Vulnerability Summary for the Week of October 23, 2006
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
3Com -- SS3 4400 Switch firmware | 3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted management packets on the device" that cause the community string to be returned. |
| 7.0 | CVE-2006-5382 OTHER-REF FRSIRT | ||
Alex -- DownloadEngine | Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) $_ENGINE[eng_dir] and possibly (2) spaw_root parameters in admin/includes/spaw/spaw_script.js.php, and the (3) $_ENGINE[eng_dir], (4) $spaw_root, (5) $spaw_dir, and (6) $spaw_base_url parameters in admin/includes/spaw/config/spaw_control.config.php, different vectors than CVE-2006-5291. NOTE: CVE analysis as of 20061021 is inconclusive, but suggests that some or all of the suggested attack vectors are ineffective. |
| 7.0 | CVE-2006-5459 BUGTRAQ | ||
AOL -- AOL Security Edition | Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the downloadFileDirectory property, a different vulnerability than CVE-2006-5502. |
| 7.0 | CVE-2006-5501 IDEFENSE | ||
AOL -- AOL Security Edition | Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the AddPictureNoAlbum method, a different vulnerability than CVE-2006-5501. |
| 7.0 | CVE-2006-5502 IDEFENSE | ||
Ascended Development -- Ascended Guestbook | PHP remote file inclusion vulnerability in embedded.php in Ascended Guestbook 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter. |
| 7.0 | CVE-2006-5531 OTHER-REF BID FRSIRT SECUNIA XF | ||
ben3w -- 2BGal | Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote attackers to execute arbitrary PHP code via the lang parameter to (1) admin/configuration.inc.php, (2) admin/creer_album.inc.php, (3) admin/changepwd.php.inc, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-5505 BID SECUNIA | ||
Castor -- Castor | Multiple PHP remote file inclusion vulnerabilities in Castor 1.1.1 allow remote attackers to execute arbitrary PHP code via the rootpath parameter in (1) lib/code.php, (2) lib/dbconnect.php, (3) lib/error.php, (4) lib/menu.php, and other unspecified files. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-5481 FRSIRT SECUNIA | ||
Ceary -- UltraCMS | Multiple SQL injection vulnerabilities in include/index.php in UltraCMS 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. |
| 7.0 | CVE-2006-5491 BUGTRAQ BID SECTRACK | ||
Christopher Fowler -- RSSonate | Multiple PHP remote file inclusion vulnerabilities in Christopher Fowler (Rhode Island) RSSonate allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) xml2rss.php, (2) config_local.php, (3) rssonate.php, and (4) sql2xml.php in Src/getFeed/inc/. |
| 7.0 | CVE-2006-5518 OTHER-REF BID FRSIRT SECUNIA XF | ||
DeltaScripts -- PHP Classifieds | PHP remote file inclusion vulnerability in functions.php in DeltaScripts PHP Classifieds 7.1 allows remote attackers to execute arbitrary PHP code via a URL in the set_path parameter. |
| 7.0 | CVE-2006-5520 BUGTRAQ BID XF | ||
Der Dirigent -- Der Dirigent | Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (DeDi) 1.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_dedi[dedi_path] parameter in (1) find.php, (2) insert_line.php, (3) fullscreen.php, (4) changecase.php, (5) insert_link.php, (6) insert_table.php, (7) table_cellprop.php, (8) table_prop.php, and (9) table_rowprop.php in backend/external/wysiswg/popups/. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-5507 BID SECUNIA | ||
DigitalHive -- DigitalHive | PHP remote file inclusion vulnerability in template/purpletech/base_include.php in DigitalHive 2.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. |
| 7.0 | CVE-2006-5493 BUGTRAQ OTHER-REF BID SECTRACK XF | ||
Digium -- Asterisk | Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. |
| 7.0 | CVE-2006-5444 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF OPENPKG BID FRSIRT SECTRACK SECUNIA FULLDISC CERT-VN | ||
Drupal -- Drupal | Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. |
| 7.0 | CVE-2006-5475 BUGTRAQ OTHER-REF OPENPKG FRSIRT SECUNIA | ||
Drupal -- Drupal | Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors. |
| 7.0 | CVE-2006-5476 BUGTRAQ OTHER-REF OPENPKG FRSIRT SECUNIA XF | ||
