Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Bulletin SB06-324 archive

Vulnerability Summary for the Week of November 13, 2006

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
20/20 Applications -- 20/20 DataShed
SQL injection vulnerability in listings.asp in 20/20 DataShed (aka Real Estate Listing System) allows remote attackers to execute arbitrary SQL commands via the itemID parameter. NOTE: some of these details are obtained from third party information.
unknown
2006-11-16
7.0CVE-2006-5955
OTHER-REF
FRSIRT
SECUNIA
@cid stats -- @cid stats
** DISPUTED ** PHP remote file inclusion vulnerability in install.php3 in @cid stats 2.3 allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter. NOTE: this issue has been disputed by a third party, who states that install.php3 is supposed to be deleted after installation and, if not deleted, intentionally allows setting repertoire without an inclusion attack.
unknown
2006-11-15
7.0CVE-2006-5899
BUGTRAQ
BUGTRAQ
ActiveCampaign -- KnowledgeBuilder
PHP remote file inclusion vulnerability in admin/e_data/visEdit_control.class.php in ActiveCampaign KnowledgeBuilder 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the visEdit_root parameter, a different vector than CVE-2003-1131.
unknown
2006-11-15
7.0CVE-2006-5919
BUGTRAQ
OTHER-REF
BID
BID
Aigaion -- Aigaion
Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) _basicfunctions.php, or (2) pageactionauthor.php.
unknown
2006-11-15
7.0CVE-2006-5930
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
ASP Scripter -- Easy Portal
ASP Scripter -- Live Support
SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy Portal 1.4 and Live Support 1.3 allows remote attackers to execute arbitrary SQL commands via the Password parameter.
unknown
2006-11-15
7.0CVE-2006-5927
BUGTRAQ
FRSIRT
SECUNIA
ASP Smiley -- ASP Smiley
SQL injection vulnerability in admin/default.asp in ASP Smiley 1.0 allows remote attackers to execute arbitrary SQL commands via the Username field.
unknown
2006-11-16
7.0CVE-2006-5952
OTHER-REF
FRSIRT
SECUNIA
ASPPortal -- ASPPortal
SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353.
unknown
2006-11-14
7.0CVE-2006-5879
Milw0rm
FRSIRT
SECUNIA
BUGTRAQ
XF
BrewBlogger -- BrewBlogger
SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2006-11-14
7.0CVE-2006-5889
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Broadcom -- BCMWL5.SYS Wireless Device Driver
Linksys -- WPC300N Wireless-N Notebook Adapter Driver
Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing a long SSID field.
unknown
2006-11-14
7.0CVE-2006-5882
OTHER-REF
OTHER-REF
OTHER-REF
CERT-VN
FRSIRT
Campware.org -- Campsite
Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 20061110 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) bugreporter/thankyou.php and (2) feedback/thankyou.php in implementation/management/priv/.
unknown
2006-11-15
7.0CVE-2006-5910
OTHER-REF
OTHER-REF
OTHER-REF
BID
Campware.org -- Campsite
Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) ArticleTopic.php, (10) ArticleType.php, (11) ArticleTypeField.php, (12) Attachment.php, (13) Country.php, (14) DatabaseObject.php, (15) Event.php, (16) IPAccess.php, (17) Image.php, (18) Issue.php, (19) IssuePublish.php, (20) Language.php, (21) Log.php, (22) LoginAttempts.php, (23) Publication.php, (24) Section.php, (25) ShortURL.php, (26) Subscription.php, (27) SubscriptionDefaultTime.php, (28) SubscriptionSection.php, (29) SystemPref.php, (30) Template.php, (31) TimeUnit.php, (32) Topic.php, (33) UrlType.php, (34) User.php, and (35) UserType.php in implementation/management/classes/; (36) configuration.php and (37) db_connect.php in implementation/management/; and (38) LocalizerConfig.php and (39) LocalizerLanguage.php in implementation/management/priv/localizer/.
