Weekly Vulnerabilities Reports > December 4 to 10, 2006
Overview
191 new vulnerabilities reported during this period, including 21 critical vulnerabilities and 71 high severity vulnerabilities. This weekly summary report vulnerabilities in 187 products from 131 vendors including Xerox, Microsoft, Novell, Duware, and Alternc. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Resource Management Errors", "Cross-site Scripting", and "OS Command Injection".
- 177 reported vulnerabilities are remotely exploitables.
- 28 reported vulnerabilities have public exploit available.
- 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 180 reported vulnerabilities are exploitable by an anonymous user.
- Xerox has the most reported vulnerabilities, with 15 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
21 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-12-10 | CVE-2006-6454 | J Owamp | Remote Security vulnerability in web interface execInBackground.php in J-OWAMP Web Interface 2.1b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters to the (1) exe and (2) args parameters, which are used in an exec function call. | 10.0 |
2006-12-10 | CVE-2006-6443 | Novell | Buffer Overflow vulnerability in Novell Client 4.91 Buffer overflow in the Novell Distributed Print Services (NDPS) Print Provider for Windows component (NDPPNT.DLL) in Novell Client 4.91 has unknown impact and remote attack vectors. | 10.0 |
2006-12-10 | CVE-2006-6409 | F Secure | Unspecified vulnerability in F-Secure Anti-Virus 4.65 F-Secure Anti-Virus for Linux Gateways 4.65 allows remote attackers to cause a denial of service (possibly fatal scan error), and possibly bypass virus detection, by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. | 10.0 |
2006-12-07 | CVE-2006-6361 | Bitflux | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bitflux Upload Progress Meter 8215/8275 Heap-based buffer overflow in the uploadprogress_php_rfc1867_file function in uploadprogress.c in Bitflux Upload Progress Meter before 8276 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted HTTP POST fileupload requests. | 10.0 |
2006-12-07 | CVE-2006-6235 | GNU Gpg4Win Redhat Rpath Slackware Ubuntu | A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. | 10.0 |
2006-12-07 | CVE-2006-6355 | Duware | SQL Injection vulnerability in DUClassmate ICity Parameter SQL injection vulnerability in default.asp in DuWare DuClassmate allows remote attackers to execute arbitrary SQL commands via the iCity parameter. | 10.0 |
2006-12-07 | CVE-2006-6351 | Khaledmuratlist | Remote Security vulnerability in Khaledmuratlist KhaledMuratList stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) CL2F9R1A2C1N.mdb or (2) Data2F9R1A2C1N.mdb. | 10.0 |
2006-12-07 | CVE-2006-6350 | Iisworks | Remote Security vulnerability in Iisworks Listpics 5.0 listpics 5 stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for listpics.mdb. | 10.0 |
2006-12-07 | CVE-2006-6346 | SAP | Multiple Unspecified vulnerability in SAP IGS Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to "Undocumented Features." NOTE: it is possible that there are multiple issues. | 10.0 |
2006-12-06 | CVE-2006-5855 | IBM | Buffer Overflow vulnerability in IBM Tivoli Storage Manager Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message. | 10.0 |
2006-12-05 | CVE-2006-6299 | Novell | Remote Integer Overflow vulnerability in Novell Zenworks Asset Management 7 Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management (ZAM) before SP1 IR11 and the Collection client allows remote attackers to execute arbitrary code via crafted packets, which trigger a heap-based buffer overflow. | 10.0 |
2006-12-04 | CVE-2006-6270 | Kervancilar | SQL-Injection vulnerability in Aspmforum Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via (1) the soruid parameter in forum2.asp, (2) the ak parameter in kullanicilistesi.asp, (3) the kelimeler parameter in aramayap.asp, and (4) the kullaniciadi parameter in giris.asp; and allow remote authenticated users to execute arbitrary SQL commands via (5) the mesajno parameter in mesajkutum.asp. | 10.0 |
2006-12-04 | CVE-2006-6268 | Neocrome | SQL-Injection vulnerability in Land Down Under SQL injection vulnerability in system/core/profile/profile.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote authenticated users to execute arbitrary SQL commands via a url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by a double-encoded NULL and ' (apostrophe) (%2500%2527). | 10.0 |
2006-12-04 | CVE-2006-6259 | Alternc | Input Validation vulnerability in AlternC Multiple directory traversal vulnerabilities in (a) class/functions.php and (b) class/m_bro.php in AlternC 0.9.5 and earlier allow remote attackers to (1) create arbitrary files and directories via a .. | 10.0 |
2006-12-04 | CVE-2006-3893 | Casio Newtone | Buffer Overflow vulnerability in Newtone ImageKit ActiveX Multiple buffer overflows in the ActiveX controls in Newtone ImageKit 5 before Fix 30 and 6 before Fix 40, as used in CASIO Photo Loader software before 3.01 and possibly other software, allow remote attackers to execute arbitrary code via a crafted HTML document. | 10.0 |
2006-12-10 | CVE-2006-6442 | AOL | Buffer Errors vulnerability in AOL Client Software 7.04114.563/8.04129.230/9.0 Stack-based buffer overflow in the SetClientInfo function in the CDDBControlAOL.CDDBAOLControl ActiveX control (cddbcontrol.dll), as used in America Online (AOL) 7.0 4114.563, 8.0 4129.230, and 9.0 Security Edition 4156.910, and possibly other products, allows remote attackers to execute arbitrary code via a long ClientId argument. | 9.3 |
2006-12-06 | CVE-2006-5994 | Microsoft | Remote Code Execution vulnerability in Microsoft Word Malformed String Arbitrary Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. | 9.3 |
2006-12-04 | CVE-2006-6282 | Vikingboard | HTML Injection And Directory Traversal vulnerability in Vikingboard 0.1.2 members.php in Vikingboard 0.1.2 allows remote attackers to trigger a forced SQL error via an invalid s parameter, a different vector than CVE-2006-4709. | 9.3 |
2006-12-04 | CVE-2006-6261 | Microsoft Quinnware | Remote Memory Corruption vulnerability in Quinnware Quintessential Player Playlist Files Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a) NumberofEntries, (b) Length (aka Length1), (c) Filename (aka File1), (d) Title (aka Title1) field, or other unspecified fields. | 9.3 |
2006-12-04 | CVE-2006-6258 | Alternc | Input Validation vulnerability in AlternC The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting (XSS) attack. | 9.3 |
