Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Bulletin SB06-156archive

Vulnerability Summary for the Week of May 29, 2006

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Alt-N -- MDaemon
Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' (double quote).
2006-05-28
2006-05-30
7.0CVE-2006-2646
FULLDISC
BID
SECTRACK
Cosmicphp -- CosmicShoppingCart
Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, (b) search_cat.php, (c) and (d) product_details.php in the cosmicshop directory for CosmicShoppingCart allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, as demonstrated by the (1) query parameter in search.php and the (2) data parameter in search_cat.php.
2005-02-16
2006-05-30
7.0CVE-2006-2649
ZONE-H
FRSIRT
SECUNIA
SECTRACK
XF
Cosmicphp -- CosmicShoppingCart
SQL injection vulnerability in cosmicshop/search.php in CosmicShoppingCart allows remote attackers to execute arbitrary SQL commands via the max parameter.
2005-02-16
2006-05-30
7.0CVE-2006-2650
ZONE-H
FRSIRT
SECUNIA
SECTRACK
XF
DoceboLMS -- DoceboLMS
Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) modules/credits/business.php, (2) modules/credits/credits.php, or (3) modules/credits/help.php.
unknown
2006-05-30
7.0CVE-2006-2668
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
XF
Drupal -- Drupal
SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc.
unknown
2006-06-01
7.0CVE-2006-2742
DRUPAL
FRSIRT
SECUNIA
XF
E-Board -- Elite-Board
Cross-site scripting (XSS) vulnerability in search.html in Bulletin Board Elite-Board (E-Board) 1.1 allows remote attackers to inject arbitrary web script or HTML via the search box.
2006-05-24
2006-05-30
7.0CVE-2006-2673
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
Easy-Content Forums -- Easy-Content Forums
Cross-site scripting (XSS) vulnerabilities in Easy-Content Forums 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) startletter parameter in userview.asp and the (2) catid parameter in topics.asp.
2006-05-23
2006-05-31
7.0CVE-2006-2696
BUGTRAQ
Enigma Haber -- Enigma Haber
Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) e_mesaj_yas.asp, (b) edi_haber.asp, and (c) haber_devam.asp; (2) hid parameter in (d) yazdir.asp and (e) yorum.asp, and the (3) e parameter in (f) arsiv.asp. NOTE: with administrator credentials, additional vectors exist including (4) yid parameter to (g) admin/y_admin.asp, (5) bid parameter to (h) admin/reklam_detay.asp, hid parameter to (i) admin/detay_yorum.asp and (j) admin/haber_sil.asp, (6) kid parameter to (k) admin/kategori_d.asp, (7) tur parameter to (l) admin/haber_ekle.asp, (8) s parameter to (m) admin/e_mesaj_yaz.asp, and id parameter to (n) admin/admin_sil.asp.
2006-05-27
2006-06-01
7.0CVE-2006-2731
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Epic Designs -- eggblog
home/register.php in Eggblog before 3.0 allows remote attackers to change the password of administrators and possibly other users via a modified username parameter.
2006-05-27
2006-06-01
7.0CVE-2006-2727
BUGTRAQ
BUGTRAQ
NUKEDX
Epic Designs -- tinyBB
Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 allow remote attackers to inject arbitrary web script or HTML via the q parameter in forgot.php, which is echoed in an error message, and other unspecified vectors.
2006-05-27
2006-06-01
7.0CVE-2006-2741
BUGTRAQ
NUKEDX
NUKEDX
BID
SECTRACK
EVA-Web -- EVA-Web
Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) debut_image parameter in (a) article-album.php3, (2) date parameter in (b) rubrique.php3, and the (3) perso and (4) aide parameters to (c) an unknown script, probably index.php.
unknown
2006-05-31
7.0CVE-2006-2689
BLOGSPOT
FRSIRT
SECUNIA
BID
F@cile Interactive Web -- F@cile Interactive Web
PHP remote file inclusion vulnerability in p-popupgallery.php in F@cile Interactive Web 0.8.41 through 0.8.5 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter.
2006-05-27
2006-06-01
7.0CVE-2006-2744
BUGTRAQ
NUKEDX
NUKEDX
BID
FRSIRT
SECUNIA
F@cile Interactive Web -- F@cile Interactive Web
Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. NOTE: vectors 2 and 3 might be resultant from file inclusion issues.
