Vulnerability Summary for the Week of May 29, 2006

Released
Jun 05, 2006
Document ID
SB06-156

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Alt-N -- MDaemonBuffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' (double quote).
2006-05-28
2006-05-30
7.0CVE-2006-2646
FULLDISC
BID
SECTRACK
Cosmicphp -- CosmicShoppingCartMultiple cross-site scripting (XSS) vulnerabilities in (a) search.php, (b) search_cat.php, (c) and (d) product_details.php in the cosmicshop directory for CosmicShoppingCart allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, as demonstrated by the (1) query parameter in search.php and the (2) data parameter in search_cat.php.
2005-02-16
2006-05-30
7.0CVE-2006-2649
ZONE-H
FRSIRT
SECUNIA
SECTRACK
XF
Cosmicphp -- CosmicShoppingCartSQL injection vulnerability in cosmicshop/search.php in CosmicShoppingCart allows remote attackers to execute arbitrary SQL commands via the max parameter.
2005-02-16
2006-05-30
7.0CVE-2006-2650
ZONE-H
FRSIRT
SECUNIA
SECTRACK
XF
DoceboLMS -- DoceboLMSMultiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) modules/credits/business.php, (2) modules/credits/credits.php, or (3) modules/credits/help.php.
unknown
2006-05-30
7.0CVE-2006-2668
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
XF
Drupal -- DrupalSQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc.
unknown
2006-06-01
7.0CVE-2006-2742
DRUPAL
FRSIRT
SECUNIA
XF
E-Board -- Elite-BoardCross-site scripting (XSS) vulnerability in search.html in Bulletin Board Elite-Board (E-Board) 1.1 allows remote attackers to inject arbitrary web script or HTML via the search box.
2006-05-24
2006-05-30
7.0CVE-2006-2673
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
Easy-Content Forums -- Easy-Content ForumsCross-site scripting (XSS) vulnerabilities in Easy-Content Forums 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) startletter parameter in userview.asp and the (2) catid parameter in topics.asp.
2006-05-23
2006-05-31
7.0CVE-2006-2696
BUGTRAQ
Enigma Haber -- Enigma HaberMultiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) e_mesaj_yas.asp, (b) edi_haber.asp, and (c) haber_devam.asp; (2) hid parameter in (d) yazdir.asp and (e) yorum.asp, and the (3) e parameter in (f) arsiv.asp. NOTE: with administrator credentials, additional vectors exist including (4) yid parameter to (g) admin/y_admin.asp, (5) bid parameter to (h) admin/reklam_detay.asp, hid parameter to (i) admin/detay_yorum.asp and (j) admin/haber_sil.asp, (6) kid parameter to (k) admin/kategori_d.asp, (7) tur parameter to (l) admin/haber_ekle.asp, (8) s parameter to (m) admin/e_mesaj_yaz.asp, and id parameter to (n) admin/admin_sil.asp.
2006-05-27
2006-06-01
7.0CVE-2006-2731
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Epic Designs -- eggbloghome/register.php in Eggblog before 3.0 allows remote attackers to change the password of administrators and possibly other users via a modified username parameter.
2006-05-27
2006-06-01
7.0CVE-2006-2727
BUGTRAQ
BUGTRAQ
NUKEDX
Epic Designs -- tinyBBCross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 allow remote attackers to inject arbitrary web script or HTML via the q parameter in forgot.php, which is echoed in an error message, and other unspecified vectors.
2006-05-27
2006-06-01
7.0CVE-2006-2741
BUGTRAQ
NUKEDX
NUKEDX
BID
SECTRACK
EVA-Web -- EVA-WebMultiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) debut_image parameter in (a) article-album.php3, (2) date parameter in (b) rubrique.php3, and the (3) perso and (4) aide parameters to (c) an unknown script, probably index.php.
unknown
2006-05-31
7.0CVE-2006-2689
BLOGSPOT
FRSIRT
SECUNIA
BID
F@cile Interactive Web -- F@cile Interactive WebPHP remote file inclusion vulnerability in p-popupgallery.php in F@cile Interactive Web 0.8.41 through 0.8.5 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter.
2006-05-27
2006-06-01
7.0CVE-2006-2744
BUGTRAQ
NUKEDX
NUKEDX
BID
FRSIRT
SECUNIA
F@cile Interactive Web -- F@cile Interactive WebMultiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. NOTE: vectors 2 and 3 might be resultant from file inclusion issues.
2006-05-27
2006-06-01
7.0CVE-2006-2746
BUGTRAQ
NUKEDX
NUKEDX
BID
FRSIRT
SECUNIA
Fastpublish -- Fastpublish CMSPHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d allows remote attackers to include arbitrary files via the config[fsBase] parameter in (1) drucken.php, (2) drucken2.php, (3) email_an_benutzer.php, (4) rechnung.php, (5) suche/search.php and (6) adminbereich/admin.php.
2006-05-29
2006-06-01
7.0CVE-2006-2726
Milw0rm
FRSIRT
SECUNIA
BID
Geeklog -- GeeklogCross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action.
2006-05-28
2006-05-31
7.0CVE-2006-2699
BUGTRAQ
KAPDA
GEEKLOG
BID
FRSIRT
SECUNIA
Geeklog -- GeeklogSQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to story submission.
unknown
2006-05-31
7.0CVE-2006-2701
GEEKLOG
FRSIRT
SECUNIA
Hogstorps -- Hogstorp GuestbookCross-site scripting (XSS) vulnerability in add.asp in Hogstorps hogstorp guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) headline parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
2006-05-04
2006-06-02
7.0CVE-2006-2772
BID
FRSIRT
SECUNIA
IBM -- AIXUntrusted search path vulnerability in update_flash for IBM AIX 5.1, 5.2 and 5.3 allows local users to execute arbitrary commands via unknown vectors involving lsmcode and possibly other commands.