unknown
2006-11-15
7.0CVE-2006-5911
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
Chris Mac -- GimeScripts Shopping Catalog
PHP remote file inclusion vulnerability in index.php in Chris Mac gtcatalog (aka GimeScripts Shopping Catalog) 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the custom parameter.
unknown
2006-11-15
7.0CVE-2006-5923
OTHER-REF
BID
Dynamic Data Worx -- NuStore
SQL injection vulnerability in Products.asp in NuStore 1.0 allows remote attackers to execute arbitrary SQL commands via the SubCatagoryID parameter.
unknown
2006-11-14
7.0CVE-2006-5885
BUGTRAQ
FRSIRT
SECUNIA
XF
SECTRACK
Dynamic Data Worx -- NuRealestate
SQL injection vulnerability in propertysdetails.asp in Dynamic Dataworx NuRealestate (NuRems) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the PropID parameter.
unknown
2006-11-14
7.0CVE-2006-5886
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Dynamic Data Worx -- NuSchool
SQL injection vulnerability in CampusNewsDetails.asp in Dynamic Dataworx NuSchool 1.0 allows remote attackers to execute arbitrary SQL commands via the NewsID parameter.
unknown
2006-11-14
7.0CVE-2006-5887
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
SECTRACK
Dynamic Dataworx -- NuCommunity
SQL injection vulnerability in cl_CatListing.asp in Dynamic Dataworx NuCommunity 1.0 allows remote attackers to execute arbitrary SQL commands via the cl_cat_ID parameter.
unknown
2006-11-14
7.0CVE-2006-5881
BUGTRAQ
Milw0rm
BID
FRSIRT
SECUNIA
XF
SECTRACK
Edgewall Software -- Trac
Cross-site Request Forgery (CSRF) vulnerability in Trac before 0.10.1 allows remote attackers to perform unauthorized actions as other users via unknown vectors.
unknown
2006-11-14
7.0CVE-2006-5878
OTHER-REF
DEBIAN
SECUNIA
SECUNIA
EncapsCMS -- EncapsCMS
PHP remote file inclusion vulnerability in core/core.php in EncapsCMS 0.3.6 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
unknown
2006-11-14
7.0CVE-2006-5895
BUGTRAQ
OTHER-REF
MLIST
BID
FRSIRT
XF
SECUNIA
Exophpdesk -- Exophpdesk
PHP remote file inclusion vulnerability in pipe.php in Exophpdesk 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.
unknown
2006-11-16
7.0CVE-2006-5951
BUGTRAQ
BID
XF
FunkyASP -- Glossary
SQL injection vulnerability in demo/glossary/glossary.asp in FunkyASP Glossary 1.0 allows remote attackers to execute arbitrary SQL commands via the alpha parameter.
unknown
2006-11-16
7.0CVE-2006-5946
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Grisoft -- AVG Antivirus
Multiple integer overflows in Grisoft AVG Anti-Virus before 7.1.407 allow remote attackers to execute arbitrary code via crafted (1) CAB or (2) RAR archives that trigger a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
unknown
2006-11-15
7.0CVE-2006-5937
FULLDISC
OTHER-REF
FRSIRT
SECUNIA
Grisoft -- AVG Antivirus
Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote attack vectors involving an uninitialized variable and a crafted CAB file.
unknown
2006-11-15
7.0CVE-2006-5938
FULLDISC
OTHER-REF
FRSIRT
SECUNIA
Grisoft -- AVG Antivirus
Unspecified vulnerability in Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote attack vectors related to "Integer Issues" and parsing of .EXE files.
unknown
2006-11-15
7.0CVE-2006-5940
FULLDISC
OTHER-REF
FRSIRT
SECUNIA
Hawking Technology -- WR254-CA Wireless Router
Hawking Technology wireless router WR254-CA uses a hardcoded IP address among the set of DNS server IP addresses, which could allow remote attackers to cause a denial of service or hijack the router by attacking or spoofing the server at the hardcoded address. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE.
unknown
2006-11-15
7.0CVE-2006-5901
BUGTRAQ
Hpecs Shopping Cart -- Hpecs Shopping Cart
Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields in the (a) login screen, and (3) searchstring parameter in (b) insearch_list.asp.
