Vulnerability Summary for the Week of October 9, 2006

Released
Oct 16, 2006
Document ID
SB06-289

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
4homepages -- 4imagesSQL injection vulnerability in search.php in 4images 1.7.x allows remote authenticated users to execute arbitrary SQL commands via the search_user parameter.
2006-09-15
2006-10-10
7.0CVE-2006-5236
BUGTRAQ
OTHER-REF
OTHER-REF
BID
XF
AAIportal -- AAIportalMultiple SQL injection vulnerabilities in AAIportal before 1.4.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2006-10-10
7.0CVE-2006-5225
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Adobe -- ColdFusion MXUnspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors.
unknown
2006-10-10
7.0CVE-2006-3978
OTHER-REF
Adobe -- Contribute Publishing ServerAdobe Contribute Publishing Server leaks the administrator password in logs that are created during product installation, which allows local users to gain privileges to the server.
unknown
2006-10-10
7.0CVE-2006-5199
ADOBE
AOL -- YGP Screensaver ActiveX ControlBuffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors.
unknown
2006-10-10
7.0CVE-2006-3887
OTHER-REF
CERT-VN
AOL -- YGP Pic Downloader ActiveX ControlBuffer overflow in AOL You've Got Pictures (YGP) Pic Downloader ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors.
unknown
2006-10-10
7.0CVE-2006-3888
OTHER-REF
CERT-VN
AOL -- AOL Security EditionBuffer overflow in the YGPPDownload ActiveX Control (AOL.PicDownloadCtrl.1, YGPPicDownload.dll) in America Online 9.0 Security Edition allows remote attackers to execute arbitrary code via a long argument to the SetAlbumName method.
2006-09-11
2006-10-11
7.0CVE-2006-4840
IDEFENSE
Baumedia -- NewswriterPHP remote file inclusion vulnerability in include/main.inc.php in Sebastian Baumann and Philipp Wolfer Newswriter SW 1.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NWCONF_SYSTEM[server_path] parameter, a different vector than CVE-2006-5102.
unknown
2006-10-10
7.0CVE-2006-5180
BUGTRAQ
OTHER-REF
Blue Smiley Organizer -- Blue Smiley OrganizerSQL injection vulnerability in Blue Smiley Organizer before 4.46 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2006-10-11
7.0CVE-2006-5237
OTHER-REF
BID
FRSIRT
SECUNIA
Bulletin Board Ace -- Bulletin Board AcePHP remote file inclusion vulnerability in includes/functions.php in Bulletin Board Ace (BBaCE) 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2006-10-10
7.0CVE-2006-5187
Milw0rm
BID
FRSIRT
SECUNIA
XF
Cahier de textes -- Cahier de textesMultiple SQL injection vulnerabilities in Cahier de textes 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) matiere_ID parameter in lire.php or the (2) classe_ID parameter in lire_a_faire.php.
unknown
2006-10-10
7.0CVE-2006-5221
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Computer Associates -- BrightStor ARCServe BackupStack-based buffer overflow in CA BrightStor ARCserver Backup R11.5 client and server allows remote attackers to execute arbitrary code via long messages to the CheyenneDS Mailslot.
unknown
2006-10-10
7.0CVE-2006-5142
OTHER-REF
OTHER-REF
Computer Associates -- BrightStor ARCServe Backup
Computer Associates -- BrightStor Enterprise Backup
Computer Associates -- Business Protection Suite		Stack-based buffer overflow in the Backup Agent RPC Server (DBASVR.exe) as used in CA BrightStor ARCserve Backup R11.5, Enterprise Backup 10.5, ARCserve Backup v9.01, and Protection Suite r2 allows remote attackers to execute arbitrary code via the RPC routines with opcode (1) 0x01, (2) 0x02, and (3) 0x18.
unknown
2006-10-10
7.0CVE-2006-5143
OTHER-REF
OTHER-REF
OTHER-REF
Dan Jensen -- Travelsized CMSPHP remote file inclusion vulnerability in frontpage.php in Dan Jensen Travelsized CMS 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter.
