Vulnerability Summary for the Week of May 29, 2006
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Alt-N -- MDaemon | Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' (double quote). |
| 7.0 | CVE-2006-2646 FULLDISC BID SECTRACK | ||
Cosmicphp -- CosmicShoppingCart | Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, (b) search_cat.php, (c) and (d) product_details.php in the cosmicshop directory for CosmicShoppingCart allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, as demonstrated by the (1) query parameter in search.php and the (2) data parameter in search_cat.php. |
| 7.0 | CVE-2006-2649 ZONE-H FRSIRT SECUNIA SECTRACK XF | ||
Cosmicphp -- CosmicShoppingCart | SQL injection vulnerability in cosmicshop/search.php in CosmicShoppingCart allows remote attackers to execute arbitrary SQL commands via the max parameter. |
| 7.0 | CVE-2006-2650 ZONE-H FRSIRT SECUNIA SECTRACK XF | ||
DoceboLMS -- DoceboLMS | Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) modules/credits/business.php, (2) modules/credits/credits.php, or (3) modules/credits/help.php. |
| 7.0 | CVE-2006-2668 OTHER-REF FRSIRT SECTRACK SECUNIA XF | ||
Drupal -- Drupal | SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc. |
| 7.0 | CVE-2006-2742 DRUPAL FRSIRT SECUNIA XF | ||
E-Board -- Elite-Board | Cross-site scripting (XSS) vulnerability in search.html in Bulletin Board Elite-Board (E-Board) 1.1 allows remote attackers to inject arbitrary web script or HTML via the search box. |
| 7.0 | CVE-2006-2673 BUGTRAQ BID FRSIRT SECUNIA XF | ||
Easy-Content Forums -- Easy-Content Forums | Cross-site scripting (XSS) vulnerabilities in Easy-Content Forums 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) startletter parameter in userview.asp and the (2) catid parameter in topics.asp. |
| 7.0 | CVE-2006-2696 BUGTRAQ | ||
Enigma Haber -- Enigma Haber | Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) e_mesaj_yas.asp, (b) edi_haber.asp, and (c) haber_devam.asp; (2) hid parameter in (d) yazdir.asp and (e) yorum.asp, and the (3) e parameter in (f) arsiv.asp. NOTE: with administrator credentials, additional vectors exist including (4) yid parameter to (g) admin/y_admin.asp, (5) bid parameter to (h) admin/reklam_detay.asp, hid parameter to (i) admin/detay_yorum.asp and (j) admin/haber_sil.asp, (6) kid parameter to (k) admin/kategori_d.asp, (7) tur parameter to (l) admin/haber_ekle.asp, (8) s parameter to (m) admin/e_mesaj_yaz.asp, and id parameter to (n) admin/admin_sil.asp. |
| 7.0 | CVE-2006-2731 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
Epic Designs -- eggblog | home/register.php in Eggblog before 3.0 allows remote attackers to change the password of administrators and possibly other users via a modified username parameter. |
| 7.0 | CVE-2006-2727 BUGTRAQ BUGTRAQ NUKEDX | ||
Epic Designs -- tinyBB | Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 allow remote attackers to inject arbitrary web script or HTML via the q parameter in forgot.php, which is echoed in an error message, and other unspecified vectors. |
| 7.0 | CVE-2006-2741 BUGTRAQ NUKEDX NUKEDX BID SECTRACK | ||
EVA-Web -- EVA-Web | Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) debut_image parameter in (a) article-album.php3, (2) date parameter in (b) rubrique.php3, and the (3) perso and (4) aide parameters to (c) an unknown script, probably index.php. |
| 7.0 | CVE-2006-2689 BLOGSPOT FRSIRT SECUNIA BID | ||
F@cile Interactive Web -- F@cile Interactive Web | PHP remote file inclusion vulnerability in p-popupgallery.php in F@cile Interactive Web 0.8.41 through 0.8.5 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter. |
| 7.0 | CVE-2006-2744 BUGTRAQ NUKEDX NUKEDX BID FRSIRT SECUNIA | ||
F@cile Interactive Web -- F@cile Interactive Web | Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. NOTE: vectors 2 and 3 might be resultant from file inclusion issues. |
| 7.0 | CVE-2006-2746 BUGTRAQ NUKEDX NUKEDX BID FRSIRT SECUNIA | ||
Fastpublish -- Fastpublish CMS | PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d allows remote attackers to include arbitrary files via the config[fsBase] parameter in (1) drucken.php, (2) drucken2.php, (3) email_an_benutzer.php, (4) rechnung.php, (5) suche/search.php and (6) adminbereich/admin.php. |
| 7.0 | CVE-2006-2726 Milw0rm FRSIRT SECUNIA BID | ||
Geeklog -- Geeklog | Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action. |
| 7.0 | CVE-2006-2699 BUGTRAQ KAPDA GEEKLOG BID FRSIRT SECUNIA | ||
Geeklog -- Geeklog | SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to story submission. |
| 7.0 | CVE-2006-2701 GEEKLOG FRSIRT SECUNIA | ||
Hogstorps -- Hogstorp Guestbook | Cross-site scripting (XSS) vulnerability in add.asp in Hogstorps hogstorp guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) headline parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2006-2772 BID FRSIRT SECUNIA | ||
IBM -- AIX | Untrusted search path vulnerability in update_flash for IBM AIX 5.1, 5.2 and 5.3 allows local users to execute arbitrary commands via unknown vectors involving lsmcode and possibly other commands. |
| 7.0 | CVE-2006-2647 AIXAPAR AIXAPAR AIXAPAR SECTRACK FRSIRT SECUNIA | ||
iFusionServices -- iFlance | Multiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 allow remote attackers to inject arbitrary web script or HTML via certain inputs to (1) acc_verify.php or (2) project.php. |
