Weekly Vulnerabilities Reports > November 20 to 26, 2006

Overview

126 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 47 high severity vulnerabilities. This weekly summary report vulnerabilities in 115 products from 102 vendors including Linux, Apple, Fipsasp, Dotnetindex, and Biba Software. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Path Traversal", "Code Injection", and "Numeric Errors".

  • 116 reported vulnerabilities are remotely exploitables.
  • 21 reported vulnerabilities have public exploit available.
  • 13 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 121 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • Broadcom has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

12 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-11-24 CVE-2006-6076 Broadcom
CA
Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502.
10.0
2006-11-22 CVE-2006-6059 Netgear Buffer Overflow vulnerability in NetGear MA521 Wireless Driver Long Beacon Probe

Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear MA521 PCMCIA adapter allows remote attackers to execute arbitrary code via (1) beacon or (2) probe 802.11 frame responses with an long supported rates information element.

10.0
2006-11-22 CVE-2006-6055 D Link Stack Buffer Overflow vulnerability in D-Link DWL-G132 ASAGU.SYS Wireless Device Driver

Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE).

10.0
2006-11-21 CVE-2006-6026 Realnetworks Buffer Errors vulnerability in Realnetworks Helix DNA Server, Helix Mobile Server and Helix Server

Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field.

10.0
2006-11-20 CVE-2006-5982 Biba Software Cryptographic Issues vulnerability in Biba Software Seleniumserver FTP Server 1.0

SeleniumServer FTP Server 1.0, and possibly earlier, stores user passwords in plaintext in the Servers directory, which allows attackers to obtain passwords by reading the file.

10.0
2006-11-20 CVE-2006-5980 Renasoft Remote Security vulnerability in Netjetserver

adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and possibly earlier, does not properly perform login authentication, which allows remote attackers to obtain administrative privileges.

10.0
2006-11-20 CVE-2006-5978 E Xoopport Security vulnerability in E-Xoopport 1.0/1.1/2.0

Unspecified vulnerability in E-Xoopport before 2.2.0 has unknown impact and attack vectors, as addressed by "Some security fix."

10.0
2006-11-26 CVE-2006-6121 Acer Remote Code Execution vulnerability in Acer LunchApp.APlunch ActiveX Control

Acer Notebook LunchApp.APlunch ActiveX control allows remote attackers to execute arbitrary commands by calling the Run method.

9.3
2006-11-22 CVE-2006-6061 Apple Remote Denial Of Service vulnerability in Apple Mac OS X UDIF Disk Image

com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption.

9.3
2006-11-22 CVE-2006-5868 Imagemagick
Debian
Canonical
Remote Heap Buffer Overflow vulnerability in ImageMagick SGI Image File

Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.

9.3
2006-11-21 CVE-2006-6027 Adobe Multiple vulnerability in Adobe Acrobat

Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control.

9.3
2006-11-21 CVE-2006-3890 SKY Software
Winzip
Remote Code Execution vulnerability in WinZip WZFileView.FileViewCtrl.61 ActiveX Control

Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198.

9.3

47 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-11-26 CVE-2006-6122 TIN Remote Security vulnerability in Tin

Multiple buffer overflows in TIN before 1.8.2 have unspecified impact and attack vectors, a different vulnerability than CVE-2006-0804.

7.5
2006-11-26 CVE-2006-6117 Fipsasp SQL Injection vulnerability in FipsGallery Index1.ASP

SQL injection vulnerability in index1.asp in fipsGallery 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the which parameter.

7.5
2006-11-26 CVE-2006-6116 Fipsasp SQL Injection vulnerability in FipsForum Default2.ASP

SQL injection vulnerability in default2.asp in fipsForum 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the kat parameter.

7.5
2006-11-26 CVE-2006-6115 Fipsasp SQL Injection vulnerability in FipsCMS Index.ASP

SQL injection vulnerability in index.asp in fipsCMS 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the fid parameter.