unknown
2006-10-10
7.0CVE-2006-5182
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Dayfox Designs -- Dayfox BlogMultiple PHP remote file inclusion vulnerabilities in Dayfox Designs Dayfox Blog 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the slogin parameter in the (1) adminlog.php, (2) postblog.php, (3) index.php, or (4) index2.php script in /edit.
unknown
2006-10-10
7.0CVE-2006-5183
BUGTRAQ
XF
Deep CMS -- Deep CMSPHP remote file inclusion vulnerability in index.php in Deep CMS 2.0a allows remote attackers to execute arbitrary PHP code via a URL in the ConfigDir parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-10-12
7.0CVE-2006-5251
BID
DeltaScripts -- PHP ClassifiedsMultiple SQL injection vulnerabilities in PHP Classifieds 7.1 allow remote attackers to execute arbitrary SQL commands via (1) the catid_search parameter in search.php and (2) the catid parameter in index.php.
unknown
2006-10-10
7.0CVE-2006-5208
OTHER-REF
Milw0rm
BID
FRSIRT
XF
Dimension of phpBB -- Dimension of phpBBMultiple PHP remote file inclusion vulnerabilities in Dimension of phpBB 0.2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/themen_portal_mitte.php or (2) includes/logger_engine.php.
unknown
2006-10-10
7.0CVE-2006-5222
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Dimension of phpBB -- Dimension of phpBBPHP remote file inclusion vulnerability in includes/functions_kb.php in Dimension of phpBB 0.2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-10-10
7.0CVE-2006-5235
FRSIRT
Dimitri Seitz -- Security Suite IP LoggerPHP remote file inclusion vulnerability in includes/logger_engine.php in Dimitri Seitz Security Suite IP Logger 1.0.0 in dwingmods for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2006-10-10
7.0CVE-2006-5224
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Eazy Cart -- Eazy CartEazy Cart allows remote attackers to bypass authentication and gain administrative access via a direct request for admin/home/index.php, and possibly other PHP scripts under admin/.
unknown
2006-10-11
10.0CVE-2006-5245
BUGTRAQ
OTHER-REF
OTHER-REF
SECUNIA
Eazy Cart -- Eazy CartMultiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow remote attackers to inject arbitrary web script or HTML via easycart.php, possibly related to the (1) des and (2) qty parameters in an add action, and via other unspecified vectors. NOTE: some details are obtained from third party information.
unknown
2006-10-11
7.0CVE-2006-5247
BUGTRAQ
OTHER-REF
OTHER-REF
SECUNIA
Emek Portal -- Emek PortalSQL injection vulnerability in giris_yap.asp in Emek Portal 2.1 allows remote attackers to execute arbitrary SQL commands by simultaneously injecting into the user name and pass fields in uyegiris.asp, also known as the Kullanici Adi (k_a) and Sifre (sifre) parameters.
unknown
2006-10-10
7.0CVE-2006-5217
BUGTRAQ
BID
FreeForum -- FreeForumPHP remote file inclusion vulnerability in forum.php in FreeForum 0.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.
unknown
2006-10-10
7.0CVE-2006-5230
BUGTRAQ
OTHER-REF
BID
Freenews -- FreenewsPHP remote file inclusion vulnerability in moteur/moteur.php in Prologin.fr Freenews 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
unknown
2006-10-10
7.0CVE-2006-5226
BUGTRAQ
OTHER-REF
BID
HAMweather -- HAMweatherEval injection vulnerability in Template.php in HAMweather 3.9.8.4 and earlier allows remote attackers to execute arbitrary code via a modified query string, which is supplied to an eval function call within the do_parse_code function.
unknown
2006-10-10
7.0CVE-2006-5185
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Invision Power Services -- Invision GallerySQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used.
unknown
2006-10-10
7.0CVE-2006-5206
Milw0rm
BID
XF
iSearch -- iSearch** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in iSearch 2.16 allow remote attackers to execute arbitrary PHP code via a URL in the isearch_path parameter in (1) index.php, (2) viewcache.php, (3) sitemap.php, (4) isearch.inc.php, (5) google_sitemap.php, (6) stats.php, or (7) auto_spider_img.php. NOTE: this issue has been disputed by a third party who shows that $isearch_path is set to a constant value. CVE analysis as of 20061010 is inconclusive, although the original researcher is known to make mistakes.
