Vulnerability Summary for the Week of November 13, 2006
Released
Nov 20, 2006
Document ID
SB06-324
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| 20/20 Applications -- 20/20 DataShed | SQL injection vulnerability in listings.asp in 20/20 DataShed (aka Real Estate Listing System) allows remote attackers to execute arbitrary SQL commands via the itemID parameter. NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2006-5955 OTHER-REF FRSIRT SECUNIA | ||
| @cid stats -- @cid stats | ** DISPUTED ** PHP remote file inclusion vulnerability in install.php3 in @cid stats 2.3 allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter. NOTE: this issue has been disputed by a third party, who states that install.php3 is supposed to be deleted after installation and, if not deleted, intentionally allows setting repertoire without an inclusion attack. |
| 7.0 | CVE-2006-5899 BUGTRAQ BUGTRAQ | ||
| ActiveCampaign -- KnowledgeBuilder | PHP remote file inclusion vulnerability in admin/e_data/visEdit_control.class.php in ActiveCampaign KnowledgeBuilder 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the visEdit_root parameter, a different vector than CVE-2003-1131. |
| 7.0 | CVE-2006-5919 BUGTRAQ OTHER-REF BID BID | ||
| Aigaion -- Aigaion | Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) _basicfunctions.php, or (2) pageactionauthor.php. |
| 7.0 | CVE-2006-5930 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA | ||
| ASP Scripter -- Easy Portal ASP Scripter -- Live Support | SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy Portal 1.4 and Live Support 1.3 allows remote attackers to execute arbitrary SQL commands via the Password parameter. |
| 7.0 | CVE-2006-5927 BUGTRAQ FRSIRT SECUNIA | ||
| ASP Smiley -- ASP Smiley | SQL injection vulnerability in admin/default.asp in ASP Smiley 1.0 allows remote attackers to execute arbitrary SQL commands via the Username field. |
| 7.0 | CVE-2006-5952 OTHER-REF FRSIRT SECUNIA | ||
| ASPPortal -- ASPPortal | SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353. |
| 7.0 | CVE-2006-5879 Milw0rm FRSIRT SECUNIA BUGTRAQ XF | ||
| BrewBlogger -- BrewBlogger | SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2006-5889 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
| Broadcom -- BCMWL5.SYS Wireless Device Driver Linksys -- WPC300N Wireless-N Notebook Adapter Driver | Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing a long SSID field. |
| 7.0 | CVE-2006-5882 OTHER-REF OTHER-REF OTHER-REF CERT-VN FRSIRT | ||
| Campware.org -- Campsite | Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 20061110 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) bugreporter/thankyou.php and (2) feedback/thankyou.php in implementation/management/priv/. |
| 7.0 | CVE-2006-5910 OTHER-REF OTHER-REF OTHER-REF BID | ||
| Campware.org -- Campsite | Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) ArticleTopic.php, (10) ArticleType.php, (11) ArticleTypeField.php, (12) Attachment.php, (13) Country.php, (14) DatabaseObject.php, (15) Event.php, (16) IPAccess.php, (17) Image.php, (18) Issue.php, (19) IssuePublish.php, (20) Language.php, (21) Log.php, (22) LoginAttempts.php, (23) Publication.php, (24) Section.php, (25) ShortURL.php, (26) Subscription.php, (27) SubscriptionDefaultTime.php, (28) SubscriptionSection.php, (29) SystemPref.php, (30) Template.php, (31) TimeUnit.php, (32) Topic.php, (33) UrlType.php, (34) User.php, and (35) UserType.php in implementation/management/classes/; (36) configuration.php and (37) db_connect.php in implementation/management/; and (38) LocalizerConfig.php and (39) LocalizerLanguage.php in implementation/management/priv/localizer/. |
| 7.0 | CVE-2006-5911 OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF | ||
