Vulnerability Summary for the Week of November 27, 2006
Released
Dec 04, 2006
Document ID
SB06-338
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| 3Com -- 3CTftpSvc | Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long mode field (aka transporting mode) in a (1) GET or (2) PUT command. NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2006-6183 BUGTRAQ BID FRSIRT SECUNIA | ||
| 8pixel.net -- Simple Blog | SQL injection vulnerability in admin/edit.asp in 8pixel.net simpleblog 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2006-6191 Milw0rm FRSIRT SECUNIA XF | ||
| 8pixel.net -- Simple Blog | Unspecified scripts in the admin directory in 8pixel.net SimpleBlog 3.0 and earlier do not properly perform authentication, which allows remote attackers to add users and perform certain other unauthorized privileged actions. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2006-6192 FRSIRT SECUNIA | ||
| a-ConMan -- a-ConMan | PHP remote file inclusion vulnerability in common.inc.php in a-ConMan 3.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the cm_basedir parameter. |
| 7.0 | CVE-2006-6078 BUGTRAQ OTHER-REF BID OTHER-REF FRSIRT SECTRACK | ||
| Acer -- LunchApp.APlunch | Acer Notebook LunchApp.APlunch ActiveX control allows remote attackers to execute arbitrary commands by calling the Run method. |
| 10.0 | CVE-2006-6121 OTHER-REF FRSIRT SECUNIA XF | ||
| Active PHP Bookmarks -- Active PHP Bookmarks | ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in L. Brandon Stone and Nathanial P. Hendler Active PHP Bookmarks (APB) 1.1.02 allow remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS['apb_path'] parameter in (1) apb_common.php or (2) apb.php. NOTE: CVE and another third party dispute this vulnerability because these PHP scripts exit if the attack vectors are present in GPC variables. |
| 7.0 | CVE-2006-6167 BUGTRAQ BUGTRAQ XF | ||
| Allied Telesyn -- Allied Telesyn TFTP Server | Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command. |
| 7.0 | CVE-2006-6184 BUGTRAQ BID FRSIRT SECUNIA | ||
| Anna^ IRC Bot -- Anna^ IRC Bot | SQL injection vulnerability in anna.pl in Anna^ IRC Bot before 0.30 (aka caprice) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: it is possible that there are multiple issues. |
| 7.0 | CVE-2006-6190 OTHER-REF OTHER-REF BID FRSIRT | ||
| Apple -- Mac OS X | Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests. |
| 7.0 | CVE-2006-4398 OTHER-REF APPLE CERT FRSIRT SECUNIA | ||
| Apple -- Mac OS X | The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges. |
| 10.0 | CVE-2006-4404 OTHER-REF APPLE CERT FRSIRT SECUNIA | ||
| Apple -- Mac OS X | Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors. |
| 7.0 | CVE-2006-4406 OTHER-REF APPLE CERT FRSIRT SECUNIA | ||
| Apple -- Mac OS X | The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates. |
| 7.0 | CVE-2006-4410 OTHER-REF APPLE CERT FRSIRT SECUNIA | ||
| Apple -- Mac OS X | The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors. |
| 7.0 | CVE-2006-4411 OTHER-REF APPLE CERT FRSIRT SECUNIA | ||
| b2evolution -- b2evolution | Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8.2 through 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) app_name parameter in (a) _404_not_found.page.php, (b) _410_stats_gone.page.php, and (c) _referer_spam.page.php in inc/VIEW/errors/; the (2) baseurl parameter in (d) inc/VIEW/errors/_404_not_found.page.php; and the (3) ReqURI parameter in (e) inc/VIEW/errors/_referer_spam.page.php. |
| 7.0 | CVE-2006-6197 BUGTRAQ BID SECUNIA | ||
| BaalASP -- Smart Form Portal | Multiple SQL injection vulnerabilities in BaalAsp forum allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to (a) adminlogin.asp, the (2) name or (3) password parameter to (b) userlogin.asp, or the (3) search parameter to search.asp. |
| 7.0 | CVE-2006-6090 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF XF | ||
| BasicForum -- BasicForum | SQL injection vulnerability in edit.asp in BasicForum 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2006-6193 OTHER-REF BID FRSIRT SECUNIA XF | ||