unknown
2006-10-10
7.0CVE-2006-5232
BUGTRAQ
BUGTRAQ
BID
Joshua Muheim -- phpMyWebminMultiple PHP remote file inclusion vulnerabilities in Joshua Muheim phpMyWebmin 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the target parameter in (1) change_preferences2.php, (2) create_file.php, (3) upload_local.php, and (4) upload_multi.php, different vectors than CVE-2006-5124.
unknown
2006-10-10
7.0CVE-2006-5181
BUGTRAQ
OTHER-REF
SECUNIA
XF
Klinza -- Klinza Professional CMSPHP remote file inclusion vulnerability in funzioni/lib/show_hlp.php in klinza professional cms 5.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appl[APPL] parameter.
unknown
2006-10-10
7.0CVE-2006-5189
Milw0rm
BID
XF
MailEnable -- MailEnable Enterprise
MailEnable -- MailEnable Professional		Buffer overflow in NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to execute arbitrary code via "the signature field of NTLM Type 1 messages".
unknown
2006-10-10
7.0CVE-2006-5176
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
MailEnable -- MailEnable Enterprise
MailEnable -- MailEnable Professional		The NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to (1) execute arbitrary code via unspecified vectors involving crafted base64 encoded NTLM Type 3 messages, or (2) cause a denial of service via crafted base64 encoded NTLM Type 1 messages, which trigger a buffer over-read.
2006-09-25
2006-10-10
7.0CVE-2006-5177
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
XF
Microsoft -- .NET FrameworkCross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
unknown
2006-10-10
7.0CVE-2006-3436
MS
Microsoft -- XML Core Services
Microsoft -- XML Parser		Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
unknown
2006-10-10
7.0CVE-2006-4686
MS
Microsoft -- Windows 2000
Microsoft -- Windows Server 2003
Microsoft -- Windows XP		Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
unknown
2006-10-10
7.0CVE-2006-4696
MS
Minichat -- MinichatPHP remote file inclusion vulnerability in ftag.php in Minichat 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the mostrar parameter.
unknown
2006-10-13
7.0CVE-2006-5283
Milw0rm
FRSIRT
SECUNIA
navyism -- n@boardPHP remote file inclusion vulnerability in naboard_pnr.php in n@board 3.1.9e and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skin parameter.
unknown
2006-10-13
7.0CVE-2006-5281
Milw0rm
FRSIRT
SECUNIA
XF
Nivisec -- User Viewed Posts TrackerPHP remote file inclusion vulnerability in includes/functions_user_viewed_posts.php in the Nivisec User Viewed Posts Tracker module 1.0 and earlier for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2006-10-10
7.0CVE-2006-5223
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Objective Development -- WebYepMultiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ directory including (a) WYApplication.php, (b) WYDocument.php, (c) WYEditor.php, (d) WYElement.php, (e) WYFile.php, (f) WYHTMLTag.php, (g) WYImage.php, (h) WYLanguage.php, (i) WYLink.php, (j) WYPath.php, (k) WYPopupWindowLink.php, (l) WYSelectMenu.php, and (m) WYTextArea.php; (2) files in the programm/elements/ directory including (n) WYGalleryElement.php, (o) WYGuestbookElement.php, (p) WYImageElement.php, (q) WYLogonButtonElement.php, (r) WYLongTextElement.php, (s) WYLoopElement.php, (t) WYMenuElement.php, and (u) WYShortTextElement.php; and (3) programm/webyeb.php.
unknown
2006-10-10
7.0CVE-2006-5220
BUGTRAQ
BID
OpenDock -- Easy DocMultiple PHP remote file inclusion vulnerabilities in OpenDock Easy Doc 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) down_stat.php, (2) file.php, (3) find_file.php, (4) lib_file.php, and (5) lib_form_file.php in sw/lib_up_file/; (6) find_comment.php, (7) comment.php, and (8) lib_comment.php in sw/lib_comment/; (9) sw/lib_find/find.php; and other unspecified PHP scripts.