| Chris Mac -- GimeScripts Shopping Catalog | PHP remote file inclusion vulnerability in index.php in Chris Mac gtcatalog (aka GimeScripts Shopping Catalog) 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the custom parameter. |
| 7.0 | CVE-2006-5923 OTHER-REF BID | ||
| Dynamic Data Worx -- NuStore | SQL injection vulnerability in Products.asp in NuStore 1.0 allows remote attackers to execute arbitrary SQL commands via the SubCatagoryID parameter. |
| 7.0 | CVE-2006-5885 BUGTRAQ FRSIRT SECUNIA XF SECTRACK | ||
| Dynamic Data Worx -- NuRealestate | SQL injection vulnerability in propertysdetails.asp in Dynamic Dataworx NuRealestate (NuRems) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the PropID parameter. |
| 7.0 | CVE-2006-5886 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
| Dynamic Data Worx -- NuSchool | SQL injection vulnerability in CampusNewsDetails.asp in Dynamic Dataworx NuSchool 1.0 allows remote attackers to execute arbitrary SQL commands via the NewsID parameter. |
| 7.0 | CVE-2006-5887 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF SECTRACK | ||
| Dynamic Dataworx -- NuCommunity | SQL injection vulnerability in cl_CatListing.asp in Dynamic Dataworx NuCommunity 1.0 allows remote attackers to execute arbitrary SQL commands via the cl_cat_ID parameter. |
| 7.0 | CVE-2006-5881 BUGTRAQ Milw0rm BID FRSIRT SECUNIA XF SECTRACK | ||
| Edgewall Software -- Trac | Cross-site Request Forgery (CSRF) vulnerability in Trac before 0.10.1 allows remote attackers to perform unauthorized actions as other users via unknown vectors. |
| 7.0 | CVE-2006-5878 OTHER-REF DEBIAN SECUNIA SECUNIA | ||
| EncapsCMS -- EncapsCMS | PHP remote file inclusion vulnerability in core/core.php in EncapsCMS 0.3.6 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. |
| 7.0 | CVE-2006-5895 BUGTRAQ OTHER-REF MLIST BID FRSIRT XF SECUNIA | ||
| Exophpdesk -- Exophpdesk | PHP remote file inclusion vulnerability in pipe.php in Exophpdesk 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter. |
| 7.0 | CVE-2006-5951 BUGTRAQ BID XF | ||
| FunkyASP -- Glossary | SQL injection vulnerability in demo/glossary/glossary.asp in FunkyASP Glossary 1.0 allows remote attackers to execute arbitrary SQL commands via the alpha parameter. |
| 7.0 | CVE-2006-5946 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA | ||
| Grisoft -- AVG Antivirus | Multiple integer overflows in Grisoft AVG Anti-Virus before 7.1.407 allow remote attackers to execute arbitrary code via crafted (1) CAB or (2) RAR archives that trigger a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2006-5937 FULLDISC OTHER-REF FRSIRT SECUNIA | ||
| Grisoft -- AVG Antivirus | Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote attack vectors involving an uninitialized variable and a crafted CAB file. |
| 7.0 | CVE-2006-5938 FULLDISC OTHER-REF FRSIRT SECUNIA | ||
| Grisoft -- AVG Antivirus | Unspecified vulnerability in Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote attack vectors related to "Integer Issues" and parsing of .EXE files. |
| 7.0 | CVE-2006-5940 FULLDISC OTHER-REF FRSIRT SECUNIA | ||
| Hawking Technology -- WR254-CA Wireless Router | Hawking Technology wireless router WR254-CA uses a hardcoded IP address among the set of DNS server IP addresses, which could allow remote attackers to cause a denial of service or hijack the router by attacking or spoofing the server at the hardcoded address. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE. |
| 7.0 | CVE-2006-5901 BUGTRAQ | ||
| Hpecs Shopping Cart -- Hpecs Shopping Cart | Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields in the (a) login screen, and (3) searchstring parameter in (b) insearch_list.asp. |
| 7.0 | CVE-2006-5962 BUGTRAQ SECUNIA XF XF | ||
| iExpress -- Estate Agent Manager | SQL injection vulnerability in admin/default.asp in Estate Agent Manager 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the UserName field. |
