Weekly Vulnerabilities Reports > November 27 to December 3, 2006

Overview

124 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 62 high severity vulnerabilities. This weekly summary report vulnerabilities in 96 products from 84 vendors including Apple, Clicktech, Sisfo Kampus, Tiki, and Jiros. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Improper Input Validation", "SQL Injection", and "Path Traversal".

  • 112 reported vulnerabilities are remotely exploitables.
  • 25 reported vulnerabilities have public exploit available.
  • 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 120 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 20 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

8 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-12-01 CVE-2006-6184 Alliedtelesyn Remote Buffer Overflow vulnerability in Alliedtelesyn At-Tftp 1.9

Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command.

10.0
2006-12-01 CVE-2006-6183 3Com Buffer Errors vulnerability in 3Com 3Ctftpsvc 2.0.1

Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long mode field (aka transporting mode) in a (1) GET or (2) PUT command.

10.0
2006-11-30 CVE-2006-4404 Apple Multiple Security vulnerability in Apple Mac OS X 2006-007

The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges.

10.0
2006-11-28 CVE-2006-6136 IBM Multiple vulnerability in IBM Websphere Application Server 6.1.0

IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) does not perform EAL4 authentication checks at the proper time during "registering of response operation," which has unknown impact and attack vectors.

10.0
2006-11-28 CVE-2006-6135 IBM Multiple vulnerability in IBM Websphere Application Server 6.1.0

Multiple unspecified vulnerabilities in IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) have unknown impact and attack vectors, related to (1) a "Potential security vulnerability" (PK29725) and (2) "Potential security exposure" (PK30831).

10.0
2006-11-28 CVE-2006-4181 GNU Remote Format String vulnerability in GNU Radius SQLLog

Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors.

10.0
2006-12-03 CVE-2006-6236 Adobe Remote Code Execution vulnerability in Adobe Reader and Acrobat AcroPDF.dll ActiveX Control

Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the (1) src, (2) setPageMode, (3) setLayoutMode, and (4) setNamedDest methods in an AcroPDF ActiveX control, a different set of vectors than CVE-2006-6027.

9.3
2006-12-02 CVE-2006-6071 Twiki Information Disclosure vulnerability in TWiki Failed Login

TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.

9.0

62 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-11-28 CVE-2006-6133 Businessobjects
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.

7.6
2006-12-03 CVE-2006-6239 Mailenable Credentials Management vulnerability in Mailenable Netwebadmin Enterprise and Netwebadmin Professional

webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2.32 allows remote attackers to authenticate using an empty password.

7.5
2006-12-03 CVE-2006-6237 Woltlab SQL-Injection vulnerability in Woltlab Burning Board Lite 1.0.2

SQL injection vulnerability in the decode_cookie function in thread.php in Woltlab Burning Board Lite 1.0.2 allows remote attackers to execute arbitrary SQL commands via the threadvisit Cookie parameter.

7.5
2006-12-03 CVE-2006-5854 Novell Remote Buffer Overflow vulnerability in Novell Netware Client 4.91

Multiple buffer overflows in the Spooler service (nwspool.dll) in Novell Netware Client 4.91 through 4.91 SP2 allow remote attackers to execute arbitrary code via a long argument to the (1) EnumPrinters and (2) OpenPrinter functions.

7.5
2006-12-02 CVE-2006-6234 Francisco Burzi SQL-Injection vulnerability in Francisco Burzi PHP-Nuke 6.0

Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in a list_pages_categories action or (2) the pid parameter in a showpage action.

7.5
2006-12-02 CVE-2006-6233 Postnuke Software Foundation SQL-Injection vulnerability in Postnuke

SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation.

7.5
2006-12-02 CVE-2006-6232 Dreamcost Remote File Include vulnerability in Dreamcost Dreamaccount 3.1

PHP remote file inclusion vulnerability in admin/index.php in DreamAccount 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

7.5
2006-12-02 CVE-2006-6230 Vubb SQL-Injection vulnerability in Vubb 0.2/0.2.1

SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a register action to index.php, a different vulnerability than CVE-2006-0962.

7.5
2006-12-02 CVE-2006-6226 Neoengine Denial Of Service vulnerability in Neoengine 0.8.2

Multiple format string vulnerabilities in NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Console::Render in neoengine/console.cpp and (2) TextArea::Render in neowtk/textarea.cpp.

