Vulnerability Summary for the Week of October 30, 2006

Released
Nov 06, 2006
Document ID
SB06-310

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Acme Labs -- thttpdthttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file.
unknown
2006-10-31
7.0CVE-2006-4248
OTHER-REF
AEP Networks -- Smartgate SSL ServerDirectory traversal vulnerability in the SSL server in AEP Smartgate 4.3b allows remote attackers to download arbitrary files via ..\ (dot dot backslash) sequences in an HTTP GET request.
unknown
2006-10-27
7.0CVE-2006-5596
OTHER-REF
OTHER-REF
BID
SECUNIA
ArticleBeach -- ArticleBeach ScriptPHP remote file inclusion vulnerability in index.php in ArticleBeach Script 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
unknown
2006-10-27
7.0CVE-2006-5590
OTHER-REF
BID
FRSIRT
SECUNIA
ask_rave -- ask_ravePHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR and earlier allows remote attackers to execute arbitrary PHP code via a URL in the footfile parameter.
unknown
2006-10-31
7.0CVE-2006-5621
Milw0rm
BID
FRSIRT
XF
BytesFall Explorer -- BytesFall ExplorerMultiple SQL injection vulnerabilities in BytesFall Explorer (bfExplorer) 0.0.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the username ($User variable) to login/doLogin.php and other unspecified vectors.
unknown
2006-10-31
7.0CVE-2006-5606
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
CMS Faethon -- CMS FaethonMultiple PHP remote file inclusion vulnerabilities in CMS Faethon 2.0 Ultimate and earlier, when register_globals and magic_quotes_gpc are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter to (1) includes/rss-reader.php or (2) admin/config.php, different vectors than CVE-2006-3185.
unknown
2006-10-27
7.0CVE-2006-5588
OTHER-REF
OTHER-REF
OTHER-REF
BID
XF
Coppermine -- Photo GallerySQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter.
unknown
2006-10-31
7.0CVE-2006-5622
Milw0rm
OTHER-REF
BID
FRSIRT
SECUNIA
Drupal -- Extended TrackerSQL injection vulnerability in Extended Tracker (xtracker) 4.7 before 1.5.2.1 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "parameters from URLs."
unknown
2006-10-30
7.0CVE-2006-5608
OTHER-REF
BID
FRSIRT
SECUNIA
XF
EE Tool -- EE ToolPHP remote file inclusion vulnerability in ip.inc.php in Electronic Engineering Tool (EE Tool) 0.4-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cgipath parameter.
unknown
2006-10-31
7.0CVE-2006-5623
Milw0rm
BID
FRSIRT
FAQ Administrator -- FAQ AdministratorPHP remote file inclusion vulnerability in faq_reply.php in Faq Administrator 2.1b allows remote attackers to execute arbitrary PHP code via a URL in the email parameter.
unknown
2006-10-31
7.0CVE-2006-5637
MLIST
Milw0rm
BID
FRSIRT
SECUNIA
XF
Foresite CMS -- Foresite CMSCross-site scripting (XSS) vulnerability in search_de.html in foresite CMS allows remote attackers to inject arbitrary web script or HTML via the query parameter.
2006-08-18
2006-10-31
7.0CVE-2006-5643
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Fully Modded phpBB -- Fully Modded phpBBPHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2006-10-30
7.0CVE-2006-5610
SECUNIA
Hosting Controller -- Hosting ControllerMultiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp.
2006-07-01
2006-10-31
7.0CVE-2006-5629
OTHER-REF
BID
SECTRACK
Hosting Controller -- Hosting ControllerHosting Controller 6.1 before Hotfix 3.3 allows remote attackers to (1) delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and (2) create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum action in EnableForum.asp.
2006-07-01
2006-10-31
7.0CVE-2006-5630
BUGTRAQ
OTHER-REF
SECTRACK
iG Shop -- iG ShopCross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via arbitrary query strings when the action parameter is not "1", as demonstrated using script in the action parameter, a different vulnerability than CVE-2006-5632.
unknown
2006-10-31
7.0CVE-2006-5631
MLIST
SECTRACK
iG Shop -- iG ShopCross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-5631. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-10-31
7.0CVE-2006-5632
MLIST
BID
SECTRACK
Kynoslogic -- CruiseWorksStack-based buffer overflow in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to execute arbitrary code via a long string in the doc parameter.
unknown
2006-10-27
7.0CVE-2006-5571
BUGTRAQ
FULLDISC
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
LedgerSMB -- LedgerSMBMultiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) OE.pm, (2) AM.pm, and (3) Form.pm.