| 7.0 | CVE-2006-2663 BUGTRAQ FRSIRT SECUNIA | ||
InterQuest Internet Services -- Realty Pro One | Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One allow remote attackers to inject arbitrary web script or HTML via the (1) listingid parameter to (a) images.php, (b) index_other.php, or (c) request_info.php; (2) propertyid parameter to (d) searchlookup.php, (3) id parameter to (e) images.php, or (4) agentid parameter to (f) request_info.php. NOTE: some of these issues might be resultant from SQL injection. |
| 7.0 | CVE-2006-2672 BUGTRAQ FRSIRT SECUNIA OSVDB OSVDB OSVDB OSVDB XF | ||
Katy Whitton -- NewsCMSLite | newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to gain administrative privileges via a loggedIn cookie with the value "xY1zZoPQ." |
| 7.0 | CVE-2006-2636 BUGTRAQ OTHER-REF FRSIRT SECUNIA XF | ||
libTIFF -- libTIFF | Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE. |
| 7.0 | CVE-2006-2656 VULN-DEV FEDORA | ||
Mini-Nuke -- Mini-Nuke | SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) yas_1, (2) yas_2, and (3) yas_3 parameters. |
| 7.0 | CVE-2006-2732 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
Mozilla -- Firefox Mozilla -- Thunderbird | Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL. |
| 7.0 | CVE-2006-2775 MOZILLA CERT-VN CERT | ||
Mozilla -- Firefox Mozilla -- Thunderbird | Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended. |
| 7.0 | CVE-2006-2776 MOZILLA CERT-VN CERT | ||
Mozilla -- SeaMonkey Mozilla -- Firefox | Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context. |
| 7.0 | CVE-2006-2777 MOZILLA CERT-VN CERT SECUNIA | ||
Mozilla -- Firefox Mozilla -- Thunderbird | Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption. |
| 7.0 | CVE-2006-2779 OTHER-REF CERT-VN CERT | ||
MySQL -- MySQL | SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input. |
| 7.0 | CVE-2006-2753 OTHER-REF OTHER-REF SECUNIA | ||
Nukedit -- Nukedit | utilities/register.asp in Nukedit 4.9.6 and earlier allows remote attackers to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action. |
| 7.0 | CVE-2006-2737 BUGTRAQ OTHER-REF OTHER-REF FRSIRT SECUNIA BID | ||
Open-Xchange -- Open-Xchange | The open source version of Open-Xchange 0.8.2 and earlier uses a static default username and password with a valid login shell in the initfile for the ldap-server, which allows remote attackers to access any server where the default has not been changed. |
| 7.0 | CVE-2006-2738 BUGTRAQ GOLEM BUGZILLA FRSIRT SECUNIA | ||
Out of the Trees -- SelectaPix | SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources. |
| 7.0 | CVE-2006-2722 BID | ||
QontentOne -- QontentOne CMS | Cross-site scripting (XSS) vulnerability in search.php in QontentOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_phrase parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2006-2774 BID FRSIRT SECUNIA | ||
ScriptsCenter -- ezUpload Pro | Multiple PHP remote file inclusion vulnerabilities in EzUpload Pro 2.10 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) form.php, (2) customize.php, and (3) initialize.php. |
| 7.0 | CVE-2006-2694 BUGTRAQ BID | ||
Secure Elements -- C5 Enterprise Vulnerability Management | The Administration Console in Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 does not enforce access control, which allows remote attackers to gain access to servers via the console. |
| 7.0 | CVE-2006-2715 OTHER-REF CERT-VN FRSIRT SECUNIA | ||
Secure Elements -- C5 Enterprise Vulnerability Management | Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 uses a hard-coded user ID and password, which allows remote attackers to gain access to the server. |
| 7.0 | CVE-2006-2716 OTHER-REF CERT-VN FRSIRT SECUNIA | ||
Symantec -- AntiVirus Symantec -- Client Security | Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors. |
| 7.0 | CVE-2006-2630 EEYE OTHER-REF BID SECTRACK SECTRACK BUGTRAQ CERT-VN FRSIRT SECUNIA | ||
Tamber Forum -- Tamber Forum | Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) frm_id parameter to (a) show_forum.asp, (2) a search field to (b) forum_search.asp, (3) Email address or (4) Password to (c) admin/index.asp, (5) frm_cat_id parameter to (d) browse_forum_cat.asp, or (6) Message Subject or (7) Message Text field to (e) post_message.asp. |
| 7.0 | CVE-2006-2674 BUGTRAQ | ||
typespeed -- typespeed | Buffer overflow in the addnewword function in typespeed 0.4.4 and earlier might allow remote attackers to execute arbitrary code via unknown vectors. |
| 7.0 | CVE-2006-1515 DEBIAN BID FRSIRT SECUNIA SECUNIA | ||
V-Webmail -- V-Webmail | PHP remote file inclusion vulnerability in includes/mailaccess/pop3/core.php in V-Webmail 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter. |
| 7.0 | CVE-2006-2665 OTHER-REF FRSIRT SECTRACK SECUNIA XF | ||
VARIOMAT -- VARIOMAT | SQL injection vulnerability in news.php in VARIOMAT allows remote attackers to execute arbitrary SQL commands via the subcat parameter. |
| 7.0 | CVE-2006-2720 BUGTRAQ | ||
VARIOMAT -- VARIOMAT | Cross-site scripting (XSS) vulnerability in news.php in VARIOMAT allows remote attackers to inject arbitrary HTML or web script via the subcat parameter. NOTE: this issue might be resultant from SQL injection. |
| 7.0 | CVE-2006-2721 BUGTRAQ | ||
