Weekly Vulnerabilities Reports > December 4 to 10, 2006

Overview

198 new vulnerabilities reported during this period, including 21 critical vulnerabilities and 74 high severity vulnerabilities. This weekly summary report vulnerabilities in 198 products from 138 vendors including Xerox, Microsoft, Novell, Duware, and Torrentflux. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Resource Management Errors", "Cross-site Scripting", and "OS Command Injection".

  • 182 reported vulnerabilities are remotely exploitables.
  • 29 reported vulnerabilities have public exploit available.
  • 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 185 reported vulnerabilities are exploitable by an anonymous user.
  • Xerox has the most reported vulnerabilities, with 15 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

21 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-12-10 CVE-2006-6454 J Owamp Remote Security vulnerability in web interface

execInBackground.php in J-OWAMP Web Interface 2.1b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters to the (1) exe and (2) args parameters, which are used in an exec function call.

10.0
2006-12-10 CVE-2006-6443 Novell Buffer Overflow vulnerability in Novell Client 4.91

Buffer overflow in the Novell Distributed Print Services (NDPS) Print Provider for Windows component (NDPPNT.DLL) in Novell Client 4.91 has unknown impact and remote attack vectors.

10.0
2006-12-10 CVE-2006-6409 F Secure Unspecified vulnerability in F-Secure Anti-Virus 4.65

F-Secure Anti-Virus for Linux Gateways 4.65 allows remote attackers to cause a denial of service (possibly fatal scan error), and possibly bypass virus detection, by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.

10.0
2006-12-07 CVE-2006-6361 Bitflux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bitflux Upload Progress Meter 8215/8275

Heap-based buffer overflow in the uploadprogress_php_rfc1867_file function in uploadprogress.c in Bitflux Upload Progress Meter before 8276 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted HTTP POST fileupload requests.

10.0
2006-12-07 CVE-2006-6235 GNU
Gpg4Win
Redhat
Rpath
Slackware
Ubuntu
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
10.0
2006-12-07 CVE-2006-6355 Duware SQL Injection vulnerability in DUClassmate ICity Parameter

SQL injection vulnerability in default.asp in DuWare DuClassmate allows remote attackers to execute arbitrary SQL commands via the iCity parameter.

10.0
2006-12-07 CVE-2006-6351 Khaledmuratlist Remote Security vulnerability in Khaledmuratlist

KhaledMuratList stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) CL2F9R1A2C1N.mdb or (2) Data2F9R1A2C1N.mdb.

10.0
2006-12-07 CVE-2006-6350 Iisworks Remote Security vulnerability in Iisworks Listpics 5.0

listpics 5 stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for listpics.mdb.

10.0
2006-12-07 CVE-2006-6346 SAP Multiple Unspecified vulnerability in SAP IGS

Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to "Undocumented Features." NOTE: it is possible that there are multiple issues.

10.0
2006-12-06 CVE-2006-5855 IBM Buffer Overflow vulnerability in IBM Tivoli Storage Manager

Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message.

10.0
2006-12-05 CVE-2006-6299 Novell Remote Integer Overflow vulnerability in Novell Zenworks Asset Management 7

Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management (ZAM) before SP1 IR11 and the Collection client allows remote attackers to execute arbitrary code via crafted packets, which trigger a heap-based buffer overflow.

10.0
2006-12-04 CVE-2006-6270 Kervancilar SQL-Injection vulnerability in Aspmforum

Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via (1) the soruid parameter in forum2.asp, (2) the ak parameter in kullanicilistesi.asp, (3) the kelimeler parameter in aramayap.asp, and (4) the kullaniciadi parameter in giris.asp; and allow remote authenticated users to execute arbitrary SQL commands via (5) the mesajno parameter in mesajkutum.asp.

10.0
2006-12-04 CVE-2006-6268 Neocrome SQL-Injection vulnerability in Land Down Under

SQL injection vulnerability in system/core/profile/profile.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote authenticated users to execute arbitrary SQL commands via a url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by a double-encoded NULL and ' (apostrophe) (%2500%2527).

10.0
2006-12-04 CVE-2006-6259 Alternc Input Validation vulnerability in AlternC

Multiple directory traversal vulnerabilities in (a) class/functions.php and (b) class/m_bro.php in AlternC 0.9.5 and earlier allow remote attackers to (1) create arbitrary files and directories via a ..

10.0
2006-12-04 CVE-2006-3893 Casio
Newtone
Buffer Overflow vulnerability in Newtone ImageKit ActiveX

Multiple buffer overflows in the ActiveX controls in Newtone ImageKit 5 before Fix 30 and 6 before Fix 40, as used in CASIO Photo Loader software before 3.01 and possibly other software, allow remote attackers to execute arbitrary code via a crafted HTML document.

10.0
2006-12-10 CVE-2006-6442 AOL Buffer Errors vulnerability in AOL Client Software 7.04114.563/8.04129.230/9.0

Stack-based buffer overflow in the SetClientInfo function in the CDDBControlAOL.CDDBAOLControl ActiveX control (cddbcontrol.dll), as used in America Online (AOL) 7.0 4114.563, 8.0 4129.230, and 9.0 Security Edition 4156.910, and possibly other products, allows remote attackers to execute arbitrary code via a long ClientId argument.

9.3
2006-12-06 CVE-2006-5994 Microsoft Remote Code Execution vulnerability in Microsoft Word Malformed String Arbitrary

Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v.

9.3
2006-12-04 CVE-2006-6282 Vikingboard HTML Injection And Directory Traversal vulnerability in Vikingboard 0.1.2

members.php in Vikingboard 0.1.2 allows remote attackers to trigger a forced SQL error via an invalid s parameter, a different vector than CVE-2006-4709.

9.3
2006-12-04 CVE-2006-6261 Microsoft
Quinnware
Remote Memory Corruption vulnerability in Quinnware Quintessential Player Playlist Files

Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a) NumberofEntries, (b) Length (aka Length1), (c) Filename (aka File1), (d) Title (aka Title1) field, or other unspecified fields.

9.3
2006-12-04 CVE-2006-6258 Alternc Input Validation vulnerability in AlternC

The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting (XSS) attack.

9.3
2006-12-04 CVE-2006-6284 Vikingboard HTML Injection And Directory Traversal vulnerability in Vikingboard 0.1.2

Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 allows remote authenticated administrators to include arbitrary files via a ..