unknown
2006-10-27
7.0CVE-2006-5589
OTHER-REF
FRSIRT
SECUNIA
BID
MDweb -- MDwebMultiple PHP remote file inclusion vulnerabilities in MDweb 1.3 and earlier (Mdweb132-postgres) allow remote attackers to execute arbitrary PHP code via a URL in the chemin_appli parameter in (1) admin/inc/organisations/form_org.inc.php and (2) admin/inc/organisations/country_insert.php.
unknown
2006-10-27
7.0CVE-2006-5587
Milw0rm
BID
SECUNIA
XF
FRSIRT
Michel Pradel -- GestArtPHP remote file inclusion vulnerability in aide.php3 in GestArt beta 1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the aide parameter.
unknown
2006-10-30
7.0CVE-2006-5612
BUGTRAQ
BID
MiniBill -- MiniBillPHP remote file inclusion vulnerability in include/menu_builder.php in MiniBILL 2006-10-10 (1.2.3) and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[page_dir] parameter, a different vector than CVE-2006-4489.
unknown
2006-10-31
7.0CVE-2006-5620
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
MiniHTTP -- Web Forum & File Sharing Server PowerPackjoin.asp in MiniHTTP Web Forum & File Server PowerPack 4.0 allows remote attackers to add or modify arbitrary user accounts via modified (1) frmMailBox and (2) frmUserPass parameters.
unknown
2006-10-27
7.0CVE-2006-5597
OTHER-REF
BID
FRSIRT
SECUNIA
MP3 Streaming DownSampler -- MP3 Streaming DownsamplerPHP remote file inclusion in Core/core.inc.php in MP3 Streaming DownSampler (mp3SDS) 3.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the fullpath paramter.
unknown
2006-10-30
7.0CVE-2006-5613
OTHER-REF
BID
FRSIRT
SECUNIA
XF
MPCS -- MPCSMultiple PHP remote file inclusion vulnerabilities in Multi-Page Comment System (MPCS) 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) include.php or (2) functions.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-10-31
7.0CVE-2006-5624
OTHER-REF
BID
FRSIRT
SECUNIA
XF
OpenWBEM -- OpenWBEMUnspecified vulnerability in the random number generator in OpenWBEM (Web Based Enterprise Management) 3.2.0 allows attackers to gain privileges via vectors related to "local or HTTP Digest authentication."
unknown
2006-10-31
7.0CVE-2006-5639
OTHER-REF
BID
FRSIRT
Paco's Drivers -- PacPollAdmin/adpoll.asp in PacPoll 4.0 and earlier allows remote attackers to bypass authentication by settng the polllog cookie value to "xx".
unknown
2006-10-27
7.0CVE-2006-5592
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
phpCards -- phpCardsDirectory traversal vulnerability in phpcards.header.php in phpCards 1.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the CardLanguageFile parameter.
unknown
2006-10-30
7.0CVE-2006-5604
SECTRACK
XF
phpCards -- phpCardsMultiple cross-site scripting (XSS) vulnerabilities in phpcards.footer.php in phpCards 1.3 allow remote attackers to inject arbitrary web script or HTML via the CardFontFace parameter and other unspecified parameters.
unknown
2006-10-30
7.0CVE-2006-5605
SECTRACK
XF
PHPMyRing -- PHPMyRingMultiple SQL injection vulnerabilities in cherche.php in PHPMyRing 4.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) limite and (2) mots parameters.
unknown
2006-10-31
7.0CVE-2006-5638
Milw0rm
BID
FRSIRT
SECUNIA
XF
QnECMS -- QnECMSMultiple PHP remote file inclusion vulnerabilities in QnECMS 2.5.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the adminfolderpath parameter to (1) headerscripts.php, (2) footerhome.php, and (3) footermain.php in admin/include/; (4) photogallery/headerscripts.php; and (5) footerhome.php, (6) footermain.php, (7) headermain.php, (8) sitemapfooter.php, and (9) sitemapheader.php in templates/.
unknown
2006-10-31
7.0CVE-2006-5627
Milw0rm
FRSIRT
SECUNIA
Snitz Communications -- Snitz Forums 2000SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-10-30
7.0CVE-2006-5603
BID
Sophos -- Endpoint Security
Sophos -- Anti-Virus
Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 has unspecified impact and remote attack vectors related to a CHM file with "specific values for certain settings."