2006-12-04 | CVE-2006-6284 | Vikingboard | HTML Injection And Directory Traversal vulnerability in Vikingboard 0.1.2 Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 allows remote authenticated administrators to include arbitrary files via a .. | 9.0 |
71 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-12-10 | CVE-2006-6439 | Xerox | Information Disclosure vulnerability in Workcentre 238 Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to download the audit log and obtain potentially sensitive information via unspecified vectors. | 7.8 |
2006-12-10 | CVE-2006-6437 | Xerox | Denial-Of-Service vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000 ops3-dmn in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows attackers to cause a denial of service (application crash and core dump) via a certain PS file. | 7.8 |
2006-12-10 | CVE-2006-6430 | Xerox | Multiple vulnerability in Xerox WorkCentre and WorkCentre Pro Web services in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 do not require HTTPS, which allows remote attackers to obtain sensitive information by sniffing the unencrypted HTTP traffic. | 7.8 |
2006-12-10 | CVE-2006-6411 | Linksys | Denial Of Service vulnerability in Linksys WIP 330 Wireless-G IP Phone 1.0.6A PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A allows remote attackers to cause a denial of service (crash) via a TCP SYN scan, as demonstrated using TCP ports 1-65535 with nmap. | 7.8 |
2006-12-07 | CVE-2006-6384 | John Goodman | Directory Traversal vulnerability in Abitwhizzy Absolute path traversal vulnerability in abitwhizzy.php before 20061204 allows remote attackers to read arbitrary files via an absolute pathname in the Filename text window (f parameter), a variant of CVE-2006-6084. | 7.8 |
2006-12-04 | CVE-2006-6267 | Postnuke Software Foundation | Information Disclosure vulnerability in Postnuke Software Foundation Postnuke 0.7.5.0 PostNuke 0.7.5.0, and certain minor versions, allows remote attackers to obtain sensitive information via a non-numeric value of the stop parameter, which reveals the path in an error message. | 7.8 |
2006-12-04 | CVE-2006-6250 | Songbird | Denial of Service vulnerability in Songbird Media Player Format string vulnerability in Songbird Media Player 0.2 and earlier allows remote attackers to cause a denial of service (crash) via an M3U Playlist file containing extended ASCII, which causes the Unicode converter to be invoked. | 7.8 |
2006-12-04 | CVE-2006-6248 | Gphotos | Information Disclosure vulnerability in Gphotos 1.5 index.php in GPhotos 1.5 allows remote attackers to obtain sensitive information via an invalid rep parameter, which reveals the full path in an error message. | 7.8 |
2006-12-10 | CVE-2006-6455 | Duware | SQL Injection vulnerability in DUDirectory Multiple SQL injection vulnerabilities in admin/default.asp in DUware DUdirectory 3.1, and possibly DUdirectory Pro and Pro SQL 3.x, allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password parameter. | 7.5 |
2006-12-10 | CVE-2006-6450 | Novell | SQL Injection vulnerability in Novell Zenworks Patch Management Server 6.3.2.700 Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in Novell ZENworks Patch Management (ZPM) before 6.3.2.700 allow remote attackers to execute arbitrary SQL commands via the (1) agentid and (2) pass parameters. | 7.5 |
2006-12-10 | CVE-2006-6448 | VT Forum | SQL-Injection vulnerability in Vt-Forum Multiple SQL injection vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the user parameter to vf_memberdetail.asp, and other unspecified vectors. | 7.5 |
2006-12-10 | CVE-2006-6445 | Envolution | Local Code Include vulnerability in Envolution 1.1.0 Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2006-12-10 | CVE-2006-6379 | Broadcom | Unspecified vulnerability in Broadcom products Buffer overflow in the BrightStor Backup Discovery Service in multiple CA products, including ARCserve Backup r11.5 SP1 and earlier, ARCserve Backup 9.01 up to 11.1, Enterprise Backup 10.5, and CA Server Protection Suite r2, allows remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
2006-12-10 | CVE-2006-6440 | Xerox | Remote Security vulnerability in Workcentre 238 Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allow remote attackers to have an unspecified impact via unspecified vectors relating to "HTTP Security issues." | 7.5 |
2006-12-10 | CVE-2006-6435 | Xerox | Information Disclosure vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000 The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 does not generate authentication failure traps, which allows remote attackers to more easily gain system access and obtain sensitive information via a brute force attack. | 7.5 |
2006-12-10 | CVE-2006-6434 | Xerox | Security Bypass vulnerability in Workcentre 238 Unspecified vulnerability in the Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to bypass authentication controls via unknown vectors. | 7.5 |
2006-12-10 | CVE-2006-6428 | Xerox | Multiple vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000 Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allow remote attackers to gain access via unspecified vectors related to "browser permissions." | 7.5 |
2006-12-10 | CVE-2006-6427 | Xerox | OS Command Injection vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000 The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. | 7.5 |
2006-12-10 | CVE-2006-6419 | Ryan Demmer | Local File-Include vulnerability in JCE Admin Component for Joomla jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allows remote attackers to include and possibly execute arbitrary local files via the (1) plugin or (2) file parameter. | 7.5 |
2006-12-10 | CVE-2006-6417 | B2Evolution | Remote File Include vulnerability in B2Evolution 1.8.5/1.9/1.9Beta PHP remote file inclusion vulnerability in inc/CONTROL/import/import-mt.php in b2evolution 1.8.5 through 1.9 beta allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter. | 7.5 |
2006-12-10 | CVE-2006-6416 | Phpleague Univert | Remote File Include vulnerability in PHPleague - Univert PHPleague 0.8.1 Multiple PHP remote file inclusion vulnerabilities in PhpLeague - Univert PhpLeague 0.81 allow remote attackers to execute arbitrary PHP code via a URL in the cheminmini parameter to (1) consult/miniseul.php or (2) config.php. | 7.5 |
2006-12-10 | CVE-2006-6414 | DOL Storye | SQL Injection vulnerability in Dol Storye Dettaglio.ASP Multiple SQL injection vulnerabilities in dettaglio.asp in dol storye allow remote attackers to execute arbitrary SQL commands via the (1) id_doc or (2) id_aut parameter. | 7.5 |
2006-12-10 | CVE-2006-6332 | Madwifi | Remote Buffer Overflow vulnerability in Madwifi 0.9.2.1 Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWifi before 0.9.2.1 allows remote attackers to execute arbitrary code via unspecified vectors, related to the encode_ie and giwscan_cb functions. | 7.5 |