EZ-Ticket -- EZ-Ticket | PHP remote file inclusion vulnerability in common.php in EZ-Ticket 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ezt_root_path parameter. |
| 7.0 | CVE-2006-5523 OTHER-REF BID XF | ||
Fully Modded phpBB -- Fully Modded phpBB | Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40 and earlier, allow remote attackers to execute arbitrary PHP code via a URL in the foing_root_path parameter in (a) faq.php, (b) index.php, (c) list.php, (d) login.php, (e) playlist.php, (f) song.php, (g) gen_m3u.php, (h) view_artist.php, (i) view_song.php, (j) flash/set_na.php, (k) flash/initialise.php, (l) flash/get_song.php, (m) includes/common.php, (n) admin/nav.php, (o) admin/main.php, (p) admin/list_artists.php, (q) admin/index.php, (r) admin/genres.php, (s) admin/edit_artist.php, (t) admin/edit_album.php, (u) admin/config.php, and (v) admin/admin_status.php in player/, different vectors than CVE-2006-3045. NOTE: CVE analysis as of 20061026 indicates that files in the admin/ and flash/ directories define foing_root_path before use. |
| 7.0 | CVE-2006-5526 OTHER-REF FRSIRT SECUNIA XF | ||
Hinton Design -- phpht Topsites | PHP remote file inclusion vulnerability in common.php in Hinton Design phpht Topsites allows remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter. |
| 7.0 | CVE-2006-5458 Milw0rm FRSIRT SECUNIA | ||
Hinton Design -- phpht Topsites | ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Hinton Design phpht Topsites allow remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter to (1) index.php, (2) certain other scripts in the top-level directory, and (3) certain scripts in the admin/ directory. NOTE: CVE disputes this vulnerability because $phpht_real_path is defined before use in index.php and most other files except common.php, which is already covered by CVE-2006-5458. |
| 7.0 | CVE-2006-5460 BUGTRAQ | ||
Intelimen -- InteliEditor | PHP remote file inclusion vulnerability in lib.editor.inc.php in Intelimen InteliEditor 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the sys_path parameter. |
| 7.0 | CVE-2006-5527 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
Johannes Erdfelt -- Kawf | Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt Kawf 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config parameter in (1) main.php or (2) user/account/main.php. |
| 7.0 | CVE-2006-5522 OTHER-REF BID XF | ||
Kinesis -- Kinesis Interactive Cinema System | SQL injection vulnerability in index.asp in Kinesis Interactive Cinema System (KICS) CMS allows remote attackers to execute arbitrary SQL commands via the (1) txtUsername (user) or (2) txtPassword (pass) parameters. |
| 7.0 | CVE-2006-5450 BUGTRAQ BID SECUNIA | ||
MambWeather -- MambWeather | PHP remote file inclusion vulnerability in Savant2/Savant2_Plugin_options.php in the MambWeather 1.8.1 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-5519 OTHER-REF BID FRSIRT SECUNIA XF | ||
Microsoft -- Windows Digital Rights Management System | The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers "memory corruption" and possibly a buffer overflow. |
| 8.0 | CVE-2006-5448 BUGTRAQ | ||
Net_DNS -- Net_DNS | PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter. |
| 7.0 | CVE-2006-5521 OTHER-REF BID XF | ||
Novell -- eDirectory | Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended. |
| 7.0 | CVE-2006-4177 IDEFENSE OTHER-REF BID SECUNIA SECTRACK | ||
Novell -- eDirectory | Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request. |
| 10.0 | CVE-2006-4509 IDEFENSE BID SECUNIA SECTRACK | ||
Novell -- eDirectory | The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid free of unallocated memory. |
| 10.0 | CVE-2006-4510 IDEFENSE BID SECUNIA SECTRACK | ||
Novell -- eDirectory | Stack-based buffer overflow in the BuildRedirectURL function in the HTTP Protocol Stack (httpstk) iMonitor module in Novell eDirectory before 8.8.1 FTF1 on Windows, Linux, and Open Enterprise Server (OES) SP2 allows remote attackers to execute arbitrary code via a long Host HTTP header. |
| 7.0 | CVE-2006-5478 OTHER-REF OTHER-REF BID SECUNIA | ||
OneOrZero -- OneOrZero Helpdesk | The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current timestamp with the username, which allows remote attackers to gain access as an arbitrary user by requesting a password reset. |
