Weekly Vulnerabilities Reports > December 25 to 31, 2006

Overview

230 new vulnerabilities reported during this period, including 36 critical vulnerabilities and 86 high severity vulnerabilities. This weekly summary report vulnerabilities in 190 products from 148 vendors including Microsoft, Enthrallweb, THE Address Book, Broadcom, and SUN. Vulnerabilities are notably categorized as "Cross-site Scripting", "Code Injection", "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Improper Input Validation".

  • 215 reported vulnerabilities are remotely exploitables.
  • 80 reported vulnerabilities have public exploit available.
  • 19 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 207 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 11 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

36 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-12-31 CVE-2006-6917 Broadcom Unspecified vulnerability in Broadcom Brightstor Arcserve Backup Server 11.5

Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0.

10.0
2006-12-31 CVE-2006-6909 Karl Dahlke Remote Buffer Overflow vulnerability in Karl Dahlke Edbrowse 3.1.3

Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Command line editor browser) 3.1.3 allows remote attackers to execute arbitrary code by operating an FTP server that sends directory listings with (1) long user names or (2) long group names.

10.0
2006-12-31 CVE-2006-6908 Broadcom
Microsoft
Denial-Of-Service vulnerability in Widcomm Bluetooth

Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors.

10.0
2006-12-31 CVE-2006-6907 Bluesoil Bluetooth Remote Security vulnerability in Bluesoil Bluetooth

Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown impact and attack vectors.

10.0
2006-12-31 CVE-2006-6905 Broadcom Remote Security vulnerability in Widcomm Bluetooth

Unspecified vulnerability in the Widcomm Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.

10.0
2006-12-31 CVE-2006-6903 Toshiba Remote Security vulnerability in Bluetooth

Unspecified vulnerability in the Toshiba Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.

10.0
2006-12-31 CVE-2006-6902 Microsoft Remote Security vulnerability in Microsoft Windows 2003 Server Mobilepocketpc

Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.

10.0
2006-12-31 CVE-2006-6901 Microsoft Remote Security vulnerability in Microsoft Windows 2003 Server R2

Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.

10.0
2006-12-31 CVE-2006-6900 Apple Remote Security vulnerability in Apple mac OS X 10.4

Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4 has unknown impact and attack vectors, related to an "implementation bug."

10.0
2006-12-31 CVE-2006-6894 Spine Remote Security vulnerability in Spine

Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown impact and attack vectors, related to (1) "Placeholders in database handler" and (2) "Macro admin security."

10.0
2006-12-31 CVE-2006-6864 Enigma2 Remote File Include vulnerability in Enigma2 Coppermine Bridge 1.0

PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter.

10.0
2006-12-31 CVE-2006-6863 Enigma Remote File Include vulnerability in Enigma WordPress Bridge Enigma2.PHP

** DISPUTED ** PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter.

10.0
2006-12-31 CVE-2006-6861 Outfront Input Validation vulnerability in Outfront Spooky Login 2.7

Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to includes/a_register.asp.

10.0
2006-12-31 CVE-2006-6860 Mythcontrol Buffer Overflow vulnerability in MythControlServer SendToMythTV()

Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface.

10.0
2006-12-31 CVE-2006-6859 Website Designs FOR Less SQL Injection vulnerability in Click N' Print Coupons Coupon_Detail.ASP

SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.

10.0
2006-12-31 CVE-2006-6853 Mozilla Remote Buffer Overflow vulnerability in Mozilla Durian web Application Server 3.02

Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002.

10.0
2006-12-31 CVE-2006-6841 Phpbb Group Input Validation vulnerability in PHPBB

Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.

10.0
2006-12-31 CVE-2006-6840 Phpbb Group Input Validation vulnerability in PHPBB

Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."

10.0
2006-12-31 CVE-2006-6839 Phpbb Group Input Validation vulnerability in PHPBB

Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."

10.0
2006-12-31 CVE-2006-6836 IBM Multiple Unspecified vulnerability in IBM OS 400 V5R3M0

Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing.

10.0
2006-12-31 CVE-2006-6336 Eudora Remote Heap-Based Buffer Overflow vulnerability in Eudora Worldmail Management Server 3.1

Heap-based buffer overflow in the Mail Management Server (MAILMA.exe) in Eudora WorldMail 3.1.x allows remote attackers to execute arbitrary code via a crafted request containing successive delimiters.

10.0
2006-12-31 CVE-2006-6102 X ORG
Xfree86 Project
Local Integer Overflow vulnerability in X.Org DBE And Render Extensions

Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.

10.0
2006-12-31 CVE-2006-4098 Cisco Remote vulnerability in Cisco Secure Access Control Server

Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet.

10.0
2006-12-31 CVE-2006-6884 Winzip Buffer Errors vulnerability in Winzip 10.0Build6667

Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 Build 6667 allows remote attackers to execute arbitrary code via a long argument to the CreateNewFolderFromName method, a different vulnerability than CVE-2006-5198.

9.3
2006-12-31 CVE-2006-6869 Maxdev Local File Include vulnerability in MDForum PNSVLang Parameter

Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a ..

9.3
2006-12-31 CVE-2006-6143 MIT Remote Code Execution vulnerability in MIT Kerberos 5 RPC Library

The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

9.3
2006-12-31 CVE-2006-5870 Openoffice
SUN
Numeric Errors vulnerability in multiple products

Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.

9.3
2006-12-31 CVE-2006-5857 Adobe Resource Management Errors vulnerability in Adobe Acrobat and Acrobat Reader

Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering.

9.3
2006-12-31 CVE-2006-5574 Microsoft Remote Code Execution vulnerability in Microsoft Office Brazilian Portuguese Grammar Checker

Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.

9.3
2006-12-31 CVE-2006-4695 Microsoft Code Injection vulnerability in Microsoft Office web Components 2000

Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."

9.3
2006-12-27 CVE-2006-6772 W3M USE of Externally-Controlled Format String vulnerability in W3M 0.5.1

Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL.

9.3
2006-12-27 CVE-2006-6749 Openser Buffer Errors vulnerability in Openser 1.1

Buffer overflow in the parse_expression function in parse_config in OpenSER 1.1.0 allows attackers to have an unknown impact via a long str parameter.

9.3
2006-12-26 CVE-2006-6745 SUN Remote Privilege Escalation vulnerability in Sun Java Runtime Environment

Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE.

9.3
2006-12-26 CVE-2006-6731 SUN Buffer Overflow vulnerability in SUN Jdk, JRE and SDK

Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function.

9.3
2006-12-27 CVE-2006-6425 Novell Buffer Overflow vulnerability in Novell Netmail IMAP APPEND

Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.

9.0
2006-12-27 CVE-2006-6424 Novell Heap Overflow vulnerability in Novell Netmail IMAP Verb Literal

Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow.

9.0

86 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-12-31 CVE-2006-6904 Broadcom Remote Security vulnerability in Bluetooth Stack

Unspecified vulnerability in the Broadcom Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.

