Weekly Vulnerabilities Reports > November 20 to 26, 2006
Overview
110 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 36 high severity vulnerabilities. This weekly summary report vulnerabilities in 104 products from 93 vendors including Linux, Apple, Fipsasp, Biba Software, and Qualcomm. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Path Traversal", "Code Injection", and "Numeric Errors".
- 100 reported vulnerabilities are remotely exploitables.
- 20 reported vulnerabilities have public exploit available.
- 11 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 105 reported vulnerabilities are exploitable by an anonymous user.
- Linux has the most reported vulnerabilities, with 6 reported vulnerabilities.
- Adobe has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
12 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-11-24 | CVE-2006-6076 | Broadcom CA | Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502. | 10.0 |
2006-11-22 | CVE-2006-6059 | Netgear | Buffer Overflow vulnerability in NetGear MA521 Wireless Driver Long Beacon Probe Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear MA521 PCMCIA adapter allows remote attackers to execute arbitrary code via (1) beacon or (2) probe 802.11 frame responses with an long supported rates information element. | 10.0 |
2006-11-22 | CVE-2006-6055 | D Link | Stack Buffer Overflow vulnerability in D-Link DWL-G132 ASAGU.SYS Wireless Device Driver Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE). | 10.0 |
2006-11-21 | CVE-2006-6026 | Realnetworks | Buffer Errors vulnerability in Realnetworks Helix DNA Server, Helix Mobile Server and Helix Server Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field. | 10.0 |
2006-11-20 | CVE-2006-5982 | Biba Software | Cryptographic Issues vulnerability in Biba Software Seleniumserver FTP Server 1.0 SeleniumServer FTP Server 1.0, and possibly earlier, stores user passwords in plaintext in the Servers directory, which allows attackers to obtain passwords by reading the file. | 10.0 |
2006-11-20 | CVE-2006-5980 | Renasoft | Remote Security vulnerability in Netjetserver adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and possibly earlier, does not properly perform login authentication, which allows remote attackers to obtain administrative privileges. | 10.0 |
2006-11-20 | CVE-2006-5978 | E Xoopport | Security vulnerability in E-Xoopport 1.0/1.1/2.0 Unspecified vulnerability in E-Xoopport before 2.2.0 has unknown impact and attack vectors, as addressed by "Some security fix." | 10.0 |
2006-11-26 | CVE-2006-6121 | Acer | Remote Code Execution vulnerability in Acer LunchApp.APlunch ActiveX Control Acer Notebook LunchApp.APlunch ActiveX control allows remote attackers to execute arbitrary commands by calling the Run method. | 9.3 |
2006-11-22 | CVE-2006-6061 | Apple | Remote Denial Of Service vulnerability in Apple Mac OS X UDIF Disk Image com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption. | 9.3 |
2006-11-22 | CVE-2006-5868 | Imagemagick Debian Canonical | Remote Heap Buffer Overflow vulnerability in ImageMagick SGI Image File Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image. | 9.3 |
2006-11-21 | CVE-2006-6027 | Adobe | Multiple vulnerability in Adobe Acrobat Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control. | 9.3 |
2006-11-21 | CVE-2006-3890 | SKY Software Winzip | Remote Code Execution vulnerability in WinZip WZFileView.FileViewCtrl.61 ActiveX Control Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198. | 9.3 |
36 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-11-26 | CVE-2006-6122 | TIN | Remote Security vulnerability in Tin Multiple buffer overflows in TIN before 1.8.2 have unspecified impact and attack vectors, a different vulnerability than CVE-2006-0804. | 7.5 |
2006-11-26 | CVE-2006-6117 | Fipsasp | SQL Injection vulnerability in FipsGallery Index1.ASP SQL injection vulnerability in index1.asp in fipsGallery 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the which parameter. | 7.5 |