| 7.0 | CVE-2006-5474 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA | ||
PHP-Nuke -- PHP-Nuke | Multiple PHP remote file inclusion vulnerabilities in modules/My_eGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke allow remote attackers to execute arbitrary PHP code via a URL in the (1) adminpath or (2) basepath parameters. |
| 7.0 | CVE-2006-5494 OTHER-REF BID FRSIRT SECUNIA | ||
PHPList -- PHPList | Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-5321. |
| 7.0 | CVE-2006-5524 BUGTRAQ BID FRSIRT SECTRACK SECUNIA | ||
Rhode Island Secretary of State -- Open Meetings Filing System | Multiple PHP remote file inclusion vulnerabilities in Rhode Island Open Meetings Filing System allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) editmeetings/session.php, (2) email/session.php, (3) entityproperties/session.php, or (4) inc/mail.php. |
| 7.0 | CVE-2006-5517 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA | ||
SchoolAlumni Portal -- SchoolAlumni Portal | Directory traversal vulnerability in mod.php in SchoolAlumni Portal 2.26 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2006-5528 BID SECTRACK | ||
SchoolAlumni Portal -- SchoolAlumni Portal | Cross-site scripting (XSS) vulnerability in smumdadotcom_ascyb_alumni/mod.php in SchoolAlumni Portal 2.26 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the katalog module. NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2006-5529 BID SECTRACK | ||
Segue CMS -- Segue CMS | Multiple SQL injection vulnerabilities in Segue Content Management System (CMS) before 1.5.8 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| 7.0 | CVE-2006-5490 OTHER-REF BID FRSIRT SECUNIA XF | ||
Segue CMS -- Segue CMS | PHP remote file inclusion vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter. |
| 7.0 | CVE-2006-5497 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
Segue CMS -- Segue CMS | Directory traversal vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter. |
| 7.0 | CVE-2006-5498 OTHER-REF FRSIRT XF | ||
Serendipity -- Serendipity | Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page. |
| 7.0 | CVE-2006-5499 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
Softerra -- PHP Developer Library | PHP remote file inclusion vulnerability in example/lib/grid3.lib.php in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the (1) cfg_dir and (2) lib_dir parameters. |
| 7.0 | CVE-2006-5471 BUGTRAQ OTHER-REF SECTRACK XF | ||
Softerra -- PHP Developer Library | PHP remote file inclusion vulnerability in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter in (1) lib/registry.lib.php, (2) lib/sqlcompose.lib.php, and (3) lib/sqlsearch.lib.php. |
| 7.0 | CVE-2006-5472 OTHER-REF FRSIRT OSVDB OSVDB OSVDB SECUNIA XF | ||
Softerra -- PHP Developer Library | ** DISPUTED ** PHP remote file inclusion vulnerability in Description.php in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the lib_dir parameter. NOTE: this issue is disputed by CVE as of 20061023, since there is no Description.php file included in the product, and the existing "Description" file contains documentation, not functioning code. |
| 7.0 | CVE-2006-5473 BUGTRAQ MLIST MLIST | ||
SpeedBerg -- SpeedBerg | Multiple PHP remote file inclusion vulnerabilities in SpeedBerg 1.2beta1 allow remote attackers to execute arbitrary PHP code via a URL in the SPEEDBERG_PATH parameter to (1) entrancePage.tpl.php, (2) generalToolBox.tlb.php, (3) myToolBox.tlb.php, (4) scriplet.inc.php, (5) simplePage.tpl.php, (6) speedberg.class.php, and (7) standardPage.tpl.php. |
| 7.0 | CVE-2006-5485 BUGTRAQ MLIST BID | ||
Trawler -- Trawler Web CMS | Multiple PHP remote file inclusion vulnerabilities in Trawler Web CMS 1.8.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_red2 parameter to (a) _msdazu_pdata/redaktion/artikel/up/index.php; (b) addtort.php, (c) colorpik2.php, (d) colorpik3.php, (e) extras_menu.php, (f) farbpalette.php, (g) lese_inc.php, and (h) newfile.php in _msdazu_share/richtext/; the (2) path_scr_dat2 parameter to (i)_msdazu_share/share/insert1.php; the (3) path_red parameter to (j) _msdazu_share/extras/downloads/index.php; and unspecified parameters in other files. |
