Weekly Vulnerabilities Reports > December 18 to 24, 2006

Overview

138 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 55 high severity vulnerabilities. This weekly summary report vulnerabilities in 133 products from 94 vendors including Mozilla, Comodo, Symantec, Netbsd, and AVG. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", "Permissions, Privileges, and Access Controls", "Resource Management Errors", and "Improper Input Validation".

  • 115 reported vulnerabilities are remotely exploitables.
  • 27 reported vulnerabilities have public exploit available.
  • 3 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 125 reported vulnerabilities are exploitable by an anonymous user.
  • Mozilla has the most reported vulnerabilities, with 11 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

8 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-12-23 CVE-2006-6713 Hitachi Multiple vulnerability in Hitachi Directory Server LDAP Request Handling

Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allows remote attackers to execute arbitrary code via crafted LDAP requests.

10.0
2006-12-20 CVE-2006-6670 Nortel Unspecified vulnerability in Nortel Callpilot Server 4.X

Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown impact and attack vectors, aka P-2006-0011-GLOBAL.

10.0
2006-12-19 CVE-2006-6636 IBM Unspecified vulnerability in IBM WebSphere Utility Classes

Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors.

10.0
2006-12-19 CVE-2006-6605 Mailenable Remote Buffer Overflow vulnerability in Mailenable products

Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command.

10.0
2006-12-18 CVE-2006-6627 Softwin Integer Overflow vulnerability in Multiple BitDefender Products Parsing Engine

Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the "cevakrnl.xmd vulnerability."

10.0
2006-12-21 CVE-2006-6676 Eset Software Numeric Errors vulnerability in Eset Software Nod32 Antivirus 1.0.11/1.0.12/1.0.13

Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 Antivirus before 1.1743 allows remote attackers to execute arbitrary code via a crafted (1) .DOC or (2) .CAB file that triggers a heap-based buffer overflow.

9.3
2006-12-20 CVE-2006-6504 Mozilla
Canonical
Code Injection vulnerability in multiple products

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.

9.3
2006-12-20 CVE-2006-6652 Apple
Netbsd
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion.

9.0

55 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-12-23 CVE-2006-6714 Hitachi Multiple vulnerability in Hitachi Directory Server LDAP Request Handling

Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allow remote attackers to cause a denial of service (memory consumption) via invalid LDAP requests.

7.8
2006-12-21 CVE-2006-6683 Pedro Lineu Orso Permissions, Privileges, and Access Controls vulnerability in Pedro Lineu Orso Chetcpasswd

Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM.

7.8
2006-12-23 CVE-2006-6722 Jelle DE VOS Unspecified vulnerability in Jelle DE VOS Bandwebsite 1.5

Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to create administrative accounts via a direct request to admin.php with the Login parameter set to 1.

7.5
2006-12-23 CVE-2006-6720 Azucar CMS Code Injection vulnerability in Azucar CMS Azucar CMS 1.3

PHP remote file inclusion vulnerability in admin/index_sitios.php in Azucar CMS 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _VIEW parameter.

7.5
2006-12-23 CVE-2006-6718 Alliedtelesyn Cross-Site Request Forgery vulnerability in AT-9000/24

The Allied Telesis AT-9000/24 Ethernet switch has a default password for its admin account, "manager," which allows remote attackers to perform unauthorized actions.

7.5
2006-12-23 CVE-2006-6717 Alliedtelesyn Unspecified vulnerability in Alliedtelesyn At-9000 24 Ethernetswitch

The Allied Telesis AT-9000/24 Ethernet switch accepts management packets from arbitrary VLANs, contrary to the documentation, which allows remote attackers to conduct attacks against the switch from unexpected locations.

7.5
2006-12-23 CVE-2006-6716 Eric Guillaume SQL Injection vulnerability in Eric Guillaume Upload Download DE Fichiers 3

SQL injection vulnerability in administration/administre2.php in Eric GUILLAUME uploader&downloader 3 allows remote attackers to execute arbitrary SQL commands via the id_user parameter.