2006-10-09
2006-10-11
7.0CVE-2006-5243
BUGTRAQ
ECHO
BID
FRSIRT
SECTRACK
SECUNIA
XF
PHP -- PHPInteger overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).
2006-09-30
2006-10-10
7.0CVE-2006-4812
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
REDHAT
BID
FRSIRT
SECTRACK
SECUNIA
XF
phpBB Group -- phpBBPHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2006-10-10
7.0CVE-2006-5209
Milw0rm
XF
phpGreetz -- phpGreetzPHP remote file inclusion vulnerability in includes/footer.php in phpGreetz 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHPGREETZ_INCLUDE_DIR parameter.
unknown
2006-10-10
7.0CVE-2006-5192
OTHER-REF
BID
FRSIRT
XF
phpWebSite -- phpWebSite** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpWebSite 0.10.2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPWS_SOURCE_DIR parameter in (1) init.php, (2) users.php, (3) Cookie.php, (4) forms.php, (5) Groups.php, (6) ModSetting.php, (7) Calendar.php, (8) DateTime.php, (9) core.php, (10) ImgLibrary.php, (11) Manager.php, and (12) Template.php, and (13) EZform.php. NOTE: CVE disputes this report, since "PHPWS_SOURCE_DIR" is defined as a constant, not accessed as a variable.
unknown
2006-10-10
7.0CVE-2006-5234
BUGTRAQ
MLIST
BID
PKR Internet -- TaskjitsuSQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the key parameter, when the limit query parameter is set to customerid.
unknown
2006-10-10
7.0CVE-2006-5184
OTHER-REF
BID
SECUNIA
Python Software Foundation -- PythonBuffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts.
unknown
2006-10-10
7.0CVE-2006-4980
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
UBUNTU
BID
SECUNIA
SECUNIA
Red Hat -- Red Hat Fedora Core
Red Hat -- Red Hat Enterprise Linux		pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.
unknown
2006-10-10
7.0CVE-2006-5170
OTHER-REF
Rob Hensley -- AckerTodoMultiple SQL injection vulnerabilities in the Google Gadget login.php (gadget/login.php) in Rob Hensley ackerTodo 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) up_login, (2) up_pass, or (3) up_num_tasks parameters.
unknown
2006-10-10
7.0CVE-2006-5228
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Sergey Lyubka -- Simple HTTPDStack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI.
unknown
2006-10-10
7.0CVE-2006-5216
OTHER-REF
FRSIRT
SECUNIA
XF
SH-News -- SH-NewsMultiple PHP remote file inclusion vulnerabilities in SH-News 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter to (1) report.php, (2) archive.php, (3) comments.php, (4) init.php, or (5) news.php.
unknown
2006-10-13
7.0CVE-2006-5282
Milw0rm
BID
FRSIRT
SECUNIA
TagIt! -- TagboardPHP remote file inclusion vulnerability in tagmin/delTagUser.php in TagIt! Tagboard 2.1.B Build 2 (tagit2b) allows remote attackers to execute arbitrary PHP code via a URL in the configpath parameter.
unknown
2006-10-11
7.0CVE-2006-5249
BUGTRAQ
MLIST
TorrentFlux -- TorrentFluxCross-site scripting (XSS) vulnerability in admin.php in TorrentFlux 2.1 allows remote attackers to inject arbitrary web script or HTML via 91) the $user_agent variable, probably obtained from the User-Agent HTTP header, and possibly (2) the $ip_resolved variable.
unknown
2006-10-10
7.0CVE-2006-5227
BUGTRAQ
OTHER-REF
BID
SECTRACK
SECUNIA
XF
Wheatblog -- WheatblogMultiple cross-site scripting (XSS) vulnerabilities in Wheatblog 1.0 and 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-10-10
7.0CVE-2006-5195
BID
WikyBlog -- WikyBlogPHP remote file inclusion vulnerability in index.php in Josh Schmidt WikyBlog 1.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includeDir parameter.
unknown
2006-10-10
7.0CVE-2006-5193
BUGTRAQ
BUGTRAQ
BID
XF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Blue Smiley Organizer -- Blue Smiley OrganizerUnspecified vulnerability in the file upload module in Blue Smiley Organizer before 4.45 has unknown impact and attack vectors.