2006-05-26
2006-05-30
7.0CVE-2006-2647
AIXAPAR
AIXAPAR
AIXAPAR
SECTRACK
FRSIRT
SECUNIA
iFusionServices -- iFlanceMultiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 allow remote attackers to inject arbitrary web script or HTML via certain inputs to (1) acc_verify.php or (2) project.php.
unknown
2006-05-30
7.0CVE-2006-2663
BUGTRAQ
FRSIRT
SECUNIA
InterQuest Internet Services -- Realty Pro OneMultiple cross-site scripting (XSS) vulnerabilities in Realty Pro One allow remote attackers to inject arbitrary web script or HTML via the (1) listingid parameter to (a) images.php, (b) index_other.php, or (c) request_info.php; (2) propertyid parameter to (d) searchlookup.php, (3) id parameter to (e) images.php, or (4) agentid parameter to (f) request_info.php. NOTE: some of these issues might be resultant from SQL injection.
2006-05-23
2006-05-30
7.0CVE-2006-2672
BUGTRAQ
FRSIRT
SECUNIA
OSVDB
OSVDB
OSVDB
OSVDB
XF
Katy Whitton -- NewsCMSLitenewsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to gain administrative privileges via a loggedIn cookie with the value "xY1zZoPQ."
2006-05-21
2006-05-30
7.0CVE-2006-2636
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
XF
libTIFF -- libTIFFStack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
2006-05-10
2006-05-30
7.0CVE-2006-2656
VULN-DEV
FEDORA
Mini-Nuke -- Mini-NukeSQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) yas_1, (2) yas_2, and (3) yas_3 parameters.
2006-05-27
2006-06-01
7.0CVE-2006-2732
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Mozilla -- Firefox
Mozilla -- Thunderbird
Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL.
unknown
2006-06-02
7.0CVE-2006-2775
MOZILLA
CERT-VN
CERT
Mozilla -- Firefox
Mozilla -- Thunderbird
Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended.
unknown
2006-06-02
7.0CVE-2006-2776
MOZILLA
CERT-VN
CERT
Mozilla -- SeaMonkey
Mozilla -- Firefox
Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context.
unknown
2006-06-02
7.0CVE-2006-2777
MOZILLA
CERT-VN
CERT
SECUNIA
Mozilla -- Firefox
Mozilla -- Thunderbird
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.
unknown
2006-06-02
7.0CVE-2006-2779
OTHER-REF
CERT-VN
CERT
MySQL -- MySQLSQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.
unknown
2006-06-01
7.0CVE-2006-2753
OTHER-REF
OTHER-REF
SECUNIA
Nukedit -- Nukeditutilities/register.asp in Nukedit 4.9.6 and earlier allows remote attackers to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action.
2006-05-10
2006-06-01
7.0CVE-2006-2737
BUGTRAQ
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
BID
Open-Xchange -- Open-XchangeThe open source version of Open-Xchange 0.8.2 and earlier uses a static default username and password with a valid login shell in the initfile for the ldap-server, which allows remote attackers to access any server where the default has not been changed.
unknown
2006-06-01
7.0CVE-2006-2738
BUGTRAQ
GOLEM
BUGZILLA
FRSIRT
SECUNIA
Out of the Trees -- SelectaPixSQL injection vulnerability in view_album.php in SelectaPix 1.4 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources.
unknown
2006-05-31
7.0CVE-2006-2722
BID
QontentOne -- QontentOne CMSCross-site scripting (XSS) vulnerability in search.php in QontentOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_phrase parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-06-02
7.0CVE-2006-2774
BID
FRSIRT
SECUNIA
ScriptsCenter -- ezUpload ProMultiple PHP remote file inclusion vulnerabilities in EzUpload Pro 2.10 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) form.php, (2) customize.php, and (3) initialize.php.
2006-05-28
2006-05-31
7.0CVE-2006-2694
BUGTRAQ
BID
Secure Elements -- C5 Enterprise Vulnerability ManagementThe Administration Console in Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 does not enforce access control, which allows remote attackers to gain access to servers via the console.
unknown
2006-05-31
7.0CVE-2006-2715
OTHER-REF
CERT-VN
FRSIRT
SECUNIA
Secure Elements -- C5 Enterprise Vulnerability ManagementSecure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 uses a hard-coded user ID and password, which allows remote attackers to gain access to the server.
unknown
2006-05-31
7.0CVE-2006-2716
OTHER-REF
CERT-VN
FRSIRT
SECUNIA
Symantec -- AntiVirus
Symantec -- Client Security
Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors.
2006-05-24
2006-05-27
7.0CVE-2006-2630
EEYE
OTHER-REF
BID
SECTRACK
SECTRACK
BUGTRAQ
CERT-VN
FRSIRT
SECUNIA
Tamber Forum -- Tamber ForumMultiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) frm_id parameter to (a) show_forum.asp, (2) a search field to (b) forum_search.asp, (3) Email address or (4) Password to (c) admin/index.asp, (5) frm_cat_id parameter to (d) browse_forum_cat.asp, or (6) Message Subject or (7) Message Text field to (e) post_message.asp.
2006-05-25
2006-05-30
7.0CVE-2006-2674
BUGTRAQ
typespeed -- typespeedBuffer overflow in the addnewword function in typespeed 0.4.4 and earlier might allow remote attackers to execute arbitrary code via unknown vectors.
unknown
2006-05-31
7.0CVE-2006-1515
DEBIAN
BID
FRSIRT
SECUNIA
SECUNIA
V-Webmail -- V-WebmailPHP remote file inclusion vulnerability in includes/mailaccess/pop3/core.php in V-Webmail 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter.
unknown
2006-05-30
7.0CVE-2006-2665
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
XF
VARIOMAT -- VARIOMATSQL injection vulnerability in news.php in VARIOMAT allows remote attackers to execute arbitrary SQL commands via the subcat parameter.
