Vulnerability Summary for the Week of October 30, 2006
Released
Nov 06, 2006
Document ID
SB06-310
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Acme Labs -- thttpd | thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file. |
| 7.0 | CVE-2006-4248 OTHER-REF | ||
| AEP Networks -- Smartgate SSL Server | Directory traversal vulnerability in the SSL server in AEP Smartgate 4.3b allows remote attackers to download arbitrary files via ..\ (dot dot backslash) sequences in an HTTP GET request. |
| 7.0 | CVE-2006-5596 OTHER-REF OTHER-REF BID SECUNIA | ||
| ArticleBeach -- ArticleBeach Script | PHP remote file inclusion vulnerability in index.php in ArticleBeach Script 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. |
| 7.0 | CVE-2006-5590 OTHER-REF BID FRSIRT SECUNIA | ||
| ask_rave -- ask_rave | PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR and earlier allows remote attackers to execute arbitrary PHP code via a URL in the footfile parameter. |
| 7.0 | CVE-2006-5621 Milw0rm BID FRSIRT XF | ||
| BytesFall Explorer -- BytesFall Explorer | Multiple SQL injection vulnerabilities in BytesFall Explorer (bfExplorer) 0.0.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the username ($User variable) to login/doLogin.php and other unspecified vectors. |
| 7.0 | CVE-2006-5606 OTHER-REF OTHER-REF OTHER-REF BID FRSIRT | ||
| CMS Faethon -- CMS Faethon | Multiple PHP remote file inclusion vulnerabilities in CMS Faethon 2.0 Ultimate and earlier, when register_globals and magic_quotes_gpc are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter to (1) includes/rss-reader.php or (2) admin/config.php, different vectors than CVE-2006-3185. |
| 7.0 | CVE-2006-5588 OTHER-REF OTHER-REF OTHER-REF BID XF | ||
| Coppermine -- Photo Gallery | SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter. |
| 7.0 | CVE-2006-5622 Milw0rm OTHER-REF BID FRSIRT SECUNIA | ||
| Drupal -- Extended Tracker | SQL injection vulnerability in Extended Tracker (xtracker) 4.7 before 1.5.2.1 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "parameters from URLs." |
| 7.0 | CVE-2006-5608 OTHER-REF BID FRSIRT SECUNIA XF | ||
| EE Tool -- EE Tool | PHP remote file inclusion vulnerability in ip.inc.php in Electronic Engineering Tool (EE Tool) 0.4-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cgipath parameter. |
| 7.0 | CVE-2006-5623 Milw0rm BID FRSIRT | ||
| FAQ Administrator -- FAQ Administrator | PHP remote file inclusion vulnerability in faq_reply.php in Faq Administrator 2.1b allows remote attackers to execute arbitrary PHP code via a URL in the email parameter. |
| 7.0 | CVE-2006-5637 MLIST Milw0rm BID FRSIRT SECUNIA XF | ||
| Foresite CMS -- Foresite CMS | Cross-site scripting (XSS) vulnerability in search_de.html in foresite CMS allows remote attackers to inject arbitrary web script or HTML via the query parameter. |
| 7.0 | CVE-2006-5643 OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
| Fully Modded phpBB -- Fully Modded phpBB | PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| 7.0 | CVE-2006-5610 SECUNIA | ||
| Hosting Controller -- Hosting Controller | Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. |
| 7.0 | CVE-2006-5629 OTHER-REF BID SECTRACK | ||
| Hosting Controller -- Hosting Controller | Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to (1) delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and (2) create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum action in EnableForum.asp. |
| 7.0 | CVE-2006-5630 BUGTRAQ OTHER-REF SECTRACK | ||
| iG Shop -- iG Shop | Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via arbitrary query strings when the action parameter is not "1", as demonstrated using script in the action parameter, a different vulnerability than CVE-2006-5632. |
| 7.0 | CVE-2006-5631 MLIST SECTRACK | ||
| iG Shop -- iG Shop | Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-5631. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2006-5632 MLIST BID SECTRACK | ||
| Kynoslogic -- CruiseWorks | Stack-based buffer overflow in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to execute arbitrary code via a long string in the doc parameter. |