7.5
2006-12-02 CVE-2006-6224 Puntal Remote File Include vulnerability in Puntal 1.8.2/1.8.3/1.8.4

PHP remote file inclusion vulnerability in the installation scripts in Puntal before 1.8.5 allows remote attackers to execute arbitrary PHP code via the GLOBALS array.

7.5
2006-12-01 CVE-2006-6218 Dev4U Input Validation vulnerability in Dev4U CMS

Multiple SQL injection vulnerabilities in index.php in dev4u CMS allow remote attackers to execute arbitrary SQL commands via the (1) seite_id, (2) gruppe_id.php, and (3) go_target parameters.

7.5
2006-12-01 CVE-2006-6217 PHP Nuke Remote Security vulnerability in PHP-Nuke Mermaid Module 1.2

PHP remote file inclusion vulnerability in formdisp.php in the Mermaid 1.2 module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the module_name parameter.

7.5
2006-12-01 CVE-2006-6216 Nivisec SQL Injection vulnerability in Nivisec Hacks List HACK_ID

SQL injection vulnerability in admin_hacks_list.php in the Nivisec Hacks List 1.21 and earlier phpBB module allows remote attackers to execute arbitrary SQL commands via the hack_id parameter.

7.5
2006-12-01 CVE-2006-6215 Wallpaper SQL-Injection vulnerability in Wallpaper Complete Website

Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper Complete Website) 1.0.09 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameter to (a) process.php, or the (3) wallpaperid parameter to (b) dlwallpaper.php.

7.5
2006-12-01 CVE-2006-6214 Wallpaper SQL Injection vulnerability in Wallpaper Complete Website 1.0.09

SQL injection vulnerability in wallpaper.php in Wallpaper Website (Wallpaper Complete Website) 1.0.09 allows remote attackers to execute arbitrary SQL commands via the wallpaperid parameter.

7.5
2006-12-01 CVE-2006-6213 Pegames Remote File Include vulnerability in PEGames

index.php in PEGames uses the extract function to overwrite critical variables, which allows remote attackers to conduct PHP remote file inclusion attacks via the abs_url parameter, which is later extracted to overwrite a previously uncontrolled value.

7.5
2006-12-01 CVE-2006-6212 Webwiz Code Injection vulnerability in Webwiz Site News 2.00

PHP remote file inclusion vulnerability in centre.php in Site News (site_news) 2.00, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

7.5
2006-12-01 CVE-2006-6210 Iisworks SQL Injection vulnerability in Iisworks ASP Listpics 5.0

SQL injection vulnerability in listpics.asp in ASP ListPics 5.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2006-12-01 CVE-2006-6209 Midicart Software SQL Injection vulnerability in Midicart Software products

Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp.

7.5
2006-12-01 CVE-2006-6206 Warhound SQL Injection vulnerability in WarHound General Shopping Cart Item.ASP

SQL injection vulnerability in item.asp in WarHound General Shopping Cart allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.

7.5
2006-12-01 CVE-2006-6202 Nukeai Remote Code Execution vulnerability in Nukeai Beta0.0.3

PHP remote file inclusion vulnerability in modules/NukeAI/util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to execute arbitrary PHP code via a URL in the AIbasedir parameter.

7.5
2006-12-01 CVE-2006-6201 Borland Software
Revilloc
Remote Heap Buffer Overflow vulnerability in Borland IDSQL32.DLL Library

Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by RevilloC MailServer; 5.2.0.2 as used by Borland Developer Studio 2006; and possibly other versions allows remote attackers to execute arbitrary code via a long SQL statement, related to use of the DbiQExec function.

7.5
2006-12-01 CVE-2006-6200 Francisco Burzi SQL Injection vulnerability in PHP-Nuke News Module

Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter.

7.5
2006-12-01 CVE-2006-6199 Blazevideo Buffer Errors vulnerability in Blazevideo Blaze DVD 5.0

Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Professional 5.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist.

7.5
2006-12-01 CVE-2006-6195 Fixit Knowledge Solutions Input Validation vulnerability in Fixit IDMS Pro

Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) show_id or (2) parentid parameter to (a) filelist.asp, or the (3) fid parameter to (b) showfile.asp.

7.5
2006-12-01 CVE-2006-6194 Fisasp COM SQL-Injection vulnerability in Ultimate Survey Pro

Multiple SQL injection vulnerabilities in index.asp in Ultimate Survey Pro allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter.

