.1, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter to (1) login.php, (2) register.php, or (3) send.php.

5.1
2006-11-06 CVE-2006-5762 Free PHP Scripts Code Injection vulnerability in Free PHP Scripts Free File Hosting and Free Image Hosting

PHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.

5.1
2006-11-06 CVE-2006-5736 Punbb SQL-Injection vulnerability in Punbb

SQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_list array parameter, which is not initialized.

5.1
2006-11-06 CVE-2006-5730 Modxcms Remote File Include vulnerability in Modxcms 0.9.1

PHP remote file inclusion vulnerability in manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php in Modx CMS 0.9.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.

5.1
2006-11-06 CVE-2006-5727 Sazcart Remote File Include vulnerability in Sazcart 1.5

PHP remote file inclusion vulnerability in admin/controls/cart.php in sazcart 1.5 allows remote attackers to execute arbitrary PHP code via the (1) _saz[settings][shippingfolder] and (2) _saz[settings][taxfolder] parameters.

5.1
2006-11-10 CVE-2006-5861 Citrix Denial-Of-Service vulnerability in Citrix Metaframe and Metaframe Presentation Server

The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception.

5.0
2006-11-10 CVE-2006-5844 Speedywiki Remote Security vulnerability in Speedywiki 2.0

Speedywiki 2.0 allows remote attackers to obtain the full path of the web server via the (1) showRevisions[] and (2) searchText[] parameters in (a) index.php, and (b) a direct request to upload.php without any parameters.

5.0
2006-11-10 CVE-2006-5835 IBM Information Disclosure vulnerability in IBM Lotus Notes User.ID File Key

The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file.

5.0
2006-11-10 CVE-2006-5834 Opensolution Local File Include vulnerability in Opensolution Quick.Cms.Lite 0.3

Directory traversal vulnerability in general.php in OpenSolution Quick.Cms.Lite 0.3 allows remote attackers to include arbitrary files via a ..

5.0
2006-11-10 CVE-2006-5832 Aiocp Input Validation vulnerability in AIOCP

All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to obtain the full path of the web server via certain requests to (1) public/code/cp_dpage.php, possibly involving the aiocp_dp[] parameter, (2) public/code/cp_show_ec_products.php, possibly involving the order_field[] parameter, and (3) public/code/cp_show_page_help.php, possibly involving the hp[] parameter, which reveal the path in various error messages.

5.0
2006-11-09 CVE-2006-5680 Freebsd Remote Denial Of Service vulnerability in Freebsd 6

The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before 2006-11-08 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive that causes libarchive to skip a region past the actual end of the archive, which triggers an infinite loop that attempts to read more data.

5.0
2006-11-08 CVE-2006-5813 Novell Denial-Of-Service vulnerability in Novell Edirectory 8.8

Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to cause a denial of service, as demonstrated by vd_novell3.pm, a "Novell eDirectory 8.8 DoS." NOTE: As of 20061108, this disclosure has no actionable information.

5.0
2006-11-08 CVE-2006-5812 Kerio Denial-Of-Service vulnerability in Kerio Mailserver

Unspecified vulnerability in Kerio MailServer allows attackers to cause a denial of service, as demonstrated by vd_kms4.pm, a "Kerio MailServer DoS." NOTE: As of 20061108, this disclosure has no actionable information.

5.0
2006-11-08 CVE-2006-5805 Microsoft Remote Security vulnerability in Microsoft IE 7.0

Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid.

5.0
2006-11-08 CVE-2006-5748 Mozilla Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption.

5.0
2006-11-08 CVE-2006-5464 Mozilla Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors.

5.0
2006-11-08 CVE-2006-5801 Owfs Denial of Service vulnerability in OWFS Owserver File Path

The owserver module in owfs and owhttpd 2.5p5 and earlier does not properly check the path type, which allows attackers to cause a denial of service (application crash) related to use of the path in owshell.

5.0
2006-11-07 CVE-2006-5785 SAP Remote Denial of Service vulnerability in SAP web Application Server 6.40/7.00

Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999.

5.0
2006-11-07 CVE-2006-5651 Digioz Information Disclosure vulnerability in Digioz Guestbook 1.7

list.php in DigiOz Guestbook before 1.7.1 allows remote attackers to obtain sensitive information via a non-numeric page parameter, which displays the installation path in the resulting error message.