7.5
2006-11-26 CVE-2006-6111 Alan Ward SQL Injection vulnerability in Alan Ward A-Cart 2.0

Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in product.asp or (2) search parameter in search.asp.

7.5
2006-11-26 CVE-2006-6110 BPG Infotech SQL-Injection vulnerability in Content Management System

Multiple SQL injection vulnerabilities in an unspecified BPG-InfoTech Content Management System product allow remote attackers to execute arbitrary SQL commands via the (1) vjob parameter in publications_list.asp or (2) InfoID parameter in publication_view.asp.

7.5
2006-11-26 CVE-2006-6109 Candypress SQL Injection vulnerability in Candypress Store 3.5.2.14

Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) policy parameter in openPolicy.asp or the (2) brand parameter in prodList.asp.

7.5
2006-11-24 CVE-2006-6095 Dotnetindex SQL Injection vulnerability in Dotnetindex Active News Manager

Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp.

7.5
2006-11-24 CVE-2006-6094 Dotnetindex SQL Injection vulnerability in Dotnetindex Active News Manager

Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) catID parameter to activeNews_categories.asp, the (2) articleID parameter to activeNews_comments.asp, or the (3) query parameter to activenews_search.asp.

7.5
2006-11-24 CVE-2006-6093 Picturespro Remote File Include vulnerability in Picturespro Photo Cart 3.9

Multiple PHP remote file inclusion vulnerabilities in adminprint.php in PicturesPro Photo Cart 3.9 allow remote attackers to execute arbitrary PHP code via a URL in the (1) admin_folder and (2) path parameters.

7.5
2006-11-24 CVE-2006-6092 20 20 Applications SQL Injection vulnerability in 20/20 Auto Gallery

Multiple SQL injection vulnerabilities in vehiclelistings.asp in 20/20 Auto Gallery allow remote attackers to execute arbitrary SQL commands via the (1) vehicleID, (2) categoryID_list, (3) sale_type, (4) stock_number, (5) manufacturer, (6) model, (7) vehicleID, (8) year, (9) vin, and (10) listing_price parameters.

7.5
2006-11-24 CVE-2006-6090 Baalasp Input Validation vulnerability in BaalAsp Forum

Multiple SQL injection vulnerabilities in BaalAsp forum allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to (a) adminlogin.asp, the (2) name or (3) password parameter to (b) userlogin.asp, or the (3) search parameter to search.asp.

7.5
2006-11-24 CVE-2006-6083 Creascripts Input Validation vulnerability in Creascripts Creadirectory 1.2

SQL injection vulnerability in search.asp in CreaScripts Creadirectory allows remote attackers to execute arbitrary SQL commands via the category parameter.

7.5
2006-11-24 CVE-2006-6081 Telaen Remote Security vulnerability in Telaen

PHP remote file inclusion vulnerability in Smarty_Compiler.class.php in Telaen 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter.

7.5
2006-11-24 CVE-2006-6080 Gazatem Technologies SQL Injection vulnerability in Gnews Publisher

Multiple SQL injection vulnerabilities in categories.asp in gNews Publisher allow remote attackers to execute arbitrary SQL commands via the (1) catID or (2) editorID parameter.

7.5
2006-11-24 CVE-2006-6079 Imendio AB Remote Security vulnerability in Imendio AB Loudmouth 2.4

Multiple PHP remote file inclusion vulnerabilities in LoudMouth 2.4 allow remote attackers to execute arbitrary PHP code via a URL in the mainframe parameter to (1) admin.loudmouth.php or (2) toolbar.loudmouth.php.

7.5
2006-11-24 CVE-2006-6078 A Conman Remote File Include vulnerability in A-Conman 3.2Beta

PHP remote file inclusion vulnerability in common.inc.php in a-ConMan 3.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the cm_basedir parameter.

7.5
2006-11-24 CVE-2006-6074 Enthrallweb SQL Injection vulnerability in Enthrallweb EShopping Cart Mutiple

Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via (1) the ProductID parameter in (a) reviews.asp, or the (2) cat_id or (3) sub_id parameter in (b) subProducts.asp.