| 7.0 | CVE-2006-5934 BUGTRAQ OTHER-REF SECUNIA XF | ||
| INFINICART -- INFINICART | Multiple SQL injection vulnerabilities in INFINICART allow remote attackers to execute arbitrary SQL commands via the (1) groupid parameter in (a) browse_group.asp, (2) productid parameter in (b) added_to_cart.asp, and (3) catid and (4) subid parameter in (c) browsesubcat.asp. |
| 7.0 | CVE-2006-5957 BUGTRAQ BID FRSIRT SECUNIA | ||
| INFINICART -- INFINICART | Multiple cross-site scripting (XSS) vulnerabilities in INFINICART allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password fields in (a) login.asp, (3) search field in (b) search.asp, and (4) email field in (c) sendpassword.asp. |
| 7.0 | CVE-2006-5958 BUGTRAQ BID FRSIRT SECUNIA XF | ||
| iSystems -- Munch Pro | SQL injection vulnerability on the subMenu page in switch.asp in Munch Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. |
| 7.0 | CVE-2006-5880 Milw0rm FRSIRT SECUNIA XF | ||
| iWonder Designs -- Storystream | Multiple PHP remote file inclusion vulnerabilities in iWonder Designs Storystream 0.4.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) mysql.php and (2) mysqli.php in include/classes/pear/DB/. |
| 7.0 | CVE-2006-5893 OTHER-REF BID FRSIRT XF | ||
| Jean-Christophe Ramos -- PLS-Bannieres | ** DISPUTED ** PHP remote file inclusion vulnerability in modules/bannieres/bannieres.php in Jean-Christophe Ramos SCRIPT BANNIERES (aka ban 0.1 and PLS-Bannieres 1.21) allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. NOTE: the issue is disputed by other researchers, who observe that $chemin is defined before use. |
| 7.0 | CVE-2006-5906 BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ | ||
| Jean-Christophe Ramos -- Ban Jean-Christophe Ramos -- PLS-Bannieres | SQL injection vulnerability in modules/bannieres/bannieres.php in Jean-Christophe Ramos SCRIPT BANNIERES (aka ban 0.1 and PLS-Bannieres 1.21) allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2006-5907 BUGTRAQ MLIST | ||
| Kahua -- Kahua | Kahua before 0.7, when running multiple applications under a single supervisor, grants application access on the basis of username instead of username and database name, which allows remote authenticated users to obtain unauthorized access if different databases assign the same username to different user accounts. |
| 7.0 | CVE-2006-5932 OTHER-REF OTHER-REF FRSIRT SECUNIA XF | ||
| Links -- Links | Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements. |
| 7.0 | CVE-2006-5925 FULLDISC REDHAT SECTRACK SECTRACK SECUNIA SECUNIA | ||
| Lucas Rodriguez San Pedro -- Yet Another News System | Multiple SQL injection vulnerabilities in the login_user function in yans.func.php in Lucas Rodriguez San Pedro Yet Another News System (YANS) 0.2b allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. |
| 7.0 | CVE-2006-5908 BUGTRAQ BID XF | ||
| Lynx Internet Solutions -- Evolve Merchant | SQL injection vulnerability in viewcart.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the zoneid parameter. |
| 7.0 | CVE-2006-5953 OTHER-REF FRSIRT SECUNIA | ||
| Marshal -- MailMarshal SMTP | Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via ".." sequences in filenames in an ARJ compressed archive. |
| 7.0 | CVE-2006-5487 OTHER-REF OTHER-REF BUGTRAQ BID FRSIRT SECTRACK SECUNIA XF | ||
| MGinternet -- Car Site Manager | Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the s parameter. |
| 7.0 | CVE-2006-5944 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA | ||
| MGinternet -- Car Site Manager | Multiple SQL injection vulnerabilities in MGinternet Car Site Manager (CSM) allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) csm/asp/detail.asp, or the (2) l, (3) typ, or (4) loc parameter to (b) csm/asp/listings.asp. |