unknown
2006-11-16
7.0CVE-2006-5962
BUGTRAQ
SECUNIA
XF
XF
iExpress -- Estate Agent Manager
SQL injection vulnerability in admin/default.asp in Estate Agent Manager 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the UserName field.
unknown
2006-11-15
7.0CVE-2006-5934
BUGTRAQ
OTHER-REF
SECUNIA
XF
INFINICART -- INFINICART
Multiple SQL injection vulnerabilities in INFINICART allow remote attackers to execute arbitrary SQL commands via the (1) groupid parameter in (a) browse_group.asp, (2) productid parameter in (b) added_to_cart.asp, and (3) catid and (4) subid parameter in (c) browsesubcat.asp.
unknown
2006-11-16
7.0CVE-2006-5957
BUGTRAQ
BID
FRSIRT
SECUNIA
INFINICART -- INFINICART
Multiple cross-site scripting (XSS) vulnerabilities in INFINICART allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password fields in (a) login.asp, (3) search field in (b) search.asp, and (4) email field in (c) sendpassword.asp.
unknown
2006-11-16
7.0CVE-2006-5958
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
iSystems -- Munch Pro
SQL injection vulnerability on the subMenu page in switch.asp in Munch Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
unknown
2006-11-14
7.0CVE-2006-5880
Milw0rm
FRSIRT
SECUNIA
XF
iWonder Designs -- Storystream
Multiple PHP remote file inclusion vulnerabilities in iWonder Designs Storystream 0.4.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) mysql.php and (2) mysqli.php in include/classes/pear/DB/.
unknown
2006-11-14
7.0CVE-2006-5893
OTHER-REF
BID
FRSIRT
XF
Jean-Christophe Ramos -- PLS-Bannieres
** DISPUTED ** PHP remote file inclusion vulnerability in modules/bannieres/bannieres.php in Jean-Christophe Ramos SCRIPT BANNIERES (aka ban 0.1 and PLS-Bannieres 1.21) allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. NOTE: the issue is disputed by other researchers, who observe that $chemin is defined before use.
unknown
2006-11-15
7.0CVE-2006-5906
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
Jean-Christophe Ramos -- Ban
Jean-Christophe Ramos -- PLS-Bannieres
SQL injection vulnerability in modules/bannieres/bannieres.php in Jean-Christophe Ramos SCRIPT BANNIERES (aka ban 0.1 and PLS-Bannieres 1.21) allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2006-11-15
7.0CVE-2006-5907
BUGTRAQ
MLIST
Kahua -- Kahua
Kahua before 0.7, when running multiple applications under a single supervisor, grants application access on the basis of username instead of username and database name, which allows remote authenticated users to obtain unauthorized access if different databases assign the same username to different user accounts.
unknown
2006-11-15
7.0CVE-2006-5932
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
Links -- Links
Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.
unknown
2006-11-15
7.0CVE-2006-5925
FULLDISC
REDHAT
SECTRACK
SECTRACK
SECUNIA
SECUNIA
Lucas Rodriguez San Pedro -- Yet Another News System
Multiple SQL injection vulnerabilities in the login_user function in yans.func.php in Lucas Rodriguez San Pedro Yet Another News System (YANS) 0.2b allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
unknown
2006-11-15
7.0CVE-2006-5908
BUGTRAQ
BID
XF
Lynx Internet Solutions -- Evolve Merchant
SQL injection vulnerability in viewcart.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the zoneid parameter.
unknown
2006-11-16
7.0CVE-2006-5953
OTHER-REF
FRSIRT
SECUNIA
Marshal -- MailMarshal SMTP
Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via ".." sequences in filenames in an ARJ compressed archive.
unknown
2006-11-10
7.0CVE-2006-5487
OTHER-REF
OTHER-REF
BUGTRAQ
BID
FRSIRT
SECTRACK
SECUNIA
XF
MGinternet -- Car Site Manager
Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the s parameter.