2006-05-28
2006-05-31
7.0CVE-2006-2720
BUGTRAQ
VARIOMAT -- VARIOMATCross-site scripting (XSS) vulnerability in news.php in VARIOMAT allows remote attackers to inject arbitrary HTML or web script via the subcat parameter. NOTE: this issue might be resultant from SQL injection.
2006-05-28
2006-05-31
7.0CVE-2006-2721
BUGTRAQ
WikiNi -- WikiNiCross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier allows remote attackers to inject arbitrary HTML and web script by editing a Wiki page to contain the script.
2006-03-29
2006-05-30
7.0CVE-2006-2652
BUGTRAQ
OSVDB
WordPress -- WordPressDirect static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument.
unknown
2006-05-30
7.0CVE-2006-2667
OTHER-REF
FRSIRT
SECUNIA
XF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Achievo -- AchievoSQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter.
2006-03-29
2006-05-31
4.7CVE-2006-2688
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
BID
ActionApps -- ActionAppsPHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[AA_INC_PATH] parameter in (1) cached.php3, (2) cron.php3, (3) discussion.php3, (4) filldisc.php3, (5) filler.php3, (6) fillform.php3, (7) go.php3, (8) hiercons.php3, (9) jsview.php3, (10) live_checkbox.php3, (11) offline.php3, (12) post2shtml.php3, (13) search.php3, (14) slice.php3, (15) sql_update.php3, (16) view.php3, (17) multiple files in the (18) admin/ folder, (19) includes/ folder, and (20) modules/ folder.
2006-05-25
2006-05-31
4.7CVE-2006-2686
OTHER-REF
FRSIRT
SECUNIA
Activity MOD Plus -- Activity MOD PlusPHP remote file inclusion vulnerability in language/lang_english/lang_activity.php in Activity MOD Plus (Amod) 1.1.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: This is a similar vulnerability to CVE-2006-2507.
2006-05-27
2006-06-01
5.6CVE-2006-2735
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Back-End -- Back-End CMSPHP remote file inclusion vulnerability in BE_config.php in Back-End CMS 0.7.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _PSL[classdir] parameter.
2006-05-25
2006-05-31
4.7CVE-2006-2682
OTHER-REF
FRSIRT
SECUNIA
XF
CalendarScripts.com -- ChatPatCross-site scripting (XSS) vulnerability in ChatPat 1.0 allows remote attackers to inject arbitrary web script or HTML via a chat message.
unknown
2006-05-30
4.7CVE-2006-2670
BUGTRAQ
FRSIRT
SECUNIA
Cisco -- VPN ClientUnspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265.
2006-05-24
2006-05-31
4.2CVE-2006-2679
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
Creative Digital Resources -- SocketMailPHP remote file inclusion vulnerability in SocketMail Lite and Pro 2.2.6 and earlier, when register_globals and magic_quotes are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) index.php and (2) inc-common.php.
2006-05-23
2006-05-31
4.7CVE-2006-2681
OTHER-REF
FRSIRT
SECUNIA
XF
DGNews -- DGNewsadmin/upprocess.php in DGNews 1.5 and earlier allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory.
unknown
2006-05-31
5.6CVE-2006-2695
BLOGSPOT
FRSIRT
SECUNIA
DIA -- DIAMultiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480.
unknown
2006-05-28
4.9CVE-2006-2453
SECUNIA
OTHER-REF
OTHER-REF
FEDORA
MANDRIVA
UBUNTU
BID
SECUNIA
Drupal -- DrupalDrupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
2006-05-24
2006-06-01
5.6CVE-2006-2743
Milw0rm
DRUPAL
FRSIRT
SECUNIA
XF
Epic Designs -- eggblogSQL injection vulnerability in rss/posts.php in Eggblog before 3.07 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2006-06-01
4.7CVE-2006-2725
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Epic Designs -- tinyBBPHP remote file inclusion vulnerability in footers.php in Epicdesigns tinyBB 0.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the tinybb_footers parameter.
2006-05-27
2006-06-01
5.6CVE-2006-2739
BUGTRAQ
NUKEDX
NUKEDX
BID
FRSIRT
SECTRACK
SECUNIA
F@cile Interactive Web -- F@cile Interactive WebMultiple PHP remote file inclusion vulnerabilities in F@cile Interactive Web 0.8.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) pathfile parameter in (a) p-editpage.php and (b) p-editbox.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao.
2006-05-27
2006-06-01
5.6CVE-2006-2745
BUGTRAQ
NUKEDX
NUKEDX
BID
FRSIRT
SECUNIA
Fredi Bach -- PhpMyDesktop|arcadeDirectory traversal vulnerability in index.php in PhpMyDesktop|arcade 1.0 FINAL allows remote attackers to read arbitrary files or execute PHP code via a .. (dot dot) sequence and trailing null (%00) byte in the subsite parameter in a showsubsite todo.
2006-05-29
2006-06-01
5.6CVE-2006-2747
BUGTRAQ
FRSIRT
SECTRACK
SECUNIA
FreeBSD -- FreeBSDThe build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally disables access restrictions when using the /var/yp/securenets file, which allows remote attackers to bypass intended access restrictions.
2006-05-31
2006-06-01
4.7CVE-2006-2655
FREEBSD
BID
SECUNIA
SECTRACK
Geeklog -- GeeklogSQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the loginname parameter.
2006-05-28
2006-05-31
5.6CVE-2006-2700
BUGTRAQ
KAPDA
GEEKLOG
BID
FRSIRT
SECUNIA
Hitachi -- HITSENSER3SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, HITSENSER3/PUP, HITSENSER3/STP, and HITSENSER3/EUP allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
2006-05-31
2006-06-01
4.7CVE-2006-2761
OTHER-REF
FRSIRT
SECUNIA
Hot Open Tickets -- Hot Open TicketsPHP remote file inclusion vulnerability in admin/lib_action_step.php in Hot Open Tickets (HOT) 11012004_ver2f, when register_globals is enabled, allows remote attackers to include arbitrary files via the GLOBALS[CLASS_PATH] parameter. NOTE: this issue might be resultant from a global overwrite vulnerability.
unknown
2006-06-01
5.6CVE-2006-2730
OTHER-REF
BID
FRSIRT
SECUNIA
Hotwebscripts -- CMS MundoCross-site scripting (XSS) vulnerability in the search module in CMS Mundo 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.