| 7.0 | CVE-2006-5945 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA | ||
| Microsoft -- Windows 2000 Microsoft -- Windows Server 2003 Microsoft -- Windows XP | Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted .ACF file that triggers memory corruption. |
| 7.0 | CVE-2006-3445 MS FRSIRT SECUNIA XF CERT | ||
| Microsoft -- XP Microsoft -- Windows 2000 Microsoft -- Server 2003 | Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability." |
| 7.0 | CVE-2006-4688 MS FRSIRT SECUNIA XF BUGTRAQ CERT BID SECTRACK | ||
| Microsoft -- Windows 2000 Microsoft -- Windows XP | Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname. |
| 10.0 | CVE-2006-4691 MS FRSIRT SECUNIA XF BUGTRAQ EEYE CERT BID SECTRACK | ||
| Microsoft -- Internet Explorer | Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777. |
| 7.0 | CVE-2006-5884 MS CERT | ||
| MWChat Pro -- MWChat Pro | Multiple PHP remote file inclusion vulnerabilities in MWChat Pro 7.0 allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[MWCHAT_Libs] parameter to (1) about.php, (2) buddy.php, (3) chat.php, (4) dialog.php, (5) head.php, (6) help.php, (7) index.php, and (8) license.php, different vectors than CVE-2005-1869. |
| 7.0 | CVE-2006-5904 BUGTRAQ | ||
| NetVIOS -- NetVIOS | SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsID parameter. |
| 7.0 | CVE-2006-5954 OTHER-REF FRSIRT SECUNIA | ||
| Omnistar Interactive -- OmniStar Article Manager | Multiple SQL injection vulnerabilities in OmniStar Article Manager allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter in (a) articles/comments.php and (b) articles/article.php, and the (2) page_id parameter in (c) articles/pages.php. |
| 7.0 | CVE-2006-5917 BUGTRAQ OTHER-REF FRSIRT SECTRACK SECUNIA | ||
| otterware -- LetterIt2 | PHP remote file inclusion vulnerability in inc/session.php for LetterIt 2 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter. |
| 7.0 | CVE-2006-5863 BID FRSIRT SECUNIA XF | ||
| PHP Rapid Kill -- PHP Rapid Kill | Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid Kill) 5.7 Pro, and certain other versions, allows remote attackers to upload and execute arbitrary PHP scripts via the "Link to Download" field. NOTE: it is possible that the field value is restricted to files on specific public web sites. |
| 7.0 | CVE-2006-5918 BUGTRAQ | ||
| Phpjobscheduler -- Phpjobscheduler | Multiple PHP remote file inclusion vulnerabilities in Phpjobscheduler 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter to (1) add-modify.php, (2) delete.php, (3) modify.php, and (4) phpjobscheduler.php. |
| 7.0 | CVE-2006-5928 BUGTRAQ OTHER-REF BID SECUNIA | ||
| Phpjobscheduler -- Phpjobscheduler | PHP remote file inclusion vulnerability in firepjs.php in Phpjobscheduler 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources. |
| 7.0 | CVE-2006-5929 SECUNIA | ||
| PowerDNS -- Recursor | Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow remote attackers to execute arbitrary code via a malformed TCP DNS query that prevents Recursor from properly calculating the TCP DNS query length. |
| 7.0 | CVE-2006-4251 OTHER-REF BID SECUNIA DEBIAN SUSE FRSIRT SECUNIA SECUNIA | ||
| Rahul Jonna -- GSpace | Rahul Jonna Gmail File Space (GSpace) allows remote attackers to perform virtual filesystem actions via e-mail messages with certain subject lines, as demonstrated by (1) a GSPACE "2174|1|1|1|gs:/ d$" message, which injects a new file into the filesystem; and (2) a GSPACE "|-135|1|1|0|gs:/ d$" message, which creates a folder. |
| 7.0 | CVE-2006-5903 BUGTRAQ | ||
| RingsWorld -- phpPeanuts | PHP remote file inclusion vulnerability in pntUnit/Inspect.php in phpPeanuts 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Include parameter. |
| 7.0 | CVE-2006-5948 OTHER-REF BID FRSIRT SECUNIA | ||