9.0

74 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-12-10 CVE-2006-6439 Xerox Information Disclosure vulnerability in Workcentre 238

Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to download the audit log and obtain potentially sensitive information via unspecified vectors.

7.8
2006-12-10 CVE-2006-6437 Xerox Denial-Of-Service vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000

ops3-dmn in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows attackers to cause a denial of service (application crash and core dump) via a certain PS file.

7.8
2006-12-10 CVE-2006-6430 Xerox Multiple vulnerability in Xerox WorkCentre and WorkCentre Pro

Web services in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 do not require HTTPS, which allows remote attackers to obtain sensitive information by sniffing the unencrypted HTTP traffic.

7.8
2006-12-10 CVE-2006-6411 Linksys Denial Of Service vulnerability in Linksys WIP 330 Wireless-G IP Phone 1.0.6A

PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A allows remote attackers to cause a denial of service (crash) via a TCP SYN scan, as demonstrated using TCP ports 1-65535 with nmap.

7.8
2006-12-07 CVE-2006-6384 John Goodman Directory Traversal vulnerability in Abitwhizzy

Absolute path traversal vulnerability in abitwhizzy.php before 20061204 allows remote attackers to read arbitrary files via an absolute pathname in the Filename text window (f parameter), a variant of CVE-2006-6084.

7.8
2006-12-06 CVE-2006-6333 Linux Remote Denial of Service vulnerability in Linux Kernel 2.6.19

The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the wrong flag to the ip_summed field, which allows remote attackers to cause a denial of service (memory corruption) via crafted packets that cause the kernel to interpret another field as an offset.

7.8
2006-12-04 CVE-2006-6267 Postnuke Software Foundation Information Disclosure vulnerability in Postnuke Software Foundation Postnuke 0.7.5.0

PostNuke 0.7.5.0, and certain minor versions, allows remote attackers to obtain sensitive information via a non-numeric value of the stop parameter, which reveals the path in an error message.

7.8
2006-12-04 CVE-2006-6250 Songbird Denial of Service vulnerability in Songbird Media Player

Format string vulnerability in Songbird Media Player 0.2 and earlier allows remote attackers to cause a denial of service (crash) via an M3U Playlist file containing extended ASCII, which causes the Unicode converter to be invoked.

7.8
2006-12-04 CVE-2006-6248 Gphotos Information Disclosure vulnerability in Gphotos 1.5

index.php in GPhotos 1.5 allows remote attackers to obtain sensitive information via an invalid rep parameter, which reveals the full path in an error message.

7.8
2006-12-10 CVE-2006-6455 Duware SQL Injection vulnerability in DUDirectory

Multiple SQL injection vulnerabilities in admin/default.asp in DUware DUdirectory 3.1, and possibly DUdirectory Pro and Pro SQL 3.x, allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password parameter.

7.5
2006-12-10 CVE-2006-6450 Novell SQL Injection vulnerability in Novell Zenworks Patch Management Server 6.3.2.700

Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in Novell ZENworks Patch Management (ZPM) before 6.3.2.700 allow remote attackers to execute arbitrary SQL commands via the (1) agentid and (2) pass parameters.

7.5
2006-12-10 CVE-2006-6448 VT Forum SQL-Injection vulnerability in Vt-Forum

Multiple SQL injection vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the user parameter to vf_memberdetail.asp, and other unspecified vectors.

7.5
2006-12-10 CVE-2006-6445 Envolution Local Code Include vulnerability in Envolution 1.1.0

Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a ..

7.5
2006-12-10 CVE-2006-6379 Broadcom Unspecified vulnerability in Broadcom products

Buffer overflow in the BrightStor Backup Discovery Service in multiple CA products, including ARCserve Backup r11.5 SP1 and earlier, ARCserve Backup 9.01 up to 11.1, Enterprise Backup 10.5, and CA Server Protection Suite r2, allows remote attackers to execute arbitrary code via unspecified vectors.

7.5
2006-12-10 CVE-2006-6440 Xerox Remote Security vulnerability in Workcentre 238

Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allow remote attackers to have an unspecified impact via unspecified vectors relating to "HTTP Security issues."

7.5
2006-12-10 CVE-2006-6435 Xerox Information Disclosure vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000

The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 does not generate authentication failure traps, which allows remote attackers to more easily gain system access and obtain sensitive information via a brute force attack.

7.5
2006-12-10 CVE-2006-6434 Xerox Security Bypass vulnerability in Workcentre 238

Unspecified vulnerability in the Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to bypass authentication controls via unknown vectors.

7.5
2006-12-10 CVE-2006-6428 Xerox Multiple vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000

Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allow remote attackers to gain access via unspecified vectors related to "browser permissions."

7.5
2006-12-10 CVE-2006-6427 Xerox OS Command Injection vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000

The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration.

7.5
2006-12-10 CVE-2006-6419 Ryan Demmer Local File-Include vulnerability in JCE Admin Component for Joomla

jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allows remote attackers to include and possibly execute arbitrary local files via the (1) plugin or (2) file parameter.

7.5
2006-12-10 CVE-2006-6417 B2Evolution Remote File Include vulnerability in B2Evolution 1.8.5/1.9/1.9Beta

PHP remote file inclusion vulnerability in inc/CONTROL/import/import-mt.php in b2evolution 1.8.5 through 1.9 beta allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.

7.5
2006-12-10 CVE-2006-6416 Phpleague Univert Remote File Include vulnerability in PHPleague - Univert PHPleague 0.8.1

Multiple PHP remote file inclusion vulnerabilities in PhpLeague - Univert PhpLeague 0.81 allow remote attackers to execute arbitrary PHP code via a URL in the cheminmini parameter to (1) consult/miniseul.php or (2) config.php.

7.5
2006-12-10 CVE-2006-6415 Phpadsnew Unspecified vulnerability in PHPadsnew 2Dev20011009

** DISPUTED ** PHP remote file inclusion vulnerability in admin/lib-maintenance.inc.php in phpAdsNew 2.0.4-pr2 allows remote attackers to execute arbitrary PHP code via a URL in the phpAds_path parameter, a different component than CVE-2006-3984.

7.5
2006-12-10 CVE-2006-6414 DOL Storye SQL Injection vulnerability in Dol Storye Dettaglio.ASP

Multiple SQL injection vulnerabilities in dettaglio.asp in dol storye allow remote attackers to execute arbitrary SQL commands via the (1) id_doc or (2) id_aut parameter.