7.5
2006-11-24 CVE-2006-6073 Enthrallweb SQL Injection vulnerability in Enthrallweb Eshopping Cart

Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp.

7.5
2006-11-24 CVE-2006-6072 BPG Infotech Products Vjob Parameter SQL Injection vulnerability in Bpg-Infotech Easy Publisher and Smart Publisher PRO

SQL injection vulnerability in bpg/publications_list.asp in BPG-InfoTech Easy Publisher and Smart Publisher//Pro 2.7.7 allows remote attackers to execute arbitrary SQL commands via the vjob parameter.

7.5
2006-11-22 CVE-2006-6070 ASP Nuke SQL-Injection vulnerability in ASP-Nuke

SQL injection vulnerability in module/account/register/register.asp in ASP Nuke 0.80 and earlier allows remote attackers to execute arbitrary SQL commands via the StateCode parameter.

7.5
2006-11-22 CVE-2006-6067 20 20 Applications SQL Injection vulnerability in 20 Applications 20 Datashed 1.0

Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) f-email.asp, or the (2) peopleID and (2) sort_order parameters to (b) listings.asp, different vectors than CVE-2006-5955.

7.5
2006-11-22 CVE-2006-6066 Dragon Internet SQL Injection vulnerability in Dragon Internet Events Listing 2.0.01

Multiple SQL injection vulnerabilities in Dragon Calendar / Events Listing 2.x allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) admin_login.asp, the (3) ID parameter to (b) event_searchdetail.asp, or the (4) VenueID parameter to (c) venue_detail.asp.

7.5
2006-11-22 CVE-2006-6064 Fuzzball Muck Buffer Overflow vulnerability in Fuzzball MUCK Message Parsing Interpreter

Multiple buffer overflows in the Message Parsing Interpreter (MPI) in Fuzzball MUCK before 6.07 allow remote attackers to execute arbitrary code via crafted messages.

7.5
2006-11-22 CVE-2006-6063 Un4Seen Remote Buffer Overflow vulnerability in XMPlay Playlist Files

Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and earlier allows remote attackers to execute arbitrary code via a M3U file containing a long (1) FileName, and cause a crash via a long (2) DisplayName.

7.5
2006-11-22 CVE-2006-6051 Mamboxchange Remote File Include vulnerability in Mamboxchange Mosreporter 1.0

PHP remote file inclusion vulnerability in reporter.logic.php in the MosReporter (com_reporter) component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2006-11-22 CVE-2006-6050 Clicktech SQL Injection vulnerability in ClickTech Texas RankEm Player.ASP Tournaments.ASP

Multiple SQL injection vulnerabilities in ClickTech Texas Rank'em allow remote attackers to execute arbitrary SQL commands via the (1) selPlayer parameter to player.asp or the (2) tournament_id parameter to tournaments.asp.

7.5
2006-11-22 CVE-2006-6049 Phil Taylor Remote File Include vulnerability in Shabmo2 Component Shambo2.PHP

PHP remote file inclusion vulnerability in shambo2.php in the Shambo2 (com_shambo2) component for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2006-11-22 CVE-2006-6041 Laurent VAN DEN Reysen Code Injection vulnerability in Laurent VAN DEN Reysen Work System E-Commerce

Multiple PHP remote file inclusion vulnerabilities in Laurent Van den Reysen WORK system e-commerce 3.0.2, and other versions before 3.0.4, allow remote attackers to execute arbitrary PHP code via a URL in the g_include parameter to (1) index.php, (2) module/forum/forum.php, (3) unspecified files under module/, and (4) unspecified files under administration/module/.

7.5
2006-11-22 CVE-2006-6039 Powie SQL Injection vulnerability in Powie PHP Matchmaker 4.05

SQL injection vulnerability in matchdetail.php in Powie's PHP MatchMaker 4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the edit parameter.