2006-11-26 | CVE-2006-6116 | Fipsasp | SQL Injection vulnerability in FipsForum Default2.ASP SQL injection vulnerability in default2.asp in fipsForum 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the kat parameter. | 7.5 |
2006-11-26 | CVE-2006-6115 | Fipsasp | SQL Injection vulnerability in FipsCMS Index.ASP SQL injection vulnerability in index.asp in fipsCMS 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the fid parameter. | 7.5 |
2006-11-26 | CVE-2006-6110 | BPG Infotech | SQL-Injection vulnerability in Content Management System Multiple SQL injection vulnerabilities in an unspecified BPG-InfoTech Content Management System product allow remote attackers to execute arbitrary SQL commands via the (1) vjob parameter in publications_list.asp or (2) InfoID parameter in publication_view.asp. | 7.5 |
2006-11-24 | CVE-2006-6095 | Dotnetindex | SQL Injection vulnerability in Dotnetindex Active News Manager Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. | 7.5 |
2006-11-24 | CVE-2006-6093 | Picturespro | Remote File Include vulnerability in Picturespro Photo Cart 3.9 Multiple PHP remote file inclusion vulnerabilities in adminprint.php in PicturesPro Photo Cart 3.9 allow remote attackers to execute arbitrary PHP code via a URL in the (1) admin_folder and (2) path parameters. | 7.5 |
2006-11-24 | CVE-2006-6081 | Telaen | Remote Security vulnerability in Telaen PHP remote file inclusion vulnerability in Smarty_Compiler.class.php in Telaen 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter. | 7.5 |
2006-11-24 | CVE-2006-6080 | Gazatem Technologies | SQL Injection vulnerability in Gnews Publisher Multiple SQL injection vulnerabilities in categories.asp in gNews Publisher allow remote attackers to execute arbitrary SQL commands via the (1) catID or (2) editorID parameter. | 7.5 |
2006-11-24 | CVE-2006-6079 | Imendio AB | Remote Security vulnerability in Imendio AB Loudmouth 2.4 Multiple PHP remote file inclusion vulnerabilities in LoudMouth 2.4 allow remote attackers to execute arbitrary PHP code via a URL in the mainframe parameter to (1) admin.loudmouth.php or (2) toolbar.loudmouth.php. | 7.5 |
2006-11-24 | CVE-2006-6078 | A Conman | Remote File Include vulnerability in A-Conman 3.2Beta PHP remote file inclusion vulnerability in common.inc.php in a-ConMan 3.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the cm_basedir parameter. | 7.5 |
2006-11-24 | CVE-2006-6073 | Enthrallweb | SQL Injection vulnerability in Enthrallweb Eshopping Cart Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp. | 7.5 |
2006-11-24 | CVE-2006-6072 | BPG Infotech | Products Vjob Parameter SQL Injection vulnerability in Bpg-Infotech Easy Publisher and Smart Publisher PRO SQL injection vulnerability in bpg/publications_list.asp in BPG-InfoTech Easy Publisher and Smart Publisher//Pro 2.7.7 allows remote attackers to execute arbitrary SQL commands via the vjob parameter. | 7.5 |
2006-11-22 | CVE-2006-6070 | ASP Nuke | SQL-Injection vulnerability in ASP-Nuke SQL injection vulnerability in module/account/register/register.asp in ASP Nuke 0.80 and earlier allows remote attackers to execute arbitrary SQL commands via the StateCode parameter. | 7.5 |
2006-11-22 | CVE-2006-6064 | Fuzzball Muck | Buffer Overflow vulnerability in Fuzzball MUCK Message Parsing Interpreter Multiple buffer overflows in the Message Parsing Interpreter (MPI) in Fuzzball MUCK before 6.07 allow remote attackers to execute arbitrary code via crafted messages. | 7.5 |
2006-11-22 | CVE-2006-6063 | Un4Seen | Remote Buffer Overflow vulnerability in XMPlay Playlist Files Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and earlier allows remote attackers to execute arbitrary code via a M3U file containing a long (1) FileName, and cause a crash via a long (2) DisplayName. | 7.5 |
2006-11-22 | CVE-2006-6051 | Mamboxchange | Remote File Include vulnerability in Mamboxchange Mosreporter 1.0 PHP remote file inclusion vulnerability in reporter.logic.php in the MosReporter (com_reporter) component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