7.5
2006-12-23 CVE-2006-6711 Newxooper Remote File Include vulnerability in Newxooper 0.9.1

PHP remote file inclusion vulnerability in compteur/mapage.php in Newxooper 0.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.

7.5
2006-12-23 CVE-2006-6710 Matteolucarelli Code Injection vulnerability in Matteolucarelli Pgmreloaded

Multiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to (a) index.php, the (2) CFG[libdir] and (3) CFG[localedir] parameters to (b) common.inc.php, and the CFG[localelangdir] parameter to (c) form_header.php.

7.5
2006-12-23 CVE-2006-6709 Mginternet Input Validation vulnerability in MGInternet Property Site Manager

Multiple SQL injection vulnerabilities in MGinternet Property Site Manager allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) detail.asp; the (2) l, (3) typ, or (4) loc parameter to (b) listings.asp; or the (5) Password or (6) Username parameter to (c) admin_login.asp.

7.5
2006-12-23 CVE-2006-6707 Mcafee Remote Buffer Overflow vulnerability in Mcafee Neotrace and Visual Trace

Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader ActiveX control (NeoTraceExplorer.dll) in NeoTrace Express 3.25 and NeoTrace Pro (aka McAfee Visual Trace) 3.25 allows remote attackers to execute arbitrary code via a long argument string to the TraceTarget method.

7.5
2006-12-23 CVE-2006-6701 Atmail Cross-Site Request Forgery (CSRF) vulnerability in Atmail Webmail 3.0/4.0/4.51

Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail.

7.5
2006-12-22 CVE-2006-6697 Oracle HTTP Response Splitting vulnerability in Oracle Application Server Portal 10G/9.0.2

CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.

7.5
2006-12-21 CVE-2006-6694 Scriptsfrenzy COM Remote File Include vulnerability in Scriptsfrenzy.Com E-Uploader PRO 1.0

Directory traversal vulnerability in include/config.php in E-Uploader Pro 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a ..

7.5
2006-12-21 CVE-2006-6693 Zabbix Remote Code Execution vulnerability in Zabbix 1.1.2

Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long strings to the (1) zabbix_log and (2) zabbix_syslog functions.

7.5
2006-12-21 CVE-2006-6692 Zabbix Remote Code Execution vulnerability in Zabbix 1.1.2

Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog.

7.5
2006-12-21 CVE-2006-6691 Valdersoft Remote File Include vulnerability in Valdersoft Shopping Cart 3.0

Multiple PHP remote file inclusion vulnerabilities in Valdersoft Shopping Cart 3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the commonIncludePath parameter to (1) admin/include/common.php, (2) include/common.php, or (3) common_include/common.php.

7.5
2006-12-21 CVE-2006-6690 Typo3 Remote Command Execution vulnerability in Typo3 Class.TX_RTEHTMLArea_PI1.PHP

rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.

7.5
2006-12-21 CVE-2006-6689 Paristemi Code Injection vulnerability in Paristemi

Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the SERVER_DIRECTORY parameter to unspecified scripts, a different vector than CVE-2006-6739.

7.5
2006-12-21 CVE-2006-6688 WEB APP NET Input Validation vulnerability in Web-App.Org and Web-App.Net

Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edition (NE) (aka WebAPP.NET) allows remote attackers to bypass filtering mechanisms via unknown vectors.

7.5
2006-12-21 CVE-2006-6684 Pedro Lineu Orso Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pedro Lineu Orso Chetcpasswd

Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long X-Forwarded-For HTTP header.

7.5
2006-12-21 CVE-2006-6681 Chetcpasswd Resource Management Errors vulnerability in Chetcpasswd 2.3.3

Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for client requests, which might allow remote attackers to determine passwords via a dictionary attack.

7.5
2006-12-21 CVE-2006-6679 Pedro Lineu Orso Permissions, Privileges, and Access Controls vulnerability in Pedro Lineu Orso Chetcpasswd

Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header.