7.9
2006-12-31 CVE-2006-6910 Fersch Remote Denial of Service vulnerability in Fersch Formbankserver 1.9

formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with Abfrage, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter.

7.8
2006-12-31 CVE-2006-6898 Broadcom Remote Security vulnerability in Broadcom Widcomm Bluetooth 4.0.1.1500

Widcomm Bluetooth for Windows (BTW) before 4.0.1.1500 allows remote attackers to listen to and record conversations, aka the CarWhisperer attack.

7.8
2006-12-31 CVE-2006-6866 Stphp Information Disclosure vulnerability in Stphp Easynews 4.0

STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt.

7.8
2006-12-31 CVE-2006-6865 Softartisans Directory Traversal vulnerability in Softartisans Fileup 5.0.14

Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp in SoftArtisans FileUp (SAFileUp) 5.0.14 allows remote attackers to read arbitrary files via a %c0%ae.

7.8
2006-12-31 CVE-2006-6829 Efkan Forum Information Disclosure vulnerability in Efkan Forum

Efkan Forum 1.0 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum.mdb.

7.8
2006-12-31 CVE-2006-5974 Fetchmail Improper Input Validation vulnerability in Fetchmail 6.3.5/6.3.6

fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions.

7.8
2006-12-31 CVE-2006-5867 Fetchmail Improper Input Validation vulnerability in Fetchmail

fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.

7.8
2006-12-31 CVE-2006-4097 Cisco Remote vulnerability in Cisco Secure Access Control Server

Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet.

7.8
2006-12-27 CVE-2006-6757 CWM Design Information Disclosure vulnerability in Cwm-Design Cwmexplorer 1.0

Directory traversal vulnerability in index.php in cwmExplorer 1.0 allows remote attackers to read arbitrary files and source code, and obtain sensitive information via directory traversal sequences in the show_file parameter.

7.8
2006-12-26 CVE-2006-6742 HP Denial-Of-Service vulnerability in HP FTP Print Server, Laserjet 5000 and Laserjet 5100

Multiple buffer overflows in FTP Print Server 2.4 and 2.4.5 in HP LaserJet 5000 Series printers with firmware R.25.15 or R.25.47, and HP LaserJet 5100 Series printers with firmware V.29.12, allow remote attackers to cause a denial of service (device crash) via a long string in the (1) LIST or (2) NLST command.

7.8
2006-12-26 CVE-2006-6723 Microsoft Resource Management Errors vulnerability in Microsoft Windows 2000 and Windows XP

The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.

7.8
2006-12-31 CVE-2006-7231 Civica Software SQL Injection vulnerability in Civica Software Civica

SQL injection vulnerability in display.asp in Civica Software Civica allows remote attackers to execute arbitrary SQL commands via the Entry parameter.

7.5
2006-12-31 CVE-2006-6916 Getahead Denial-Of-Service vulnerability in Direct Web Remoting

Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to "crafted input."

7.5
2006-12-31 CVE-2006-6913 Phpmyfaq Security Bypass vulnerability in phpMyFAQ

Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors.

7.5
2006-12-31 CVE-2006-6912 Phpmyfaq SQL Injection vulnerability in PHPmyfaq

SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter.

7.5
2006-12-31 CVE-2006-6890 VOC Project Information Disclosure vulnerability in Voc-Project Voodoo Chat 1.0Rc1B

Voodoo chat 1.0RC1b stores sensitive information under the web root with insufficient access control, which allows remote attackers to download passwords via a direct request for data/users.dat.

7.5
2006-12-31 CVE-2006-6889 Freestyle Information Disclosure vulnerability in Freestyle Wiki

FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request for config/user.dat.

7.5
2006-12-31 CVE-2006-6883 Phpirc BOT Unspecified vulnerability in PHPirc BOT PHPirc BOT 0.2

** DISPUTED ** PHP remote file inclusion vulnerability in php4you.php in PHPIrc_bot 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter.

7.5
2006-12-31 CVE-2006-6881 Stavros Markou Buffer Errors vulnerability in Stavros Markou Atmelwlandriver 3.4.1.1

Buffer overflow in the Get_Wep function in cofvnet.c for ATMEL Linux PCI PCMCIA USB Drivers drivers 3.4.1.1 corruption allows attackers to execute arbitrary code via a long name argument.

7.5
2006-12-31 CVE-2006-6880 PHP Update SQL Injection vulnerability in PHP-Update

Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter.

7.5
2006-12-31 CVE-2006-6878 PHP Update Unspecified vulnerability in PHP-Update

admin/uploads.php in PHP-Update 2.7 and earlier allows remote attackers to gain privileges by setting the rights[7] parameter to 1 during a login action.

7.5
2006-12-31 CVE-2006-6876 Openser Remote Buffer Overflow vulnerability in OpenSER SMS Handling module

Buffer overflow in the fetchsms function in the SMS handling module (libsms_getsms.c) in OpenSER 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SMS message, triggering memory corruption when the "beginning" buffer is copied to the third (pdu) argument.

7.5
2006-12-31 CVE-2006-6875 Openser Buffer Overflow vulnerability in Openser and Openser OSP Module

Buffer overflow in the validateospheader function in the Open Settlement Protocol (OSP) module in OpenSER 1.1.0 and earlier allows remote attackers to execute arbitrary code via a crafted OSP header.

7.5
2006-12-31 CVE-2006-6873 Endonesia Scripts Multiple Input Validation vulnerability in Endonesia 8.4

Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via (1) the did parameter in a (a) viewdisk operation (diskusi mod), or the (2) cid parameter in a (b) viewlink (katalog mod) or (b) viewcat (diskusi mod) operation.

7.5
2006-12-31 CVE-2006-6867 Vladimir Meshakov Remote File Include vulnerability in Vladimir Meshakov Bubla 0.9.1

Multiple PHP remote file inclusion vulnerabilities in Vladimir Menshakov buratinable templator (aka bubla) 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the bu_dir parameter to (1) bu/bu_claro.php, (2) bu/bu_cache.php, or (3) bu/bu_parse.php, different vectors and a different affected version than CVE-2006-6809.

7.5
2006-12-31 CVE-2006-6856 Webtext Unspecified vulnerability in Webtext

Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit (edycja) operation, which is then executed via a direct request for this script.

7.5
2006-12-31 CVE-2006-6854 DE Marchi Daniele Buffer Overflow vulnerability in QuickCam VC Device Driver for Linux QCAMVC_Video_Init Function

The qcamvc_video_init function in qcamvc.c in De Marchi Daniele QuickCam VC Linux device driver (aka quickcam-vc) 1.0.9 and earlier does not properly check a boundary, triggering memory corruption, which might allow attackers to execute arbitrary code via a crafted QuickCam object.

7.5
2006-12-31 CVE-2006-6850 Shadowed Works Remote File Include vulnerability in Shadowed Works Shadowed Portal 5.7

PHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter.

