Vulnerability Summary for the Week of November 6, 2006

Released
Nov 13, 2006
Document ID
SB06-317

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Abarcar Software -- Abarcar Realty PortalMultiple SQL injection vulnerabilities in Abarcar Realty Portal allow remote attackers to execute arbitrary SQL commands via the (1) neid parameter to newsdetails.php, or the (2) slid parameter to slistl.php. NOTE: the cat vector is already covered by CVE-2006-2853.
unknown
2006-11-09
7.0CVE-2006-5840
BUGTRAQ
BID
Adaptive Technology Resource Centre -- ATutorMultiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2) req_lang parameter in documentation/common/search.php and (c) documentation/common/vitals.inc.php, the (3) row[dir_name] parameter in (d) include/classes/module/module.class.php, and the (4) lang_path parameter in (e) include/classes/phpmailer/class.phpmailer.php. NOTE: the print.php vector is already covered by CVE-2005-3404.
unknown
2006-11-06
7.0CVE-2006-5734
BUGTRAQ
Advanced Guestbook -- Advanced GuestbookPHP remote file inclusion vulnerability in admin.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
unknown
2006-11-08
7.0CVE-2006-5804
BUGTRAQ
BID
SECUNIA
AIOCP -- AIOCPMultiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) cp_dpage.php, (b)cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) cp_links.php, (g) cp_contact_us.php, (h) cp_login.php, and (i) cp_codice_fiscale.php in public/code/; (2) news_category parameter to public/code/cp_news.php; (3) nlmsg_nlcatid parameter to public/code/cp_newsletter.php; (4) links_category parameter to public/code/cp_links.php; (5) product_category_id parameter to public/code/cp_show_ec_products.php; (6) order_field parameter to public/code/cp_show_ec_products.php; (7) firstrow parameter to public/code/cp_users_online.php; and (8) orderdir parameter to public/code/cp_links_search.php.
unknown
2006-11-09
7.0CVE-2006-5829
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
AIOCP -- AIOCPPHP remote file inclusion vulnerability in admin/code/index.php in All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the load_page parameter.
unknown
2006-11-09
7.0CVE-2006-5831
BUGTRAQ
BID
XF
America Online -- ICQThe ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar.
unknown
2006-11-07
7.0CVE-2006-5650
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Apple -- Mac OS X
OpenDarwin -- Darwin Kernel		The Airport driver for certain Orinoco based Airport cards in Darwin kernel 8.8.0 in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via an 802.11 probe response frame without any valid information element (IE) fields after the header.
unknown
2006-11-03
7.0CVE-2006-5710
OTHER-REF
BID
SECUNIA
FRSIRT
SECTRACK
XF
Ariadne -- Ariadne CMS** DISPUTED ** Multiple PHP remote file inclusions in Ariadne 2.4.1 allows remote attackers to execute arbitrary PHP code via the ariadne parameter in (1) ftp/loader.php and (2) lib/includes/loader.cmd.php. NOTE: this issue is disputed by CVE, since installation instructions recommend that the files be placed outside of the web document root and require the administrator to modify $ariadne in an include file.
unknown
2006-11-06
7.0CVE-2006-5776
BUGTRAQ
MLIST
MLIST
BID
XF
Article Script -- Article ScriptSQL injection vulnerability in rss.php in Article Script 1.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.
unknown
2006-11-06
7.0CVE-2006-5765
OTHER-REF
FRSIRT
SECUNIA
BUGTRAQ
BID
Article System -- Article SystemPHP remote file inclusion vulnerability in volume.php in Article System 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config[public_dir] parameter.
unknown
2006-11-06
7.0CVE-2006-5766
OTHER-REF
BID
XF
BytesFall Explorer -- BytesFall ExplorerSQL injection vulnerability in libs/sessions.lib.php in BytesFall Explorer (bfExplorer) 0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, a different issue than CVE-2006-5606.
unknown
2006-11-03
7.0CVE-2006-5719
BUGTRAQ
OTHER-REF
BID
XF
Creasito -- Creasito E-Commerce Content ManagerCreasito E-Commerce Content Manager 1.3.08 allows remote attackers to bypass authentication and perform privileged functions via a non-empty finame parameter to (1) addnewcont.php, (2) adminpassw.php, (3) amministrazione.php, (4) artins.php, (5) bgcolor.php, (6) cancartcat.php, (7) canccat.php, (8) cancelart.php, (9) cancontsit.php, (10) chanpassamm.php, (11) dele.php, (12) delecat.php, (13) delecont.php, (14) emailall.php, (15) gestflashtempl.php, (16) gestmagart.php, (17) gestmagaz.php, (18) gestpre.php, (19) input.php, (20) input3.php, (21) insnucat.php, (22) instempflash.php, (23) mailfc.php, (24) modfdati.php, (25) rescont4.php, (26) ricordo1.php, (27) ricordo4.php, (28) tabcatalg.php, (29) tabcont.php, (30) tabcont3.php, (31) tabstile.php, (32) tabstile3.php, (33) testimmg.php, and (34) update.php in admin/. NOTE: some of these details are obtained from third party information.
unknown
2006-11-06
7.0CVE-2006-5777
OTHER-REF
SECUNIA
XF
Cyberfolio -- CyberfolioMultiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 RC1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the av parameter to (1) msg/view.php, (2) msg/inc_message.php, (3) msg/inc_envoi.php, and (4) admin/incl_voir_compet.php.
unknown
2006-11-06
7.0CVE-2006-5768
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
BID
FRSIRT
XF
DataparkSearch -- DataparkSearchSQL injection vulnerability in DataparkSearch Engine 4.42 and earlier allows remote attackers to execute arbitrary SQL commands via a malformed hostname in a URL.