7.5
2006-12-21 CVE-2006-6678 Netrik Remote Arbitrary Command Execution vulnerability in Netrik 1.15.2

The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename.

7.5
2006-12-21 CVE-2006-6672 Maxiasp SQL-Injection vulnerability in Maxiasp Burak Yilmaz Download Portal 0

Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal allow remote attackers to execute arbitrary SQL commands via the (1) kid or possibly (2) id parameter to (a) HABERLER.ASP and (b) ASPKAT.ASP.

7.5
2006-12-21 CVE-2006-6671 Maxiasp SQL Injection vulnerability in Maxiasp Burak Yilmaz Download Portal 0

SQL injection vulnerability in down.asp in Burak Yylmaz Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-12-20 CVE-2006-6667 Verliadmin SQL-Injection vulnerability in VerliAdmin

Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nick_mod or (2) nick parameter to (a) repass.php or (b) verify.php.

7.5
2006-12-20 CVE-2006-6666 Verliadmin Remote File Include vulnerability in VerliAdmin

PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 and earlier allows remote authenticated users to execute arbitrary PHP code via a URL in the q parameter.

7.5
2006-12-20 CVE-2006-6661 PHP Update Remote Security vulnerability in Php-Update

Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code via multiple vectors that use the extract function, as demonstrated by the (1) f, (2) newmessage, (3) newusername, (4) adminuser, and (5) permission parameters.

7.5
2006-12-20 CVE-2006-6648 Planetluc COM Remote File Include vulnerability in PanetLuc.Com RateMe Main.Inc.PHP

PHP remote file inclusion vulnerability in main.inc.php in planetluc.com RateMe 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathtoscript parameter.

7.5
2006-12-20 CVE-2006-6645 Mxbb Remote File Include vulnerability in MXBB Web Links Module MX_Root_Path

PHP remote file inclusion vulnerability in language/lang_english/lang_admin.php in the Web Links (mx_links) 2.05 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.

7.5
2006-12-20 CVE-2006-6642 Contra Haber Sistemi SQL Injection vulnerability in Contra Haber Sistemi Contra Haber Sistemi 1.0

SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-12-20 CVE-2006-6641 Arcserve
Broadcom
Cleverpath
Etrust
Unicenter
Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server.
7.5
2006-12-19 CVE-2006-6106 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Multiple buffer overflows in the cmtp_recv_interopmsg function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via CAPI messages with a large value for the length of the (1) manu (manufacturer) or (2) serial (serial number) field.

7.5
2006-12-18 CVE-2006-6635 Jumbacms Remote File Include vulnerability in Jumbacms Build2

PHP remote file inclusion vulnerability in includes/functions.php in JumbaCMS 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the jcms_root_path parameter.

7.5
2006-12-18 CVE-2006-6634 Mambo Remote File Include vulnerability in ExtCalThai Mambo Component

Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the mosConfig_absolute_path parameter to extcalendar.php, or (3) the CONFIG_EXT[LIB_DIR] parameter to lib/mail.inc.php.

7.5
2006-12-18 CVE-2006-6633 Yapbb Remote File Include vulnerability in Yapbb 1.1/1.2

PHP remote file inclusion vulnerability in include/yapbb_session.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[include_Bit] parameter.

7.5
2006-12-18 CVE-2006-6630 Ibiblio Remote Security vulnerability in Ibiblio Osprey 1.0

PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter.

7.5
2006-12-18 CVE-2006-6629 Webwork Unspecified vulnerability in Webwork Program Generation Language

lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl.

7.5
2006-12-18 CVE-2006-6615 Mxbb Remote File Include vulnerability in Mxbb Activity Games Module 0.92

PHP remote file inclusion vulnerability in includes/act_constants.php in the Activity Games (mx_act) 0.92 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

7.5
2006-12-18 CVE-2006-6612 Phpmycms Remote File Include vulnerability in PHPmycms 0.3

PHP remote file inclusion vulnerability in basic.inc.php in PhpMyCms 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath_start parameter.