| 7.0 | CVE-2006-5571 BUGTRAQ FULLDISC OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| LedgerSMB -- LedgerSMB | Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) OE.pm, (2) AM.pm, and (3) Form.pm. |
| 7.0 | CVE-2006-5589 OTHER-REF FRSIRT SECUNIA BID | ||
| MDweb -- MDweb | Multiple PHP remote file inclusion vulnerabilities in MDweb 1.3 and earlier (Mdweb132-postgres) allow remote attackers to execute arbitrary PHP code via a URL in the chemin_appli parameter in (1) admin/inc/organisations/form_org.inc.php and (2) admin/inc/organisations/country_insert.php. |
| 7.0 | CVE-2006-5587 Milw0rm BID SECUNIA XF FRSIRT | ||
| Michel Pradel -- GestArt | PHP remote file inclusion vulnerability in aide.php3 in GestArt beta 1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the aide parameter. |
| 7.0 | CVE-2006-5612 BUGTRAQ BID | ||
| MiniBill -- MiniBill | PHP remote file inclusion vulnerability in include/menu_builder.php in MiniBILL 2006-10-10 (1.2.3) and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[page_dir] parameter, a different vector than CVE-2006-4489. |
| 7.0 | CVE-2006-5620 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA XF | ||
| MiniHTTP -- Web Forum & File Sharing Server PowerPack | join.asp in MiniHTTP Web Forum & File Server PowerPack 4.0 allows remote attackers to add or modify arbitrary user accounts via modified (1) frmMailBox and (2) frmUserPass parameters. |
| 7.0 | CVE-2006-5597 OTHER-REF BID FRSIRT SECUNIA | ||
| MP3 Streaming DownSampler -- MP3 Streaming Downsampler | PHP remote file inclusion in Core/core.inc.php in MP3 Streaming DownSampler (mp3SDS) 3.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the fullpath paramter. |
| 7.0 | CVE-2006-5613 OTHER-REF BID FRSIRT SECUNIA XF | ||
| MPCS -- MPCS | Multiple PHP remote file inclusion vulnerabilities in Multi-Page Comment System (MPCS) 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) include.php or (2) functions.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-5624 OTHER-REF BID FRSIRT SECUNIA XF | ||
| OpenWBEM -- OpenWBEM | Unspecified vulnerability in the random number generator in OpenWBEM (Web Based Enterprise Management) 3.2.0 allows attackers to gain privileges via vectors related to "local or HTTP Digest authentication." |
| 7.0 | CVE-2006-5639 OTHER-REF BID FRSIRT | ||
| Paco's Drivers -- PacPoll | Admin/adpoll.asp in PacPoll 4.0 and earlier allows remote attackers to bypass authentication by settng the polllog cookie value to "xx". |
| 7.0 | CVE-2006-5592 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA | ||
| phpCards -- phpCards | Directory traversal vulnerability in phpcards.header.php in phpCards 1.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the CardLanguageFile parameter. |
| 7.0 | CVE-2006-5604 SECTRACK XF | ||
| phpCards -- phpCards | Multiple cross-site scripting (XSS) vulnerabilities in phpcards.footer.php in phpCards 1.3 allow remote attackers to inject arbitrary web script or HTML via the CardFontFace parameter and other unspecified parameters. |
| 7.0 | CVE-2006-5605 SECTRACK XF | ||
| PHPMyRing -- PHPMyRing | Multiple SQL injection vulnerabilities in cherche.php in PHPMyRing 4.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) limite and (2) mots parameters. |
| 7.0 | CVE-2006-5638 Milw0rm BID FRSIRT SECUNIA XF | ||
| QnECMS -- QnECMS | Multiple PHP remote file inclusion vulnerabilities in QnECMS 2.5.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the adminfolderpath parameter to (1) headerscripts.php, (2) footerhome.php, and (3) footermain.php in admin/include/; (4) photogallery/headerscripts.php; and (5) footerhome.php, (6) footermain.php, (7) headermain.php, (8) sitemapfooter.php, and (9) sitemapheader.php in templates/. |
| 7.0 | CVE-2006-5627 Milw0rm FRSIRT SECUNIA | ||
| Snitz Communications -- Snitz Forums 2000 | SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-5603 BID | ||
| Sophos -- Endpoint Security Sophos -- Anti-Virus | Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 has unspecified impact and remote attack vectors related to a CHM file with "specific values for certain settings." |
| 7.0 | CVE-2006-5646 OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