unknown
2006-11-16
7.0CVE-2006-5944
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
MGinternet -- Car Site Manager
Multiple SQL injection vulnerabilities in MGinternet Car Site Manager (CSM) allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) csm/asp/detail.asp, or the (2) l, (3) typ, or (4) loc parameter to (b) csm/asp/listings.asp.
unknown
2006-11-16
7.0CVE-2006-5945
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Microsoft -- Windows 2000
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted .ACF file that triggers memory corruption.
unknown
2006-11-14
7.0CVE-2006-3445
MS
FRSIRT
SECUNIA
XF
CERT
Microsoft -- XP
Microsoft -- Windows 2000
Microsoft -- Server 2003
Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
unknown
2006-11-14
7.0CVE-2006-4688
MS
FRSIRT
SECUNIA
XF
BUGTRAQ
CERT
BID
SECTRACK
Microsoft -- Windows 2000
Microsoft -- Windows XP
Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
unknown
2006-11-14
10.0CVE-2006-4691
MS
FRSIRT
SECUNIA
XF
BUGTRAQ
EEYE
CERT
BID
SECTRACK
Microsoft -- Internet Explorer
Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777.
unknown
2006-11-14
7.0CVE-2006-5884
MS
CERT
MWChat Pro -- MWChat Pro
Multiple PHP remote file inclusion vulnerabilities in MWChat Pro 7.0 allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[MWCHAT_Libs] parameter to (1) about.php, (2) buddy.php, (3) chat.php, (4) dialog.php, (5) head.php, (6) help.php, (7) index.php, and (8) license.php, different vectors than CVE-2005-1869.
unknown
2006-11-15
7.0CVE-2006-5904
BUGTRAQ
NetVIOS -- NetVIOS
SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsID parameter.
unknown
2006-11-16
7.0CVE-2006-5954
OTHER-REF
FRSIRT
SECUNIA
Omnistar Interactive -- OmniStar Article Manager
Multiple SQL injection vulnerabilities in OmniStar Article Manager allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter in (a) articles/comments.php and (b) articles/article.php, and the (2) page_id parameter in (c) articles/pages.php.
unknown
2006-11-15
7.0CVE-2006-5917
BUGTRAQ
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
otterware -- LetterIt2
PHP remote file inclusion vulnerability in inc/session.php for LetterIt 2 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.
unknown
2006-11-10
7.0CVE-2006-5863
BID
FRSIRT
SECUNIA
XF
PHP Rapid Kill -- PHP Rapid Kill
Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid Kill) 5.7 Pro, and certain other versions, allows remote attackers to upload and execute arbitrary PHP scripts via the "Link to Download" field. NOTE: it is possible that the field value is restricted to files on specific public web sites.
unknown
2006-11-15
7.0CVE-2006-5918
BUGTRAQ
Phpjobscheduler -- Phpjobscheduler
Multiple PHP remote file inclusion vulnerabilities in Phpjobscheduler 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter to (1) add-modify.php, (2) delete.php, (3) modify.php, and (4) phpjobscheduler.php.
unknown
2006-11-15
7.0CVE-2006-5928
BUGTRAQ
OTHER-REF
BID
SECUNIA
Phpjobscheduler -- Phpjobscheduler
PHP remote file inclusion vulnerability in firepjs.php in Phpjobscheduler 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
unknown
2006-11-15
7.0CVE-2006-5929
SECUNIA
PowerDNS -- Recursor
Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow remote attackers to execute arbitrary code via a malformed TCP DNS query that prevents Recursor from properly calculating the TCP DNS query length.
unknown
2006-11-14
7.0CVE-2006-4251
OTHER-REF
BID
SECUNIA
DEBIAN
SUSE
FRSIRT
SECUNIA
SECUNIA
Rahul Jonna -- GSpace
Rahul Jonna Gmail File Space (GSpace) allows remote attackers to perform virtual filesystem actions via e-mail messages with certain subject lines, as demonstrated by (1) a GSPACE "2174|1|1|1|gs:/ d$" message, which injects a new file into the filesystem; and (2) a GSPACE "|-135|1|1|0|gs:/ d$" message, which creates a folder.
