Weekly Vulnerabilities Reports > November 27 to December 3, 2006
Overview
124 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 62 high severity vulnerabilities. This weekly summary report vulnerabilities in 96 products from 84 vendors including Apple, Clicktech, Sisfo Kampus, Tiki, and Jiros. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Improper Input Validation", "SQL Injection", and "Path Traversal".
- 112 reported vulnerabilities are remotely exploitables.
- 25 reported vulnerabilities have public exploit available.
- 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 120 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 20 reported vulnerabilities.
- IBM has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
8 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-12-01 | CVE-2006-6184 | Alliedtelesyn | Remote Buffer Overflow vulnerability in Alliedtelesyn At-Tftp 1.9 Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command. | 10.0 |
2006-12-01 | CVE-2006-6183 | 3Com | Buffer Errors vulnerability in 3Com 3Ctftpsvc 2.0.1 Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long mode field (aka transporting mode) in a (1) GET or (2) PUT command. | 10.0 |
2006-11-30 | CVE-2006-4404 | Apple | Multiple Security vulnerability in Apple Mac OS X 2006-007 The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges. | 10.0 |
2006-11-28 | CVE-2006-6136 | IBM | Multiple vulnerability in IBM Websphere Application Server 6.1.0 IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) does not perform EAL4 authentication checks at the proper time during "registering of response operation," which has unknown impact and attack vectors. | 10.0 |
2006-11-28 | CVE-2006-6135 | IBM | Multiple vulnerability in IBM Websphere Application Server 6.1.0 Multiple unspecified vulnerabilities in IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) have unknown impact and attack vectors, related to (1) a "Potential security vulnerability" (PK29725) and (2) "Potential security exposure" (PK30831). | 10.0 |
2006-11-28 | CVE-2006-4181 | GNU | Remote Format String vulnerability in GNU Radius SQLLog Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
2006-12-03 | CVE-2006-6236 | Adobe | Remote Code Execution vulnerability in Adobe Reader and Acrobat AcroPDF.dll ActiveX Control Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the (1) src, (2) setPageMode, (3) setLayoutMode, and (4) setNamedDest methods in an AcroPDF ActiveX control, a different set of vectors than CVE-2006-6027. | 9.3 |
2006-12-02 | CVE-2006-6071 | Twiki | Information Disclosure vulnerability in TWiki Failed Login TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password. | 9.0 |
62 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-11-28 | CVE-2006-6133 | Businessobjects Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file. | 7.6 |
2006-12-03 | CVE-2006-6239 | Mailenable | Credentials Management vulnerability in Mailenable Netwebadmin Enterprise and Netwebadmin Professional webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2.32 allows remote attackers to authenticate using an empty password. | 7.5 |
2006-12-03 | CVE-2006-6237 | Woltlab | SQL-Injection vulnerability in Woltlab Burning Board Lite 1.0.2 SQL injection vulnerability in the decode_cookie function in thread.php in Woltlab Burning Board Lite 1.0.2 allows remote attackers to execute arbitrary SQL commands via the threadvisit Cookie parameter. | 7.5 |
2006-12-03 | CVE-2006-5854 | Novell | Remote Buffer Overflow vulnerability in Novell Netware Client 4.91 Multiple buffer overflows in the Spooler service (nwspool.dll) in Novell Netware Client 4.91 through 4.91 SP2 allow remote attackers to execute arbitrary code via a long argument to the (1) EnumPrinters and (2) OpenPrinter functions. | 7.5 |
2006-12-02 | CVE-2006-6234 | Francisco Burzi | SQL-Injection vulnerability in Francisco Burzi PHP-Nuke 6.0 Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in a list_pages_categories action or (2) the pid parameter in a showpage action. | 7.5 |