2006-12-10 | CVE-2006-6402 | Mystats | SQL Injection vulnerability in Mystats SQL injection vulnerability in mystats.php in MyStats 1.0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the details parameter. | 7.5 |
2006-12-10 | CVE-2006-6221 | 2X | Unspecified vulnerability in 2X Thinclientserver 3.0 2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote attackers to create multiple privileged accounts via a replay attack using the initial account creation request. | 7.5 |
2006-12-08 | CVE-2006-6399 | Superfreaker Studios | SQL-Injection vulnerability in Superfreaker Studios Upublisher 1.0 SQL injection vulnerability in Superfreaker Studios UPublisher 1.0 allows remote attackers to execute arbitrary SQL commands via the Username parameter in login.asp. | 7.5 |
2006-12-08 | CVE-2006-6398 | Superfreaker Studios | SQL-Injection vulnerability in Superfreaker Studios Upublisher 1.0 Multiple SQL injection vulnerabilities in Superfreaker Studios UPublisher 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (a) sendarticle.asp and (b) printarticle.asp, and the ID parameter to (c) index.asp and (d) preferences.asp, different vectors than CVE-2006-5888. | 7.5 |
2006-12-08 | CVE-2006-6396 | Blazevideo | Buffer Errors vulnerability in Blazevideo Hdtv Player 3.5 Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist, a different product than CVE-2006-6199. | 7.5 |
2006-12-08 | CVE-2006-6394 | Jonas Gauffin | Input Validation vulnerability in Publicera SQL injection vulnerability in certain database classes in Jonas Gauffin Publicera 1.0-rc2 and earlier might allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2006-12-08 | CVE-2006-6392 | PLX WEB Studio | Local File Include vulnerability in PLX web Studio PLX PAY 3.0 Directory traversal vulnerability in index.php in plx Web Studio (aka plxWebDev) plx Pay 3.2 and earlier allows remote attackers to include and execute arbitrary local files, or obtain user credentials and other sensitive information, via a .. | 7.5 |
2006-12-08 | CVE-2006-6387 | Link Content Management Server | Input Validation vulnerability in Link CMS Multiple SQL injection vulnerabilities in LINK Content Management Server (CMS) allow remote attackers to execute arbitrary SQL commands via the (1) IDMeniGlavni parameter to navigacija.php, and the (2) IDStranicaPodaci parameter to prikazInformacije.php. | 7.5 |
2006-12-07 | CVE-2006-6381 | Ultimate Helpdesk | Directory Traversal vulnerability in Ultimate HelpDesk Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk allows remote attackers to read arbitrary files via a .. | 7.5 |
2006-12-07 | CVE-2006-6378 | Widcomm | Remote Security vulnerability in Widcomm Btsavemysql 1.2 BTSaveMySql 1.2 stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain configuration and save files via direct requests. | 7.5 |
2006-12-07 | CVE-2006-6377 | Uploadscript | Unspecified vulnerability in Uploadscript Uploadscript 1.2 and earlier stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain the admin password hash via a direct request for /password.txt. | 7.5 |
2006-12-07 | CVE-2006-6376 | Onedotoh | Directory Traversal vulnerability in Onedotoh Simple File Manager 0.24A Multiple directory traversal vulnerabilities in fm.php in Simple File Manager (SFM) 0.24a allow remote attackers to use ".." sequences to (1) read arbitrary files via the filename parameter in a download action, (2) delete arbitrary files via the delete parameter, and (3) modify arbitrary files via the edit parameter, which can be leveraged to execute arbitrary code. | 7.5 |
2006-12-07 | CVE-2006-6374 | Phpmyadmin | Remote Security vulnerability in PHPmyadmin 2.7.0Pl2 Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files. | 7.5 |
2006-12-07 | CVE-2006-6370 | Invision Power Services | SQL-Injection vulnerability in Invision Power Services Invision Gallery 2.0.7 SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause a denial of service and possibly have other impacts, as demonstrated using a "SELECT BENCHMARK" statement in the img parameter in a doaddcomment operation in index.php. | 7.5 |
2006-12-07 | CVE-2006-6369 | Invision Power Services | SQL-Injection vulnerability in Invision Power Services Invision Community Blog 1.2.4 SQL injection vulnerability in lib/entry_reply_entry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the "Preview message" functionality. | 7.5 |
2006-12-07 | CVE-2006-6368 | Awrate | Remote File Include vulnerability in Awrate 1.0 PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to search.php. | 7.5 |
2006-12-07 | CVE-2006-6367 | Duware | SQL Injection vulnerability in Duware Dudownload, Dunews and Dupaypal Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. | 7.5 |
2006-12-07 | CVE-2006-6365 | Duware | SQL Injection vulnerability in DUware DUpaypal Pro SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the iType parameter. | 7.5 |
2006-12-07 | CVE-2006-6360 | Sergey Korostel | Remote File Include vulnerability in Sergey Korostel PHP Upload Center 2.0 PHP remote file inclusion vulnerability in activate.php in PHP Upload Center 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the footerpage parameter. | 7.5 |
2006-12-07 | CVE-2006-6358 | Stefan Frech | Input Validation vulnerability in Stefan Frech Online-Bookmarks 0.6.12 SQL injection vulnerability in the login function in auth.inc in Stefan Frech online-bookmarks 0.6.12 allows remote attackers to execute arbitrary SQL commands via the (1) username and possibly the (2) password parameter. | 7.5 |
2006-12-07 | CVE-2006-6354 | Duware | Software SQL Injection vulnerability in DUware Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. | 7.5 |
2006-12-07 | CVE-2006-6349 | PWP Technologies | SQL Injection vulnerability in PWP Technologies the Classified AD System Multiple SQL injection vulnerabilities in PWP Technologies The Classified Ad System allow remote attackers to execute arbitrary SQL commands via (1) the main parameter in a view action (includes/mainpage/view.asp) in default.asp or (2) a query in the search engine. | 7.5 |
2006-12-07 | CVE-2006-6345 | SAP | Directory Traversal vulnerability in SAP Internet Graphics Service Directory traversal vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 16 and earlier, and 7.00 Patchlevel 6 and earlier, allows remote attackers to delete arbitrary files via directory traversal sequences in an HTTP request. | 7.5 |