unknown
2006-11-15
7.0CVE-2006-5903
BUGTRAQ
RingsWorld -- phpPeanuts
PHP remote file inclusion vulnerability in pntUnit/Inspect.php in phpPeanuts 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Include parameter.
unknown
2006-11-16
7.0CVE-2006-5948
OTHER-REF
BID
FRSIRT
SECUNIA
SAMEDIA -- LandShop
SQL injection vulnerability in ls.php in SAMEDIA LandShop allows remote attackers to execute arbitrary SQL commands via the infield parameter. NOTE: the start, search_order, search_type, and search_area parameters are already covered by CVE-2005-4018.
unknown
2006-11-15
7.0CVE-2006-5914
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
SAMEDIA -- LandShop
Multiple cross-site scripting (XSS) vulnerabilities in ls.php in SAMEDIA LandShop allow remote attackers to inject arbitrary web script or HTML via the (1) start, (2) CAT_ID, (3) keyword, (4) search_area, (5) search_type, (6) infield, or (7) search_order parameter.
unknown
2006-11-15
7.0CVE-2006-5915
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
ShopSystems -- ShopSystems
SQL injection vulnerability in index.php in ShopSystems 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the sessid parameter.
unknown
2006-11-15
7.0CVE-2006-5935
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
SiteXpress -- SiteXpress E-Commerce System
SQL injection vulnerability in dept.asp in SiteXpress E-Commerce System allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2006-11-15
7.0CVE-2006-5936
BUGTRAQ
BID
Superfreaker Studios -- UPublisher
SQL injection vulnerability in viewarticle.asp in Superfreaker Studios UPublisher 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
unknown
2006-11-14
7.0CVE-2006-5888
OTHER-REF
FRSIRT
SECUNIA
XF
BUGTRAQ
SuperFreaker Studios -- USupport
SQL injection vulnerability in detail.asp in Superfreaker Studios USupport 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2006-11-14
7.0CVE-2006-5890
OTHER-REF
FRSIRT
SECUNIA
XF
Superfreaker Studios -- UStore
SQL injection vulnerability in detail.asp in Superfreaker Studios UStore 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
unknown
2006-11-14
7.0CVE-2006-5891
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
XF
BUGTRAQ
The Net Guys -- ASPired2Poll
SQL injection vulnerability in MoreInfo.asp in The Net Guys ASPired2Poll 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2006-11-14
7.0CVE-2006-5892
OTHER-REF
BID
FRSIRT
SECUNIA
XF
UltraSite -- UltraSite
SQL injection vulnerability in update.asp in UltraSite 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2006-11-15
7.0CVE-2006-5933
BUGTRAQ
Vallheru -- Vallheru
Multiple SQL injection vulnerabilities in mail.php in Vallheru before 1.0.7 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) to parameters. NOTE: some of these details are obtained from third party information.
unknown
2006-11-15
7.0CVE-2006-5926
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
viksoe -- GMail Drive
viksoe GMail Drive shell extension allows remote attackers to perform virtual filesystem actions via e-mail messages with certain subject lines, as demonstrated by (1) a GMAILFS: [13;a;1] message with a new filename and a file attachment, which injects a new file into the filesystem; (2) a GMAILFS: [13;a;1] message with an existing filename and a file attachment, which overwrites existing file content; and (3) a GMAILFS: [14;a;1] message, which creates a folder.
unknown
2006-11-15
7.0CVE-2006-5902
BUGTRAQ
Web Inhabit -- A+ Store E-Commerce
SQL injection vulnerability in browse.asp in A+ Store E-Commerce allows remote attackers to execute arbitrary SQL commands via the ParentID parameter.
unknown
2006-11-16
7.0CVE-2006-5959
BUGTRAQ
BID
SECUNIA
XF
Web Inhabit -- A+ Store E-Commerce
Multiple cross-site scripting (XSS) vulnerabilities in account_login.asp in A+ Store E-Commerce allow remote attackers to inject arbitrary web script or HTML via the (1) username (txtUserName) and (2) password (txtPassword) parameters. NOTE: portions of these details are obtained from third party information.