| SuSE -- SuSE Linux Professional SuSE -- SuSE Linux Personal OpenPBS -- OpenPBS | Multiple unspecified vulnerabilities in OpenPBS, as use in SUSE Linux 9.2 through 10.1, allow attackers to execute arbitrary code via unspecified vectors. |
| 10.0 | CVE-2006-5616 SUSE BID FRSIRT SECUNIA | ||
| Techno Dreams -- Techno Dreams Guest Book | SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. |
| 7.0 | CVE-2006-5640 Milw0rm BID FRSIRT SECUNIA XF | ||
| Techno Dreams -- Announcement Script | SQL injection vulnerability in MainAnnounce2.asp in Techno Dreams Announcement allows remote attackers to execute arbitrary SQL commands via the key parameter. |
| 7.0 | CVE-2006-5641 Milw0rm BID FRSIRT SECUNIA XF | ||
| TextPattern -- TextPattern | PHP remote file inclusion vulnerability in publish.php in Textpattern 1.19, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the txpcfg[txpath] parameter. |
| 7.0 | CVE-2006-5615 BUGTRAQ BID | ||
| Thepeak -- Thepeak File Upload Manager | Directory traversal vulnerability in index.php in Thepeak File Upload Manager 1.3 allows remote attackers to read or download arbitrary files via a base64-encoded file path containing a .. (dot dot) sequence in the file parameter. |
| 7.0 | CVE-2006-5617 BUGTRAQ BID | ||
| Unisor CMS -- Unisor CMS | SQL injection vulnerability in login.asp in UNISOR Content Management System (CMS) allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass fields. |
| 7.0 | CVE-2006-5628 BUGTRAQ BID | ||
| University of British Columbia -- iPeer | PHP remote file inclusion vulnerability in University of British Columbia iPeer 2.0, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: it is possible that this issue is related to CakePHP. |
| 7.0 | CVE-2006-5594 BUGTRAQ XF | ||
| Web Wiz Forums -- Web Wiz Forums | SQL injection vulnerability in forum/search.asp in Web Wiz Forums allows remote attackers to execute arbitrary SQL commands via the KW parameter. |
| 7.0 | CVE-2006-5635 BUGTRAQ BID XF |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| DataWizard -- FtpXQ | FtpXQ Server 3.0.1 installs with two default testing accounts, which allows remote attackers to read or write arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 4.7 | CVE-2006-5569 BID | ||
| Linux Web Shop -- phpProfiles | Multile PHP remote file inclusion vulnerabilities in phpProfiles 2.1 Beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) reqpath parameter to (a) body.inc.php and (b) body_blog.inc.php in users/include/; or the (2) usrinc parameter in users/include/upload_ht.inc.php. |
| 5.6 | CVE-2006-5634 Milw0rm BID FRSIRT SECUNIA XF | ||
| Microsoft -- Visual Studio | Unspecified vulnerability in the WMI Object Broker ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to execute arbitrary code via unspecified vectors. |
| 5.6 | CVE-2006-4704 MSKB BID SECUNIA | ||
| N/X -- N/X WCMS | PHP remote file inclusion vulnerability in wwwdev/nxheader.inc.php in N/X 2002 Professional Edition Web Content Management System (WCMS) 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the c[path] parameter. |
| 5.6 | CVE-2006-5625 Milw0rm BID FRSIRT SECUNIA | ||
| Neo Japan -- Desknet's | Buffer overflow in Desknet's (niokeru) before 5.0J R1.0 might allow remote authenticated users to execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information. |
| 4.2 | CVE-2006-5593 OTHER-REF OTHER-REF FRSIRT SECUNIA XF | ||
| NmnLogger -- NmnLogger | Unspecified vulnerability in NmnLogger 1.0.0 and earlier has unknown impact and attack vectors related to configuration of mesasge drivers. |
| 4.9 | CVE-2006-5642 OTHER-REF BID FRSIRT | ||
| Nullsoft -- WinAmp | Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags. |
| 5.6 | CVE-2006-5567 IDEFENSE IDEFENSE OTHER-REF BID FRSIRT SECTRACK SECTRACK SECUNIA CERT-VN XF XF | ||
| Sophos -- Endpoint Security Sophos -- Anti-Virus | Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (memory consumption or corruption) via a malformed CHM file with certain manipulations of the CHM chunk header, aka "CHM name length memory consumption vulnerability." NOTE: due to an inconsistency in the vendor's advisory, it is uncertain whether the impact is memory consumption or corruption. |