| 7.0 | CVE-2006-5495 OTHER-REF OTHER-REF BID SECUNIA | ||
UeberProject Management System -- UeberProject Management System | PHP remote file inclusion vulnerability in login/secure.php in UeberProject Management System 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfg[homepath] parameter. |
| 7.0 | CVE-2006-5539 OTHER-REF FRSIRT SECUNIA XF | ||
WiClear -- WiClear | Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 allow remote attackers to execute arbitrary PHP code via the path parameter in (1) inc/prepend.inc.php, (2) inc/lib/boxes.lib.php, (3) inc/lib/tools.lib.php, (4) tools/trackback/index.php, and (5) tools/utf8conversion/index.php in admin/; and (6) prepend.inc.php, (7) lib/boxes.lib.php, and (7) lib/history.lib.php in inc/. |
| 7.0 | CVE-2006-5506 OTHER-REF SECUNIA XF | ||
WoltLab -- Burning Book | Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter. |
| 7.0 | CVE-2006-5509 BUGTRAQ OTHER-REF FRSIRT | ||
XChangeBoard -- XChangeBoard | SQL injection vulnerability in XchangeBoard 1.70, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginNick parameter during login. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-5488 BID SECUNIA XF | ||
Xoops -- Xoops RMSoft Gallery System | Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT Gallery System 2.0 allows remote attackers to inject arbitrary web script or HTML via the kw parameter. NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2006-5532 BUGTRAQ BID FRSIRT SECTRACK SECUNIA XF |
Medium Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
AROUNDMe -- AROUNDMe | Multiple PHP remote file inclusion vulnerabilities in AROUNDMe 0.6.9, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the templatePath parameter in template/barnraiser_01/pol_view.tpl.php and other unspecified PHP scripts, a different vector than CVE-2006-5401. |
| 5.6 | CVE-2006-5533 BUGTRAQ FULLDISC SECTRACK XF | ||
Casinosoft -- Casino Script | SQL injection vulnerability in lobby/config.php in Casinosoft Casino Script (aka Masvet) 3.2 allows remote attackers to execute arbitrary SQL commands via the cfam parameter. |
| 5.6 | CVE-2006-5446 OTHER-REF BID SECUNIA | ||
Castor -- Castor | PHP remote file inclusion vulnerability in lib/rs.php in Castor 1.1.1 allows remote attackers to execute arbitrary PHP code via the rootpath parameter. |
| 5.6 | CVE-2006-5480 Milw0rm BID FRSIRT SECUNIA XF | ||
GeoNetwork -- opensource | SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allows remote attackers to execute arbitrary SQL commands, and complete a login, via unspecified vectors. |
| 4.7 | CVE-2006-5513 OTHER-REF BID FRSIRT SECUNIA | ||
GraphicsMagick -- GraphicsMagick ImageMagick -- ImageMagick | Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. |
| 5.6 | CVE-2006-5456 BUGZILLA | ||
Horde -- Ingo H3 | procmail in Ingo H3 before 1.1.2 Horde module allows remote authenticated users to execute arbitrary commands via shell metacharacters in the mailbox destination of a filter rule. |
| 4.2 | CVE-2006-5449 MLIST OTHER-REF BID FRSIRT SECUNIA | ||
HP -- Tru64 UNIX HP -- HP-UX | Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX B.11.00 through B.11.23 allows local users to execute arbitrary code via a long -a (aka attachment) argument. |
| 4.9 | CVE-2006-5452 OTHER-REF HP SECTRACK SECTRACK SECTRACK XF HP BID FRSIRT FRSIRT SECUNIA SECUNIA | ||
JaxUltraBB -- JaxUltraBB | Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script, HTML, or PHP via the contents parameter, whose value is prepended to the file specified by the forum parameter. |
| 4.7 | CVE-2006-5511 OTHER-REF MLIST BID XF | ||
PHP-Nuke -- PHP-Nuke | Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php. |
| 5.6 | CVE-2006-5525 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
phpPgAds -- phpPgAds phpAdsNew -- phpAdsNew | Cross-site scripting (XSS) vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to injected data that is stored by a delivery script and displayed by the admin interface. |
| 4.7 | CVE-2006-5515 BUGTRAQ OTHER-REF OTHER-REF FRSIRT FRSIRT SECUNIA SECUNIA | ||
Sun -- Java System Messaging Server Sun -- iPlanet Messaging Server | Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages. |
| 5.6 | CVE-2006-5486 SUNALERT | ||