7.5
2006-12-18 CVE-2006-6611 Barman Remote File Include vulnerability in Barman 0.0.1Rc3

PHP remote file inclusion vulnerability in interface.php in Barman 0.0.1r3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter.

7.5
2006-12-18 CVE-2006-6610 Alientrap Remote Command Execution and Denial of Service vulnerability in Nexuiz

clientcommands in Nexuiz before 2.2.1 has unknown impact and remote attack vectors related to "remote console command injection."

7.5
2006-12-18 CVE-2006-6608 HP Remote Unauthorized Access vulnerability in HP products

Unspecified vulnerability in SSH key based authentication in HP Integrated Lights Out (iLO) 1.70 through 1.87, and iLO 2 1.00 through 1.11, on Proliant servers, allows remote attackers to "gain unauthorized access."

7.5
2006-12-18 CVE-2006-6606 Clarens SQL Injection vulnerability in Clarens Jclarens 0.6.1

Multiple SQL injection vulnerabilities in Clarens jclarens before 0.6.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2006-12-18 CVE-2006-5872 DWS Systems INC Improper Input Validation vulnerability in DWS Systems Inc. Sql-Ledger 2.6.27

login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program.

7.5
2006-12-21 CVE-2006-6685 Pedro Lineu Orso Buffer Errors vulnerability in Pedro Lineu Orso Chetcpasswd 2.3.3

Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd 2.3.3 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long REMOTE_ADDR environment variable.

7.2
2006-12-18 CVE-2006-6623 AVG
Comodo
Filseclab
Infoprocess
Soft4Ever
Symantec
Sygate Personal Firewall 5.6.2808 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
7.2
2006-12-18 CVE-2006-6622 AVG
Comodo
Filseclab
Infoprocess
Soft4Ever
Symantec
Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
7.2
2006-12-18 CVE-2006-6621 AVG
Comodo
Filseclab
Infoprocess
Soft4Ever
Symantec
Filseclab Personal Firewall 3.0.0.8686 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
7.2
2006-12-18 CVE-2006-6620 AVG
Comodo
Filseclab
Infoprocess
Soft4Ever
Symantec
Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
7.2
2006-12-18 CVE-2006-6619 AVG
Comodo
Filseclab
Infoprocess
Soft4Ever
Symantec
AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
7.2
2006-12-18 CVE-2006-6618 AVG
Comodo
Filseclab
Infoprocess
Soft4Ever
Symantec
AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
7.2
2006-12-20 CVE-2006-6475 Mandiant Denial of Service and Agent Hijacking vulnerability in Mandiant First Response

FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode with SSL enabled, allows remote attackers to cause a denial of service (refused connections) via malformed requests, which results in a mishandled exception.

7.1
2006-12-20 CVE-2006-6502 Mozilla Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown vectors.

7.1

63 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-12-22 CVE-2006-6696 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.

6.9
2006-12-23 CVE-2006-6721 Knusperleicht HTML Injection vulnerability in Knusperleicht Shoutbox 2.6

Multiple cross-site scripting (XSS) vulnerabilities in shout.php in Knusperleicht ShoutBox 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) sbNick or (2) sbKommentar parameter.

6.8
2006-12-23 CVE-2006-6712 Sugarcrm Cross-Site Scripting vulnerability in Sugarcrm 3.5.1

Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0f and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in crafted email messages.

6.8
2006-12-23 CVE-2006-6708 Mginternet Input Validation vulnerability in MGInternet Property Site Manager

Cross-site scripting (XSS) vulnerability in listings.asp in MGinternet Property Site Manager allows remote attackers to inject arbitrary web script or HTML via the s parameter.

6.8
2006-12-23 CVE-2006-6704 Atmail Cross-Site Scripting vulnerability in Atmail Webadmin

Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail before 4.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "unescaped data in the database." This vulnerability is addressed in the following product release: @Mail, @Mail Webadmin, 4.6

6.8
2006-12-23 CVE-2006-6703 Oracle Cross-Site Scripting vulnerability in Oracle Portal Container_Tabs.JSP

Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors.