7.5
2006-12-10 CVE-2006-6332 Madwifi Remote Buffer Overflow vulnerability in Madwifi 0.9.2.1

Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWifi before 0.9.2.1 allows remote attackers to execute arbitrary code via unspecified vectors, related to the encode_ie and giwscan_cb functions.

7.5
2006-12-10 CVE-2006-6402 Mystats SQL Injection vulnerability in Mystats

SQL injection vulnerability in mystats.php in MyStats 1.0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the details parameter.

7.5
2006-12-10 CVE-2006-6221 2X Unspecified vulnerability in 2X Thinclientserver 3.0

2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote attackers to create multiple privileged accounts via a replay attack using the initial account creation request.

7.5
2006-12-08 CVE-2006-6399 Superfreaker Studios SQL-Injection vulnerability in Superfreaker Studios Upublisher 1.0

SQL injection vulnerability in Superfreaker Studios UPublisher 1.0 allows remote attackers to execute arbitrary SQL commands via the Username parameter in login.asp.

7.5
2006-12-08 CVE-2006-6398 Superfreaker Studios SQL-Injection vulnerability in Superfreaker Studios Upublisher 1.0

Multiple SQL injection vulnerabilities in Superfreaker Studios UPublisher 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (a) sendarticle.asp and (b) printarticle.asp, and the ID parameter to (c) index.asp and (d) preferences.asp, different vectors than CVE-2006-5888.

7.5
2006-12-08 CVE-2006-6396 Blazevideo Buffer Errors vulnerability in Blazevideo Hdtv Player 3.5

Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist, a different product than CVE-2006-6199.

7.5
2006-12-08 CVE-2006-6394 Jonas Gauffin Input Validation vulnerability in Publicera

SQL injection vulnerability in certain database classes in Jonas Gauffin Publicera 1.0-rc2 and earlier might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2006-12-08 CVE-2006-6392 PLX WEB Studio Local File Include vulnerability in PLX web Studio PLX PAY 3.0

Directory traversal vulnerability in index.php in plx Web Studio (aka plxWebDev) plx Pay 3.2 and earlier allows remote attackers to include and execute arbitrary local files, or obtain user credentials and other sensitive information, via a ..

7.5
2006-12-08 CVE-2006-6387 Link Content Management Server Input Validation vulnerability in Link CMS

Multiple SQL injection vulnerabilities in LINK Content Management Server (CMS) allow remote attackers to execute arbitrary SQL commands via the (1) IDMeniGlavni parameter to navigacija.php, and the (2) IDStranicaPodaci parameter to prikazInformacije.php.

7.5
2006-12-07 CVE-2006-6381 Ultimate Helpdesk Directory Traversal vulnerability in Ultimate HelpDesk

Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk allows remote attackers to read arbitrary files via a ..

7.5
2006-12-07 CVE-2006-6378 Widcomm Remote Security vulnerability in Widcomm Btsavemysql 1.2

BTSaveMySql 1.2 stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain configuration and save files via direct requests.

7.5
2006-12-07 CVE-2006-6377 Uploadscript Unspecified vulnerability in Uploadscript

Uploadscript 1.2 and earlier stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain the admin password hash via a direct request for /password.txt.

7.5
2006-12-07 CVE-2006-6376 Onedotoh Directory Traversal vulnerability in Onedotoh Simple File Manager 0.24A

Multiple directory traversal vulnerabilities in fm.php in Simple File Manager (SFM) 0.24a allow remote attackers to use ".." sequences to (1) read arbitrary files via the filename parameter in a download action, (2) delete arbitrary files via the delete parameter, and (3) modify arbitrary files via the edit parameter, which can be leveraged to execute arbitrary code.

7.5
2006-12-07 CVE-2006-6374 Phpmyadmin Remote Security vulnerability in PHPmyadmin 2.7.0Pl2

Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files.

7.5
2006-12-07 CVE-2006-6370 Invision Power Services SQL-Injection vulnerability in Invision Power Services Invision Gallery 2.0.7

SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause a denial of service and possibly have other impacts, as demonstrated using a "SELECT BENCHMARK" statement in the img parameter in a doaddcomment operation in index.php.

7.5
2006-12-07 CVE-2006-6369 Invision Power Services SQL-Injection vulnerability in Invision Power Services Invision Community Blog 1.2.4

SQL injection vulnerability in lib/entry_reply_entry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the "Preview message" functionality.

7.5
2006-12-07 CVE-2006-6368 Awrate Remote File Include vulnerability in Awrate 1.0

PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to search.php.

7.5
2006-12-07 CVE-2006-6367 Duware SQL Injection vulnerability in Duware Dudownload, Dunews and Dupaypal

Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter.

7.5
2006-12-07 CVE-2006-6365 Duware SQL Injection vulnerability in DUware DUpaypal Pro

SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the iType parameter.

7.5
2006-12-07 CVE-2006-6360 Sergey Korostel Remote File Include vulnerability in Sergey Korostel PHP Upload Center 2.0

PHP remote file inclusion vulnerability in activate.php in PHP Upload Center 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the footerpage parameter.

7.5
2006-12-07 CVE-2006-6358 Stefan Frech Input Validation vulnerability in Stefan Frech Online-Bookmarks 0.6.12

SQL injection vulnerability in the login function in auth.inc in Stefan Frech online-bookmarks 0.6.12 allows remote attackers to execute arbitrary SQL commands via the (1) username and possibly the (2) password parameter.

7.5
2006-12-07 CVE-2006-6354 Duware Software SQL Injection vulnerability in DUware

Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter.

7.5
2006-12-07 CVE-2006-6349 PWP Technologies SQL Injection vulnerability in PWP Technologies the Classified AD System

Multiple SQL injection vulnerabilities in PWP Technologies The Classified Ad System allow remote attackers to execute arbitrary SQL commands via (1) the main parameter in a view action (includes/mainpage/view.asp) in default.asp or (2) a query in the search engine.

7.5
2006-12-07 CVE-2006-6345 SAP Directory Traversal vulnerability in SAP Internet Graphics Service

Directory traversal vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 16 and earlier, and 7.00 Patchlevel 6 and earlier, allows remote attackers to delete arbitrary files via directory traversal sequences in an HTTP request.