2006-12-02 | CVE-2006-6233 | Postnuke Software Foundation | SQL-Injection vulnerability in Postnuke SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. | 7.5 |
2006-12-02 | CVE-2006-6232 | Dreamcost | Remote File Include vulnerability in Dreamcost Dreamaccount 3.1 PHP remote file inclusion vulnerability in admin/index.php in DreamAccount 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | 7.5 |
2006-12-02 | CVE-2006-6230 | Vubb | SQL-Injection vulnerability in Vubb 0.2/0.2.1 SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a register action to index.php, a different vulnerability than CVE-2006-0962. | 7.5 |
2006-12-02 | CVE-2006-6226 | Neoengine | Denial Of Service vulnerability in Neoengine 0.8.2 Multiple format string vulnerabilities in NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Console::Render in neoengine/console.cpp and (2) TextArea::Render in neowtk/textarea.cpp. | 7.5 |
2006-12-02 | CVE-2006-6224 | Puntal | Remote File Include vulnerability in Puntal 1.8.2/1.8.3/1.8.4 PHP remote file inclusion vulnerability in the installation scripts in Puntal before 1.8.5 allows remote attackers to execute arbitrary PHP code via the GLOBALS array. | 7.5 |
2006-12-01 | CVE-2006-6218 | Dev4U | Input Validation vulnerability in Dev4U CMS Multiple SQL injection vulnerabilities in index.php in dev4u CMS allow remote attackers to execute arbitrary SQL commands via the (1) seite_id, (2) gruppe_id.php, and (3) go_target parameters. | 7.5 |
2006-12-01 | CVE-2006-6217 | PHP Nuke | Remote Security vulnerability in PHP-Nuke Mermaid Module 1.2 PHP remote file inclusion vulnerability in formdisp.php in the Mermaid 1.2 module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the module_name parameter. | 7.5 |
2006-12-01 | CVE-2006-6216 | Nivisec | SQL Injection vulnerability in Nivisec Hacks List HACK_ID SQL injection vulnerability in admin_hacks_list.php in the Nivisec Hacks List 1.21 and earlier phpBB module allows remote attackers to execute arbitrary SQL commands via the hack_id parameter. | 7.5 |
2006-12-01 | CVE-2006-6215 | Wallpaper | SQL-Injection vulnerability in Wallpaper Complete Website Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper Complete Website) 1.0.09 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameter to (a) process.php, or the (3) wallpaperid parameter to (b) dlwallpaper.php. | 7.5 |
2006-12-01 | CVE-2006-6214 | Wallpaper | SQL Injection vulnerability in Wallpaper Complete Website 1.0.09 SQL injection vulnerability in wallpaper.php in Wallpaper Website (Wallpaper Complete Website) 1.0.09 allows remote attackers to execute arbitrary SQL commands via the wallpaperid parameter. | 7.5 |
2006-12-01 | CVE-2006-6213 | Pegames | Remote File Include vulnerability in PEGames index.php in PEGames uses the extract function to overwrite critical variables, which allows remote attackers to conduct PHP remote file inclusion attacks via the abs_url parameter, which is later extracted to overwrite a previously uncontrolled value. | 7.5 |
2006-12-01 | CVE-2006-6212 | Webwiz | Code Injection vulnerability in Webwiz Site News 2.00 PHP remote file inclusion vulnerability in centre.php in Site News (site_news) 2.00, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | 7.5 |
2006-12-01 | CVE-2006-6210 | Iisworks | SQL Injection vulnerability in Iisworks ASP Listpics 5.0 SQL injection vulnerability in listpics.asp in ASP ListPics 5.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
2006-12-01 | CVE-2006-6209 | Midicart Software | SQL Injection vulnerability in Midicart Software products Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. | 7.5 |
2006-12-01 | CVE-2006-6206 | Warhound | SQL Injection vulnerability in WarHound General Shopping Cart Item.ASP SQL injection vulnerability in item.asp in WarHound General Shopping Cart allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. | 7.5 |
2006-12-01 | CVE-2006-6202 | Nukeai | Remote Code Execution vulnerability in Nukeai Beta0.0.3 PHP remote file inclusion vulnerability in modules/NukeAI/util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to execute arbitrary PHP code via a URL in the AIbasedir parameter. | 7.5 |