6.8
2006-12-23 CVE-2006-6702 Atmail Cross-Site Scripting vulnerability in Atmail Webmail

Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before 4.61 allows remote attackers to inject arbitrary web script or HTML via crafted e-mail messages.

6.8
2006-12-23 CVE-2006-6700 Calacode Cross-Site Scripting vulnerability in Atmail Webmail System

Cross-site scripting (XSS) vulnerability in @Mail WebMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.8
2006-12-21 CVE-2006-6695 Carsen Klock Cross-Site Scripting vulnerability in Carsen Klock Textsend 1.4

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Carsen Klock TextSend 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) error or (2) success parameter.

6.8
2006-12-21 CVE-2006-6686 Textsend Remote File Include vulnerability in TextSend Sender.PHP

PHP remote file inclusion vulnerability in sender.php in Carsen Klock TextSend 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter.

6.8
2006-12-21 CVE-2006-6675 Novell Cross-Site Scripting vulnerability in Novell Apache Http Server and Netware

Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in Welcome web-app.

6.8
2006-12-20 CVE-2006-6669 Webcalendar Unspecified vulnerability in Webcalendar 1.0.4

Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter.

6.8
2006-12-20 CVE-2006-6668 Verliadmin Cross-Site Scripting vulnerability in VerliAdmin

Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.8
2006-12-20 CVE-2006-6665 Astonsoft Buffer Overflow vulnerability in AstonSoft DeepBurner DBR Compilation

Buffer overflow in Astonsoft DeepBurner Pro and Free 1.8.0 and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name tag in a dbr file.

6.8
2006-12-20 CVE-2006-6651 Intel Remote Code execution vulnerability in Intel 2200Bg Proset Wireless 9.0.3.9

Race condition in W29N51.SYS in the Intel 2200BG wireless driver 9.0.3.9 allows remote attackers to cause memory corruption and execute arbitrary code via a series of crafted beacon frames.

6.8
2006-12-20 CVE-2006-6650 Mxbb Remote File Include vulnerability in MXBB Charts Module Module_Root_Path

PHP remote file inclusion vulnerability in charts_constants.php in the Charts (mx_charts) 1.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

6.8
2006-12-20 CVE-2006-6649 Hypervm Cross-Site Scripting vulnerability in Hypervm

Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an encoded frm_action parameter.

6.8
2006-12-20 CVE-2006-6647 Drupal Cross-Site Scripting vulnerability in Drupal Mysite 4.7/5

Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before 4.7.x-3.3 and 5.x before 5.x-1.3 module for Drupal allows remote attackers to inject arbitrary web script or HTML via the Title field when editing a page.

6.8
2006-12-20 CVE-2006-6646 Drupal HTML-Injection vulnerability in Drupal Project and Drupal Project Issue Tracking

Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) Project Issue Tracking 4.7.x-1.0 and 4.7.x-2.0, and (2) Project 4.6.x-1.0, 4.7.x-1.0, and 4.7.x-2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, which do not use the check_plain function.

6.8
2006-12-20 CVE-2006-6644 Mxbb Remote File Include vulnerability in MXBB Meeting Module Module_Root_Path

PHP remote file inclusion vulnerability in pages/meeting_constants.php in the Meeting (mx_meeting) 1.1.2 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

6.8
2006-12-20 CVE-2006-6505 Mozilla Remote vulnerability in Mozilla Seamonkey and Thunderbird

Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5.0.9 and SeaMonkey before 1.0.7 allow remote attackers to execute arbitrary code via (1) external message modies with long Content-Type headers or (2) long RFC2047-encoded (MIME non-ASCII) headers.

6.8
2006-12-20 CVE-2006-6503 Mozilla
Debian
Canonical
7PK - Security Features vulnerability in multiple products

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI.

6.8
2006-12-20 CVE-2006-6501 Mozilla
Debian
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function.

6.8
2006-12-20 CVE-2006-6500 Mozilla
Debian
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap.