7.5
2006-12-01 CVE-2006-6193 Basicforum SQL Injection vulnerability in Basicforum 1.1

SQL injection vulnerability in edit.asp in BasicForum 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-12-01 CVE-2006-6192 8Pixel NET Remote Security vulnerability in Simple Blog

Unspecified scripts in the admin directory in 8pixel.net SimpleBlog 3.0 and earlier do not properly perform authentication, which allows remote attackers to add users and perform certain other unauthorized privileged actions.

7.5
2006-12-01 CVE-2006-6191 8Pixel NET SQL-Injection vulnerability in 8Pixel.Net Simple Blog 2.0/2.1/2.2

SQL injection vulnerability in admin/edit.asp in 8pixel.net simpleblog 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-12-01 CVE-2006-6190 Anna IRC BOT SQL Injection vulnerability in Anna IRC BOT Anna^ IRC BOT 0.10/0.20

SQL injection vulnerability in anna.pl in Anna^ IRC Bot before 0.30 (aka caprice) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2006-12-01 CVE-2006-6189 Clicktech SQL Injection vulnerability in Clickblog Displaycalendar.ASP

SQL injection vulnerability in displayCalendar.asp in ClickTech Click Blog allows remote attackers to execute arbitrary SQL commands via the date parameter.

7.5
2006-12-01 CVE-2006-6187 Clicktech SQL-Injection vulnerability in Clicktech Clickgallery 5.0

Multiple SQL injection vulnerabilities in ClickTech Click Gallery allow remote attackers to execute arbitrary SQL commands via the (1) currentpage or (2) gallery_id parameter to (a) view_gallery.asp, the (3) image_id parameter to (b) download_image.asp, the currentpage or (5) orderby parameter to (c) gallery.asp, or the currentpage parameter to (d) view_recent.asp.

7.5
2006-12-01 CVE-2006-6181 Clicktech SQL Injection vulnerability in ClickContact Default.ASP

Multiple SQL injection vulnerabilities in default.asp in ClickTech ClickContact allow remote attackers to execute arbitrary SQL commands via the (1) AlphaSort, (2) In, and (3) orderby parameters.

7.5
2006-11-30 CVE-2006-6179 Trend Micro Buffer Overflow vulnerability in Trend Micro Officescan 7.3

Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors.

7.5
2006-11-30 CVE-2006-6178 Trend Micro Buffer Overflow vulnerability in Trend Micro Officescan 7.3

Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors.

7.5
2006-11-30 CVE-2006-4514 Libgsf Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libgsf

Heap-based buffer overflow in the ole_info_read_metabat function in Gnome Structured File library (libgsf) 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large num_metabat value in an OLE document, which causes the ole_init_info function to allocate insufficient memory.

7.5
2006-11-30 CVE-2006-6177 Neocrome SQL-Injection vulnerability in Seditio

SQL injection vulnerability in system/core/users/users.profile.inc.php in Neocrome Seditio 1.10 and earlier allows remote authenticated users to execute arbitrary SQL commands via a double-url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by an encoded NULL and ' (apostrophe) (%2500%2527).

7.5
2006-11-30 CVE-2006-6175 Horde Local File Include vulnerability in Horde Kronolith

Directory traversal vulnerability in lib/FBView.php in Horde Kronolith H3 before 2.0.7 and 2.1.x before 2.1.4 allows remote attackers to include arbitrary files and execute PHP code via a ..

7.5
2006-11-30 CVE-2006-4410 Apple Multiple Security vulnerability in Apple Mac OS X 2006-007

The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates.

7.5
2006-11-30 CVE-2006-4406 Apple Multiple Security vulnerability in Apple Mac OS X 2006-007

Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors.

7.5
2006-11-30 CVE-2006-6172 Mplayer
Xine
Remote Buffer Overflow vulnerability in Xine-Lib RuleMatches

Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.

7.5
2006-11-30 CVE-2006-6170 Proftpd Project Remote Buffer Overflow vulnerability in ProFTPD MOD_TLS

Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815.

7.5
2006-11-29 CVE-2006-4099 Businessobjects Unspecified vulnerability in Businessobjects Crystal Enterprise 10/9

Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values.

7.5
2006-11-29 CVE-2006-6168 Tiki Improper Input Validation vulnerability in Tiki Tikiwiki Cms/Groupware

tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email."

7.5
2006-11-28 CVE-2006-6161 Doug Luxem SQL Injection vulnerability in Liberum Help Desk 'forgotpass.asp'

Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) uid parameter to (a) inout/status.asp, (b) inout/update.asp, and (c) forgotpass.asp.