2006-12-01 | CVE-2006-6201 | Borland Software Revilloc | Remote Heap Buffer Overflow vulnerability in Borland IDSQL32.DLL Library Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by RevilloC MailServer; 5.2.0.2 as used by Borland Developer Studio 2006; and possibly other versions allows remote attackers to execute arbitrary code via a long SQL statement, related to use of the DbiQExec function. | 7.5 |
2006-12-01 | CVE-2006-6200 | Francisco Burzi | SQL Injection vulnerability in PHP-Nuke News Module Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter. | 7.5 |
2006-12-01 | CVE-2006-6199 | Blazevideo | Buffer Errors vulnerability in Blazevideo Blaze DVD 5.0 Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Professional 5.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist. | 7.5 |
2006-12-01 | CVE-2006-6195 | Fixit Knowledge Solutions | Input Validation vulnerability in Fixit IDMS Pro Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) show_id or (2) parentid parameter to (a) filelist.asp, or the (3) fid parameter to (b) showfile.asp. | 7.5 |
2006-12-01 | CVE-2006-6194 | Fisasp COM | SQL-Injection vulnerability in Ultimate Survey Pro Multiple SQL injection vulnerabilities in index.asp in Ultimate Survey Pro allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter. | 7.5 |
2006-12-01 | CVE-2006-6193 | Basicforum | SQL Injection vulnerability in Basicforum 1.1 SQL injection vulnerability in edit.asp in BasicForum 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2006-12-01 | CVE-2006-6192 | 8Pixel NET | Remote Security vulnerability in Simple Blog Unspecified scripts in the admin directory in 8pixel.net SimpleBlog 3.0 and earlier do not properly perform authentication, which allows remote attackers to add users and perform certain other unauthorized privileged actions. | 7.5 |
2006-12-01 | CVE-2006-6191 | 8Pixel NET | SQL-Injection vulnerability in 8Pixel.Net Simple Blog 2.0/2.1/2.2 SQL injection vulnerability in admin/edit.asp in 8pixel.net simpleblog 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2006-12-01 | CVE-2006-6190 | Anna IRC BOT | SQL Injection vulnerability in Anna IRC BOT Anna^ IRC BOT 0.10/0.20 SQL injection vulnerability in anna.pl in Anna^ IRC Bot before 0.30 (aka caprice) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2006-12-01 | CVE-2006-6189 | Clicktech | SQL Injection vulnerability in Clickblog Displaycalendar.ASP SQL injection vulnerability in displayCalendar.asp in ClickTech Click Blog allows remote attackers to execute arbitrary SQL commands via the date parameter. | 7.5 |
2006-12-01 | CVE-2006-6187 | Clicktech | SQL-Injection vulnerability in Clicktech Clickgallery 5.0 Multiple SQL injection vulnerabilities in ClickTech Click Gallery allow remote attackers to execute arbitrary SQL commands via the (1) currentpage or (2) gallery_id parameter to (a) view_gallery.asp, the (3) image_id parameter to (b) download_image.asp, the currentpage or (5) orderby parameter to (c) gallery.asp, or the currentpage parameter to (d) view_recent.asp. | 7.5 |
2006-12-01 | CVE-2006-6181 | Clicktech | SQL Injection vulnerability in ClickContact Default.ASP Multiple SQL injection vulnerabilities in default.asp in ClickTech ClickContact allow remote attackers to execute arbitrary SQL commands via the (1) AlphaSort, (2) In, and (3) orderby parameters. | 7.5 |
2006-11-30 | CVE-2006-6179 | Trend Micro | Buffer Overflow vulnerability in Trend Micro Officescan 7.3 Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors. | 7.5 |
2006-11-30 | CVE-2006-6178 | Trend Micro | Buffer Overflow vulnerability in Trend Micro Officescan 7.3 Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors. | 7.5 |
2006-11-30 | CVE-2006-4514 | Libgsf | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libgsf Heap-based buffer overflow in the ole_info_read_metabat function in Gnome Structured File library (libgsf) 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large num_metabat value in an OLE document, which causes the ole_init_info function to allocate insufficient memory. | 7.5 |