6.8
2006-12-20 CVE-2006-6498 Mozilla Remote vulnerability in Mozilla Firefox/SeaMonkey/Thunderbird

Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.

6.8
2006-12-20 CVE-2006-6497 Mozilla Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown attack vectors.

6.8
2006-12-19 CVE-2006-6640 Omniture Cross-Site Scripting vulnerability in Omniture Sitecatalyst 0

Multiple cross-site scripting (XSS) vulnerabilities in Omniture SiteCatalyst allow remote attackers to inject arbitrary web script or HTML via the (1) ss parameter in (a) search.asp and the (2) company and (3) username fields on (b) the web login page.

6.8
2006-12-18 CVE-2006-6632 Genepi Remote File Include vulnerability in Genepi Genepi.PHP

PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the topdir parameter.

6.8
2006-12-18 CVE-2006-6631 Ibiblio Remote File Include vulnerability in Osprey GetRecord.PHP

PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php in osprey 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter.

6.8
2006-12-18 CVE-2006-6626 Moodle Input Validation vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element.

6.8
2006-12-18 CVE-2006-6625 Moodle Input Validation vulnerability in Moodle 1.6.1

Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in Moodle 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the navtail parameter.

6.8
2006-12-18 CVE-2006-6613 Phpalbum NET Local File Include vulnerability in PhpAlbum Language.php

Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a ..

6.8
2006-12-23 CVE-2006-6706 Soumu SQL Injection vulnerability in Soumu products

SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors in certain web pages.

6.5
2006-12-18 CVE-2006-6617 Microsoft Information Disclosure vulnerability in Microsoft Project Server 2003

projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.

6.5
2006-12-18 CVE-2006-6616 W00T Gallery Remote Authentication Bypass vulnerability in W00T Gallery W00T Gallery 1.4.0

index.php in w00t Gallery 1.4.0 allows remote authenticated users with privileges for one installation to gain access to other installations on the same web server, aka "multi-gallery admin session spanning." NOTE: some of these details are obtained from third party information.

6.0
2006-12-23 CVE-2006-6715 Powerscripts Remote File Include vulnerability in PowerClan Footer.Inc.PHP

PHP remote file inclusion vulnerability in footer.inc.php in PowerClan 1.14a and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings[footer] parameter.

5.1
2006-12-23 CVE-2006-6719 GNU Remote Denial of Service vulnerability in GNU Wget FTP_Syst Function

The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.

5.0
2006-12-23 CVE-2006-6705 Soumu Improper Authentication vulnerability in Soumu products

Multiple unspecified vulnerabilities in the template files in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allow remote attackers to bypass authentication mechanisms on web pages via unknown vectors.

5.0
2006-12-23 CVE-2006-6699 Oracle Remote Security vulnerability in Oracle Application Server Portal 9.0.2

Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp.

5.0
2006-12-21 CVE-2006-6682 Chetcpasswd Project 7PK - Errors vulnerability in Chetcpasswd Project Chetcpasswd 2.3.3

Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system.

5.0
2006-12-21 CVE-2006-6104 Mono Information Disclosure vulnerability in Mono XSP 1.1/1.2.1/2.0

The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20.

5.0
2006-12-21 CVE-2006-6673 Winftp Server Denial-Of-Service vulnerability in Winftp Server Winftp Server 2.0.2

WinFtp Server 2.0.2 allows remote attackers to cause a denial of service (crash) via long (1) PASV, (2) LIST, (3) USER, (4) PORT, and possibly other commands.

5.0
2006-12-20 CVE-2006-6664 Marathon Aleph ONE Denial-Of-Service vulnerability in Marathon Aleph One

Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the TopLevelLogger::logMessageV function in Misc/Logging.cpp.

5.0
2006-12-20 CVE-2006-6663 Marathon Aleph ONE Denial Of Service vulnerability in Marathon Aleph One

The server component in Marathon Aleph One before 0.17.1 and 2006-12-17 allows remote attackers to cause a denial of service (application crash) via unspecified vectors related to "gathering net games."