7.5
2006-11-28 CVE-2006-6160 Doug Luxem SQL Injection vulnerability in Doug Luxem Liberum Help Desk 0.97.3

SQL injection vulnerability in details.asp in Doug Luxem Liberum Help Desk 0.97.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-11-28 CVE-2006-6157 Michaelis Freunde SQL Injection vulnerability in Michaelis Freunde Contentnow

SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter.

7.5
2006-11-28 CVE-2006-6155 Hscripts SQL-Injection vulnerability in Hiox Star Rating System Script

Multiple SQL injection vulnerabilities in addrating.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ipadd or (2) url parameter.

7.5
2006-11-28 CVE-2006-6154 Hscripts Remote File Include vulnerability in HIOX Star Rating System Addcode.PHP

PHP remote file inclusion vulnerability in addcode.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.

7.5
2006-11-28 CVE-2006-6151 Messagerie Locale Remote File Include vulnerability in Messagerie Locale Messagerie Locale 1.0

PHP remote file inclusion vulnerability in centre.php in Messagerie Locale as of 20061127 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

7.5
2006-11-28 CVE-2006-6150 Owllib Remote File Include vulnerability in Owllib 1.0

PHP remote file inclusion vulnerability in memory/OWLMemoryProperty.php in OWLLib 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the OWLLIB_ROOT parameter.

7.5
2006-11-28 CVE-2006-6149 Jiros SQL Injection vulnerability in Jiros FAQ Manager 1.0

SQL injection vulnerability in index.asp in JiRos FAQ Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the tID parameter.

7.5
2006-11-28 CVE-2006-6147 Jiros Input Validation vulnerability in Jiros Links Manager 1.0

Multiple SQL injection vulnerabilities in JiRos Links Manager allow remote attackers to execute arbitrary SQL commands via the (1) LinkID parameter to openlink.asp or the (2) CategoryID parameter to viewlinks.asp.

7.5
2006-11-28 CVE-2006-6140 Sisfo Kampus Remote Security vulnerability in Sisfo Kampus Sisfo Kampus 2006

PHP remote file inclusion vulnerability in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to execute arbitrary PHP code via a URL in the slnt parameter to (1) index.php and (2) print.php.

7.5
2006-11-28 CVE-2006-6137 Sisfo Kampus Remote File Include vulnerability in Sisfo Kampus Sisfo Kampus 0.8

Multiple PHP remote file inclusion vulnerabilities in Sisfo Kampus 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the (1) exec parameter to index.php or (2) print parameter to print.php, which is also accessible via the print command to index.php.

7.5
2006-11-28 CVE-2006-6134 Microsoft Buffer Errors vulnerability in Microsoft Windows Media Player 10.00.00.4036

Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.

7.5
2006-11-27 CVE-2006-5750 Jboss Directory Traversal vulnerability in JBoss Java Class DeploymentFileRepository

Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.

7.5
2006-11-27 CVE-2006-6125 Netgear Buffer Errors vulnerability in Netgear Wg311V1 2.3.1.10

Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) 2.3.1.10 for NetGear WG311v1 wireless adapter allows remote attackers to execute arbitrary code via an 802.11 management frame with a long SSID.

7.5
2006-11-30 CVE-2006-6173 Apple Local Memory Corruption vulnerability in Apple Mac OS X Shared_Region_Make_Private_Np Kernel Function

Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter.

7.2
2006-11-30 CVE-2006-4411 Apple Multiple Security vulnerability in Apple Mac OS X 2006-007

The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors.

7.2
2006-11-30 CVE-2006-4398 Apple Multiple Security vulnerability in Apple Mac OS X 2006-007

Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests.

7.2
2006-11-29 CVE-2006-6164 Openbsd Local Environment Variable Clearing vulnerability in Openbsd 3.9/4.0

The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges.

7.2

48 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-12-03 CVE-2006-6242 S9Y Path Traversal vulnerability in S9Y Serendipity

Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a ..

6.8
2006-12-03 CVE-2006-6120 KDE Integer Overflow vulnerability in KDE Koffice 1.6.1

Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola.cc) in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow.

6.8
2006-12-02 CVE-2006-6228 Codewalkers Cross-Site Scripting vulnerability in Codewalkers Ltwcalendar 4.1.3/4.2

Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.