7.5
2006-11-22 CVE-2006-6038 Powie SQL Injection vulnerability in Powie Pforum

SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-11-22 CVE-2006-6036 Emreturk SQL-Injection vulnerability in Emreturk Openhuman 0.1

SQL injection vulnerability in OpenHuman before 1.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2006-11-21 CVE-2006-6034 Sitesoutlet SQL-Injection vulnerability in Sitesoutlet E-Commerce Kit-1 Paypaledition

Multiple SQL injection vulnerabilities in SitesOutlet E-commerce Kit-1 PayPal Edition allow remote attackers to execute arbitrary SQL commands via the (1) keyword or (2) cid parameter in (a) catalogue.asp, or the (3) pid parameter in (b) viewDetail.asp.

7.5
2006-11-21 CVE-2006-6033 Sphpblog Directory Traversal vulnerability in Sphpblog 0.4.8

Multiple directory traversal vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to read arbitrary files and possibly include arbitrary PHP code via a ..

7.5
2006-11-21 CVE-2006-6031 Gcis SQL-Injection vulnerability in Aspcart

Multiple SQL injection vulnerabilities in Greater Cincinnati Internet Solutions (GCIS) ASPCart allow remote attackers to execute arbitrary SQL commands via (1) the prodid parameter in (a) prodetails.asp; (2) the page parameter in (b) display.asp; the (3) custid, (4) item, (5) price, (6) custom, (7) department, (8) start, (9) quantity, (10) submit, (11) custom1, (12) custom2, or (13) custom3 parameters in (c) addcart.asp; or the (14) customerid parameter in (d) payment.asp.

7.5
2006-11-21 CVE-2006-6030 Futuretec SQL-Injection vulnerability in Futuretec E-Calendar PRO 3.0

Multiple SQL injection vulnerabilities in E-Calendar Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd (Password) fields in (a) admin/default.asp; or the (3) Event Title, (4) Location, or (5) Description field when making a search engine query in (b) search.asp.

7.5
2006-11-21 CVE-2006-6029 Property PRO SQL Injection vulnerability in Property PRO Property PRO 1.0

SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the UserName field.

7.5
2006-11-21 CVE-2006-6024 Qualcomm Buffer Overflow vulnerability in Qualcomm Eudora Worldmail 3.0Version6.1.22.0

Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 version 6.1.22.0, have unknown impact and attack vectors, as demonstrated by the (1) "Eudora WorldMail stack overflow" and (2) "Eudora WorldMail heap overflow" modules in VulnDisco Pack.

7.5
2006-11-21 CVE-2006-6023 Bloo Unspecified vulnerability in Bloo 1.0

** DISPUTED ** PHP remote file inclusion vulnerability in phoo.base.php in Bill Roberts Bloo 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the descriptorFileList parameter.

7.5
2006-11-21 CVE-2006-6021 Bestwebapp Input Validation vulnerability in BestWebApp Dating Site

SQL injection vulnerability in the login component in BestWebApp Dating Site allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.

7.5
2006-11-21 CVE-2006-6018 JIM Plush Unspecified vulnerability in JIM Plush My-Bic 0.6.5

** DISPUTED ** PHP remote file inclusion vulnerability in mybic_server.php in Jim Plush My-BIC 0.6.5 allows remote attackers to execute arbitrary PHP code via a URL in the INC_PATH parameter, a different vector than CVE-2006-5089.

7.5
2006-11-21 CVE-2006-5991 Cactusoft SQL-Injection vulnerability in CactuShop

Multiple SQL injection vulnerabilities in wwweb concepts CactuShop allow remote attackers to execute arbitrary SQL commands via the (1) prodtype parameter in prodtype.asp and the (2) product parameter in product.asp.

7.5
2006-11-20 CVE-2006-5987 Aspintranet SQL Injection vulnerability in Aspintranet 1.2

SQL injection vulnerability in default.asp in ASPintranet, possibly 1.2, allows remote attackers to execute arbitrary SQL commands via the a parameter.