unknown
2006-11-01
7.0CVE-2006-5646
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
SuSE -- SuSE Linux Professional
SuSE -- SuSE Linux Personal
OpenPBS -- OpenPBS
Multiple unspecified vulnerabilities in OpenPBS, as use in SUSE Linux 9.2 through 10.1, allow attackers to execute arbitrary code via unspecified vectors.
unknown
2006-10-30
10.0CVE-2006-5616
SUSE
BID
FRSIRT
SECUNIA
Techno Dreams -- Techno Dreams Guest BookSQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
unknown
2006-10-31
7.0CVE-2006-5640
Milw0rm
BID
FRSIRT
SECUNIA
XF
Techno Dreams -- Announcement ScriptSQL injection vulnerability in MainAnnounce2.asp in Techno Dreams Announcement allows remote attackers to execute arbitrary SQL commands via the key parameter.
unknown
2006-10-31
7.0CVE-2006-5641
Milw0rm
BID
FRSIRT
SECUNIA
XF
TextPattern -- TextPatternPHP remote file inclusion vulnerability in publish.php in Textpattern 1.19, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the txpcfg[txpath] parameter.
unknown
2006-10-30
7.0CVE-2006-5615
BUGTRAQ
BID
Thepeak -- Thepeak File Upload ManagerDirectory traversal vulnerability in index.php in Thepeak File Upload Manager 1.3 allows remote attackers to read or download arbitrary files via a base64-encoded file path containing a .. (dot dot) sequence in the file parameter.
unknown
2006-10-30
7.0CVE-2006-5617
BUGTRAQ
BID
Unisor CMS -- Unisor CMSSQL injection vulnerability in login.asp in UNISOR Content Management System (CMS) allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass fields.
unknown
2006-10-31
7.0CVE-2006-5628
BUGTRAQ
BID
University of British Columbia -- iPeerPHP remote file inclusion vulnerability in University of British Columbia iPeer 2.0, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: it is possible that this issue is related to CakePHP.
unknown
2006-10-27
7.0CVE-2006-5594
BUGTRAQ
XF
Web Wiz Forums -- Web Wiz ForumsSQL injection vulnerability in forum/search.asp in Web Wiz Forums allows remote attackers to execute arbitrary SQL commands via the KW parameter.
unknown
2006-10-31
7.0CVE-2006-5635
BUGTRAQ
BID
XF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
DataWizard -- FtpXQFtpXQ Server 3.0.1 installs with two default testing accounts, which allows remote attackers to read or write arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-10-27
4.7CVE-2006-5569
BID
Linux Web Shop -- phpProfilesMultile PHP remote file inclusion vulnerabilities in phpProfiles 2.1 Beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) reqpath parameter to (a) body.inc.php and (b) body_blog.inc.php in users/include/; or the (2) usrinc parameter in users/include/upload_ht.inc.php.
unknown
2006-10-31
5.6CVE-2006-5634
Milw0rm
BID
FRSIRT
SECUNIA
XF
Microsoft -- Visual StudioUnspecified vulnerability in the WMI Object Broker ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to execute arbitrary code via unspecified vectors.
unknown
2006-11-01
5.6CVE-2006-4704
MSKB
BID
SECUNIA
N/X -- N/X WCMSPHP remote file inclusion vulnerability in wwwdev/nxheader.inc.php in N/X 2002 Professional Edition Web Content Management System (WCMS) 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the c[path] parameter.
unknown
2006-10-31
5.6CVE-2006-5625
Milw0rm
BID
FRSIRT
SECUNIA
Neo Japan -- Desknet'sBuffer overflow in Desknet's (niokeru) before 5.0J R1.0 might allow remote authenticated users to execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.
unknown
2006-10-27
4.2CVE-2006-5593
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
NmnLogger -- NmnLoggerUnspecified vulnerability in NmnLogger 1.0.0 and earlier has unknown impact and attack vectors related to configuration of mesasge drivers.
unknown
2006-10-31
4.9CVE-2006-5642
OTHER-REF
BID
FRSIRT
Nullsoft -- WinAmpMultiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags.
unknown
2006-10-27
5.6CVE-2006-5567
IDEFENSE
IDEFENSE
OTHER-REF
BID
FRSIRT
SECTRACK
SECTRACK
SECUNIA
CERT-VN
XF
XF
Sophos -- Endpoint Security
Sophos -- Anti-Virus
Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (memory consumption or corruption) via a malformed CHM file with certain manipulations of the CHM chunk header, aka "CHM name length memory consumption vulnerability." NOTE: due to an inconsistency in the vendor's advisory, it is uncertain whether the impact is memory consumption or corruption.