2006-12-07 | CVE-2006-6344 | Neocrome | SQL-Injection vulnerability in Seditio Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and earlier have unknown impact and attack vectors related to (1) plugins/ipsearch/ipsearch.admin.php, and (2) pfs/pfs.edit.inc.php, (3) users/users.register.inc.php in system/core. | 7.5 |
2006-12-07 | CVE-2006-6342 | KLF Design | SQL-Injection vulnerability in Klf-Realty Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. | 7.5 |
2006-12-07 | CVE-2006-6341 | MG Blattl | Remote File Include vulnerability in MG.Blattl MG.Applanix APX_Root_Path Parameter Multiple PHP remote file inclusion vulnerabilities in mg.applanix 1.3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the apx_root_path parameter to (1) act/act_check_access.php, (2) dsp/dsp_form_booking_ctl.php, and (3) dsp/dsp_bookings.php. | 7.5 |
2006-12-07 | CVE-2006-6337 | Aspindir | SQL Injection vulnerability in Aspindir Aspee Ziyaretci Defteri Multiple SQL injection vulnerabilities in giris.asp in Aspee and Dogantepe Ziyaretci Defteri allow remote attackers to execute arbitrary SQL commands via the (1) kullanici or (2) parola parameter. | 7.5 |
2006-12-06 | CVE-2006-6305 | NET Snmp | Unspecified vulnerability in Net-Snmp 5.3 Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when configured using the rocommunity or rouser snmpd.conf tokens, causes Net-SNMP to grant write access to users or communities that only have read-only access. | 7.5 |
2006-12-06 | CVE-2006-6309 | IBM | Denial-Of-Service vulnerability in Tivoli Storage Manager Express Multiple array index errors in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to read arbitrary memory locations and cause a denial of service (crash) via a large index value in unspecified messages, a different issue than CVE-2006-5855. | 7.5 |
2006-12-05 | CVE-2006-6298 | Maxiasp | SQL Injection vulnerability in Maxiasp Yonetimi 1.0 SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul Yonetim Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) kullanici_ismi and (2) sifre parameters. | 7.5 |
2006-12-05 | CVE-2006-6294 | Frisk Software | Unspecified vulnerability in Frisk Software F-Prot Antivirus 4.6.6 Multiple unspecified vulnerabilities in FRISK Software F-Prot Antivirus before 4.6.7 have unspecified impact and attack vectors. | 7.5 |
2006-12-05 | CVE-2006-6293 | F Prot | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in F-Prot Antivirus Heap-based buffer overflow in FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to execute arbitrary code via a crafted CHM file. | 7.5 |
2006-12-04 | CVE-2006-6287 | Atomix Productions | Buffer Overflow vulnerability in AtomixMP3 M3U File Path Stack-based buffer overflow in AtomixMP3 2.3 and earlier allows remote attackers to execute arbitrary code via a long pathname in an M3U file. | 7.5 |
2006-12-04 | CVE-2006-6281 | Dicshunary | Remote File Include vulnerability in Dicshunary 0.1Alpha PHP remote file inclusion vulnerability in check_status.php in dicshunary 0.1 alpha allows remote attackers to execute arbitrary PHP code via a URL in the dicshunary_root_path parameter. | 7.5 |
2006-12-04 | CVE-2006-6280 | O2Php COM | SQL-Injection vulnerability in Oxygen SQL injection vulnerability in viewthread.php in Oxygen (O2PHP Bulletin Board) 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-1572. | 7.5 |
2006-12-04 | CVE-2006-6273 | Paul Griffin | Unspecified vulnerability in Paul Griffin Simple PHP Gallery 1.1 sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid dir parameter, which reveals the path in an error message. | 7.5 |
2006-12-04 | CVE-2006-6269 | Infinity Technologies | SQL-Injection vulnerability in Infinitytechs Restaurants Cm Multiple SQL injection vulnerabilities in Infinitytechs Restaurants CM allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in rating.asp, (2) the mealid parameter in meal_rest.asp, and (3) the resid parameter in res_details.asp. | 7.5 |
2006-12-04 | CVE-2006-6264 | Microsoft | Remote Security vulnerability in Teredo Teredo creates trusted peer entries for arbitrary incoming source Teredo addresses, even if the low 32 bits represent an intranet address, which might allow remote attackers to send IPv4 traffic to intranet hosts that use non-RFC1918 addresses, bypassing IPv4 ingress filtering. | 7.5 |
2006-12-04 | CVE-2006-6260 | Redbinaria | SQL Injection vulnerability in SIAP CMS Login.ASP SQL injection vulnerability in login.asp in Redbinaria Sistema Integrado de Administracion de Portales (SIAP) allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2006-12-04 | CVE-2006-6255 | Nukeai | Remote Code Execution vulnerability in Nukeai 0.0.3Beta Direct static code injection vulnerability in util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension in the filename parameter and code in the moreinfo parameter, which is saved to a filename under descriptions/, which is accessible via a direct request. | 7.5 |
2006-12-04 | CVE-2006-6251 | Vuplayer | Buffer Overflow vulnerability in VUPlayer M3U UNC Name Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote attackers to execute arbitrary code via a long string in an M3U file, aka an "M3U UNC Name" attack. | 7.5 |
2006-12-04 | CVE-2006-6247 | Uapplication | SQL Injection vulnerability in Uapplication Uphotogallery 1.1 Multiple SQL injection vulnerabilities in Uapplication UPhotoGallery 1.1 allow remote attackers to execute arbitrary SQL commands via the ci parameter to (1) slideshow.asp or (2) thumbnails.asp. | 7.5 |
2006-12-04 | CVE-2006-6246 | Photo Organizer | Input Validation vulnerability in Photo Organizer Photo Organizer 2.32b and earlier does not properly check the ownership of certain objects, which allows remote attackers to gain unauthorized access via vectors related to (1) camera del, (2) camera edit, (3) folder/album deletion, (4) photo.move, (5) content.indexer, (6) folder.content, and possibly other operations. | 7.5 |
2006-12-04 | CVE-2006-6245 | Photo Organizer | Input Validation vulnerability in Photo Organizer Multiple SQL injection vulnerabilities in Photo Organizer (PO) 2.32b and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2006-12-04 | CVE-2006-6244 | Coalescent Systems | Input Validation vulnerability in FreePBX Coalescent Systems freePBX (formerly Asterisk Management Portal) before 2.2.0rc1 allows attackers to execute arbitrary commands via shell metacharacters in (1) CALLERID(name) or (2) CALLERID(number). | 7.5 |
2006-12-04 | CVE-2006-6243 | Fipsasp | SQL Injection vulnerability in fipsShop Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter. | 7.5 |
2006-12-10 | CVE-2006-6418 | HP | Buffer Errors vulnerability in HP Tru64 4.0F/4.0G/5.1A Buffer overflow in the POSIX Threads library (libpthread) on HP Tru64 UNIX 4.0F PK8, 4.0G PK4, and 5.1A PK6 allows local users to gain root privileges via a long PTHREAD_CONFIG environment variable. | 7.2 |