| BiBa Software -- SeleniumServer Web Server | Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2006-6124 OSVDB SECUNIA XF | ||
| BirdBlog -- BirdBlog | Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to (a) admin/admincore.php, the (2) month parameter to (b) admin/comments.php or (c) admin/entries.php, or the (3) page parameter to (d) admin/logs.php, different vectors than CVE-2006-5064. |
| 7.0 | CVE-2006-6211 BUGTRAQ BID XF | ||
| BlazeVideo -- Blaze DVD | Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Professional 5.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2006-6199 BID FRSIRT SECUNIA | ||
| Borland -- C# Builder Borland -- C++Builder Borland -- idsql32.dll Borland -- Developer Studio RevilloC -- MailServer Borland -- C++ Builder Borland -- Delphi | Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by RevilloC MailServer; 5.2.0.2 as used by Borland Developer Studio 2006; and possibly other versions allows remote attackers to execute arbitrary code via a long SQL statement, related to use of the DbiQExec function. |
| 7.0 | CVE-2006-6201 OTHER-REF FRSIRT SECUNIA | ||
| BPG-InfoTech -- Easy Publisher BPG-InfoTech -- Smart Publisher Pro | SQL injection vulnerability in bpg/publications_list.asp in BPG-InfoTech Easy Publisher and Smart Publisher//Pro 2.7.7 allows remote attackers to execute arbitrary SQL commands via the vjob parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-6072 BID FRSIRT SECUNIA | ||
| Business Objects -- Crystal Enterprise | Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values. |
| 7.0 | CVE-2006-4099 OTHER-REF OTHER-REF SECUNIA OTHER-REF FRSIRT | ||
| ClickTech -- ClickContact | Multiple SQL injection vulnerabilities in default.asp in ClickTech ClickContact allow remote attackers to execute arbitrary SQL commands via the (1) AlphaSort, (2) In, and (3) orderby parameters. |
| 7.0 | CVE-2006-6181 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA | ||
| ClickTech -- ClickGallery | Multiple SQL injection vulnerabilities in ClickTech Click Gallery allow remote attackers to execute arbitrary SQL commands via the (1) currentpage or (2) gallery_id parameter to (a) view_gallery.asp, the (3) image_id parameter to (b) download_image.asp, the currentpage or (5) orderby parameter to (c) gallery.asp, or the currentpage parameter to (d) view_recent.asp. |
| 7.0 | CVE-2006-6187 BUGTRAQ OTHER-REF FRSIRT SECUNIA | ||
| ClickTech -- ClickBlog | SQL injection vulnerability in displayCalendar.asp in ClickTech Click Blog allows remote attackers to execute arbitrary SQL commands via the date parameter. |
| 7.0 | CVE-2006-6189 BUGTRAQ OTHER-REF BID | ||
| CreaScripts -- Creadirectory | SQL injection vulnerability in search.asp in CreaScripts Creadirectory allows remote attackers to execute arbitrary SQL commands via the category parameter. |
| 7.0 | CVE-2006-6083 BUGTRAQ OTHER-REF BID SECUNIA FRSIRT | ||
| DeskPRO -- DeskPRO | Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in DeskPRO 2.0.0 and 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) message or (2) subject parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2006-6159 BID FRSIRT OSVDB SECUNIA XF | ||
| Doug Luxem -- Liberum Help Desk | SQL injection vulnerability in details.asp in Doug Luxem Liberum Help Desk 0.97.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2006-6160 OTHER-REF BID FRSIRT XF | ||
| Doug Luxem -- Liberum Help Desk | Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) uid parameter to (a) inout/status.asp, (b) inout/update.asp, and (c) forgotpass.asp. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2006-6161 FRSIRT | ||
| Enthrallweb -- eShopping Cart | Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp. |
| 7.0 | CVE-2006-6073 BUGTRAQ OTHER-REF XF | ||
| Enthrallweb -- eShopping Cart | Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via (1) the ProductID parameter in (a) reviews.asp, or the (2) cat_id or (3) sub_id parameter in (b) subProducts.asp. NOTE: the productdetail.asp vector is already covered by another identifier. |