2006-05-24
2006-05-31
4.7CVE-2006-2684
BUGTRAQ
FRSIRT
SECUNIA
XF
iFdate.com -- iFdateCross-site scripting (XSS) vulnerability in iFdate 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) password fields, or certain other input text boxes.
unknown
2006-05-30
4.7CVE-2006-2664
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
IPW Systems -- METAjourPHP remote file inclusion vulnerability in METAjour 2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) system_path parameter in a large number of files in the (a) app/edocument/, (b) app/eproject/, (c) app/erek/, and (d) extension/ directories, and the (2) GLOBALS[system_path] parameter in (e) extension/sitemap/sitemap.datatype.php.
2006-05-31
2006-06-02
5.6CVE-2006-2768
Milw0rm
BID
FRSIRT
SECUNIA
JIWA -- FinancialsJIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrated by using a stored procedure that provides the username and cleartext password of every account.
unknown
2006-05-31
4.2CVE-2006-2718
BUGTRAQ
FULLDISC
SECUNIA
BUGTRAQ
SECTRACK
John Frank -- Asset Manager** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in John Frank Asset Manager (AssetMan) 2.4a and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE.
2006-05-23
2006-05-30
4.7CVE-2006-2641
BUGTRAQ
BID
FRSIRT
SECUNIA
Kevin Johnson -- Basic Analysis and Security Engine (BASE)PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.php, (2) base_stat_common.php, and (3) includes/base_include.inc.php.
2006-05-25
2006-05-31
4.7CVE-2006-2685
OTHER-REF
FRSIRT
SECUNIA
OSVDB
XF
Mozilla -- Firefox
Mozilla -- Thunderbird
Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption.
unknown
2006-06-02
4.7CVE-2006-2780
OTHER-REF
CERT-VN
CERT
Mozilla -- SeaMonkey
Mozilla -- Thunderbird
Double-free vulnerability in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters.
unknown
2006-06-02
4.7CVE-2006-2781
OTHER-REF
SECUNIA
Mozilla -- FirefoxThe PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-complicit attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site.
unknown
2006-06-02
5.6CVE-2006-2784
OTHER-REF
Omegasoft -- INterneSErvicesLosungenCross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allows remote attackers to inject arbitrary web script or HTML via the WCE parameter.
2006-05-26
2006-05-30
4.7CVE-2006-2640
BUGTRAQ
Open Searchable Image Catalogue -- Open Searchable Image CatalogueSQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the (1) type parameter in adminfunctions.php and the (2) catalogue_id parameter in editcatalogue.php.
unknown
2006-06-01
4.7CVE-2006-2748
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
Open Searchable Image Catalogue -- Open Searchable Image CatalogueSQL injection vulnerability in search.php in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the (1) txtCustomField and (2) CustomFieldID array parameters.
unknown
2006-06-01
4.7CVE-2006-2749
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
Open-Medium -- Open-Medium CMSPHP remote file inclusion vulnerability in 404.php in open-medium.CMS 0.25 allows remote attackers to execute arbitrary PHP code via a URL in the REDSYS[MYPATH][TEMPLATES] parameter.
2006-05-25
2006-05-31
4.7CVE-2006-2683
OTHER-REF
FRSIRT
SECUNIA
Ottoman -- OttomanPHP remote file inclusion vulnerability in Ottomanpath 1.1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the default_path parameter in (1) error.php, (2) index.php, and (3) classes/main_class.php.
unknown
2006-06-02
5.6CVE-2006-2767
OTHER-REF
BID
FRSIRT
SECUNIA
Php4script -- AZ Photo Album Script ProCross-site scripting (XSS) vulnerability in index.php in AZ Photo Album Script Pro allows remote attackers to inject arbitrary web script or HTML via the gazpart parameter.
unknown
2006-05-31
4.7CVE-2006-2680
BUGTRAQ
FRSIRT
SECUNIA
XF
phpbb-portal -- Blend PortalPHP remote file inclusion vulnerability in blend_data/blend_common.php in Blend Portal 1.2.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: This is a similar vulnerability to CVE-2006-2507.
2006-05-28
2006-06-01
5.6CVE-2006-2736
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Plume CMS -- Plume CMSPHP remote file inclusion vulnerability in manager/frontinc/prepend.php for Plume 1.0.3 allows remote attackers to execute arbitrary code via a URL in the ?_PX_config[manager_path] parameter.
2006-05-26
2006-05-30
4.7CVE-2006-2645
BUGTRAQ
FRSIRT
SECTRACK
SECUNIA
Pre Projects -- Pre News ManagerMultiple cross-site scripting (XSS) vulnerabilities in Pre News Manager 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php.
2006-05-24
2006-05-31
4.7CVE-2006-2678
BUGTRAQ
FRSIRT
SECUNIA
XF
Pre Projects -- Pre News ManagerSQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this is primary to CVE-2006-2678.
2006-05-26
2006-06-01
4.7CVE-2006-2763
FRSIRT
SECUNIA
PunBB -- PunBBCross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227.
unknown
2006-05-31
4.9CVE-2006-2724
BUGTRAQ
OTHER-REF
SECTRACK
XF
qjstudios -- qjForumSQL injection vulnerability in member.asp in qjForum allows remote attackers to execute arbitrary SQL commands via the uName parameter.