2006-11-22 | CVE-2006-6050 | Clicktech | SQL Injection vulnerability in ClickTech Texas RankEm Player.ASP Tournaments.ASP Multiple SQL injection vulnerabilities in ClickTech Texas Rank'em allow remote attackers to execute arbitrary SQL commands via the (1) selPlayer parameter to player.asp or the (2) tournament_id parameter to tournaments.asp. | 7.5 |
2006-11-22 | CVE-2006-6049 | Phil Taylor | Remote File Include vulnerability in Shabmo2 Component Shambo2.PHP PHP remote file inclusion vulnerability in shambo2.php in the Shambo2 (com_shambo2) component for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
2006-11-22 | CVE-2006-6041 | Laurent VAN DEN Reysen | Code Injection vulnerability in Laurent VAN DEN Reysen Work System E-Commerce Multiple PHP remote file inclusion vulnerabilities in Laurent Van den Reysen WORK system e-commerce 3.0.2, and other versions before 3.0.4, allow remote attackers to execute arbitrary PHP code via a URL in the g_include parameter to (1) index.php, (2) module/forum/forum.php, (3) unspecified files under module/, and (4) unspecified files under administration/module/. | 7.5 |
2006-11-22 | CVE-2006-6039 | Powie | SQL Injection vulnerability in Powie PHP Matchmaker 4.05 SQL injection vulnerability in matchdetail.php in Powie's PHP MatchMaker 4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the edit parameter. | 7.5 |
2006-11-22 | CVE-2006-6038 | Powie | SQL Injection vulnerability in Powie Pforum SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2006-11-22 | CVE-2006-6036 | Emreturk | SQL-Injection vulnerability in Emreturk Openhuman 0.1 SQL injection vulnerability in OpenHuman before 1.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2006-11-21 | CVE-2006-6034 | Sitesoutlet | SQL-Injection vulnerability in Sitesoutlet E-Commerce Kit-1 Paypaledition Multiple SQL injection vulnerabilities in SitesOutlet E-commerce Kit-1 PayPal Edition allow remote attackers to execute arbitrary SQL commands via the (1) keyword or (2) cid parameter in (a) catalogue.asp, or the (3) pid parameter in (b) viewDetail.asp. | 7.5 |
2006-11-21 | CVE-2006-6033 | Sphpblog | Directory Traversal vulnerability in Sphpblog 0.4.8 Multiple directory traversal vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to read arbitrary files and possibly include arbitrary PHP code via a .. | 7.5 |
2006-11-21 | CVE-2006-6031 | Gcis | SQL-Injection vulnerability in Aspcart Multiple SQL injection vulnerabilities in Greater Cincinnati Internet Solutions (GCIS) ASPCart allow remote attackers to execute arbitrary SQL commands via (1) the prodid parameter in (a) prodetails.asp; (2) the page parameter in (b) display.asp; the (3) custid, (4) item, (5) price, (6) custom, (7) department, (8) start, (9) quantity, (10) submit, (11) custom1, (12) custom2, or (13) custom3 parameters in (c) addcart.asp; or the (14) customerid parameter in (d) payment.asp. | 7.5 |
2006-11-21 | CVE-2006-6030 | Futuretec | SQL-Injection vulnerability in Futuretec E-Calendar PRO 3.0 Multiple SQL injection vulnerabilities in E-Calendar Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd (Password) fields in (a) admin/default.asp; or the (3) Event Title, (4) Location, or (5) Description field when making a search engine query in (b) search.asp. | 7.5 |
2006-11-21 | CVE-2006-6029 | Property PRO | SQL Injection vulnerability in Property PRO Property PRO 1.0 SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the UserName field. | 7.5 |
2006-11-21 | CVE-2006-6024 | Qualcomm | Buffer Overflow vulnerability in Qualcomm Eudora Worldmail 3.0Version6.1.22.0 Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 version 6.1.22.0, have unknown impact and attack vectors, as demonstrated by the (1) "Eudora WorldMail stack overflow" and (2) "Eudora WorldMail heap overflow" modules in VulnDisco Pack. | 7.5 |
2006-11-21 | CVE-2006-6021 | Bestwebapp | Input Validation vulnerability in BestWebApp Dating Site SQL injection vulnerability in the login component in BestWebApp Dating Site allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. | 7.5 |
2006-11-21 | CVE-2006-5991 | Cactusoft | SQL-Injection vulnerability in CactuShop Multiple SQL injection vulnerabilities in wwweb concepts CactuShop allow remote attackers to execute arbitrary SQL commands via the (1) prodtype parameter in prodtype.asp and the (2) product parameter in product.asp. | 7.5 |