7.5
2006-11-20 CVE-2006-5977 Expinion NET SQL-Injection vulnerability in MultiCalendars

Multiple SQL injection vulnerabilities in MultiCalendars allow remote attackers to execute arbitrary SQL commands via the (1) M or (2) Y parameter to rss_out.asp, or the (3) cate parameter to all_calendars.asp.

7.5
2006-11-20 CVE-2006-5976 Drumster Input Validation vulnerability in Drumster Blogme 3.0

Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field.

7.5
2006-11-22 CVE-2006-3973 MY Firewall Plus Local Privilege Escalation vulnerability in MY Firewall Plus MY Firewall Plus 5.0Build1119

My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is running before launching iexplore.exe from the "Test Your Firewall" feature, which allows local users to gain SYSTEM privileges.

7.2
2006-11-21 CVE-2006-6014 Netbsd Local Security vulnerability in Netbsd Current

The NetBSD-current kernel before 20061028 does not properly perform bounds checking of an unspecified userspace parameter in the ptrace system call during a PT_DUMPCORE request, which allows local users to have an unknown impact.

7.2

64 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-11-26 CVE-2006-6124 Biba Software Cross-Site Scripting vulnerability in Biba Software Seleniumserver web Server 1.0

Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.8
2006-11-26 CVE-2006-6118 Mmgallery Cross-Site Scripting vulnerability in Mmgallery 1.55

Cross-site scripting (XSS) vulnerability in thumbs.php in mmgallery 1.55 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

6.8
2006-11-24 CVE-2006-6075 Baalasp Cross-Site Scripting vulnerability in Baalasp Smart Form Portal 2.0

Cross-site scripting (XSS) vulnerability in addpost1.asp in BaalAsp forum allows remote attackers to inject arbitrary web script or HTML via the name parameter.

6.8
2006-11-22 CVE-2006-6048 Etomite SQL Injection vulnerability in Etomite 0.6.1.2

SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

6.8
2006-11-22 CVE-2006-6046 Epic Designs Cross-Site Scripting vulnerability in Epic Designs Eggblog 3.1.0

Multiple cross-site scripting (XSS) vulnerabilities in eggblog 3.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) edit parameter to (a) admin/articles.php or (b) admin/comments.php, or the (2) add parameter to admin/users.php.

6.8
2006-11-22 CVE-2006-6045 Comdev Remote Security vulnerability in Comdev ONE Admin PRO 4.1

Multiple PHP remote file inclusion vulnerabilities in Comdev One Admin Pro 4.1 allow remote attackers to execute arbitrary PHP code via a URL in the path[skin] parameter to (1) adminfoot.php, (2) adminhead.php, or (3) adminlogin.php.

6.8
2006-11-22 CVE-2006-6044 Phpquickgallery Remote File Include vulnerability in PHPQuickGallery

PHP remote file inclusion vulnerability in gallery_top.inc.php in PHPQuickGallery 1.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the textFile parameter.

6.8
2006-11-22 CVE-2006-6043 Oliver Unspecified vulnerability in Oliver

PHP file inclusion vulnerability in loginform-inc.php in Oliver (formerly Webshare) 1.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the conf[motdfile] parameter, which is accessed by the file_exists function.

6.8
2006-11-22 CVE-2006-6042 Phpwebthings Remote File Include vulnerability in phpWebThings Editor.PHP

PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_bottom parameter.

6.8
2006-11-22 CVE-2006-6040 Jelsoft Cross-Site Scripting vulnerability in VBulletin Admin Control Panel

Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action.

6.8
2006-11-22 CVE-2006-6037 Leinir Cross-Site Scripting vulnerability in Leinir Travelsized CMS

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dan Jensen Travelsized CMS 0.4.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) page, (2) page_id, or (3) language parameter.

6.8
2006-11-22 CVE-2006-6035 F ART Agency Cross-Site Scripting vulnerability in F-Art Agency Blog CMS

Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the FADDR parameter.

6.8
2006-11-21 CVE-2006-6032 Sphpblog Cross-Site Scripting vulnerability in Sphpblog 0.4.8

Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter in add_block.php or (2) the entry parameter in index.php, different vectors than CVE-2005-1135.