| 7.0 | CVE-2006-6074 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA | ||
| Enthrallweb -- eHomes | Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to (a) dircat.asp; the (2) sid parameter to (b) dirSub.asp; the (3) TYPE_ID parameter to (c) types.asp; the (4) AD_ID parameter to (d) homeDetail.asp; the (5) cat parameter to (e) result.asp; the (6) compare, (7) clear, and (8) adID parameters to (f) compareHomes.asp; and the (9) aminprice, (10) amaxprice, and (11) abedrooms parameters to (g) result.asp. |
| 7.0 | CVE-2006-6204 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
| Enthrallweb -- eHomes | Multiple cross-site scripting (XSS) vulnerabilities in result.asp in Enthrallweb eHomes allow remote attackers to inject arbitrary web script or HTML via the (1) city or (2) State parameter. |
| 7.0 | CVE-2006-6205 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
| Enthrallweb -- eClassifieds | Multiple SQL injection vulnerabilities in Enthrallweb eClassifieds allow remote attackers to execute arbitrary SQL commands via the (1) AD_ID, (2) cat_id, (3) sub_id, and (4) ad_id parameters to (a) ad.asp, the (5) cid parameter to (b) dircat.asp, and the (6) sid parameter to (c) dirSub.asp. |
| 7.0 | CVE-2006-6208 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
| Fisasp.com -- Ultimate Survey Pro | Multiple SQL injection vulnerabilities in index.asp in Ultimate Survey Pro allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter. |
| 7.0 | CVE-2006-6194 BUGTRAQ OTHER-REF FRSIRT XF | ||
| Fixit Knowledge Solutions -- iDMS Pro Image Gallery | Cross-site scripting (XSS) vulnerability in the search functionality in Fixit iDMS Pro Image Gallery allows remote attackers to inject arbitrary web script or HTML via a search field (txtsearchtext parameter). |
| 7.0 | CVE-2006-6196 BUGTRAQ OTHER-REF BID SECTRACK | ||
| Fixit Knowledge Systems -- iDMS | Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) show_id or (2) parentid parameter to (a) filelist.asp, or the (3) fid parameter to (b) showfile.asp. |
| 7.0 | CVE-2006-6195 OTHER-REF BID SECTRACK | ||
| Francisco Burzi -- PHP-Nuke | Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter. |
| 7.0 | CVE-2006-6200 BUGTRAQ OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| Gazatem Technologies -- gNews Publisher | Multiple SQL injection vulnerabilities in categories.asp in gNews Publisher allow remote attackers to execute arbitrary SQL commands via the (1) catID or (2) editorID parameter. |
| 7.0 | CVE-2006-6080 BUGTRAQ OTHER-REF BID XF | ||
| GNU -- Radius | Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors. |
| 10.0 | CVE-2006-4181 IDEFENSE BID FRSIRT SECTRACK SECUNIA XF | ||
| Horde -- Kronolith | Directory traversal vulnerability in lib/FBView.php in Horde Kronolith H3 before 2.0.7 and 2.1.x before 2.1.4 allows remote attackers to include arbitrary files and execute PHP code via a .. (dot dot) sequence in the view parameter. |
| 7.0 | CVE-2006-6175 IDEFENSE MLIST MLIST BID | ||
| hscripts -- HIOX Star Rating System Script | PHP remote file inclusion vulnerability in addcode.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter. |
| 7.0 | CVE-2006-6154 OTHER-REF BID FRSIRT SECUNIA XF | ||
| hscripts -- HIOX Star Rating System Script | Multiple SQL injection vulnerabilities in addrating.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ipadd or (2) url parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2006-6155 FRSIRT XF | ||
| IISWorks -- ASP ListPics | SQL injection vulnerability in listpics.asp in ASP ListPics 5.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. |
| 7.0 | CVE-2006-6210 BUGTRAQ OTHER-REF BID XF | ||
| Imendio AB -- LoudMouth | Multiple PHP remote file inclusion vulnerabilities in LoudMouth 2.4 allow remote attackers to execute arbitrary PHP code via a URL in the mainframe parameter to (1) admin.loudmouth.php or (2) toolbar.loudmouth.php. |
| 7.0 | CVE-2006-6079 BUGTRAQ XF | ||