2006-05-25
2006-05-30
4.7CVE-2006-2638
BUGTRAQ
FRSIRT
SECUNIA
BID
SuSE -- SuSE Linux Enterprise Server
SuSE -- SuSE Novell Linux Desktop
The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux Desktop 9 and SUSE SLES 9 has world-readable permissions, which allows attackers to obtain the rc (RedCarpet) password.
unknown
2006-06-01
4.7CVE-2006-2752
SUSE
SECUNIA
TikiWiki Project -- TikiWikiMultiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "<scr<script>ipt>" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php; and allow remote authenticated users with admin privileges to inject arbitrary web script or HTML via (8) an unspecified field in a metatags action in (e) tiki-admin.php, the (9) offset parameter in (f) tiki-admin_rssmodules.php, the (10) offset and (11) max parameters in (g) tiki-syslog.php, the (12) numrows parameter in (h) tiki-adminusers.php, (13) an unspecified field in (i) tiki-adminusers.php, (14) an unspecified field in (j) tiki-admin_hotwords.php, unspecified fields in (15) "Assign new module" and (16) "Create new user module" in (k) tiki-admin_modules.php, (17) an unspecified field in "Add notification" in (l) tiki-admin_notifications.php, (18) the offset parameter in (m) tiki-admin_notifications.php, the (19) Name and (20) Dsn fields in (o) tiki-admin_dsn.php, the (21) offset parameter in (p) tiki-admin_content_templates.php, (22) an unspecified field in "Create new template" in (q) tiki-admin_content_templates.php, and the (23) offset parameter in (r) tiki-admin_chat.php.
2006-05-25
2006-05-30
4.7CVE-2006-2635
BUGTRAQ
BID
FRSIRT
SECUNIA
UBBCentral -- UBB.threadsPHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads 5.x and 6.x allows remote attackers to execute arbitrary PHP code via a URL in the (1) thispath or (2) configdir parameters.
2006-05-27
2006-05-30
5.6CVE-2006-2675
BUGTRAQ
BID
V-webmail -- V-webmailPHP remote file inclusion vulnerability in includes/mailaccess/pop3.php in V-Webmail 1.5 through 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter.
unknown
2006-05-30
4.9CVE-2006-2666
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
XF
VMware -- VMware ServerVMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges.
unknown
2006-06-02
4.9CVE-2006-2662
OTHER-REF
FRSIRT
BID
WarpSpeed -- 4nForumSQL injection vulnerability in modules.php in 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
2006-05-31
2006-06-01
4.7CVE-2006-2760
FRSIRT
SECUNIA
WebCalendar -- WebCalendarPHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a user_inc setting that is used in an include_once call.
2006-05-31
2006-06-01
4.7CVE-2006-2762
FRSIRT
SECTRACK
SECUNIA
BUGTRAQ
BID

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
AGTC Websolutions -- PHP-AGTC Membership SystemCross-site scripting (XSS) vulnerability in adduser.php in PHP-AGTC Membership System 1.1a and earlier allows remote attackers to inject arbitrary web script or HTML via the email address (useremail parameter).
2006-05-23
2006-05-31
2.8CVE-2006-2687
BUGTRAQ
BID
FRSIRT
SECUNIA
aMule -- aMuleUnspecified "information leakage" vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to access arbitrary images, including dynamically generated images, via unknown vectors.
unknown
2006-05-31
2.3CVE-2006-2691
AMULE
BID
SECUNIA
aMule -- aMuleMultiple unspecified vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to read arbitrary image, HTML, or PHP files via unknown vectors, probably related to directory traversal.
unknown
2006-05-31
2.3CVE-2006-2692
AMULE
BID
SECUNIA
Andrew Godwin -- ByteHoardCross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via file descriptions.
unknown
2006-05-30
1.4CVE-2006-2632
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Andrew Godwin -- ByteHoardAbsolute path traversal vulnerability in the copy action in index.php in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to create or overwrite files in other users' directories by specifying the absolute path of the directory in the infolder parameter and simultaneously specifying the filename in the filepath parameter.
unknown
2006-05-30
1.4CVE-2006-2633
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
ASPBB -- ASPBBCross-site scripting (XSS) vulnerability in perform_search.asp for ASPBB 0.52 and earlier allows remote attackers to inject arbitrary HTML or web script via the search parameter.
2006-05-28
2006-05-30
1.9CVE-2006-2648
BUGTRAQ
BID
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
AWStats -- AWStatsAWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive.
2006-05-26
2006-05-30
1.4CVE-2006-2644
OTHER-REF
OTHER-REF
DEBIAN
SECUNIA
SECUNIA
FRSIRT
CalendarScripts.com -- ChatPatSQL injection vulnerability in ChatPat 1.0 allows remote attackers to execute arbitrary SQL commands via the nickname field.
2006-05-23
2006-05-30
2.3CVE-2006-2671
BUGTRAQ
FRSIRT
SECUNIA
Chipmunk PHP Scripts -- Chipmunk GuestbookCross-site scripting (XSS) vulnerability in Chipmunk guestbook allows remote attackers to inject arbitrary web script or HTML via the (1) start parameter in (a) index.php; (2) forumID parameter in index.php, (b) newtopic.php, and (c) reply.php; and (3) ID parameter to (d) edit.php.
2006-05-27
2006-06-01
2.3CVE-2006-2757
BUGTRAQ
BUGTRAQ
SECTRACK
Circle R -- Monster Top ListCross-site scripting (XSS) vulnerability in index.php in Monster Top List (MTL) 1.4 allows remote attackers to inject arbitrary web script or HTML via the user_error_message parameter.
2006-05-25
2006-05-30
2.3CVE-2006-2643
BUGTRAQ
D-Link -- DSA-3100 Airspot GatewayCross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter.
unknown
2006-05-30
1.9CVE-2006-2653
BUGTRAQ
EAZEL
BID
FRSIRT
SECTRACK
SECUNIA
Double Precision Incorporated -- Courier MTAlibs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) characters, which is not properly handled during encoding.
unknown
2006-05-30
3.3CVE-2006-2659
OTHER-REF
DEBIAN
Easy-Content Forums -- Easy-Content ForumsMultiple SQL injection vulnerabilities in Easy-Content Forums 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) startletter parameter in userview.asp and the (2) forumname parameter in topics.asp.