| 4.7 | CVE-2006-5647 OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
| SWS -- Simple Website Software | PHP remote file inclusion vulnerability in common.php in Simple Website Software (SWS) 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SWSDIR parameter. |
| 5.6 | CVE-2006-5636 BUGTRAQ Milw0rm BID FRSIRT SECUNIA XF | ||
| Toshiba -- Bluetooth Stack | Unspecified vulnerability in Toshiba Bluetooth Stack before 4.20.01 has unspecified impact and attack vectors, related to the 4.20.01(T) "Security fix." NOTE: due to the lack of details in the vendor advisory, it is not clear whether this issue is related to CVE-2006-5405. |
| 4.9 | CVE-2006-5611 OTHER-REF | ||
| wvWare -- wvWare | Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function. |
| 5.6 | CVE-2006-4513 IDEFENSE IDEFENSE BID FRSIRT SECUNIA SECTRACK XF | ||
| xsupplicant -- xsupplicant | Stack-based buffer overflow in the eap_do_notify function in eap.c in xsupplicant before 1.2.6, and possibly other versions, allows remote authenticated users to execute arbitrary code via unspecified vectors. |
| 6.0 | CVE-2006-5601 MANDRIVA BID OTHER-REF FRSIRT SECUNIA SECUNIA |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Axalto -- Protiva | Axalto Protiva 1.1, possibly only non-commercial versions, stores passwords in plaintext in files with insecure permissions, which allows local users to gain privileges by reading the passwords from (1) KeyTool\keytool.config or (2) webapps\protiva\WEB-INF\classes\authserver.config. |
| 1.6 | CVE-2006-5600 BUGTRAQ BID | ||
| DataWizard -- FtpXQ | FtpXQ Server 3.0.1 allows remote attackers to cause a denial of service (CPU exhaustion) via a long MKD command. |
| 2.3 | CVE-2006-5568 BID SECUNIA FULLDISC FRSIRT XF | ||
| INCA -- IM-204 ADSL Router | Directory traversal vulnerability in /cgi-bin/webcm in INCA IM-204 allows remote attackers to read arbitrary files via a "/./." (modified dot dot) sequences in the getpage parameter. |
| 2.3 | CVE-2006-5607 BUGTRAQ BID SECUNIA XF FRSIRT | ||
| Kynoslogic -- CruiseWorks | Directory traversal vulnerability in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to read arbitrary files via a .. (dot dot) in the doc parameter. |
| 2.3 | CVE-2006-5570 BUGTRAQ FULLDISC OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| Linux -- Linux kernel | The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linux kernel 2.6 up to 2.6.18-stable allows local users to cause a denial of service (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for flowlabels. |
| 1.6 | CVE-2006-5619 OTHER-REF | ||
| MAXdev -- MD-Pro | Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 2.3 | CVE-2006-5564 FRSIRT SECUNIA BID | ||
| MAXdev -- MD-Pro | CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the (1) name, (2) file, (3) module, and (4) func parameters in (a) index.php; and the (5) file parameter in (b) modules.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 2.3 | CVE-2006-5565 FRSIRT SECUNIA BID | ||
| Microsoft -- Internet Explorer | The ADODB.Connection 2.7 ActiveX control object (ADODB.Connection.2.7) allows remote attackers to cause a denial of service (Internet Explorer crash) via long arguments to the Execute function. |
| 2.3 | CVE-2006-5559 OTHER-REF OTHER-REF CERT-VN BID SECTRACK XF | ||
| Microsoft -- Windows NAT Helper Components Microsoft -- Windows XP | Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference. |
| 1.9 | CVE-2006-5614 OTHER-REF SECUNIA SECTRACK | ||
| Mozilla -- Firefox | Firefox 1.5.0.7 and 2.0 allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference. |
| 2.3 | CVE-2006-5633 FULLDISC BUGTRAQ BUGTRAQ BUGTRAQ OTHER-REF BUGZILLA OTHER-REF | ||
| Netref -- Netref | Directory traversal vulnerability in script/cat_for_aff.php in Netref 4 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the ad_direct parameter. |
| 2.3 | CVE-2006-5618 Milw0rm BID FRSIRT SECUNIA | ||
| Novell -- iManager | Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service (crash) in the Tomcat server via a long TREE parameter in HTTP POSTS, which triggers a NULL deference. |