WikiNi -- WikiNi | Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier allows remote attackers to inject arbitrary HTML and web script by editing a Wiki page to contain the script. |
| 7.0 | CVE-2006-2652 BUGTRAQ OSVDB | ||
WordPress -- WordPress | Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument. |
| 7.0 | CVE-2006-2667 OTHER-REF FRSIRT SECUNIA XF |
Medium Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Achievo -- Achievo | SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter. |
| 4.7 | CVE-2006-2688 OTHER-REF OTHER-REF FRSIRT SECUNIA BID | ||
ActionApps -- ActionApps | PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[AA_INC_PATH] parameter in (1) cached.php3, (2) cron.php3, (3) discussion.php3, (4) filldisc.php3, (5) filler.php3, (6) fillform.php3, (7) go.php3, (8) hiercons.php3, (9) jsview.php3, (10) live_checkbox.php3, (11) offline.php3, (12) post2shtml.php3, (13) search.php3, (14) slice.php3, (15) sql_update.php3, (16) view.php3, (17) multiple files in the (18) admin/ folder, (19) includes/ folder, and (20) modules/ folder. |
| 4.7 | CVE-2006-2686 OTHER-REF FRSIRT SECUNIA | ||
Activity MOD Plus -- Activity MOD Plus | PHP remote file inclusion vulnerability in language/lang_english/lang_activity.php in Activity MOD Plus (Amod) 1.1.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: This is a similar vulnerability to CVE-2006-2507. |
| 5.6 | CVE-2006-2735 BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
Back-End -- Back-End CMS | PHP remote file inclusion vulnerability in BE_config.php in Back-End CMS 0.7.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _PSL[classdir] parameter. |
| 4.7 | CVE-2006-2682 OTHER-REF FRSIRT SECUNIA XF | ||
CalendarScripts.com -- ChatPat | Cross-site scripting (XSS) vulnerability in ChatPat 1.0 allows remote attackers to inject arbitrary web script or HTML via a chat message. |
| 4.7 | CVE-2006-2670 BUGTRAQ FRSIRT SECUNIA | ||
Cisco -- VPN Client | Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265. |
| 4.2 | CVE-2006-2679 CISCO BID FRSIRT SECTRACK SECUNIA XF | ||
Creative Digital Resources -- SocketMail | PHP remote file inclusion vulnerability in SocketMail Lite and Pro 2.2.6 and earlier, when register_globals and magic_quotes are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) index.php and (2) inc-common.php. |
| 4.7 | CVE-2006-2681 OTHER-REF FRSIRT SECUNIA XF | ||
DGNews -- DGNews | admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory. |
| 5.6 | CVE-2006-2695 BLOGSPOT FRSIRT SECUNIA | ||
DIA -- DIA | Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480. |
| 4.9 | CVE-2006-2453 SECUNIA OTHER-REF OTHER-REF FEDORA MANDRIVA UBUNTU BID SECUNIA | ||
Drupal -- Drupal | Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory. |
| 5.6 | CVE-2006-2743 Milw0rm DRUPAL FRSIRT SECUNIA XF | ||
Epic Designs -- eggblog | SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 4.7 | CVE-2006-2725 BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
Epic Designs -- tinyBB | PHP remote file inclusion vulnerability in footers.php in Epicdesigns tinyBB 0.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the tinybb_footers parameter. |
| 5.6 | CVE-2006-2739 BUGTRAQ NUKEDX NUKEDX BID FRSIRT SECTRACK SECUNIA | ||
F@cile Interactive Web -- F@cile Interactive Web | Multiple PHP remote file inclusion vulnerabilities in F@cile Interactive Web 0.8.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) pathfile parameter in (a) p-editpage.php and (b) p-editbox.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. |
| 5.6 | CVE-2006-2745 BUGTRAQ NUKEDX NUKEDX BID FRSIRT SECUNIA | ||
Fredi Bach -- PhpMyDesktop|arcade | Directory traversal vulnerability in index.php in PhpMyDesktop|arcade 1.0 FINAL allows remote attackers to read arbitrary files or execute PHP code via a .. (dot dot) sequence and trailing null (%00) byte in the subsite parameter in a showsubsite todo. |
| 5.6 | CVE-2006-2747 BUGTRAQ FRSIRT SECTRACK SECUNIA | ||
FreeBSD -- FreeBSD | The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally disables access restrictions when using the /var/yp/securenets file, which allows remote attackers to bypass intended access restrictions. |
| 4.7 | CVE-2006-2655 FREEBSD BID SECUNIA SECTRACK | ||
Geeklog -- Geeklog | SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the loginname parameter. |
| 5.6 | CVE-2006-2700 BUGTRAQ KAPDA GEEKLOG BID FRSIRT SECUNIA | ||
Hitachi -- HITSENSER3 | SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, HITSENSER3/PUP, HITSENSER3/STP, and HITSENSER3/EUP allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. |
| 4.7 | CVE-2006-2761 OTHER-REF FRSIRT SECUNIA | ||
Hot Open Tickets -- Hot Open Tickets | PHP remote file inclusion vulnerability in admin/lib_action_step.php in Hot Open Tickets (HOT) 11012004_ver2f, when register_globals is enabled, allows remote attackers to include arbitrary files via the GLOBALS[CLASS_PATH] parameter. NOTE: this issue might be resultant from a global overwrite vulnerability. |
| 5.6 | CVE-2006-2730 OTHER-REF BID FRSIRT SECUNIA | ||
Hotwebscripts -- CMS Mundo | Cross-site scripting (XSS) vulnerability in the search module in CMS Mundo 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. |
| 4.7 | CVE-2006-2684 BUGTRAQ FRSIRT SECUNIA XF | ||