6.8
2006-12-01 CVE-2006-6220 Recipes Complete Website SQL Injection vulnerability in Recipes Complete Website Recipes Complete Website 1.1.14

Multiple SQL injection vulnerabilities in Recipes Website (Recipes Complete Website) 1.1.14 allow remote attackers to execute arbitrary SQL commands via the (1) recipeid parameter to recipe.php or the (2) categoryid parameter to list.php.

6.8
2006-12-01 CVE-2006-6219 Dev4U Input Validation vulnerability in Dev4U CMS

Multiple cross-site scripting (XSS) vulnerabilities in index.php in dev4u CMS allow remote attackers to inject arbitrary web script or HTML via the (1) user_name, (2) passwort, and (3) go_target parameters.

6.8
2006-12-01 CVE-2006-6211 Birdblog Cross-Site Scripting vulnerability in Birdblog 1.4.0

Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to (a) admin/admincore.php, the (2) month parameter to (b) admin/comments.php or (c) admin/entries.php, or the (3) page parameter to (d) admin/logs.php, different vectors than CVE-2006-5064.

6.8
2006-12-01 CVE-2006-6197 B2Evolution Cross-Site Scripting vulnerability in B2Evolution 1.8.2/1.9Beta

Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8.2 through 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) app_name parameter in (a) _404_not_found.page.php, (b) _410_stats_gone.page.php, and (c) _referer_spam.page.php in inc/VIEW/errors/; the (2) baseurl parameter in (d) inc/VIEW/errors/_404_not_found.page.php; and the (3) ReqURI parameter in (e) inc/VIEW/errors/_referer_spam.page.php.

6.8
2006-12-01 CVE-2006-6196 Fixit Knowledge Solutions Input Validation vulnerability in Fixit IDMS Pro

Cross-site scripting (XSS) vulnerability in the search functionality in Fixit iDMS Pro Image Gallery allows remote attackers to inject arbitrary web script or HTML via a search field (txtsearchtext parameter).

6.8
2006-12-01 CVE-2006-6180 Expinion NET Cross-Site Scripting vulnerability in Expinion.net iNews Publisher Articles.ASP

Cross-site scripting (XSS) vulnerability in articles.asp in Expinion.net iNews Publisher (iNP) 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the hl parameter.

6.8
2006-11-30 CVE-2006-6176 Blogn Cross-Site Scripting vulnerability in Blogn

Cross-site scripting (XSS) vulnerability in admin.php in Blogn before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

6.8
2006-11-30 CVE-2006-4412 Apple Multiple Security vulnerability in Apple Mac OS X 2006-007

WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects.

6.8
2006-11-29 CVE-2006-6169 Gnupg Remote Buffer Overflow vulnerability in Gnupg 1.4/2.0

Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt.

6.8
2006-11-29 CVE-2006-6166 Ryan Demmer Cross-Site Scripting vulnerability in Ryan Demmer Joomla Content Editor 1.0.4

Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.0.4 for Joomla! (com_jce), without the 20060821 jce_patch, allows remote attackers to inject arbitrary web script or HTML via the mosConfig_live_site parameter.

6.8
2006-11-28 CVE-2006-6159 Deskpro Cross-Site Scripting vulnerability in Deskpro 2.0.0/2.0.1

Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in DeskPRO 2.0.0 and 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) message or (2) subject parameter.

6.8
2006-11-28 CVE-2006-6158 ACE Helpdesk
Inverseflow
Pmos Helpdesk
Cross-Site Scripting vulnerability in InverseFlow Help Desk

Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php.

6.8
2006-11-28 CVE-2006-6148 Jiros Input Validation vulnerability in Jiros Links Manager 1.0

Multiple cross-site scripting (XSS) vulnerabilities in submitlink.asp in JiRos Links Manager allow remote attackers to inject arbitrary web script or HTML via the (1) lName, (2) lURL, (3) lImage, and (4) lDescription parameters.

6.8
2006-12-01 CVE-2006-6198 Cpanel Cross-Site Scripting vulnerability in Cpanel Webhost Manager 3.1.0

Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/park.