2006-05-27
2006-06-01
7.0CVE-2006-2746
BUGTRAQ
NUKEDX
NUKEDX
BID
FRSIRT
SECUNIA
Fastpublish -- Fastpublish CMS
PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d allows remote attackers to include arbitrary files via the config[fsBase] parameter in (1) drucken.php, (2) drucken2.php, (3) email_an_benutzer.php, (4) rechnung.php, (5) suche/search.php and (6) adminbereich/admin.php.
2006-05-29
2006-06-01
7.0CVE-2006-2726
Milw0rm
FRSIRT
SECUNIA
BID
Geeklog -- Geeklog
Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action.
2006-05-28
2006-05-31
7.0CVE-2006-2699
BUGTRAQ
KAPDA
GEEKLOG
BID
FRSIRT
SECUNIA
Geeklog -- Geeklog
SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to story submission.
unknown
2006-05-31
7.0CVE-2006-2701
GEEKLOG
FRSIRT
SECUNIA
Hogstorps -- Hogstorp Guestbook
Cross-site scripting (XSS) vulnerability in add.asp in Hogstorps hogstorp guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) headline parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
2006-05-04
2006-06-02
7.0CVE-2006-2772
BID
FRSIRT
SECUNIA
IBM -- AIX
Untrusted search path vulnerability in update_flash for IBM AIX 5.1, 5.2 and 5.3 allows local users to execute arbitrary commands via unknown vectors involving lsmcode and possibly other commands.
2006-05-26
2006-05-30
7.0CVE-2006-2647
AIXAPAR
AIXAPAR
AIXAPAR
SECTRACK
FRSIRT
SECUNIA
iFusionServices -- iFlance
Multiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 allow remote attackers to inject arbitrary web script or HTML via certain inputs to (1) acc_verify.php or (2) project.php.
unknown
2006-05-30
7.0CVE-2006-2663
BUGTRAQ
FRSIRT
SECUNIA
InterQuest Internet Services -- Realty Pro One
Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One allow remote attackers to inject arbitrary web script or HTML via the (1) listingid parameter to (a) images.php, (b) index_other.php, or (c) request_info.php; (2) propertyid parameter to (d) searchlookup.php, (3) id parameter to (e) images.php, or (4) agentid parameter to (f) request_info.php. NOTE: some of these issues might be resultant from SQL injection.
2006-05-23
2006-05-30
7.0CVE-2006-2672
BUGTRAQ
FRSIRT
SECUNIA
OSVDB
OSVDB
OSVDB
OSVDB
XF
Katy Whitton -- NewsCMSLite
newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to gain administrative privileges via a loggedIn cookie with the value "xY1zZoPQ."
2006-05-21
2006-05-30
7.0CVE-2006-2636
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
XF
libTIFF -- libTIFF
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
2006-05-10
2006-05-30
7.0CVE-2006-2656
VULN-DEV
FEDORA
Mini-Nuke -- Mini-Nuke
SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) yas_1, (2) yas_2, and (3) yas_3 parameters.
2006-05-27
2006-06-01
7.0CVE-2006-2732
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Mozilla -- Firefox
Mozilla -- Thunderbird
Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL.
unknown
2006-06-02
7.0CVE-2006-2775
MOZILLA
CERT-VN
CERT
Mozilla -- Firefox
Mozilla -- Thunderbird
Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended.
unknown
2006-06-02
7.0CVE-2006-2776
MOZILLA
CERT-VN
CERT
Mozilla -- SeaMonkey
Mozilla -- Firefox
Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context.
unknown
2006-06-02
7.0CVE-2006-2777
MOZILLA
CERT-VN
CERT
SECUNIA
Mozilla -- Firefox
Mozilla -- Thunderbird
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.
unknown
2006-06-02
7.0CVE-2006-2779
OTHER-REF
CERT-VN
CERT
MySQL -- MySQL
SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.
unknown
2006-06-01
7.0CVE-2006-2753
OTHER-REF
OTHER-REF
SECUNIA
Nukedit -- Nukedit
utilities/register.asp in Nukedit 4.9.6 and earlier allows remote attackers to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action.