iFdate.com -- iFdate | Cross-site scripting (XSS) vulnerability in iFdate 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) password fields, or certain other input text boxes. |
| 4.7 | CVE-2006-2664 BUGTRAQ BID FRSIRT SECUNIA XF | ||
IPW Systems -- METAjour | PHP remote file inclusion vulnerability in METAjour 2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) system_path parameter in a large number of files in the (a) app/edocument/, (b) app/eproject/, (c) app/erek/, and (d) extension/ directories, and the (2) GLOBALS[system_path] parameter in (e) extension/sitemap/sitemap.datatype.php. |
| 5.6 | CVE-2006-2768 Milw0rm BID FRSIRT SECUNIA | ||
JIWA -- Financials | JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrated by using a stored procedure that provides the username and cleartext password of every account. |
| 4.2 | CVE-2006-2718 BUGTRAQ FULLDISC SECUNIA BUGTRAQ SECTRACK | ||
John Frank -- Asset Manager | ** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in John Frank Asset Manager (AssetMan) 2.4a and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE. |
| 4.7 | CVE-2006-2641 BUGTRAQ BID FRSIRT SECUNIA | ||
Kevin Johnson -- Basic Analysis and Security Engine (BASE) | PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.php, (2) base_stat_common.php, and (3) includes/base_include.inc.php. |
| 4.7 | CVE-2006-2685 OTHER-REF FRSIRT SECUNIA OSVDB XF | ||
Mozilla -- Firefox Mozilla -- Thunderbird | Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption. |
| 4.7 | CVE-2006-2780 OTHER-REF CERT-VN CERT | ||
Mozilla -- SeaMonkey Mozilla -- Thunderbird | Double-free vulnerability in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters. |
| 4.7 | CVE-2006-2781 OTHER-REF SECUNIA | ||
Mozilla -- Firefox | The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-complicit attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site. |
| 5.6 | CVE-2006-2784 OTHER-REF | ||
Omegasoft -- INterneSErvicesLosungen | Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allows remote attackers to inject arbitrary web script or HTML via the WCE parameter. |
| 4.7 | CVE-2006-2640 BUGTRAQ | ||
Open Searchable Image Catalogue -- Open Searchable Image Catalogue | SQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the (1) type parameter in adminfunctions.php and the (2) catalogue_id parameter in editcatalogue.php. |
| 4.7 | CVE-2006-2748 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID SECTRACK SECUNIA | ||
Open Searchable Image Catalogue -- Open Searchable Image Catalogue | SQL injection vulnerability in search.php in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the (1) txtCustomField and (2) CustomFieldID array parameters. |
| 4.7 | CVE-2006-2749 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID SECTRACK SECUNIA | ||
Open-Medium -- Open-Medium CMS | PHP remote file inclusion vulnerability in 404.php in open-medium.CMS 0.25 allows remote attackers to execute arbitrary PHP code via a URL in the REDSYS[MYPATH][TEMPLATES] parameter. |
| 4.7 | CVE-2006-2683 OTHER-REF FRSIRT SECUNIA | ||
Ottoman -- Ottoman | PHP remote file inclusion vulnerability in Ottomanpath 1.1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the default_path parameter in (1) error.php, (2) index.php, and (3) classes/main_class.php. |
| 5.6 | CVE-2006-2767 OTHER-REF BID FRSIRT SECUNIA | ||
Php4script -- AZ Photo Album Script Pro | Cross-site scripting (XSS) vulnerability in index.php in AZ Photo Album Script Pro allows remote attackers to inject arbitrary web script or HTML via the gazpart parameter. |
| 4.7 | CVE-2006-2680 BUGTRAQ FRSIRT SECUNIA XF | ||
phpbb-portal -- Blend Portal | PHP remote file inclusion vulnerability in blend_data/blend_common.php in Blend Portal 1.2.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: This is a similar vulnerability to CVE-2006-2507. |
| 5.6 | CVE-2006-2736 BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
Plume CMS -- Plume CMS | PHP remote file inclusion vulnerability in manager/frontinc/prepend.php for Plume 1.0.3 allows remote attackers to execute arbitrary code via a URL in the ?_PX_config[manager_path] parameter. |
| 4.7 | CVE-2006-2645 BUGTRAQ FRSIRT SECTRACK SECUNIA | ||
Pre Projects -- Pre News Manager | Multiple cross-site scripting (XSS) vulnerabilities in Pre News Manager 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. |
| 4.7 | CVE-2006-2678 BUGTRAQ FRSIRT SECUNIA XF | ||
Pre Projects -- Pre News Manager | SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this is primary to CVE-2006-2678. |
| 4.7 | CVE-2006-2763 FRSIRT SECUNIA | ||
PunBB -- PunBB | Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227. |
| 4.9 | CVE-2006-2724 BUGTRAQ OTHER-REF SECTRACK XF | ||
qjstudios -- qjForum | SQL injection vulnerability in member.asp in qjForum allows remote attackers to execute arbitrary SQL commands via the uName parameter. |
| 4.7 | CVE-2006-2638 BUGTRAQ FRSIRT SECUNIA BID | ||
SuSE -- SuSE Linux Enterprise Server SuSE -- SuSE Novell Linux Desktop | The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux Desktop 9 and SUSE SLES 9 has world-readable permissions, which allows attackers to obtain the rc (RedCarpet) password. |
| 4.7 | CVE-2006-2752 SUSE SECUNIA | ||