| SAMEDIA -- LandShop | SQL injection vulnerability in ls.php in SAMEDIA LandShop allows remote attackers to execute arbitrary SQL commands via the infield parameter. NOTE: the start, search_order, search_type, and search_area parameters are already covered by CVE-2005-4018. |
| 7.0 | CVE-2006-5914 BUGTRAQ BID FRSIRT SECUNIA XF | ||
| SAMEDIA -- LandShop | Multiple cross-site scripting (XSS) vulnerabilities in ls.php in SAMEDIA LandShop allow remote attackers to inject arbitrary web script or HTML via the (1) start, (2) CAT_ID, (3) keyword, (4) search_area, (5) search_type, (6) infield, or (7) search_order parameter. |
| 7.0 | CVE-2006-5915 BUGTRAQ BID FRSIRT SECUNIA XF | ||
| ShopSystems -- ShopSystems | SQL injection vulnerability in index.php in ShopSystems 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the sessid parameter. |
| 7.0 | CVE-2006-5935 BUGTRAQ OTHER-REF BID SECUNIA XF | ||
| SiteXpress -- SiteXpress E-Commerce System | SQL injection vulnerability in dept.asp in SiteXpress E-Commerce System allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2006-5936 BUGTRAQ BID | ||
| Superfreaker Studios -- UPublisher | SQL injection vulnerability in viewarticle.asp in Superfreaker Studios UPublisher 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. |
| 7.0 | CVE-2006-5888 OTHER-REF FRSIRT SECUNIA XF BUGTRAQ | ||
| SuperFreaker Studios -- USupport | SQL injection vulnerability in detail.asp in Superfreaker Studios USupport 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2006-5890 OTHER-REF FRSIRT SECUNIA XF | ||
| Superfreaker Studios -- UStore | SQL injection vulnerability in detail.asp in Superfreaker Studios UStore 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. |
| 7.0 | CVE-2006-5891 BUGTRAQ OTHER-REF FRSIRT SECUNIA XF BUGTRAQ | ||
| The Net Guys -- ASPired2Poll | SQL injection vulnerability in MoreInfo.asp in The Net Guys ASPired2Poll 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2006-5892 OTHER-REF BID FRSIRT SECUNIA XF | ||
| UltraSite -- UltraSite | SQL injection vulnerability in update.asp in UltraSite 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2006-5933 BUGTRAQ | ||
| Vallheru -- Vallheru | Multiple SQL injection vulnerabilities in mail.php in Vallheru before 1.0.7 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) to parameters. NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2006-5926 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| viksoe -- GMail Drive | viksoe GMail Drive shell extension allows remote attackers to perform virtual filesystem actions via e-mail messages with certain subject lines, as demonstrated by (1) a GMAILFS: [13;a;1] message with a new filename and a file attachment, which injects a new file into the filesystem; (2) a GMAILFS: [13;a;1] message with an existing filename and a file attachment, which overwrites existing file content; and (3) a GMAILFS: [14;a;1] message, which creates a folder. |
| 7.0 | CVE-2006-5902 BUGTRAQ | ||
| Web Inhabit -- A+ Store E-Commerce | SQL injection vulnerability in browse.asp in A+ Store E-Commerce allows remote attackers to execute arbitrary SQL commands via the ParentID parameter. |
| 7.0 | CVE-2006-5959 BUGTRAQ BID SECUNIA XF | ||
| Web Inhabit -- A+ Store E-Commerce | Multiple cross-site scripting (XSS) vulnerabilities in account_login.asp in A+ Store E-Commerce allow remote attackers to inject arbitrary web script or HTML via the (1) username (txtUserName) and (2) password (txtPassword) parameters. NOTE: portions of these details are obtained from third party information. |
| 7.0 | CVE-2006-5960 BUGTRAQ BID SECUNIA | ||
| Website Designs For Less -- Inventory Manager | Cross-site scripting (XSS) vulnerability in inventory/display/display_results.asp in Website Designs For Less Inventory Manager allows remote attackers to inject arbitrary web script or HTML via the category parameter. |