2006-11-30 | CVE-2006-6177 | Neocrome | SQL-Injection vulnerability in Seditio SQL injection vulnerability in system/core/users/users.profile.inc.php in Neocrome Seditio 1.10 and earlier allows remote authenticated users to execute arbitrary SQL commands via a double-url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by an encoded NULL and ' (apostrophe) (%2500%2527). | 7.5 |
2006-11-30 | CVE-2006-6175 | Horde | Local File Include vulnerability in Horde Kronolith Directory traversal vulnerability in lib/FBView.php in Horde Kronolith H3 before 2.0.7 and 2.1.x before 2.1.4 allows remote attackers to include arbitrary files and execute PHP code via a .. | 7.5 |
2006-11-30 | CVE-2006-4410 | Apple | Multiple Security vulnerability in Apple Mac OS X 2006-007 The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates. | 7.5 |
2006-11-30 | CVE-2006-4406 | Apple | Multiple Security vulnerability in Apple Mac OS X 2006-007 Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
2006-11-30 | CVE-2006-6172 | Mplayer Xine | Remote Buffer Overflow vulnerability in Xine-Lib RuleMatches Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches. | 7.5 |
2006-11-30 | CVE-2006-6170 | Proftpd Project | Remote Buffer Overflow vulnerability in ProFTPD MOD_TLS Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815. | 7.5 |
2006-11-29 | CVE-2006-4099 | Businessobjects | Unspecified vulnerability in Businessobjects Crystal Enterprise 10/9 Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values. | 7.5 |
2006-11-29 | CVE-2006-6168 | Tiki | Improper Input Validation vulnerability in Tiki Tikiwiki Cms/Groupware tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email." | 7.5 |
2006-11-28 | CVE-2006-6161 | Doug Luxem | SQL Injection vulnerability in Liberum Help Desk 'forgotpass.asp' Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) uid parameter to (a) inout/status.asp, (b) inout/update.asp, and (c) forgotpass.asp. | 7.5 |
2006-11-28 | CVE-2006-6160 | Doug Luxem | SQL Injection vulnerability in Doug Luxem Liberum Help Desk 0.97.3 SQL injection vulnerability in details.asp in Doug Luxem Liberum Help Desk 0.97.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2006-11-28 | CVE-2006-6157 | Michaelis Freunde | SQL Injection vulnerability in Michaelis Freunde Contentnow SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. | 7.5 |
2006-11-28 | CVE-2006-6155 | Hscripts | SQL-Injection vulnerability in Hiox Star Rating System Script Multiple SQL injection vulnerabilities in addrating.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ipadd or (2) url parameter. | 7.5 |
2006-11-28 | CVE-2006-6154 | Hscripts | Remote File Include vulnerability in HIOX Star Rating System Addcode.PHP PHP remote file inclusion vulnerability in addcode.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter. | 7.5 |
2006-11-28 | CVE-2006-6151 | Messagerie Locale | Remote File Include vulnerability in Messagerie Locale Messagerie Locale 1.0 PHP remote file inclusion vulnerability in centre.php in Messagerie Locale as of 20061127 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | 7.5 |
2006-11-28 | CVE-2006-6150 | Owllib | Remote File Include vulnerability in Owllib 1.0 PHP remote file inclusion vulnerability in memory/OWLMemoryProperty.php in OWLLib 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the OWLLIB_ROOT parameter. | 7.5 |
2006-11-28 | CVE-2006-6149 | Jiros | SQL Injection vulnerability in Jiros FAQ Manager 1.0 SQL injection vulnerability in index.asp in JiRos FAQ Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the tID parameter. | 7.5 |
2006-11-28 | CVE-2006-6147 | Jiros | Input Validation vulnerability in Jiros Links Manager 1.0 Multiple SQL injection vulnerabilities in JiRos Links Manager allow remote attackers to execute arbitrary SQL commands via the (1) LinkID parameter to openlink.asp or the (2) CategoryID parameter to viewlinks.asp. | 7.5 |