| JBoss -- JBoss Application Server | Directory traversal vulnerability in JBoss Application Server (jbossas) 4.0.4 and earlier allows remote authenticated users to read or modify arbitrary files, and execute arbitrary code, via the DeploymentFileRepository class in the console manager. |
| 7.0 | CVE-2006-5750 REDHAT OTHER-REF SECUNIA | ||
| JiRos -- Links Manager | Multiple SQL injection vulnerabilities in JiRos Links Manager allow remote attackers to execute arbitrary SQL commands via the (1) LinkID parameter to openlink.asp or the (2) CategoryID parameter to viewlinks.asp. |
| 7.0 | CVE-2006-6147 BUGTRAQ OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| JiRos -- Links Manager | Multiple cross-site scripting (XSS) vulnerabilities in submitlink.asp in JiRos Links Manager allow remote attackers to inject arbitrary web script or HTML via the (1) lName, (2) lURL, (3) lImage, and (4) lDescription parameters. NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2006-6148 BUGTRAQ OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| JiRos -- FAQ Manager | SQL injection vulnerability in index.asp in JiRos FAQ Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the tID parameter. |
| 7.0 | CVE-2006-6149 OTHER-REF BID FRSIRT SECUNIA | ||
| libgsf -- libgsf | Heap-based buffer overflow in the ole_info_read_metabat function in Gnome Structured File library (libgsf) 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a crafted OLE document. |
| 7.0 | CVE-2006-4514 IDEFENSE DEBIAN BID | ||
| Lynx Internet Solutions -- Evolve Merchant | SQL injection vulnerability in products.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the partno parameter. |
| 7.0 | CVE-2006-6207 BUGTRAQ BID XF | ||
| Messagerie Locale -- Messagerie Locale | PHP remote file inclusion vulnerability in centre.php in Messagerie Locale as of 20061127 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2006-6151 BID FRSIRT SECUNIA | ||
| Michaelis Freunde -- ContentNow | SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter. |
| 7.0 | CVE-2006-6157 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| MidiCart Software -- MidiCart ASP Plus Shopping Cart MidiCart Software -- MidiCart ASP Shopping Cart | Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. NOTE: the code_no parameter to Item_Show.asp is covered by CVE-2005-2601. |
| 7.0 | CVE-2006-6209 BUGTRAQ BUGTRAQ OTHER-REF BID XF | ||
| Neocrome -- Seditio | SQL injection vulnerability in system/core/users/users.profile.inc.php in Neocrome Seditio 1.10 and earlier allows remote authenticated users to execute arbitrary SQL commands via a double-url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by an encoded NULL and ' (apostrophe) (%2500%2527). |
| 7.0 | CVE-2006-6177 BUGTRAQ OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| NetGear -- WG311v1 | Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) 2.3.1.10 for NetGear WG311v1 wireless adapter allows remote attackers to execute arbitrary code via an 802.11 management frame with a long SSID. |
| 7.0 | CVE-2006-6125 OTHER-REF BID FRSIRT SECTRACK SECUNIA CERT-VN | ||
| Novell -- Novell Client | Buffer overflow in NWSPOOL.DLL in Novell Client 4.91 Post-SP3 for Windows 2000/XP/2003 has unknown impact and attack vectors. |
| 7.0 | CVE-2006-6114 OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| NukeAI -- NukeAI | PHP remote file inclusion vulnerability in modules/NukeAI/util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to execute arbitrary PHP code via a URL in the AIbasedir parameter. |
| 7.0 | CVE-2006-6202 OTHER-REF BID FRSIRT XF | ||
| OWLLib -- OWLLib | PHP remote file inclusion vulnerability in memory/OWLMemoryProperty.php in OWLLib 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the OWLLIB_ROOT parameter. |
| 7.0 | CVE-2006-6150 OTHER-REF FRSIRT SECUNIA BID XF | ||
| PEGames -- PEGames | index.php in PEGames uses the extract function to overwrite critical variables, which allows remote attackers to conduct PHP remote file inclusion attacks via the abs_url parameter, which is later extracted to overwrite a previously uncontrolled value. |