| 7.0 | CVE-2006-5942 BUGTRAQ BID SECUNIA | ||
| Website Designs For Less -- Inventory Manager | Multiple SQL injection vulnerabilities in inventory/display/imager.asp in Website Designs for Less Inventory Manager allow remote attackers to execute arbitrary SQL commands via the (1) pictable, (2) picfield, or (3) where parameter. |
| 7.0 | CVE-2006-5943 BUGTRAQ BID SECUNIA | ||
| Yuuki Yoshizawa -- Exporia | ** DISPUTED ** PHP remote file inclusion vulnerability in common.php in Yuuki Yoshizawa Exporia 0.3.0 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. NOTE: SecurityFocus disputes this issue, saying "further analysis reveals that the application is not vulnerable." NOTE: this issue may overlap CVE-2006-5113. |
| 7.0 | CVE-2006-5920 BUGTRAQ BID XF | ||
| Zend -- Zend Framework Preview | Cross-site scripting (XSS) vulnerability in the incubator/tests/Zend/Http/_files/testRedirections.php sample code in Zend Framework Preview 0.2.0 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters. |
| 7.0 | CVE-2006-5900 BUGTRAQ BUGTRAQ |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Aigaion -- Aigaion | Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to certain PHP scripts in (1) lib/actions/, (2) lib/displays/, (3) lib/editforms/, (4) lib/functions/, (5) scheme/, and (6) the root directory. NOTE: the provenance of this information is unknown; details are obtained from third party sources. |
| 5.6 | CVE-2006-5931 SECUNIA | ||
| Campware.org -- Campsite | Unspecified vulnerability in Campware Campsite before 2.6.2 has unknown impact and attack vectors, related to a "Security fix for you-know-what," possibly related to encrypted passwords. |
| 4.9 | CVE-2006-5912 OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF | ||
| EfficientIP -- iPmanager | Cross-site scripting (XSS) vulnerability in index.php in Efficient IP iPmanager (IPm) 2.3 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources. |
| 4.7 | CVE-2006-5924 BID | ||
| GNU -- gv | Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. |
| 5.6 | CVE-2006-5864 BUGTRAQ BID FRSIRT SECUNIA XF MANDRIVA | ||
| Microsoft -- Internet Explorer | Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." |
| 5.6 | CVE-2006-4687 MS OTHER-REF FRSIRT CERT CERT-VN SECTRACK XF | ||
| Microsoft -- Internet Explorer | Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805. |
| 4.7 | CVE-2006-5913 BUGTRAQ OTHER-REF | ||
| Network Administration Visualized -- Network Administration Visualized | Directory traversal vulnerability in the session mechanism of the web interface for Network Administration Visualized (NAV) before 3.1.1 allows attackers with filesystem write access to have an unknown impact via unknown attack vectors. |
| 4.9 | CVE-2006-5862 OTHER-REF BID FRSIRT SECUNIA XF | ||
| Pegasus -- Mercury Mail Transport System | Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 4.9 | CVE-2006-5961 BID SECUNIA | ||
| Rama CMS -- Rama CMS | Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php. |
| 5.6 | CVE-2006-5894 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
| Web Directory Pro -- Web Directory Pro | Web Directory Pro allows remote attackers to (1) backup the database and obtain the backup via a direct request to admin/backup_db.php or (2) modify configuration via a direct request to admin/options.php. |
| 4.7 | CVE-2006-5905 BUGTRAQ | ||
| Wheatblog -- Wheatblog | Multiple cross-site scripting (XSS) vulnerabilities in add_comment.php in Wheatblog (wB) allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) WWW, and (3) Comment fields. NOTE: this issue may overlap CVE-2006-5195. |
| 4.7 | CVE-2006-5921 BUGTRAQ BID |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| ALTools -- ALFTP FTP Server | Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote attackers to create arbitrary directories via directory traversal sequences in a MKD request. NOTE: the provenance of this information is unknown; details are obtained from third party sources. |