2006-12-08 | CVE-2006-6385 | Intel | Local Privilege Escalation vulnerability in Intel Network Drivers Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and PRO/10GbE PCI, PCI-X, and PCIe network adapter drivers (aka NDIS miniport drivers) before 20061205 allows local users to execute arbitrary code with "kernel-level" privileges via an incorrect function call in certain OID handlers. | 7.2 |
97 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-12-10 | CVE-2006-6452 | Myarticles | Cross-Site Scripting vulnerability in Myarticles Multiple cross-site scripting (XSS) vulnerabilities in the MyArticles module before 0.6 beta 1, for RunCMS, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) topics.php, (2) submit.php, and (3) class/calendar.class.php. | 6.8 |
2006-12-10 | CVE-2006-6451 | Swsoft | Cross-Site Scripting vulnerability in Swsoft Plesk 7.5 Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3. | 6.8 |
2006-12-10 | CVE-2006-6447 | VT Forum | Cross-Site Scripting vulnerability in Vt-Forum Lite 1.3/1.5 Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the StrMes parameter in vf_info.asp and possibly (2) a URL in the SRC attribute of an IFRAME element that is submitted to vf_newtopic.asp. | 6.8 |
2006-12-10 | CVE-2006-6446 | Iware | SQL Injection vulnerability in Iware Professional 5.0.4 SQL injection vulnerability in index.php in iWare Professional 5.0.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the D parameter. | 6.8 |
2006-12-10 | CVE-2006-6444 | Divx | Buffer Overflow vulnerability in Divx Player 2.1/2.2.00.0 Stack-based buffer overflow in Nostra DivX Player 2.1, 2.2.00.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long string in an M3U file. | 6.8 |
2006-12-10 | CVE-2006-6436 | Xerox | Cross-Site Scripting vulnerability in Workcentre 238 Cross-site scripting (XSS) vulnerability in the Network controller in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to inject arbitrary web script or HTML via HTTP TRACE messages. | 6.8 |
2006-12-10 | CVE-2006-6426 | Thinkedit | Remote Security vulnerability in ThinkEdit PHP remote file inclusion vulnerability in design/thinkedit/render.php in ThinkEdit 1.9.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the template_file parameter. | 6.8 |
2006-12-10 | CVE-2006-6420 | Ryan Demmer | Cross-Site Scripting vulnerability in JCE Admin Component for Joomla Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allow remote attackers to inject arbitrary web script or HTML via the (1) img, (2) title, (3) w, or (4) h parameter, different vectors than CVE-2006-6166. | 6.8 |
2006-12-10 | CVE-2006-6413 | Amateras | Cross-Site Scripting vulnerability in Amateras SNS Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.8 |
2006-12-10 | CVE-2006-6401 | Mystats | Cross-Site Scripting vulnerability in Mystats Multiple cross-site scripting (XSS) vulnerabilities in mystats.php in MyStats 1.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) connexion, (2) by, and (3) details parameter. | 6.8 |
2006-12-10 | CVE-2006-6400 | Justsystem | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Justsystem products Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer 1.x, Ichitaro 2004, Ichitaro 2005, Ichitaro Lite2, Ichitaro viewer 4.x, and Sanshiro 2005 allows remote attackers to execute arbitrary code via the (1) Keyword and (2) Title fields, related to string length fields. | 6.8 |
2006-12-08 | CVE-2006-6393 | Jonas Gauffin | Input Validation vulnerability in Publicera Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera 1.0-rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the InputFilter::getString function. | 6.8 |
2006-12-08 | CVE-2006-6391 | Open Solution | Directory Traversal vulnerability in Open Solution Quick.Cart 2.0 Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include arbitrary files via a .. | 6.8 |
2006-12-08 | CVE-2006-6390 | Open Solution | Local File Include vulnerability in Open Solution Quick.Cart 2.0 Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2006-12-08 | CVE-2006-6389 | Ac4P | Scripts Multiple Cross-Site Scripting vulnerability in Mobile Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via the (1) Taaa parameter to (a) up.php, or the (2) pollhtml and (3) Bloks parameters to (b) polls.php, different vectors than CVE-2006-5770. | 6.8 |
2006-12-08 | CVE-2006-6388 | Link | Input Validation vulnerability in Link CMS Cross-site scripting (XSS) vulnerability in naprednaPretraga.php in LINK Content Management Server (CMS) allows remote attackers to inject arbitrary web script or HTML via the txtPretraga parameter. | 6.8 |
2006-12-08 | CVE-2006-6386 | Drupal | Cross-Site Scripting vulnerability in Drupal CVS Management/Tracker Motivation Field Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote attackers to inject arbitrary web script or HTML via the motivation field in the CVS application page, which is not passed through check_markup on display. | 6.8 |
2006-12-08 | CVE-2006-6334 | Citrix | Buffer Overflow vulnerability in Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer. | 6.8 |
2006-12-07 | CVE-2006-6382 | Positive Software | Unspecified vulnerability in Positive Software H-Sphere 2.4.3 The control panel for Positive Software H-Sphere before 2.5.0 RC3 creates log files in a user's directory with insecure permissions, which allows local users to append log data to arbitrary files via a symlink attack. | 6.8 |
2006-12-07 | CVE-2006-6380 | Ultimate Helpdesk | Cross-Site Scripting vulnerability in Ultimate HelpDesk Index.ASP Cross-site scripting (XSS) vulnerability in index.asp in Ultimate HelpDesk allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | 6.8 |
2006-12-07 | CVE-2006-6375 | Simple Machines | HTML Injection vulnerability in SMF Image File Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection. | 6.8 |
2006-12-07 | CVE-2006-6372 | James Barnsley | Cross-Site Scripting vulnerability in James Barnsley JAB Guest Book 20061205 Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php in JAB Guest Book 20061205 allow remote attackers to inject arbitrary web script or HTML via the (1) topic or (2) message parameter. | 6.8 |
2006-12-07 | CVE-2006-6371 | James Barnsley | HTML Injection vulnerability in JAB Guest Book Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB Guest Book allows remote attackers to inject arbitrary web script or HTML via the author parameter. | 6.8 |
2006-12-07 | CVE-2006-6366 | Cerberus | Cross-Site Scripting vulnerability in Cerberus Helpdesk Spellwin.PHP Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter. | 6.8 |