TikiWiki Project -- TikiWiki | Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "<scr<script>ipt>" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php; and allow remote authenticated users with admin privileges to inject arbitrary web script or HTML via (8) an unspecified field in a metatags action in (e) tiki-admin.php, the (9) offset parameter in (f) tiki-admin_rssmodules.php, the (10) offset and (11) max parameters in (g) tiki-syslog.php, the (12) numrows parameter in (h) tiki-adminusers.php, (13) an unspecified field in (i) tiki-adminusers.php, (14) an unspecified field in (j) tiki-admin_hotwords.php, unspecified fields in (15) "Assign new module" and (16) "Create new user module" in (k) tiki-admin_modules.php, (17) an unspecified field in "Add notification" in (l) tiki-admin_notifications.php, (18) the offset parameter in (m) tiki-admin_notifications.php, the (19) Name and (20) Dsn fields in (o) tiki-admin_dsn.php, the (21) offset parameter in (p) tiki-admin_content_templates.php, (22) an unspecified field in "Create new template" in (q) tiki-admin_content_templates.php, and the (23) offset parameter in (r) tiki-admin_chat.php. |
| 4.7 | CVE-2006-2635 BUGTRAQ BID FRSIRT SECUNIA | ||
UBBCentral -- UBB.threads | PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads 5.x and 6.x allows remote attackers to execute arbitrary PHP code via a URL in the (1) thispath or (2) configdir parameters. |
| 5.6 | CVE-2006-2675 BUGTRAQ BID | ||
V-webmail -- V-webmail | PHP remote file inclusion vulnerability in includes/mailaccess/pop3.php in V-Webmail 1.5 through 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter. |
| 4.9 | CVE-2006-2666 OTHER-REF FRSIRT SECTRACK SECUNIA XF | ||
VMware -- VMware Server | VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges. |
| 4.9 | CVE-2006-2662 OTHER-REF FRSIRT BID | ||
WarpSpeed -- 4nForum | SQL injection vulnerability in modules.php in 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.7 | CVE-2006-2760 FRSIRT SECUNIA | ||
WebCalendar -- WebCalendar | PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a user_inc setting that is used in an include_once call. |
| 4.7 | CVE-2006-2762 FRSIRT SECTRACK SECUNIA BUGTRAQ BID |
Low Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
AGTC Websolutions -- PHP-AGTC Membership System | Cross-site scripting (XSS) vulnerability in adduser.php in PHP-AGTC Membership System 1.1a and earlier allows remote attackers to inject arbitrary web script or HTML via the email address (useremail parameter). |
| 2.8 | CVE-2006-2687 BUGTRAQ BID FRSIRT SECUNIA | ||
aMule -- aMule | Unspecified "information leakage" vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to access arbitrary images, including dynamically generated images, via unknown vectors. |
| 2.3 | CVE-2006-2691 AMULE BID SECUNIA | ||
aMule -- aMule | Multiple unspecified vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to read arbitrary image, HTML, or PHP files via unknown vectors, probably related to directory traversal. |
| 2.3 | CVE-2006-2692 AMULE BID SECUNIA | ||
Andrew Godwin -- ByteHoard | Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via file descriptions. |
| 1.4 | CVE-2006-2632 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
Andrew Godwin -- ByteHoard | Absolute path traversal vulnerability in the copy action in index.php in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to create or overwrite files in other users' directories by specifying the absolute path of the directory in the infolder parameter and simultaneously specifying the filename in the filepath parameter. |
| 1.4 | CVE-2006-2633 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
ASPBB -- ASPBB | Cross-site scripting (XSS) vulnerability in perform_search.asp for ASPBB 0.52 and earlier allows remote attackers to inject arbitrary HTML or web script via the search parameter. |
| 1.9 | CVE-2006-2648 BUGTRAQ BID OTHER-REF FRSIRT SECTRACK SECUNIA | ||
AWStats -- AWStats | AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive. |
| 1.4 | CVE-2006-2644 OTHER-REF OTHER-REF DEBIAN SECUNIA SECUNIA FRSIRT | ||
CalendarScripts.com -- ChatPat | SQL injection vulnerability in ChatPat 1.0 allows remote attackers to execute arbitrary SQL commands via the nickname field. |
| 2.3 | CVE-2006-2671 BUGTRAQ FRSIRT SECUNIA | ||
Chipmunk PHP Scripts -- Chipmunk Guestbook | Cross-site scripting (XSS) vulnerability in Chipmunk guestbook allows remote attackers to inject arbitrary web script or HTML via the (1) start parameter in (a) index.php; (2) forumID parameter in index.php, (b) newtopic.php, and (c) reply.php; and (3) ID parameter to (d) edit.php. |
| 2.3 | CVE-2006-2757 BUGTRAQ BUGTRAQ SECTRACK | ||
Circle R -- Monster Top List | Cross-site scripting (XSS) vulnerability in index.php in Monster Top List (MTL) 1.4 allows remote attackers to inject arbitrary web script or HTML via the user_error_message parameter. |
| 2.3 | CVE-2006-2643 BUGTRAQ | ||
D-Link -- DSA-3100 Airspot Gateway | Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter. |
| 1.9 | CVE-2006-2653 BUGTRAQ EAZEL BID FRSIRT SECTRACK SECUNIA | ||
Double Precision Incorporated -- Courier MTA | libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) characters, which is not properly handled during encoding. |
| 3.3 | CVE-2006-2659 OTHER-REF DEBIAN | ||
Easy-Content Forums -- Easy-Content Forums | Multiple SQL injection vulnerabilities in Easy-Content Forums 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) startletter parameter in userview.asp and the (2) forumname parameter in topics.asp. |