6.0
2006-12-02 CVE-2006-6225 Geeklog Remote File Include vulnerability in Geeklog

Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allow remote attackers to execute arbitrary code via a URL in the _CONF[path] parameter to (1) links/functions.inc, (2) polls/functions.inc, (3) spamx/BlackList.Examine.class.php, (4) spamx/DeleteComment.Action.class.php, (5) spamx/EditIPofURL.Admin.class.php, (6) spamx/MTBlackList.Examine.class.php, (7) spamx/MassDelete.Admin.class.php, (8) spamx/MailAdmin.Action.class.php, (9) spamx/MassDelTrackback.Admin.class.php, (10) spamx/EditHeader.Admin.class.php, (11) spamx/EditIP.Admin.class.php, (12) spamx/IPofUrl.Examine.class.php, (13) spamx/Import.Admin.class.php, (14) spamx/LogView.Admin.class.php, and (15) staticpages/functions.inc, in the plugins/ directory.

5.1
2006-11-30 CVE-2006-4402 Apple Multiple Security vulnerability in Apple Mac OS X 2006-007

Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files.

5.1
2006-11-30 CVE-2006-4401 Apple Multiple Security vulnerability in Apple Mac OS X 2006-007

Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI.

5.1
2006-11-30 CVE-2006-4400 Apple Multiple Security vulnerability in Apple Mac OS X 2006-007

Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files.

5.1
2006-12-03 CVE-2006-6238 Apple Unspecified vulnerability in Apple Safari 2.0.4

The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077.

5.0
2006-12-02 CVE-2006-6231 Vubb Information Disclosure vulnerability in Vubb 0.2/0.2.1

vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive information via a direct request to includes/vubb.php, which leaks the path in an error message.

5.0
2006-12-02 CVE-2006-6229 Codewalkers Remote Security vulnerability in Codewalkers Ltwcalendar 4.1.3/4.2

Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file.

5.0
2006-12-02 CVE-2006-6227 Neoengine Denial Of Service vulnerability in Neoengine 0.8.2

The Core::Receive function in neonet/core.cpp for NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service (engine crash) via a message with a large uiMessageLength that produces a failed memory allocation and a null pointer dereference.

5.0
2006-12-01 CVE-2006-6203 Krishan Information Disclosure vulnerability in Krishan Flyspray Me1.0.1

Directory traversal vulnerability in startdown.php in the Flyspray ME 1.0.1 (com_flyspray) component for Mambo allows remote attackers to read arbitrary files via a ..

5.0
2006-12-01 CVE-2006-6186 Enomphp Directory Traversal vulnerability in Enomphp 4.0

Multiple directory traversal vulnerabilities in enomphp 4.0 allow remote attackers to read arbitrary files via a ..

5.0
2006-12-01 CVE-2006-6185 Wabbit Directory Traversal vulnerability in Wabbit PHP Gallery 0.9

Directory traversal vulnerability in script.php in Wabbit PHP Gallery 0.9 allows remote attackers to read arbitrary files via a ..

5.0
2006-11-30 CVE-2006-4409 Apple Multiple Security vulnerability in Apple Mac OS X 2006-007

The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked.

5.0
2006-11-30 CVE-2006-4408 Apple Multiple Security vulnerability in Apple Mac OS X 2006-007

The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification.

5.0
2006-11-30 CVE-2006-4407 Apple Multiple Security vulnerability in Apple Mac OS X 2006-007

The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic.

5.0
2006-11-28 CVE-2006-6113 James Greenwood Denial-Of-Service vulnerability in James Greenwood Monkey Boards 0.3.5

Monkey Boards 0.3.5 allows remote attackers to obtain sensitive information via direct requests to (1) include/admin_auth.inc.php and (2) include/engine/class.compiler.php, which reveals the full path in an error message.

5.0
2006-11-28 CVE-2006-4518 Qbik Remote Denial Of Service vulnerability in Qbik WinGate

Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop.

5.0
2006-11-28 CVE-2006-6141 Philippe Jounin Remote Buffer Overflow vulnerability in Philippe Jounin Tftpd32 3.01

Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a denial of service via a long GET or PUT request, which is not properly handled when the request is displayed in the title of the gauge window.

5.0
2006-11-28 CVE-2006-6139 Sisfo Kampus Directory Traversal vulnerability in Sisfo Kampus Sisfo Kampus 2006

Directory traversal vulnerability in downloadexcel.php in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to read arbitrary files via the fn parameter.

5.0
2006-11-28 CVE-2006-6138 Sisfo Kampus Remote File Include vulnerability in Sisfo Kampus Sisfo Kampus 0.8

Directory traversal vulnerability in download.php in Sisfo Kampus 0.8 allows remote attackers to list arbitrary directories via an absolute pathname in the dir parameter.