2006-11-28 | CVE-2006-6140 | Sisfo Kampus | Remote Security vulnerability in Sisfo Kampus Sisfo Kampus 2006 PHP remote file inclusion vulnerability in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to execute arbitrary PHP code via a URL in the slnt parameter to (1) index.php and (2) print.php. | 7.5 |
2006-11-28 | CVE-2006-6137 | Sisfo Kampus | Remote File Include vulnerability in Sisfo Kampus Sisfo Kampus 0.8 Multiple PHP remote file inclusion vulnerabilities in Sisfo Kampus 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the (1) exec parameter to index.php or (2) print parameter to print.php, which is also accessible via the print command to index.php. | 7.5 |
2006-11-28 | CVE-2006-6134 | Microsoft | Buffer Errors vulnerability in Microsoft Windows Media Player 10.00.00.4036 Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file. | 7.5 |
2006-11-27 | CVE-2006-5750 | Jboss | Directory Traversal vulnerability in JBoss Java Class DeploymentFileRepository Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager. | 7.5 |
2006-11-27 | CVE-2006-6125 | Netgear | Buffer Errors vulnerability in Netgear Wg311V1 2.3.1.10 Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) 2.3.1.10 for NetGear WG311v1 wireless adapter allows remote attackers to execute arbitrary code via an 802.11 management frame with a long SSID. | 7.5 |
2006-11-30 | CVE-2006-6173 | Apple | Local Memory Corruption vulnerability in Apple Mac OS X Shared_Region_Make_Private_Np Kernel Function Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter. | 7.2 |
2006-11-30 | CVE-2006-4411 | Apple | Multiple Security vulnerability in Apple Mac OS X 2006-007 The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors. | 7.2 |
2006-11-30 | CVE-2006-4398 | Apple | Multiple Security vulnerability in Apple Mac OS X 2006-007 Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests. | 7.2 |
2006-11-29 | CVE-2006-6164 | Openbsd | Local Environment Variable Clearing vulnerability in Openbsd 3.9/4.0 The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges. | 7.2 |
48 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-12-03 | CVE-2006-6242 | S9Y | Path Traversal vulnerability in S9Y Serendipity Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. | 6.8 |
2006-12-03 | CVE-2006-6120 | KDE | Integer Overflow vulnerability in KDE Koffice 1.6.1 Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola.cc) in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow. | 6.8 |
2006-12-02 | CVE-2006-6228 | Codewalkers | Cross-Site Scripting vulnerability in Codewalkers Ltwcalendar 4.1.3/4.2 Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors. | 6.8 |
2006-12-01 | CVE-2006-6220 | Recipes Complete Website | SQL Injection vulnerability in Recipes Complete Website Recipes Complete Website 1.1.14 Multiple SQL injection vulnerabilities in Recipes Website (Recipes Complete Website) 1.1.14 allow remote attackers to execute arbitrary SQL commands via the (1) recipeid parameter to recipe.php or the (2) categoryid parameter to list.php. | 6.8 |
2006-12-01 | CVE-2006-6219 | Dev4U | Input Validation vulnerability in Dev4U CMS Multiple cross-site scripting (XSS) vulnerabilities in index.php in dev4u CMS allow remote attackers to inject arbitrary web script or HTML via the (1) user_name, (2) passwort, and (3) go_target parameters. | 6.8 |
2006-12-01 | CVE-2006-6211 | Birdblog | Cross-Site Scripting vulnerability in Birdblog 1.4.0 Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to (a) admin/admincore.php, the (2) month parameter to (b) admin/comments.php or (c) admin/entries.php, or the (3) page parameter to (d) admin/logs.php, different vectors than CVE-2006-5064. | 6.8 |
2006-12-01 | CVE-2006-6197 | B2Evolution | Cross-Site Scripting vulnerability in B2Evolution 1.8.2/1.9Beta Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8.2 through 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) app_name parameter in (a) _404_not_found.page.php, (b) _410_stats_gone.page.php, and (c) _referer_spam.page.php in inc/VIEW/errors/; the (2) baseurl parameter in (d) inc/VIEW/errors/_404_not_found.page.php; and the (3) ReqURI parameter in (e) inc/VIEW/errors/_referer_spam.page.php. | 6.8 |