unknown
2006-10-11
4.9CVE-2006-5238
OTHER-REF
FRSIRT
BlueShoes -- BlueShoes FrameworkPHP remote file inclusion vulnerability in lib/googlesearch/GoogleSearch.php in BlueShoes 4.6_public and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APP[path][lib] parameter, a different vector than CVE-2006-2864.
unknown
2006-10-11
5.6CVE-2006-5250
BUGTRAQ
BLUESHOES
Docmint -- Docmint CMSPHP remote file inclusion vulnerability in engine/require.php in Docmint 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the MY_ENV[BASE_ENGINE_LOC] parameter.
unknown
2006-10-11
5.6CVE-2006-5240
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Invision Power Services -- Invision Power BoardInvision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel.
unknown
2006-10-10
5.6CVE-2006-5203
BUGTRAQ
XF
Leicestershire Community Portals -- Leicestershire Community PortalsPHP remote file inclusion vulnerability in includes/import-archive.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-10-13
5.6CVE-2006-5280
BID
FRSIRT
SECUNIA
Microsoft -- OfficeUnspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875.
unknown
2006-10-10
5.6CVE-2006-2387
MS
Microsoft -- OfficeUnspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.
unknown
2006-10-10
5.6CVE-2006-3434
MS
Microsoft -- OfficeUnspecified vulnerability in PowerPoint in Microsoft Office 2003 allows user-complicit attackers to execute arbitrary code via a crafted object pointer in a PPT file. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
unknown
2006-10-10
5.6CVE-2006-3435
MS
Microsoft -- OfficeUnspecified vulnerability in Microsoft Word 2000, 2002, Office 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different vulnerability than CVE-2006-3651 and CVE-2006-4693.
unknown
2006-10-10
5.6CVE-2006-3647
MS
Microsoft -- OfficeUnspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a malformed chart record, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.
unknown
2006-10-10
5.6CVE-2006-3650
MS
Microsoft -- Office
Microsoft -- Word		Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.
unknown
2006-10-10
5.6CVE-2006-3651
MS
Microsoft -- Visio
Microsoft -- Office
Microsoft -- Project
Microsoft -- Office XP		Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a malformed record that triggers memory corruption, a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
unknown
2006-10-10
5.6CVE-2006-3864
MS
Microsoft -- Excel
Microsoft -- Excel Viewer		Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875.
unknown
2006-10-10
5.6CVE-2006-3867
MS
Microsoft -- OfficeUnspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.
unknown
2006-10-10
5.6CVE-2006-3868
MS
Microsoft -- Excel
Microsoft -- Excel Viewer		Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867.
unknown
2006-10-10
5.6CVE-2006-3875
MS
Microsoft -- OfficeUnspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-complicit attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
unknown
2006-10-10
5.6CVE-2006-3876
MS
Microsoft -- PowerPointUnspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-complicit attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
unknown
2006-10-10
5.6CVE-2006-3877
MS
Microsoft -- XML Core Services
Microsoft -- XML Parser		The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
unknown
2006-10-10
5.6CVE-2006-4685
MS
Microsoft -- Windows Server 2003
Microsoft -- Windows XP		The Windows Object Packager in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier does not properly handle file extensions, which allows remote user-assisted attackers to execute arbitrary code via a crafted file (aka "Object Packager Dialogue Spoofing Vulnerability").
unknown
2006-10-10
5.6CVE-2006-4692
MS
Microsoft -- Word
Microsoft -- Office v.X		Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.
unknown
2006-10-10
5.6CVE-2006-4693
MS
Moodle -- MoodleSQL injection vulnerability in blog/index.php in the blog module in Moodle 1.6.2 allows remote attackers to execute arbitrary SQL commands via a double-encoded tag parameter.
unknown
2006-10-10
5.6CVE-2006-5219
BUGTRAQ
BUGTRAQ
FULLDISC
OTHER-REF
BID
SECUNIA
XF
net2ftp -- net2ftpCross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information.