2006-05-10
2006-06-01
7.0CVE-2006-2737
BUGTRAQ
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
BID
Open-Xchange -- Open-Xchange
The open source version of Open-Xchange 0.8.2 and earlier uses a static default username and password with a valid login shell in the initfile for the ldap-server, which allows remote attackers to access any server where the default has not been changed.
unknown
2006-06-01
7.0CVE-2006-2738
BUGTRAQ
GOLEM
BUGZILLA
FRSIRT
SECUNIA
Out of the Trees -- SelectaPix
SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources.
unknown
2006-05-31
7.0CVE-2006-2722
BID
QontentOne -- QontentOne CMS
Cross-site scripting (XSS) vulnerability in search.php in QontentOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_phrase parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-06-02
7.0CVE-2006-2774
BID
FRSIRT
SECUNIA
ScriptsCenter -- ezUpload Pro
Multiple PHP remote file inclusion vulnerabilities in EzUpload Pro 2.10 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) form.php, (2) customize.php, and (3) initialize.php.
2006-05-28
2006-05-31
7.0CVE-2006-2694
BUGTRAQ
BID
Secure Elements -- C5 Enterprise Vulnerability Management
The Administration Console in Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 does not enforce access control, which allows remote attackers to gain access to servers via the console.
unknown
2006-05-31
7.0CVE-2006-2715
OTHER-REF
CERT-VN
FRSIRT
SECUNIA
Secure Elements -- C5 Enterprise Vulnerability Management
Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 uses a hard-coded user ID and password, which allows remote attackers to gain access to the server.
unknown
2006-05-31
7.0CVE-2006-2716
OTHER-REF
CERT-VN
FRSIRT
SECUNIA
Symantec -- AntiVirus
Symantec -- Client Security
Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors.
2006-05-24
2006-05-27
7.0CVE-2006-2630
EEYE
OTHER-REF
BID
SECTRACK
SECTRACK
BUGTRAQ
CERT-VN
FRSIRT
SECUNIA
Tamber Forum -- Tamber Forum
Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) frm_id parameter to (a) show_forum.asp, (2) a search field to (b) forum_search.asp, (3) Email address or (4) Password to (c) admin/index.asp, (5) frm_cat_id parameter to (d) browse_forum_cat.asp, or (6) Message Subject or (7) Message Text field to (e) post_message.asp.
2006-05-25
2006-05-30
7.0CVE-2006-2674
BUGTRAQ
typespeed -- typespeed
Buffer overflow in the addnewword function in typespeed 0.4.4 and earlier might allow remote attackers to execute arbitrary code via unknown vectors.
unknown
2006-05-31
7.0CVE-2006-1515
DEBIAN
BID
FRSIRT
SECUNIA
SECUNIA
V-Webmail -- V-Webmail
PHP remote file inclusion vulnerability in includes/mailaccess/pop3/core.php in V-Webmail 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter.
unknown
2006-05-30
7.0CVE-2006-2665
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
XF
VARIOMAT -- VARIOMAT
SQL injection vulnerability in news.php in VARIOMAT allows remote attackers to execute arbitrary SQL commands via the subcat parameter.
2006-05-28
2006-05-31
7.0CVE-2006-2720
BUGTRAQ
VARIOMAT -- VARIOMAT
Cross-site scripting (XSS) vulnerability in news.php in VARIOMAT allows remote attackers to inject arbitrary HTML or web script via the subcat parameter. NOTE: this issue might be resultant from SQL injection.
2006-05-28
2006-05-31
7.0CVE-2006-2721
BUGTRAQ
WikiNi -- WikiNi
Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier allows remote attackers to inject arbitrary HTML and web script by editing a Wiki page to contain the script.
2006-03-29
2006-05-30
7.0CVE-2006-2652
BUGTRAQ
OSVDB
WordPress -- WordPress
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument.
unknown
2006-05-30
7.0CVE-2006-2667
OTHER-REF
FRSIRT
SECUNIA
XF
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Achievo -- Achievo
SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter.