2006-12-07 | CVE-2006-6364 | Inside Systems | Cross-Site Scripting vulnerability in Inside Systems Inside Systems Mail2.0 Cross-site scripting (XSS) vulnerability in error.php in Inside Systems Mail (ISMail) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. | 6.8 |
2006-12-07 | CVE-2006-6363 | Bluesocket | Cross-Site Scripting vulnerability in BlueSocket BSC 2100 Admin.PL Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket Secure Controller (BSC) before 5.2, or without 5.1.1-BluePatch, allows remote attackers to inject arbitrary web script or HTML via the ad_name parameter. | 6.8 |
2006-12-07 | CVE-2006-6359 | Stefan Frech | Cross-Site Scripting vulnerability in Stefan Frech Online-Bookmarks 0.6.12 Cross-site scripting (XSS) vulnerability in Stefan Frech online-bookmarks 0.6.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.8 |
2006-12-07 | CVE-2006-6357 | Phpnews | Cross-Site Scripting vulnerability in PHPNews Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in PHPNews 1.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.8 |
2006-12-07 | CVE-2006-6356 | Phpnews | Cross-Site Scripting vulnerability in PHPnews 1.3 Multiple cross-site scripting (XSS) vulnerabilities in templates/link_temp.php in PHPNews 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) id, (3) subject, (4) username, or (5) time parameter. | 6.8 |
2006-12-07 | CVE-2006-6348 | Mowdbb | Cross-Site Scripting vulnerability in Mowdbb RC6 Cross-site scripting (XSS) vulnerability in board.php in mowdBB RC-6 allows remote attackers to inject arbitrary web script or HTML via the forum_name[] parameter. | 6.8 |
2006-12-07 | CVE-2006-6343 | Neocrome | SQL Injection vulnerability in Seditio/Land Down Under Polls.PHP SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 6.8 |
2006-12-07 | CVE-2006-6339 | Devilz Clanportal | SQL Injection vulnerability in Devilz Clanportal Devilz Clanportal 1.3.6 SQL injection vulnerability in sites/index.php in deV!L`z Clanportal (DZCP) before 1.3.6.1 allows remote attackers to execute arbitrary SQL commands via the show element in a GET request. | 6.8 |
2006-12-06 | CVE-2006-5856 | Adobe | Buffer Overflow vulnerability in Adobe Download Manager AOM Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file. | 6.8 |
2006-12-05 | CVE-2006-6295 | Mxbb | Remote File Include vulnerability in Mxbb MX Tinies 1.3.0 PHP remote file inclusion vulnerability in includes/mx_common.php in the mx_tinies 1.3.0 Module for MxBB Portal 1.06 allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | 6.8 |
2006-12-05 | CVE-2006-6291 | Mailenable | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mailenable Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.83 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.40 and 2.0 through 2.33, allows remote authenticated users to cause a denial of service (crash) via a long argument containing * (asterisk) and ? (question mark) characters to the DELETE command, as addressed by the ME-10020 hotfix. | 6.8 |
2006-12-05 | CVE-2006-6289 | Woltlab | SQL-Injection vulnerability in Woltlab Burning Board Lite 1.0.2 Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level URI. | 6.8 |
2006-12-05 | CVE-2006-6142 | Squirrelmail | Cross-Site Scripting and Input Validation vulnerability in SquirrelMail Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter." | 6.8 |
2006-12-04 | CVE-2006-6278 | Alexphpteam | Input Validation vulnerability in Alexphpteam Alex Guestbook 4.0.1 Cross-site scripting (XSS) vulnerability in index.php in @lex Guestbook 4.0.1 allows remote attackers to inject arbitrary web script or HTML via the skin parameter. | 6.8 |
2006-12-04 | CVE-2006-6274 | Expinion NET | Cross-Site Scripting vulnerability in Expinion.net iNews Publisher Articles.ASP SQL injection vulnerability in articles.asp in Expinion.net iNews (1) Publisher (iNP) 2.5 and earlier, and possibly (2) News Manager, allows remote attackers to execute arbitrary SQL commands via the ex parameter. | 6.8 |
2006-12-04 | CVE-2006-6272 | Paul Griffin | Cross-Site Scripting vulnerability in Paul Griffin Simple PHP Gallery 1.1 Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. | 6.8 |
2006-12-04 | CVE-2006-6271 | Phpoll | Cross-Site Scripting vulnerability in PHPoll 0.96 Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL 0.96 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) index.php, (2) info.php; and (3) index.php, (4) votanti.php, (5) risultati_config.php, (6) modifica_band.php, (7) band_editor.php, and (8) config_editor.php in admin/. | 6.8 |
2006-12-04 | CVE-2006-6266 | Microsoft | Remote Security vulnerability in Teredo Teredo clients, when following item 6 of RFC4380 section 5.2.3, start direct IPv6 connectivity tests (aka ping tests) in response to packets from non-Teredo source addresses, which might allow remote attackers to induce Teredo clients to send packets to third parties. | 6.8 |
2006-12-04 | CVE-2006-6263 | Microsoft | Security Bypass vulnerability in Teredo Teredo clients, when source routing is enabled, recognize a Routing header in an encapsulated IPv6 packet and send the packet to the next hop, which might allow remote attackers to bypass policies of certain Internet gateways that drop all source-routed packets. | 6.8 |
2006-12-04 | CVE-2006-6257 | Alternc | Input Validation vulnerability in AlternC The file manager in AlternC 0.9.5 and earlier, when warnings are enabled in PHP, allows remote attackers to obtain sensitive information via certain folder names such as ones composed of JavaScript code, which reveal the path in a warning message. | 6.8 |
2006-12-04 | CVE-2006-6256 | Alternc | Input Validation vulnerability in AlternC Cross-site scripting (XSS) vulnerability in the file manager in admin/bro_main.php in AlternC 0.9.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a folder name. | 6.8 |
2006-12-04 | CVE-2006-6249 | Chama Cargo | Cross-Site Scripting vulnerability in Chama Cargo Cross-site scripting (XSS) vulnerability in Chama Cargo 4.36 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.8 |
2006-12-10 | CVE-2006-6453 | J Owamp | Remote File Include vulnerability in J-Owamp web Interface 2.1 PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php in J-OWAMP Web Interface 2.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the link parameter. | 6.5 |
2006-12-07 | CVE-2006-6347 | TFT Gallery | File-Upload vulnerability in TFT Gallery Unrestricted file upload vulnerability in TFT-Gallery allows remote authenticated administrators to upload arbitrary .php files, possibly using admin/index.php. | 6.5 |