| 7.0 | CVE-2006-6213 OTHER-REF MLIST BID XF | ||
| PMOS Helpdesk -- PMOS Helpdesk Ace Helpdesk -- Ace Helpdesk InverseFlow -- Help Desk | Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php. |
| 7.0 | CVE-2006-6158 BUGTRAQ MLIST BID FRSIRT FRSIRT FRSIRT SECUNIA SECUNIA SECUNIA XF | ||
| ProFTPD Project -- ProFTPD | Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815. |
| 7.0 | CVE-2006-6170 BUGTRAQ BUGTRAQ FULLDISC OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| ProFTPD Project -- ProFTPD | ** DISPUTED ** ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from an initial vague disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability. |
| 7.0 | CVE-2006-6171 OTHER-REF OTHER-REF | ||
| Ryan Demmer -- Joomla Content Editor | Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.0.4 for Joomla! (com_jce), without the 20060821 jce_patch, allows remote attackers to inject arbitrary web script or HTML via the mosConfig_live_site parameter. |
| 7.0 | CVE-2006-6166 OTHER-REF OTHER-REF OTHER-REF | ||
| Sisfo Kampus -- Sisfo Kampus | Multiple PHP remote file inclusion vulnerabilities in Sisfo Kampus 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the (1) exec parameter to index.php or (2) print parameter to print.php, which is also accessible via the print command to index.php. |
| 7.0 | CVE-2006-6137 OTHER-REF BID | ||
| Sisfo Kampus -- Sisfo Kampus | PHP remote file inclusion vulnerability in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to execute arbitrary PHP code via a URL in the slnt parameter to (1) index.php and (2) print.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2006-6140 FRSIRT SECUNIA | ||
| Softacid -- Link Exchange Lite | Multiple SQL injection vulnerabilities in Link Exchange Lite allow remote attackers to execute arbitrary SQL commands via (1) the search engine field to search.asp and (2) psearch parameter to linkslist.asp. |
| 7.0 | CVE-2006-6132 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
| Telaen -- Telaen | PHP remote file inclusion vulnerability in Smarty_Compiler.class.php in Telaen 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter. |
| 7.0 | CVE-2006-6081 BUGTRAQ BUGTRAQ XF | ||
| TikiWiki -- TikiWiki | Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2006-6162 BID FRSIRT OSVDB SECUNIA | ||
| TikiWiki -- TikiWiki | Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters. |
| 7.0 | CVE-2006-6163 OTHER-REF FRSIRT | ||
| TikiWiki -- TikiWiki | tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email." |
| 7.0 | CVE-2006-6168 OTHER-REF OTHER-REF FRSIRT | ||
| TIN -- TIN | Multiple buffer overflows in TIN before 1.8.2 have unspecified impact and attack vectors, a different vulnerability than CVE-2006-0804. |
| 7.0 | CVE-2006-6122 GENTOO | ||
| Trend Micro -- OfficeScan | Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors. |
| 7.0 | CVE-2006-6178 OTHER-REF OTHER-REF | ||
| Trend Micro -- OfficeScan | Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors. |
| 7.0 | CVE-2006-6179 OTHER-REF OTHER-REF | ||
| vSpin.net -- Classified System | Multiple SQL injection vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to (a) cat.asp, or the (2) keyword, (3) order, (4) sort, (5) menuSelect, or (6) state parameter to (b) search.asp. |
| 7.0 | CVE-2006-6152 BUGTRAQ OTHER-REF BID SECTRACK SECUNIA | ||
| WarHound -- WarHound General Shopping Cart | SQL injection vulnerability in item.asp in WarHound General Shopping Cart allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. |
| 7.0 | CVE-2006-6206 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
| Web Wiz -- Site News | PHP remote file inclusion vulnerability in centre.php in Site News (site_news) 2.00, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2006-6212 BID FRSIRT SECUNIA | ||
| xine -- Real Media Input Plugin | Buffer overflow in the asmrp_eval function for Real Media input plugin allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches. |
| 7.0 | CVE-2006-6172 OTHER-REF |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Apple -- Mac OS X | The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack. |