2006-03-29
2006-05-31
4.7CVE-2006-2688
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
BID
ActionApps -- ActionApps
PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[AA_INC_PATH] parameter in (1) cached.php3, (2) cron.php3, (3) discussion.php3, (4) filldisc.php3, (5) filler.php3, (6) fillform.php3, (7) go.php3, (8) hiercons.php3, (9) jsview.php3, (10) live_checkbox.php3, (11) offline.php3, (12) post2shtml.php3, (13) search.php3, (14) slice.php3, (15) sql_update.php3, (16) view.php3, (17) multiple files in the (18) admin/ folder, (19) includes/ folder, and (20) modules/ folder.
2006-05-25
2006-05-31
4.7CVE-2006-2686
OTHER-REF
FRSIRT
SECUNIA
Activity MOD Plus -- Activity MOD Plus
PHP remote file inclusion vulnerability in language/lang_english/lang_activity.php in Activity MOD Plus (Amod) 1.1.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: This is a similar vulnerability to CVE-2006-2507.
2006-05-27
2006-06-01
5.6CVE-2006-2735
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Back-End -- Back-End CMS
PHP remote file inclusion vulnerability in BE_config.php in Back-End CMS 0.7.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _PSL[classdir] parameter.
2006-05-25
2006-05-31
4.7CVE-2006-2682
OTHER-REF
FRSIRT
SECUNIA
XF
CalendarScripts.com -- ChatPat
Cross-site scripting (XSS) vulnerability in ChatPat 1.0 allows remote attackers to inject arbitrary web script or HTML via a chat message.
unknown
2006-05-30
4.7CVE-2006-2670
BUGTRAQ
FRSIRT
SECUNIA
Cisco -- VPN Client
Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265.
2006-05-24
2006-05-31
4.2CVE-2006-2679
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
Creative Digital Resources -- SocketMail
PHP remote file inclusion vulnerability in SocketMail Lite and Pro 2.2.6 and earlier, when register_globals and magic_quotes are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) index.php and (2) inc-common.php.
2006-05-23
2006-05-31
4.7CVE-2006-2681
OTHER-REF
FRSIRT
SECUNIA
XF
DGNews -- DGNews
admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory.
unknown
2006-05-31
5.6CVE-2006-2695
BLOGSPOT
FRSIRT
SECUNIA
DIA -- DIA
Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480.
unknown
2006-05-28
4.9CVE-2006-2453
SECUNIA
OTHER-REF
OTHER-REF
FEDORA
MANDRIVA
UBUNTU
BID
SECUNIA
Drupal -- Drupal
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
2006-05-24
2006-06-01
5.6CVE-2006-2743
Milw0rm
DRUPAL
FRSIRT
SECUNIA
XF
Epic Designs -- eggblog
SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2006-06-01
4.7CVE-2006-2725
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Epic Designs -- tinyBB
PHP remote file inclusion vulnerability in footers.php in Epicdesigns tinyBB 0.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the tinybb_footers parameter.
2006-05-27
2006-06-01
5.6CVE-2006-2739
BUGTRAQ
NUKEDX
NUKEDX
BID
FRSIRT
SECTRACK
SECUNIA
F@cile Interactive Web -- F@cile Interactive Web
Multiple PHP remote file inclusion vulnerabilities in F@cile Interactive Web 0.8.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) pathfile parameter in (a) p-editpage.php and (b) p-editbox.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao.
2006-05-27
2006-06-01
5.6CVE-2006-2745
BUGTRAQ
NUKEDX
NUKEDX
BID
FRSIRT
SECUNIA
Fredi Bach -- PhpMyDesktop|arcade
Directory traversal vulnerability in index.php in PhpMyDesktop|arcade 1.0 FINAL allows remote attackers to read arbitrary files or execute PHP code via a .. (dot dot) sequence and trailing null (%00) byte in the subsite parameter in a showsubsite todo.
2006-05-29
2006-06-01
5.6CVE-2006-2747
BUGTRAQ
FRSIRT
SECTRACK
SECUNIA
FreeBSD -- FreeBSD
The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally disables access restrictions when using the /var/yp/securenets file, which allows remote attackers to bypass intended access restrictions.
2006-05-31
2006-06-01
4.7CVE-2006-2655
FREEBSD
BID
SECUNIA
SECTRACK
Geeklog -- Geeklog
SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the loginname parameter.