5.0
2006-11-27 CVE-2006-5896 Remlab Remote Security vulnerability in Remlab web Mech Designer 2.0.5

REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain the full path of the script via an incorrect Tonnage parameter to calculate.php that triggers a divide-by-zero error, which leaks the path in an error message.

5.0
2006-11-28 CVE-2006-6130 Apple Stack Buffer Overflow vulnerability in Apple Mac OS X AppleTalk AIOCRegLocalZN IOCTL

Apple Mac OS X AppleTalk allows local users to cause a denial of service (kernel panic) by calling the AIOCREGLOCALZN ioctl command with a crafted data structure on an AppleTalk socket.

4.9
2006-11-30 CVE-2006-4396 Apple Multiple Security vulnerability in Apple Mac OS X 2006-007

The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack.

4.6
2006-11-27 CVE-2006-6129 Apple Integer Overflow vulnerability in Apple Mac OS X Mach-O Binary Loading

Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows local users to cause a denial of service and possibly execute arbitrary code via a crafted Mach-O Universal program that triggers memory corruption.

4.6
2006-12-01 CVE-2006-6188 Clicktech Cross-Site Scripting vulnerability in Clicktech Clickgallery 5.0

Cross-site scripting (XSS) vulnerability in view_search.asp in ClickTech Click Gallery allows remote attackers to inject arbitrary web script or HTML via the txtKeyWord parameter.

4.3
2006-11-30 CVE-2006-6174 Tdiary Cross-Site Scripting vulnerability in Tdiary 2.0.2/2.1.4.20061115

Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and 2.1.x before 2.1.4.20061126 allows remote attackers to inject arbitrary web script or HTML via the conf parameter in (1) tdiary.rb and (2) skel/conf.rhtml.

4.3
2006-11-29 CVE-2006-6163 Tiki Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware

Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters.

4.3
2006-11-29 CVE-2006-6162 Tiki Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.6

Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter.

4.3
2006-11-28 CVE-2006-6156 Hscripts Cross-Site Scripting vulnerability in Hiox Star Rating System Script

Cross-site scripting (XSS) vulnerability in auth/message.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF).

4.3
2006-12-03 CVE-2006-6241 Telnet FTP Server Improper Input Validation vulnerability in Telnet FTP Server Telnet FTP Server 1.0

Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to cause a denial of service (crash) via consecutive RETR commands.

4.0
2006-12-03 CVE-2006-6240 Telnet FTP Server Directory Traversal vulnerability in Telnet FTP Server Telnet FTP Server 1.0

Directory traversal vulnerability in Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to list contents of arbitrary directories and download arbitrary files via a ..

4.0
2006-11-30 CVE-2006-4403 Apple Multiple Security vulnerability in Apple Mac OS X 2006-007

The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames.

4.0

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-11-28 CVE-2006-6146 Takeshi Kanno Buffer Overflow vulnerability in Haru Free PDF Library HPDF_Page_Circle

Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Library (libharu2, aka libharu) 2.0.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via certain arguments that yield a large amount of PDF data, as demonstrated by a filled circle.

2.6
2006-12-01 CVE-2006-6182 Gabriele Teotino Local Information Disclosure vulnerability in Gabriele Teotino Gnotebook 0.7.0.1

The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop stores Gmail passwords in plaintext in the %SYSTEMDRIVE%\temp\Gnotebook.txt log file, which allows local users to obtain passwords by reading the file.

2.1
2006-11-28 CVE-2006-6145 Cryptocard Local Information Disclosure vulnerability in Cryptocard Crypto-Server 6.4.55

CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in plaintext in UninstallerData\installvariables.properties, which has insecure permissions and allows local users to obtain the credentials.

2.1
2006-11-27 CVE-2006-6128 Linux Denial-Of-Service vulnerability in Linux Kernel 2.6.18

The ReiserFS functionality in Linux kernel 2.6.18, and possibly other versions, allows local users to cause a denial of service via a malformed ReiserFS file system that triggers memory corruption when a sync is performed.

2.1
2006-11-27 CVE-2006-6127 Apple Local Denial of Service vulnerability in Apple Mac OS X KQueue

Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent.

2.1
2006-11-27 CVE-2006-6126 Apple Privilege Escalation vulnerability in Apple Mac OS X Mach-O Binary Loading

Apple Mac OS X allows local users to cause a denial of service (memory corruption) via a crafted Mach-O binary with a malformed load_command data structure.

2.1