7.5
2006-12-31 CVE-2006-6849 Cahier DE Textes Remote Security vulnerability in Cahier DE Textes Cahier DE Textes 2.2

administration/index.php in Cahier de texte (CDT) 2.2 does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions.

7.5
2006-12-31 CVE-2006-6848 Aspticker SQL Injection vulnerability in Aspticker 1.0

SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter.

7.5
2006-12-31 CVE-2006-6846 Cybercoded SQL Injection vulnerability in Cybercoded While YOU Were OUT Inout Board 1.0

Multiple SQL injection vulnerabilities in While You Were Out (WYWO) InOut Board 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the num parameter in (a) phonemessage.asp, (2) the catcode parameter in (b) faqDsp.asp, and the (3) Username and (4) Password fields in (c) login.asp.

7.5
2006-12-31 CVE-2006-6843 Joomla Remote File Include vulnerability in Joomla BE IT Easypartner Component 0.0.9Beta

PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors.

7.5
2006-12-31 CVE-2006-6842 Codemonkeyx SQL Injection vulnerability in Codemonkeyx Acronym MOD 0.9.5

SQL injection vulnerability in admin/admin_acronyms.php in the Acronym Mod 0.9.5 for phpBB2 Plus 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2006-12-31 CVE-2006-6838 Rediff Remote Code Execution vulnerability in Rediff Bol Downloader ActiveX Control

Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to execute arbitrary files, and obtain sensitive information (usernames and pathnames), via a URL in the url vbscript parameter.

7.5
2006-12-31 CVE-2006-6835 Neocrome SQL-Injection vulnerability in Neocrome Land Down Under 800/801/802

SQL injection vulnerability in Journal.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the w parameter to journal.php.

7.5
2006-12-31 CVE-2006-6833 Joomla Cross-Site Scripting vulnerability in Joomla

com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors.

7.5
2006-12-31 CVE-2006-6831 Alan Ward SQL-Injection vulnerability in Alan Ward A-Faq 1.0

SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catcode parameter.

7.5
2006-12-31 CVE-2006-6830 Cafelog Remote File Include vulnerability in Cafelog B2 Blog B2Verifauth.PHP

PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the index parameter.

7.5
2006-12-31 CVE-2006-6828 Efkan Forum SQL-Injection vulnerability in Efkan Forum

Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the grup parameter in admin.asp, or the id parameter in (2) default.asp or (3) admin.asp.

7.5
2006-12-31 CVE-2006-6488 Iconics Remote Stack Buffer Overflow vulnerability in Iconics Dialog Wrapper Module Activex Control 8.4.165.0

Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument.

7.5
2006-12-31 CVE-2006-5266 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Dynamics GP

Multiple buffer overflows in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allow remote attackers to execute arbitrary code via (1) a crafted Distributed Process Manager (DPM) message to the (a) DPM component, or a (2) long string or (3) long IP address in a Distributed Process Server (DPS) message to the DPM or (b) DPS component.

7.5
2006-12-31 CVE-2006-4580 THE Address Book Remote vulnerability in the Address Book the Address Book 1.04E

register.php in The Address Book 1.04e allows remote attackers to bypass the "Allow User Self-Registration" setting and create arbitrary users by setting the mode parameter to "confirm".

7.5
2006-12-31 CVE-2006-4578 THE Address Book Remote vulnerability in the Address Book the Address Book 1.04E

export.php in The Address Book 1.04e writes username and password hash information into a publicly accessible file when dumping the MySQL database contents, which allows remote attackers to obtain sensitive information.

7.5
2006-12-31 CVE-2006-4575 THE Address Book Remote vulnerability in the Address Book the Address Book 1.04E

Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote attackers to execute arbitrary SQL commands via the (1) lastname, (2) firstname, (3) passwordOld, (4) passwordNew, (5) id, (6) language, (7) defaultLetter, (8) newuserPass, (9) newuserType, (10) newuserEmail parameters in (a) user.php; the (11) goTo and (12) search parameters in (b) search.php; and the (13) groupAddName parameter in (c) save.php.

7.5
2006-12-29 CVE-2006-6826 Personal NET Portal Remote Security vulnerability in Personal .Net Portal

Unspecified vulnerability in the tab editor for Personal .NET Portal before 2.0.0 has unknown impact and attack vectors related to a "Security leak."

7.5
2006-12-29 CVE-2006-6825 Mxmania Information Disclosure vulnerability in Calendar MX BASIC

Calendar MX BASIC 1.0.2 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for calendar.mdb.

7.5
2006-12-29 CVE-2006-6823 Yrch Remote File Include vulnerability in Yrch 1.0

PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc.php in Yrch! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

7.5
2006-12-29 CVE-2006-6818 Alstrasoft Unspecified vulnerability in Alstrasoft Webhost Directory

AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config.

7.5
2006-12-29 CVE-2006-6816 Dmxready SQL Injection vulnerability in Dmxready Secure Login Manager 1.0

Multiple SQL injection vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel; (4) the sent parameter to (a) login.asp, (b) content.asp, and (c) members.asp in the Remote-WebSite; and (5) the sent parameter to applications/SecureLoginManager/inc_secureloginmanager.asp in the Live Demo.

7.5
2006-12-29 CVE-2006-6813 Mxmania SQL Injection vulnerability in Mxmania File Upload Manager Detail.ASP

SQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2006-12-29 CVE-2006-6812 Myphpcalendar Remote File Include vulnerability in Myphpcalendar 10.1

Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar 10.1 allow remote attackers to execute arbitrary PHP code via a URL in the cal_dir parameter to (1) admin.php, (2) contacts.php, or (3) convert-date.php.

7.5
2006-12-29 CVE-2006-6809 Vladimir Menshakov Remote File Include vulnerability in Buratinable Templator Process.PHP

Multiple PHP remote file inclusion vulnerabilities in process.php in Vladimir Menshakov buratinable templator (aka bubla) 1.0.0rc2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) bu_dir or (2) bu_config[dir] parameter.

7.5
2006-12-28 CVE-2006-6807 Softwebs Nepal SQL Injection vulnerability in Ananda Real Estate List.ASP

SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the agent parameter.

7.5
2006-12-28 CVE-2006-6806 Enthrallweb SQL-Injection vulnerability in Enthrallweb Emates 1.0

SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2006-12-28 CVE-2006-6805 Enthrallweb SQL-Injection vulnerability in eJobs

SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2006-12-28 CVE-2006-6804 Enthrallweb SQL Injection vulnerability in Dragon Business Directory Bus_Details.ASP

SQL injection vulnerability in bus_details.asp in Dragon Business Directory - Pro (aka Dragon Internet Business Search Directory - Pro) 3.01.12 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2006-12-28 CVE-2006-6803 Enthrallweb SQL Injection vulnerability in Enthrallweb Ecars 1.0

SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 allows remote attackers to execute arbitrary SQL commands via the Type_id parameter.