unknown
2006-11-03
7.0CVE-2006-5723
OTHER-REF
BID
FRSIRT
XF
DeltaScripts -- PHP ClassifiedsSQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
unknown
2006-11-09
7.0CVE-2006-5828
OTHER-REF
BID
SECUNIA
XF
Dmitry Sheiko -- Business Card Web BuilderMultiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko Business Card Web Builder (BCWB) 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the root_path_admin parameter to (1) /include/startup.inc.php, (2) dcontent/default.css.php, or (3) system/default.css.php, different vectors than CVE-2006-4946.
unknown
2006-11-08
7.0CVE-2006-5816
BUGTRAQ
Dodo's Scripts -- DodosMailMultiple PHP remote file inclusion vulnerabilities in dodosmail.php in DodosMail 2.0.1 and earlier, and possibly 2.1, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dodosmail_header_file or (2) dodosmail_footer_file parameters.
unknown
2006-11-09
7.0CVE-2006-5841
Milw0rm
FRSIRT
SECUNIA
Drake CMS -- Drake CMSPHP remote file inclusion vulnerability in includes/xhtml.php in Drake CMS 0.2.2 r846 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the d_root parameter.
unknown
2006-11-06
7.0CVE-2006-5767
OTHER-REF
BID
FRSIRT
XF
e107 -- e107Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.
unknown
2006-11-07
7.0CVE-2006-5786
OTHER-REF
BID
XF
Edgewall Software -- TracCross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors.
unknown
2006-11-09
7.0CVE-2006-5848
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Essen -- Essentia Web ServerStack-based buffer overflow in Essentia Web Server 2.15 for Windows allows remote attackers to execute arbitrary code via a long URI, as demonstrated by a GET or HEAD request. NOTE: some of these details are obtained from third party information.
unknown
2006-11-09
7.0CVE-2006-5850
FULLDISC
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Francisco Burzi -- PHP-NukeSQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter.
unknown
2006-11-03
7.0CVE-2006-5720
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Free PHP Scripts -- Free File HostingPHP remote file inclusion vulnerability in contact.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-11-06
7.0CVE-2006-5764
FRSIRT
FreeWebshop -- FreeWebshopMultiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) prod parameter.
unknown
2006-11-06
7.0CVE-2006-5772
OTHER-REF
FRSIRT
SECUNIA
XF
FreeWebshop -- FreeWebshopCross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
unknown
2006-11-09
7.0CVE-2006-5847
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
FunkBoard -- FunkBoardCross-site scripting (XSS) vulnerability in profile.php in FunkBoard 0.71 before 4 November 2006 at 18:16 GMT allows remote attackers to inject arbitrary web script or HTML, possibly via the name parameter.
unknown
2006-11-06
7.0CVE-2006-5775
OTHER-REF
FRSIRT
SECUNIA
BID
GreenBeast CMS -- GreenBeast CMSgbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not require authentication to upload files, which allows remote attackers to cause a denial of service (disk consumption) and execute arbitrary code by uploading arbitrary files, such as executing PHP code via an uploaded PHP file.
unknown
2006-11-09
7.0CVE-2006-5833
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
IBM -- Lotus DominoMultiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors.
unknown
2006-11-08
7.0CVE-2006-5818
IDEFENSE
OTHER-REF
BID
Immediacy -- Immediacy .NET CMSCross-site scripting (XSS) vulnerability in logon.aspx in Immediacy CMS (Immediacy .NET CMS) 5.2 allows remote attackers to inject arbitrary web script or HTML via the lang parameter, which is returned to the client in a lang cookie.
unknown
2006-11-09
7.0CVE-2006-5853
BUGTRAQ
OTHER-REF
BID
Iodine -- IodineStack-based buffer overflow in the handshake function in iodine 0.3.2 allows remote attackers to execute arbitrary code via a crafted DNS response.
unknown
2006-11-07
7.0CVE-2006-5781
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
IPrimal -- IPrimal Forumsadmin/index.php in IPrimal Forums as of 20061105 allows remote attackers to bypass authentication and modify user passwords via a direct request, possibly related to an authentication issue in admin/chk_admin.php.
unknown
2006-11-07
7.0CVE-2006-5787
OTHER-REF
BID
FRSIRT
SECUNIA
IPrimal -- IPrimal ForumsPHP remote file inclusion vulnerability in (1) index.php and (2) admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to execute arbitrary PHP code via a URL in the p parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
unknown
2006-11-07
7.0CVE-2006-5788
FRSIRT
SECUNIA
IrayoBlog -- IrayoBlogPHP remote file inclusion vulnerability in inc/irayofuncs.php in IrayoBlog alpha-0.2.4 allows remote attackers to execute arbitrary PHP code via a URL in the irayodirhack parameter.
unknown
2006-11-09
7.0CVE-2006-5849
OTHER-REF
FRSIRT
XF
Leicestershire -- CommunityPortalsPHP remote file inclusion vulnerability in cpadmin/cpa_index.php in Leicestershire communityPortals 1.0_2005-10-18_12-31-18 allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter, a different vector than CVE-2006-5280.
unknown
2006-11-06
7.0CVE-2006-5739
SECTRACK
Linux -- Linux kernelMultiple unspecified vulnerabilities in netfilter for IPv6 code in Linux kernel before 2.6.16.31 allow remote attackers to bypass intended restrictions via unknown vectors, aka (1) "ip6_tables protocol bypass bug" and (2) "ip6_tables extension header bypass bug".
unknown
2006-11-06
7.0CVE-2006-4572
MLIST
MANDRIVA
SECUNIA
SECUNIA
Microsoft -- XML Core ServicesUnspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.