5.0
2006-11-07 CVE-2006-5779 Openldap Resource Management Errors vulnerability in Openldap

OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.

5.0
2006-11-06 CVE-2006-5773 Freewebshop Directory Traversal vulnerability in FreeWebShop

Directory traversal vulnerability in index.php in FreeWebshop 2.2.1 and earlier allows remote attackers to read arbitrary files and disclose the installation path via a ..

5.0
2006-11-06 CVE-2006-5759 Rhadrix Remote Security vulnerability in Rhadrix If-Cms 1.01/2.07

index.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows remote attackers to obtain the full path of the web server via empty (1) rns[] or (2) pag[] arguments, which reveals the path in an error message.

5.0
2006-11-06 CVE-2006-5742 Airmagnet Multiple vulnerability in Airmagnet Enterprise 7.5

The AirMagnet Enterprise console and Remote Sensor console (Laptop) in AirMagnet Enterprise before 7.5 build 6307 allows remote attackers to inject arbitrary web script or HTML from a certain embedded Internet Explorer object into an SSID template value, aka "Cross-Application Scripting (XAS)".

5.0
2006-11-06 CVE-2006-5732 TGS CMS SQL Injection vulnerability in T.G.S. CMS Logout.PHP

SQL injection vulnerability in logout.php in T.G.S.

5.0
2006-11-09 CVE-2006-5824 Freebsd Denial-Of-Service vulnerability in Freebsd 6.1

Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows local users to cause a denial of service (kernel panic) and trigger a heap-based buffer overflow via a crafted UFS filesystem, a different vulnerability than CVE-2006-5679.

4.9
2006-11-06 CVE-2006-5726 SUN Local Denial of Service vulnerability in SUN Solaris 10.0

alloccgblk in the UFS filesystem in Solaris 10 allows local users to cause a denial of service (memory corruption) by mounting crafted UFS filesystems with malformed data structures.

4.9
2006-11-11 CVE-2006-5862 Network Administration Visualized Local Directory Traversal vulnerability in Network Administration Visualized Network Administration Visualized 3.1.0

Directory traversal vulnerability in the session mechanism of the web interface for Network Administration Visualized (NAV) before 3.1.1 allows attackers with filesystem write access to have an unknown impact via unknown attack vectors.

4.6
2006-11-10 CVE-2006-5852 Openbase International LTD Local Security vulnerability in Openbase

Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327.

4.6
2006-11-08 CVE-2006-5808 Cisco Multiple vulnerability in Cisco Secure Desktop

The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation".

4.6
2006-11-08 CVE-2006-5807 Cisco Multiple vulnerability in Cisco Secure Desktop

Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to escape out of the secure desktop environment by using certain applications that switch to the default desktop, aka "System Policy Evasion".

4.6
2006-11-08 CVE-2006-4810 GNU Buffer Overflow vulnerability in GNU Texinfo 4.8

Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.

4.6
2006-11-07 CVE-2006-5784 SAP Remote Information Disclosure vulnerability in SAP web Application Server 6.40/7.00

Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201.

4.6
2006-11-07 CVE-2006-5778 Linux Ftpd SSL Information Disclosure vulnerability in Linux-Ftpd-Ssl 0.17

ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir before setting the UID, which allows local users to bypass intended access restrictions by redirecting their home directory to a restricted directory.

4.6
2006-11-10 CVE-2006-5847 Freewebshop Cross-Site Scripting vulnerability in Freewebshop

Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

4.3
2006-11-10 CVE-2006-5825 Kayako Cross-Site Scripting vulnerability in Kayako Supportsuite 3.00.32

Cross-site scripting (XSS) vulnerability in index.php in Kayako SupportSuite 3.00.32 allows remote attackers to inject arbitrary web script or HTML via the query string.

4.3
2006-11-06 CVE-2006-5774 Hyper Nikki System Cross-Site Scripting vulnerability in Hyper NIKKI System

Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before 2.19.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2006-11-06 CVE-2006-5771 Arkoon Cross-Site Scripting vulnerability in Arkoon Ssl360 1.0

Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0 before 2.0/2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2006-11-06 CVE-2006-5769 Fixpunkt Gmbh Cross-Site Scripting vulnerability in Fixpunkt Gmbh Admin.Tool CMS 3 Andprevious

Multiple cross-site scripting (XSS) vulnerabilities in admin.tool CMS 3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fSid or (2) fSrcBegriffe parameters in unspecified vectors.