| 4.9 | CVE-2006-4396 OTHER-REF APPLE CERT FRSIRT SECUNIA | ||
| Apple -- Mac OS X | Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files. |
| 5.6 | CVE-2006-4400 OTHER-REF APPLE CERT FRSIRT SECUNIA | ||
| Apple -- Mac OS X | Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI. |
| 5.6 | CVE-2006-4401 OTHER-REF APPLE CERT FRSIRT SECUNIA | ||
| Apple -- Mac OS X | Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files. |
| 5.6 | CVE-2006-4402 OTHER-REF APPLE CERT FRSIRT SECUNIA | ||
| Apple -- Mac OS X | WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects. |
| 5.6 | CVE-2006-4412 OTHER-REF APPLE CERT FRSIRT SECUNIA | ||
| Apple -- Mac OS X | Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter. |
| 4.9 | CVE-2006-6173 OTHER-REF FRSIRT SECUNIA | ||
| Business Objects -- Crystal Reports | Stack-based buffer overflow in Business Objects Crystal Reports XI Professional has unknown impact and user-assisted attack vectors related to a crafted .RPT file. |
| 5.6 | CVE-2006-6133 BUGTRAQ FRSIRT SECTRACK SECUNIA BID | ||
| cPanel -- WebHost Manager | Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/park. |
| 4.2 | CVE-2006-6198 BUGTRAQ OTHER-REF BID XF | ||
| e-Ark -- e-Ark | PHP remote file inclusion vulnerability in ark_inc.php in e-Ark 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_pear_path parameter. |
| 5.6 | CVE-2006-6086 Milw0rm BID FRSIRT SECUNIA XF | ||
| EC-CUBE -- EC-CUBE | Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. |
| 5.6 | CVE-2006-6108 OTHER-REF BID FRSIRT SECUNIA SECTRACK XF | ||
| FreeBSD -- FreeBSD NetBSD -- NetBSD | ** DISPUTED ** ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment. |
| 4.9 | CVE-2006-6165 BUGTRAQ BUGTRAQ | ||
| GnuPG -- GnuPG | Buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages that cause the make_printable_string function to return a longer string than expected while constructing a prompt. |
| 6.4 | CVE-2006-6169 BUGTRAQ OTHER-REF FRSIRT SECTRACK SECUNIA XF | ||
| IBM -- WebSpehere Application Server | Multiple unspecified vulnerabilities in IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) have unknown impact and attack vectors, related to (1) a "Potential security vulnerability" (PK29725) and (2) "Potential security exposure" (PK30831). |
| 4.9 | CVE-2006-6135 OTHER-REF AIXAPAR AIXAPAR FRSIRT SECUNIA | ||
| IBM -- WebSphere Application Server | IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) does not perform EAL4 authentication checks at the proper time during "registering of response operation," which has unknown impact and attack vectors. |
| 4.9 | CVE-2006-6136 OTHER-REF AIXAPAR FRSIRT SECUNIA | ||
| Kerio -- WebSTAR | Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory. |
| 5.6 | CVE-2006-6131 BUGTRAQ OTHER-REF BID FRSIRT OSVDB SECTRACK SECUNIA XF | ||
| OpenBSD -- OpenBSD | The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges. |
| 4.9 | CVE-2006-6164 BUGTRAQ BUGTRAQ OTHER-REF OPENBSD OPENBSD SECTRACK | ||
| PassGo -- SSO Plus | PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure permissions (Everyone/Full Control) for the PassGo Technologies directory, which allows local users to gain privileges by modifying critical programs. |
| 4.9 | CVE-2006-5965 OTHER-REF FRSIRT BUGTRAQ BID SECTRACK SECUNIA XF | ||
| pstotext -- pstotext | pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name. |
| 5.6 | CVE-2006-5869 DEBIAN BID |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Apple -- Mac OS X | The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames. |
| 3.7 | CVE-2006-4403 OTHER-REF APPLE CERT FRSIRT SECUNIA | ||
| Apple -- Mac OS X | The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. |
| 2.3 | CVE-2006-4407 OTHER-REF APPLE CERT FRSIRT SECUNIA | ||
| Apple -- Mac OS X | The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940. |
| 2.3 | CVE-2006-4408 OTHER-REF APPLE CERT FRSIRT SECUNIA | ||
| Apple -- Mac OS X | The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked. |
| 1.6 | CVE-2006-4409 OTHER-REF APPLE CERT FRSIRT SECUNIA | ||