6.8
2006-11-21 CVE-2006-6022 Bestwebapp Input Validation vulnerability in BestWebApp Dating Site

Cross-site scripting (XSS) vulnerability in login_form.asp in BestWebApp Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

6.8
2006-11-21 CVE-2006-6020 Blog Torrent Cross-Site Scripting vulnerability in Blog Torrent Blog Torrent Preview 0.92

Cross-site scripting (XSS) vulnerability in announce.php in Blog Torrent Preview 0.92 allows remote attackers to inject arbitrary web script or HTML via the left parameter.

6.8
2006-11-21 CVE-2006-6019 Bloo Cross-Site Scripting vulnerability in Bloo 1.0

Cross-site scripting (XSS) vulnerability in extensions/googiespell/googlespell_proxy.php in Bill Roberts Bloo 1.0 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

6.8
2006-11-20 CVE-2006-5986 Extreme CMS Cross-Site Scripting vulnerability in Extreme CMS

admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities.

6.8
2006-11-20 CVE-2006-5985 Extreme CMS Cross-Site Scripting vulnerability in Extreme CMS

Multiple cross-site scripting (XSS) vulnerabilities in admin/options.php in Extreme CMS 0.9, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) bg1, (2) bg2, (3) text, or (4) size parameters.

6.8
2006-11-20 CVE-2006-5984 Webhost Automation Cross-Site Scripting vulnerability in Webhost Automation Helm web Hosting Control Panel 3.2.10

Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) txtCompanyName, (2) txtEmail, or (3) txtUserAccNum parameter to (a) users.asp, or the (4) setThemeColour parameter to (b) default.asp in the Reseller and Admin levels; or the (5) setThemeColour parameter to default.asp in the User level.

6.8
2006-11-20 CVE-2006-5975 Drumster Input Validation vulnerability in Drumster Blogme 3.0

Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in BlogMe 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) URL, or (3) Comments field.

6.8
2006-11-21 CVE-2006-6008 Netkit Remote Security vulnerability in Netkit 0.17

ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778.

6.5
2006-11-20 CVE-2006-5981 Biba Software Path Traversal vulnerability in Biba Software Seleniumserver FTP Server 1.0

Multiple directory traversal vulnerabilities in SeleniumServer FTP Server 1.0, and possibly earlier, allow remote attackers to list arbitrary directories, read arbitrary files, and upload arbitrary files via directory traversal sequences in the (1) DIR (LIST or NLST), (2) GET (RETR), and (3) PUT (STOR) commands.

6.4
2006-11-20 CVE-2006-5983 Jbmc Software Cross-Site Scripting vulnerability in Jbmc Software Directadmin 1.28.1

Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level; the (2) TYPE parameter to (c) CMD_TICKET_CREATE or (d) CMD_TICKET, the (3) user parameter to (e) CMD_EMAIL_FORWARDER_MODIFY, (f) CMD_EMAIL_VACATION_MODIFY, or (g) CMD_FTP_SHOW, and the (4) name parameter to (h) CMD_EMAIL_LIST in the User level; or the (5) user parameter to (i) CMD_SHOW_USER in the Reseller level.

6.0
2006-11-22 CVE-2006-6047 Etomite Path Traversal vulnerability in Etomite 0.6.1.2

Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a ..

5.8
2006-11-26 CVE-2006-5869 Pstotext Unspecified vulnerability in Pstotext 1.9

pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name.

5.1
2006-11-24 CVE-2006-6086 E ARK Code Injection vulnerability in E-Ark 1.0

PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_pear_path parameter.

5.1
2006-11-22 CVE-2006-6065 Mxbb Remote File Include vulnerability in Mxbb Calsnails Module 1.06

PHP remote file inclusion vulnerability in includes/mx_common.php in the CalSnails Module for MxBB Portal 1.06 allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

5.1
2006-11-22 CVE-2006-6062 Apple Remote Denial Of Service vulnerability in Apple Mac OS X UDIF Disk Image

Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a malformed UDTO HFS+ disk image, such as with "bad sectors," which triggers memory corruption.