2006-11-20 | CVE-2006-5987 | Aspintranet | SQL Injection vulnerability in Aspintranet 1.2 SQL injection vulnerability in default.asp in ASPintranet, possibly 1.2, allows remote attackers to execute arbitrary SQL commands via the a parameter. | 7.5 |
2006-11-20 | CVE-2006-5977 | Expinion NET | SQL-Injection vulnerability in MultiCalendars Multiple SQL injection vulnerabilities in MultiCalendars allow remote attackers to execute arbitrary SQL commands via the (1) M or (2) Y parameter to rss_out.asp, or the (3) cate parameter to all_calendars.asp. | 7.5 |
2006-11-20 | CVE-2006-5976 | Drumster | Input Validation vulnerability in Drumster Blogme 3.0 Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. | 7.5 |
2006-11-22 | CVE-2006-3973 | MY Firewall Plus | Local Privilege Escalation vulnerability in MY Firewall Plus MY Firewall Plus 5.0Build1119 My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is running before launching iexplore.exe from the "Test Your Firewall" feature, which allows local users to gain SYSTEM privileges. | 7.2 |
2006-11-21 | CVE-2006-6014 | Netbsd | Local Security vulnerability in Netbsd Current The NetBSD-current kernel before 20061028 does not properly perform bounds checking of an unspecified userspace parameter in the ptrace system call during a PT_DUMPCORE request, which allows local users to have an unknown impact. | 7.2 |
59 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-11-26 | CVE-2006-6124 | Biba Software | Cross-Site Scripting vulnerability in Biba Software Seleniumserver web Server 1.0 Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.8 |
2006-11-26 | CVE-2006-6118 | Mmgallery | Cross-Site Scripting vulnerability in Mmgallery 1.55 Cross-site scripting (XSS) vulnerability in thumbs.php in mmgallery 1.55 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 6.8 |
2006-11-24 | CVE-2006-6075 | Baalasp | Cross-Site Scripting vulnerability in Baalasp Smart Form Portal 2.0 Cross-site scripting (XSS) vulnerability in addpost1.asp in BaalAsp forum allows remote attackers to inject arbitrary web script or HTML via the name parameter. | 6.8 |
2006-11-22 | CVE-2006-6048 | Etomite | SQL Injection vulnerability in Etomite 0.6.1.2 SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 6.8 |
2006-11-22 | CVE-2006-6046 | Epic Designs | Cross-Site Scripting vulnerability in Epic Designs Eggblog 3.1.0 Multiple cross-site scripting (XSS) vulnerabilities in eggblog 3.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) edit parameter to (a) admin/articles.php or (b) admin/comments.php, or the (2) add parameter to admin/users.php. | 6.8 |
2006-11-22 | CVE-2006-6045 | Comdev | Remote Security vulnerability in Comdev ONE Admin PRO 4.1 Multiple PHP remote file inclusion vulnerabilities in Comdev One Admin Pro 4.1 allow remote attackers to execute arbitrary PHP code via a URL in the path[skin] parameter to (1) adminfoot.php, (2) adminhead.php, or (3) adminlogin.php. | 6.8 |
2006-11-22 | CVE-2006-6044 | Phpquickgallery | Remote File Include vulnerability in PHPQuickGallery PHP remote file inclusion vulnerability in gallery_top.inc.php in PHPQuickGallery 1.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the textFile parameter. | 6.8 |
2006-11-22 | CVE-2006-6043 | Oliver | Unspecified vulnerability in Oliver PHP file inclusion vulnerability in loginform-inc.php in Oliver (formerly Webshare) 1.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the conf[motdfile] parameter, which is accessed by the file_exists function. | 6.8 |
2006-11-22 | CVE-2006-6042 | Phpwebthings | Remote File Include vulnerability in phpWebThings Editor.PHP PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_bottom parameter. | 6.8 |
2006-11-22 | CVE-2006-6040 | Jelsoft | Cross-Site Scripting vulnerability in VBulletin Admin Control Panel Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action. | 6.8 |