7.5
2006-12-07 CVE-2006-6344 Neocrome SQL-Injection vulnerability in Seditio

Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and earlier have unknown impact and attack vectors related to (1) plugins/ipsearch/ipsearch.admin.php, and (2) pfs/pfs.edit.inc.php, (3) users/users.register.inc.php in system/core.

7.5
2006-12-07 CVE-2006-6342 KLF Design SQL-Injection vulnerability in Klf-Realty

Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L.

7.5
2006-12-07 CVE-2006-6341 MG Blattl Remote File Include vulnerability in MG.Blattl MG.Applanix APX_Root_Path Parameter

Multiple PHP remote file inclusion vulnerabilities in mg.applanix 1.3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the apx_root_path parameter to (1) act/act_check_access.php, (2) dsp/dsp_form_booking_ctl.php, and (3) dsp/dsp_bookings.php.

7.5
2006-12-07 CVE-2006-6337 Aspindir SQL Injection vulnerability in Aspindir Aspee Ziyaretci Defteri

Multiple SQL injection vulnerabilities in giris.asp in Aspee and Dogantepe Ziyaretci Defteri allow remote attackers to execute arbitrary SQL commands via the (1) kullanici or (2) parola parameter.

7.5
2006-12-06 CVE-2006-6305 NET Snmp Unspecified vulnerability in Net-Snmp 5.3

Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when configured using the rocommunity or rouser snmpd.conf tokens, causes Net-SNMP to grant write access to users or communities that only have read-only access.

7.5
2006-12-06 CVE-2006-6309 IBM Denial-Of-Service vulnerability in Tivoli Storage Manager Express

Multiple array index errors in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to read arbitrary memory locations and cause a denial of service (crash) via a large index value in unspecified messages, a different issue than CVE-2006-5855.

7.5
2006-12-05 CVE-2006-6298 Maxiasp SQL Injection vulnerability in Maxiasp Yonetimi 1.0

SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul Yonetim Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) kullanici_ismi and (2) sifre parameters.

7.5
2006-12-05 CVE-2006-6294 Frisk Software Unspecified vulnerability in Frisk Software F-Prot Antivirus 4.6.6

Multiple unspecified vulnerabilities in FRISK Software F-Prot Antivirus before 4.6.7 have unspecified impact and attack vectors.

7.5
2006-12-05 CVE-2006-6293 F Prot Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in F-Prot Antivirus

Heap-based buffer overflow in FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to execute arbitrary code via a crafted CHM file.

7.5
2006-12-04 CVE-2006-6287 Atomix Productions Buffer Overflow vulnerability in AtomixMP3 M3U File Path

Stack-based buffer overflow in AtomixMP3 2.3 and earlier allows remote attackers to execute arbitrary code via a long pathname in an M3U file.

7.5
2006-12-04 CVE-2006-6285 KAI Blankenhorn Bitfolge Remote File Include vulnerability in Retired - Bitfolge Snif

** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the externalConfig parameter.

7.5
2006-12-04 CVE-2006-6281 Dicshunary Remote File Include vulnerability in Dicshunary 0.1Alpha

PHP remote file inclusion vulnerability in check_status.php in dicshunary 0.1 alpha allows remote attackers to execute arbitrary PHP code via a URL in the dicshunary_root_path parameter.

7.5
2006-12-04 CVE-2006-6280 O2Php COM SQL-Injection vulnerability in Oxygen

SQL injection vulnerability in viewthread.php in Oxygen (O2PHP Bulletin Board) 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-1572.

7.5
2006-12-04 CVE-2006-6273 Paul Griffin Unspecified vulnerability in Paul Griffin Simple PHP Gallery 1.1

sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid dir parameter, which reveals the path in an error message.

7.5
2006-12-04 CVE-2006-6269 Infinity Technologies SQL-Injection vulnerability in Infinitytechs Restaurants Cm

Multiple SQL injection vulnerabilities in Infinitytechs Restaurants CM allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in rating.asp, (2) the mealid parameter in meal_rest.asp, and (3) the resid parameter in res_details.asp.

7.5
2006-12-04 CVE-2006-6264 Microsoft Remote Security vulnerability in Teredo

Teredo creates trusted peer entries for arbitrary incoming source Teredo addresses, even if the low 32 bits represent an intranet address, which might allow remote attackers to send IPv4 traffic to intranet hosts that use non-RFC1918 addresses, bypassing IPv4 ingress filtering.

7.5
2006-12-04 CVE-2006-6260 Redbinaria SQL Injection vulnerability in SIAP CMS Login.ASP

SQL injection vulnerability in login.asp in Redbinaria Sistema Integrado de Administracion de Portales (SIAP) allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2006-12-04 CVE-2006-6255 Nukeai Remote Code Execution vulnerability in Nukeai 0.0.3Beta

Direct static code injection vulnerability in util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension in the filename parameter and code in the moreinfo parameter, which is saved to a filename under descriptions/, which is accessible via a direct request.

7.5
2006-12-04 CVE-2006-6251 Vuplayer Buffer Overflow vulnerability in VUPlayer M3U UNC Name

Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote attackers to execute arbitrary code via a long string in an M3U file, aka an "M3U UNC Name" attack.

7.5
2006-12-04 CVE-2006-6247 Uapplication SQL Injection vulnerability in Uapplication Uphotogallery 1.1

Multiple SQL injection vulnerabilities in Uapplication UPhotoGallery 1.1 allow remote attackers to execute arbitrary SQL commands via the ci parameter to (1) slideshow.asp or (2) thumbnails.asp.

7.5
2006-12-04 CVE-2006-6246 Photo Organizer Input Validation vulnerability in Photo Organizer

Photo Organizer 2.32b and earlier does not properly check the ownership of certain objects, which allows remote attackers to gain unauthorized access via vectors related to (1) camera del, (2) camera edit, (3) folder/album deletion, (4) photo.move, (5) content.indexer, (6) folder.content, and possibly other operations.

7.5
2006-12-04 CVE-2006-6245 Photo Organizer Input Validation vulnerability in Photo Organizer

Multiple SQL injection vulnerabilities in Photo Organizer (PO) 2.32b and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2006-12-04 CVE-2006-6244 Coalescent Systems Input Validation vulnerability in FreePBX

Coalescent Systems freePBX (formerly Asterisk Management Portal) before 2.2.0rc1 allows attackers to execute arbitrary commands via shell metacharacters in (1) CALLERID(name) or (2) CALLERID(number).

7.5
2006-12-04 CVE-2006-6243 Fipsasp SQL Injection vulnerability in fipsShop

Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter.