Web Group Communication Center -- Web Group Communication Center | SQL injection vulnerability in quiz.php in Web Group Communication Center (WGCC) 0.5.6b and earlier allows remote attackers to execute arbitrary SQL commands via the qzid parameter. |
| 4.7 | CVE-2006-5514 OTHER-REF BID XF | ||
WikiNi -- WikiNi | Multiple cross-site scripting (XSS) vulnerabilities in actions/usersettings.php in WikiNi before 0.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters to wakka.php. |
| 4.7 | CVE-2006-5516 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID SECUNIA | ||
WoltLab -- Burning Book | Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via (1) the n parameter and (2) the User-Agent HTTP header. |
| 4.7 | CVE-2006-5508 BUGTRAQ OTHER-REF FRSIRT | ||
XChangeBoard -- XChangeBoard | Multiple SQL injection vulnerabilities in the checkUser function in inc/DBInterface.php in XchangeBoard 1.70 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) userNick or (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 5.6 | CVE-2006-5500 FRSIRT | ||
Zwahlen Informatik -- Online Shop | Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen Online Shop allows remote attackers to inject arbitrary web script or HTML via the cat parameter. |
| 4.7 | CVE-2006-5512 BUGTRAQ |
Low Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
bluevirus-design -- PH Pexplorer | Directory traversal vulnerability in explorer_load_lang.php in PH Pexplorer 0.24 allows remote attackers to include arbitrary local files via ".." sequences in the Language cookie, as demonstrated by uploading a .gif file that contains PHP code. |
| 2.3 | CVE-2006-5510 OTHER-REF BID FRSIRT SECUNIA XF | ||
Boesch -- SimpNews | Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews before 2.34.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/index.php, (2) admin/pwlost.php, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 2.3 | CVE-2006-5530 OTHER-REF BID FRSIRT SECUNIA | ||
Casinosoft -- Casino Script | Multiple cross-site scripting (XSS) vulnerabilities in the registration form in Casinosoft Casino Script (Masvet) 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) surname field. |
| 2.3 | CVE-2006-5457 OTHER-REF | ||
cPanel -- cPanel | Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate. |
| 2.3 | CVE-2006-5535 BUGTRAQ OTHER-REF BID SECUNIA | ||
D-Link -- DSL-G624T | Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter. |
| 2.3 | CVE-2006-5536 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA | ||
D-Link -- DSL-G624T | Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection parameters. |
| 2.3 | CVE-2006-5537 BUGTRAQ OTHER-REF FRSIRT SECUNIA | ||
D-Link -- DSL-G624T | D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to list contents of the cgi-bin directory via unspecified vectors, probably a direct request. |
| 2.3 | CVE-2006-5538 BUGTRAQ OTHER-REF | ||
Dev -- Dev Web Management System | Cross-site scripting (XSS) vulnerability in index.php in DEV Web Management System (WMS) 1.5 allows remote attackers to inject arbitrary web script or HTML via the action parameter. |
| 2.3 | CVE-2006-5447 BUGTRAQ OTHER-REF XF | ||
Digium -- Asterisk | Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary. |
| 3.3 | CVE-2006-5445 OTHER-REF OTHER-REF OTHER-REF OPENPKG FRSIRT XF | ||
Drupal -- Drupal | Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL. |
| 1.9 | CVE-2006-5477 BUGTRAQ OTHER-REF OPENPKG BID FRSIRT SECUNIA XF | ||
FreeBSD -- FreeBSD | ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by calling the ftruncate function on a file type that is not VREG, VLNK or VDIR, which is not defined in POSIX. |
| 1.6 | CVE-2006-5482 MLIST SECUNIA | ||
FreeBSD -- FreeBSD | p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by setting a scheduler policy, which should only be settable by root. |
| 1.6 | CVE-2006-5483 MLIST OTHER-REF SECUNIA | ||
GNU -- screen | Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences. |
| 1.9 | CVE-2006-4573 MLIST | ||
Maarch -- Maarch | Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 allows remote authenticated users to obtain sensitive information (document contents) via unspecified attack vectors related to "grants." |