2006-11-22 | CVE-2006-6037 | Leinir | Cross-Site Scripting vulnerability in Leinir Travelsized CMS Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dan Jensen Travelsized CMS 0.4.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) page, (2) page_id, or (3) language parameter. | 6.8 |
2006-11-22 | CVE-2006-6035 | F ART Agency | Cross-Site Scripting vulnerability in F-Art Agency Blog CMS Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the FADDR parameter. | 6.8 |
2006-11-21 | CVE-2006-6032 | Sphpblog | Cross-Site Scripting vulnerability in Sphpblog 0.4.8 Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter in add_block.php or (2) the entry parameter in index.php, different vectors than CVE-2005-1135. | 6.8 |
2006-11-21 | CVE-2006-6022 | Bestwebapp | Input Validation vulnerability in BestWebApp Dating Site Cross-site scripting (XSS) vulnerability in login_form.asp in BestWebApp Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | 6.8 |
2006-11-21 | CVE-2006-6020 | Blog Torrent | Cross-Site Scripting vulnerability in Blog Torrent Blog Torrent Preview 0.92 Cross-site scripting (XSS) vulnerability in announce.php in Blog Torrent Preview 0.92 allows remote attackers to inject arbitrary web script or HTML via the left parameter. | 6.8 |
2006-11-20 | CVE-2006-5986 | Extreme CMS | Cross-Site Scripting vulnerability in Extreme CMS admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. | 6.8 |
2006-11-20 | CVE-2006-5985 | Extreme CMS | Cross-Site Scripting vulnerability in Extreme CMS Multiple cross-site scripting (XSS) vulnerabilities in admin/options.php in Extreme CMS 0.9, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) bg1, (2) bg2, (3) text, or (4) size parameters. | 6.8 |
2006-11-20 | CVE-2006-5984 | Webhost Automation | Cross-Site Scripting vulnerability in Webhost Automation Helm web Hosting Control Panel 3.2.10 Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) txtCompanyName, (2) txtEmail, or (3) txtUserAccNum parameter to (a) users.asp, or the (4) setThemeColour parameter to (b) default.asp in the Reseller and Admin levels; or the (5) setThemeColour parameter to default.asp in the User level. | 6.8 |
2006-11-20 | CVE-2006-5975 | Drumster | Input Validation vulnerability in Drumster Blogme 3.0 Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in BlogMe 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) URL, or (3) Comments field. | 6.8 |
2006-11-21 | CVE-2006-6008 | Netkit | Remote Security vulnerability in Netkit 0.17 ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778. | 6.5 |
2006-11-20 | CVE-2006-5981 | Biba Software | Path Traversal vulnerability in Biba Software Seleniumserver FTP Server 1.0 Multiple directory traversal vulnerabilities in SeleniumServer FTP Server 1.0, and possibly earlier, allow remote attackers to list arbitrary directories, read arbitrary files, and upload arbitrary files via directory traversal sequences in the (1) DIR (LIST or NLST), (2) GET (RETR), and (3) PUT (STOR) commands. | 6.4 |
2006-11-20 | CVE-2006-5983 | Jbmc Software | Cross-Site Scripting vulnerability in Jbmc Software Directadmin 1.28.1 Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level; the (2) TYPE parameter to (c) CMD_TICKET_CREATE or (d) CMD_TICKET, the (3) user parameter to (e) CMD_EMAIL_FORWARDER_MODIFY, (f) CMD_EMAIL_VACATION_MODIFY, or (g) CMD_FTP_SHOW, and the (4) name parameter to (h) CMD_EMAIL_LIST in the User level; or the (5) user parameter to (i) CMD_SHOW_USER in the Reseller level. | 6.0 |
2006-11-22 | CVE-2006-6047 | Etomite | Path Traversal vulnerability in Etomite 0.6.1.2 Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. | 5.8 |
2006-11-26 | CVE-2006-5869 | Pstotext | Unspecified vulnerability in Pstotext 1.9 pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name. | 5.1 |
2006-11-24 | CVE-2006-6086 | E ARK | Code Injection vulnerability in E-Ark 1.0 PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_pear_path parameter. | 5.1 |
2006-11-22 | CVE-2006-6065 | Mxbb | Remote File Include vulnerability in Mxbb Calsnails Module 1.06 PHP remote file inclusion vulnerability in includes/mx_common.php in the CalSnails Module for MxBB Portal 1.06 allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | 5.1 |