| 3.3 | CVE-2006-4517 IDEFENSE OTHER-REF BID FRSIRT SECUNIA | ||
| Oracle -- Application Express | Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package. NOTE: it is likely that this issue overlaps one of the Oracle VulnIDs covered by CVE-2006-5351. Oracle has not publicly disputed claims by a reliable researcher that this has been fixed by the October 2006 CPU. |
| 2.3 | CVE-2006-5599 BUGTRAQ OTHER-REF OTHER-REF CERT | ||
| Paco's Drivers -- PacPoll | Multiple SQL injection vulnerabilities in Admin/check.asp in PacPoll 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters. |
| 2.3 | CVE-2006-5591 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA | ||
| phpFaber -- phpFaber Content Management System | Cross-site scripting (XSS) vulnerability in cms_images/js/htmlarea/htmlarea.php in phpFaber Content Management System (CMS) before 1.3.36 on 20061026 allows remote attackers to inject arbitrary web script or HTML via the vigilon parameter. NOTE: earlier downloads of 1.3.36 have the vulnerability; the software was updated without changing the version number. |
| 2.3 | CVE-2006-5626 BUGTRAQ OTHER-REF SECUNIA | ||
| Sophos -- Sophos Anti-Virus | Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections. |
| 2.3 | CVE-2006-4839 IDEFENSE OTHER-REF SECUNIA XF | ||
| Sophos -- Endpoint Security Sophos -- Anti-Virus | Unspecified vulnerability in Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (infinite loop) via a malformed RAR file with "specific characteristics on certain settings." |
| 2.3 | CVE-2006-5645 OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
| TorrentFlux -- TorrentFlux | Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows remote attackers to list arbitrary directories via "\.\./" sequences in the dir parameter. |
| 2.3 | CVE-2006-5609 BUGTRAQ BID | ||
| WebAsyst LLC -- Shop-Script | CRLF injection vulnerability in premium/index.php in Shop-Script allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the (1) links_exchange, (2) news, (3) search_with_change_category_ability, (4) logging, (5) feedback, (6) show_price, (7) register, (8) answer, (9) productID, and (10) inside parameters. |
| 2.3 | CVE-2006-5566 BUGTRAQ SECUNIA FRSIRT | ||
| webGENEius -- GOOP Gallery | Cross-site scripting (XSS) vulnerability in index.php for GOOP Gallery 2.0, and possibly other versions before 2.0.3, allows remote attackers to inject arbitrary HTML or web script via the image parameter. |
| 2.3 | CVE-2006-5598 OTHER-REF OTHER-REF SECTRACK | ||
| Wireshark -- Wireshark | Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that tragger an assertion error related to unexpected length values. |
| 2.3 | CVE-2006-4574 OTHER-REF BID SECUNIA | ||
| Wireshark -- Wireshark | epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded. |
| 2.3 | CVE-2006-4805 BID OTHER-REF SECUNIA | ||
| Wireshark -- Wireshark | Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors. |
| 2.3 | CVE-2006-5468 OTHER-REF BID SECUNIA | ||
| Wireshark -- Wireshark | Unspecified vulnerability in the WBXML dissector in Wireshark (formerly Ethereal) 0.10.11 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger a null dereference. |
| 2.3 | CVE-2006-5469 OTHER-REF BID SECUNIA | ||
| Wireshark -- Wireshark | Unspecified vulnerability in the AirPcap support in Wireshark (formerly Ethereal) 0.99.3 has unspecified attack vectors related to WEP key parsing. |
| 2.3 | CVE-2006-5595 OTHER-REF BID SECUNIA | ||
| Wireshark -- Wireshark | Unspecified vulnerability in the LDAP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via a crafted LDAP packet. |
| 2.3 | CVE-2006-5740 OTHER-REF BID SECUNIA | ||
| xsupplicant -- xsupplicant | Multiple memory leaks in xsupplicant before 1.2.6, and possibly other versions, allow attackers to cause a denial of service (memory consumption) via unspecified vectors. |
| 1.4 | CVE-2006-5602 MANDRIVA FRSIRT SECUNIA SECUNIA | ||
| Yukihiro Matsumoto -- Ruby | The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a dneial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID. |
| 2.3 | CVE-2006-5467 MLIST MANDRIVA BID FRSIRT FRSIRT SECUNIA |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.