unknown
2006-11-16
7.0CVE-2006-5960
BUGTRAQ
BID
SECUNIA
Website Designs For Less -- Inventory Manager
Cross-site scripting (XSS) vulnerability in inventory/display/display_results.asp in Website Designs For Less Inventory Manager allows remote attackers to inject arbitrary web script or HTML via the category parameter.
unknown
2006-11-16
7.0CVE-2006-5942
BUGTRAQ
BID
SECUNIA
Website Designs For Less -- Inventory Manager
Multiple SQL injection vulnerabilities in inventory/display/imager.asp in Website Designs for Less Inventory Manager allow remote attackers to execute arbitrary SQL commands via the (1) pictable, (2) picfield, or (3) where parameter.
unknown
2006-11-16
7.0CVE-2006-5943
BUGTRAQ
BID
SECUNIA
Yuuki Yoshizawa -- Exporia
** DISPUTED ** PHP remote file inclusion vulnerability in common.php in Yuuki Yoshizawa Exporia 0.3.0 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. NOTE: SecurityFocus disputes this issue, saying "further analysis reveals that the application is not vulnerable." NOTE: this issue may overlap CVE-2006-5113.
unknown
2006-11-15
7.0CVE-2006-5920
BUGTRAQ
BID
XF
Zend -- Zend Framework Preview
Cross-site scripting (XSS) vulnerability in the incubator/tests/Zend/Http/_files/testRedirections.php sample code in Zend Framework Preview 0.2.0 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.
unknown
2006-11-15
7.0CVE-2006-5900
BUGTRAQ
BUGTRAQ
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Aigaion -- Aigaion
Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to certain PHP scripts in (1) lib/actions/, (2) lib/displays/, (3) lib/editforms/, (4) lib/functions/, (5) scheme/, and (6) the root directory. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
unknown
2006-11-15
5.6CVE-2006-5931
SECUNIA
Campware.org -- Campsite
Unspecified vulnerability in Campware Campsite before 2.6.2 has unknown impact and attack vectors, related to a "Security fix for you-know-what," possibly related to encrypted passwords.
unknown
2006-11-15
4.9CVE-2006-5912
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
EfficientIP -- iPmanager
Cross-site scripting (XSS) vulnerability in index.php in Efficient IP iPmanager (IPm) 2.3 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
unknown
2006-11-15
4.7CVE-2006-5924
BID
GNU -- gv
Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers.
unknown
2006-11-10
5.6CVE-2006-5864
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
MANDRIVA
Microsoft -- Internet Explorer
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
unknown
2006-11-14
5.6CVE-2006-4687
MS
OTHER-REF
FRSIRT
CERT
CERT-VN
SECTRACK
XF
Microsoft -- Internet Explorer
Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805.
unknown
2006-11-15
4.7CVE-2006-5913
BUGTRAQ
OTHER-REF
Network Administration Visualized -- Network Administration Visualized
Directory traversal vulnerability in the session mechanism of the web interface for Network Administration Visualized (NAV) before 3.1.1 allows attackers with filesystem write access to have an unknown impact via unknown attack vectors.
unknown
2006-11-10
4.9CVE-2006-5862
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Pegasus -- Mercury Mail Transport System
Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-11-16
4.9CVE-2006-5961
BID
SECUNIA
Rama CMS -- Rama CMS
Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
unknown
2006-11-14
5.6CVE-2006-5894
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Web Directory Pro -- Web Directory Pro
Web Directory Pro allows remote attackers to (1) backup the database and obtain the backup via a direct request to admin/backup_db.php or (2) modify configuration via a direct request to admin/options.php.
unknown
2006-11-15
4.7CVE-2006-5905
BUGTRAQ
Wheatblog -- Wheatblog
Multiple cross-site scripting (XSS) vulnerabilities in add_comment.php in Wheatblog (wB) allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) WWW, and (3) Comment fields. NOTE: this issue may overlap CVE-2006-5195.