unknown
2006-11-06
8.0CVE-2006-5745
OTHER-REF
OTHER-REF
FRSIRT
OTHER-REF
CERT-VN
BID
SECTRACK
SECUNIA
XF
Microsoft -- Windows 2000
Microsoft -- Windows XP		Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and execute arbitrary code by modifying the kernel structures.
unknown
2006-11-06
7.0CVE-2006-5758
OTHER-REF
FRSIRT
SECUNIA
BID
SECTRACK
XF
MobileSecure Inc -- Highwall Enterprise
MobileSecure Inc -- Highwall Endpoint		Multiple SQL injection vulnerabilities in Highwall Enterprise and Highwall Endpoint 4.0.2.11045 management interface allow remote attackers to execute arbitrary SQL commands via an Access Point with a crafted SSID, and via unspecified vectors related to a malicious system operator.
unknown
2006-11-06
7.0CVE-2006-5744
BUGTRAQ
BUGTRAQ
BID
OSVDB
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird		Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing.
unknown
2006-11-08
7.0CVE-2006-5463
OTHER-REF
OTHER-REF
CERT
BID
FRSIRT
SECUNIA
SECUNIA
SECTRACK
SECTRACK
SECTRACK
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird		Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function.
unknown
2006-11-08
7.0CVE-2006-5747
CERT-VN
OTHER-REF
OTHER-REF
CERT
BID
FRSIRT
SECTRACK
SECTRACK
SECTRACK
SECUNIA
SECUNIA
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird		Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possible execute arbitrary code via unspecified vectors that trigger memory corruption.
unknown
2006-11-08
7.0CVE-2006-5748
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
CERT
CERT-VN
BID
FRSIRT
SECTRACK
SECTRACK
SECTRACK
SECUNIA
SECUNIA
mxBB -- mxBB Smartor AlbumPHP remote file inclusion vulnerability in modules/mx_smartor/album.php in the mxBB Smartor Album module 1.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
unknown
2006-11-08
7.0CVE-2006-5803
OTHER-REF
BID
XF
NewP -- News Publication SystemPHP remote file inclusion vulnerability in lib/class.Database.php in NewP News Publication System 1.0.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the path parameter.
unknown
2006-11-09
7.0CVE-2006-5838
BUGTRAQ
BID
XF
Novell -- eDirectoryUnspecified vulnerability in Novell eDirectory allows remote attackers to execute arbitrary code, as demonstrated by vd_novell.pm, a "Novell eDirectory remote exploit." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.
unknown
2006-11-08
7.0CVE-2006-5814
OTHER-REF
SECTRACK
OpenBSD -- OpenSSHUnspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.
unknown
2006-11-08
7.0CVE-2006-5794
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
SECUNIA
OpenDarwin -- Darwin KernelThe fpathconf syscall function in bsd/kern/kern_descrip.c in the Darwin kernel (XNU) 8.8.1 in Apple Mac OS X allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a file descriptor with an unrecognized file type.
unknown
2006-11-09
7.0CVE-2006-5836
OTHER-REF
BID
OpenEMR -- OpenEMRMultiple PHP remote file inclusion vulnerabilities in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the srcdir parameter to (a) billing_process.php, (b) billing_report.php, (c) billing_report_xml.php, and (d) print_billing_report.php in interface/billing/; (e) login.php; (f) interface/batchcom/batchcom.php; (g) interface/login/login.php; (h) main_info.php and (i) main.php in interface/main/; (j) interface/new/new_patient_save.php; (k) interface/practice/ins_search.php; (l) interface/logout.php; (m) custom_report_range.php, (n) players_report.php, and (o) front_receipts_report.php in interface/reports/; (p) facility_admin.php, (q) usergroup_admin.php, and (r) user_info.php in interface/usergroup/; or (s) custom/import_xml.php.
unknown
2006-11-08
7.0CVE-2006-5795
BUGTRAQ
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
PHP -- PHPBuffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.
unknown
2006-11-03
7.0CVE-2006-5465
OTHER-REF
UBUNTU
OTHER-REF
MANDRIVA
REDHAT
BID
FRSIRT
SECTRACK
SECUNIA
SECUNIA
XF
DEBIAN
MANDRAKE
SECUNIA
SECUNIA
SECUNIA
PHP -- PHPUnspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494.
unknown
2006-11-03
7.0CVE-2006-5706
OTHER-REF
UBUNTU
PHPAdventure -- PHPAdventurePHP remote file inclusion vulnerability in ad_main.php in PHPAdventure 1.1-Alpha and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _mygamefile parameter.
unknown
2006-11-09
7.0CVE-2006-5839
OTHER-REF
FRSIRT
XF
phpDynaSite -- phpDynaSiteMultiple PHP remote file inclusion vulnerabilities in phpDynaSite 3.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the racine parameter to (1) function_log.php, (2) function_balise_url.php, or (3) connection.php.
unknown
2006-11-06
7.0CVE-2006-5760
OTHER-REF
FRSIRT
SECUNIA
XF
PHPEasyData Pro -- PHPEasyData ProSQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
unknown
2006-11-03
7.0CVE-2006-5707
BUGTRAQ
BUGTRAQ
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
XF
PostNuke Software Foundation -- PostNukeDirectory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
unknown
2006-11-06
7.0CVE-2006-5733
OTHER-REF
BID
XF
ProFTPD Project -- ProFTPDUnspecified vulnerability in ProFTPD allows remote attackers to execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.
unknown
2006-11-08
7.0CVE-2006-5815
OTHER-REF
SECTRACK
PunBB -- PunBBDirectory traversal vulnerability in include/common.php in PunBB before 1.2.14 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the language parameter, related to register.php storing a language value in the users table.
unknown
2006-11-06
7.0CVE-2006-5735
BUGTRAQ
OTHER-REF
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
PunBB -- PunBBPunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized actions.