2006-12-05 | CVE-2006-6290 | Mailenable | Buffer Overflow vulnerability in MailEnable IMAP Service Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.82 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.30 and 2.0 through 2.33 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) EXAMINE or (2) SELECT command. | 6.5 |
2006-12-10 | CVE-2006-6449 | VT Forum | Information Disclosure vulnerability in Vt-Forum Lite 1.3 Vt-Forum Lite 1.3 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/forum.mdb. | 6.4 |
2006-12-04 | CVE-2006-6262 | Phpjunkyard | Unspecified vulnerability in PHPjunkyard Mboard Directory traversal vulnerability in mboard.php in PHPJunkYard (aka Klemen Stirn) MBoard 1.22 and earlier allows remote attackers to create arbitrary empty files via a .. | 6.4 |
2006-12-05 | CVE-2006-6296 | Microsoft | Resource Management Errors vulnerability in Microsoft Windows 2000 and Windows XP The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644. | 6.1 |
2006-12-10 | CVE-2006-6421 | Phpbb Group | Input Validation vulnerability in PHPBB Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user. | 6.0 |
2006-12-06 | CVE-2006-6330 | Torrentflux | Remote Security vulnerability in Torrentflux 2.2 index.php for TorrentFlux 2.2 allows remote registered users to execute arbitrary commands via shell metacharacters in the kill parameter. | 6.0 |
2006-12-04 | CVE-2006-6265 | Microsoft | Remote Security vulnerability in Teredo Teredo clients, when located behind a restricted NAT, allow remote attackers to establish an inbound connection without the guessing required to find a port mapping for a traditional restricted NAT client, by (1) using the client port number contained in the Teredo address or (2) following the bubble-to-open procedure. | 5.8 |
2006-12-05 | CVE-2006-6292 | Apple | Denial Of Service vulnerability in Apple mac OS X 10.4.8 Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 on Mac mini, MacBook, and MacBook Pro with Core Duo hardware allows remote attackers to cause a denial of service (out-of-bounds memory access and kernel panic) and have possibly other security-related impact via certain beacon frames. | 5.7 |
2006-12-10 | CVE-2006-6433 | Xerox | Remote Security vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000 Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 does not record accurate timestamps, which makes it easier for remote attackers to avoid detection when an audit tries to rely on these timestamps. | 5.0 |
2006-12-10 | CVE-2006-6432 | Xerox | Multiple vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000 Unspecified vulnerability in the Scan-to-mailbox feature in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to download certain files via unspecified vectors. | 5.0 |
2006-12-10 | CVE-2006-6431 | Xerox | Remote Security vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000 Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify signatures of e-mail messages via unspecified vectors. | 5.0 |
2006-12-10 | CVE-2006-6429 | Xerox | Multiple vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000 Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify certain configuration settings via unspecified vectors involving the "TFTP/BOOTP auto configuration option." | 5.0 |
2006-12-10 | CVE-2006-6422 | Agileco | Applications Denial of Service vulnerability in Agileco Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly handle certain proxy requests, which allows remote attackers to disable the application by entering invalid license data on a form, possibly involving modules/core/license.inc.php. | 5.0 |
2006-12-10 | CVE-2006-6408 | Kaspersky LAB | Unspecified vulnerability in Kaspersky LAB Kaspersky Anti-Virus 5.5.10 Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. | 5.0 |
2006-12-10 | CVE-2006-6407 | F Prot | Unspecified vulnerability in F-Prot Antivirus 4.6.6 F-Prot Antivirus for Linux x86 Mail Servers 4.6.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. | 5.0 |
2006-12-10 | CVE-2006-6406 | Clam Anti Virus | Unspecified vulnerability in Clam Anti-Virus Clamav 0.88.6 Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. | 5.0 |
2006-12-10 | CVE-2006-6405 | Softwin | Unspecified vulnerability in Softwin Bitdefender Mail Protection 2.0 BitDefender Mail Protection for SMB 2.0 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. | 5.0 |
2006-12-10 | CVE-2006-6403 | Mystats | Remote Security vulnerability in Mystats mystats.php in MyStats 1.0.8 and earlier allows remote attackers to obtain the installation path via (1) details and (2) by array parameters, probably resulting in a path disclosure in an error message. | 5.0 |
2006-12-10 | CVE-2006-5874 | Clam Anti Virus | Denial Of Service vulnerability in Clam Anti-Virus MIME Attachments Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference. | 5.0 |
2006-12-08 | CVE-2006-6395 | Ulrik Petersen | Local Denial of Service vulnerability in Emdros Database Engine Multiple memory leaks in Ulrik Petersen Emdros Database Engine before 1.2.0.pre231 allow local users to cause a denial of service (memory consumption) via unspecified vectors, a different issue than CVE-2005-0415. | 5.0 |
2006-12-07 | CVE-2006-6373 | Phpmyadmin | Information Disclosure vulnerability in PHPmyadmin 2.7.0Pl2 PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message. | 5.0 |
2006-12-07 | CVE-2006-6353 | Apple | Remote Archive File vulnerability in Apple BOMArchiveHelper Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote attackers to cause a denial of service (application crash) via unspecified vectors related to (1) certain KERN_PROTECTION_FAILURE thread crashes and (2) certain KERN_INVALID_ADDRESS thread crashes, as discovered with the "iSec Partners FileP fuzzer". | 5.0 |
2006-12-07 | CVE-2006-6352 | Frisk Software | Remote Denial Of Service vulnerability in Frisk Software F-Prot Antivirus 3.16F FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to cause a denial of service (infinite loop) via a crafted ACE file. | 5.0 |
2006-12-07 | CVE-2006-6340 | Nvidia | Local Denial of Service vulnerability in Nvidia NView Keystone.EXE keystone.exe in nVIDIA nView allows attackers to cause a denial of service via a long command line argument. | 5.0 |
2006-12-07 | CVE-2006-6338 | Devilz Clanportal | Unspecified vulnerability in Devilz Clanportal Devilz Clanportal 1.3.6 Unrestricted file upload vulnerability in upload/index.php in deV!L`z Clanportal (DZCP) before 1.3.6.1 allows remote attackers to upload and execute arbitrary .php files by embedding PHP code in a JPEG or GIF file that is uploaded to inc/images/uploads/userpics/. | 5.0 |
2006-12-06 | CVE-2006-6112 | Lifetype | Remote Security vulnerability in LifeType LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote attackers to obtain the installation path via a direct request to any of the scripts, as demonstrated by (a) bayesianfilter.class.php and (b) bootstrap.php, which leaks the path in an error message. | 5.0 |