2006-11-22 | CVE-2006-6062 | Apple | Remote Denial Of Service vulnerability in Apple Mac OS X UDIF Disk Image Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a malformed UDTO HFS+ disk image, such as with "bad sectors," which triggers memory corruption. | 5.1 |
2006-11-26 | CVE-2006-6119 | Mmgallery | Information Disclosure vulnerability in Mmgallery 1.55 mmgallery 1.55 allows remote attackers to obtain sensitive information via a direct request for thumbs.php, which reveals the installation path in various error messages. | 5.0 |
2006-11-24 | CVE-2006-6085 | Kile | Unspecified vulnerability in Kile Kile before 1.9.3 does not assign a backup file the same permissions as the original file, which might allow local users to obtain sensitive information. | 5.0 |
2006-11-24 | CVE-2006-6077 | Mozilla Netscape | The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password. | 5.0 |
2006-11-22 | CVE-2006-6069 | Malbum | Remote Security vulnerability in mAlbum index.php in mAlbum 0.3 and earlier allows remote attackers to obtain the installation path via an invalid gal parameter. | 5.0 |
2006-11-22 | CVE-2006-6052 | Netepi Case Manager | Remote Security vulnerability in Netepi Case Manager NetEpi Case Manager before 0.98 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames. | 5.0 |
2006-11-21 | CVE-2006-6025 | Qualcomm | Denial Of Service vulnerability in Qualcomm Eudora Worldmail 4.0 QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a denial of service, as demonstrated by a certain module in VulnDisco Pack. | 5.0 |
2006-11-21 | CVE-2006-6015 | Apple | Remote Denial of Service vulnerability in Apple mac OS X 10.4 Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression. | 5.0 |
2006-11-21 | CVE-2006-6011 | SAP | Denial-Of-Service vulnerability in SAP web Application Server 6.40 Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785. | 5.0 |
2006-11-21 | CVE-2006-6010 | SAP | Information Disclosure vulnerability in Sap Web Application Server SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747. | 5.0 |
2006-11-21 | CVE-2006-6009 | SUN | Information Disclosure vulnerability in SUN JDK and JRE Unspecified vulnerability in the Java Runtime Environment (JRE) Swing library in JDK and JRE 5.0 Update 7 and earlier allows attackers to obtain certain information via unknown attack vectors, related to an untrusted applet accessing data in other applets. | 5.0 |
2006-11-21 | CVE-2006-6007 | Webevents | Denial-Of-Service vulnerability in Online Event Registration save_profile.asp in WebEvents (Online Event Registration Template) 2.0 and earlier allows remote attackers to change the profiles, passwords, and other information for arbitrary users via a modified UserID parameter. | 5.0 |
2006-11-20 | CVE-2006-5989 | MOD Auth Kerb | Denial of Service vulnerability in MOD Auth Kerb MOD Auth Kerb 5.0 Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array. | 5.0 |
2006-11-20 | CVE-2006-5988 | Microsoft | Denial of Service vulnerability in Microsoft Active Directory Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. | 5.0 |
2006-11-20 | CVE-2006-5979 | Renasoft | Information Disclosure vulnerability in Netjetserver Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure permissions for Global.asa, which allows remote attackers to obtain sensitive information. | 5.0 |
2006-11-20 | CVE-2006-5973 | Timo Sirainen | Unspecified vulnerability in Timo Sirainen Dovecot Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file. | 5.0 |
2006-11-22 | CVE-2006-6060 | Linux | Denial-Of-Service vulnerability in kernel The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a malformed NTFS file stream that triggers an infinite loop in the __find_get_block_slow function. | 4.9 |
2006-11-22 | CVE-2006-6057 | Linux | Denial-Of-Service vulnerability in kernel The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on Fedora Core 6 and possibly other operating systems, allows local users to cause a denial of service (crash) via a malformed gfs2 file stream that triggers a NULL pointer dereference in the init_journal function. | 4.9 |