unknown
2006-11-06
7.0CVE-2006-5737
BUGTRAQ
OTHER-REF
SECTRACK
SimpleChat -- SimpleChatStatic code injection vulnerability in chat_panel.php in the SimpleChat 1.0.0 module for iWare Professional CMS allows remote attackers to inject arbitrary PHP code into chat_log.php via the msg parameter.
unknown
2006-11-09
7.0CVE-2006-5837
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Soholaunch -- Soholaunch Pro EditionMultiple PHP remote file inclusion vulnerabilities in Soholaunch Pro Edition 4.9 r46 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[docroot_path] parameter to (1) includes/shared_functions.php or (2) client_files/shopping_cart/pgm-shopping_css.inc.php.
unknown
2006-11-08
7.0CVE-2006-5796
BUGTRAQ
OTHER-REF
OTHER-REF
FRSIRT
XF
Speedywiki -- SpeedywikiCross-site scripting (XSS) vulnerability in index.php in Speedywiki 2.0 allows remote attackers to inject arbitrary web script or HTML via the showRevisions parameter.
unknown
2006-11-09
7.0CVE-2006-5843
BUGTRAQ
OTHER-REF
BID
SECUNIA
Speedywiki -- SpeedywikiUnrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated users to upload and execute arbitrary PHP code by setting the upload parameter to 1.
unknown
2006-11-09
7.0CVE-2006-5845
BUGTRAQ
OTHER-REF
SECUNIA
Stefan Ritt -- Elog Web LogbookMultiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) an entry with an attachment whose name contains format string specifiers (el_submit function), and possibly other vectors in the (2) receive_config, (3) show_rss_feed, (4) show_elog_list, (5) show_logbook_node, and (6) server_loop functions.
unknown
2006-11-07
7.0CVE-2006-5790
OTHER-REF
BID
FRSIRT
SECUNIA
The Web Drivers -- Simple ForumSQL injection vulnerability in message_details.php in The Web Drivers Simple Forum, dated 20060318, allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2006-11-08
7.0CVE-2006-5802
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Tikiwiki -- TikiwikiCross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements.
unknown
2006-11-03
7.0CVE-2006-5703
BUGTRAQ
BID
SECUNIA
FRSIRT
Xenis -- Xenis.creator CMSMultiple SQL injection vulnerabilities in default.asp in Xenis.creator CMS allow remote attackers to execute arbitrary SQL commands via the (1) nav, (2) s, or (3) print parameters.
unknown
2006-11-08
7.0CVE-2006-5797
BUGTRAQ
BUGTRAQ
BID
SECTRACK
XF
Xenis -- Xenis.creator CMSSQL injection vulnerability in default.asp in Xenis.creator CMS allows remote attackers to execute arbitrary SQL commands via the contid parameter.
unknown
2006-11-08
7.0CVE-2006-5798
BUGTRAQ
BID
SECTRACK
XF
Xenis -- Xenis.creator CMSMultiple cross-site scripting (XSS) vulnerabilities in default.asp in xenis.creator CMS allow remote attackers to inject arbitrary web script or HTML via the (1) contid or (2) search parameters.
unknown
2006-11-08
7.0CVE-2006-5799
BUGTRAQ
OTHER-REF
BID
SECTRACK
XF
XLink Technology -- Omni-NFS ServerStack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet to port 2049 (nfsd), as demonstrated by vd_xlink.pm.
unknown
2006-11-07
7.0CVE-2006-5780
BUGTRAQ
OTHER-REF
OTHER-REF
BID
XLink Technology -- Omni-NFS/X EnterpriseUnspecified vulnerability in XLink Omni-NFS Enterprise allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by vd_xlink2.pm, an "Omni-NFS Enterprise remote exploit." NOTE: this is probably a different vulnerability than CVE-2006-5780. As of 20061107, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.
unknown
2006-11-07
7.0CVE-2006-5792
OTHER-REF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Airmagnet -- EnterpriseThe console in AirMagnet Enterprise does not properly validate the Enterprise Server certificate, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack, possibly related to the use of self-signed certificates.
unknown
2006-11-06
4.7CVE-2006-5746
BUGTRAQ
BUGTRAQ
BID
OSVDB
Alt-N -- MDaemonUnspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related to a "JavaScript exploit."
unknown
2006-11-03
4.9CVE-2006-5709
OTHER-REF
FRSIRT
SECUNIA
Cisco -- Cisco Secure DesktopCisco Secure Desktop (CSD) before 3.1.1.45 allows local users to escape out of the secure desktop environment by using certain applications that switch to the default desktop, aka "System Policy Evasion".
unknown
2006-11-08
4.9CVE-2006-5807
CISCO
Cisco -- Cisco Secure DesktopThe installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation".
unknown
2006-11-08
4.9CVE-2006-5808
IDEFENSE
CISCO
Enlightenment -- Imlib2Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loader_jpeg.c), or (5) TIFF (loader_tiff.c) images.
unknown
2006-11-06
5.6CVE-2006-4806
OTHER-REF
UBUNTU
BID
FRSIRT
SECUNIA
SECUNIA
MANDRIVA
UBUNTU
SECUNIA
Enlightenment -- Imlib2Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image.
unknown
2006-11-06
5.6CVE-2006-4809
OTHER-REF
UBUNTU
BID
FRSIRT
SECUNIA
SECUNIA
MANDRIVA
UBUNTU
SECUNIA
Free PHP Scripts -- Free File HostingPHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.
unknown
2006-11-06
5.6CVE-2006-5762
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Free PHP Scripts -- Free File HostingMultiple PHP remote file inclusion vulnerabilities in Free File Hosting 1.1, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter to (1) login.php, (2) register.php, or (3) send.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-11-06
5.6CVE-2006-5763
SECUNIA
FreeWebshop -- FreeWebshopDirectory traversal vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to read and include arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2006-5773.