2006-05-28
2006-05-31
5.6CVE-2006-2700
BUGTRAQ
KAPDA
GEEKLOG
BID
FRSIRT
SECUNIA
Hitachi -- HITSENSER3
SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, HITSENSER3/PUP, HITSENSER3/STP, and HITSENSER3/EUP allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
2006-05-31
2006-06-01
4.7CVE-2006-2761
OTHER-REF
FRSIRT
SECUNIA
Hot Open Tickets -- Hot Open Tickets
PHP remote file inclusion vulnerability in admin/lib_action_step.php in Hot Open Tickets (HOT) 11012004_ver2f, when register_globals is enabled, allows remote attackers to include arbitrary files via the GLOBALS[CLASS_PATH] parameter. NOTE: this issue might be resultant from a global overwrite vulnerability.
unknown
2006-06-01
5.6CVE-2006-2730
OTHER-REF
BID
FRSIRT
SECUNIA
Hotwebscripts -- CMS Mundo
Cross-site scripting (XSS) vulnerability in the search module in CMS Mundo 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.
2006-05-24
2006-05-31
4.7CVE-2006-2684
BUGTRAQ
FRSIRT
SECUNIA
XF
iFdate.com -- iFdate
Cross-site scripting (XSS) vulnerability in iFdate 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) password fields, or certain other input text boxes.
unknown
2006-05-30
4.7CVE-2006-2664
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
IPW Systems -- METAjour
PHP remote file inclusion vulnerability in METAjour 2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) system_path parameter in a large number of files in the (a) app/edocument/, (b) app/eproject/, (c) app/erek/, and (d) extension/ directories, and the (2) GLOBALS[system_path] parameter in (e) extension/sitemap/sitemap.datatype.php.
2006-05-31
2006-06-02
5.6CVE-2006-2768
Milw0rm
BID
FRSIRT
SECUNIA
JIWA -- Financials
JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrated by using a stored procedure that provides the username and cleartext password of every account.
unknown
2006-05-31
4.2CVE-2006-2718
BUGTRAQ
FULLDISC
SECUNIA
BUGTRAQ
SECTRACK
John Frank -- Asset Manager
** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in John Frank Asset Manager (AssetMan) 2.4a and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE.
2006-05-23
2006-05-30
4.7CVE-2006-2641
BUGTRAQ
BID
FRSIRT
SECUNIA
Kevin Johnson -- Basic Analysis and Security Engine (BASE)
PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.php, (2) base_stat_common.php, and (3) includes/base_include.inc.php.
2006-05-25
2006-05-31
4.7CVE-2006-2685
OTHER-REF
FRSIRT
SECUNIA
OSVDB
XF
Mozilla -- Firefox
Mozilla -- Thunderbird
Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption.
unknown
2006-06-02
4.7CVE-2006-2780
OTHER-REF
CERT-VN
CERT
Mozilla -- SeaMonkey
Mozilla -- Thunderbird
Double-free vulnerability in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters.
unknown
2006-06-02
4.7CVE-2006-2781
OTHER-REF
SECUNIA
Mozilla -- Firefox
The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-complicit attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site.
unknown
2006-06-02
5.6CVE-2006-2784
OTHER-REF
Omegasoft -- INterneSErvicesLosungen
Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allows remote attackers to inject arbitrary web script or HTML via the WCE parameter.
2006-05-26
2006-05-30
4.7CVE-2006-2640
BUGTRAQ
Open Searchable Image Catalogue -- Open Searchable Image Catalogue
SQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the (1) type parameter in adminfunctions.php and the (2) catalogue_id parameter in editcatalogue.php.
unknown
2006-06-01
4.7CVE-2006-2748
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
Open Searchable Image Catalogue -- Open Searchable Image Catalogue
SQL injection vulnerability in search.php in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the (1) txtCustomField and (2) CustomFieldID array parameters.
unknown
2006-06-01
4.7CVE-2006-2749
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
Open-Medium -- Open-Medium CMS
PHP remote file inclusion vulnerability in 404.php in open-medium.CMS 0.25 allows remote attackers to execute arbitrary PHP code via a URL in the REDSYS[MYPATH][TEMPLATES] parameter.