7.5
2006-12-28 CVE-2006-6802 Enthrallweb SQL Injection vulnerability in Enthrallweb ePages Actualpic.ASP

SQL injection vulnerability in actualpic.asp in Enthrallweb ePages allows remote attackers to execute arbitrary SQL commands via the Biz_ID parameter.

7.5
2006-12-28 CVE-2006-6799 THE Cacti Group Remote Command Execution vulnerability in Cacti CMD.PHP

SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php.

7.5
2006-12-28 CVE-2006-6795 Myphpnuke Remote File Include vulnerability in Myphpnuke MY Egallery 2.5.6

PHP remote file inclusion vulnerability in gallery/displayCategory.php in the My_eGallery 2.5.6 module in myPHPNuke (MPN) allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter.

7.5
2006-12-28 CVE-2006-6794 Efkan Forum SQL Injection vulnerability in Efkan Forum Efkan Forum 1.0

SQL injection vulnerability in default.asp in Efkan Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the grup parameter.

7.5
2006-12-28 CVE-2006-6793 Okul Merkezi Remote File Include vulnerability in Okul Merkezi Okul Merkezi Portal 1.0

PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi Portal 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

7.5
2006-12-28 CVE-2006-6792 Mxmania SQL Injection vulnerability in Calendar MX Basic Calendar_Detail.ASP

SQL injection vulnerability in calendar_detail.asp in Calendar MX BASIC 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2006-12-28 CVE-2006-6791 Chatwm SQL Injection vulnerability in Chatwm 1.0

SQL injection vulnerability in SelGruFra.asp in chatwm 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) txtUse and (2) txtPas parameters.

7.5
2006-12-28 CVE-2006-6790 Ultimate PHP Board Remote Code Execution vulnerability in Ultimate PHP Board Username Parameter

Direct static code injection vulnerability in chat/login.php in Ultimate PHP Board (UPB) 2.0b1 and earlier allows remote attackers to inject arbitrary PHP code via the username parameter, which is injected into chat/text.php.

7.5
2006-12-28 CVE-2006-6789 Phpbbxtra Remote File Include vulnerability in PHPbbxtra 2.0

PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in Phpbbxtra 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

7.5
2006-12-28 CVE-2006-6788 Luckybot Remote File Include vulnerability in Luckybot 3

Multiple PHP remote file inclusion vulnerabilities in LuckyBot 3 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) run.php or (2) ircbot.class.php.

7.5
2006-12-28 CVE-2006-6787 Mxmania SQL Injection vulnerability in Newsletter MX admin_mail_adressee.ASP

SQL injection vulnerability in admin/admin_mail_adressee.asp in Newsletter MX 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.

7.5
2006-12-28 CVE-2006-6785 Open Newsletter Authentication Bypass vulnerability in Open Newsletter Open Newsletter 2.0

The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability.

7.5
2006-12-28 CVE-2006-6784 Netbula SQL Injection vulnerability in Netbula Anyboard 9.9.5.6

SQL injection vulnerability in Netbula Anyboard allows remote attackers to execute arbitrary SQL commands via the user name in the login form.

7.5
2006-12-28 CVE-2006-6783 Logahead Improper Authentication vulnerability in Logahead UNU 1.0

logahead UNU 1.0 before 20061226 allows remote attackers to upload arbitrary files via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), possibly because of an authentication bypass.

7.5
2006-12-28 CVE-2006-6780 Hlstats Input Validation vulnerability in Hlstats 1.20/1.34

SQL injection vulnerability in the login form in HLstats 1.20 through 1.34 allows remote attackers to execute arbitrary SQL commands via the killLimit parameter.

7.5
2006-12-28 CVE-2006-6776 Future Internet Input Validation vulnerability in Future Internet

Multiple SQL injection vulnerabilities in Future Internet allow remote attackers to execute arbitrary SQL commands via the (1) newsId or (2) categoryid parameter in a Portal.Showpage action in index.cfm, or (3) the langId parameter in index.cfm.

7.5
2006-12-27 CVE-2006-6773 Fishyshoop Unspecified vulnerability in Fishyshoop 0.930Beta

pages/register/register.php in Fishyshoop 0.930 beta allows remote attackers to create arbitrary administrative users by setting the is_admin HTTP POST parameter to 1.

7.5
2006-12-27 CVE-2006-6766 CWM Design SQL-Injection vulnerability in Cwm-Design Cwmexplorer 1.0

Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2006-12-27 CVE-2006-6763 Keep IT Simple Guest Book Remote Security vulnerability in Keep IT Simple Guest Book Keep IT Simple Guest Book 5.0

Multiple PHP remote file inclusion vulnerabilities in the Keep It Simple Guest Book (KISGB) allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_to_themes parameter in (a) authenticate.php, and the (2) default_path_for_themes parameter in (b) admin.php and (c) upconfig.php.

7.5
2006-12-27 CVE-2006-6760 Phpmymanga Code Injection vulnerability in PHPmymanga

Multiple PHP remote file inclusion vulnerabilities in template.php in Phpmymanga 0.8.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) actionsPage or (2) formPage parameter.

7.5
2006-12-27 CVE-2006-6752 Ftprush Local Buffer Overflow vulnerability in Ftprush 1.0.0.610

Buffer overflow in FTPRush 1.0.0.610 might allow attackers to gain privileges via a long Host field.

7.5
2006-12-27 CVE-2006-6748 Newxooper Code Injection vulnerability in Newxooper

PHP remote file inclusion vulnerability in i-accueil.php in Newxooper 0.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.

7.5
2006-12-27 CVE-2006-6747 Dreaxteam SQL Injection vulnerability in Dreaxteam Xt-News 0.1

SQL injection vulnerability in show_news.php in Xt-News 0.1 allows remote attackers to execute arbitrary SQL commands via the id_news parameter.

7.5
2006-12-26 CVE-2006-6740 Phpprofiles Code Injection vulnerability in PHPprofiles 2.1

Multiple PHP remote file inclusion vulnerabilities in phpProfiles 3.1.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the menu parameter to (1) include/body.inc.php or (2) include/body_admin.inc.php; or a URL in the incpath parameter to (3) index.inc.php, (4) account.inc.php, (5) admin_newcomm.inc.php, (6) header_admin.inc.php, (7) header.inc.php, (8) friends.inc.php, (9) menu_u.inc.php, (10) notify.inc.php, (11) body.inc.php, (12) body_admin.inc.php, (13) commrecc.inc.php, (14) do_reg.inc.php, (15) comm_post.inc.php, or (16) menu_v.inc.php in include/, different vectors than CVE-2006-5634.

7.5
2006-12-26 CVE-2006-6739 Paristemi Code Injection vulnerability in Paristemi 0.8.3

PHP remote file inclusion vulnerability in buycd.php in Paristemi 0.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the HTTP_DOCUMENT_ROOT parameter, a different vector than CVE-2006-6689.