unknown
2006-11-09
4.7CVE-2006-5846
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
GNU -- texinfoBuffer overflow in the (1) texi2dvi and (2) texindex commands in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.
unknown
2006-11-08
4.9CVE-2006-4810
MANDRIVA
REDHAT
HP -- NonStop ServerHP NonStop Server G06.29, when running Standard Security T6533G06 before T6533G06^ABK, does not properly evaluate access permissions to OSS directories when no optional ACL entry exists, which allows local users to read arbitrary files.
unknown
2006-11-03
5.6CVE-2006-5704
HP
CIAC
BID
FRSIRT
SECTRACK
XF
Jonathon J. Freeman -- OvBBMultiple unspecified vulnerabilities in Jonathon J. Freeman OvBB before 0.13a have unknown impact and attack vectors.
unknown
2006-11-08
4.9CVE-2006-5809
OTHER-REF
FRSIRT
linux-ftpd-ssl -- linux-ftpd-sslftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir before setting the UID, which allows local users to bypass intended access restrictions by redirecting their home directory to a restricted directory.
unknown
2006-11-07
4.9CVE-2006-5778
FULLDISC
OTHER-REF
Lithium CMS -- Lithium CMSDirectory traversal vulnerability in classes/index.php in Lithium CMS 4.04c and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the siteconf[curl] parameter, as demonstrated by a POST to news/comment.php containing PHP code, which is stored under db/comments/news/ and included by classes/index.php.
unknown
2006-11-06
4.7CVE-2006-5731
Milw0rm
BID
XF
FRSIRT
SECUNIA
Middlebury College -- Segue CMSMultiple PHP remote file inclusion vulnerabilities in Segue CMS 1.5.9 and earlier, when magic_quotes_gpc is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the theme parameter to (1) themesettings.php or (2) index.php, a different vector than CVE-2006-5497. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-11-03
5.6CVE-2006-5722
FRSIRT
SECUNIA
MODxCMS -- MODxCMSPHP remote file inclusion vulnerability in manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php in Modx CMS 0.9.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. NOTE: it is possible that this is a vulnerability in FCKeditor.
unknown
2006-11-06
5.6CVE-2006-5730
Milw0rm
BID
XF
FRSIRT
SECUNIA
Mozilla -- Network Security Services (NSS)
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird		Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.
unknown
2006-11-08
4.7CVE-2006-5462
OTHER-REF
OTHER-REF
OTHER-REF
CERT
CERT-VN
FRSIRT
SECTRACK
SECTRACK
SECTRACK
SECUNIA
SECUNIA
Openbase International Ltd -- OpenBaseUntrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327.
unknown
2006-11-09
4.9CVE-2006-5852
FULLDISC
OTHER-REF
OTHER-REF
SECUNIA
OpenEMR -- OpenEMRPHP remote file inclusion vulnerability in library/translation.inc.php in OpenEMR 2.8.1, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[srcdir] parameter.
unknown
2006-11-08
5.6CVE-2006-5811
BUGTRAQ
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
PunBB -- PunBBSQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_list array parameter, which is not initialized.
unknown
2006-11-06
5.6CVE-2006-5736
BUGTRAQ
OTHER-REF
OTHER-REF
FRSIRT
SECTRACK
SAP -- SAP Web Application ServerUnspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via unknown vectors. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user.
unknown
2006-11-07
4.9CVE-2006-5784
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
Sazcart -- SazcartPHP remote file inclusion vulnerability in admin/controls/cart.php in sazcart 1.5 allows remote attackers to execute arbitrary PHP code via the (1) _saz[settings][shippingfolder] and (2) _saz[settings][taxfolder] parameters.
unknown
2006-11-06
5.6CVE-2006-5727
Milw0rm
FRSIRT
SECUNIA
BID
XF
Texas Imperial Software -- WFTPDBuffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via crafted APPE commands that contain "/" (slash) or "\" (backslash) characters.
unknown
2006-11-09
4.2CVE-2006-5826
BUGTRAQ
FULLDISC
FULLDISC
OTHER-REF
BID
SECTRACK
Yazd -- Yazd Discussion ForumYazd Discussion Forum before 3.0 beta does not properly manage forum permissions, which allows remote authenticated users to (1) reply to a message in an arbitrary forum, if authorized to create a message in any forum; and (2) perform certain unauthorized forum actions, related to an "error in how the permissions were assembled" that assigns extra permissions to users.
unknown
2006-11-06
4.2CVE-2006-5729
OTHER-REF
BID
SECUNIA
XF
XF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
ac4p -- ac4p MobileMultiple cross-site scripting (XSS) vulnerabilities in Mobile allow remote attackers to inject arbitrary web script or HTML via (1) Bloks, (2) Newnews, (3) lBlok, and (4) foooot parameter in (a) index.php; Newnews, (5) newmsgs, and Bloks parameter in (b) MobileNews.php; Newnews parameter in (c) polls.php; (6) cats parameter in (d) send.php; (7) footer parameter in (e) up.php; and (8) pagenav parameter in (f) cp/index.php.
unknown
2006-11-06
2.3CVE-2006-5770
BUGTRAQ
BID
AEP Networks -- Smartgate SSL ServerThe SSL server in AEP Smartgate 4.3b allows remote attackers to determine existence of directories via a direct request for a directory URI, which returns a different HTTP status codes for existing and non-existing directories.
unknown
2006-11-03
2.3CVE-2006-5725
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
Agnitum -- Outpost Firewall PROThe \Device\SandBox driver in Outpost Firewall PRO 4.0 (964.582.059) allows local users to cause a denial of service (system crash) via an invalid argument to the DeviceIoControl function that triggers an invalid memory operation.