2006-12-06 | CVE-2006-6311 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 6.0.2900.2180 Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service via a style attribute in an HTML table tag with a width value that is dynamically calculated using JavaScript. | 5.0 |
2006-12-06 | CVE-2006-6310 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (crash) via an invalid src attribute value ("?") in an HTML frame tag that is in a frameset tag with a large rows attribute. | 5.0 |
2006-12-06 | CVE-2006-6303 | Yukihiro Matsumoto | Resource Management Errors vulnerability in Yukihiro Matsumoto Ruby The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467. | 5.0 |
2006-12-06 | CVE-2006-6302 | Fail2Ban | Remote Denial of Service vulnerability in Fail2Ban fail2ban 0.7.4 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address. | 5.0 |
2006-12-06 | CVE-2006-6301 | Denyhosts | Remote Denial of Service vulnerability in Denyhosts 2.5 DenyHosts 2.5 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address, which is not properly handled by a regular expression. | 5.0 |
2006-12-05 | CVE-2006-6307 | Novell | Remote Denial of Service vulnerability in Novell Client 4.91 srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote attackers to cause an unspecified denial of service via a crafted packet to port 427 that triggers an access of pageable or invalid addresses using a higher interrupt request level (IRQL) than necessary. | 5.0 |
2006-12-05 | CVE-2006-6297 | KDE | Resource Management Errors vulnerability in KDE Kdegraphics 3.2/3.4.3 Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service (stack consumption) via a crafted EXIF section in a JPEG file, which results in an infinite recursion. | 5.0 |
2006-12-04 | CVE-2006-6279 | Alexphpteam | Input Validation vulnerability in Alexphpteam Alex Guestbook 4.0.1 index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain sensitive information via a skin parameter referencing a nonexistent skin, which reveals the installation path in an error message. | 5.0 |
2006-12-04 | CVE-2006-6277 | Contentserv | Local File Include vulnerability in Contentserv 4.0/4.1 Directory traversal vulnerability in admin/FileServer.php in ContentServ 4.x allows remote attackers to read arbitrary files via a .. | 5.0 |
2006-12-04 | CVE-2006-6253 | Cahier DE Textes | Directory Traversal vulnerability in Cahier DE Textes Cahier DE Textes 2.0 Cahier de texte 2.0 stores sensitive information under the web root, possibly with insufficient access control, which might allow remote attackers to obtain all users' passwords via a direct request for administration/dump.sql. | 5.0 |
2006-12-10 | CVE-2006-6438 | Xerox | Local Security vulnerability in Workcentre 238 Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 leaves sensitive user data in http.log after an Immediate Image Overwrite (IIO), which allows local users to obtain the data by reading the http.log file. | 4.9 |
2006-12-06 | CVE-2006-6329 | Torrentflux | Remote Security vulnerability in Torrentflux 2.2 index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter. | 4.9 |
2006-12-06 | CVE-2006-6328 | Torrentflux | Directory Traversal vulnerability in Torrentflux 2.2 Directory traversal vulnerability in index.php for TorrentFlux 2.2 allows remote attackers to create or overwrite arbitrary files via sequences in the alias_file parameter. | 4.9 |
2006-12-04 | CVE-2006-6275 | SUN | Race Condition vulnerability in SUN Solaris and Sunos Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals. | 4.7 |
2006-12-10 | CVE-2006-6383 | PHP | Improper Input Validation vulnerability in PHP 4.4.0/5.2.0 PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. | 4.6 |
2006-12-10 | CVE-2006-6441 | Xerox | Local Security vulnerability in Workcentre 238 Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows local users to bypass security controls and boot Alchemy via certain alternate boot media, as demonstrated by a USB thumb drive. | 4.6 |
2006-12-10 | CVE-2006-6410 | Vmware | Buffer Overflow vulnerability in VMWare Workstation 5.5.1 Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local users to execute arbitrary code via a long VmdbDb parameter to the Initialize function. | 4.6 |
2006-12-04 | CVE-2006-6288 | Niek Albers | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Niek Albers Coolplayer Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier allow remote attackers to execute arbitrary code via (1) a playlist file with long song names, because of an overflow in the CPL_AddPrefixedFile function in CPI_Playlist.c; (2) a skin file with long button names, because of an overflow in the main_skin_check_ini_value function in skin.c; and (3) a skin file with long bitmap filenames, because of an overflow in the main_skin_open function in skin.c. | 4.6 |
2006-12-07 | CVE-2006-4249 | Plone | Group Spoofing vulnerability in Plone 2.5/2.5.1 Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a group." | 4.3 |
2006-12-05 | CVE-2006-6300 | Cutephp | Cross-Site Scripting vulnerability in Cutephp Cutenews 1.3.6 Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the result parameter. | 4.3 |
2006-12-04 | CVE-2006-6283 | Vikingboard | Cross-Site Scripting vulnerability in Vikingboard 0.1.2 Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the subject field of (1) a private message (PM) or (2) a bulletin board post. | 4.3 |
2006-12-04 | CVE-2006-6254 | Cahier DE Textes | Directory Traversal vulnerability in Cahier DE Textes Cahier DE Textes 2.0 administration/telecharger.php in Cahier de texte 2.0 allows remote attackers to obtain unparsed content (source code) of files via the chemin parameter, as demonstrated using directory traversal sequences to obtain the MySQL username and password from conn_cahier_de_texte.php. | 4.3 |
2006-12-04 | CVE-2006-6252 | Microsoft | Denial-Of-Service vulnerability in Microsoft Windows Live Messenger 8.0 Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons. | 4.3 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-12-04 | CVE-2006-6286 | Palm | Unspecified vulnerability in Palm Desktop 4.0B76/4.0B77 Palm Desktop 4.1.4 and earlier stores user data with weak permissions under the application directory, which allows local users to obtain sensitive information (address books, calendar files, and todo lists of other users) via unspecified vectors. | 1.7 |
2006-12-05 | CVE-2006-6306 | Novell | Local Security vulnerability in Novell Client 4.91 Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window. | 1.2 |