2006-12-01 | CVE-2006-6196 | Fixit Knowledge Solutions | Input Validation vulnerability in Fixit IDMS Pro Cross-site scripting (XSS) vulnerability in the search functionality in Fixit iDMS Pro Image Gallery allows remote attackers to inject arbitrary web script or HTML via a search field (txtsearchtext parameter). | 6.8 |
2006-12-01 | CVE-2006-6180 | Expinion NET | Cross-Site Scripting vulnerability in Expinion.net iNews Publisher Articles.ASP Cross-site scripting (XSS) vulnerability in articles.asp in Expinion.net iNews Publisher (iNP) 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the hl parameter. | 6.8 |
2006-11-30 | CVE-2006-6176 | Blogn | Cross-Site Scripting vulnerability in Blogn Cross-site scripting (XSS) vulnerability in admin.php in Blogn before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 6.8 |
2006-11-30 | CVE-2006-4412 | Apple | Multiple Security vulnerability in Apple Mac OS X 2006-007 WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects. | 6.8 |
2006-11-29 | CVE-2006-6169 | Gnupg | Remote Buffer Overflow vulnerability in Gnupg 1.4/2.0 Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt. | 6.8 |
2006-11-29 | CVE-2006-6166 | Ryan Demmer | Cross-Site Scripting vulnerability in Ryan Demmer Joomla Content Editor 1.0.4 Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.0.4 for Joomla! (com_jce), without the 20060821 jce_patch, allows remote attackers to inject arbitrary web script or HTML via the mosConfig_live_site parameter. | 6.8 |
2006-11-28 | CVE-2006-6159 | Deskpro | Cross-Site Scripting vulnerability in Deskpro 2.0.0/2.0.1 Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in DeskPRO 2.0.0 and 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) message or (2) subject parameter. | 6.8 |
2006-11-28 | CVE-2006-6158 | ACE Helpdesk Inverseflow Pmos Helpdesk | Cross-Site Scripting vulnerability in InverseFlow Help Desk Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php. | 6.8 |
2006-11-28 | CVE-2006-6148 | Jiros | Input Validation vulnerability in Jiros Links Manager 1.0 Multiple cross-site scripting (XSS) vulnerabilities in submitlink.asp in JiRos Links Manager allow remote attackers to inject arbitrary web script or HTML via the (1) lName, (2) lURL, (3) lImage, and (4) lDescription parameters. | 6.8 |
2006-12-01 | CVE-2006-6198 | Cpanel | Cross-Site Scripting vulnerability in Cpanel Webhost Manager 3.1.0 Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/park. | 6.0 |
2006-12-02 | CVE-2006-6225 | Geeklog | Remote File Include vulnerability in Geeklog Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allow remote attackers to execute arbitrary code via a URL in the _CONF[path] parameter to (1) links/functions.inc, (2) polls/functions.inc, (3) spamx/BlackList.Examine.class.php, (4) spamx/DeleteComment.Action.class.php, (5) spamx/EditIPofURL.Admin.class.php, (6) spamx/MTBlackList.Examine.class.php, (7) spamx/MassDelete.Admin.class.php, (8) spamx/MailAdmin.Action.class.php, (9) spamx/MassDelTrackback.Admin.class.php, (10) spamx/EditHeader.Admin.class.php, (11) spamx/EditIP.Admin.class.php, (12) spamx/IPofUrl.Examine.class.php, (13) spamx/Import.Admin.class.php, (14) spamx/LogView.Admin.class.php, and (15) staticpages/functions.inc, in the plugins/ directory. | 5.1 |
2006-11-30 | CVE-2006-4402 | Apple | Multiple Security vulnerability in Apple Mac OS X 2006-007 Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files. | 5.1 |
2006-11-30 | CVE-2006-4401 | Apple | Multiple Security vulnerability in Apple Mac OS X 2006-007 Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI. | 5.1 |
2006-11-30 | CVE-2006-4400 | Apple | Multiple Security vulnerability in Apple Mac OS X 2006-007 Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files. | 5.1 |
2006-12-03 | CVE-2006-6238 | Apple | Unspecified vulnerability in Apple Safari 2.0.4 The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077. | 5.0 |