unknown
2006-11-03
2.3CVE-2006-5721
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
AIOCP -- AIOCPMultiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topid, (2) forid, and (3) catid parameters to code/cp_forum_view.php; (4) choosed_language parameter to cp_dpage.php; (5) orderdir parameter to cp_links_search.php; (6) order_field parameter to (a) cp_show_ec_products.php and (b) cp_users_online.php; and the (7) signature and (8) fiscal code fields in the user profile.
unknown
2006-11-09
1.9CVE-2006-5830
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
XF
AIOCP -- AIOCPAll In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to obtain the full path of the web server via certain requests to (1) public/code/cp_dpage.php, possibly involving the aiocp_dp[] parameter, (2) public/code/cp_show_ec_products.php, possibly involving the order_field[] parameter, and (3) public/code/cp_show_page_help.php, possibly involving the hp[] parameter, which reveal the path in various error messages.
unknown
2006-11-09
2.3CVE-2006-5832
BUGTRAQ
BID
XF
AirMagnet -- EnterpriseMultiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enterprise allow remote attackers to inject arbitrary web script or HTML via (1) the 404 error page of the Smart Sensor Edge Sensor; (2) the user name for a failed logon, when displayed in the audit journals reviewing interface (/AirMagnetSensor/AMSensor.dll/XH) by the Smart Sensor Edge Sensor log viewer; and (3) an SSID of an AP, when displayed on an ACL page (/Amom/Amom.dll/BD) of the Enterprise Server Status Overview in the Enterprise Server Web interface.
unknown
2006-11-06
2.3CVE-2006-5741
BUGTRAQ
BUGTRAQ
BID
OSVDB
OSVDB
OSVDB
Airmagnet -- EnterpriseThe AirMagnet Enterprise console and Remote Sensor console (Laptop) in AirMagnet Enterprise allows remote attackers to inject arbitrary web script or HTML from a certain embedded Internet Explorer object into an SSID template value, aka "Cross-Application Scripting (XAS)".
unknown
2006-11-06
2.3CVE-2006-5742
BUGTRAQ
BUGTRAQ
BID
Alt-N -- MDaemonMultiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resulting in memory leaks.
unknown
2006-11-03
2.3CVE-2006-5708
OTHER-REF
Arkoon -- SSL360Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0 before 2.0/2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2006-11-06
2.3CVE-2006-5771
OTHER-REF
BID
FRSIRT
XF
Cisco -- Cisco Secure DesktopSSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data.
unknown
2006-11-08
1.6CVE-2006-5806
CISCO
DigiOz -- DigiOz Guestbooklist.php in DigiOz Guestbook before 1.7.1 allows remote attackers to obtain sensitive information via a non-numeric page parameter, which displays the installation path in the resulting error message.
2006-11-02
2006-11-07
2.3CVE-2006-5651
FULLDISC
OTHER-REF
OSVDB
BUGTRAQ
Dxmsoft -- XM Easy Personal FTP ServerXM Easy Personal FTP Server 5.2.1 and earlier allows remote authenticated users to cause a denial of service via a long argument to the NLST command, possibly involing the -al flags.
unknown
2006-11-06
1.4CVE-2006-5728
Milw0rm
SECUNIA
FRSIRT
ECI Telecom -- B-FOCuS Wireless 802.11b/g ADSL2+ RouterECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ Router allows remote attackers to read arbitrary files via a certain HTTP request, as demonstrated by a request for a router configuration file, related to the /html/defs/ URI.
unknown
2006-11-03
2.3CVE-2006-5711
BUGTRAQ
FULLDISC
BID
SECTRACK
XF
FRSIRT
SECUNIA
EFS Software -- EFS Web ServerCross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) author, (2) content, or (3) title parameters when posting a forum thread. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-11-03
2.3CVE-2006-5713
BID
SECUNIA
XF
EFS Software -- EFS Web ServerEasy File Sharing (EFS) Web Server 4.0, when running on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of a HTTP GET request, which accesses the alternate data stream.
unknown
2006-11-03
2.3CVE-2006-5714
OTHER-REF
BID
SECUNIA
XF
EFS Software -- Easy Address BookEasy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of an HTTP GET request, which accesses the alternate data stream.
unknown
2006-11-03
2.3CVE-2006-5715
OTHER-REF
BID
SECUNIA
FRSIRT
XF
Enlightenment -- Imlib2loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808.
unknown
2006-11-06
1.9CVE-2006-4807
OTHER-REF
UBUNTU
BID
FRSIRT
SECUNIA
SECUNIA
MANDRIVA
UBUNTU
SECUNIA
XF
Enlightenment -- Imlib2Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image.
unknown
2006-11-06
1.9CVE-2006-4808
OTHER-REF
UBUNTU
BID
FRSIRT
SECUNIA
SECUNIA
MANDRIVA
UBUNTU
SECUNIA
FixPunkt GmbH -- admin.tool CMS 3Multiple cross-site scripting (XSS) vulnerabilities in admin.tool CMS 3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fSid or (2) fSrcBegriffe parameters in unspecified vectors.