5.1
2006-11-26 CVE-2006-6119 Mmgallery Information Disclosure vulnerability in Mmgallery 1.55

mmgallery 1.55 allows remote attackers to obtain sensitive information via a direct request for thumbs.php, which reveals the installation path in various error messages.

5.0
2006-11-24 CVE-2006-6085 Kile Unspecified vulnerability in Kile

Kile before 1.9.3 does not assign a backup file the same permissions as the original file, which might allow local users to obtain sensitive information.

5.0
2006-11-24 CVE-2006-6084 Unverse NET Directory Traversal vulnerability in ABitWhizzy

Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy allows remote attackers to read arbitrary files via a ..

5.0
2006-11-24 CVE-2006-6077 Mozilla
Netscape
The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.
5.0
2006-11-22 CVE-2006-6069 Malbum Remote Security vulnerability in mAlbum

index.php in mAlbum 0.3 and earlier allows remote attackers to obtain the installation path via an invalid gal parameter.

5.0
2006-11-22 CVE-2006-6052 Netepi Case Manager Remote Security vulnerability in Netepi Case Manager

NetEpi Case Manager before 0.98 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.

5.0
2006-11-21 CVE-2006-6028 Anton Vlasov Information Disclosure vulnerability in Anton Vlasov Dosepa 1.0.4

Directory traversal vulnerability in textview.php in Anton Vlasov DoSePa 1.0.4 allows remote attackers to read arbitrary files via a ..

5.0
2006-11-21 CVE-2006-6025 Qualcomm Denial Of Service vulnerability in Qualcomm Eudora Worldmail 4.0

QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a denial of service, as demonstrated by a certain module in VulnDisco Pack.

5.0
2006-11-21 CVE-2006-6015 Apple Remote Denial of Service vulnerability in Apple mac OS X 10.4

Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression.

5.0
2006-11-21 CVE-2006-6011 SAP Denial-Of-Service vulnerability in SAP web Application Server 6.40

Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785.

5.0
2006-11-21 CVE-2006-6010 SAP Information Disclosure vulnerability in Sap Web Application Server

SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.

5.0
2006-11-21 CVE-2006-6009 SUN Information Disclosure vulnerability in SUN JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) Swing library in JDK and JRE 5.0 Update 7 and earlier allows attackers to obtain certain information via unknown attack vectors, related to an untrusted applet accessing data in other applets.

5.0
2006-11-21 CVE-2006-6007 Webevents Denial-Of-Service vulnerability in Online Event Registration

save_profile.asp in WebEvents (Online Event Registration Template) 2.0 and earlier allows remote attackers to change the profiles, passwords, and other information for arbitrary users via a modified UserID parameter.

5.0
2006-11-20 CVE-2006-5989 MOD Auth Kerb Denial of Service vulnerability in MOD Auth Kerb MOD Auth Kerb 5.0

Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array.

5.0
2006-11-20 CVE-2006-5988 Microsoft Denial of Service vulnerability in Microsoft Active Directory

Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module.

5.0
2006-11-20 CVE-2006-5979 Renasoft Information Disclosure vulnerability in Netjetserver

Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure permissions for Global.asa, which allows remote attackers to obtain sensitive information.

5.0
2006-11-20 CVE-2006-5973 Timo Sirainen Unspecified vulnerability in Timo Sirainen Dovecot

Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.

5.0
2006-11-22 CVE-2006-6060 Linux Denial-Of-Service vulnerability in kernel

The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a malformed NTFS file stream that triggers an infinite loop in the __find_get_block_slow function.

4.9
2006-11-22 CVE-2006-6057 Linux Denial-Of-Service vulnerability in kernel

The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on Fedora Core 6 and possibly other operating systems, allows local users to cause a denial of service (crash) via a malformed gfs2 file stream that triggers a NULL pointer dereference in the init_journal function.