7.5
2006-12-26 CVE-2006-6727 Inertianews Code Injection vulnerability in Inertianews

PHP remote file inclusion vulnerability in inertianews_class.php in inertianews 0.02 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.

7.5
2006-12-26 CVE-2006-6726 Inertianews Code Injection vulnerability in Inertianews 0.02

PHP remote file inclusion vulnerability in inertianews_main.php in inertianews 0.02 beta allows remote attackers to execute arbitrary PHP code via a URL in the inews_path parameter.

7.5
2006-12-31 CVE-2006-6906 Apple Local Security vulnerability in Mac OS X

Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and earlier has unknown impact and local attack vectors, related to "Mach Exception Handling", a different issue than CVE-2006-6900.

7.2

100 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-12-31 CVE-2006-6892 Jonathon Freeman Cross-Site Scripting vulnerability in Jonathon Freeman Ovbb 0.13A

Cross-site scripting (XSS) vulnerability in the GetLocation function in online.php in Jonathon J.

6.8
2006-12-31 CVE-2006-6887 Logahead Code Injection vulnerability in Logahead UNU 1.0

Unrestricted file upload vulnerability in logahead UNU 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), a different vulnerability than CVE-2006-6783.

6.8
2006-12-31 CVE-2006-6877 Matteo Lucarelli Directory Traversal vulnerability in 3Editor Cms

Directory traversal vulnerability in index.php in Matteo Lucarelli 3editor CMS 0.42 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via a ..

6.8
2006-12-31 CVE-2006-6874 Endonesia Cross-Site Scripting vulnerability in Endonesia 8.4

Multiple cross-site scripting (XSS) vulnerabilities in friend.php in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Message or (2) Your Name field.

6.8
2006-12-31 CVE-2006-6871 Endonesia Scripts Multiple Input Validation vulnerability in Endonesia 8.4

Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2) the intypeid parameter in a showinfo operation in the informasi module in mod.php, (3) the "your Friend" field in friend.php, or (4) the "Main Text" field in admin.php.

6.8
2006-12-31 CVE-2006-6868 ZEN Cart Cross-Site Scripting vulnerability in Zen Cart

Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Shopping Cart before 1.3.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.8
2006-12-31 CVE-2006-6862 Outfront Input Validation vulnerability in Outfront Spooky Login 2.7

Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login/login.asp or (2) login/register.asp.

6.8
2006-12-31 CVE-2006-6858 Miredo Remote Security vulnerability in Miredo 0.9.8/1.0.3/1.0.4

Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo bubble during UDP hole punching with HMAC-MD5-64 hashing, which allows remote attackers to impersonate an arbitrary Teredo client.

6.8
2006-12-31 CVE-2006-6851 Mobilelib Cross-Site Scripting vulnerability in Mobilelib Gold 2

Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php in ac4p Mobilelib gold 2 allow remote attackers to inject arbitrary web script or HTML via the (1) email or (2) errr parameter.

6.8
2006-12-31 CVE-2006-6845 Cmsmadesimple Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple 1.0.2

Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action.

6.8
2006-12-31 CVE-2006-6844 Cmsmadesimple HTML Injection vulnerability in Cmsmadesimple CMS Made Simple 1.0.2

Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form.

6.8
2006-12-31 CVE-2006-6837 Sergey Oblomov Remote Buffer Overflow vulnerability in Total Commands ISO_WinCmd Plugin

Multiple stack-based buffer overflows in the (1) LoadTree, (2) ReadHeader, and (3) LoadXBOXTree functions in the ISO (iso_wincmd) plugin 1.7.3.3 and earlier for Total Commander allow user-assisted remote attackers to execute arbitrary code via a long pathname in an ISO image.

6.8
2006-12-31 CVE-2006-6834 Joomla Cross-Site Scripting vulnerability in Joomla

Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes."

6.8
2006-12-31 CVE-2006-4577 THE Address Book Remote vulnerability in the Address Book the Address Book 1.04E

Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (3) groupAddName parameters in (a) save.php; the (4) errorMsg parameter in (b) index.php; and the (5) goTo and (6) search parameters in (c) search.php.

6.8
2006-12-31 CVE-2006-4576 THE Address Book Remote vulnerability in the Address Book the Address Book 1.04E

Cross-site scripting (XSS) vulnerability in The Address Book 1.04e allows remote attackers to inject arbitrary web script or HTML by uploading the HTML file with a GIF or JPG extension, which is rendered by Internet Explorer.

6.8
2006-12-28 CVE-2006-6808 Wordpress HTML Injection vulnerability in Wordpress

Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter.

6.8
2006-12-28 CVE-2006-6801 SH News Remote File Include vulnerability in Sh-News 0.93

PHP remote file inclusion vulnerability in misc.php in SH-News 0.93, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the news_cfg[path] parameter.

6.8
2006-12-28 CVE-2006-6800 Limbo CMS Remote File Include vulnerability in Limbo CMS Event Module 1.0

PHP remote file inclusion in eventcal/mod_eventcal.php in the event module 1.0 for Limbo CMS allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter.

6.8
2006-12-28 CVE-2006-6796 Mtcms Remote File Include vulnerability in MTCMS Admin_Settings.PHP

PHP remote file inclusion vulnerability in admin/admin_settings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ins_file parameter.

6.8
2006-12-28 CVE-2006-6782 Pnamazu Cross-Site Scripting vulnerability in PNAmazu

Cross-site scripting (XSS) vulnerability in pnamazu 2006.02.28 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.8
2006-12-28 CVE-2006-6779 Jelsoft Unspecified vulnerability in Jelsoft Vbulletin

Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript.

6.8
2006-12-28 CVE-2006-6778 Timberwolf Cross-Site Scripting vulnerability in Timberwolf 1.2.2

Cross-site scripting (XSS) vulnerability in shownews.php in TimberWolf 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the nid parameter.

6.8
2006-12-28 CVE-2006-6777 Future Internet Input Validation vulnerability in Future Internet

Cross-site scripting (XSS) vulnerability in index.cfm in Future Internet allows remote attackers to inject arbitrary web script or HTML via the categoryId parameter in a Portal.ShowPage action.

6.8
2006-12-27 CVE-2006-6774 Ciberia Remote File Include vulnerability in Ciberia Content Federator 1.0

PHP remote file inclusion vulnerability in socios/maquetacion_socio.php (members/maquetacion_member.php) in Ciberia Content Federator 1.0 allows remote attackers to execute arbitrary PHP code via the path parameter.