unknown
2006-10-10
5.6CVE-2006-5194
BUGTRAQ
BID
FRSIRT
SECUNIA
NetBSD -- NetBSD
OpenBSD -- OpenBSD		Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to cause a denial of service (crash), gain privileges, or read arbitrary kernel memory via large numeric arguments to the systrace ioctl.
unknown
2006-10-10
4.9CVE-2006-5218
OTHER-REF
OPENBSD
BID
SECTRACK
SECUNIA
Novell -- MonoThe System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack.
unknown
2006-10-10
5.6CVE-2006-5072
UBUNTU
BID
FRSIRT
SECUNIA
SECUNIA
XF
OpenDock -- Easy GalleryMultiple PHP remote file inclusion vulnerabilities in OpenDock Easy Gallery 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) file.php; (2) find_user.php, (3) lib_user.php, (4) lib_form_user.php, and (5) user.php in sw/lib_user/; (6) find_session.php and (7) session.php in sw/lib_session/; (8) comment.php and (9) lib_comment.php in sw/lib_comment/; and other unspecified PHP scripts.
2006-10-09
2006-10-11
5.6CVE-2006-5241
BUGTRAQ
ECHO
Milw0rm
BID
FRSIRT
SECUNIA
OpenDock -- Easy BlogMultilple PHP remote file inclusion vulnerabilities in OpenDock Easy Blog 1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) down_stat.php, (2) file.php, (3) find_file.php, (4) lib_read_file.php, and (5) lib_form_file.php in sw/lib_up_file; (6) find_comment.php, (7) comment.php, and (8) lib_comment.php in sw/lib_comment/; (9) sw/lib_find/find.php; and other unspecified vectors.
2006-10-09
2006-10-11
5.6CVE-2006-5244
BUGTRAQ
ECHO
Milw0rm
BID
FRSIRT
SECUNIA
XF
PHP News Reader -- PHP News ReaderPHP remote file inclusion vulnerability in auth/phpbb.inc.php in Shen Cheng-Da PHP News Reader (aka pnews) 2.6.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CFG[auth_phpbb_path] parameter.
unknown
2006-10-13
5.6CVE-2006-5284
Milw0rm
BID
FRSIRT
SECUNIA
phpBB -- phpBBPHP remote file inclusion vulnerability in includes/functions_static_topics.php in the Nivisec Static Topics module for phpBB 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2006-10-10
5.6CVE-2006-5191
Milw0rm
BID
FRSIRT
SECUNIA
XF
phpMyProfiler -- phpMyProfilerPHP remote file inclusion vulnerability in functions.php in phpMyProfiler 0.9.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pmp_rel_path parameter.
unknown
2006-10-10
5.6CVE-2006-5186
BUGTRAQ
Milw0rm
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
phpMyTeam -- phpMyTeamPHP remote file inclusion vulnerability in images/smileys/smileys_packs.php in phpMyTeam 2.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the smileys_dir parameter.
unknown
2006-10-10
5.6CVE-2006-5207
Milw0rm
FRSIRT
SECUNIA
XF
PowerPortal -- PowerPortalCross-site scripting (XSS) vulnerability in John Himmelman (aka DaRk2k1) PowerPortal 1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to registering a user. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-10-10
5.6CVE-2006-5169
BID
Simon Brown -- PebbleCross-site scripting (XSS) vulnerability in the search functionality in Simon Brown Pebble 2.0.0 RC1 and RC2 allows remote attackers to inject arbitrary web script or HTML via the query string.
unknown
2006-10-10
5.6CVE-2006-5168
BUGTRAQ
OTHER-REF
BID
XF
Sun -- StarOffice
Sun -- NSS
Sun -- JDK
Sun -- SDK
Sun -- Secure Global Desktop
Sun -- Solaris
Sun -- JRE
Sun -- JSSE		Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1.