2006-05-23
2006-05-31
3.3CVE-2006-2697
BUGTRAQ
Eitsop -- My Web ServerEitsop My Web Server 1.0 allows remote attackers to cause a denial of service (application crash) via a long GET request. NOTE: CVE analysis suggests that this is a different product, and therefore a different vulnerability, than CVE-2002-1897.
2006-05-25
2006-06-01
2.3CVE-2006-2756
BUGTRAQ
BUGTRAQ
BID
SECUNIA
Epic Designs -- tinyBBMultiple SQL injection vulnerabilities in Epicdesigns tinyBB 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) q parameter in (a) forgot.php, and the (2) username and (3) password parameters in (b) login.php, and other unspecified vectors.
2006-05-27
2006-06-01
2.7CVE-2006-2740
BUGTRAQ
NUKEDX
NUKEDX
BID
FRSIRT
SECTRACK
SECUNIA
Etype -- EServDirectory traversal vulnerability in the IMAP service in EServ/3 3.25 allows remote authenticated users to read other user's email messages, create/rename arbitrary directories on the system, and delete empty directories via directory traversal sequences in the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY or (6) APPEND commands.
2006-05-15
2006-06-01
2.8CVE-2006-2308
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Etype -- EServThe HTTP service in EServ/3 3.25 allows remote attackers to obtain sensitive information via crafted HTTP requests containing dot, space, and slash characters, which reveals the source code of script files.
2006-05-15
2006-06-01
1.4CVE-2006-2309
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
EVA-Web -- EVA-WebAn unspecified script in EVA-Web 2.1.2 and earlier, probably index.php, allows remote attackers to obtain the full path of the web server via invalid (1) perso or (2) aide parameters.
unknown
2006-05-31
3.3CVE-2006-2690
BLOGSPOT
FreeBSD -- FreeBSDDirectory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to 6.1 allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences. NOTE: this is similar to CVE-2006-1864, but this is a different implementation of smbfs, so it has a different CVE identifier.
2006-05-31
2006-06-01
3.3CVE-2006-2654
FREEBSD
BID
SECUNIA
OSVDB
FreeType -- FreeTypeftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference.
unknown
2006-05-30
2.3CVE-2006-2661
RED HAT
Geeklog -- GeeklogGeeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to (1) layout/professional/functions.php or (2) getimage.php.
2006-05-28
2006-05-31
3.3CVE-2006-2698
BUGTRAQ
KAPDA
GEEKLOG
BID
FRSIRT
SECUNIA
Groupee -- UBB.threadsCross-site scripting (XSS) vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords.
2006-05-06
2006-06-01
2.3CVE-2006-2755
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
Hogstorps -- Hogstorp Guestbookadmin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not verify user credentials, which allows remote attackers to delete arbitrary posts via a modified delID parameter.
2006-05-04
2006-06-02
3.3CVE-2006-2771
ALTERVISTA
FRSIRT
SECUNIA
BID
Hogstorps -- Hogstorp Guestbookadmin/redigera/redigera2.asp in Hogstorps hogstorp Guestbook 2.0 does not verify user credentials, which allows remote attackers to edit arbitrary posts via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
2006-05-04
2006-06-02
3.3CVE-2006-2773
FRSIRT
SECUNIA
Interlink Advantage -- Interlink AdvantageCross-site scripting (XSS) vulnerability in news_information.php in Interlink Advantage allows remote attackers to inject arbitrary web script or HTML via the flag parameter.
unknown
2006-06-01
1.9CVE-2006-2765
BUGTRAQ
MLIST
XF
Jan Chmelik -- Photoalbum B&WCross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the pic parameter.
2006-05-28
2006-06-01
1.9CVE-2006-2728
BUGTRAQ
BID
FRSIRT
SECUNIA
Jan Chmelik -- Photoalbum B&WCross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the gal parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-06-01
1.9CVE-2006-2729
FRSIRT
SECUNIA
Jetty -- JettyDirectory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL.
2006-05-29
2006-06-01
2.3CVE-2006-2758
SECTRACK
Jetty -- Jettyjetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations.
2006-05-15
2006-06-01
2.3CVE-2006-2759
SECTRACK
JIWA -- FinancialsJIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HR_Staff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application's SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords.
2006-05-28
2006-05-31
2.3CVE-2006-2719
BUGTRAQ
FULLDISC
SECUNIA
SECTRACK
Linux -- Linux kernelRace condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP platforms, allows local users to cause a denial of service (crash) by creating and exiting a large number of tasks, then accessing the /proc entry of a task that is exiting, which causes memory corruption that leads to a failure in the prune_dcache function or a BUG_ON error in include/linux/list.h.
unknown
2006-05-27
1.9CVE-2006-2629
MLIST
Microsoft -- Internet ExplorerBuffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, and possibly other programs, allows remote user-complicit attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.
unknown
2006-06-02
1.9CVE-2006-2766
BUGTRAQ
BUGTRAQ
BUGTRAQ
BID
FRSIRT
SECUNIA
Mini-Nuke -- Mini-Nukemembership.asp in Mini-Nuke 2.3 and earlier uses plaintext security codes, which allows remote attackers to register multiple times via automated scripts.
2006-05-27
2006-06-01
2.3CVE-2006-2733
BUGTRAQ
OTHER-REF
OTHER-REF
SECUNIA
Mini-Nuke -- Mini-Nukeenter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote attackers to conduct password guessing attacks by setting the guvenlik parameter to the same value as the hidden gguvenlik parameter, which bypasses a verification step because the gguvenlik parameter is assumed to be immutable by the attacker.