6.8
2006-12-27 CVE-2006-6771 Irokez Remote File Include vulnerability in Irokez CMS 0.7.1

Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[PTH][func] parameter in (a) scripts/gallery.scr.php; the (2) GLOBALS[PTH][spaw] parameter in (b) scripts/xtextarea.scr.php; and the (3) GLOBALS[PTH][classes] parameter in (c) sitemap.scr.php, (d) news.scr.php, (e) polls.scr.php, (f) rss.scr.php, (g) search.scr.php in scripts/, and (h) form.fun.php, (i) general.func.php, (j) groups.func.php, (k) js.func.php, (l) sections.func.php, and (m) users.func.php in functions/.

6.8
2006-12-27 CVE-2006-6770 Jinzora Remote File Include vulnerability in Jinzora 2.0.1

Multiple PHP remote file inclusion vulnerabilities in Jinzora Media Jukebox 2.7 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter in (1) popup.php, (2) rss.php, (3) ajax_request.php, and (4) mediabroadcast.php.

6.8
2006-12-27 CVE-2006-6769 PHP Live Cross-Site Scripting vulnerability in PHP Live PHP Live 2.8.1/3.0

Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search_string parameter in (a) setup/transcripts.php, the (2) l parameter in (b) index.php, the (3) login field in (c) phplive/index.php, and the (4) deptid and (5) x parameters in (d) phplive/message_box.php.

6.8
2006-12-27 CVE-2006-6768 PWP Technologies Cross-Site Scripting vulnerability in The Classified Ad System

Multiple cross-site scripting (XSS) vulnerabilities in default.asp in PWP Technologies The Classified Ad System allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) main parameter.

6.8
2006-12-27 CVE-2006-6765 Pagetool Remote Security vulnerability in Pagetool

Multiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php in Pagetool 1.07 allow remote attackers to execute arbitrary PHP code via (1) a local filename or FTP/share URI in the config_file parameter or (2) a URL in the ptconf[src] parameter.

6.8
2006-12-27 CVE-2006-6764 Keep IT Simple Guest Book Remote File Include vulnerability in Keep IT Simple Guest Book Keep IT Simple Guest Book 5.0

PHP remote file inclusion vulnerability in authenticate.php in Keep It Simple Guest Book (KISGB), when executing PHP through CGI, allows remote attackers to execute arbitrary PHP code via a URL in the default_path_to_themes parameter.

6.8
2006-12-26 CVE-2006-6738 CWM Design Code Injection vulnerability in Cwm-Design Cwmcounter

PHP remote file inclusion vulnerability in statistic.php in cwmCounter 5.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

6.8
2006-12-26 CVE-2006-6732 CWM Design Code Injection vulnerability in Cwm-Design Cwmvote 1.0

PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the abs parameter.

6.8
2006-12-31 CVE-2006-6103 X ORG
Xfree86 Project
Local Integer Overflow vulnerability in X.Org DBE And Render Extensions

Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.

6.6
2006-12-31 CVE-2006-6101 X ORG
Xfree86 Project
Local Integer Overflow vulnerability in X.Org DBE And Render Extensions

Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures.

6.6
2006-12-28 CVE-2006-6797 Microsoft Unspecified vulnerability in Microsoft Windows XP

The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696.

6.6
2006-12-26 CVE-2006-6730 Netbsd
Openbsd
Local Security vulnerability in NetBSD

OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System Management Mode (SMM) handler via a write to an SMRAM address within /dev/xf86 (aka the video card memory-mapped I/O range), and then launching the new handler via a System Management Interrupt (SMI), as demonstrated by a write to Programmed I/O port 0xB2.

6.6
2006-12-28 CVE-2006-6786 Open Newsletter Authentication Bypass vulnerability in Open Newsletter Open Newsletter 2.0

Open Newsletter 2.5 and earlier allows remote authenticated administrators to execute arbitrary PHP code by inserting the code into the email parameter to (1) subscribe.php or (2) unsubscribe.php.

6.5
2006-12-27 CVE-2006-6761 Novell Buffer Overflow vulnerability in Novell Netmail 3.5.2

Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.

6.5
2006-12-27 CVE-2006-6754 Ixprim SQL Injection vulnerability in Ixprim CMS 1.2

Multiple SQL injection vulnerabilities in Ixprim 1.2 allow remote attackers to execute arbitrary SQL commands via the story_id parameter to ixm_ixpnews.php, and unspecified other vectors.

6.5
2006-12-29 CVE-2006-6819 Alstrasoft Information Disclosure vulnerability in Webhost Directory

AlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup database via a direct request for admin/backup/db.

6.4
2006-12-26 CVE-2006-6728 LAN Messenger Denial of Service vulnerability in LANMessenger Information Request Mechanism

Unspecified vulnerability in the info request mechanism in LAN Messenger before 1.5.1.2 allows remote attackers to cause a denial of service (application crash) or transmit spam via unspecified vectors.

6.4
2006-12-29 CVE-2006-6814 Hosting Controller Directory Traversal vulnerability in Hosting Controller Hosting Controller 7C

Directory traversal vulnerability in FolderManager/FolderManager.aspx in Hosting Controller 7c allows remote authenticated users to read and modify arbitrary files, and list arbitrary directories via ..\ (dot dot backslash) sequences in the BrowsePath parameter.

6.3
2006-12-31 CVE-2006-6911 Digitizing Quote AND Ordering System SQL-Injection vulnerability in Digitizing Quote and Ordering System Digitizing Quote and Ordering System 1.0

SQL injection vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated users to execute arbitrary SQL commands via the ordernum parameter.

6.0
2006-12-31 CVE-2006-6879 PHP Update Unspecified vulnerability in PHP-Update

Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter.

6.0
2006-12-31 CVE-2006-6852 Tdiary Improper Input Validation vulnerability in Tdiary 2.0.1/2.0.2/2.0.3

Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by (1) conf.rhtml and (2) i.conf.rhtml.

6.0
2006-12-29 CVE-2006-6815 Dmxready Cross-Site Scripting vulnerability in Dmxready Secure Login Manager 1.0

Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel.

6.0
2006-12-26 CVE-2006-6741 Mkportal Cross-Site Request Forgery (CSRF) vulnerability in Mkportal 1.1

Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal allows remote attackers to delete arbitrary messages as an administrator via a delete operation in an img BBcode tag.

5.8
2006-12-31 CVE-2006-6899 Bluez Project Configuration vulnerability in Bluez Project Bluez

hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack.

5.4
2006-12-31 CVE-2006-6897 Widcomm Directory Traversal vulnerability in Widcomm Bluetooth for Windows 3.0.1.905

Directory traversal vulnerability in Widcomm Bluetooth for Windows (BTW) 3.0.1.905 allows remote attackers to conduct unauthorized file operations via a ..

5.4
2006-12-31 CVE-2006-6896 Plantronic Remote Security vulnerability in Headset

The Bluetooth stack in the Plantronic Headset does not properly implement Non-pairable mode, which allows remote attackers to conduct unauthorized pair-up operations.