2006-09-05
2006-10-10
5.6CVE-2006-5201
SUNALERT
CERT-VN
FRSIRT
FRSIRT
SECUNIA
SECUNIA
Symantec -- NAVEX15 Driver
Symantec -- NAVENG Driver		The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB.
unknown
2006-10-10
4.9CVE-2006-4927
IDEFENSE
BUGTRAQ
SYMANTEC
BID
FRSIRT
SECTRACK
SECTRACK
SECTRACK
SECTRACK
SECTRACK
SECTRACK
SECTRACK
SECTRACK
SECTRACK
SECUNIA
XF
Trend Micro -- OfficeScan Corporate EditionTrend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to remove OfficeScan clients via a certain HTTP request that invokes the OfficeScan CGI program.
unknown
2006-10-10
4.7CVE-2006-5211
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
webGENEius -- GOOP GalleryDirectory traversal vulnerability in download.php in webGENEius GOOP Gallery 2.0.2 allows remote attackers to read or list data from certain files or directories via unspecified vectors.
unknown
2006-10-10
4.7CVE-2006-5188
BUGTRAQ
OTHER-REF
BID
Webmedia Explorer -- Webmedia ExplorerPHP remote file inclusion vulnerability in includes/core.lib.php in Webmedia Explorer 2.8.7 allows remote attackers to execute arbitrary PHP code via a URL in the path_include parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-10-12
5.6CVE-2006-5252
BID
SECUNIA

Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adobe -- Breeze Licensed ServerUnspecified vulnerability in Adobe Breeze 5 Licensed Server and Breeze 5.1 Licensed Server allows attackers to read arbitrary files via unknown vectors related to "URL parsing."
unknown
2006-10-10
1.6CVE-2006-5200
ADOBE
Buffalo Technology -- TeraStation HD-HTGL firmwareCross-site request forgery (CSRF) vulnerability in the administrative interface for the TeraStation HD-HTGL firmware 2.05 beta 1 and earlier allows remote attackers to modify configurations or delete arbitrary data via unspecified vectors.
unknown
2006-10-10
3.7CVE-2006-5175
OTHER-REF
FRSIRT
SECUNIA
XF
Eazy Cart -- Eazy CartEazy Cart allows remote attackers to change prices and other critical fields via unspecified vectors to easycart.php, probably including the price parameter. NOTE: some details are obtained from third party information.
unknown
2006-10-11
2.3CVE-2006-5246
BUGTRAQ
OTHER-REF
OTHER-REF
SECUNIA
Eazy Cart -- Eazy CartEazy Cart stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a customer database via a direct request for admin/config/customer.dat. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-10-11
3.3CVE-2006-5248
SECUNIA
Etomite -- Etomite Content Management SystemSQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2006-10-11
2.3CVE-2006-5242
OTHER-REF
FRSIRT
SECUNIA
eXpBlog -- eXpBlogMultiple cross-site scripting (XSS) vulnerabilities in eXpBlog 0.3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the query string (PHP_SELF) or (2) the captcha_session_code parameter in pre_details.php.
2006-10-03
2006-10-11
2.3CVE-2006-5239
FULLDISC
OTHER-REF
BID
SECUNIA
FreeBSD -- FreeBSDInteger signedness error in FreeBSD 6.0-RELEASE allows local users to cause a denial of service (memory corruption and kernel panic) via a PT_LWPINFO ptrace command with a large negative data value that satisfies a signed maximum value check but is used in an unsigned copyout function call.
2006-08-18
2006-10-11
2.3CVE-2006-4516
IDEFENSE
Grandstream -- GXP-2000Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, allows remote attackers to cause a denial of service (hang or reboot) via a large amount of ASCII data sent to port (1) 5060/UDP, (2) 5062/UDP, (3) 5064/UDP, (4) 5066/UDP, (5) 9876/UDP, or (6) 26789/UDP.
unknown
2006-10-10
3.3CVE-2006-5231
FULLDISC
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Intoto -- iGateway SSL-VPN
Intoto -- iGateway VPN		Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification, a related issue to CVE-2006-2940.
unknown
2006-10-10
2.7CVE-2006-5179
OTHER-REF
FRSIRT
SECUNIA
Invision Power Services -- Invision Power BoardCross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin.
unknown
2006-10-10
1.1CVE-2006-5204
BUGTRAQ
OTHER-REF
FRSIRT
XF
Invision Power Services -- Invision GalleryDirectory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used.
unknown
2006-10-10
2.3CVE-2006-5205
Milw0rm
BID
XF
Linksys -- WRT54GLinksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559.