5.0
2006-12-20 CVE-2006-6659 Microsoft Remote Internet Explorer Denial of Service vulnerability in Microsoft IE, Outlook and Windows XP

The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.

5.0
2006-12-20 CVE-2006-6658 Inktomi Information Disclosure vulnerability in Inktomi Search 4.1.4

Inktomi Search 4.1.4 allows remote attackers to obtain sensitive information via direct requests with missing parameters to (1) help/header.html, (2) thesaurus.html, and (3) topics.html, which leak the installation path in the resulting error message, a related issue to CVE-2006-5970.

5.0
2006-12-20 CVE-2006-6643 Fightersoft Multimedia Remote Denial of Service vulnerability in Fightersoft Multimedia Star FTP Server 1.10

Fightersoft Multimedia Star FTP server 1.10 allows remote attackers to cause a denial of service (crash) via multiple RETR commands with long arguments.

5.0
2006-12-19 CVE-2006-6638 IBM Remote SQLJRA Packet Denial of Service vulnerability in IBM DB2

IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257.

5.0
2006-12-19 CVE-2006-6637 IBM Information Exposure vulnerability in IBM Websphere Application Server

The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests."

5.0
2006-12-18 CVE-2006-6609 Alientrap Remote Command Execution and Denial of Service vulnerability in Nexuiz

Nexuiz before 2.2.1 allows remote attackers to cause a denial of service (resource exhaustion or crash) via unspecified vectors related to "fake players." NOTE: some of these details are obtained from third party information.

5.0
2006-12-19 CVE-2006-3896 Neoscale Systems Authentication Bypass vulnerability in NeoScale Systems CryptoStor Tape 700 Series Appliance SmartCard

The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies on client-side ActiveX code for smartcard authentication, which allows remote attackers to bypass smartcard authentication, and gain access if able to present a valid username and password, by disabling ActiveX.

4.9
2006-12-21 CVE-2006-6680 Chetcpasswd Information Disclosure vulnerability in Chetcpasswd 2.2.1

Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need for 0400 permissions on /etc/chetcpasswd.allow, which might allow local users to gain sensitive information by reading this file.

4.6
2006-12-20 CVE-2006-4814 Linux Resource Management Errors vulnerability in Linux Kernel

The mincore function in the Linux kernel before 2.4.33.6 does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock.

4.6
2006-12-19 CVE-2006-6639 Chetcpasswd Local Privilege Escalation vulnerability in Chetcpasswd 2.4.1

Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local users to gain privileges via unspecified vectors related to executing (1) the cp program, (2) the mail program, or (3) the program specified in the post_change configuration line.

4.6
2006-12-21 CVE-2006-6687 WEB APP NET Cross-Site Scripting vulnerability in Web-App.Net Webapp 0.9.9.3.4/0.9.9.4

Cross-site scripting (XSS) vulnerability in Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edition (NE) (aka WebAPP.NET), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2006-12-20 CVE-2006-6660 KDE Denial Of Service vulnerability in KDE LibkHTML NodeType Function

The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag.

4.3
2006-12-20 CVE-2006-6654 Netbsd Denial-Of-Service vulnerability in NetBSD

The sendmsg function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029, when run on a 64-bit architecture, allows attackers to cause a denial of service (kernel panic) via an invalid msg_controllen parameter to the sendit function.

4.3
2006-12-20 CVE-2006-6507 Mozilla Remote vulnerability in Mozilla Firefox 2.0

Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass Cross-Site Scripting (XSS) protection via vectors related to a Function.prototype regression error.

4.3
2006-12-20 CVE-2006-6506 Mozilla Remote vulnerability in Mozilla Firefox 2.0

The "Feed Preview" feature in Mozilla Firefox 2.0 before 2.0.0.1 sends the URL of the feed when requesting favicon.ico icons, which results in a privacy leak that might allow feed viewing services to determine browsing habits.