2006-10-27
2006-11-06
2.3CVE-2006-5769
BUGTRAQ
OTHER-REF
BID
XF
FreeBSD -- FreeBSDThe libarchive library in FreeBSD FreeBSD 6-STABLE after 2006-09-05 and before 2006-11-08 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive that causes libarchive to skip a region past the actual end of the archive, which triggers an infinite loop that attempts to read more data.
unknown
2006-11-08
2.3CVE-2006-5680
FREEBSD
FreeBSD -- FreeBSDInteger overflow in the ffs_rdextattr function in FreeBSD 6.1 allows local users to cause a denial of service (kernel panic) and trigger a heap-based buffer overflow via a crafted UFS filesystem, a different vulnerability than CVE-2006-5679.
unknown
2006-11-09
2.3CVE-2006-5824
OTHER-REF
Freenews -- FreenewsDirectory traversal vulnerability in aff_news.php in FreeNews 2.1 allows remote attackers to include local files via a .. (dot dot) sequence in the chemin parameter, when the aff_news parameter is not set to "1."
unknown
2006-11-03
2.3CVE-2006-5716
BUGTRAQ
BUGTRAQ
BUGTRAQ
FreeWebshop -- FreeWebshopDirectory traversal vulnerability in index.php in FreeWebshop 2.2.1 and earlier allows remote attackers to read arbitrary files and disclose the installation path via a .. (dot dot) in the action parameter.
unknown
2006-11-06
2.3CVE-2006-5773
OTHER-REF
BID
FRSIRT
SECUNIA
XF
HP -- OpenView Client Configuraton Managerradexecd.exe in HP OpenView Client Configuraton Manager (CCM) does not require authentication before executing commands in the installation directory, which allows remote attackers to cause a denial of service (reboot) by calling radbootw.exe or create arbitrary files by calling radcrecv.
2006-10-10
2006-11-08
3.3CVE-2006-5782
BUGTRAQ
OTHER-REF
Hyper NIKKI System -- Hyper NIKKI SystemCross-site scripting (XSS) vulnerability in Hyper NIKKI System before 2.19.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
unknown
2006-11-06
2.3CVE-2006-5774
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
BID
IBM -- Lotus NotesThe Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file.
unknown
2006-11-09
2.3CVE-2006-5835
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Jgaa -- WarFTPdWarFTPd 1.82.00-RC11 allows remote authenticated users to cause a denial of service via a large number of "%s" format strings in (1) CWD, (2) CDUP, (3) DELE, (4) NLST, (5) LIST, (6) SIZE, and possibly other commands. NOTE: it is possible that vector 1 is an off-by-one variant or incomplete fix of CVE-2005-0312.
unknown
2006-11-07
1.4CVE-2006-5789
BUGTRAQ
BID
Kayako -- SupportSuiteCross-site scripting (XSS) vulnerability in index.php in Kayako SupportSuite 3.00.32 allows remote attackers to inject arbitrary web script or HTML via the query string.
unknown
2006-11-09
2.3CVE-2006-5825
BUGTRAQ
OTHER-REF
BID
Kerio -- Kerio MailServerUnspecified vulnerability in Kerio MailServer allows attackers to cause a denial of service, as demonstrated by vd_kms4.pm, a "Kerio MailServer DoS." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.
unknown
2006-11-08
2.3CVE-2006-5812
OTHER-REF
SECTRACK
Linux -- Linux kernelRace condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures.
unknown
2006-11-06
1.3CVE-2006-5757
OTHER-REF
BID
SECUNIA
SECUNIA
FRSIRT
XF
Linux -- Linux kernelThe zlib_inflate function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using cramfs.
unknown
2006-11-09
2.3CVE-2006-5823
OTHER-REF
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate as invalid.
unknown
2006-11-08
2.3CVE-2006-5805
OTHER-REF
SECTRACK
Mirabilis -- ICQHeap-based buffer overflow the "Answering Service" function in ICQ 2003b Build 3916 allows local users to cause a denial of service (application crash) via a long string in the "AwayMsg Presets" value in the ICQ\ICQPro\DefaultPrefs\Presets registry key.
unknown
2006-11-03
1.6CVE-2006-5724
FULLDISC
XF
Mirapoint -- Mirapoint WebMailCross-site scripting (XSS) vulnerability in Mirapoint WebMail allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated using the width style for an IMG element.
unknown
2006-11-03
2.3CVE-2006-5712
FULLDISC
BID
SECTRACK
XF
MobileSecure -- Highwall Enterprise
MobileSecure -- Highwall Endpoint		Multiple cross-site scripting (XSS) vulnerabilities in Highwall Enterprise and Highwall Endpoint 4.0.2.11045 management interface allow remote attackers to inject arbitrary web script or HTML via (1) an Access Point with a crafted SSID, (2) the name of the sensor WIDS, (3) the name of the Highwall EndPoint workstation, or other unspecified vectors.
unknown
2006-11-06
2.3CVE-2006-5743
BUGTRAQ
BUGTRAQ
BID
OSVDB
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird		Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors.
unknown
2006-11-08
2.3CVE-2006-5464
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
CERT-VN
CERT
BID
FRSIRT
SECTRACK
SECTRACK
SECTRACK
SECUNIA
SECUNIA
Mozilla -- Firefox** DISPUTED ** Firefox 1.5.0.7 on Kubuntu Linux allows remote attackers to cause a denial of service (crash) via a long URL in an A tag. NOTE: this issue has been disputed by several vendors, who could not reproduce the report. In addition, the scope of the impact - system freeze - suggests an issue that is not related to Firefox. Due to this impact, CVE concurs with the dispute.
unknown
2006-11-07
3.3CVE-2006-5783
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
Novell -- eDirectoryThe BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service (invalid memory access) via a crafted login request.