7.5
2006-12-10 CVE-2006-6418 HP Buffer Errors vulnerability in HP Tru64 4.0F/4.0G/5.1A

Buffer overflow in the POSIX Threads library (libpthread) on HP Tru64 UNIX 4.0F PK8, 4.0G PK4, and 5.1A PK6 allows local users to gain root privileges via a long PTHREAD_CONFIG environment variable.

7.2
2006-12-08 CVE-2006-6385 Intel Local Privilege Escalation vulnerability in Intel Network Drivers

Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and PRO/10GbE PCI, PCI-X, and PCIe network adapter drivers (aka NDIS miniport drivers) before 20061205 allows local users to execute arbitrary code with "kernel-level" privileges via an incorrect function call in certain OID handlers.

7.2

101 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-12-10 CVE-2006-6452 Myarticles Cross-Site Scripting vulnerability in Myarticles

Multiple cross-site scripting (XSS) vulnerabilities in the MyArticles module before 0.6 beta 1, for RunCMS, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) topics.php, (2) submit.php, and (3) class/calendar.class.php.

6.8
2006-12-10 CVE-2006-6451 Swsoft Cross-Site Scripting vulnerability in Swsoft Plesk 7.5

Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3.

6.8
2006-12-10 CVE-2006-6447 VT Forum Cross-Site Scripting vulnerability in Vt-Forum Lite 1.3/1.5

Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the StrMes parameter in vf_info.asp and possibly (2) a URL in the SRC attribute of an IFRAME element that is submitted to vf_newtopic.asp.

6.8
2006-12-10 CVE-2006-6446 Iware SQL Injection vulnerability in Iware Professional 5.0.4

SQL injection vulnerability in index.php in iWare Professional 5.0.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the D parameter.

6.8
2006-12-10 CVE-2006-6444 Divx Buffer Overflow vulnerability in Divx Player 2.1/2.2.00.0

Stack-based buffer overflow in Nostra DivX Player 2.1, 2.2.00.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long string in an M3U file.

6.8
2006-12-10 CVE-2006-6436 Xerox Cross-Site Scripting vulnerability in Workcentre 238

Cross-site scripting (XSS) vulnerability in the Network controller in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to inject arbitrary web script or HTML via HTTP TRACE messages.

6.8
2006-12-10 CVE-2006-6426 Thinkedit Remote Security vulnerability in ThinkEdit

PHP remote file inclusion vulnerability in design/thinkedit/render.php in ThinkEdit 1.9.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the template_file parameter.

6.8
2006-12-10 CVE-2006-6420 Ryan Demmer Cross-Site Scripting vulnerability in JCE Admin Component for Joomla

Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allow remote attackers to inject arbitrary web script or HTML via the (1) img, (2) title, (3) w, or (4) h parameter, different vectors than CVE-2006-6166.

6.8
2006-12-10 CVE-2006-6413 Amateras Cross-Site Scripting vulnerability in Amateras SNS

Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.8
2006-12-10 CVE-2006-6401 Mystats Cross-Site Scripting vulnerability in Mystats

Multiple cross-site scripting (XSS) vulnerabilities in mystats.php in MyStats 1.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) connexion, (2) by, and (3) details parameter.

6.8
2006-12-10 CVE-2006-6400 Justsystem Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Justsystem products

Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer 1.x, Ichitaro 2004, Ichitaro 2005, Ichitaro Lite2, Ichitaro viewer 4.x, and Sanshiro 2005 allows remote attackers to execute arbitrary code via the (1) Keyword and (2) Title fields, related to string length fields.

6.8
2006-12-08 CVE-2006-6393 Jonas Gauffin Input Validation vulnerability in Publicera

Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera 1.0-rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the InputFilter::getString function.

6.8
2006-12-08 CVE-2006-6391 Open Solution Directory Traversal vulnerability in Open Solution Quick.Cart 2.0

Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include arbitrary files via a ..

6.8
2006-12-08 CVE-2006-6390 Open Solution Local File Include vulnerability in Open Solution Quick.Cart 2.0

Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..

6.8
2006-12-08 CVE-2006-6389 Ac4P Scripts Multiple Cross-Site Scripting vulnerability in Mobile

Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via the (1) Taaa parameter to (a) up.php, or the (2) pollhtml and (3) Bloks parameters to (b) polls.php, different vectors than CVE-2006-5770.

6.8
2006-12-08 CVE-2006-6388 Link Input Validation vulnerability in Link CMS

Cross-site scripting (XSS) vulnerability in naprednaPretraga.php in LINK Content Management Server (CMS) allows remote attackers to inject arbitrary web script or HTML via the txtPretraga parameter.

6.8
2006-12-08 CVE-2006-6386 Drupal Cross-Site Scripting vulnerability in Drupal CVS Management/Tracker Motivation Field

Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote attackers to inject arbitrary web script or HTML via the motivation field in the CVS application page, which is not passed through check_markup on display.

6.8
2006-12-08 CVE-2006-6334 Citrix Buffer Overflow vulnerability in Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap

Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer.

6.8
2006-12-07 CVE-2006-6382 Positive Software Unspecified vulnerability in Positive Software H-Sphere 2.4.3

The control panel for Positive Software H-Sphere before 2.5.0 RC3 creates log files in a user's directory with insecure permissions, which allows local users to append log data to arbitrary files via a symlink attack.

6.8
2006-12-07 CVE-2006-6380 Ultimate Helpdesk Cross-Site Scripting vulnerability in Ultimate HelpDesk Index.ASP

Cross-site scripting (XSS) vulnerability in index.asp in Ultimate HelpDesk allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.

6.8
2006-12-07 CVE-2006-6375 Simple Machines HTML Injection vulnerability in SMF Image File

Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection.

6.8
2006-12-07 CVE-2006-6372 James Barnsley Cross-Site Scripting vulnerability in James Barnsley JAB Guest Book 20061205

Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php in JAB Guest Book 20061205 allow remote attackers to inject arbitrary web script or HTML via the (1) topic or (2) message parameter.

6.8
2006-12-07 CVE-2006-6371 James Barnsley HTML Injection vulnerability in JAB Guest Book

Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB Guest Book allows remote attackers to inject arbitrary web script or HTML via the author parameter.

6.8
2006-12-07 CVE-2006-6366 Cerberus Cross-Site Scripting vulnerability in Cerberus Helpdesk Spellwin.PHP

Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter.