2006-05-27
2006-06-01
2.3CVE-2006-2734
BUGTRAQ
OTHER-REF
OTHER-REF
Mozilla -- FirefoxUnspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags. NOTE: a followup post indicated that the initial report could not be verified.
unknown
2006-05-31
2.3CVE-2006-2723
BUGTRAQ
BID
Mozilla -- Firefox
Mozilla -- Thunderbird
The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.
unknown
2006-06-02
2.3CVE-2006-2778
OTHER-REF
CERT-VN
CERT
Mozilla -- SeaMonkey
Mozilla -- Firefox
Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control.
unknown
2006-06-02
2.3CVE-2006-2782
OTHER-REF
Mozilla -- Firefox
Mozilla -- Thunderbird
Mozilla Firefox and Thunderbird before 1.5.0.4 strips the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT.
unknown
2006-06-02
2.3CVE-2006-2783
OTHER-REF
Mozilla -- FirefoxCross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-complicit remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL.
unknown
2006-06-02
2.3CVE-2006-2785
OTHER-REF
Neocrome -- SeditioCross-site scripting (XSS) vulnerability in Neocrome Land Down Under (LDU) in Neocrome Seditio 102 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer field.
unknown
2006-05-30
2.3CVE-2006-2634
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Nivisec -- Hacks ListDirectory traversal vulnerability in admin_hacks_list.php in Nivisec Hacks List 1.20 and earlier for phpBB, when register_globals is enabled, allows remote attackers to read arbitrary files via a ".." in the phpEx parameter.
2006-05-27
2006-05-31
2.7CVE-2006-2693
NUKEDX
FRSIRT
SECUNIA
BUGTRAQ
BID
Open Searchable Image Catalogue -- Open Searchable Image CatalogueCross-site scripting (XSS) vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message.
unknown
2006-06-01
2.3CVE-2006-2750
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
Open Searchable Image Catalogue -- Open Searchable Image CatalogueCross-site scripting (XSS) vulnerability in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary web scripts or HTML via the item_list parameter in search.php.
unknown
2006-06-01
2.3CVE-2006-2751
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
OpenLDAP -- OpenLDAPStack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname.
2006-05-19
2006-06-01
2.3CVE-2006-2754
OTHER-REF
OTHER-REF
OTHER-REF
OPENPKG
FRSIRT
OSVDB
SECUNIA
PHP -- PHPThe cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters.
2006-05-15
2006-05-29
1.6CVE-2006-2563
BUGTRAQ
BID
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Php-residence -- Php-residence** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in Marco M. F. De Santis Php-residence 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE.
2006-05-23
2006-05-30
2.3CVE-2006-2642
BUGTRAQ
BID
FRSIRT
SECUNIA
phpFoX -- phpFoXphpFoX allows remote authenticated users to modify arbitrary accounts via a modified NATIO cookie value, possibly the phpfox_user parameter.
2006-05-20
2006-05-27
1.4CVE-2006-2631
BUGTRAQ
FRSIRT
SECUNIA
XF
PHPSimpleChoose -- PHPSimpleChooseCross-site scripting (XSS) vulnerability in the input forms in prattmic and Master5006 PHPSimpleChoose 0.3 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element.
2006-05-24
2006-05-30
2.3CVE-2006-2639
BUGTRAQ
FRSIRT
SECUNIA
BUGTRAQ
pppBLOG -- pppBLOGDirectory traversal vulnerability in randompic.php in pppBLOG 0.3.8 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an index of the "file" array parameter, as demonstrated by file[0].
unknown
2006-06-02
2.7CVE-2006-2770
BUGTRAQ
ALTERVISTA
BID
SECUNIA
SECTRACK
PreProjects.com -- Pre Shopping MallMultiple cross-site scripting (XSS) vulnerabilities in Pre Shopping Mall 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter in search.php (the "search box"), the prodid parameter in detail.php, and the (3) cid parameter in products.php.
unknown
2006-05-30
2.3CVE-2006-2669
BUGTRAQ
FRSIRT
SECUNIA
XF
Secure Elements -- C5 Enterprise Vulnerability ManagementSecure Elements Class 5 AVR server and client (aka C5 EVM) before 2.8.1 send messages in cleartext, which allows remote attackers to read sensitive vulnerability information.
unknown
2006-05-31
2.3CVE-2006-2704
OTHER-REF
OTHER-REF
CERT-VN
CERT-VN
FRSIRT
SECUNIA
Secure Elements -- C5 Enterprise Vulnerability ManagementSecure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows remote attackers to cause an unspecified denial of service via a large number of forged client registration messages.
unknown
2006-05-31
2.3CVE-2006-2705
OTHER-REF
CERT-VN
FRSIRT
SECUNIA
Secure Elements -- Class 5 Enterprise Vulnerability ManagementSecure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows remote attackers to cause a denial of service via forged "session start" messages that cause AVR to connect to arbitrary hosts.
unknown
2006-05-31
2.3CVE-2006-2706
OTHER-REF
CERT-VN
FRSIRT
SECUNIA
Secure Elements -- Class 5 Enterprise Vulnerability ManagementSecure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not validate the peer certificate when obtaining an update, which could allow remote attackers to distribute malicious updates to clients.
unknown
2006-05-31
1.6CVE-2006-2707
OTHER-REF
CERT-VN
FRSIRT
SECUNIA
Secure Elements -- Class 5 Enterprise Vulnerability ManagementSecure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 allows remote attackers to read portions of process memory via a modified size for (1) EM_GET_CE_PARAMETER and (2) EM_SET_CE_PARAMETER messages, which leads to a buffer overflow (probably an over-read).
unknown
2006-05-31
2.3CVE-2006-2708
OTHER-REF
CERT-VN
CERT-VN
FRSIRT
SECUNIA
Secure Elements -- Class 5 Enterprise Vulnerability ManagementSecure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 do not validate the source address of a message, which allows remote attackers to (1) execute arbitrary code on a client or (2) forge messages to the server.