| 1.4 | CVE-2006-5492 OTHER-REF BID FRSIRT SECUNIA XF | ||
Mozilla -- Bugzilla | Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi. |
| 1.4 | CVE-2006-5453 BUGTRAQ BUGZILLA BUGZILLA BUGZILLA FRSIRT OSVDB SECTRACK | ||
Mozilla -- Bugzilla | Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in "diff" mode in attachment.cgi, and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi. |
| 2.3 | CVE-2006-5454 BUGTRAQ BUGZILLA BUGZILLA FRSIRT SECTRACK | ||
Mozilla -- Bugzilla | Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL. |
| 1.9 | CVE-2006-5455 BUGTRAQ BUGZILLA FRSIRT | ||
Novell -- eDirectory | The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment." |
| 2.3 | CVE-2006-5479 NOVELL | ||
PostgreSQL -- PostgreSQL | backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization." |
| 1.4 | CVE-2006-5540 OTHER-REF OTHER-REF UBUNTU BID SECUNIA SECUNIA | ||
PostgreSQL -- PostgreSQL | backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0.x before 8.0.9, and 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via a coercion of an unknown element to ANYARRAY. |
| 1.4 | CVE-2006-5541 OTHER-REF OTHER-REF UBUNTU BID SECUNIA SECUNIA | ||
PostgreSQL -- PostgreSQL | backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) related to duration logging of V3-protocol Execute messages for (1) COMMIT and (2) ROLLBACK SQL statements. |
| 1.4 | CVE-2006-5542 OTHER-REF OTHER-REF UBUNTU BID SECUNIA SECUNIA | ||
Research in Motion -- BlackBerry Enterprise Server | Research in Motion (RIM) BlackBerry Enterprise Server 4.1 SP2 before Hotfix 1 for IBM Lotus Domino might allow attackers with meeting organizer privileges to cause a denial of service (application hang) via a deleted recurrent meeting instance when changing the attendee's calendar meeting time. |
| 2.3 | CVE-2006-5489 OTHER-REF FRSIRT SECTRACK SECUNIA XF | ||
Simple Machines -- Simple Machines Forum | Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) 1.1 RC2 allows remote attackers to inject arbitrary web script or HTML via the action parameter. |
| 2.3 | CVE-2006-5503 BUGTRAQ BID XF | ||
Simple Machines -- Simple Machines Forum | Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter. |
| 2.3 | CVE-2006-5504 BUGTRAQ BUGTRAQ BUGTRAQ XF | ||
SSH Communications Security -- SSH Tectia Manager SSH Communications Security -- SSH Tectia Server SSH Communications Security -- SSH Tectia Client SSH Communications Security -- SSH Tectia Client/Server/Connector | SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339. |
| 2.3 | CVE-2006-5484 OTHER-REF CERT-VN FRSIRT SECTRACK SECTRACK SECUNIA | ||
Symantec -- Symantec Client Security Symantec -- Symantec AntiVirus | The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function. |
| 2.9 | CVE-2006-3455 SYMANTEC SECUNIA | ||
Timothy Claason -- KnowledgeBank | Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason KnowledgeBank 1.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) index.php, (2) addknowledge.php, and (3) addscreenshot.php. |
| 2.3 | CVE-2006-5496 BUGTRAQ OTHER-REF BID SECTRACK | ||
TorrentFlux -- TorrentFlux | Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) file, and (3) users array variables in (a) admin.php, which are not properly handled when the administrator views the Activity Log; and the (2) torrent parameter, as used by the displayName variable, in (b) startpop.php, different vectors than CVE-2006-5227. |
| 1.9 | CVE-2006-5451 BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF OTHER-REF OTHER-REF FRSIRT | ||
XIAO Gang -- WWW Interactive Mathematics Server | Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Server (WIMS) before 3.60 allows remote attackers to modify unspecified data via unspecified vectors involving "variable rights." |
| 2.3 | CVE-2006-5443 OTHER-REF FRSIRT SECUNIA XF | ||
Zwahlen Informatik -- Online Shop | Multiple cross-site scripting (XSS) vulnerabilities in index.htm in Zwahlen Online Shop Freeware 5.2.2.50, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) Kat, (2) id, or (3) no parameters. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The cat parameter is covered by CVE-2006-5512. |
| 2.3 | CVE-2006-5534 FRSIRT SECUNIA |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.