| 3.3 | CVE-2006-2697 BUGTRAQ | ||
Eitsop -- My Web Server | Eitsop My Web Server 1.0 allows remote attackers to cause a denial of service (application crash) via a long GET request. NOTE: CVE analysis suggests that this is a different product, and therefore a different vulnerability, than CVE-2002-1897. |
| 2.3 | CVE-2006-2756 BUGTRAQ BUGTRAQ BID SECUNIA | ||
Epic Designs -- tinyBB | Multiple SQL injection vulnerabilities in Epicdesigns tinyBB 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) q parameter in (a) forgot.php, and the (2) username and (3) password parameters in (b) login.php, and other unspecified vectors. |
| 2.7 | CVE-2006-2740 BUGTRAQ NUKEDX NUKEDX BID FRSIRT SECTRACK SECUNIA | ||
Etype -- EServ | Directory traversal vulnerability in the IMAP service in EServ/3 3.25 allows remote authenticated users to read other user's email messages, create/rename arbitrary directories on the system, and delete empty directories via directory traversal sequences in the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY or (6) APPEND commands. |
| 2.8 | CVE-2006-2308 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
Etype -- EServ | The HTTP service in EServ/3 3.25 allows remote attackers to obtain sensitive information via crafted HTTP requests containing dot, space, and slash characters, which reveals the source code of script files. |
| 1.4 | CVE-2006-2309 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
EVA-Web -- EVA-Web | An unspecified script in EVA-Web 2.1.2 and earlier, probably index.php, allows remote attackers to obtain the full path of the web server via invalid (1) perso or (2) aide parameters. |
| 3.3 | CVE-2006-2690 BLOGSPOT | ||
FreeBSD -- FreeBSD | Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to 6.1 allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences. NOTE: this is similar to CVE-2006-1864, but this is a different implementation of smbfs, so it has a different CVE identifier. |
| 3.3 | CVE-2006-2654 FREEBSD BID SECUNIA OSVDB | ||
FreeType -- FreeType | ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference. |
| 2.3 | CVE-2006-2661 RED HAT | ||
Geeklog -- Geeklog | Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to (1) layout/professional/functions.php or (2) getimage.php. |
| 3.3 | CVE-2006-2698 BUGTRAQ KAPDA GEEKLOG BID FRSIRT SECUNIA | ||
Groupee -- UBB.threads | Cross-site scripting (XSS) vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords. |
| 2.3 | CVE-2006-2755 BUGTRAQ BUGTRAQ OTHER-REF BID | ||
Hogstorps -- Hogstorp Guestbook | admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not verify user credentials, which allows remote attackers to delete arbitrary posts via a modified delID parameter. |
| 3.3 | CVE-2006-2771 ALTERVISTA FRSIRT SECUNIA BID | ||
Hogstorps -- Hogstorp Guestbook | admin/redigera/redigera2.asp in Hogstorps hogstorp Guestbook 2.0 does not verify user credentials, which allows remote attackers to edit arbitrary posts via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 3.3 | CVE-2006-2773 FRSIRT SECUNIA | ||
Interlink Advantage -- Interlink Advantage | Cross-site scripting (XSS) vulnerability in news_information.php in Interlink Advantage allows remote attackers to inject arbitrary web script or HTML via the flag parameter. |
| 1.9 | CVE-2006-2765 BUGTRAQ MLIST XF | ||
Jan Chmelik -- Photoalbum B&W | Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the pic parameter. |
| 1.9 | CVE-2006-2728 BUGTRAQ BID FRSIRT SECUNIA | ||
Jan Chmelik -- Photoalbum B&W | Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the gal parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 1.9 | CVE-2006-2729 FRSIRT SECUNIA | ||
Jetty -- Jetty | Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. |
| 2.3 | CVE-2006-2758 SECTRACK | ||
Jetty -- Jetty | jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations. |
| 2.3 | CVE-2006-2759 SECTRACK | ||
JIWA -- Financials | JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HR_Staff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application's SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords. |
| 2.3 | CVE-2006-2719 BUGTRAQ FULLDISC SECUNIA SECTRACK | ||
Linux -- Linux kernel | Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP platforms, allows local users to cause a denial of service (crash) by creating and exiting a large number of tasks, then accessing the /proc entry of a task that is exiting, which causes memory corruption that leads to a failure in the prune_dcache function or a BUG_ON error in include/linux/list.h. |
| 1.9 | CVE-2006-2629 MLIST | ||
Microsoft -- Internet Explorer | Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, and possibly other programs, allows remote user-complicit attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file. |
| 1.9 | CVE-2006-2766 BUGTRAQ BUGTRAQ BUGTRAQ BID FRSIRT SECUNIA | ||
Mini-Nuke -- Mini-Nuke | membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security codes, which allows remote attackers to register multiple times via automated scripts. |
| 2.3 | CVE-2006-2733 BUGTRAQ OTHER-REF OTHER-REF SECUNIA | ||