4.3
2006-12-20 CVE-2006-6499 Mozilla
Debian
Canonical
Remote vulnerability in Mozilla Firefox/SeaMonkey/Thunderbird

The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.

4.3
2006-12-18 CVE-2006-6628 Openoffice Remote Word File Integer Overflow vulnerability in Openoffice 2.1

Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted DOC file, as demonstrated by the 12122006-djtest.doc file, a variant of CVE-2006-6561 in a separate codebase.

4.3
2006-12-20 CVE-2006-6662 Suse Local Security vulnerability in Suse products

Unspecified vulnerability in Linux User Management (novell-lum) on SUSE Linux Enterprise Desktop 10 and Open Enterprise Server 9, under unspecified conditions, allows local users to log in to the console without a password.

4.1
2006-12-18 CVE-2006-6624 Sambar Remote Denial of Service vulnerability in Sambar Server 6.4

The FTP Server in Sambar Server 6.4 allows remote authenticated users to cause a denial of service (application crash) via a long series of "./" sequences in the SIZE command.

4.0

12 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-12-18 CVE-2006-6607 IBM Local Information Disclosure vulnerability in IBM Tivoli Identity Manager 4.6

The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods.

2.7
2006-12-21 CVE-2006-6677 Eset Software File Parsing vulnerability in Eset Software Nod32 Antivirus 1.0.11/1.0.12/1.0.13

ESET NOD32 Antivirus before 1.1743 allows remote attackers to cause a denial of service (crash) via a crafted .CHM file that triggers a divide-by-zero error.

2.6
2006-12-20 CVE-2006-5681 Apple Information Disclosure vulnerability in Apple Mac OS X Quicktime For Java

QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects.

2.6
2006-12-20 CVE-2006-6477 Mandiant Denial of Service and Agent Hijacking vulnerability in Mandiant First Response

FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and configured to use only HTTP, allows local users to modify requests and responses between a client and an agent by hijacking an HTTP FRAgent daemon and conducting a man-in-the-middle (MITM) attack.

2.4
2006-12-20 CVE-2006-6476 Mandiant Denial of Service and Agent Hijacking vulnerability in Mandiant First Response

FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and when the agent is bound to 0.0.0.0 (all interfaces), opens sockets in non-exclusive mode, which allows local users to hijack the socket, and capture data or cause a denial of service (loss of daemon operation).

2.4
2006-12-21 CVE-2006-6674 Ozeki Cryptographic Issues vulnerability in Ozeki Http-Sms Gateway

Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and passwords in plaintext in the HKLM\Software\Ozeki\SMSServer\CurrentVersion\Plugins\httpsmsgate registry key, which allows local users to obtain sensitive information.

2.1
2006-12-20 CVE-2006-6657 Netbsd Local Security vulnerability in NetBSD

The if_clone_list function in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read potentially sensitive, uninitialized stack memory via unspecified vectors.

2.1
2006-12-20 CVE-2006-6656 Netbsd Information Disclosure vulnerability in NetBSD

Unspecified vulnerability in ptrace in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read kernel memory and obtain sensitive information via certain manipulations of a PT_LWPINFO request, which leads to a memory leak and information leak.

2.1
2006-12-22 CVE-2006-6698 Gnome Denial of Service vulnerability in Gnome Gconf 2.14.0

The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of time, which prevents other users from using Gnome.

1.9
2006-12-18 CVE-2006-6614 Thomas Lange
Debian
Information Disclosure vulnerability in Fully Automated Installation Administrator Hashed Password

The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to obtain the hash.

1.9
2006-12-20 CVE-2006-6655 Netbsd Denial-Of-Service vulnerability in NetBSD

The procfs implementation in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (kernel panic) by attempting to access /emul/linux/proc/0/stat on a procfs filesystem that was mounted with mount_procfs -o linux, which results in a NULL pointer dereference.

1.7
2006-12-20 CVE-2006-6653 Netbsd Improper Input Validation vulnerability in Netbsd

The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka "a dangling socket").

1.7