4.9
2006-11-22 CVE-2006-6056 Linux Denial-Of-Service vulnerability in kernel

Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux hooks are enabled, allows local users to cause a denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in the superblock_doinit function, as demonstrated using an HFS filesystem image.

4.9
2006-11-22 CVE-2006-6053 Linux Denial-Of-Service vulnerability in kernel

The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 stream with malformed data structures.

4.9
2006-11-26 CVE-2006-5965 Passgo Local Insecure Default Directory Permisions vulnerability in Passgo SSO Plus 2.1.0.32

PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure permissions (Everyone/Full Control) for the PassGo Technologies directory, which allows local users to gain privileges by modifying critical programs.

4.6
2006-11-26 CVE-2006-6108 EC Cube Cross-Site Scripting vulnerability in Ec-Cube 1.0

Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

4.3
2006-11-24 CVE-2006-6096 Dotnetindex Cross-Site Scripting vulnerability in Dotnetindex Active News Manager

Cross-site scripting (XSS) vulnerability in activenews_search.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter.

4.3
2006-11-24 CVE-2006-6091 Grimbb Cross-Site Scripting vulnerability in GrimBB

Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before 2006_11_21 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2006-11-24 CVE-2006-6089 Baalasp Input Validation vulnerability in BaalAsp Forum

Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in BaalAsp forum allow remote attackers to inject arbitrary web script or HTML via the (1) title (Subject), (2) groupname (Group Name), or (3) detail (Message) field.

4.3
2006-11-24 CVE-2006-6088 Blue Collar Productions Input Validation vulnerability in Blue-Collar Productions I-Gallery 3.4

Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Gallery 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) n or (2) d parameter in igallery.asp, or (3) an unspecified parameter related to search, possibly the Search Gallery field, or the myquery parameter, in search.asp.

4.3
2006-11-24 CVE-2006-6087 MY Little Homepage Cross-Site Scripting vulnerability in My Little Weblog Weblog.php

Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the action parameter.

4.3
2006-11-24 CVE-2006-6082 Creascripts Input Validation vulnerability in Creascripts Creadirectory 1.2

Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts Creadirectory allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to addlisting.asp or the (2) search parameter to search.asp.

4.3
2006-11-21 CVE-2006-6012 Mginternet Cross-Site Scripting vulnerability in Car Site Manager

Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the p parameter.

4.3
2006-11-24 CVE-2006-6097 GNU Remote Directory Traversal vulnerability in GNU TAR 1.15.1/1.16

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.

4.0
2006-11-22 CVE-2006-6058 Linux Numeric Errors vulnerability in Linux Kernel

The minix filesystem code in Linux kernel 2.6.x before 2.6.24, including 2.6.18, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the minix_bmap function.

4.0
2006-11-22 CVE-2006-6054 Linux Denial-Of-Service vulnerability in kernel

The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stream with malformed data structures that triggers an error in the ext2_check_page due to a length that is smaller than the minimum.

4.0
2006-11-21 CVE-2006-6017 Wordpress Denial-Of-Service vulnerability in WordPress

WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.

4.0
2006-11-21 CVE-2006-6016 Wordpress Remote Security vulnerability in WordPress

wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.

4.0
2006-11-21 CVE-2006-5990 Vmware Improper Input Validation vulnerability in VMWare Virtualcenter 1.4.1/2.0.1

VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack.

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-11-26 CVE-2006-6123 Coppermine Cross-Site Scripting vulnerability in Coppermine Photo Gallery 1.4.8Stable

Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected.

2.6
2006-11-22 CVE-2006-6068 Malbum Directory Traversal vulnerability in mAlbum

Directory traversal vulnerability in the cached_album function in functions.php for mAlbum 0.3 and earlier allows remote attackers to list filenames of arbitrary images via a ..

2.6
2006-11-21 CVE-2006-6013 Dragonflybsd
Freebsd
Midnightbsd
Netbsd
Trustedbsd
Local Integer Overflow vulnerability in Multiple BSD Vendor FireWire IOCTL

Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command.

2.1