2006-08-17
2006-11-03
2.3CVE-2006-4521
IDEFENSE
BID
FRSIRT
SECTRACK
SECUNIA
XF
Novell -- eDirectoryUnspecified vulnerability in Novell eDirectory 8.8 allows attackers to cause a denial of service, as demonstrated by vd_novell3.pm, a "Novell eDirectory 8.8 DoS." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.
unknown
2006-11-08
2.3CVE-2006-5813
OTHER-REF
SECTRACK
Openbase International Ltd -- OpenBaseopenexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328.
unknown
2006-11-09
1.6CVE-2006-5851
FULLDISC
OTHER-REF
OTHER-REF
SECUNIA
OpenSolution -- Quick.Cms.LiteDirectory traversal vulnerability in general.php in OpenSolution Quick.Cms.Lite 0.3 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the sLanguage Cookie parameter.
unknown
2006-11-09
2.3CVE-2006-5834
OTHER-REF
BID
FRSIRT
SECUNIA
XF
owfs -- owfsThe owserver module in owfs and owhttpd 2.5p5 and earlier does not properly check the path type, which allows attackers to cause a denial of service (application crash) related to use of the path in owshell.
unknown
2006-11-08
2.3CVE-2006-5801
OTHER-REF
FRSIRT
SECUNIA
Parallels -- Parallels Desktopprl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure permissions (0666) for /Library/Parallels/.dhcpd_configuration, which allows local users to modify DHCP configuration. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
unknown
2006-11-08
1.6CVE-2006-5817
SECUNIA
phpComasy -- phpComasyMultiple cross-site scripting (XSS) vulnerabilities in index.php in phpComasy CMS 0.7.9pre and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username or (2) password parameters.
2006-11-02
2006-11-09
2.3CVE-2006-5827
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
phpMyAdmin -- phpMyAdminCross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data.
unknown
2006-11-03
2.3CVE-2006-5718
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
PunBB -- PunBBMultiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.
unknown
2006-11-06
1.1CVE-2006-5738
OTHER-REF
OTHER-REF
Red Hat -- Red Hat Fedora Core
OpenLDAP -- OpenLDAP		Unspecified vulnerability in the openldap-2.2.29-1 package of OpenLDAP on Fedora Core 4 (FC4), and possibly other versions and distributions, allows remote attackers to cause a denial of service (daemon crash) via a certain combination of LDAP BIND requests that triggers an assertion failure.
unknown
2006-11-07
2.3CVE-2006-5779
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Rhadrix -- If-CMSindex.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows remote attackers to obtain the full path of the web server via empty (1) rns[] or (2) pag[] arguments, which reveals the path in an error message.
unknown
2006-11-06
2.3CVE-2006-5759
BUGTRAQ
OTHER-REF
XF
Rhadrix -- If-CMSCross-site scripting (XSS) vulnerability in index.php in Rhadrix If-CMS 1.01 and 2.07 allows remote attackers to inject arbitrary web script or HTML via the rns parameter.
unknown
2006-11-06
2.3CVE-2006-5761
BUGTRAQ
OTHER-REF
BID
SECUNIA
FRSIRT
SECTRACK
XF
RPM -- Package Manager
Ubuntu -- Ubuntu Linux		Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages.
unknown
2006-11-06
2.7CVE-2006-5466
BUGZILLA
UBUNTU
FRSIRT
SECUNIA
SECUNIA
SAP -- SAP Web Application ServerUnspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via unknown vectors.
unknown
2006-11-07
2.3CVE-2006-5785
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
Speedywiki -- SpeedywikiSpeedywiki 2.0 allows remote attackers to obtain the full path of the web server via the (1) showRevisions[] and (2) searchText[] parameters in (a) index.php, and (b) a direct request to upload.php without any parameters.
unknown
2006-11-09
2.3CVE-2006-5844
BUGTRAQ
OTHER-REF
Stefan Ritt -- Elog Web LogbookMultiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is not quoted in an error message by the send_file_direct function, and (2) the Type or Category values in a New entry, which is not properly handled in an error message by the submit_elog function.
unknown
2006-11-07
1.9CVE-2006-5791
OTHER-REF
BID
BID
FRSIRT
SECUNIA
Sun -- Solarisalloccgblk in the UFS filesystem in Solaris 10 allows local users to cause a denial of service (memory corruption) by mounting crafted UFS filesystems with malformed data structures.
unknown
2006-11-06
2.3CVE-2006-5726
OTHER-REF
SECUNIA
BID
FRSIRT
TGS CMS -- TGS CMSSQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the myauthorid cookie.
unknown
2006-11-06
2.3CVE-2006-5732
Milw0rm
BID
XF
Tikiwiki -- TikiwikiTikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages.
unknown
2006-11-03
2.3CVE-2006-5702
BUGTRAQ
BID
SECUNIA
FRSIRT
XF
Unicore -- Unicore ClientThe keystore file in Unicore Client before 5.6 build 5, when running on Unix systems, has insecure default permissions, which allows local users to obtain sensitive information.
unknown
2006-11-09
1.6CVE-2006-5842
OTHER-REF
SECUNIA
WordPress -- WordPressDirectory traversal vulnerability in plugins/wp-db-backup.php in WordPress before 2.0.5 allows remote attackers to read arbitrary files via directory traversal sequences in unspecified parameters related to the backup of fragment files.
unknown
2006-11-03
2.3CVE-2006-5705
OTHER-REF
OTHER-REF
OTHER-REF
OPENPKG
BID
FRSIRT
SECUNIA
Xenis -- Xenis.creator CMSCross-site scripting (XSS) vulnerability in default.asp in xenis.creator CMS allows remote attackers to inject arbitrary web script or HTML via the nav parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-11-08
1.9CVE-2006-5800
XF
XOOPS -- XOOPSCross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter.
unknown
2006-11-08
2.3CVE-2006-5810
OTHER-REF
BID
Zend -- Zend Google Data Client Library PreviewMultiple cross-site scripting (XSS) vulnerabilities in Zend Google Data Client Library (ZendGData) Preview 0.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) basedemo.php and (2) calenderdemo.php in samples/, and other unspecified files.
unknown
2006-11-03
2.3CVE-2006-5717
BUGTRAQ
OTHER-REF
BID

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.