5.4
2006-12-27 CVE-2006-6756 Ixprim Remote Security vulnerability in Ixprim CMS 1.2

The code function in install.fct.php in Ixprim 1.2 produces a guessable value of the confidential IXP_CODE in mainfile.php, which might allow remote attackers to gain access to the administration panel via a brute force attack.

5.1
2006-12-31 CVE-2006-6914 IBM Local Information Disclosure vulnerability in IBM AIX 5.2.0/5.3.0

Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote attackers to obtain sensitive information, including passwords, via unspecified vectors.

5.0
2006-12-31 CVE-2006-6893 TOR Denial-Of-Service vulnerability in TOR 0.1.1.26

Tor allows remote attackers to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the server's CPU temperature and consequently changing the pattern of time values visible through (1) ICMP timestamps, (2) TCP sequence numbers, and (3) TCP timestamps, a different vulnerability than CVE-2006-0414.

5.0
2006-12-31 CVE-2006-6891 VZ Forum Information Disclosure vulnerability in VZ Forum VZ Forum 2.0.3

Vz (Adp) Forum 2.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for users/admin.txt.

5.0
2006-12-31 CVE-2006-6888 P News Information Disclosure vulnerability in P-News 1.16/1.17

P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat.

5.0
2006-12-31 CVE-2006-6886 Phpwcms Information Exposure vulnerability in PHPwcms 1.2.5Dev

phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for (1) files.public-userroot.inc.php or (2) files.private.additions.inc.php in include/inc_lib/, which reveals the path in various error messages.

5.0
2006-12-31 CVE-2006-6872 Endonesia Scripts Multiple Input Validation vulnerability in Endonesia 8.4

Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows remote attackers to read arbitrary files via a ..

5.0
2006-12-31 CVE-2006-6870 Avahi Denial Of Service vulnerability in Avahi Compressed DNS

The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself.

5.0
2006-12-31 CVE-2006-6855 Aidex Remote Denial of Service vulnerability in Aidex Mini-Webserver 1.1Rc3

AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to cause a denial of service (daemon crash) via a flood of HTTP GET requests, possibly related to display of HTTP log data by the GUI.

5.0
2006-12-31 CVE-2006-6847 Realnetworks Remote Denial of Service vulnerability in RealNetworks RealPlayer IERPPLUG.DLL ActiveX Control

An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the RealPlayer.OpenURLInPlayerBrowser method with a long second argument.

5.0
2006-12-31 CVE-2006-6827 Macromedia Remote Denial of Service vulnerability in Macromedia Flash Flash8b.OCX ActiveX Control

Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the Flash8b.AllowScriptAccess method.

5.0
2006-12-31 CVE-2006-6144 MIT Unspecified vulnerability in MIT Kerberos 5 1.5/1.5.1

The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers.

5.0
2006-12-31 CVE-2006-5858 Adobe Information Exposure vulnerability in Adobe Coldfusion and Jrun

Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file.

5.0
2006-12-31 CVE-2006-5265 Microsoft Improper Input Validation vulnerability in Microsoft Dynamics GP

Unspecified vulnerability in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allows remote attackers to cause a denial of service (crash) via an invalid magic number in a Distributed Process Server (DPS) message.

5.0
2006-12-31 CVE-2006-4582 THE Address Book Cross-Site Request Forgery vulnerability in the Address Book the Address Book 1.04E

Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e allows remote attackers to perform unauthorized actions as other users via unspecified vectors, as demonstrated by deleting arbitrary users via the id parameter in a deleteuser action in users.php.

5.0
2006-12-31 CVE-2006-4581 THE Address Book Remote vulnerability in the Address Book the Address Book 1.04E

Unrestricted file upload vulnerability in The Address Book 1.04e validates the Content-Type header but not the file extension, which allows remote attackers to upload arbitrary PHP scripts.

5.0
2006-12-31 CVE-2006-4579 THE Address Book Remote vulnerability in the Address Book the Address Book 1.04E

Directory traversal vulnerability in users.php in The Address Book 1.04e allows remote attackers to include arbitrary files via a ..

5.0
2006-12-29 CVE-2006-6817 Alstrasoft Information Disclosure vulnerability in Webhost Directory

AlstraSoft Web Host Directory allows remote attackers to obtain sensitive information by requesting any invalid URI, which reveals the path in an error message, a different vulnerability than CVE-2006-2617.

5.0
2006-12-29 CVE-2006-6810 DB HUB Remote Denial of Service vulnerability in DB HUB DB HUB 0.3

Unspecified vulnerability in the clear_user_list function in src/main.c in DB Hub 0.3 allows remote attackers to cause a denial of service (application crash) via crafted network traffic, which triggers memory corruption.

5.0
2006-12-28 CVE-2006-6318 Stefan Ritt Denial Of Service vulnerability in ELOG Web Logbook ELogD Server

The show_elog_list function in elogd.c in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service (daemon crash) by attempting to access a logbook whose name begins with "global," which results in a NULL pointer dereference.

5.0
2006-12-28 CVE-2006-6781 Hlstats Input Validation vulnerability in Hlstats 1.20/1.34

HLstats 1.20 through 1.34 allows remote attackers to obtain sensitive information via playinfo mode, with certain values of the player and playerdata[lastName][] parameters, which reveals the path in an error message.

5.0
2006-12-27 CVE-2006-6759 Realnetworks Remote Denial of Service vulnerability in Realnetworks Realplayer 10.5

A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer crash) by invoking the RealPlayer.Initialize method with certain arguments.

5.0
2006-12-27 CVE-2006-6758 Http Explorer Directory Traversal vulnerability in Http Explorer Http Explorer web Server 1.02

Directory traversal vulnerability in Http explorer 1.02 allows remote attackers to read arbitrary files via a ..

5.0
2006-12-27 CVE-2006-6755 Ixprim Information Disclosure vulnerability in Ixprim CMS 1.2

Ixprim 1.2 allows remote attackers to obtain sensitive information via a direct request for kernel/plugins/fckeditor2/ixprim_api.php, which reveals the path in an error message.

5.0
2006-12-27 CVE-2006-6751 Dxmsoft USE of Externally-Controlled Format String vulnerability in Dxmsoft XM Easy Personal FTP Server 5.2.1/5.3

Format string vulnerability in XM Easy Personal FTP Server 5.2.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the USER command or certain other available or nonexistent commands.

5.0
2006-12-27 CVE-2006-6750 Dxmsoft Remote Denial of Service vulnerability in Dxmsoft XM Easy Personal FTP Server 5.0.1

Format string vulnerability in XM Easy Personal FTP Server 5.0.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in a long PORT command.

5.0
2006-12-26 CVE-2006-6735 Obie Website Information Exposure vulnerability in Obie Website Mini web Shop 2.1.C

modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to obtain sensitive information via a request with an arbitrary catname parameter but no itemsdb parameter, which reveals the path in an error message.

5.0
2006-12-26 CVE-2006-6725 Phpbuilder Path Traversal vulnerability in PHPbuilder

Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and earlier allow remote attackers to read arbitrary files via a ..