Mini-Nuke -- Mini-Nuke | enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote attackers to conduct password guessing attacks by setting the guvenlik parameter to the same value as the hidden gguvenlik parameter, which bypasses a verification step because the gguvenlik parameter is assumed to be immutable by the attacker. |
| 2.3 | CVE-2006-2734 BUGTRAQ OTHER-REF OTHER-REF | ||
Mozilla -- Firefox | Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags. NOTE: a followup post indicated that the initial report could not be verified. |
| 2.3 | CVE-2006-2723 BUGTRAQ BID | ||
Mozilla -- Firefox Mozilla -- Thunderbird | The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow. |
| 2.3 | CVE-2006-2778 OTHER-REF CERT-VN CERT | ||
Mozilla -- SeaMonkey Mozilla -- Firefox | Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control. |
| 2.3 | CVE-2006-2782 OTHER-REF | ||
Mozilla -- Firefox Mozilla -- Thunderbird | Mozilla Firefox and Thunderbird before 1.5.0.4 strips the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT. |
| 2.3 | CVE-2006-2783 OTHER-REF | ||
Mozilla -- Firefox | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-complicit remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL. |
| 2.3 | CVE-2006-2785 OTHER-REF | ||
Neocrome -- Seditio | Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under (LDU) in Neocrome Seditio 102 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer field. |
| 2.3 | CVE-2006-2634 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA | ||
Nivisec -- Hacks List | Directory traversal vulnerability in admin_hacks_list.php in Nivisec Hacks List 1.20 and earlier for phpBB, when register_globals is enabled, allows remote attackers to read arbitrary files via a ".." in the phpEx parameter. |
| 2.7 | CVE-2006-2693 NUKEDX FRSIRT SECUNIA BUGTRAQ BID | ||
Open Searchable Image Catalogue -- Open Searchable Image Catalogue | Cross-site scripting (XSS) vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message. |
| 2.3 | CVE-2006-2750 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID SECTRACK SECUNIA | ||
Open Searchable Image Catalogue -- Open Searchable Image Catalogue | Cross-site scripting (XSS) vulnerability in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary web scripts or HTML via the item_list parameter in search.php. |
| 2.3 | CVE-2006-2751 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF | ||
OpenLDAP -- OpenLDAP | Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname. |
| 2.3 | CVE-2006-2754 OTHER-REF OTHER-REF OTHER-REF OPENPKG FRSIRT OSVDB SECUNIA | ||
PHP -- PHP | The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters. |
| 1.6 | CVE-2006-2563 BUGTRAQ BID OTHER-REF FRSIRT SECTRACK SECUNIA | ||
Php-residence -- Php-residence | ** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in Marco M. F. De Santis Php-residence 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE. |
| 2.3 | CVE-2006-2642 BUGTRAQ BID FRSIRT SECUNIA | ||
phpFoX -- phpFoX | phpFoX allows remote authenticated users to modify arbitrary accounts via a modified NATIO cookie value, possibly the phpfox_user parameter. |
| 1.4 | CVE-2006-2631 BUGTRAQ FRSIRT SECUNIA XF | ||
PHPSimpleChoose -- PHPSimpleChoose | Cross-site scripting (XSS) vulnerability in the input forms in prattmic and Master5006 PHPSimpleChoose 0.3 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. |
| 2.3 | CVE-2006-2639 BUGTRAQ FRSIRT SECUNIA BUGTRAQ | ||
pppBLOG -- pppBLOG | Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an index of the "file" array parameter, as demonstrated by file[0]. |
| 2.7 | CVE-2006-2770 BUGTRAQ ALTERVISTA BID SECUNIA SECTRACK | ||
PreProjects.com -- Pre Shopping Mall | Multiple cross-site scripting (XSS) vulnerabilities in Pre Shopping Mall 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter in search.php (the "search box"), the prodid parameter in detail.php, and the (3) cid parameter in products.php. |
| 2.3 | CVE-2006-2669 BUGTRAQ FRSIRT SECUNIA XF | ||
Secure Elements -- C5 Enterprise Vulnerability Management | Secure Elements Class 5 AVR server and client (aka C5 EVM) before 2.8.1 send messages in cleartext, which allows remote attackers to read sensitive vulnerability information. |
| 2.3 | CVE-2006-2704 OTHER-REF OTHER-REF CERT-VN CERT-VN FRSIRT SECUNIA | ||
Secure Elements -- C5 Enterprise Vulnerability Management | Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows remote attackers to cause an unspecified denial of service via a large number of forged client registration messages. |
| 2.3 | CVE-2006-2705 OTHER-REF CERT-VN FRSIRT SECUNIA | ||
Secure Elements -- Class 5 Enterprise Vulnerability Management | Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows remote attackers to cause a denial of service via forged "session start" messages that cause AVR to connect to arbitrary hosts. |
| 2.3 | CVE-2006-2706 OTHER-REF CERT-VN FRSIRT SECUNIA | ||
Secure Elements -- Class 5 Enterprise Vulnerability Management | Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not validate the peer certificate when obtaining an update, which could allow remote attackers to distribute malicious updates to clients. |
| 1.6 | CVE-2006-2707 OTHER-REF CERT-VN FRSIRT SECUNIA | ||
Secure Elements -- Class 5 Enterprise Vulnerability Management | Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 allows remote attackers to read portions of process memory via a modified size for (1) EM_GET_CE_PARAMETER and (2) EM_SET_CE_PARAMETER messages, which leads to a buffer overflow (probably an over-read). |