6.8
2006-12-07 CVE-2006-6364 Inside Systems Cross-Site Scripting vulnerability in Inside Systems Inside Systems Mail2.0

Cross-site scripting (XSS) vulnerability in error.php in Inside Systems Mail (ISMail) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.

6.8
2006-12-07 CVE-2006-6363 Bluesocket Cross-Site Scripting vulnerability in BlueSocket BSC 2100 Admin.PL

Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket Secure Controller (BSC) before 5.2, or without 5.1.1-BluePatch, allows remote attackers to inject arbitrary web script or HTML via the ad_name parameter.

6.8
2006-12-07 CVE-2006-6359 Stefan Frech Cross-Site Scripting vulnerability in Stefan Frech Online-Bookmarks 0.6.12

Cross-site scripting (XSS) vulnerability in Stefan Frech online-bookmarks 0.6.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.8
2006-12-07 CVE-2006-6357 Phpnews Cross-Site Scripting vulnerability in PHPNews

Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in PHPNews 1.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.8
2006-12-07 CVE-2006-6356 Phpnews Cross-Site Scripting vulnerability in PHPnews 1.3

Multiple cross-site scripting (XSS) vulnerabilities in templates/link_temp.php in PHPNews 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) id, (3) subject, (4) username, or (5) time parameter.

6.8
2006-12-07 CVE-2006-6348 Mowdbb Cross-Site Scripting vulnerability in Mowdbb RC6

Cross-site scripting (XSS) vulnerability in board.php in mowdBB RC-6 allows remote attackers to inject arbitrary web script or HTML via the forum_name[] parameter.

6.8
2006-12-07 CVE-2006-6343 Neocrome SQL Injection vulnerability in Seditio/Land Down Under Polls.PHP

SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

6.8
2006-12-07 CVE-2006-6339 Devilz Clanportal SQL Injection vulnerability in Devilz Clanportal Devilz Clanportal 1.3.6

SQL injection vulnerability in sites/index.php in deV!L`z Clanportal (DZCP) before 1.3.6.1 allows remote attackers to execute arbitrary SQL commands via the show element in a GET request.

6.8
2006-12-06 CVE-2006-5856 Adobe Buffer Overflow vulnerability in Adobe Download Manager AOM

Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file.

6.8
2006-12-05 CVE-2006-6295 Mxbb Remote File Include vulnerability in Mxbb MX Tinies 1.3.0

PHP remote file inclusion vulnerability in includes/mx_common.php in the mx_tinies 1.3.0 Module for MxBB Portal 1.06 allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

6.8
2006-12-05 CVE-2006-6291 Mailenable Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mailenable

Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.83 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.40 and 2.0 through 2.33, allows remote authenticated users to cause a denial of service (crash) via a long argument containing * (asterisk) and ? (question mark) characters to the DELETE command, as addressed by the ME-10020 hotfix.

6.8
2006-12-05 CVE-2006-6289 Woltlab SQL-Injection vulnerability in Woltlab Burning Board Lite 1.0.2

Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level URI.

6.8
2006-12-05 CVE-2006-6142 Squirrelmail Cross-Site Scripting and Input Validation vulnerability in SquirrelMail

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."

6.8
2006-12-04 CVE-2006-6278 Alexphpteam Input Validation vulnerability in Alexphpteam Alex Guestbook 4.0.1

Cross-site scripting (XSS) vulnerability in index.php in @lex Guestbook 4.0.1 allows remote attackers to inject arbitrary web script or HTML via the skin parameter.

6.8
2006-12-04 CVE-2006-6276 SUN Java System Request Smuggling vulnerability in Sun

HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.

6.8
2006-12-04 CVE-2006-6274 Expinion NET Cross-Site Scripting vulnerability in Expinion.net iNews Publisher Articles.ASP

SQL injection vulnerability in articles.asp in Expinion.net iNews (1) Publisher (iNP) 2.5 and earlier, and possibly (2) News Manager, allows remote attackers to execute arbitrary SQL commands via the ex parameter.

6.8
2006-12-04 CVE-2006-6272 Paul Griffin Cross-Site Scripting vulnerability in Paul Griffin Simple PHP Gallery 1.1

Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.

6.8
2006-12-04 CVE-2006-6271 Phpoll Cross-Site Scripting vulnerability in PHPoll 0.96

Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL 0.96 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) index.php, (2) info.php; and (3) index.php, (4) votanti.php, (5) risultati_config.php, (6) modifica_band.php, (7) band_editor.php, and (8) config_editor.php in admin/.

6.8
2006-12-04 CVE-2006-6266 Microsoft Remote Security vulnerability in Teredo

Teredo clients, when following item 6 of RFC4380 section 5.2.3, start direct IPv6 connectivity tests (aka ping tests) in response to packets from non-Teredo source addresses, which might allow remote attackers to induce Teredo clients to send packets to third parties.

6.8
2006-12-04 CVE-2006-6263 Microsoft Security Bypass vulnerability in Teredo

Teredo clients, when source routing is enabled, recognize a Routing header in an encapsulated IPv6 packet and send the packet to the next hop, which might allow remote attackers to bypass policies of certain Internet gateways that drop all source-routed packets.

6.8
2006-12-04 CVE-2006-6257 Alternc Input Validation vulnerability in AlternC

The file manager in AlternC 0.9.5 and earlier, when warnings are enabled in PHP, allows remote attackers to obtain sensitive information via certain folder names such as ones composed of JavaScript code, which reveal the path in a warning message.

6.8
2006-12-04 CVE-2006-6256 Alternc Input Validation vulnerability in AlternC

Cross-site scripting (XSS) vulnerability in the file manager in admin/bro_main.php in AlternC 0.9.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a folder name.

6.8
2006-12-04 CVE-2006-6249 Chama Cargo Cross-Site Scripting vulnerability in Chama Cargo

Cross-site scripting (XSS) vulnerability in Chama Cargo 4.36 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.8
2006-12-10 CVE-2006-6453 J Owamp Remote File Include vulnerability in J-Owamp web Interface 2.1

PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php in J-OWAMP Web Interface 2.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the link parameter.

6.5
2006-12-07 CVE-2006-6347 TFT Gallery File-Upload vulnerability in TFT Gallery

Unrestricted file upload vulnerability in TFT-Gallery allows remote authenticated administrators to upload arbitrary .php files, possibly using admin/index.php.