unknown
2006-11-15
4.7CVE-2006-5921
BUGTRAQ
BID
Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
ALTools -- ALFTP FTP Server
Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote attackers to create arbitrary directories via directory traversal sequences in a MKD request. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
unknown
2006-11-16
2.3CVE-2006-5949
BID
FRSIRT
SECUNIA
ALTools -- ALFTP FTP Server
Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote authenticated users to obtain the installation path via unknown vectors related to the REN command, probably due to response messages. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
unknown
2006-11-16
2.3CVE-2006-5950
BID
FRSIRT
SECUNIA
Avahi -- Avahi
Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.
unknown
2006-11-14
1.6CVE-2006-5461
MLIST
OTHER-REF
UBUNTU
SECUNIA
SECUNIA
XF
FRSIRT
Conxint -- Conxint FTP Server
Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2.0603, and possibly earlier, allow remote attackers to read arbitrary files and list arbitrary directories via directory traversal sequences in (1) DIR (LIST or NLST) and (2) GET (RETR) commands. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
unknown
2006-11-16
2.3CVE-2006-5947
FRSIRT
SECUNIA
cPanel -- cPanel
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html.
unknown
2006-11-14
1.4CVE-2006-5883
BUGTRAQ
OTHER-REF
BID
Grisoft -- AVG Antivirus
Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers a divide-by-zero error. NOTE: some of these details are obtained from third party information.
unknown
2006-11-15
3.3CVE-2006-5939
FULLDISC
OTHER-REF
FRSIRT
SECUNIA
Intego -- VirusBarrier
Intego VirusBarrier X4 allows context-dependent attackers to bypass virus protection by quickly injecting many infected files into the filesystem, which prevents VirusBarrier from processing all the files.
unknown
2006-11-15
2.3CVE-2006-5916
FULLDISC
OTHER-REF
BID
SECTRACK
XF
Microsoft -- Windows 2000
Microsoft -- Windows XP
Microsoft -- Server 2003
Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."
unknown
2006-11-14
2.3CVE-2006-4689
MS
FRSIRT
SECUNIA
BUGTRAQ
CERT
BID
SECTRACK
Paul Tarjan -- Stanford Conference And Research Forum
generaloptions.php in Paul Tarjan Stanford Conference And Research Forum (SCARF) does not require the admin privilege, which allows remote attackers to reconfigure the application or its user accounts.
unknown
2006-11-15
2.3CVE-2006-5909
BUGTRAQ
phpHeaven -- phpMyChat Plus
Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the ChatPath parameter to (1) avatar.php, (2) colorhelp_popup.php, (3) color_popup.php, (4) index.php, (5) index1.php, (6) lib/connected_users.lib.php, (7) lib/index.lib.php, and (8) phpMyChat.php3; and the (9) L parameter to logs.php.
unknown
2006-11-15
2.3CVE-2006-5897
BUGTRAQ
FRSIRT
phpHeaven -- phpMyChat
Directory traversal vulnerability in localization/languages.lib.php3 in PhpMyChat 0.14.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ChatPath parameter.
unknown
2006-11-15
2.3CVE-2006-5898
BUGTRAQ
PowerDNS -- Recursor
PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of service (resource exhaustion and application crash) via a CNAME record with a zero TTL, which triggers an infinite loop.
unknown
2006-11-14
2.3CVE-2006-4252
OTHER-REF
BID
SECUNIA
SUSE
FRSIRT
SECUNIA
Wheatblog -- Wheatblog
index.php in Wheatblog (wB) allows remote attackers to obtain sensitive information via certain values of the postPtr[] and next parameters, which reveals the path in an error message.
unknown
2006-11-15
2.3CVE-2006-5922
BUGTRAQ
WinZip -- WinZip
The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods."
unknown
2006-11-14
3.7CVE-2006-5198
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XLineSoft -- PHPRunner
XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file.
2006-10-21
2006-11-16
1.6CVE-2006-5956
OTHER-REF
BID
SECTRACK
SECUNIA
Back to top



Last updated November 20, 2006