2006-05-25
2006-05-31
4.7CVE-2006-2683
OTHER-REF
FRSIRT
SECUNIA
Ottoman -- Ottoman
PHP remote file inclusion vulnerability in Ottomanpath 1.1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the default_path parameter in (1) error.php, (2) index.php, and (3) classes/main_class.php.
unknown
2006-06-02
5.6CVE-2006-2767
OTHER-REF
BID
FRSIRT
SECUNIA
Php4script -- AZ Photo Album Script Pro
Cross-site scripting (XSS) vulnerability in index.php in AZ Photo Album Script Pro allows remote attackers to inject arbitrary web script or HTML via the gazpart parameter.
unknown
2006-05-31
4.7CVE-2006-2680
BUGTRAQ
FRSIRT
SECUNIA
XF
phpbb-portal -- Blend Portal
PHP remote file inclusion vulnerability in blend_data/blend_common.php in Blend Portal 1.2.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: This is a similar vulnerability to CVE-2006-2507.
2006-05-28
2006-06-01
5.6CVE-2006-2736
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Plume CMS -- Plume CMS
PHP remote file inclusion vulnerability in manager/frontinc/prepend.php for Plume 1.0.3 allows remote attackers to execute arbitrary code via a URL in the ?_PX_config[manager_path] parameter.
2006-05-26
2006-05-30
4.7CVE-2006-2645
BUGTRAQ
FRSIRT
SECTRACK
SECUNIA
Pre Projects -- Pre News Manager
Multiple cross-site scripting (XSS) vulnerabilities in Pre News Manager 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php.
2006-05-24
2006-05-31
4.7CVE-2006-2678
BUGTRAQ
FRSIRT
SECUNIA
XF
Pre Projects -- Pre News Manager
SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this is primary to CVE-2006-2678.
2006-05-26
2006-06-01
4.7CVE-2006-2763
FRSIRT
SECUNIA
PunBB -- PunBB
Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227.
unknown
2006-05-31
4.9CVE-2006-2724
BUGTRAQ
OTHER-REF
SECTRACK
XF
qjstudios -- qjForum
SQL injection vulnerability in member.asp in qjForum allows remote attackers to execute arbitrary SQL commands via the uName parameter.
2006-05-25
2006-05-30
4.7CVE-2006-2638
BUGTRAQ
FRSIRT
SECUNIA
BID
SuSE -- SuSE Linux Enterprise Server
SuSE -- SuSE Novell Linux Desktop
The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux Desktop 9 and SUSE SLES 9 has world-readable permissions, which allows attackers to obtain the rc (RedCarpet) password.
unknown
2006-06-01
4.7CVE-2006-2752
SUSE
SECUNIA
TikiWiki Project -- TikiWiki
Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "<scr<script>ipt>" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php; and allow remote authenticated users with admin privileges to inject arbitrary web script or HTML via (8) an unspecified field in a metatags action in (e) tiki-admin.php, the (9) offset parameter in (f) tiki-admin_rssmodules.php, the (10) offset and (11) max parameters in (g) tiki-syslog.php, the (12) numrows parameter in (h) tiki-adminusers.php, (13) an unspecified field in (i) tiki-adminusers.php, (14) an unspecified field in (j) tiki-admin_hotwords.php, unspecified fields in (15) "Assign new module" and (16) "Create new user module" in (k) tiki-admin_modules.php, (17) an unspecified field in "Add notification" in (l) tiki-admin_notifications.php, (18) the offset parameter in (m) tiki-admin_notifications.php, the (19) Name and (20) Dsn fields in (o) tiki-admin_dsn.php, the (21) offset parameter in (p) tiki-admin_content_templates.php, (22) an unspecified field in "Create new template" in (q) tiki-admin_content_templates.php, and the (23) offset parameter in (r) tiki-admin_chat.php.
2006-05-25
2006-05-30
4.7CVE-2006-2635
BUGTRAQ
BID
FRSIRT
SECUNIA
UBBCentral -- UBB.threads
PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads 5.x and 6.x allows remote attackers to execute arbitrary PHP code via a URL in the (1) thispath or (2) configdir parameters.