unknown
2006-05-31
2.3CVE-2006-2709
OTHER-REF
OTHER-REF
CERT-VN
CERT-VN
FRSIRT
SECUNIA
Secure Elements -- Class 5 Enterprise Vulnerability ManagementSecure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 uses the same invariant RSA key for all installations, which allows remote attackers with the key to decrypt communications.
unknown
2006-05-31
2.3CVE-2006-2710
OTHER-REF
CERT-VN
FRSIRT
SECUNIA
Secure Elements -- Class 5 Enterprise Vulnerability ManagementSecure Elements Class 5 AVR (aka C5 EVM) 2.8.1 and earlier, and possibly later 2.8.x releases, uses the same initialization vector and key for each message session, which allows remote attackers to obtain potentially sensitive information about messages.
unknown
2006-05-31
2.3CVE-2006-2711
OTHER-REF
CERT-VN
FRSIRT
Secure Elements -- Class 5 Enterprise Vulnerability ManagementSecure Elements Class 5 AVR (aka C5 EVM) client and server before 2.8.1 do not verify the integrity of a message digest, which allows remote attackers to modify and replay messages.
unknown
2006-05-31
2.3CVE-2006-2712
OTHER-REF
OTHER-REF
CERT-VN
CERT-VN
FRSIRT
SECUNIA
Secure Elements -- C5 Enterprise Vulnerability ManagementSecure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 generates predictable CEIDs, which allows remote attackers to determine the CEID of a protected asset, which can be used in other attacks against AVR.
unknown
2006-05-31
2.3CVE-2006-2713
OTHER-REF
CERT-VN
FRSIRT
SECUNIA
Secure Elements -- C5 Enterprise Vulnerability ManagementSecure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 does not validate the CEID of an incoming message, which allows remote attackers to send messages to a protected asset without knowing the proper CEID.
unknown
2006-05-31
2.3CVE-2006-2714
OTHER-REF
CERT-VN
FRSIRT
SECUNIA
Secure Elements -- C5 Enterprise Vulnerability ManagementUnspecified vulnerability in Secure Elements Class 5 AVR client and server (aka C5 EVM) before 2.8.1 allows authenticated attackers to overwrite arbitrary files (1) on a server during an update or (2) on a client via modified pathnames, possibly due to a directory traversal issue.
unknown
2006-05-31
1.4CVE-2006-2717
OTHER-REF
OTHER-REF
CERT-VN
CERT-VN
FRSIRT
SECUNIA
shadow -- shadowuseradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.
unknown
2006-05-28
3.9CVE-2006-1174
MANDRIVA
BID
FRSIRT
OTHER-REF
SECUNIA
SiteScape -- SiteScape ForumDispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly earlier generates different responses in a way that allows remote attackers to enumerate valid usernames.
2006-05-19
2006-05-31
2.3CVE-2006-2676
OTHER-REF
SECUNIA
XF
SiteScape -- SiteScape ForumSiteScape Forum 7.2 and possibly earlier stores the avf.rc configuraiton file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive path information.
2006-05-19
2006-05-31
2.3CVE-2006-2677
OTHER-REF
SECUNIA
XF
Snort Project -- SnortThe HTTP Inspect preprocessor in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass "uricontent" rules via a carriage return (\r) after the URL and before the HTTP declaration.
unknown
2006-06-02
2.3CVE-2006-2769
MLIST
DEMARC
BID
OSVDB
SECTRACK
BUGTRAQ
OTHER-REF
SECUNIA
SuSE -- SuSE Linux Enterprise Server
SuSE -- SuSE Novell Linux Desktop
The RedCarpet command-line client (rug) does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle (MITM) attack.
unknown
2006-06-01
2.3CVE-2006-2703
SUSE
BID
SECUNIA
TuttoPhp -- Morris Guestbook
TuttoPhp -- Pretty Guestbook
TuttoPhp -- Smile Guestbook
Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) Morris Guestbook 1, (2) Pretty Guestbook 1, and (3) Smile Guestbook 1 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the pagina parameter.
2006-05-26
2006-05-30
2.3CVE-2006-2637
BUGTRAQ
BUGTRAQ
BUGTRAQ
BID
FRSIRT
FRSIRT
FRSIRT
SECUNIA
SECUNIA
SECUNIA
Vacation Rentals -- Vacation Rental ScriptCross-site scripting (XSS) vulnerability in index.php in Vacation Rental Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the obj parameter.
2006-05-25
2006-05-30
1.9CVE-2006-2651
BUGTRAQ
FRSIRT
SECUNIA
BID
WeOnlyDo! Software -- WeOnlyDo! SFTPThe WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for scripting, which allows remote attackers to read and write files in arbitrary locations by accessing the control from a web page.
unknown
2006-05-31
3.7CVE-2006-1175
CERT-VN
WordPress -- WordPressvars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR'].
2006-05-25
2006-05-31
2.3CVE-2006-2702
BUGTRAQ
ALTERVISTA
FRSIRT
SECUNIA
XF
Xander Ladage -- GuestbookXLCross-site scripting (XSS) vulnerability in GuestbookXL 1.3 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an IMG tag in a comment field to (1) guestwrite.php or (2) guestbook.php.
unknown
2006-06-01
2.3CVE-2006-2764
BUGTRAQ
XF
ZipCentral -- ZipCentralStack-based buffer overflow in ZipCentral 4.01 allows remote user-complicit attackers to execute arbitrary code via a ZIP archive containing a long filename.
unknown
2006-06-01
1.9CVE-2006-2439
OTHER-REF
BID
FRSIRT
SECUNIA
BUGTRAQ
SECTRACK

Back to top

 

 

 

 

Last updated June 05, 2006

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.