| 2.3 | CVE-2006-5949 BID FRSIRT SECUNIA | ||
| ALTools -- ALFTP FTP Server | Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote authenticated users to obtain the installation path via unknown vectors related to the REN command, probably due to response messages. NOTE: the provenance of this information is unknown; details are obtained from third party sources. |
| 2.3 | CVE-2006-5950 BID FRSIRT SECUNIA | ||
| Avahi -- Avahi | Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi. |
| 1.6 | CVE-2006-5461 MLIST OTHER-REF UBUNTU SECUNIA SECUNIA XF FRSIRT | ||
| Conxint -- Conxint FTP Server | Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2.0603, and possibly earlier, allow remote attackers to read arbitrary files and list arbitrary directories via directory traversal sequences in (1) DIR (LIST or NLST) and (2) GET (RETR) commands. NOTE: the provenance of this information is unknown; details are obtained from third party sources. |
| 2.3 | CVE-2006-5947 FRSIRT SECUNIA | ||
| cPanel -- cPanel | Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html. |
| 1.4 | CVE-2006-5883 BUGTRAQ OTHER-REF BID | ||
| Grisoft -- AVG Antivirus | Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers a divide-by-zero error. NOTE: some of these details are obtained from third party information. |
| 3.3 | CVE-2006-5939 FULLDISC OTHER-REF FRSIRT SECUNIA | ||
| Intego -- VirusBarrier | Intego VirusBarrier X4 allows context-dependent attackers to bypass virus protection by quickly injecting many infected files into the filesystem, which prevents VirusBarrier from processing all the files. |
| 2.3 | CVE-2006-5916 FULLDISC OTHER-REF BID SECTRACK XF | ||
| Microsoft -- Windows 2000 Microsoft -- Windows XP Microsoft -- Server 2003 | Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability." |
| 2.3 | CVE-2006-4689 MS FRSIRT SECUNIA BUGTRAQ CERT BID SECTRACK | ||
| Paul Tarjan -- Stanford Conference And Research Forum | generaloptions.php in Paul Tarjan Stanford Conference And Research Forum (SCARF) does not require the admin privilege, which allows remote attackers to reconfigure the application or its user accounts. |
| 2.3 | CVE-2006-5909 BUGTRAQ | ||
| phpHeaven -- phpMyChat Plus | Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the ChatPath parameter to (1) avatar.php, (2) colorhelp_popup.php, (3) color_popup.php, (4) index.php, (5) index1.php, (6) lib/connected_users.lib.php, (7) lib/index.lib.php, and (8) phpMyChat.php3; and the (9) L parameter to logs.php. |
| 2.3 | CVE-2006-5897 BUGTRAQ FRSIRT | ||
| phpHeaven -- phpMyChat | Directory traversal vulnerability in localization/languages.lib.php3 in PhpMyChat 0.14.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ChatPath parameter. |
| 2.3 | CVE-2006-5898 BUGTRAQ | ||
| PowerDNS -- Recursor | PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of service (resource exhaustion and application crash) via a CNAME record with a zero TTL, which triggers an infinite loop. |
| 2.3 | CVE-2006-4252 OTHER-REF BID SECUNIA SUSE FRSIRT SECUNIA | ||
| Wheatblog -- Wheatblog | index.php in Wheatblog (wB) allows remote attackers to obtain sensitive information via certain values of the postPtr[] and next parameters, which reveals the path in an error message. |
| 2.3 | CVE-2006-5922 BUGTRAQ | ||
| WinZip -- WinZip | The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods." |
| 3.7 | CVE-2006-5198 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| XLineSoft -- PHPRunner | XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file. |
| 1.6 | CVE-2006-5956 OTHER-REF BID SECTRACK SECUNIA |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.