| 2.3 | CVE-2006-2708 OTHER-REF CERT-VN CERT-VN FRSIRT SECUNIA | ||
Secure Elements -- Class 5 Enterprise Vulnerability Management | Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 do not validate the source address of a message, which allows remote attackers to (1) execute arbitrary code on a client or (2) forge messages to the server. |
| 2.3 | CVE-2006-2709 OTHER-REF OTHER-REF CERT-VN CERT-VN FRSIRT SECUNIA | ||
Secure Elements -- Class 5 Enterprise Vulnerability Management | Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 uses the same invariant RSA key for all installations, which allows remote attackers with the key to decrypt communications. |
| 2.3 | CVE-2006-2710 OTHER-REF CERT-VN FRSIRT SECUNIA | ||
Secure Elements -- Class 5 Enterprise Vulnerability Management | Secure Elements Class 5 AVR (aka C5 EVM) 2.8.1 and earlier, and possibly later 2.8.x releases, uses the same initialization vector and key for each message session, which allows remote attackers to obtain potentially sensitive information about messages. |
| 2.3 | CVE-2006-2711 OTHER-REF CERT-VN FRSIRT | ||
Secure Elements -- Class 5 Enterprise Vulnerability Management | Secure Elements Class 5 AVR (aka C5 EVM) client and server before 2.8.1 do not verify the integrity of a message digest, which allows remote attackers to modify and replay messages. |
| 2.3 | CVE-2006-2712 OTHER-REF OTHER-REF CERT-VN CERT-VN FRSIRT SECUNIA | ||
Secure Elements -- C5 Enterprise Vulnerability Management | Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 generates predictable CEIDs, which allows remote attackers to determine the CEID of a protected asset, which can be used in other attacks against AVR. |
| 2.3 | CVE-2006-2713 OTHER-REF CERT-VN FRSIRT SECUNIA | ||
Secure Elements -- C5 Enterprise Vulnerability Management | Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 does not validate the CEID of an incoming message, which allows remote attackers to send messages to a protected asset without knowing the proper CEID. |
| 2.3 | CVE-2006-2714 OTHER-REF CERT-VN FRSIRT SECUNIA | ||
Secure Elements -- C5 Enterprise Vulnerability Management | Unspecified vulnerability in Secure Elements Class 5 AVR client and server (aka C5 EVM) before 2.8.1 allows authenticated attackers to overwrite arbitrary files (1) on a server during an update or (2) on a client via modified pathnames, possibly due to a directory traversal issue. |
| 1.4 | CVE-2006-2717 OTHER-REF OTHER-REF CERT-VN CERT-VN FRSIRT SECUNIA | ||
shadow -- shadow | useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox. |
| 3.9 | CVE-2006-1174 MANDRIVA BID FRSIRT OTHER-REF SECUNIA | ||
SiteScape -- SiteScape Forum | Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly earlier generates different responses in a way that allows remote attackers to enumerate valid usernames. |
| 2.3 | CVE-2006-2676 OTHER-REF SECUNIA XF | ||
SiteScape -- SiteScape Forum | SiteScape Forum 7.2 and possibly earlier stores the avf.rc configuraiton file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive path information. |
| 2.3 | CVE-2006-2677 OTHER-REF SECUNIA XF | ||
Snort Project -- Snort | The HTTP Inspect preprocessor in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass "uricontent" rules via a carriage return (\r) after the URL and before the HTTP declaration. |
| 2.3 | CVE-2006-2769 MLIST DEMARC BID OSVDB SECTRACK BUGTRAQ OTHER-REF SECUNIA | ||
SuSE -- SuSE Linux Enterprise Server SuSE -- SuSE Novell Linux Desktop | The RedCarpet command-line client (rug) does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle (MITM) attack. |
| 2.3 | CVE-2006-2703 SUSE BID SECUNIA | ||
TuttoPhp -- Morris Guestbook TuttoPhp -- Pretty Guestbook TuttoPhp -- Smile Guestbook | Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) Morris Guestbook 1, (2) Pretty Guestbook 1, and (3) Smile Guestbook 1 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the pagina parameter. |
| 2.3 | CVE-2006-2637 BUGTRAQ BUGTRAQ BUGTRAQ BID FRSIRT FRSIRT FRSIRT SECUNIA SECUNIA SECUNIA | ||
Vacation Rentals -- Vacation Rental Script | Cross-site scripting (XSS) vulnerability in index.php in Vacation Rental Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the obj parameter. |
| 1.9 | CVE-2006-2651 BUGTRAQ FRSIRT SECUNIA BID | ||
WeOnlyDo! Software -- WeOnlyDo! SFTP | The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for scripting, which allows remote attackers to read and write files in arbitrary locations by accessing the control from a web page. |
| 3.7 | CVE-2006-1175 CERT-VN | ||
WordPress -- WordPress | vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR']. |
| 2.3 | CVE-2006-2702 BUGTRAQ ALTERVISTA FRSIRT SECUNIA XF | ||
Xander Ladage -- GuestbookXL | Cross-site scripting (XSS) vulnerability in GuestbookXL 1.3 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an IMG tag in a comment field to (1) guestwrite.php or (2) guestbook.php. |
| 2.3 | CVE-2006-2764 BUGTRAQ XF | ||
ZipCentral -- ZipCentral | Stack-based buffer overflow in ZipCentral 4.01 allows remote user-complicit attackers to execute arbitrary code via a ZIP archive containing a long filename. |
| 1.9 | CVE-2006-2439 OTHER-REF BID FRSIRT SECUNIA BUGTRAQ SECTRACK |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.