2006-12-02 | CVE-2006-6231 | Vubb | Information Disclosure vulnerability in Vubb 0.2/0.2.1 vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive information via a direct request to includes/vubb.php, which leaks the path in an error message. | 5.0 |
2006-12-02 | CVE-2006-6229 | Codewalkers | Remote Security vulnerability in Codewalkers Ltwcalendar 4.1.3/4.2 Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file. | 5.0 |
2006-12-02 | CVE-2006-6227 | Neoengine | Denial Of Service vulnerability in Neoengine 0.8.2 The Core::Receive function in neonet/core.cpp for NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service (engine crash) via a message with a large uiMessageLength that produces a failed memory allocation and a null pointer dereference. | 5.0 |
2006-12-01 | CVE-2006-6203 | Krishan | Information Disclosure vulnerability in Krishan Flyspray Me1.0.1 Directory traversal vulnerability in startdown.php in the Flyspray ME 1.0.1 (com_flyspray) component for Mambo allows remote attackers to read arbitrary files via a .. | 5.0 |
2006-12-01 | CVE-2006-6186 | Enomphp | Directory Traversal vulnerability in Enomphp 4.0 Multiple directory traversal vulnerabilities in enomphp 4.0 allow remote attackers to read arbitrary files via a .. | 5.0 |
2006-12-01 | CVE-2006-6185 | Wabbit | Directory Traversal vulnerability in Wabbit PHP Gallery 0.9 Directory traversal vulnerability in script.php in Wabbit PHP Gallery 0.9 allows remote attackers to read arbitrary files via a .. | 5.0 |
2006-11-30 | CVE-2006-4409 | Apple | Multiple Security vulnerability in Apple Mac OS X 2006-007 The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked. | 5.0 |
2006-11-30 | CVE-2006-4408 | Apple | Multiple Security vulnerability in Apple Mac OS X 2006-007 The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. | 5.0 |
2006-11-30 | CVE-2006-4407 | Apple | Multiple Security vulnerability in Apple Mac OS X 2006-007 The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. | 5.0 |
2006-11-28 | CVE-2006-6113 | James Greenwood | Denial-Of-Service vulnerability in James Greenwood Monkey Boards 0.3.5 Monkey Boards 0.3.5 allows remote attackers to obtain sensitive information via direct requests to (1) include/admin_auth.inc.php and (2) include/engine/class.compiler.php, which reveals the full path in an error message. | 5.0 |
2006-11-28 | CVE-2006-4518 | Qbik | Remote Denial Of Service vulnerability in Qbik WinGate Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop. | 5.0 |
2006-11-28 | CVE-2006-6141 | Philippe Jounin | Remote Buffer Overflow vulnerability in Philippe Jounin Tftpd32 3.01 Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a denial of service via a long GET or PUT request, which is not properly handled when the request is displayed in the title of the gauge window. | 5.0 |
2006-11-28 | CVE-2006-6139 | Sisfo Kampus | Directory Traversal vulnerability in Sisfo Kampus Sisfo Kampus 2006 Directory traversal vulnerability in downloadexcel.php in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to read arbitrary files via the fn parameter. | 5.0 |
2006-11-28 | CVE-2006-6138 | Sisfo Kampus | Remote File Include vulnerability in Sisfo Kampus Sisfo Kampus 0.8 Directory traversal vulnerability in download.php in Sisfo Kampus 0.8 allows remote attackers to list arbitrary directories via an absolute pathname in the dir parameter. | 5.0 |
2006-11-27 | CVE-2006-5896 | Remlab | Remote Security vulnerability in Remlab web Mech Designer 2.0.5 REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain the full path of the script via an incorrect Tonnage parameter to calculate.php that triggers a divide-by-zero error, which leaks the path in an error message. | 5.0 |
2006-11-28 | CVE-2006-6130 | Apple | Stack Buffer Overflow vulnerability in Apple Mac OS X AppleTalk AIOCRegLocalZN IOCTL Apple Mac OS X AppleTalk allows local users to cause a denial of service (kernel panic) by calling the AIOCREGLOCALZN ioctl command with a crafted data structure on an AppleTalk socket. | 4.9 |
2006-11-30 | CVE-2006-4396 | Apple | Multiple Security vulnerability in Apple Mac OS X 2006-007 The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack. | 4.6 |