5.0
2006-12-31 CVE-2006-5755 Linux Local Denial of Service vulnerability in Linux Kernel EFLAGS NT

Linux kernel before 2.6.18, when running on x86_64 systems, does not properly save or restore EFLAGS during a context switch, which allows local users to cause a denial of service (crash) by causing SYSENTER to set an NT flag, which can trigger a crash on the IRET of the next task.

4.9
2006-12-26 CVE-2006-6743 Phpprofiles Local Security vulnerability in PHPprofiles 2.1.0

phpProfiles before 2.1.1 uses world writable permissions for certain profile files and directories, which allows local users to modify or delete files, related to (1) users/include/do_makeprofile.inc.php and (2) users/include/copy.inc.php.

4.6
2006-12-31 CVE-2006-7233 Ignite Realtime Cross-Site Scripting vulnerability in Ignite Realtime Openfire 2.6.0

Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.6.0, and possibly other versions before 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the url parameter.

4.3
2006-12-31 CVE-2006-6885 Macromedia Remote Denial of Service vulnerability in Macromedia Shockwave 10

An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the swURL attribute.

4.3
2006-12-31 CVE-2006-6882 Golden Book Cross-Site Scripting vulnerability in Golden Book Golden Book

Cross-site scripting (XSS) vulnerability in golden book allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2006-12-31 CVE-2006-6857 Docebolms Cross-Site Scripting vulnerability in Docebolms

Cross-site scripting (XSS) vulnerability in modules/credits/credits.php in Docebo LMS allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

4.3
2006-12-31 CVE-2006-6832 Joomla Cross-Site Scripting vulnerability in Joomla

Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title.

4.3
2006-12-31 CVE-2006-4727 Tumbleweed Cross-Site Scripting vulnerability in Tumbleweed Email Firewall 6.2.2Build4123

Cross-site scripting (XSS) vulnerability in emfadmin/statusView.do in Tumbleweed EMF Administration Module 6.2.2 Build 4123, and possibly other versions before 6.3.2, allows remote attackers to inject arbitrary web script or HTML via the (1) lineId and (2) sort parameters.

4.3
2006-12-31 CVE-2006-4220 Novell Cross-Site Scripting vulnerability in Novell Groupwise and Groupwise Webaccess

Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters.

4.3
2006-12-31 CVE-2006-1305 Microsoft Resource Management Errors vulnerability in Microsoft Office and Outlook

Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.

4.3
2006-12-29 CVE-2006-6824 PHP Icalendar Cross-Site Scripting vulnerability in PHP Icalendar PHP Icalendar

Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) getdate parameter in (a) day.php, (b) month.php, (c) year.php, (d) week.php, (e) search.php, (f) rss/index.php, (g) print.php, and (h) preferences.php; the (2) cpath parameter in (i) day.php, (j) month.php, (k) year.php, (l) week.php, and (m) search.php; the (3) query parameter in search.php; and possibly the cpath, (4) unset, and (5) set parameters in a setcookie action in preferences.php; different vectors than CVE-2006-3319.

4.3
2006-12-29 CVE-2006-6811 KDE Remote PRIVMSG Denial of Service vulnerability in KDE Ksirc 1.3.12

KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference.

4.3
2006-12-27 CVE-2006-6746 Dreaxteam Cross-Site Scripting vulnerability in Dreaxteam Xt-News 0.1

Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 allow remote attackers to inject arbitrary web script or HTML via the id_news parameter to (1) add_comment.php or (2) show_news.php.

4.3
2006-12-26 CVE-2006-6737 SUN Information Disclosure vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 5 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_10 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The first issue."

4.3
2006-12-26 CVE-2006-6736 SUN Information Disclosure vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The second issue."

4.3
2006-12-26 CVE-2006-6734 Obie Website Cross-Site Scripting vulnerability in Obie Website Mini web Shop 2.1.C

Cross-site scripting (XSS) vulnerability in modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to inject arbitrary web script or HTML via the catname parameter.

4.3
2006-12-26 CVE-2006-6733 Osticket Cross-Site Scripting vulnerability in Osticket STS 1.2.7/1.3Beta

Cross-site scripting (XSS) vulnerability in support/view.php in Support Cards 1 (osTicket) allows remote attackers to inject arbitrary web script or HTML via the e parameter.

4.3
2006-12-26 CVE-2006-6729 A Blog Cross-Site Scripting vulnerability in A-Blog

Cross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2006-12-27 CVE-2006-6753 Microsoft Remote Security vulnerability in Windows Event Viewer

Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long strings that are not properly handled by certain processes that rely on Event Viewer.

4.1
2006-12-31 CVE-2006-6915 IBM Denial Of Service vulnerability in IBM AIX 5.2.0/5.3.0

ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors.

4.0
2006-12-27 CVE-2006-6762 Novell Denial of Service vulnerability in Novell Netmail 3.5.2

The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.

4.0
2006-12-26 CVE-2006-6724 Bolintech Denial-Of-Service vulnerability in Bolintech Dream FTP Server 1.02

BolinTech Dream FTP Server 1.02 allows remote authenticated users, including anonymous users, to cause a denial of service (application crash) via a certain invalid PORT command.

4.0

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2006-12-31 CVE-2006-7232 Mysql
Canonical
SQL Injection vulnerability in multiple products

sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.

3.5
2006-12-29 CVE-2006-6822 Enthrallweb Products Myprofile.ASP Arbitrary User Password Change vulnerability in EnthrallWeb

myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.

3.5
2006-12-29 CVE-2006-6821 Enthrallweb Products Myprofile.ASP Arbitrary User Password Change vulnerability in EnthrallWeb

myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.

3.5
2006-12-29 CVE-2006-6820 Enthrallweb Products Myprofile.ASP Arbitrary User Password Change vulnerability in EnthrallWeb

myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.

3.5
2006-12-27 CVE-2006-6775 Acftp Remote Denial of Service vulnerability in Acftp 1.5

acFTP 1.5 allows remote authenticated users to cause a denial of service via a crafted argument to the (1) REST or (2) PBSZ command.

3.5
2006-12-31 CVE-2006-6895 Sony Ericsson Remote Security vulnerability in T60

The Bluetooth stack in the Sony Ericsson T60 does not properly implement "Limited discoverable" mode, which allows remote attackers to obtain unauthorized inquiry responses.

2.9
2006-12-26 CVE-2006-6744 Phpprofiles Local Security vulnerability in PHPprofiles 2.1.0

phpProfiles before 2.1.1 does not have an index.php or other index file in the (1) image_data, (2) graphics/comm, or (3) users read/write directories, which might allow remote attackers to list directory contents or have other unknown impacts.

2.1
2006-12-31 CVE-2006-5749 Linux Remote Denial of Service vulnerability in Linux Kernel ISDN PPP

The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash.

1.7