| Apple -- Mac OS X AppleTalk | Apple Mac OS X AppleTalk allows local users to cause a denial of service (kernel panic) by calling the AIOCREGLOCALZN ioctl command with a crafted data structure on an AppleTalk socket. |
| 2.3 | CVE-2006-6130 OTHER-REF BID FRSIRT SECUNIA XF | ||
| BaalAsp -- BaalAsp Forum | Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in BaalAsp forum allow remote attackers to inject arbitrary web script or HTML via the (1) title (Subject), (2) groupname (Group Name), or (3) detail (Message) field. |
| 2.3 | CVE-2006-6089 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
| Blogn -- Blogn | Cross-site scripting (XSS) vulnerability in admin.php in Blogn before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. |
| 2.3 | CVE-2006-6176 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
| Blue-Collar Productions -- i-Gallery | Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Gallery 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) n or (2) d parameter in igallery.asp, or (3) an unspecified parameter related to search, possibly the Search Gallery field, or the myquery parameter, in search.asp. NOTE: some of these details are obtained from third party information. |
| 2.3 | CVE-2006-6088 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
| ClickTech -- ClickGallery | Cross-site scripting (XSS) vulnerability in view_search.asp in ClickTech Click Gallery allows remote attackers to inject arbitrary web script or HTML via the txtKeyWord parameter. NOTE: some of these details are obtained from third party information. |
| 2.3 | CVE-2006-6188 BUGTRAQ OTHER-REF FRSIRT SECUNIA | ||
| CreaScripts -- Creadirectory | Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts Creadirectory allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to addlisting.asp or the (2) search parameter to search.asp. |
| 2.3 | CVE-2006-6082 BUGTRAQ OTHER-REF BID SECUNIA FRSIRT | ||
| CRYPTOCard -- CRYPTO-Server | CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in plaintext in UninstallerData\installvariables.properties, which has insecure permissions and allows local users to obtain the credentials. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 1.6 | CVE-2006-6145 FRSIRT SECUNIA | ||
| enomphp -- enomphp | Multiple directory traversal vulnerabilities in enomphp 4.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter to (1) config.php, (2) ranklv_inside.php, (3) rankml_inside.php, and (4) admin/Restore/config.php. |
| 2.3 | CVE-2006-6186 BUGTRAQ MLIST XF | ||
| Expinion.net -- iNews Publisher | Cross-site scripting (XSS) vulnerability in articles.asp in Expinion.net iNews Publisher (iNP) 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the hl parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 2.3 | CVE-2006-6180 BID FRSIRT SECUNIA | ||
| Gabriele Teotino -- GNotebook | The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop stores Gmail passwords in plaintext in the %SYSTEMDRIVE%\temp\Gnotebook.txt log file, which allows local users to obtain passwords by reading the file. |
| 2.3 | CVE-2006-6182 BID SECTRACK | ||
| GNU -- tar | GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. |
| 3.7 | CVE-2006-6097 FULLDISC OTHER-REF BID UBUNTU FRSIRT | ||
| hscripts -- HIOX Star Rating System Script | Cross-site scripting (XSS) vulnerability in auth/message.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF). NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 2.3 | CVE-2006-6156 FRSIRT XF | ||
| James Greenwood -- Monkey Boards | Monkey Boards 0.3.5 allows remote attackers to obtain sensitive information via direct requests to (1) include/admin_auth.inc.php and (2) include/engine/class.compiler.php, which reveals the full path in an error message. NOTE: this issue is only an exposure if the administrator has changed the default script path. |
| 2.3 | CVE-2006-6113 OTHER-REF OTHER-REF OSVDB OSVDB | ||
| Kile -- Kile | Kile before 1.9.3 does not assign a backup file the same permissions as the original file, which might allow local users to obtain sensitive information. |