2006-11-27 | CVE-2006-6129 | Apple | Integer Overflow vulnerability in Apple Mac OS X Mach-O Binary Loading Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows local users to cause a denial of service and possibly execute arbitrary code via a crafted Mach-O Universal program that triggers memory corruption. | 4.6 |
2006-12-01 | CVE-2006-6188 | Clicktech | Cross-Site Scripting vulnerability in Clicktech Clickgallery 5.0 Cross-site scripting (XSS) vulnerability in view_search.asp in ClickTech Click Gallery allows remote attackers to inject arbitrary web script or HTML via the txtKeyWord parameter. | 4.3 |
2006-11-30 | CVE-2006-6174 | Tdiary | Cross-Site Scripting vulnerability in Tdiary 2.0.2/2.1.4.20061115 Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and 2.1.x before 2.1.4.20061126 allows remote attackers to inject arbitrary web script or HTML via the conf parameter in (1) tdiary.rb and (2) skel/conf.rhtml. | 4.3 |
2006-11-29 | CVE-2006-6163 | Tiki | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters. | 4.3 |
2006-11-29 | CVE-2006-6162 | Tiki | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.6 Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. | 4.3 |
2006-11-28 | CVE-2006-6156 | Hscripts | Cross-Site Scripting vulnerability in Hiox Star Rating System Script Cross-site scripting (XSS) vulnerability in auth/message.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF). | 4.3 |
2006-12-03 | CVE-2006-6241 | Telnet FTP Server | Improper Input Validation vulnerability in Telnet FTP Server Telnet FTP Server 1.0 Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to cause a denial of service (crash) via consecutive RETR commands. | 4.0 |
2006-12-03 | CVE-2006-6240 | Telnet FTP Server | Directory Traversal vulnerability in Telnet FTP Server Telnet FTP Server 1.0 Directory traversal vulnerability in Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to list contents of arbitrary directories and download arbitrary files via a .. | 4.0 |
2006-11-30 | CVE-2006-4403 | Apple | Multiple Security vulnerability in Apple Mac OS X 2006-007 The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames. | 4.0 |
6 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-11-28 | CVE-2006-6146 | Takeshi Kanno | Buffer Overflow vulnerability in Haru Free PDF Library HPDF_Page_Circle Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Library (libharu2, aka libharu) 2.0.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via certain arguments that yield a large amount of PDF data, as demonstrated by a filled circle. | 2.6 |
2006-12-01 | CVE-2006-6182 | Gabriele Teotino | Local Information Disclosure vulnerability in Gabriele Teotino Gnotebook 0.7.0.1 The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop stores Gmail passwords in plaintext in the %SYSTEMDRIVE%\temp\Gnotebook.txt log file, which allows local users to obtain passwords by reading the file. | 2.1 |
2006-11-28 | CVE-2006-6145 | Cryptocard | Local Information Disclosure vulnerability in Cryptocard Crypto-Server 6.4.55 CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in plaintext in UninstallerData\installvariables.properties, which has insecure permissions and allows local users to obtain the credentials. | 2.1 |
2006-11-27 | CVE-2006-6128 | Linux | Denial-Of-Service vulnerability in Linux Kernel 2.6.18 The ReiserFS functionality in Linux kernel 2.6.18, and possibly other versions, allows local users to cause a denial of service via a malformed ReiserFS file system that triggers memory corruption when a sync is performed. | 2.1 |
2006-11-27 | CVE-2006-6127 | Apple | Local Denial of Service vulnerability in Apple Mac OS X KQueue Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent. | 2.1 |
2006-11-27 | CVE-2006-6126 | Apple | Privilege Escalation vulnerability in Apple Mac OS X Mach-O Binary Loading Apple Mac OS X allows local users to cause a denial of service (memory corruption) via a crafted Mach-O binary with a malformed load_command data structure. | 2.1 |