2006-05-27
2006-05-30
5.6CVE-2006-2675
BUGTRAQ
BID
V-webmail -- V-webmail
PHP remote file inclusion vulnerability in includes/mailaccess/pop3.php in V-Webmail 1.5 through 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter.
unknown
2006-05-30
4.9CVE-2006-2666
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
XF
VMware -- VMware Server
VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges.
unknown
2006-06-02
4.9CVE-2006-2662
OTHER-REF
FRSIRT
BID
WarpSpeed -- 4nForum
SQL injection vulnerability in modules.php in 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
2006-05-31
2006-06-01
4.7CVE-2006-2760
FRSIRT
SECUNIA
WebCalendar -- WebCalendar
PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a user_inc setting that is used in an include_once call.
2006-05-31
2006-06-01
4.7CVE-2006-2762
FRSIRT
SECTRACK
SECUNIA
BUGTRAQ
BID
Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
AGTC Websolutions -- PHP-AGTC Membership System
Cross-site scripting (XSS) vulnerability in adduser.php in PHP-AGTC Membership System 1.1a and earlier allows remote attackers to inject arbitrary web script or HTML via the email address (useremail parameter).
2006-05-23
2006-05-31
2.8CVE-2006-2687
BUGTRAQ
BID
FRSIRT
SECUNIA
aMule -- aMule
Unspecified "information leakage" vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to access arbitrary images, including dynamically generated images, via unknown vectors.
unknown
2006-05-31
2.3CVE-2006-2691
AMULE
BID
SECUNIA
aMule -- aMule
Multiple unspecified vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to read arbitrary image, HTML, or PHP files via unknown vectors, probably related to directory traversal.
unknown
2006-05-31
2.3CVE-2006-2692
AMULE
BID
SECUNIA
Andrew Godwin -- ByteHoard
Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via file descriptions.
unknown
2006-05-30
1.4CVE-2006-2632
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Andrew Godwin -- ByteHoard
Absolute path traversal vulnerability in the copy action in index.php in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to create or overwrite files in other users' directories by specifying the absolute path of the directory in the infolder parameter and simultaneously specifying the filename in the filepath parameter.
unknown
2006-05-30
1.4CVE-2006-2633
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
ASPBB -- ASPBB
Cross-site scripting (XSS) vulnerability in perform_search.asp for ASPBB 0.52 and earlier allows remote attackers to inject arbitrary HTML or web script via the search parameter.
2006-05-28
2006-05-30
1.9CVE-2006-2648
BUGTRAQ
BID
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
AWStats -- AWStats
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive.
2006-05-26
2006-05-30
1.4CVE-2006-2644
OTHER-REF
OTHER-REF
DEBIAN
SECUNIA
SECUNIA
FRSIRT
CalendarScripts.com -- ChatPat
SQL injection vulnerability in ChatPat 1.0 allows remote attackers to execute arbitrary SQL commands via the nickname field.
2006-05-23
2006-05-30
2.3CVE-2006-2671
BUGTRAQ
FRSIRT
SECUNIA
Chipmunk PHP Scripts -- Chipmunk Guestbook
Cross-site scripting (XSS) vulnerability in Chipmunk guestbook allows remote attackers to inject arbitrary web script or HTML via the (1) start parameter in (a) index.php; (2) forumID parameter in index.php, (b) newtopic.php, and (c) reply.php; and (3) ID parameter to (d) edit.php.
2006-05-27
2006-06-01
2.3CVE-2006-2757
BUGTRAQ
BUGTRAQ
SECTRACK
Circle R -- Monster Top List
Cross-site scripting (XSS) vulnerability in index.php in Monster Top List (MTL) 1.4 allows remote attackers to inject arbitrary web script or HTML via the user_error_message parameter.
2006-05-25
2006-05-30
2.3CVE-2006-2643
BUGTRAQ
D-Link -- DSA-3100 Airspot Gateway
Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter.
unknown
2006-05-30
1.9CVE-2006-2653
BUGTRAQ
EAZEL
BID
FRSIRT
SECTRACK
SECUNIA
Double Precision Incorporated -- Courier MTA
libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) characters, which is not properly handled during encoding.
unknown
2006-05-30