unknown
2006-11-01
4.7CVE-2006-5647
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
SWS -- Simple Website SoftwarePHP remote file inclusion vulnerability in common.php in Simple Website Software (SWS) 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SWSDIR parameter.
unknown
2006-10-31
5.6CVE-2006-5636
BUGTRAQ
Milw0rm
BID
FRSIRT
SECUNIA
XF
Toshiba -- Bluetooth StackUnspecified vulnerability in Toshiba Bluetooth Stack before 4.20.01 has unspecified impact and attack vectors, related to the 4.20.01(T) "Security fix." NOTE: due to the lack of details in the vendor advisory, it is not clear whether this issue is related to CVE-2006-5405.
unknown
2006-10-30
4.9CVE-2006-5611
OTHER-REF
wvWare -- wvWareMultiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function.
unknown
2006-10-27
5.6CVE-2006-4513
IDEFENSE
IDEFENSE
BID
FRSIRT
SECUNIA
SECTRACK
XF
xsupplicant -- xsupplicantStack-based buffer overflow in the eap_do_notify function in eap.c in xsupplicant before 1.2.6, and possibly other versions, allows remote authenticated users to execute arbitrary code via unspecified vectors.
unknown
2006-10-27
6.0CVE-2006-5601
MANDRIVA
BID
OTHER-REF
FRSIRT
SECUNIA
SECUNIA

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Axalto -- ProtivaAxalto Protiva 1.1, possibly only non-commercial versions, stores passwords in plaintext in files with insecure permissions, which allows local users to gain privileges by reading the passwords from (1) KeyTool\keytool.config or (2) webapps\protiva\WEB-INF\classes\authserver.config.
unknown
2006-10-27
1.6CVE-2006-5600
BUGTRAQ
BID
DataWizard -- FtpXQFtpXQ Server 3.0.1 allows remote attackers to cause a denial of service (CPU exhaustion) via a long MKD command.
unknown
2006-10-27
2.3CVE-2006-5568
BID
SECUNIA
FULLDISC
FRSIRT
XF
INCA -- IM-204 ADSL RouterDirectory traversal vulnerability in /cgi-bin/webcm in INCA IM-204 allows remote attackers to read arbitrary files via a "/./." (modified dot dot) sequences in the getpage parameter.
unknown
2006-10-30
2.3CVE-2006-5607
BUGTRAQ
BID
SECUNIA
XF
FRSIRT
Kynoslogic -- CruiseWorksDirectory traversal vulnerability in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to read arbitrary files via a .. (dot dot) in the doc parameter.
unknown
2006-10-27
2.3CVE-2006-5570
BUGTRAQ
FULLDISC
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Linux -- Linux kernelThe seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linux kernel 2.6 up to 2.6.18-stable allows local users to cause a denial of service (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for flowlabels.
unknown
2006-10-31
1.6CVE-2006-5619
OTHER-REF
MAXdev -- MD-ProCross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-10-27
2.3CVE-2006-5564
FRSIRT
SECUNIA
BID
MAXdev -- MD-ProCRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the (1) name, (2) file, (3) module, and (4) func parameters in (a) index.php; and the (5) file parameter in (b) modules.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-10-27
2.3CVE-2006-5565
FRSIRT
SECUNIA
BID
Microsoft -- Internet ExplorerThe ADODB.Connection 2.7 ActiveX control object (ADODB.Connection.2.7) allows remote attackers to cause a denial of service (Internet Explorer crash) via long arguments to the Execute function.
unknown
2006-10-27
2.3CVE-2006-5559
OTHER-REF
OTHER-REF
CERT-VN
BID
SECTRACK
XF
Microsoft -- Windows NAT Helper Components
Microsoft -- Windows XP
Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference.
unknown
2006-10-30
1.9CVE-2006-5614
OTHER-REF
SECUNIA
SECTRACK
Mozilla -- FirefoxFirefox 1.5.0.7 and 2.0 allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference.
2006-08-06
2006-10-31
2.3CVE-2006-5633
FULLDISC
BUGTRAQ
BUGTRAQ
BUGTRAQ
OTHER-REF
BUGZILLA
OTHER-REF
Netref -- NetrefDirectory traversal vulnerability in script/cat_for_aff.php in Netref 4 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the ad_direct parameter.
unknown
2006-10-30
2.3CVE-2006-5618
Milw0rm
BID
FRSIRT
SECUNIA
Novell -- iManagerNovell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service (crash) in the Tomcat server via a long TREE parameter in HTTP POSTS, which triggers a NULL deference.
unknown
2006-11-01
3.3CVE-2006-4517
IDEFENSE
OTHER-REF
BID
FRSIRT
SECUNIA
Oracle -- Application ExpressCross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package. NOTE: it is likely that this issue overlaps one of the Oracle VulnIDs covered by CVE-2006-5351. Oracle has not publicly disputed claims by a reliable researcher that this has been fixed by the October 2006 CPU.