2006-11-22 | CVE-2006-6056 | Linux | Denial-Of-Service vulnerability in kernel Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux hooks are enabled, allows local users to cause a denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in the superblock_doinit function, as demonstrated using an HFS filesystem image. | 4.9 |
2006-11-22 | CVE-2006-6053 | Linux | Denial-Of-Service vulnerability in kernel The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 stream with malformed data structures. | 4.9 |
2006-11-26 | CVE-2006-5965 | Passgo | Local Insecure Default Directory Permisions vulnerability in Passgo SSO Plus 2.1.0.32 PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure permissions (Everyone/Full Control) for the PassGo Technologies directory, which allows local users to gain privileges by modifying critical programs. | 4.6 |
2006-11-26 | CVE-2006-6108 | EC Cube | Cross-Site Scripting vulnerability in Ec-Cube 1.0 Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | 4.3 |
2006-11-24 | CVE-2006-6096 | Dotnetindex | Cross-Site Scripting vulnerability in Dotnetindex Active News Manager Cross-site scripting (XSS) vulnerability in activenews_search.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter. | 4.3 |
2006-11-24 | CVE-2006-6091 | Grimbb | Cross-Site Scripting vulnerability in GrimBB Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before 2006_11_21 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2006-11-24 | CVE-2006-6088 | Blue Collar Productions | Input Validation vulnerability in Blue-Collar Productions I-Gallery 3.4 Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Gallery 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) n or (2) d parameter in igallery.asp, or (3) an unspecified parameter related to search, possibly the Search Gallery field, or the myquery parameter, in search.asp. | 4.3 |
2006-11-24 | CVE-2006-6087 | MY Little Homepage | Cross-Site Scripting vulnerability in My Little Weblog Weblog.php Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the action parameter. | 4.3 |
2006-11-21 | CVE-2006-6012 | Mginternet | Cross-Site Scripting vulnerability in Car Site Manager Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the p parameter. | 4.3 |
2006-11-24 | CVE-2006-6097 | GNU | Remote Directory Traversal vulnerability in GNU TAR 1.15.1/1.16 GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. | 4.0 |
2006-11-22 | CVE-2006-6058 | Linux | Numeric Errors vulnerability in Linux Kernel The minix filesystem code in Linux kernel 2.6.x before 2.6.24, including 2.6.18, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the minix_bmap function. | 4.0 |
2006-11-22 | CVE-2006-6054 | Linux | Denial-Of-Service vulnerability in kernel The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stream with malformed data structures that triggers an error in the ext2_check_page due to a length that is smaller than the minimum. | 4.0 |
2006-11-21 | CVE-2006-6017 | Wordpress | Denial-Of-Service vulnerability in WordPress WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display. | 4.0 |
2006-11-21 | CVE-2006-6016 | Wordpress | Remote Security vulnerability in WordPress wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter. | 4.0 |
2006-11-21 | CVE-2006-5990 | Vmware | Improper Input Validation vulnerability in VMWare Virtualcenter 1.4.1/2.0.1 VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack. | 4.0 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-11-26 | CVE-2006-6123 | Coppermine | Cross-Site Scripting vulnerability in Coppermine Photo Gallery 1.4.8Stable Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected. | 2.6 |
2006-11-22 | CVE-2006-6068 | Malbum | Directory Traversal vulnerability in mAlbum Directory traversal vulnerability in the cached_album function in functions.php for mAlbum 0.3 and earlier allows remote attackers to list filenames of arbitrary images via a .. | 2.6 |
2006-11-21 | CVE-2006-6013 | Dragonflybsd Freebsd Midnightbsd Netbsd Trustedbsd | Local Integer Overflow vulnerability in Multiple BSD Vendor FireWire IOCTL Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. | 2.1 |