4.3
2006-11-06 CVE-2006-5761 Rhadrix Cross-Site Scripting vulnerability in Rhadrix If-Cms 1.01/2.07

Cross-site scripting (XSS) vulnerability in index.php in Rhadrix If-CMS 1.01 and 2.07 allows remote attackers to inject arbitrary web script or HTML via the rns parameter.

4.3
2006-11-06 CVE-2006-5743 Mobilesecure Products Management Interface Multiple Input Validation vulnerability in Highwall

Multiple cross-site scripting (XSS) vulnerabilities in Highwall Enterprise and Highwall Endpoint 4.0.2.11045 management interface allow remote attackers to inject arbitrary web script or HTML via (1) an Access Point with a crafted SSID, (2) the name of the sensor WIDS, (3) the name of the Highwall EndPoint workstation, or other unspecified vectors.

4.3
2006-11-06 CVE-2006-5741 Airmagnet Multiple vulnerability in Airmagnet Enterprise 7.5

Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enterprise before 7.5 build 6307 allow remote attackers to inject arbitrary web script or HTML via (1) the 404 error page of the Smart Sensor Edge Sensor; (2) the user name for a failed logon, when displayed in the audit journals reviewing interface (/AirMagnetSensor/AMSensor.dll/XH) by the Smart Sensor Edge Sensor log viewer; and (3) an SSID of an AP, when displayed on an ACL page (/Amom/Amom.dll/BD) of the Enterprise Server Status Overview in the Enterprise Server Web interface.

4.3
2006-11-09 CVE-2006-5823 Linux Denial-Of-Service vulnerability in kernel

The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using cramfs.

4.0
2006-11-07 CVE-2006-5789 Jgaa Resource Management Errors vulnerability in Jgaa Warftpd 1.82.00Rc11

War FTP Daemon (WarFTPd) 1.82.00-RC11 allows remote authenticated users to cause a denial of service via a large number of "%s" format strings in (1) CWD, (2) CDUP, (3) DELE, (4) NLST, (5) LIST, (6) SIZE, and possibly other commands.

4.0
2006-11-06 CVE-2006-5728 Dxmsoft Resource Management Errors vulnerability in Dxmsoft XM Easy Personal FTP Server 4.2/4.3

XM Easy Personal FTP Server 5.2.1 and earlier allows remote authenticated users to cause a denial of service via a long argument to the NLST command, possibly involving the -al flags.

4.0

10 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-11-08 CVE-2006-5800 Xenis Cross-Site Scripting vulnerability in Xenis.creator CMS

Cross-site scripting (XSS) vulnerability in default.asp in xenis.creator CMS allows remote attackers to inject arbitrary web script or HTML via the nav parameter.

2.6
2006-11-07 CVE-2006-5791 Stefan Ritt Cross-Site Scripting vulnerability in ELOG Nonexistent File Download

Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is not quoted in an error message by the send_file_direct function, and (2) the Type or Category values in a New entry, which is not properly handled in an error message by the submit_elog function.

2.6
2006-11-07 CVE-2006-4808 Enlightenment Arbitrary Code Execution vulnerability in IMlib2 Library

Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image.

2.6
2006-11-07 CVE-2006-4807 Enlightenment Arbitrary Code Execution vulnerability in IMlib2 Library

loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808.

2.6
2006-11-10 CVE-2006-5851 Openbase International LTD Link Following vulnerability in Openbase International LTD Openbase

openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328.

2.1
2006-11-10 CVE-2006-5842 Unicore Unspecified vulnerability in Unicore Client

The keystore file in Unicore Client before 5.6 build 5, when running on Unix systems, has insecure default permissions, which allows local users to obtain sensitive information.

2.1
2006-11-08 CVE-2006-5817 Parallels Local Security vulnerability in Parallels Desktop Build1940

prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure permissions (0666) for /Library/Parallels/.dhcpd_configuration, which allows local users to modify DHCP configuration.

2.1
2006-11-08 CVE-2006-5806 Cisco Multiple vulnerability in Cisco Secure Desktop

SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data.

2.1
2006-11-06 CVE-2006-5738 Punbb SQL-Injection vulnerability in Punbb

Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.

2.1
2006-11-06 CVE-2006-5757 Linux Resource Management Errors vulnerability in Linux Kernel

Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures.

1.2