6.5
2006-12-05 CVE-2006-6290 Mailenable Buffer Overflow vulnerability in MailEnable IMAP Service

Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.82 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.30 and 2.0 through 2.33 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) EXAMINE or (2) SELECT command.

6.5
2006-12-10 CVE-2006-6449 VT Forum Information Disclosure vulnerability in Vt-Forum Lite 1.3

Vt-Forum Lite 1.3 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/forum.mdb.

6.4
2006-12-04 CVE-2006-6262 Phpjunkyard Unspecified vulnerability in PHPjunkyard Mboard

Directory traversal vulnerability in mboard.php in PHPJunkYard (aka Klemen Stirn) MBoard 1.22 and earlier allows remote attackers to create arbitrary empty files via a ..

6.4
2006-12-05 CVE-2006-6296 Microsoft Resource Management Errors vulnerability in Microsoft Windows 2000 and Windows XP

The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.

6.1
2006-12-10 CVE-2006-6421 Phpbb Group Input Validation vulnerability in PHPBB

Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user.

6.0
2006-12-06 CVE-2006-6331 Torrentflux Remote Security vulnerability in Torrentflux 2.2

metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is false, allows remote attackers to execute arbitrary commands via shell metacharacters (backticks) in the torrent parameter to (1) details.php and (2) startpop.php.

6.0
2006-12-06 CVE-2006-6330 Torrentflux Remote Security vulnerability in Torrentflux 2.2

index.php for TorrentFlux 2.2 allows remote registered users to execute arbitrary commands via shell metacharacters in the kill parameter.

6.0
2006-12-04 CVE-2006-6265 Microsoft Remote Security vulnerability in Teredo

Teredo clients, when located behind a restricted NAT, allow remote attackers to establish an inbound connection without the guessing required to find a port mapping for a traditional restricted NAT client, by (1) using the client port number contained in the Teredo address or (2) following the bubble-to-open procedure.

5.8
2006-12-05 CVE-2006-6292 Apple Denial Of Service vulnerability in Apple mac OS X 10.4.8

Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 on Mac mini, MacBook, and MacBook Pro with Core Duo hardware allows remote attackers to cause a denial of service (out-of-bounds memory access and kernel panic) and have possibly other security-related impact via certain beacon frames.

5.7
2006-12-10 CVE-2006-6433 Xerox Remote Security vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000

Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 does not record accurate timestamps, which makes it easier for remote attackers to avoid detection when an audit tries to rely on these timestamps.

5.0
2006-12-10 CVE-2006-6432 Xerox Multiple vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000

Unspecified vulnerability in the Scan-to-mailbox feature in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to download certain files via unspecified vectors.

5.0
2006-12-10 CVE-2006-6431 Xerox Remote Security vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000

Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify signatures of e-mail messages via unspecified vectors.

5.0
2006-12-10 CVE-2006-6429 Xerox Multiple vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000

Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify certain configuration settings via unspecified vectors involving the "TFTP/BOOTP auto configuration option."

5.0
2006-12-10 CVE-2006-6422 Agileco Applications Denial of Service vulnerability in Agileco

Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly handle certain proxy requests, which allows remote attackers to disable the application by entering invalid license data on a form, possibly involving modules/core/license.inc.php.

5.0
2006-12-10 CVE-2006-6408 Kaspersky LAB Unspecified vulnerability in Kaspersky LAB Kaspersky Anti-Virus 5.5.10

Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.

5.0
2006-12-10 CVE-2006-6407 F Prot Unspecified vulnerability in F-Prot Antivirus 4.6.6

F-Prot Antivirus for Linux x86 Mail Servers 4.6.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.

5.0
2006-12-10 CVE-2006-6406 Clam Anti Virus Unspecified vulnerability in Clam Anti-Virus Clamav 0.88.6

Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.

5.0
2006-12-10 CVE-2006-6405 Softwin Unspecified vulnerability in Softwin Bitdefender Mail Protection 2.0

BitDefender Mail Protection for SMB 2.0 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.

5.0
2006-12-10 CVE-2006-6403 Mystats Remote Security vulnerability in Mystats

mystats.php in MyStats 1.0.8 and earlier allows remote attackers to obtain the installation path via (1) details and (2) by array parameters, probably resulting in a path disclosure in an error message.

5.0
2006-12-10 CVE-2006-5874 Clam Anti Virus Denial Of Service vulnerability in Clam Anti-Virus MIME Attachments

Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference.

5.0
2006-12-08 CVE-2006-6395 Ulrik Petersen Local Denial of Service vulnerability in Emdros Database Engine

Multiple memory leaks in Ulrik Petersen Emdros Database Engine before 1.2.0.pre231 allow local users to cause a denial of service (memory consumption) via unspecified vectors, a different issue than CVE-2005-0415.

5.0
2006-12-07 CVE-2006-6373 Phpmyadmin Information Disclosure vulnerability in PHPmyadmin 2.7.0Pl2

PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message.

5.0
2006-12-07 CVE-2006-6353 Apple Remote Archive File vulnerability in Apple BOMArchiveHelper

Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote attackers to cause a denial of service (application crash) via unspecified vectors related to (1) certain KERN_PROTECTION_FAILURE thread crashes and (2) certain KERN_INVALID_ADDRESS thread crashes, as discovered with the "iSec Partners FileP fuzzer".

5.0
2006-12-07 CVE-2006-6352 Frisk Software Remote Denial Of Service vulnerability in Frisk Software F-Prot Antivirus 3.16F

FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to cause a denial of service (infinite loop) via a crafted ACE file.

5.0
2006-12-07 CVE-2006-6340 Nvidia Local Denial of Service vulnerability in Nvidia NView Keystone.EXE

keystone.exe in nVIDIA nView allows attackers to cause a denial of service via a long command line argument.

5.0
2006-12-07 CVE-2006-6338 Devilz Clanportal Unspecified vulnerability in Devilz Clanportal Devilz Clanportal 1.3.6

Unrestricted file upload vulnerability in upload/index.php in deV!L`z Clanportal (DZCP) before 1.3.6.1 allows remote attackers to upload and execute arbitrary .php files by embedding PHP code in a JPEG or GIF file that is uploaded to inc/images/uploads/userpics/.

5.0
2006-12-06 CVE-2006-6112 Lifetype Remote Security vulnerability in LifeType

LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote attackers to obtain the installation path via a direct request to any of the scripts, as demonstrated by (a) bayesianfilter.class.php and (b) bootstrap.php, which leaks the path in an error message.