| 2.3 | CVE-2006-6085 OTHER-REF FRSIRT SECUNIA XF GENTOO SECUNIA | ||
| Krishan -- Flyspray | Directory traversal vulnerability in startdown.php in the Flyspray ME 1.0.1 (com_flyspray) component for Mambo allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
| 2.3 | CVE-2006-6203 OTHER-REF BID FRSIRT SECUNIA XF | ||
| Microsoft -- Windows Media Player | Windows Media 10.00.00.4036 allows remote attackers to cause a denial of service via an ASX Playlist with a ref tag containing a long href value. |
| 3.3 | CVE-2006-6134 BUGTRAQ BID | ||
| mmgallery -- mmgallery | mmgallery 1.55 allows remote attackers to obtain sensitive information via a direct request for thumbs.php, which reveals the installation path in various error messages. |
| 2.3 | CVE-2006-6119 BUGTRAQ SECTRACK | ||
| my little homepage -- My Little Weblog | Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the action parameter. |
| 2.3 | CVE-2006-6087 BUGTRAQ FRSIRT SECUNIA XF BID | ||
| Philippe Jounin -- Tftpd32 | Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a denial of service via a long GET or PUT request, which is not properly handled when the request is displayed in the title of the gauge window. |
| 2.3 | CVE-2006-6141 BUGTRAQ BID FRSIRT OSVDB SECUNIA XF | ||
| Qbik -- WinGate | Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop. |
| 2.3 | CVE-2006-4518 IDEFENSE OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| REMLAB -- Web Mech Designer | REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain the full path of the script via an incorrect Tonnage parameter to calculate.php that triggers a divide-by-zero error, which leaks the path in an error message. |
| 2.3 | CVE-2006-5896 FULLDISC OSVDB XF | ||
| Sisfo Kampus -- Sisfo Kampus | Directory traversal vulnerability in download.php in Sisfo Kampus 0.8 allows remote attackers to list arbitrary directories via an absolute pathname in the dir parameter. |
| 2.3 | CVE-2006-6138 OTHER-REF BID | ||
| Sisfo Kampus -- Sisfo Kampus | Directory traversal vulnerability in downloadexcel.php in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to read arbitrary files via the fn parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 2.3 | CVE-2006-6139 FRSIRT SECUNIA | ||
| Sun -- Solaris | snmpd in (1) the SUNWsmagt package in Solaris 10 before 20061122 and (2) certain versions of Net-SNMP running on Solaris allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a malformed TCP packet. |
| 2.3 | CVE-2006-5941 OTHER-REF SUNALERT FRSIRT SECUNIA BID SECTRACK | ||
| Takeshi Kanno -- Haru Free PDF Library | Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Library (libharu2, aka libharu) 2.0.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via certain arguments that yield a large amount of PDF data, as demonstrated by a filled circle. |
| 1.9 | CVE-2006-6146 OTHER-REF OTHER-REF BID FRSIRT | ||
| tDiary -- tDiary | Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and 2.1.x before 2.1.4.20061126 allows remote attackers to inject arbitrary web script or HTML via the conf parameter in (1) tdiary.rb and (2) skel/conf.rhtml. |
| 2.3 | CVE-2006-6174 OTHER-REF OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
| unverse.net -- aBitWhizzy | Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. NOTE: some of these details are obtained from third party information. |
| 2.3 | CVE-2006-6084 BUGTRAQ OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| vSpin.net -- Classified System | Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to inject arbitrary web script or HTML via (1) catname parameter to cat.asp or the (2) minprice parameter to search.asp. |
| 2.3 | CVE-2006-6153 BUGTRAQ OTHER-REF BID SECTRACK SECUNIA | ||
| Wabbit -- Wabbit PHP Gallery | Directory traversal vulnerability in script.php in Wabbit PHP Gallery 0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter to index.php. |
| 2.3 | CVE-2006-6185 BUGTRAQ MLIST BID FRSIRT SECUNIA XF |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.