2006-06-24
2006-10-10
2.3CVE-2006-5202
FULLDISC
CERT-VN
BID
SECTRACK
SECUNIA
Linux -- Linux kernelThe perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and 2.6 before 2.6.18, when running on Itanium systems, does not properly track the reference count for file descriptors, which allows local users to cause a denial of service (file descriptor consumption).
unknown
2006-10-10
2.3CVE-2006-3741
REDHAT
REDHAT
OTHER-REF
FRSIRT
Linux -- Linux kernelThe clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference).
unknown
2006-10-10
3.3CVE-2006-4997
REDHAT
OTHER-REF
OTHER-REF
FRSIRT
Linux -- Linux kernelThe copy_from_user function in the uaccess code in Linux kernel 2.6 before 2.6.19-rc1, when running on s390, does not properly clear a kernel buffer, which allows local user space programs to read portions of kernel memory by "appending to a file from a bad address," which triggers a fault that prevents the unused memory from being cleared in the kernel buffer.
unknown
2006-10-10
1.6CVE-2006-5174
OTHER-REF
Motorola -- SURFboardThe HTTP interface in the Motorola SURFboard SB4200 Cable Modem allows remote attackers to cause a denial of service (device crash) via a request with MfcISAPICommand set to SecretProc and a long string in the Secret parameter.
unknown
2006-10-10
3.3CVE-2006-5196
OTHER-REF
BID
MysqlDumper -- MysqlDumperCross-site scripting (XSS) vulnerability in sql.php in MysqlDumper 1.21 b6 allows remote attackers to inject arbitrary web script or HTML via the db parameter.
unknown
2006-10-12
2.3CVE-2006-5264
BUGTRAQ
Netscape -- NSPR API
Sun -- Solaris		The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from seutid programs, which allows local users to create or overwrite arbitrary files.
2006-08-31
2006-10-11
3.3CVE-2006-4842
IDEFENSE
SUNALERT
OpenBSD -- OpenSSH PortableOpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061010, it is not clear whether this issue is dependent on configuration or environment.
unknown
2006-10-10
1.9CVE-2006-5229
BUGTRAQ
BUGTRAQ
BUGTRAQ
osCommerce -- osCommerceMultiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, or (q) zones.php scripts in /admin, and the (2) zpage parameter in (r) admin/geo_zones.php.
2006-09-27
2006-10-10
2.3CVE-2006-5190
BLOGSPOT
BID
FRSIRT
SECTRACK
SECUNIA
XF
PDshopPro -- PDshopProPDshopPro stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) /pdshoppro.mdb, (2) /data/pdshoppro.mdb, or (3) /shoppro/data/pdshoppro.mdb.
unknown
2006-10-10
2.3CVE-2006-5197
SECTRACK
PHP -- PHPRace condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink.
unknown
2006-10-10
2.6CVE-2006-5178
BUGTRAQ
FULLDISC
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Polycom -- SoundPoint IP 301Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0040, allows remote attackers to cause a denial of service (reboot) via (1) a long URL sent to the HTTP daemon and (2) unspecified manipulations as demonstrated by the Nessus http_fingerprinting_hmap.nasl script.
unknown
2006-10-10
3.3CVE-2006-5233
FULLDISC
BID
SECUNIA
XF
Sun -- SolarisSun Solaris 10 before 20061006 uses "incorrect and insufficient permission checks" that allow local users to intercept or spoof packets by creating a raw socket on a link aggregation (network device aggregation).
unknown
2006-10-10
1.6CVE-2006-5213
SUNALERT
BID
Sun -- Solaris
NetBSD -- NetBSD		Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.
unknown
2006-10-10
1.6CVE-2006-5214
OTHER-REF
OTHER-REF
SUNALERT
Trend Micro -- OfficeScanTrend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program.
unknown
2006-10-10
2.3CVE-2006-5212
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
X.org -- xdm
Sun -- Solaris
NetBSD -- NetBSD		The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.
unknown
2006-10-10
2.6CVE-2006-5215
OTHER-REF
OTHER-REF
SUNALERT

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.