5.0
2006-12-06 CVE-2006-6311 Microsoft Denial of Service vulnerability in Microsoft IE 6.0.2900.2180

Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service via a style attribute in an HTML table tag with a width value that is dynamically calculated using JavaScript.

5.0
2006-12-06 CVE-2006-6310 Microsoft Denial Of Service vulnerability in Microsoft Internet Explorer Frame Src

Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (crash) via an invalid src attribute value ("?") in an HTML frame tag that is in a frameset tag with a large rows attribute.

5.0
2006-12-06 CVE-2006-6303 Yukihiro Matsumoto Resource Management Errors vulnerability in Yukihiro Matsumoto Ruby

The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467.

5.0
2006-12-06 CVE-2006-6302 Fail2Ban Remote Denial of Service vulnerability in Fail2Ban

fail2ban 0.7.4 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address.

5.0
2006-12-06 CVE-2006-6301 Denyhosts Remote Denial of Service vulnerability in Denyhosts 2.5

DenyHosts 2.5 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address, which is not properly handled by a regular expression.

5.0
2006-12-05 CVE-2006-6307 Novell Remote Denial of Service vulnerability in Novell Client 4.91

srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote attackers to cause an unspecified denial of service via a crafted packet to port 427 that triggers an access of pageable or invalid addresses using a higher interrupt request level (IRQL) than necessary.

5.0
2006-12-05 CVE-2006-6297 KDE Resource Management Errors vulnerability in KDE Kdegraphics 3.2/3.4.3

Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service (stack consumption) via a crafted EXIF section in a JPEG file, which results in an infinite recursion.

5.0
2006-12-04 CVE-2006-6279 Alexphpteam Input Validation vulnerability in Alexphpteam Alex Guestbook 4.0.1

index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain sensitive information via a skin parameter referencing a nonexistent skin, which reveals the installation path in an error message.

5.0
2006-12-04 CVE-2006-6277 Contentserv Local File Include vulnerability in Contentserv 4.0/4.1

Directory traversal vulnerability in admin/FileServer.php in ContentServ 4.x allows remote attackers to read arbitrary files via a ..

5.0
2006-12-04 CVE-2006-6253 Cahier DE Textes Directory Traversal vulnerability in Cahier DE Textes Cahier DE Textes 2.0

Cahier de texte 2.0 stores sensitive information under the web root, possibly with insufficient access control, which might allow remote attackers to obtain all users' passwords via a direct request for administration/dump.sql.

5.0
2006-12-10 CVE-2006-6438 Xerox Local Security vulnerability in Workcentre 238

Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 leaves sensitive user data in http.log after an Immediate Image Overwrite (IIO), which allows local users to obtain the data by reading the http.log file.

4.9
2006-12-06 CVE-2006-6329 Torrentflux Remote Security vulnerability in Torrentflux 2.2

index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter.

4.9
2006-12-06 CVE-2006-6328 Torrentflux Directory Traversal vulnerability in Torrentflux 2.2

Directory traversal vulnerability in index.php for TorrentFlux 2.2 allows remote attackers to create or overwrite arbitrary files via sequences in the alias_file parameter.

4.9
2006-12-04 CVE-2006-6275 SUN Race Condition vulnerability in SUN Solaris and Sunos

Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals.

4.7
2006-12-10 CVE-2006-6383 PHP Improper Input Validation vulnerability in PHP 4.4.0/5.2.0

PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path.

4.6
2006-12-10 CVE-2006-6441 Xerox Local Security vulnerability in Workcentre 238

Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows local users to bypass security controls and boot Alchemy via certain alternate boot media, as demonstrated by a USB thumb drive.

4.6
2006-12-10 CVE-2006-6410 Vmware Buffer Overflow vulnerability in VMWare Workstation 5.5.1

Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local users to execute arbitrary code via a long VmdbDb parameter to the Initialize function.

4.6
2006-12-04 CVE-2006-6288 Niek Albers Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Niek Albers Coolplayer

Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier allow remote attackers to execute arbitrary code via (1) a playlist file with long song names, because of an overflow in the CPL_AddPrefixedFile function in CPI_Playlist.c; (2) a skin file with long button names, because of an overflow in the main_skin_check_ini_value function in skin.c; and (3) a skin file with long bitmap filenames, because of an overflow in the main_skin_open function in skin.c.

4.6
2006-12-08 CVE-2006-6397 Freebsd
Netbsd
Openbsd
** DISPUTED ** Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner.
4.4
2006-12-07 CVE-2006-4249 Plone Group Spoofing vulnerability in Plone 2.5/2.5.1

Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a group."

4.3
2006-12-06 CVE-2006-6308 Symantec Unspecified vulnerability in Symantec Livestate Agent for Windows 7.1

** DISPUTED ** Symantec LiveState 7.1 Agent for Windows allows local users to gain privileges by stopping the shstart.exe process and open "Web Self-Service" from the system tray icon, which will open a browser window running with elevated privileges.

4.3
2006-12-05 CVE-2006-6300 Cutephp Cross-Site Scripting vulnerability in Cutephp Cutenews 1.3.6

Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the result parameter.

4.3
2006-12-04 CVE-2006-6283 Vikingboard Cross-Site Scripting vulnerability in Vikingboard 0.1.2

Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the subject field of (1) a private message (PM) or (2) a bulletin board post.

4.3
2006-12-04 CVE-2006-6254 Cahier DE Textes Directory Traversal vulnerability in Cahier DE Textes Cahier DE Textes 2.0

administration/telecharger.php in Cahier de texte 2.0 allows remote attackers to obtain unparsed content (source code) of files via the chemin parameter, as demonstrated using directory traversal sequences to obtain the MySQL username and password from conn_cahier_de_texte.php.

4.3
2006-12-04 CVE-2006-6252 Microsoft Denial-Of-Service vulnerability in Microsoft Windows Live Messenger 8.0

Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons.

4.3

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-12-04 CVE-2006-6286 Palm Unspecified vulnerability in Palm Desktop 4.0B76/4.0B77

Palm Desktop 4.1.4 and earlier stores user data with weak permissions under the application directory, which allows local users to obtain sensitive information (address books, calendar files, and todo lists of other users) via unspecified vectors.

1.7
2006-12-05 CVE-2006-6306 Novell Local Security vulnerability in Novell Client 4.91

Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window.

1.2