2006-10-03
2006-10-27
2.3CVE-2006-5599
BUGTRAQ
OTHER-REF
OTHER-REF
CERT
Paco's Drivers -- PacPollMultiple SQL injection vulnerabilities in Admin/check.asp in PacPoll 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters.
2006-10-10
2006-10-27
2.3CVE-2006-5591
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
phpFaber -- phpFaber Content Management SystemCross-site scripting (XSS) vulnerability in cms_images/js/htmlarea/htmlarea.php in phpFaber Content Management System (CMS) before 1.3.36 on 20061026 allows remote attackers to inject arbitrary web script or HTML via the vigilon parameter. NOTE: earlier downloads of 1.3.36 have the vulnerability; the software was updated without changing the version number.
unknown
2006-10-31
2.3CVE-2006-5626
BUGTRAQ
OTHER-REF
SECUNIA
Sophos -- Sophos Anti-VirusSophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections.
unknown
2006-11-01
2.3CVE-2006-4839
IDEFENSE
OTHER-REF
SECUNIA
XF
Sophos -- Endpoint Security
Sophos -- Anti-Virus
Unspecified vulnerability in Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (infinite loop) via a malformed RAR file with "specific characteristics on certain settings."
unknown
2006-11-01
2.3CVE-2006-5645
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
TorrentFlux -- TorrentFluxDirectory traversal vulnerability in dir.php in TorrentFlux 2.1 allows remote attackers to list arbitrary directories via "\.\./" sequences in the dir parameter.
unknown
2006-10-30
2.3CVE-2006-5609
BUGTRAQ
BID
WebAsyst LLC -- Shop-ScriptCRLF injection vulnerability in premium/index.php in Shop-Script allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the (1) links_exchange, (2) news, (3) search_with_change_category_ability, (4) logging, (5) feedback, (6) show_price, (7) register, (8) answer, (9) productID, and (10) inside parameters.
unknown
2006-10-27
2.3CVE-2006-5566
BUGTRAQ
SECUNIA
FRSIRT
webGENEius -- GOOP GalleryCross-site scripting (XSS) vulnerability in index.php for GOOP Gallery 2.0, and possibly other versions before 2.0.3, allows remote attackers to inject arbitrary HTML or web script via the image parameter.
2006-10-09
2006-10-27
2.3CVE-2006-5598
OTHER-REF
OTHER-REF
SECTRACK
Wireshark -- WiresharkOff-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that tragger an assertion error related to unexpected length values.
unknown
2006-10-27
2.3CVE-2006-4574
OTHER-REF
BID
SECUNIA
Wireshark -- Wiresharkepan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded.
unknown
2006-10-27
2.3CVE-2006-4805
BID
OTHER-REF
SECUNIA
Wireshark -- WiresharkUnspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors.
unknown
2006-10-27
2.3CVE-2006-5468
OTHER-REF
BID
SECUNIA
Wireshark -- WiresharkUnspecified vulnerability in the WBXML dissector in Wireshark (formerly Ethereal) 0.10.11 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger a null dereference.
unknown
2006-10-27
2.3CVE-2006-5469
OTHER-REF
BID
SECUNIA
Wireshark -- WiresharkUnspecified vulnerability in the AirPcap support in Wireshark (formerly Ethereal) 0.99.3 has unspecified attack vectors related to WEP key parsing.
unknown
2006-10-27
2.3CVE-2006-5595
OTHER-REF
BID
SECUNIA
Wireshark -- WiresharkUnspecified vulnerability in the LDAP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via a crafted LDAP packet.
unknown
2006-10-27
2.3CVE-2006-5740
OTHER-REF
BID
SECUNIA
xsupplicant -- xsupplicantMultiple memory leaks in xsupplicant before 1.2.6, and possibly other versions, allow attackers to cause a denial of service (memory consumption) via unspecified vectors.
unknown
2006-10-27
1.4CVE-2006-5602
MANDRIVA
FRSIRT
SECUNIA
SECUNIA
Yukihiro Matsumoto -- RubyThe cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a dneial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID.
unknown
2006-10-27
2.3CVE-2006-5467
MLIST
MANDRIVA
BID
FRSIRT
FRSIRT
SECUNIA

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.